Resource IDs

When resources are created, we assign each resource a unique resource ID. You can use resource IDs to find your resources in the Amazon EC2 console. If you are using a command line tool or the Amazon EC2 API to work with Amazon EC2, resource IDs are required for certain commands. For example, if you are using the stop-instances AWS CLI command to stop an instance, you must specify the instance ID in the command.

Resource ID Length

A resource ID takes the form of a resource identifier (such as snap for a snapshot) followed by a hyphen and a unique combination of letters and numbers. Starting from January 2016, we're gradually introducing longer length IDs for some Amazon EC2 and Amazon EBS resource types. The length of the alphanumeric character combination was in an 8-character format; the new IDs are in a 17-character format, for example, i-1234567890abcdef0 for an instance ID.

Supported resource types will have an opt-in period, during which you can enable the longer ID format. After you've enabled longer IDs for a resource type, any new resources that you create are created with a longer ID unless you explicitly disable the longer ID format. A resource ID does not change after it's created; therefore, your existing resources with shorter IDs are not affected. Similarly, if you disable longer IDs for a resource type, any resources that you created with the longer IDs are not affected.

All supported resource types will have a deadline date, after which all new resources of this type default to the longer ID format, and you can no longer disable the longer ID format. You can enable or disable longer IDs per IAM user, but not per IAM role. By default, an IAM user defaults to the same settings as the root user.

Depending on when you created your account, supported resource types may default to using longer IDs. However, you can opt out of using longer IDs until the deadline date for that resource type. For more information, see Longer EC2 and EBS Resource IDs in the Amazon EC2 FAQs.

Topics

Working With Longer IDs

You can use the Amazon EC2 console or the AWS CLI to view the resource types that support long IDs, enable or disable the longer ID format, and view the deadline at which you will automatically be switched over to using longer IDs.

To enable and disable longer IDs using the console

Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation bar at the top of the screen, the current region is displayed. Select the region for which you want to view or change the longer ID settings. Settings are not shared between regions.
From the dashboard, under Account Attributes, choose Resource ID length management. The resource types that support longer IDs are listed. The date at which you're automatically switched over to using longer IDs for each resource type is displayed in the Deadline column.
To enable the longer ID format for a supported resource type, choose the check box for the Use Longer IDs column. To disable the longer ID format, clear the check box.
Important
These settings apply to the IAM user who makes the request; they do not apply to the entire AWS account. If you’re logged in as the root user or as an IAM role that has permissions to use these actions, then these settings apply to the entire account, unless an IAM user logs in and explicitly overrides these settings for themselves. Resources created with longer IDs are visible to all IAM users, regardless of individual settings and provided that they have permissions to view the relevant resource types.

To view supported resource types and enable longer IDs using the AWS CLI

You can use the following AWS CLI commands:

Important

These settings apply to the IAM user who makes the request; they do not apply to the entire AWS account. If you’re using these actions as the root user or as an IAM role that has permissions to use these actions, then these settings apply to the entire account, unless an IAM user explicitly overrides these settings for themselves. Resources created with longer IDs are visible to all IAM users, regardless of individual settings and provided that they have permissions to view the relevant resource types.

To view the resource types that can be enabled for longer IDs, use the following AWS CLI command:

aws ec2 describe-id-format

{
    "Statuses": [
        {
            "Deadline": "2016-11-01T13:00:00.000Z",
            "UseLongIds": false,
            "Resource": "instance"
        },
        {
            "Deadline": "2016-11-01T13:00:00.000Z",
            "UseLongIds": true,
            "Resource": "reservation"
        },
        {
            "Deadline": "2016-11-01T13:00:00.000Z",
            "UseLongIds": false,
            "Resource": "volume"
        },
        {
            "Deadline": "2016-11-01T13:00:00.000Z",
            "UseLongIds": false,
            "Resource": "snapshot"
        }
    ]
}

The results above indicate that the instance, reservation, volume, and snapshot resource types can be enabled or disabled for longer IDs; the reservation resource is already enabled. The Deadline field indicates the date (in UTC) at which you will be automatically switched over to using longer IDs for that resource. If a deadline date is not yet available, this value is not returned.

To enable longer IDs for a specified resource, use the following AWS CLI command:

aws ec2 modify-id-format --resource resource-type --use-long-ids

To disable longer IDs for a specified resource, use the following AWS CLI command:

aws ec2 modify-id-format --resource resource-type --no-use-long-ids

Note

These commands only apply the settings to the default region. To modify the settings for other regions, use the --region parameter in the command.

Alternatively, you can use the following commands:

To describe the ID format for your resources

DescribeIdFormat (Amazon EC2 API)
Get-EC2IdFormat (AWS Tools for Windows PowerShell)

To modify the ID format for your resources

ModifyIdFormat (Amazon EC2 API)
Edit-EC2IdFormat (AWS Tools for Windows PowerShell)

Controlling Access to Longer ID Settings

By default, IAM users and roles do not have permission to use the ec2:DescribeIdFormat and ec2:ModifyIdFormat actions unless they're explicitly granted permission through their associated IAM policies. For example, an IAM role may have permission to use all Amazon EC2 actions through an "Action": "ec2:*" element in the policy statement. If an IAM user modifies the longer ID settings, the settings apply to that user only. If an IAM role modifies the longer ID settings, the settings apply to the entire account; therefore, you may want to restrict permission to use these actions to prevent unintended account changes.

To prevent IAM users and roles from viewing or modifying the longer resource ID settings for your account, ensure that the IAM policy contains the following statement:

{
  "Version": "2012-10-17", 
  "Statement": [ 
    { 
      "Effect": "Deny",
      "Action": [
        "ec2:ModifyIdFormat", "ec2:DescribeIdFormat" 
      ],
      "Resource": "*"
    }
  ] 
}

We do not support resource-level permissions for the ec2:DescribeIdFormat and ec2:ModifyIdFormat actions.

Document Conventions

« Previous Next »