The idempotency token for the create request.

Specifies the action that is to be applied to the findings that match the filter.

The description of the filter.

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

The tags to be added to a new filter resource.

The ID of the detector belonging to the GuardDuty account that you want to create a filter for.

The name of the filter. Minimum length of 3. Maximum length of 64. Valid characters include alphanumeric characters, dot (.), underscore (_), and dash (-). Spaces are not allowed.

Represents the criteria to be used in the filter for querying findings.

You can only use the following attributes to query findings:

• accountId
• region
• confidence
• id
• resource.accessKeyDetails.accessKeyId
• resource.accessKeyDetails.principalId
• resource.accessKeyDetails.userName
• resource.accessKeyDetails.userType
• resource.instanceDetails.iamInstanceProfile.id
• resource.instanceDetails.imageId
• resource.instanceDetails.instanceId
• resource.instanceDetails.outpostArn
• resource.instanceDetails.networkInterfaces.ipv6Addresses
• resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
• resource.instanceDetails.networkInterfaces.publicDnsName
• resource.instanceDetails.networkInterfaces.publicIp
• resource.instanceDetails.networkInterfaces.securityGroups.groupId
• resource.instanceDetails.networkInterfaces.securityGroups.groupName
• resource.instanceDetails.networkInterfaces.subnetId
• resource.instanceDetails.networkInterfaces.vpcId
• resource.instanceDetails.tags.key
• resource.instanceDetails.tags.value
• resource.resourceType
• service.action.actionType
• service.action.awsApiCallAction.api
• service.action.awsApiCallAction.callerType
• service.action.awsApiCallAction.errorCode
• service.action.awsApiCallAction.remoteIpDetails.city.cityName
• service.action.awsApiCallAction.remoteIpDetails.country.countryName
• service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
• service.action.awsApiCallAction.remoteIpDetails.organization.asn
• service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
• service.action.awsApiCallAction.serviceName
• service.action.dnsRequestAction.domain
• service.action.networkConnectionAction.blocked
• service.action.networkConnectionAction.connectionDirection
• service.action.networkConnectionAction.localPortDetails.port
• service.action.networkConnectionAction.protocol
• service.action.networkConnectionAction.localIpDetails.ipAddressV4
• service.action.networkConnectionAction.remoteIpDetails.city.cityName
• service.action.networkConnectionAction.remoteIpDetails.country.countryName
• service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
• service.action.networkConnectionAction.remoteIpDetails.organization.asn
• service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
• service.action.networkConnectionAction.remotePortDetails.port
• service.additionalInfo.threatListName

• service.archived

  When this attribute is set to TRUE, only archived findings are listed. When it's set to FALSE, only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

• service.resourceRole
• severity
• type

• updatedAt

  Type: ISO 8601 string format: YYYY-MM-DDTHH:MM:SS.SSSZ or YYYY-MM-DDTHH:MM:SSZ depending on whether the value contains milliseconds.

The response's http status code.

The name of the successfully created filter.

The AWS Account ID for the organization account to be enabled as a GuardDuty delegated administrator.

The response's http status code.

Represents the criteria used for querying findings. Valid values include:

• JSON field name
• accountId
• region
• confidence
• id
• resource.accessKeyDetails.accessKeyId
• resource.accessKeyDetails.principalId
• resource.accessKeyDetails.userName
• resource.accessKeyDetails.userType
• resource.instanceDetails.iamInstanceProfile.id
• resource.instanceDetails.imageId
• resource.instanceDetails.instanceId
• resource.instanceDetails.networkInterfaces.ipv6Addresses
• resource.instanceDetails.networkInterfaces.privateIpAddresses.privateIpAddress
• resource.instanceDetails.networkInterfaces.publicDnsName
• resource.instanceDetails.networkInterfaces.publicIp
• resource.instanceDetails.networkInterfaces.securityGroups.groupId
• resource.instanceDetails.networkInterfaces.securityGroups.groupName
• resource.instanceDetails.networkInterfaces.subnetId
• resource.instanceDetails.networkInterfaces.vpcId
• resource.instanceDetails.tags.key
• resource.instanceDetails.tags.value
• resource.resourceType
• service.action.actionType
• service.action.awsApiCallAction.api
• service.action.awsApiCallAction.callerType
• service.action.awsApiCallAction.remoteIpDetails.city.cityName
• service.action.awsApiCallAction.remoteIpDetails.country.countryName
• service.action.awsApiCallAction.remoteIpDetails.ipAddressV4
• service.action.awsApiCallAction.remoteIpDetails.organization.asn
• service.action.awsApiCallAction.remoteIpDetails.organization.asnOrg
• service.action.awsApiCallAction.serviceName
• service.action.dnsRequestAction.domain
• service.action.networkConnectionAction.blocked
• service.action.networkConnectionAction.connectionDirection
• service.action.networkConnectionAction.localPortDetails.port
• service.action.networkConnectionAction.protocol
• service.action.networkConnectionAction.remoteIpDetails.city.cityName
• service.action.networkConnectionAction.remoteIpDetails.country.countryName
• service.action.networkConnectionAction.remoteIpDetails.ipAddressV4
• service.action.networkConnectionAction.remoteIpDetails.organization.asn
• service.action.networkConnectionAction.remoteIpDetails.organization.asnOrg
• service.action.networkConnectionAction.remotePortDetails.port
• service.additionalInfo.threatListName

• service.archived

  When this attribute is set to 'true', only archived findings are listed. When it's set to 'false', only unarchived findings are listed. When this attribute is not set, all existing findings are listed.

• service.resourceRole
• severity
• type

• updatedAt

  Type: Timestamp in Unix Epoch millisecond format: 1486685375000

Represents the criteria used for sorting findings.

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

The ID of the detector that specifies the GuardDuty service whose findings you want to list.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

The IDs of the findings that you're listing.

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

The maximum number of results to return in the response.

A list of accounts configured as GuardDuty delegated administrators.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

The idempotency token for the create request.

The tags to be added to a new IP set resource.

The unique ID of the detector of the GuardDuty account that you want to create an IPSet for.

The user-friendly name to identify the IPSet.

Allowed characters are alphanumerics, spaces, hyphens (-), and underscores (_).

The format of the file that contains the IPSet.

The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

A Boolean value that indicates whether GuardDuty is to start using the uploaded IPSet.

The response's http status code.

The ID of the IPSet resource.

The unique ID of the detector that the threatIntelSet is associated with.

The unique ID of the threatIntelSet that you want to delete.

The response's http status code.

The updated URI of the file that contains the ThreateIntelSet.

The updated Boolean value that specifies whether the ThreateIntelSet is active or not.

The unique ID that specifies the ThreatIntelSet that you want to update.

The detectorID that specifies the GuardDuty service whose ThreatIntelSet you want to update.

The unique ID that specifies the ThreatIntelSet that you want to update.

The response's http status code.

The unique ID of the detector associated with the GuardDuty administrator account that is monitoring member accounts.

A list of account IDs for the member accounts to stop monitoring.

The response's http status code.

A list of objects that contain an accountId for each account that could not be processed, and a result string that indicates why the account was not processed.

You can use this parameter to paginate results in the response. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

The unique ID of the detector that the threatIntelSet is associated with.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

The IDs of the ThreatIntelSet resources.

The idempotency token for the create request.

The tags to be added to a new threat list resource.

The unique ID of the detector of the GuardDuty account that you want to create a threatIntelSet for.

A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

The format of the file that contains the ThreatIntelSet.

The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

A Boolean value that indicates whether GuardDuty is to start using the uploaded ThreatIntelSet.

The response's http status code.

The ID of the ThreatIntelSet resource.

The unique ID of the detector of the GuardDuty account whose members you want to delete.

A list of account IDs of the GuardDuty member accounts that you want to delete.

The response's http status code.

The accounts that could not be processed.

The Amazon Resource Name (ARN) for the given GuardDuty resource.

The tags associated with the resource.

The response's http status code.

Represents the criteria that is used for querying findings.

The ID of the detector that specifies the GuardDuty service whose findings' statistics you want to retrieve.

The types of finding statistics to retrieve.

The response's http status code.

The finding statistics object.

The unique ID of the detector that the IPSet is associated with.

The unique ID of the IPSet to retrieve.

The tags of the IPSet resource.

The response's http status code.

The user-friendly name for the IPSet.

The format of the file that contains the IPSet.

The URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

The status of IPSet file that was uploaded.

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

A list of invitation descriptions.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

Describes which data sources will be updated.

The detector ID of the administrator account.

A list of member account IDs to be updated.

The response's http status code.

A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

The unique ID of the detector that the threatIntelSet is associated with.

The unique ID of the threatIntelSet that you want to get.

The tags of the threat list resource.

The response's http status code.

A user-friendly ThreatIntelSet name displayed in all findings that are generated by activity that involves IP addresses included in this ThreatIntelSet.

The format of the threatIntelSet.

The URI of the file that contains the ThreatIntelSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

The status of threatIntelSet file uploaded.

A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to delete invitations from.

The response's http status code.

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

The unique ID of the detector of the GuardDuty member account.

The response's http status code.

The administrator account details.

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

The currency unit you would like to view your usage statistics in. Current valid values are USD.

The maximum number of results to return in the response.

The ID of the detector that specifies the GuardDuty service whose usage statistics you want to retrieve.

The type of usage statistics to retrieve.

Represents the criteria used for querying usage.

The usage statistics object. If a UsageStatisticType was provided, the objects representing other types will be null.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

The idempotency token for the create request.

A value that specifies how frequently updated findings are exported.

Describes which data sources will be enabled for the detector.

The tags to be added to a new detector resource.

A Boolean value that specifies whether the detector is to be enabled.

The unique ID of the created detector.

The response's http status code.

A list of account IDs of the AWS accounts that sent invitations to the current member account that you want to decline invitations from.

The response's http status code.

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

The ID of the detector to retrieve information about the delegated administrator from.

Describes which data sources are enabled automatically for member accounts.

The response's http status code.

Indicates whether GuardDuty is automatically enabled for accounts added to the organization.

Indicates whether the maximum number of allowed member accounts are already associated with the delegated administrator account for your organization.

The idempotency token for the request.

The ID of the GuardDuty detector associated with the publishing destination.

The type of resource for the publishing destination. Currently only Amazon S3 buckets are supported.

The properties of the publishing destination, including the ARNs for the destination and the KMS key used for encryption.

The response's http status code.

The ID of the publishing destination that is created.

Represents the criteria to be used in the filter for querying findings.

Specifies the action that is to be applied to the findings that match the filter.

The description of the filter.

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

The unique ID of the detector that specifies the GuardDuty service where you want to update a filter.

The name of the filter.

The response's http status code.

The name of the filter.

The unique ID of the detector that the filter is associated with.

The name of the filter that you want to delete.

The response's http status code.

The unique ID of the detector of the GuardDuty account whose members you want to disassociate from the administrator account.

A list of account IDs of the GuardDuty member accounts that you want to disassociate from the administrator account.

The response's http status code.

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

The unique ID of the detector of the GuardDuty member account.

The response's http status code.

The unique ID of the detector of the GuardDuty member account.

The account ID of the GuardDuty administrator account whose invitation you're accepting.

The value that is used to validate the administrator account to the member account.

The response's http status code.

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

The unique ID of the detector that the filter is associated with.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

A list of filter names.

Specifies whether to only return associated members or to return all members (including members who haven't been invited yet or have been disassociated).

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

The unique ID of the detector the member is associated with.

A list of members.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

The maximum number of results to return in the response.

The ID of the detector to retrieve publishing destinations for.

A token to use for paginating results that are returned in the response. Set the value of this parameter to null for the first request to a list action. For subsequent calls, use the NextToken value returned from the previous request to continue listing results after the first page.

The response's http status code.

A Destinations object that includes information about each publishing destination returned.

The unique ID of the detector associated with the publishing destination to delete.

The ID of the publishing destination to delete.

The response's http status code.

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

The ID of the detector associated with the publishing destinations to update.

The ID of the publishing destination to update.

The response's http status code.

The unique ID of the detector that you want to get.

The timestamp of when the detector was created.

The publishing frequency of the finding.

Describes which data sources are enabled for the detector.

The last-updated timestamp for the detector.

The tags of the detector resource.

The response's http status code.

The GuardDuty service role.

The detector status.

The types of sample findings to generate.

The ID of the detector to create sample findings for.

The response's http status code.

The ID of the detector that specifies the GuardDuty service whose findings you want to archive.

The IDs of the findings that you want to archive.

The response's http status code.

The unique ID of the detector of the GuardDuty account that you want to associate member accounts with.

A list of account ID and email address pairs of the accounts that you want to associate with the GuardDuty administrator account.

The response's http status code.

A list of objects that include the accountIds of the unprocessed accounts and a result string that explains why each was unprocessed.

The ID of the detector associated with the findings to unarchive.

The IDs of the findings to unarchive.

The response's http status code.

The detector ID for the administrator account.

The account ID of the member account.

The response's http status code.

An object that describes which data sources are enabled for a member account.

A list of member account IDs that were unable to be processed along with an explanation for why they were not processed.

The number of received invitations.

The response's http status code.

The unique ID of the detector of the GuardDuty administrator account associated with the member accounts to monitor.

A list of account IDs of the GuardDuty member accounts to start monitoring.

The response's http status code.

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

Describes which data sources will be updated.

The ID of the detector to update the delegated administrator for.

Indicates whether to automatically enable member accounts in the organization.

The response's http status code.

A Boolean value that specifies whether you want to disable email notification to the accounts that you are inviting to GuardDuty as members.

The invitation message that you want to send to the accounts that you're inviting to GuardDuty as members.

The unique ID of the detector of the GuardDuty account that you want to invite members with.

A list of account IDs of the accounts that you want to invite to GuardDuty as members.

The response's http status code.

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

The unique ID of the detector associated with the IPSet.

The unique ID of the IPSet to delete.

The response's http status code.

The updated URI of the file that contains the IPSet. For example: https://s3.us-west-2.amazonaws.com/my-bucket/my-object-key.

The updated Boolean value that specifies whether the IPSet is active or not.

The unique ID that specifies the IPSet that you want to update.

The detectorID that specifies the GuardDuty service whose IPSet you want to update.

The unique ID that specifies the IPSet that you want to update.

The response's http status code.

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

You can use this parameter to indicate the maximum number of items you want in the response. The default value is 50. The maximum value is 50.

The unique ID of the detector that the IPSet is associated with.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

The IDs of the IPSet resources.

The unique ID of the detector of the GuardDuty account whose members you want to retrieve.

A list of account IDs of the GuardDuty member accounts that you want to describe.

The response's http status code.

A list of members.

A list of objects that contain the unprocessed account and a result string that explains why it was unprocessed.

The unique ID of the detector associated with the publishing destination to retrieve.

The ID of the publishing destination to retrieve.

The response's http status code.

The ID of the publishing destination.

The type of publishing destination. Currently, only Amazon S3 buckets are supported.

The status of the publishing destination.

The time, in epoch millisecond format, at which GuardDuty was first unable to publish findings to the destination.

A DestinationProperties object that includes the DestinationArn and KmsKeyArn of the publishing destination.

The Amazon Resource Name (ARN) for the GuardDuty resource to apply a tag to.

The tags to be added to a resource.

The response's http status code.

Represents the criteria used for sorting findings.

The ID of the detector that specifies the GuardDuty service whose findings you want to retrieve.

The IDs of the findings that you want to retrieve.

The response's http status code.

A list of findings.

You can use this parameter when paginating results. Set the value of this parameter to null on your first call to the list action. For subsequent calls to the action, fill nextToken in the request with the value of NextToken from the previous response to continue listing data.

You can use this parameter to indicate the maximum number of items that you want in the response. The default value is 50. The maximum value is 50.

The pagination parameter to be used on the next list operation to retrieve more items.

The response's http status code.

A list of detector IDs.

The Amazon Resource Name (ARN) for the resource to remove tags from.

The tag keys to remove from the resource.

The response's http status code.

An enum value that specifies how frequently findings are exported, such as to CloudWatch Events.

Describes which data sources will be updated.

Specifies whether the detector is enabled or not enabled.

The unique ID of the detector to update.

The response's http status code.

The unique ID of the detector that you want to delete.

The response's http status code.

Additional feedback about the GuardDuty findings.

The ID of the detector associated with the findings to update feedback for.

The IDs of the findings that you want to mark as useful or not useful.

The feedback for the finding.

The response's http status code.

The unique ID of the detector that the filter is associated with.

The name of the filter you want to get.

The description of the filter.

Specifies the position of the filter in the list of current filters. Also specifies the order in which this filter is applied to the findings.

The tags of the filter resource.

The response's http status code.

The name of the filter.

Specifies the action that is to be applied to the findings that match the filter.

Represents the criteria to be used in the filter for querying findings.

The AWS Account ID for the organizations account to be disabled as a GuardDuty delegated administrator.

The response's http status code.

A value that indicates whether public write access for the bucket is enabled through an Access Control List (ACL).

A value that indicates whether public read access for the bucket is enabled through an Access Control List (ACL).

The principal ID of the user.

The name of the user.

The access key ID of the user.

The type of the user.

The member account ID.

The email address of the member account.

Describes the S3 Block Public Access settings of the bucket's parent account.

Information about the NETWORK_CONNECTION action described in this finding.

Information about the PORT_PROBE action described in this finding.

The GuardDuty finding activity type.

Information about the DNS_REQUEST action described in this finding.

Information about the AWS_API_CALL action described in this finding.

The AWS account ID for the account.

Indicates whether the account is enabled as the delegated administrator.

The remote IP information of the connection that initiated the AWS API call.

The AWS API caller type.

The domain information for the AWS API call.

The AWS service name whose API was invoked.

The error code of the failed AWS API action.

The AWS API name.

Indicates if S3 Block Public Access is set to IgnorePublicAcls.

Indicates if S3 Block Public Access is set to BlockPublicAcls.

Indicates if S3 Block Public Access is set to RestrictPublicBuckets.

Indicates if S3 Block Public Access is set to BlockPublicPolicy.

Contains information on how Access Control Policies are applied to the bucket.

Contains information on which account level S3 Block Public Access settings are applied to the S3 bucket.

Contains information on the bucket policies for the S3 bucket.

A value that indicates whether public write access for the bucket is enabled through a bucket policy.

A value that indicates whether public read access for the bucket is enabled through a bucket policy.

The city name of the remote IP address.

Describes whether CloudTrail is enabled as a data source for the detector.

Represents the equal condition to be applied to a single field when querying for findings.

Represents a less than condition to be applied to a single field when querying for findings.

Represents a less than or equal condition to be applied to a single field when querying for findings.

Represents a greater than or equal condition to be applied to a single field when querying for findings.

Represents a less than or equal condition to be applied to a single field when querying for findings.

Represents a greater than condition to be applied to a single field when querying for findings.

Represents an equal ____ condition to be applied to a single field when querying for findings.

Represents the not equal condition to be applied to a single field when querying for findings.

Represents a not equal ____ condition to be applied to a single field when querying for findings.

Represents a less than condition to be applied to a single field when querying for findings.

Represents a greater than or equal condition to be applied to a single field when querying for findings.

Represents a greater than condition to be applied to a single field when querying for findings.

The country name of the remote IP address.

The country code of the remote IP address.

Denotes whether DNS logs is enabled as a data source.

Describes whether S3 data event logs are enabled as a data source.

An object that contains information on the status of CloudTrail as a data source.

An object that contains information on the status of DNS logs as a data source.

An object that contains information on the status of VPC flow logs as a data source.

An object that contains information on the status of S3 Data event logs as a data source.

The type of encryption used for objects within the S3 bucket.

The Amazon Resource Name (ARN) of the KMS encryption key. Only available if the bucket EncryptionType is aws:kms.

The unique ID of the publishing destination.

The type of resource used for the publishing destination. Currently, only Amazon S3 buckets are supported.

The status of the publishing destination.

The ARN of the KMS key to use for encryption.

The ARN of the resource to publish to.

The domain information for the API request.

The domain information for the AWS API call.

A list of threat intelligence details related to the evidence.

Undocumented member.

The confidence score for the finding.

The partition associated with the finding.

The title of the finding.

The description of the finding.

The ID of the account in which the finding was generated.

The ARN of the finding.

The time and date when the finding was created.

The ID of the finding.

The Region where the finding was generated.

Undocumented member.

The version of the schema used for the finding.

The severity of the finding.

The type of finding.

The time and date when the finding was last updated.

Represents a map of finding properties that match specified conditions and values when querying findings.

Represents a map of severity to count statistics for a set of findings.

Denotes whether VPC flow logs is enabled as a data source.

The latitude information of the remote IP address.

The longitude information of the remote IP address.

The profile ARN of the EC2 instance.

The profile ID of the EC2 instance.

The ID of the EC2 instance.

The platform of the EC2 instance.

The launch time of the EC2 instance.

The elastic network interface information of the EC2 instance.

The Amazon Resource Name (ARN) of the AWS Outpost. Only applicable to AWS Outposts instances.

The type of the EC2 instance.

The Availability Zone of the EC2 instance.

The profile information of the EC2 instance.

The image ID of the EC2 instance.

The product code of the EC2 instance.

The state of the EC2 instance.

The tags of the EC2 instance.

The image description of the EC2 instance.

The timestamp when the invitation was sent.

The status of the relationship between the inviter and invitee accounts.

The ID of the invitation. This value is used to validate the inviter account to the member account.

The ID of the account that the invitation was sent from.

The IPv4 local address of the connection.

The port name of the local connection.

The port number of the local connection.

The timestamp when the invitation was sent.

The status of the relationship between the administrator and member accounts.

The value used to validate the administrator account to the member account.

The ID of the account used as the administrator account.

The timestamp when the invitation was sent.

The detector ID of the member account.

The ID of the member account.

The administrator account ID.

The email address of the member account.

The status of the relationship between the member and the administrator.

The last-updated timestamp of the member.

The account ID for the member account.

Contains information on the status of data sources for the account.

The remote IP information of the connection.

The network connection protocol.

The local IP information of the connection.

The remote port information of the connection.

Indicates whether EC2 blocked the network connection to your instance.

The network connection direction.

The local port information of the connection.

Other private IP address information of the EC2 instance.

The public DNS name of the EC2 instance.

The security groups associated with the EC2 instance.

The VPC ID of the EC2 instance.

The ID of the network interface.

The subnet ID of the EC2 instance.

The private IP address of the EC2 instance.

The public IP address of the EC2 instance.

The private DNS name of the EC2 instance.

A list of IPv6 addresses for the EC2 instance.

The name of the internet provider.