How do I apply the longer ID format when creating these resources?

Amazon EC2 instance and reservation IDs, and volume and snapshot IDs for Amazon Elastic Block Store (EBS) and AWS Storage Gateway, are changing to a longer format; after early December 2016, all newly created instances, reservations, volumes, and snapshots will be required to use the longer ID format.

Solutions that interact with AWS resources via APIs, SDKs, or the AWS CLI can be affected by this change if the underlying software makes assumptions about the ID format when validating or persisting resource IDs. In order to enable the long-term, uninterrupted creation of new instances, reservations, volumes, and snapshots, AWS has introduced a longer ID format for these resources. You can choose to apply the longer ID format for new EC2, EBS, and Storage Gateway resource IDs using the AWS Management Console, the AWS Command Line Interface (CLI), the AWS Tools for Windows PowerShell, or through an Amazon EC2 API function.

Before you begin, check with the administrator of your AWS account(s) and review your permissions. Users who access an account through Identity and Access Management (IAM) might have limited permissions, and will only be allowed to make changes to resources that they have been given access to. For more information and recommendations regarding IAM permissions, see IAM Best Practices.

The console currently supports setting the opt-in preference for the user or role that is signed in to the console, one AWS region at a time. You cannot set the preference of other ARNs on the console. If you have full access to EC2 resources and actions, you can set the opt-in preference for the other ARNs on the account using the AWS CLI.

To opt in using the Amazon EC2 console:

  1. Sign in to the EC2 console.
  2. Under Account Attributes in the upper-right, choose Resource ID length management.
  3. For each resource type you want to use with longer resource IDs, check the box under Use Longer IDs.
  4. Repeat this process for any other regions in which you want to use longer resource IDs.

You can also use this page to opt out of using longer instance IDs for new EC2 reservations, instances, volumes, or snapshots that are created before the December 2016 deadline.

If you have not already updated the opt-in settings for specific IAM users or roles, you can use the AWS CLI as the root account user to set opt-in preferences for all users on the account.

To opt in using the AWS CLI, use the modify-identity-id-format command, specifying the desired ARN, resource type, and AWS account number:

aws ec2 modify-identity-id-format --principal-arn arn:aws:iam::YOURAWSACCOUNTNUMBER:root --resource instance --use-long-ids

You can also opt in for all users and roles on an account by using the all flag:

aws ec2 modify-identity-id-format --principal-arn all --resource instance --use-long-ids

You can opt out of longer resource IDs by using the following AWS CLI command:

aws ec2 modify-identity-id-format --principal-arn arn:aws:iam::YOURAWSACCOUNTNUMBER:root --resource instance --no-use-long-ids

Run the describe-identity-id-format command to view ID format settings for your resource types:

aws ec2 describe-id-format --principal-arn arn:aws:iam::YOURAWSACCOUNTNUMBER:root
{
    "Statuses": [
        {
            "UseLongIds": false,
            "Resource": "reservation"
        },
        {
            "UseLongIds": false,
            "Resource": "instance"
        },
        {
            "UseLongIds": false,
            "Resource": "volume"
        },
        {
            "UseLongIds": false,
            "Resource": "snapshot"
        }
    ]
}

Note: The modify-identity-id-format and describe-identity-id-format commands apply only to resource types in the default region specified in your AWS CLI profile. If you want to apply these commands to resource types in a different region, append these commands with the --region switch followed by the region name. For example, if the default region for your AWS CLI profile is us-west-2, you could override the default by appending "--region us-east-1" to the modify-identity-id-format and describe-identity-id-format commands. For more information about setting default values for your AWS CLI profile, see Configuring the AWS Command Line Interface.

Important

If you opt in to using longer AWS resource IDs, upgrade to the following versions to continue using the AWS CLI and SDKs:

You can use the ec2-migrate-longer-id script offered by AWS Labs:

1.    If you don’t have one already, create an IAM role with an IAM policy that grants it permissions to perform the DescribeIdentityIdFormat, DescribeIdFormat, ModifyIdentityIdFormat, and ModifyIdFormat EC2 API actions. For example, a policy similar to the following grants the necessary permissions in all AWS regions:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Stmt1475629910094",
            "Action": [
                "ec2:DescribeIdentityIdFormat",
                "ec2:DescribeIdFormat",
                "ec2:ModifyIdentityIdFormat",
                "ec2:ModifyIdFormat"
            ],
            "Effect": "Allow",
            "Resource": "*"
        }
    ]
}

2.    Launch an EC2 instance that uses the IAM role.

3.    Install the ec2-migrate-longer-id script on the EC2 instance.
Note: Make sure to read and follow the instructions in the attached readme file.

4.    After you install the script on your EC2 instance and follow the instructions in the readme file, run the following command from the EC2 instance you launched:

./migratelongerids.py

After the script has finished running, by default, the script will print your current longer EC2 resource ID opt-in settings.

To opt in to longer resource IDs using a Linux shell script, run the following command:

OptIn.sh

ARN=arn:aws:iam::YOURAWSACCOUNTNUMBER:root

for REGION in eu-west-1 ap-southeast-1 ap-southeast-2 eu-central-1 ap-northeast-2 ap-northeast-1 us-east-1 sa-east-1 us-west-1 us-west-2; do

    for i in instance volume snapshot reservation; do

        aws ec2 modify-identity-id-format --principal-arn $ARN --region $REGION --resource $i --use-long-ids

    done

done

To opt in using the AWS Tools for Windows PowerShell, run the Edit-EC2IdentityIdFormat cmdlet and specify the desired ARN and resource type.

Make sure to substitute your AWS account number for YOURAWSACCOUNTNUMBER:

PS C:\> Edit-EC2IdentityIdFormat -PrincipalArn arn:aws:iam::YOURAWSACCOUNTNUMBER:root -Resource instance -UseLongId $true

You can opt out by doing the following:

PS C:\> Edit-EC2IdentityIdFormat -PrincipalArn arn:aws:iam::YOURAWSACCOUNTNUMBER:root -Resource instance -UseLongId $false 

Run the Get-EC2IdentityIDFormat cmdlet to view ID format settings for your resource types in the specified region:

PS C:\> Get-EC2IdentityIDFormat -PrincipalArn arn:aws:iam::YOURAWSACCOUNTNUMBER:root -Region us-west-2

 

Deadline             Resource           UseLongIds

--------             --------           ----------

1/1/0001 12:00:00 AM reservation        True

1/1/0001 12:00:00 AM instance           False

1/1/0001 12:00:00 AM volume             True

1/1/0001 12:00:00 AM snapshot           True

The following Windows PowerShell script can be used to modify ID formats for resource types in all regions:

OptIn.PS1

(Get-AWSRegion).Region | foreach {

Write-Host "Enabling long IDs for reservations, instances, volumes and snapshots in $($_)"

Edit-EC2IdentityIdFormat -PrincipalArn arn:aws:iam::YOURAWSACCOUNTNUMBER:root -Resource reservation -UseLongId $true -Region $_;

Edit-EC2IdentityIdFormat -PrincipalArn arn:aws:iam::YOURAWSACCOUNTNUMBER:root -Resource instance -UseLongId $true -Region $_;

Edit-EC2IdentityIdFormat -PrincipalArn arn:aws:iam::YOURAWSACCOUNTNUMBER:root -Resource volume -UseLongId $true -Region $_;

Edit-EC2IdentityIdFormat -PrincipalArn arn:aws:iam::YOURAWSACCOUNTNUMBER:root -Resource snapshot -UseLongId $true -Region $_;

}

Note: The Edit-EC2IdentityIdFormat and Get-EC2IdentityIDFormat cmdlets apply only to resource types in the default region specified by your AWS Tools for PowerShell configuration. If you want to apply these cmdlets to resource types in a different region, append these cmdlets with the -Region switch followed by the region name. For example, if the default region for your AWS Tools for PowerShell configuration is us-west-2, you could override the default by appending -Region us-east-1 to the Edit-EC2IdentityIdFormat and Get-EC2IdentityIDFormat cmdlets. To specify a default region for your AWS Tools for PowerShell configuration, use the Set-DefaultAWSRegion cmdlet as described in Specifying AWS Regions. To determine the current default region for your shell configuration, if any, use the Get-DefaultAWSRegion cmdlet.

To opt in from your own tools or application code, call the ModifyIdentityIdFormat function, specify the resource type, and set the UseLongIds parameter to True.

Amazon EC2, Amazon EBS, AWS Storage Gateway, resource IDs, volume, snapshot, reservation, instance, LongIDs, resource ID length management, modify-identity-id-format, modify-id-format, describe-identity-id-format, describe-id-format, shell script, Edit-EC2IdentityIdFormat, Edit-EC2IdFormat, Get-EC2IdentityIDFormat, Get-EC2IdFormat, PS1, cmdlet


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2016-07-21

Updated: 2016-11-16