2023/11/17 - Amazon Elastic Compute Cloud - 6 new34 updated api methods
Changes This release adds new features for Amazon VPC IP Address Manager (IPAM) Allowing a choice between Free and Advanced Tiers, viewing public IP address insights across regions and in Amazon Cloudwatch, use IPAM to plan your subnet IPs within a VPC and bring your own autonomous system number to IPAM.
Provisions your Autonomous System Number (ASN) for use in your Amazon Web Services account. This action requires authorization context for Amazon to bring the ASN to an Amazon Web Services account. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
See also: AWS API Documentation
Request Syntax
client.provision_ipam_byoasn(
DryRun=True|False,
IpamId='string',
Asn='string',
AsnAuthorizationContext={
'Message': 'string',
'Signature': 'string'
}
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
An IPAM ID.
string
[REQUIRED]
A public 2-byte or 4-byte ASN.
dict
[REQUIRED]
An ASN authorization context.
Message (string) -- [REQUIRED]
The authorization context's message.
Signature (string) -- [REQUIRED]
The authorization context's signature.
dict
Response Syntax
{
'Byoasn': {
'Asn': 'string',
'IpamId': 'string',
'StatusMessage': 'string',
'State': 'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'
}
}
Response Structure
(dict) --
Byoasn (dict) --
An ASN and BYOIP CIDR association.
Asn (string) --
A public 2-byte or 4-byte ASN.
IpamId (string) --
An IPAM ID.
StatusMessage (string) --
The status message.
State (string) --
The provisioning state of the BYOASN.
Remove the association between your Autonomous System Number (ASN) and your BYOIP CIDR. You may want to use this action to disassociate an ASN from a CIDR or if you want to swap ASNs. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
See also: AWS API Documentation
Request Syntax
client.disassociate_ipam_byoasn(
DryRun=True|False,
Asn='string',
Cidr='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
A public 2-byte or 4-byte ASN.
string
[REQUIRED]
A BYOIP CIDR.
dict
Response Syntax
{
'AsnAssociation': {
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
}
}
Response Structure
(dict) --
AsnAssociation (dict) --
An ASN and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
Describes your Autonomous System Numbers (ASNs), their provisioning statuses, and the BYOIP CIDRs with which they are associated. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
See also: AWS API Documentation
Request Syntax
client.describe_ipam_byoasn(
DryRun=True|False,
MaxResults=123,
NextToken='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
integer
The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
string
The token for the next page of results.
dict
Response Syntax
{
'Byoasns': [
{
'Asn': 'string',
'IpamId': 'string',
'StatusMessage': 'string',
'State': 'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Byoasns (list) --
ASN and BYOIP CIDR associations.
(dict) --
The Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
A public 2-byte or 4-byte ASN.
IpamId (string) --
An IPAM ID.
StatusMessage (string) --
The status message.
State (string) --
The provisioning state of the BYOASN.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Associates your Autonomous System Number (ASN) with a BYOIP CIDR that you own in the same Amazon Web Services Region. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
After the association succeeds, the ASN is eligible for advertisement. You can view the association with DescribeByoipCidrs. You can advertise the CIDR with AdvertiseByoipCidr.
See also: AWS API Documentation
Request Syntax
client.associate_ipam_byoasn(
DryRun=True|False,
Asn='string',
Cidr='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
A public 2-byte or 4-byte ASN.
string
[REQUIRED]
The BYOIP CIDR you want to associate with an ASN.
dict
Response Syntax
{
'AsnAssociation': {
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
}
}
Response Structure
(dict) --
AsnAssociation (dict) --
The ASN and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
Gets the public IP addresses that have been discovered by IPAM.
See also: AWS API Documentation
Request Syntax
client.get_ipam_discovered_public_addresses(
DryRun=True|False,
IpamResourceDiscoveryId='string',
AddressRegion='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
An IPAM resource discovery ID.
string
[REQUIRED]
The Amazon Web Services Region for the IP address.
list
Filters.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
string
The token for the next page of results.
integer
The maximum number of IPAM discovered public addresses to return in one page of results.
dict
Response Syntax
{
'IpamDiscoveredPublicAddresses': [
{
'IpamResourceDiscoveryId': 'string',
'AddressRegion': 'string',
'Address': 'string',
'AddressOwnerId': 'string',
'AddressAllocationId': 'string',
'AssociationStatus': 'associated'|'disassociated',
'AddressType': 'service-managed-ip'|'service-managed-byoip'|'amazon-owned-eip'|'byoip'|'ec2-public-ip',
'Service': 'nat-gateway'|'database-migration-service'|'redshift'|'elastic-container-service'|'relational-database-service'|'site-to-site-vpn'|'load-balancer'|'global-accelerator'|'other',
'ServiceResource': 'string',
'VpcId': 'string',
'SubnetId': 'string',
'PublicIpv4PoolId': 'string',
'NetworkInterfaceId': 'string',
'NetworkInterfaceDescription': 'string',
'InstanceId': 'string',
'Tags': {
'EipTags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'NetworkBorderGroup': 'string',
'SecurityGroups': [
{
'GroupName': 'string',
'GroupId': 'string'
},
],
'SampleTime': datetime(2015, 1, 1)
},
],
'OldestSampleTime': datetime(2015, 1, 1),
'NextToken': 'string'
}
Response Structure
(dict) --
IpamDiscoveredPublicAddresses (list) --
IPAM discovered public addresses.
(dict) --
A public IP Address discovered by IPAM.
IpamResourceDiscoveryId (string) --
The resource discovery ID.
AddressRegion (string) --
The Region of the resource the IP address is assigned to.
Address (string) --
The IP address.
AddressOwnerId (string) --
The ID of the owner of the resource the IP address is assigned to.
AddressAllocationId (string) --
The allocation ID of the resource the IP address is assigned to.
AssociationStatus (string) --
The association status.
AddressType (string) --
The IP address type.
Service (string) --
The Amazon Web Services service associated with the IP address.
ServiceResource (string) --
The resource ARN or ID.
VpcId (string) --
The ID of the VPC that the resource with the assigned IP address is in.
SubnetId (string) --
The ID of the subnet that the resource with the assigned IP address is in.
PublicIpv4PoolId (string) --
The ID of the public IPv4 pool that the resource with the assigned IP address is from.
NetworkInterfaceId (string) --
The network interface ID of the resource with the assigned IP address.
NetworkInterfaceDescription (string) --
The description of the network interface that IP address is assigned to.
InstanceId (string) --
The instance ID of the instance the assigned IP address is assigned to.
Tags (dict) --
Tags associated with the IP address.
EipTags (list) --
Tags for an Elastic IP address.
(dict) --
A tag for a public IP address discovered by IPAM.
Key (string) --
The tag's key.
Value (string) --
The tag's value.
NetworkBorderGroup (string) --
The network border group that the resource that the IP address is assigned to is in.
SecurityGroups (list) --
Security groups associated with the resource that the IP address is assigned to.
(dict) --
The security group that the resource with the public IP address is in.
GroupName (string) --
The security group's name.
GroupId (string) --
The security group's ID.
SampleTime (datetime) --
The last successful resource discovery time.
OldestSampleTime (datetime) --
The oldest successful resource discovery time.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Deprovisions your Autonomous System Number (ASN) from your Amazon Web Services account. This action can only be called after any BYOIP CIDR associations are removed from your Amazon Web Services account with DisassociateIpamByoasn. For more information, see Tutorial: Bring your ASN to IPAM in the Amazon VPC IPAM guide.
See also: AWS API Documentation
Request Syntax
client.deprovision_ipam_byoasn(
DryRun=True|False,
IpamId='string',
Asn='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The IPAM ID.
string
[REQUIRED]
An ASN.
dict
Response Syntax
{
'Byoasn': {
'Asn': 'string',
'IpamId': 'string',
'StatusMessage': 'string',
'State': 'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'
}
}
Response Structure
(dict) --
Byoasn (dict) --
An ASN and BYOIP CIDR association.
Asn (string) --
A public 2-byte or 4-byte ASN.
IpamId (string) --
An IPAM ID.
StatusMessage (string) --
The status message.
State (string) --
The provisioning state of the BYOASN.
{'Asn': 'string'}
Response {'ByoipCidr': {'AsnAssociations': [{'Asn': 'string',
'Cidr': 'string',
'State': 'disassociated | '
'failed-disassociation | '
'failed-association | '
'pending-disassociation | '
'pending-association | associated',
'StatusMessage': 'string'}]}}
Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).
You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.
We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.
It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.
To stop advertising the BYOIP CIDR, use WithdrawByoipCidr.
See also: AWS API Documentation
Request Syntax
client.advertise_byoip_cidr(
Cidr='string',
Asn='string',
DryRun=True|False
)
string
[REQUIRED]
The address range, in CIDR notation. This must be the exact range that you provisioned. You can't advertise only a portion of the provisioned range.
string
The public 2-byte or 4-byte ASN that you want to advertise.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
dict
Response Syntax
{
'ByoipCidr': {
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable'
}
}
Response Structure
(dict) --
ByoipCidr (dict) --
Information about the address range.
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address pool.
{'AllowedCidrs': ['string']}
Response {'IpamPoolAllocation': {'ResourceType': {'subnet'}}}
Allocate a CIDR from an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
In IPAM, an allocation is a CIDR assignment from an IPAM pool to another IPAM pool or to a resource. For more information, see Allocate CIDRs in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.allocate_ipam_pool_cidr(
DryRun=True|False,
IpamPoolId='string',
Cidr='string',
NetmaskLength=123,
ClientToken='string',
Description='string',
PreviewNextCidr=True|False,
AllowedCidrs=[
'string',
],
DisallowedCidrs=[
'string',
]
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM pool from which you would like to allocate a CIDR.
string
The CIDR you would like to allocate from the IPAM pool. Note the following:
If there is no DefaultNetmaskLength allocation rule set on the pool, you must specify either the NetmaskLength or the CIDR.
If the DefaultNetmaskLength allocation rule is set on the pool, you can specify either the NetmaskLength or the CIDR and the DefaultNetmaskLength allocation rule will be ignored.
Possible values: Any available IPv4 or IPv6 CIDR.
integer
The netmask length of the CIDR you would like to allocate from the IPAM pool. Note the following:
If there is no DefaultNetmaskLength allocation rule set on the pool, you must specify either the NetmaskLength or the CIDR.
If the DefaultNetmaskLength allocation rule is set on the pool, you can specify either the NetmaskLength or the CIDR and the DefaultNetmaskLength allocation rule will be ignored.
Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.
This field is autopopulated if not provided.
string
A description for the allocation.
boolean
A preview of the next available CIDR in a pool.
list
Include a particular CIDR range that can be returned by the pool. Allowed CIDRs are only allowed if using netmask length for allocation.
(string) --
list
Exclude a particular CIDR range from being returned by the pool. Disallowed CIDRs are only allowed if using netmask length for allocation.
(string) --
dict
Response Syntax
{
'IpamPoolAllocation': {
'Cidr': 'string',
'IpamPoolAllocationId': 'string',
'Description': 'string',
'ResourceId': 'string',
'ResourceType': 'ipam-pool'|'vpc'|'ec2-public-ipv4-pool'|'custom'|'subnet',
'ResourceRegion': 'string',
'ResourceOwner': 'string'
}
}
Response Structure
(dict) --
IpamPoolAllocation (dict) --
Information about the allocation created.
Cidr (string) --
The CIDR for the allocation. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is 10.24.34.0/23. An IPv6 CIDR example is 2001:DB8::/32.
IpamPoolAllocationId (string) --
The ID of an allocation.
Description (string) --
A description of the pool allocation.
ResourceId (string) --
The ID of the resource.
ResourceType (string) --
The type of the resource.
ResourceRegion (string) --
The Amazon Web Services Region of the resource.
ResourceOwner (string) --
The owner of the resource.
{'Ipv6IpamPoolId': 'string', 'Ipv6NetmaskLength': 'integer'}
Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet.
See also: AWS API Documentation
Request Syntax
client.associate_subnet_cidr_block(
Ipv6CidrBlock='string',
SubnetId='string',
Ipv6IpamPoolId='string',
Ipv6NetmaskLength=123
)
string
The IPv6 CIDR block for your subnet.
string
[REQUIRED]
The ID of your subnet.
string
An IPv6 IPAM pool ID.
integer
An IPv6 netmask length.
dict
Response Syntax
{
'Ipv6CidrBlockAssociation': {
'AssociationId': 'string',
'Ipv6CidrBlock': 'string',
'Ipv6CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
}
},
'SubnetId': 'string'
}
Response Structure
(dict) --
Ipv6CidrBlockAssociation (dict) --
Information about the IPv6 association.
AssociationId (string) --
The ID of the association.
Ipv6CidrBlock (string) --
The IPv6 CIDR block.
Ipv6CidrBlockState (dict) --
The state of the CIDR block.
State (string) --
The state of a CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
SubnetId (string) --
The ID of the subnet.
{'Tier': 'free | advanced'}
Response {'Ipam': {'StateMessage': 'string', 'Tier': 'free | advanced'}}
Create an IPAM. Amazon VPC IP Address Manager (IPAM) is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization.
For more information, see Create an IPAM in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.create_ipam(
DryRun=True|False,
Description='string',
OperatingRegions=[
{
'RegionName': 'string'
},
],
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
ClientToken='string',
Tier='free'|'advanced'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
A description for the IPAM.
list
The operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
(dict) --
Add an operating Region to an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
RegionName (string) --
The name of the operating Region.
list
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.
This field is autopopulated if not provided.
string
IPAM is offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.
dict
Response Syntax
{
'Ipam': {
'OwnerId': 'string',
'IpamId': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'PublicDefaultScopeId': 'string',
'PrivateDefaultScopeId': 'string',
'ScopeCount': 123,
'Description': 'string',
'OperatingRegions': [
{
'RegionName': 'string'
},
],
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'DefaultResourceDiscoveryId': 'string',
'DefaultResourceDiscoveryAssociationId': 'string',
'ResourceDiscoveryAssociationCount': 123,
'StateMessage': 'string',
'Tier': 'free'|'advanced'
}
}
Response Structure
(dict) --
Ipam (dict) --
Information about the IPAM created.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM.
IpamId (string) --
The ID of the IPAM.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM.
PublicDefaultScopeId (string) --
The ID of the IPAM's default public scope.
PrivateDefaultScopeId (string) --
The ID of the IPAM's default private scope.
ScopeCount (integer) --
The number of scopes in the IPAM. The scope quota is 5. For more information on quotas, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
Description (string) --
The description for the IPAM.
OperatingRegions (list) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
(dict) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
RegionName (string) --
The name of the operating Region.
State (string) --
The state of the IPAM.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
DefaultResourceDiscoveryId (string) --
The IPAM's default resource discovery ID.
DefaultResourceDiscoveryAssociationId (string) --
The IPAM's default resource discovery association ID.
ResourceDiscoveryAssociationCount (integer) --
The IPAM's resource discovery association count.
StateMessage (string) --
The state message.
Tier (string) --
IPAM is offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.
{'SourceResource': {'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceType': 'vpc'}}
Response {'IpamPool': {'SourceResource': {'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceType': 'vpc'}}}
Create an IP address pool for Amazon VPC IP Address Manager (IPAM). In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.
For more information, see Create a top-level pool in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.create_ipam_pool(
DryRun=True|False,
IpamScopeId='string',
Locale='string',
SourceIpamPoolId='string',
Description='string',
AddressFamily='ipv4'|'ipv6',
AutoImport=True|False,
PubliclyAdvertisable=True|False,
AllocationMinNetmaskLength=123,
AllocationMaxNetmaskLength=123,
AllocationDefaultNetmaskLength=123,
AllocationResourceTags=[
{
'Key': 'string',
'Value': 'string'
},
],
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
ClientToken='string',
AwsService='ec2',
PublicIpSource='amazon'|'byoip',
SourceResource={
'ResourceId': 'string',
'ResourceType': 'vpc',
'ResourceRegion': 'string',
'ResourceOwner': 'string'
}
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the scope in which you would like to create the IPAM pool.
string
In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you do not choose a locale, resources in Regions others than the IPAM's home region cannot use CIDRs from this pool.
Possible values: Any Amazon Web Services Region, such as us-east-1.
string
The ID of the source IPAM pool. Use this option to create a pool within an existing pool. Note that the CIDR you provision for the pool within the source pool must be available in the source pool's CIDR range.
string
A description for the IPAM pool.
string
[REQUIRED]
The IP protocol assigned to this IPAM pool. You must choose either IPv4 or IPv6 protocol for a pool.
boolean
If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.
A locale must be set on the pool for this feature to work.
boolean
Determines if the pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4.
integer
The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
integer
The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
integer
The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.
list
Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.
(dict) --
A tag on an IPAM resource.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value for the tag.
list
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.
This field is autopopulated if not provided.
string
Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
string
The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is byoip. For more information, see Create IPv6 pools in the Amazon VPC IPAM User Guide. By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool if PublicIpSource is amazon. For information on increasing the default limit, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.
dict
The resource used to provision CIDRs to a resource planning pool.
ResourceId (string) --
The source resource ID.
ResourceType (string) --
The source resource type.
ResourceRegion (string) --
The source resource Region.
ResourceOwner (string) --
The source resource owner.
dict
Response Syntax
{
'IpamPool': {
'OwnerId': 'string',
'IpamPoolId': 'string',
'SourceIpamPoolId': 'string',
'IpamPoolArn': 'string',
'IpamScopeArn': 'string',
'IpamScopeType': 'public'|'private',
'IpamArn': 'string',
'IpamRegion': 'string',
'Locale': 'string',
'PoolDepth': 123,
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'StateMessage': 'string',
'Description': 'string',
'AutoImport': True|False,
'PubliclyAdvertisable': True|False,
'AddressFamily': 'ipv4'|'ipv6',
'AllocationMinNetmaskLength': 123,
'AllocationMaxNetmaskLength': 123,
'AllocationDefaultNetmaskLength': 123,
'AllocationResourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AwsService': 'ec2',
'PublicIpSource': 'amazon'|'byoip',
'SourceResource': {
'ResourceId': 'string',
'ResourceType': 'vpc',
'ResourceRegion': 'string',
'ResourceOwner': 'string'
}
}
}
Response Structure
(dict) --
IpamPool (dict) --
Information about the IPAM pool created.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM pool.
IpamPoolId (string) --
The ID of the IPAM pool.
SourceIpamPoolId (string) --
The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.
IpamPoolArn (string) --
The Amazon Resource Name (ARN) of the IPAM pool.
IpamScopeArn (string) --
The ARN of the scope of the IPAM pool.
IpamScopeType (string) --
In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.
IpamArn (string) --
The ARN of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM pool.
Locale (string) --
The locale of the IPAM pool. In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an Amazon Web Services Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.
PoolDepth (integer) --
The depth of pools in your IPAM pool. The pool depth quota is 10. For more information, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
State (string) --
The state of the IPAM pool.
StateMessage (string) --
The state message.
Description (string) --
The description of the IPAM pool.
AutoImport (boolean) --
If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.
A locale must be set on the pool for this feature to work.
PubliclyAdvertisable (boolean) --
Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4.
AddressFamily (string) --
The address family of the pool.
AllocationMinNetmaskLength (integer) --
The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationMaxNetmaskLength (integer) --
The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationDefaultNetmaskLength (integer) --
The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.
AllocationResourceTags (list) --
Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.
(dict) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
AwsService (string) --
Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
PublicIpSource (string) --
The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is BYOIP. For more information, see Create IPv6 pools in the Amazon VPC IPAM User Guide. By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.
SourceResource (dict) --
The resource used to provision CIDRs to a resource planning pool.
ResourceId (string) --
The source resource ID.
ResourceType (string) --
The source resource type.
ResourceRegion (string) --
The source resource Region.
ResourceOwner (string) --
The source resource owner.
{'LaunchTemplateData': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}
{'LaunchTemplateData': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}
Response {'LaunchTemplateVersion': {'LaunchTemplateData': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}}
{'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}
Response {'NetworkInterface': {'ConnectionTrackingConfiguration': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}
Creates a network interface in the specified subnet.
The number of IP addresses you can assign to a network interface varies by instance type. For more information, see IP Addresses Per ENI Per Instance Type in the Amazon Virtual Private Cloud User Guide.
For more information about network interfaces, see Elastic network interfaces in the Amazon Elastic Compute Cloud User Guide.
See also: AWS API Documentation
Request Syntax
client.create_network_interface(
Description='string',
DryRun=True|False,
Groups=[
'string',
],
Ipv6AddressCount=123,
Ipv6Addresses=[
{
'Ipv6Address': 'string',
'IsPrimaryIpv6': True|False
},
],
PrivateIpAddress='string',
PrivateIpAddresses=[
{
'Primary': True|False,
'PrivateIpAddress': 'string'
},
],
SecondaryPrivateIpAddressCount=123,
Ipv4Prefixes=[
{
'Ipv4Prefix': 'string'
},
],
Ipv4PrefixCount=123,
Ipv6Prefixes=[
{
'Ipv6Prefix': 'string'
},
],
Ipv6PrefixCount=123,
InterfaceType='efa'|'branch'|'trunk',
SubnetId='string',
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
ClientToken='string',
EnablePrimaryIpv6=True|False,
ConnectionTrackingSpecification={
'TcpEstablishedTimeout': 123,
'UdpStreamTimeout': 123,
'UdpTimeout': 123
}
)
string
A description for the network interface.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
The IDs of one or more security groups.
(string) --
integer
The number of IPv6 addresses to assign to a network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range.
You can't specify a count of IPv6 addresses using this parameter if you've specified one of the following: specific IPv6 addresses, specific IPv6 prefixes, or a count of IPv6 prefixes.
If your subnet has the AssignIpv6AddressOnCreation attribute set, you can override that setting by specifying 0 as the IPv6 address count.
list
The IPv6 addresses from the IPv6 CIDR block range of your subnet.
You can't specify IPv6 addresses using this parameter if you've specified one of the following: a count of IPv6 addresses, specific IPv6 prefixes, or a count of IPv6 prefixes.
(dict) --
Describes an IPv6 address.
Ipv6Address (string) --
The IPv6 address.
IsPrimaryIpv6 (boolean) --
Determines if an IPv6 address associated with a network interface is the primary IPv6 address. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information, see RunInstances.
string
The primary private IPv4 address of the network interface. If you don't specify an IPv4 address, Amazon EC2 selects one for you from the subnet's IPv4 CIDR range. If you specify an IP address, you cannot indicate any IP addresses specified in privateIpAddresses as primary (only one IP address can be designated as primary).
list
The private IPv4 addresses.
You can't specify private IPv4 addresses if you've specified one of the following: a count of private IPv4 addresses, specific IPv4 prefixes, or a count of IPv4 prefixes.
(dict) --
Describes a secondary private IPv4 address for a network interface.
Primary (boolean) --
Indicates whether the private IPv4 address is the primary private IPv4 address. Only one IPv4 address can be designated as primary.
PrivateIpAddress (string) --
The private IPv4 address.
integer
The number of secondary private IPv4 addresses to assign to a network interface. When you specify a number of secondary IPv4 addresses, Amazon EC2 selects these IP addresses within the subnet's IPv4 CIDR range. You can't specify this option and specify more than one private IP address using privateIpAddresses.
You can't specify a count of private IPv4 addresses if you've specified one of the following: specific private IPv4 addresses, specific IPv4 prefixes, or a count of IPv4 prefixes.
list
The IPv4 prefixes assigned to the network interface.
You can't specify IPv4 prefixes if you've specified one of the following: a count of IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.
(dict) --
Describes the IPv4 prefix option for a network interface.
Ipv4Prefix (string) --
The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
integer
The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface.
You can't specify a count of IPv4 prefixes if you've specified one of the following: specific IPv4 prefixes, specific private IPv4 addresses, or a count of private IPv4 addresses.
list
The IPv6 prefixes assigned to the network interface.
You can't specify IPv6 prefixes if you've specified one of the following: a count of IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.
(dict) --
Describes the IPv4 prefix option for a network interface.
Ipv6Prefix (string) --
The IPv6 prefix.
integer
The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface.
You can't specify a count of IPv6 prefixes if you've specified one of the following: specific IPv6 prefixes, specific IPv6 addresses, or a count of IPv6 addresses.
string
The type of network interface. The default is interface.
The only supported values are interface, efa, and trunk.
string
[REQUIRED]
The ID of the subnet to associate with the network interface.
list
The tags to apply to the new network interface.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency.
This field is autopopulated if not provided.
boolean
If you’re creating a network interface in a dual-stack or IPv6-only subnet, you have the option to assign a primary IPv6 IP address. A primary IPv6 address is an IPv6 GUA address associated with an ENI that you have enabled to use a primary IPv6 address. Use this option if the instance that this ENI will be attached to relies on its IPv6 address not changing. Amazon Web Services will automatically assign an IPv6 address associated with the ENI attached to your instance to be the primary IPv6 address. Once you enable an IPv6 GUA address to be a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with an ENI attached to your instance and you enable a primary IPv6 address, the first IPv6 GUA address associated with the ENI becomes the primary IPv6 address.
dict
A connection tracking specification for the network interface.
TcpEstablishedTimeout (integer) --
Timeout (in seconds) for idle TCP connections in an established state. Min: 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: Less than 432000 seconds.
UdpStreamTimeout (integer) --
Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
UdpTimeout (integer) --
Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds.
dict
Response Syntax
{
'NetworkInterface': {
'Association': {
'AllocationId': 'string',
'AssociationId': 'string',
'IpOwnerId': 'string',
'PublicDnsName': 'string',
'PublicIp': 'string',
'CustomerOwnedIp': 'string',
'CarrierIp': 'string'
},
'Attachment': {
'AttachTime': datetime(2015, 1, 1),
'AttachmentId': 'string',
'DeleteOnTermination': True|False,
'DeviceIndex': 123,
'NetworkCardIndex': 123,
'InstanceId': 'string',
'InstanceOwnerId': 'string',
'Status': 'attaching'|'attached'|'detaching'|'detached',
'EnaSrdSpecification': {
'EnaSrdEnabled': True|False,
'EnaSrdUdpSpecification': {
'EnaSrdUdpEnabled': True|False
}
}
},
'AvailabilityZone': 'string',
'ConnectionTrackingConfiguration': {
'TcpEstablishedTimeout': 123,
'UdpStreamTimeout': 123,
'UdpTimeout': 123
},
'Description': 'string',
'Groups': [
{
'GroupName': 'string',
'GroupId': 'string'
},
],
'InterfaceType': 'interface'|'natGateway'|'efa'|'trunk'|'load_balancer'|'network_load_balancer'|'vpc_endpoint'|'branch'|'transit_gateway'|'lambda'|'quicksight'|'global_accelerator_managed'|'api_gateway_managed'|'gateway_load_balancer'|'gateway_load_balancer_endpoint'|'iot_rules_managed'|'aws_codestar_connections_managed',
'Ipv6Addresses': [
{
'Ipv6Address': 'string',
'IsPrimaryIpv6': True|False
},
],
'MacAddress': 'string',
'NetworkInterfaceId': 'string',
'OutpostArn': 'string',
'OwnerId': 'string',
'PrivateDnsName': 'string',
'PrivateIpAddress': 'string',
'PrivateIpAddresses': [
{
'Association': {
'AllocationId': 'string',
'AssociationId': 'string',
'IpOwnerId': 'string',
'PublicDnsName': 'string',
'PublicIp': 'string',
'CustomerOwnedIp': 'string',
'CarrierIp': 'string'
},
'Primary': True|False,
'PrivateDnsName': 'string',
'PrivateIpAddress': 'string'
},
],
'Ipv4Prefixes': [
{
'Ipv4Prefix': 'string'
},
],
'Ipv6Prefixes': [
{
'Ipv6Prefix': 'string'
},
],
'RequesterId': 'string',
'RequesterManaged': True|False,
'SourceDestCheck': True|False,
'Status': 'available'|'associated'|'attaching'|'in-use'|'detaching',
'SubnetId': 'string',
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
],
'VpcId': 'string',
'DenyAllIgwTraffic': True|False,
'Ipv6Native': True|False,
'Ipv6Address': 'string'
},
'ClientToken': 'string'
}
Response Structure
(dict) --
NetworkInterface (dict) --
Information about the network interface.
Association (dict) --
The association information for an Elastic IP address (IPv4) associated with the network interface.
AllocationId (string) --
The allocation ID.
AssociationId (string) --
The association ID.
IpOwnerId (string) --
The ID of the Elastic IP address owner.
PublicDnsName (string) --
The public DNS name.
PublicIp (string) --
The address of the Elastic IP address bound to the network interface.
CustomerOwnedIp (string) --
The customer-owned IP address associated with the network interface.
CarrierIp (string) --
The carrier IP address associated with the network interface.
This option is only available when the network interface is in a subnet which is associated with a Wavelength Zone.
Attachment (dict) --
The network interface attachment.
AttachTime (datetime) --
The timestamp indicating when the attachment initiated.
AttachmentId (string) --
The ID of the network interface attachment.
DeleteOnTermination (boolean) --
Indicates whether the network interface is deleted when the instance is terminated.
DeviceIndex (integer) --
The device index of the network interface attachment on the instance.
NetworkCardIndex (integer) --
The index of the network card.
InstanceId (string) --
The ID of the instance.
InstanceOwnerId (string) --
The Amazon Web Services account ID of the owner of the instance.
Status (string) --
The attachment state.
EnaSrdSpecification (dict) --
Configures ENA Express for the network interface that this action attaches to the instance.
EnaSrdEnabled (boolean) --
Indicates whether ENA Express is enabled for the network interface.
EnaSrdUdpSpecification (dict) --
Configures ENA Express for UDP network traffic.
EnaSrdUdpEnabled (boolean) --
Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, you must first enable ENA Express.
AvailabilityZone (string) --
The Availability Zone.
ConnectionTrackingConfiguration (dict) --
A security group connection tracking configuration that enables you to set the timeout for connection tracking on an Elastic network interface. For more information, see Connection tracking timeouts in the Amazon Elastic Compute Cloud User Guide.
TcpEstablishedTimeout (integer) --
Timeout (in seconds) for idle TCP connections in an established state. Min: 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: Less than 432000 seconds.
UdpStreamTimeout (integer) --
Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
UdpTimeout (integer) --
Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds.
Description (string) --
A description.
Groups (list) --
Any security groups for the network interface.
(dict) --
Describes a security group.
GroupName (string) --
The name of the security group.
GroupId (string) --
The ID of the security group.
InterfaceType (string) --
The type of network interface.
Ipv6Addresses (list) --
The IPv6 addresses associated with the network interface.
(dict) --
Describes an IPv6 address associated with a network interface.
Ipv6Address (string) --
The IPv6 address.
IsPrimaryIpv6 (boolean) --
Determines if an IPv6 address associated with a network interface is the primary IPv6 address. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information, see ModifyNetworkInterfaceAttribute.
MacAddress (string) --
The MAC address.
NetworkInterfaceId (string) --
The ID of the network interface.
OutpostArn (string) --
The Amazon Resource Name (ARN) of the Outpost.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the network interface.
PrivateDnsName (string) --
The private DNS name.
PrivateIpAddress (string) --
The IPv4 address of the network interface within the subnet.
PrivateIpAddresses (list) --
The private IPv4 addresses associated with the network interface.
(dict) --
Describes the private IPv4 address of a network interface.
Association (dict) --
The association information for an Elastic IP address (IPv4) associated with the network interface.
AllocationId (string) --
The allocation ID.
AssociationId (string) --
The association ID.
IpOwnerId (string) --
The ID of the Elastic IP address owner.
PublicDnsName (string) --
The public DNS name.
PublicIp (string) --
The address of the Elastic IP address bound to the network interface.
CustomerOwnedIp (string) --
The customer-owned IP address associated with the network interface.
CarrierIp (string) --
The carrier IP address associated with the network interface.
This option is only available when the network interface is in a subnet which is associated with a Wavelength Zone.
Primary (boolean) --
Indicates whether this IPv4 address is the primary private IPv4 address of the network interface.
PrivateDnsName (string) --
The private DNS name.
PrivateIpAddress (string) --
The private IPv4 address.
Ipv4Prefixes (list) --
The IPv4 prefixes that are assigned to the network interface.
(dict) --
Describes an IPv4 prefix.
Ipv4Prefix (string) --
The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
Ipv6Prefixes (list) --
The IPv6 prefixes that are assigned to the network interface.
(dict) --
Describes the IPv6 prefix.
Ipv6Prefix (string) --
The IPv6 prefix.
RequesterId (string) --
The alias or Amazon Web Services account ID of the principal or service that created the network interface.
RequesterManaged (boolean) --
Indicates whether the network interface is being managed by Amazon Web Services.
SourceDestCheck (boolean) --
Indicates whether source/destination checking is enabled.
Status (string) --
The status of the network interface.
SubnetId (string) --
The ID of the subnet.
TagSet (list) --
Any tags assigned to the network interface.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
VpcId (string) --
The ID of the VPC.
DenyAllIgwTraffic (boolean) --
Indicates whether a network interface with an IPv6 address is unreachable from the public internet. If the value is true, inbound traffic from the internet is dropped and you cannot assign an elastic IP address to the network interface. The network interface is reachable from peered VPCs and resources connected through a transit gateway, including on-premises networks.
Ipv6Native (boolean) --
Indicates whether this is an IPv6 only network interface.
Ipv6Address (string) --
The IPv6 globally unique address associated with the network interface.
ClientToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
{'Ipv4IpamPoolId': 'string',
'Ipv4NetmaskLength': 'integer',
'Ipv6IpamPoolId': 'string',
'Ipv6NetmaskLength': 'integer'}
Creates a subnet in the specified VPC. For an IPv4 only subnet, specify an IPv4 CIDR block. If the VPC has an IPv6 CIDR block, you can create an IPv6 only subnet or a dual stack subnet instead. For an IPv6 only subnet, specify an IPv6 CIDR block. For a dual stack subnet, specify both an IPv4 CIDR block and an IPv6 CIDR block.
A subnet CIDR block must not overlap the CIDR block of an existing subnet in the VPC. After you create a subnet, you can't change its CIDR block.
The allowed size for an IPv4 subnet is between a /28 netmask (16 IP addresses) and a /16 netmask (65,536 IP addresses). Amazon Web Services reserves both the first four and the last IPv4 address in each subnet's CIDR block. They're not available for your use.
If you've associated an IPv6 CIDR block with your VPC, you can associate an IPv6 CIDR block with a subnet when you create it.
If you add more than one subnet to a VPC, they're set up in a star topology with a logical router in the middle.
When you stop an instance in a subnet, it retains its private IPv4 address. It's therefore possible to have a subnet with no running instances (they're all stopped), but no remaining IP addresses available.
For more information, see Subnets in the Amazon VPC User Guide.
See also: AWS API Documentation
Request Syntax
client.create_subnet(
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
AvailabilityZone='string',
AvailabilityZoneId='string',
CidrBlock='string',
Ipv6CidrBlock='string',
OutpostArn='string',
VpcId='string',
DryRun=True|False,
Ipv6Native=True|False,
Ipv4IpamPoolId='string',
Ipv4NetmaskLength=123,
Ipv6IpamPoolId='string',
Ipv6NetmaskLength=123
)
list
The tags to assign to the subnet.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
The Availability Zone or Local Zone for the subnet.
Default: Amazon Web Services selects one for you. If you create more than one subnet in your VPC, we do not necessarily select a different zone for each subnet.
To create a subnet in a Local Zone, set this value to the Local Zone ID, for example us-west-2-lax-1a. For information about the Regions that support Local Zones, see Local Zones locations.
To create a subnet in an Outpost, set this value to the Availability Zone for the Outpost and specify the Outpost ARN.
string
The AZ ID or the Local Zone ID of the subnet.
string
The IPv4 network range for the subnet, in CIDR notation. For example, 10.0.0.0/24. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
This parameter is not supported for an IPv6 only subnet.
string
The IPv6 network range for the subnet, in CIDR notation. This parameter is required for an IPv6 only subnet.
string
The Amazon Resource Name (ARN) of the Outpost. If you specify an Outpost ARN, you must also specify the Availability Zone of the Outpost subnet.
string
[REQUIRED]
The ID of the VPC.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
boolean
Indicates whether to create an IPv6 only subnet.
string
An IPv4 IPAM pool ID for the subnet.
integer
An IPv4 netmask length for the subnet.
string
An IPv6 IPAM pool ID for the subnet.
integer
An IPv6 netmask length for the subnet.
dict
Response Syntax
{
'Subnet': {
'AvailabilityZone': 'string',
'AvailabilityZoneId': 'string',
'AvailableIpAddressCount': 123,
'CidrBlock': 'string',
'DefaultForAz': True|False,
'EnableLniAtDeviceIndex': 123,
'MapPublicIpOnLaunch': True|False,
'MapCustomerOwnedIpOnLaunch': True|False,
'CustomerOwnedIpv4Pool': 'string',
'State': 'pending'|'available',
'SubnetId': 'string',
'VpcId': 'string',
'OwnerId': 'string',
'AssignIpv6AddressOnCreation': True|False,
'Ipv6CidrBlockAssociationSet': [
{
'AssociationId': 'string',
'Ipv6CidrBlock': 'string',
'Ipv6CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
}
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'SubnetArn': 'string',
'OutpostArn': 'string',
'EnableDns64': True|False,
'Ipv6Native': True|False,
'PrivateDnsNameOptionsOnLaunch': {
'HostnameType': 'ip-name'|'resource-name',
'EnableResourceNameDnsARecord': True|False,
'EnableResourceNameDnsAAAARecord': True|False
}
}
}
Response Structure
(dict) --
Subnet (dict) --
Information about the subnet.
AvailabilityZone (string) --
The Availability Zone of the subnet.
AvailabilityZoneId (string) --
The AZ ID of the subnet.
AvailableIpAddressCount (integer) --
The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any stopped instances are considered unavailable.
CidrBlock (string) --
The IPv4 CIDR block assigned to the subnet.
DefaultForAz (boolean) --
Indicates whether this is the default subnet for the Availability Zone.
EnableLniAtDeviceIndex (integer) --
Indicates the device position for local network interfaces in this subnet. For example, 1 indicates local network interfaces in this subnet are the secondary network interface (eth1).
MapPublicIpOnLaunch (boolean) --
Indicates whether instances launched in this subnet receive a public IPv4 address.
MapCustomerOwnedIpOnLaunch (boolean) --
Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives a customer-owned IPv4 address.
CustomerOwnedIpv4Pool (string) --
The customer-owned IPv4 address pool associated with the subnet.
State (string) --
The current state of the subnet.
SubnetId (string) --
The ID of the subnet.
VpcId (string) --
The ID of the VPC the subnet is in.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the subnet.
AssignIpv6AddressOnCreation (boolean) --
Indicates whether a network interface created in this subnet (including a network interface created by RunInstances) receives an IPv6 address.
Ipv6CidrBlockAssociationSet (list) --
Information about the IPv6 CIDR blocks associated with the subnet.
(dict) --
Describes an association between a subnet and an IPv6 CIDR block.
AssociationId (string) --
The ID of the association.
Ipv6CidrBlock (string) --
The IPv6 CIDR block.
Ipv6CidrBlockState (dict) --
The state of the CIDR block.
State (string) --
The state of a CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
Tags (list) --
Any tags assigned to the subnet.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
SubnetArn (string) --
The Amazon Resource Name (ARN) of the subnet.
OutpostArn (string) --
The Amazon Resource Name (ARN) of the Outpost.
EnableDns64 (boolean) --
Indicates whether DNS queries made to the Amazon-provided DNS Resolver in this subnet should return synthetic IPv6 addresses for IPv4-only destinations.
Ipv6Native (boolean) --
Indicates whether this is an IPv6 only subnet.
PrivateDnsNameOptionsOnLaunch (dict) --
The type of hostnames to assign to instances in the subnet at launch. An instance hostname is based on the IPv4 address or ID of the instance.
HostnameType (string) --
The type of hostname for EC2 instances. For IPv4 only subnets, an instance DNS name must be based on the instance IPv4 address. For IPv6 only subnets, an instance DNS name must be based on the instance ID. For dual-stack subnets, you can specify whether DNS names use the instance IPv4 address or the instance ID.
EnableResourceNameDnsARecord (boolean) --
Indicates whether to respond to DNS queries for instance hostnames with DNS A records.
EnableResourceNameDnsAAAARecord (boolean) --
Indicates whether to respond to DNS queries for instance hostname with DNS AAAA records.
{'Ipam': {'StateMessage': 'string', 'Tier': 'free | advanced'}}
Delete an IPAM. Deleting an IPAM removes all monitored data associated with the IPAM including the historical data for CIDRs.
For more information, see Delete an IPAM in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.delete_ipam(
DryRun=True|False,
IpamId='string',
Cascade=True|False
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM to delete.
boolean
Enables you to quickly delete an IPAM, private scopes, pools in private scopes, and any allocations in the pools in private scopes. You cannot delete the IPAM with this option if there is a pool in your public scope. If you use this option, IPAM does the following:
Deallocates any CIDRs allocated to VPC resources (such as VPCs) in pools in private scopes.
Deprovisions all IPv4 CIDRs provisioned to IPAM pools in private scopes.
Deletes all IPAM pools in private scopes.
Deletes all non-default private scopes in the IPAM.
Deletes the default public and private scopes and the IPAM.
dict
Response Syntax
{
'Ipam': {
'OwnerId': 'string',
'IpamId': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'PublicDefaultScopeId': 'string',
'PrivateDefaultScopeId': 'string',
'ScopeCount': 123,
'Description': 'string',
'OperatingRegions': [
{
'RegionName': 'string'
},
],
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'DefaultResourceDiscoveryId': 'string',
'DefaultResourceDiscoveryAssociationId': 'string',
'ResourceDiscoveryAssociationCount': 123,
'StateMessage': 'string',
'Tier': 'free'|'advanced'
}
}
Response Structure
(dict) --
Ipam (dict) --
Information about the results of the deletion.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM.
IpamId (string) --
The ID of the IPAM.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM.
PublicDefaultScopeId (string) --
The ID of the IPAM's default public scope.
PrivateDefaultScopeId (string) --
The ID of the IPAM's default private scope.
ScopeCount (integer) --
The number of scopes in the IPAM. The scope quota is 5. For more information on quotas, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
Description (string) --
The description for the IPAM.
OperatingRegions (list) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
(dict) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
RegionName (string) --
The name of the operating Region.
State (string) --
The state of the IPAM.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
DefaultResourceDiscoveryId (string) --
The IPAM's default resource discovery ID.
DefaultResourceDiscoveryAssociationId (string) --
The IPAM's default resource discovery association ID.
ResourceDiscoveryAssociationCount (integer) --
The IPAM's resource discovery association count.
StateMessage (string) --
The state message.
Tier (string) --
IPAM is offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.
{'Cascade': 'boolean'}
Response {'IpamPool': {'SourceResource': {'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceType': 'vpc'}}}
Delete an IPAM pool.
For more information, see Delete a pool in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.delete_ipam_pool(
DryRun=True|False,
IpamPoolId='string',
Cascade=True|False
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the pool to delete.
boolean
Enables you to quickly delete an IPAM pool and all resources within that pool, including provisioned CIDRs, allocations, and other pools.
dict
Response Syntax
{
'IpamPool': {
'OwnerId': 'string',
'IpamPoolId': 'string',
'SourceIpamPoolId': 'string',
'IpamPoolArn': 'string',
'IpamScopeArn': 'string',
'IpamScopeType': 'public'|'private',
'IpamArn': 'string',
'IpamRegion': 'string',
'Locale': 'string',
'PoolDepth': 123,
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'StateMessage': 'string',
'Description': 'string',
'AutoImport': True|False,
'PubliclyAdvertisable': True|False,
'AddressFamily': 'ipv4'|'ipv6',
'AllocationMinNetmaskLength': 123,
'AllocationMaxNetmaskLength': 123,
'AllocationDefaultNetmaskLength': 123,
'AllocationResourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AwsService': 'ec2',
'PublicIpSource': 'amazon'|'byoip',
'SourceResource': {
'ResourceId': 'string',
'ResourceType': 'vpc',
'ResourceRegion': 'string',
'ResourceOwner': 'string'
}
}
}
Response Structure
(dict) --
IpamPool (dict) --
Information about the results of the deletion.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM pool.
IpamPoolId (string) --
The ID of the IPAM pool.
SourceIpamPoolId (string) --
The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.
IpamPoolArn (string) --
The Amazon Resource Name (ARN) of the IPAM pool.
IpamScopeArn (string) --
The ARN of the scope of the IPAM pool.
IpamScopeType (string) --
In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.
IpamArn (string) --
The ARN of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM pool.
Locale (string) --
The locale of the IPAM pool. In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an Amazon Web Services Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.
PoolDepth (integer) --
The depth of pools in your IPAM pool. The pool depth quota is 10. For more information, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
State (string) --
The state of the IPAM pool.
StateMessage (string) --
The state message.
Description (string) --
The description of the IPAM pool.
AutoImport (boolean) --
If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.
A locale must be set on the pool for this feature to work.
PubliclyAdvertisable (boolean) --
Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4.
AddressFamily (string) --
The address family of the pool.
AllocationMinNetmaskLength (integer) --
The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationMaxNetmaskLength (integer) --
The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationDefaultNetmaskLength (integer) --
The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.
AllocationResourceTags (list) --
Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.
(dict) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
AwsService (string) --
Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
PublicIpSource (string) --
The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is BYOIP. For more information, see Create IPv6 pools in the Amazon VPC IPAM User Guide. By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.
SourceResource (dict) --
The resource used to provision CIDRs to a resource planning pool.
ResourceId (string) --
The source resource ID.
ResourceType (string) --
The source resource type.
ResourceRegion (string) --
The source resource Region.
ResourceOwner (string) --
The source resource owner.
{'ByoipCidr': {'AsnAssociations': [{'Asn': 'string',
'Cidr': 'string',
'State': 'disassociated | '
'failed-disassociation | '
'failed-association | '
'pending-disassociation | '
'pending-association | associated',
'StatusMessage': 'string'}]}}
Releases the specified address range that you provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and deletes the corresponding address pool.
Before you can release an address range, you must stop advertising it using WithdrawByoipCidr and you must not have any IP addresses allocated from its address range.
See also: AWS API Documentation
Request Syntax
client.deprovision_byoip_cidr(
Cidr='string',
DryRun=True|False
)
string
[REQUIRED]
The address range, in CIDR notation. The prefix must be the same prefix that you specified when you provisioned the address range.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
dict
Response Syntax
{
'ByoipCidr': {
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable'
}
}
Response Structure
(dict) --
ByoipCidr (dict) --
Information about the address range.
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address pool.
{'ByoipCidrs': {'AsnAssociations': [{'Asn': 'string',
'Cidr': 'string',
'State': 'disassociated | '
'failed-disassociation | '
'failed-association | '
'pending-disassociation | '
'pending-association | '
'associated',
'StatusMessage': 'string'}]}}
Describes the IP address ranges that were specified in calls to ProvisionByoipCidr.
To describe the address pools that were created when you provisioned the address ranges, use DescribePublicIpv4Pools or DescribeIpv6Pools.
See also: AWS API Documentation
Request Syntax
client.describe_byoip_cidrs(
DryRun=True|False,
MaxResults=123,
NextToken='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
integer
[REQUIRED]
The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
string
The token for the next page of results.
dict
Response Syntax
{
'ByoipCidrs': [
{
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
ByoipCidrs (list) --
Information about your address ranges.
(dict) --
Information about an address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address pool.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
{'Reservations': {'Instances': {'NetworkInterfaces': {'ConnectionTrackingConfiguration': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}}
{'IpamPools': {'SourceResource': {'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceType': 'vpc'}}}
Get information about your IPAM pools.
See also: AWS API Documentation
Request Syntax
client.describe_ipam_pools(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string',
IpamPoolIds=[
'string',
]
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
One or more filters for the request. For more information about filtering, see Filtering CLI output.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of results to return in the request.
string
The token for the next page of results.
list
The IDs of the IPAM pools you would like information on.
(string) --
dict
Response Syntax
{
'NextToken': 'string',
'IpamPools': [
{
'OwnerId': 'string',
'IpamPoolId': 'string',
'SourceIpamPoolId': 'string',
'IpamPoolArn': 'string',
'IpamScopeArn': 'string',
'IpamScopeType': 'public'|'private',
'IpamArn': 'string',
'IpamRegion': 'string',
'Locale': 'string',
'PoolDepth': 123,
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'StateMessage': 'string',
'Description': 'string',
'AutoImport': True|False,
'PubliclyAdvertisable': True|False,
'AddressFamily': 'ipv4'|'ipv6',
'AllocationMinNetmaskLength': 123,
'AllocationMaxNetmaskLength': 123,
'AllocationDefaultNetmaskLength': 123,
'AllocationResourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AwsService': 'ec2',
'PublicIpSource': 'amazon'|'byoip',
'SourceResource': {
'ResourceId': 'string',
'ResourceType': 'vpc',
'ResourceRegion': 'string',
'ResourceOwner': 'string'
}
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
IpamPools (list) --
Information about the IPAM pools.
(dict) --
In IPAM, a pool is a collection of contiguous IP addresses CIDRs. Pools enable you to organize your IP addresses according to your routing and security needs. For example, if you have separate routing and security needs for development and production applications, you can create a pool for each.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM pool.
IpamPoolId (string) --
The ID of the IPAM pool.
SourceIpamPoolId (string) --
The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.
IpamPoolArn (string) --
The Amazon Resource Name (ARN) of the IPAM pool.
IpamScopeArn (string) --
The ARN of the scope of the IPAM pool.
IpamScopeType (string) --
In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.
IpamArn (string) --
The ARN of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM pool.
Locale (string) --
The locale of the IPAM pool. In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an Amazon Web Services Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.
PoolDepth (integer) --
The depth of pools in your IPAM pool. The pool depth quota is 10. For more information, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
State (string) --
The state of the IPAM pool.
StateMessage (string) --
The state message.
Description (string) --
The description of the IPAM pool.
AutoImport (boolean) --
If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.
A locale must be set on the pool for this feature to work.
PubliclyAdvertisable (boolean) --
Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4.
AddressFamily (string) --
The address family of the pool.
AllocationMinNetmaskLength (integer) --
The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationMaxNetmaskLength (integer) --
The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationDefaultNetmaskLength (integer) --
The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.
AllocationResourceTags (list) --
Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.
(dict) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
AwsService (string) --
Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
PublicIpSource (string) --
The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is BYOIP. For more information, see Create IPv6 pools in the Amazon VPC IPAM User Guide. By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.
SourceResource (dict) --
The resource used to provision CIDRs to a resource planning pool.
ResourceId (string) --
The source resource ID.
ResourceType (string) --
The source resource type.
ResourceRegion (string) --
The source resource Region.
ResourceOwner (string) --
The source resource owner.
{'Ipams': {'StateMessage': 'string', 'Tier': 'free | advanced'}}
Get information about your IPAM pools.
For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.describe_ipams(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string',
IpamIds=[
'string',
]
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
One or more filters for the request. For more information about filtering, see Filtering CLI output.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of results to return in the request.
string
The token for the next page of results.
list
The IDs of the IPAMs you want information on.
(string) --
dict
Response Syntax
{
'NextToken': 'string',
'Ipams': [
{
'OwnerId': 'string',
'IpamId': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'PublicDefaultScopeId': 'string',
'PrivateDefaultScopeId': 'string',
'ScopeCount': 123,
'Description': 'string',
'OperatingRegions': [
{
'RegionName': 'string'
},
],
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'DefaultResourceDiscoveryId': 'string',
'DefaultResourceDiscoveryAssociationId': 'string',
'ResourceDiscoveryAssociationCount': 123,
'StateMessage': 'string',
'Tier': 'free'|'advanced'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Ipams (list) --
Information about the IPAMs.
(dict) --
IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM.
IpamId (string) --
The ID of the IPAM.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM.
PublicDefaultScopeId (string) --
The ID of the IPAM's default public scope.
PrivateDefaultScopeId (string) --
The ID of the IPAM's default private scope.
ScopeCount (integer) --
The number of scopes in the IPAM. The scope quota is 5. For more information on quotas, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
Description (string) --
The description for the IPAM.
OperatingRegions (list) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
(dict) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
RegionName (string) --
The name of the operating Region.
State (string) --
The state of the IPAM.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
DefaultResourceDiscoveryId (string) --
The IPAM's default resource discovery ID.
DefaultResourceDiscoveryAssociationId (string) --
The IPAM's default resource discovery association ID.
ResourceDiscoveryAssociationCount (integer) --
The IPAM's resource discovery association count.
StateMessage (string) --
The state message.
Tier (string) --
IPAM is offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.
{'LaunchTemplateVersions': {'LaunchTemplateData': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}}
{'NetworkInterfaces': {'ConnectionTrackingConfiguration': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}
Describes one or more of your network interfaces.
If you have a large number of network interfaces, the operation fails unless you use pagination or one of the following filters: group-id, mac-address, private-dns-name, private-ip-address, private-dns-name, subnet-id, or vpc-id.
See also: AWS API Documentation
Request Syntax
client.describe_network_interfaces(
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
DryRun=True|False,
NetworkInterfaceIds=[
'string',
],
NextToken='string',
MaxResults=123
)
list
One or more filters.
association.allocation-id - The allocation ID returned when you allocated the Elastic IP address (IPv4) for your network interface.
association.association-id - The association ID returned when the network interface was associated with an IPv4 address.
addresses.association.owner-id - The owner ID of the addresses associated with the network interface.
addresses.association.public-ip - The association ID returned when the network interface was associated with the Elastic IP address (IPv4).
addresses.primary - Whether the private IPv4 address is the primary IP address associated with the network interface.
addresses.private-ip-address - The private IPv4 addresses associated with the network interface.
association.ip-owner-id - The owner of the Elastic IP address (IPv4) associated with the network interface.
association.public-ip - The address of the Elastic IP address (IPv4) bound to the network interface.
association.public-dns-name - The public DNS name for the network interface (IPv4).
attachment.attach-time - The time that the network interface was attached to an instance.
attachment.attachment-id - The ID of the interface attachment.
attachment.delete-on-termination - Indicates whether the attachment is deleted when an instance is terminated.
attachment.device-index - The device index to which the network interface is attached.
attachment.instance-id - The ID of the instance to which the network interface is attached.
attachment.instance-owner-id - The owner ID of the instance to which the network interface is attached.
attachment.status - The status of the attachment ( attaching | attached | detaching | detached).
availability-zone - The Availability Zone of the network interface.
description - The description of the network interface.
group-id - The ID of a security group associated with the network interface.
ipv6-addresses.ipv6-address - An IPv6 address associated with the network interface.
interface-type - The type of network interface ( api_gateway_managed | aws_codestar_connections_managed | branch | ec2_instance_connect_endpoint | efa | efs | gateway_load_balancer | gateway_load_balancer_endpoint | global_accelerator_managed | interface | iot_rules_managed | lambda | load_balancer | nat_gateway | network_load_balancer | quicksight | transit_gateway | trunk | vpc_endpoint).
mac-address - The MAC address of the network interface.
network-interface-id - The ID of the network interface.
owner-id - The Amazon Web Services account ID of the network interface owner.
private-dns-name - The private DNS name of the network interface (IPv4).
private-ip-address - The private IPv4 address or addresses of the network interface.
requester-id - The alias or Amazon Web Services account ID of the principal or service that created the network interface.
requester-managed - Indicates whether the network interface is being managed by an Amazon Web Service (for example, Amazon Web Services Management Console, Auto Scaling, and so on).
source-dest-check - Indicates whether the network interface performs source/destination checking. A value of true means checking is enabled, and false means checking is disabled. The value must be false for the network interface to perform network address translation (NAT) in your VPC.
status - The status of the network interface. If the network interface is not attached to an instance, the status is available; if a network interface is attached to an instance the status is in-use.
subnet-id - The ID of the subnet for the network interface.
tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC for the network interface.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
The network interface IDs.
Default: Describes all your network interfaces.
(string) --
string
The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
integer
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. You cannot specify this parameter and the network interface IDs parameter in the same request. For more information, see Pagination.
dict
Response Syntax
{
'NetworkInterfaces': [
{
'Association': {
'AllocationId': 'string',
'AssociationId': 'string',
'IpOwnerId': 'string',
'PublicDnsName': 'string',
'PublicIp': 'string',
'CustomerOwnedIp': 'string',
'CarrierIp': 'string'
},
'Attachment': {
'AttachTime': datetime(2015, 1, 1),
'AttachmentId': 'string',
'DeleteOnTermination': True|False,
'DeviceIndex': 123,
'NetworkCardIndex': 123,
'InstanceId': 'string',
'InstanceOwnerId': 'string',
'Status': 'attaching'|'attached'|'detaching'|'detached',
'EnaSrdSpecification': {
'EnaSrdEnabled': True|False,
'EnaSrdUdpSpecification': {
'EnaSrdUdpEnabled': True|False
}
}
},
'AvailabilityZone': 'string',
'ConnectionTrackingConfiguration': {
'TcpEstablishedTimeout': 123,
'UdpStreamTimeout': 123,
'UdpTimeout': 123
},
'Description': 'string',
'Groups': [
{
'GroupName': 'string',
'GroupId': 'string'
},
],
'InterfaceType': 'interface'|'natGateway'|'efa'|'trunk'|'load_balancer'|'network_load_balancer'|'vpc_endpoint'|'branch'|'transit_gateway'|'lambda'|'quicksight'|'global_accelerator_managed'|'api_gateway_managed'|'gateway_load_balancer'|'gateway_load_balancer_endpoint'|'iot_rules_managed'|'aws_codestar_connections_managed',
'Ipv6Addresses': [
{
'Ipv6Address': 'string',
'IsPrimaryIpv6': True|False
},
],
'MacAddress': 'string',
'NetworkInterfaceId': 'string',
'OutpostArn': 'string',
'OwnerId': 'string',
'PrivateDnsName': 'string',
'PrivateIpAddress': 'string',
'PrivateIpAddresses': [
{
'Association': {
'AllocationId': 'string',
'AssociationId': 'string',
'IpOwnerId': 'string',
'PublicDnsName': 'string',
'PublicIp': 'string',
'CustomerOwnedIp': 'string',
'CarrierIp': 'string'
},
'Primary': True|False,
'PrivateDnsName': 'string',
'PrivateIpAddress': 'string'
},
],
'Ipv4Prefixes': [
{
'Ipv4Prefix': 'string'
},
],
'Ipv6Prefixes': [
{
'Ipv6Prefix': 'string'
},
],
'RequesterId': 'string',
'RequesterManaged': True|False,
'SourceDestCheck': True|False,
'Status': 'available'|'associated'|'attaching'|'in-use'|'detaching',
'SubnetId': 'string',
'TagSet': [
{
'Key': 'string',
'Value': 'string'
},
],
'VpcId': 'string',
'DenyAllIgwTraffic': True|False,
'Ipv6Native': True|False,
'Ipv6Address': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
NetworkInterfaces (list) --
Information about one or more network interfaces.
(dict) --
Describes a network interface.
Association (dict) --
The association information for an Elastic IP address (IPv4) associated with the network interface.
AllocationId (string) --
The allocation ID.
AssociationId (string) --
The association ID.
IpOwnerId (string) --
The ID of the Elastic IP address owner.
PublicDnsName (string) --
The public DNS name.
PublicIp (string) --
The address of the Elastic IP address bound to the network interface.
CustomerOwnedIp (string) --
The customer-owned IP address associated with the network interface.
CarrierIp (string) --
The carrier IP address associated with the network interface.
This option is only available when the network interface is in a subnet which is associated with a Wavelength Zone.
Attachment (dict) --
The network interface attachment.
AttachTime (datetime) --
The timestamp indicating when the attachment initiated.
AttachmentId (string) --
The ID of the network interface attachment.
DeleteOnTermination (boolean) --
Indicates whether the network interface is deleted when the instance is terminated.
DeviceIndex (integer) --
The device index of the network interface attachment on the instance.
NetworkCardIndex (integer) --
The index of the network card.
InstanceId (string) --
The ID of the instance.
InstanceOwnerId (string) --
The Amazon Web Services account ID of the owner of the instance.
Status (string) --
The attachment state.
EnaSrdSpecification (dict) --
Configures ENA Express for the network interface that this action attaches to the instance.
EnaSrdEnabled (boolean) --
Indicates whether ENA Express is enabled for the network interface.
EnaSrdUdpSpecification (dict) --
Configures ENA Express for UDP network traffic.
EnaSrdUdpEnabled (boolean) --
Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, you must first enable ENA Express.
AvailabilityZone (string) --
The Availability Zone.
ConnectionTrackingConfiguration (dict) --
A security group connection tracking configuration that enables you to set the timeout for connection tracking on an Elastic network interface. For more information, see Connection tracking timeouts in the Amazon Elastic Compute Cloud User Guide.
TcpEstablishedTimeout (integer) --
Timeout (in seconds) for idle TCP connections in an established state. Min: 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: Less than 432000 seconds.
UdpStreamTimeout (integer) --
Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
UdpTimeout (integer) --
Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds.
Description (string) --
A description.
Groups (list) --
Any security groups for the network interface.
(dict) --
Describes a security group.
GroupName (string) --
The name of the security group.
GroupId (string) --
The ID of the security group.
InterfaceType (string) --
The type of network interface.
Ipv6Addresses (list) --
The IPv6 addresses associated with the network interface.
(dict) --
Describes an IPv6 address associated with a network interface.
Ipv6Address (string) --
The IPv6 address.
IsPrimaryIpv6 (boolean) --
Determines if an IPv6 address associated with a network interface is the primary IPv6 address. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. For more information, see ModifyNetworkInterfaceAttribute.
MacAddress (string) --
The MAC address.
NetworkInterfaceId (string) --
The ID of the network interface.
OutpostArn (string) --
The Amazon Resource Name (ARN) of the Outpost.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the network interface.
PrivateDnsName (string) --
The private DNS name.
PrivateIpAddress (string) --
The IPv4 address of the network interface within the subnet.
PrivateIpAddresses (list) --
The private IPv4 addresses associated with the network interface.
(dict) --
Describes the private IPv4 address of a network interface.
Association (dict) --
The association information for an Elastic IP address (IPv4) associated with the network interface.
AllocationId (string) --
The allocation ID.
AssociationId (string) --
The association ID.
IpOwnerId (string) --
The ID of the Elastic IP address owner.
PublicDnsName (string) --
The public DNS name.
PublicIp (string) --
The address of the Elastic IP address bound to the network interface.
CustomerOwnedIp (string) --
The customer-owned IP address associated with the network interface.
CarrierIp (string) --
The carrier IP address associated with the network interface.
This option is only available when the network interface is in a subnet which is associated with a Wavelength Zone.
Primary (boolean) --
Indicates whether this IPv4 address is the primary private IPv4 address of the network interface.
PrivateDnsName (string) --
The private DNS name.
PrivateIpAddress (string) --
The private IPv4 address.
Ipv4Prefixes (list) --
The IPv4 prefixes that are assigned to the network interface.
(dict) --
Describes an IPv4 prefix.
Ipv4Prefix (string) --
The IPv4 prefix. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide.
Ipv6Prefixes (list) --
The IPv6 prefixes that are assigned to the network interface.
(dict) --
Describes the IPv6 prefix.
Ipv6Prefix (string) --
The IPv6 prefix.
RequesterId (string) --
The alias or Amazon Web Services account ID of the principal or service that created the network interface.
RequesterManaged (boolean) --
Indicates whether the network interface is being managed by Amazon Web Services.
SourceDestCheck (boolean) --
Indicates whether source/destination checking is enabled.
Status (string) --
The status of the network interface.
SubnetId (string) --
The ID of the subnet.
TagSet (list) --
Any tags assigned to the network interface.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
VpcId (string) --
The ID of the VPC.
DenyAllIgwTraffic (boolean) --
Indicates whether a network interface with an IPv6 address is unreachable from the public internet. If the value is true, inbound traffic from the internet is dropped and you cannot assign an elastic IP address to the network interface. The network interface is reachable from peered VPCs and resources connected through a transit gateway, including on-premises networks.
Ipv6Native (boolean) --
Indicates whether this is an IPv6 only network interface.
Ipv6Address (string) --
The IPv6 globally unique address associated with the network interface.
NextToken (string) --
The token to include in another request to get the next page of items. This value is null when there are no more items to return.
{'SpotFleetRequestConfigs': {'SpotFleetRequestConfig': {'LaunchSpecifications': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}}}
{'SpotInstanceRequests': {'LaunchSpecification': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}}
{'IpamDiscoveredResourceCidrs': {'ResourceType': {'eni'}}}
Returns the resource CIDRs that are monitored as part of a resource discovery. A discovered resource is a resource CIDR monitored under a resource discovery. The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses.
See also: AWS API Documentation
Request Syntax
client.get_ipam_discovered_resource_cidrs(
DryRun=True|False,
IpamResourceDiscoveryId='string',
ResourceRegion='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
A resource discovery ID.
string
[REQUIRED]
A resource Region.
list
Filters.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
string
Specify the pagination token from a previous request to retrieve the next page of results.
integer
The maximum number of discovered resource CIDRs to return in one page of results.
dict
Response Syntax
{
'IpamDiscoveredResourceCidrs': [
{
'IpamResourceDiscoveryId': 'string',
'ResourceRegion': 'string',
'ResourceId': 'string',
'ResourceOwnerId': 'string',
'ResourceCidr': 'string',
'ResourceType': 'vpc'|'subnet'|'eip'|'public-ipv4-pool'|'ipv6-pool'|'eni',
'ResourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'IpUsage': 123.0,
'VpcId': 'string',
'SampleTime': datetime(2015, 1, 1)
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
IpamDiscoveredResourceCidrs (list) --
Discovered resource CIDRs.
(dict) --
An IPAM discovered resource CIDR. A discovered resource is a resource CIDR monitored under a resource discovery. The following resources can be discovered: VPCs, Public IPv4 pools, VPC subnets, and Elastic IP addresses. The discovered resource CIDR is the IP address range in CIDR notation that is associated with the resource.
IpamResourceDiscoveryId (string) --
The resource discovery ID.
ResourceRegion (string) --
The resource Region.
ResourceId (string) --
The resource ID.
ResourceOwnerId (string) --
The resource owner ID.
ResourceCidr (string) --
The resource CIDR.
ResourceType (string) --
The resource type.
ResourceTags (list) --
The resource tags.
(dict) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
IpUsage (float) --
The percentage of IP address space in use. To convert the decimal to a percentage, multiply the decimal by 100. Note the following:
For resources that are VPCs, this is the percentage of IP address space in the VPC that's taken up by subnet CIDRs.
For resources that are subnets, if the subnet has an IPv4 CIDR provisioned to it, this is the percentage of IPv4 address space in the subnet that's in use. If the subnet has an IPv6 CIDR provisioned to it, the percentage of IPv6 address space in use is not represented. The percentage of IPv6 address space in use cannot currently be calculated.
For resources that are public IPv4 pools, this is the percentage of IP address space in the pool that's been allocated to Elastic IP addresses (EIPs).
VpcId (string) --
The VPC ID.
SampleTime (datetime) --
The last successful resource discovery time.
NextToken (string) --
Specify the pagination token from a previous request to retrieve the next page of results.
{'IpamPoolAllocations': {'ResourceType': {'subnet'}}}
Get a list of all the CIDR allocations in an IPAM pool. The Region you use should be the IPAM pool locale. The locale is the Amazon Web Services Region where this IPAM pool is available for allocations.
See also: AWS API Documentation
Request Syntax
client.get_ipam_pool_allocations(
DryRun=True|False,
IpamPoolId='string',
IpamPoolAllocationId='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM pool you want to see the allocations for.
string
The ID of the allocation.
list
One or more filters for the request. For more information about filtering, see Filtering CLI output.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of results you would like returned per page.
string
The token for the next page of results.
dict
Response Syntax
{
'IpamPoolAllocations': [
{
'Cidr': 'string',
'IpamPoolAllocationId': 'string',
'Description': 'string',
'ResourceId': 'string',
'ResourceType': 'ipam-pool'|'vpc'|'ec2-public-ipv4-pool'|'custom'|'subnet',
'ResourceRegion': 'string',
'ResourceOwner': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
IpamPoolAllocations (list) --
The IPAM pool allocations you want information on.
(dict) --
In IPAM, an allocation is a CIDR assignment from an IPAM pool to another IPAM pool or to a resource.
Cidr (string) --
The CIDR for the allocation. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is 10.24.34.0/23. An IPv6 CIDR example is 2001:DB8::/32.
IpamPoolAllocationId (string) --
The ID of an allocation.
Description (string) --
A description of the pool allocation.
ResourceId (string) --
The ID of the resource.
ResourceType (string) --
The type of the resource.
ResourceRegion (string) --
The Amazon Web Services Region of the resource.
ResourceOwner (string) --
The owner of the resource.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
{'ResourceType': {'eni'}}
Response {'IpamResourceCidrs': {'ResourceType': {'eni'}}}
Returns resource CIDRs managed by IPAM in a given scope. If an IPAM is associated with more than one resource discovery, the resource CIDRs across all of the resource discoveries is returned. A resource discovery is an IPAM component that enables IPAM to manage and monitor resources that belong to the owning account.
See also: AWS API Documentation
Request Syntax
client.get_ipam_resource_cidrs(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string',
IpamScopeId='string',
IpamPoolId='string',
ResourceId='string',
ResourceType='vpc'|'subnet'|'eip'|'public-ipv4-pool'|'ipv6-pool'|'eni',
ResourceTag={
'Key': 'string',
'Value': 'string'
},
ResourceOwner='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
One or more filters for the request. For more information about filtering, see Filtering CLI output.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of results to return in the request.
string
The token for the next page of results.
string
[REQUIRED]
The ID of the scope that the resource is in.
string
The ID of the IPAM pool that the resource is in.
string
The ID of the resource.
string
The resource type.
dict
The resource tag.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value for the tag.
string
The ID of the Amazon Web Services account that owns the resource.
dict
Response Syntax
{
'NextToken': 'string',
'IpamResourceCidrs': [
{
'IpamId': 'string',
'IpamScopeId': 'string',
'IpamPoolId': 'string',
'ResourceRegion': 'string',
'ResourceOwnerId': 'string',
'ResourceId': 'string',
'ResourceName': 'string',
'ResourceCidr': 'string',
'ResourceType': 'vpc'|'subnet'|'eip'|'public-ipv4-pool'|'ipv6-pool'|'eni',
'ResourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'IpUsage': 123.0,
'ComplianceStatus': 'compliant'|'noncompliant'|'unmanaged'|'ignored',
'ManagementState': 'managed'|'unmanaged'|'ignored',
'OverlapStatus': 'overlapping'|'nonoverlapping'|'ignored',
'VpcId': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
IpamResourceCidrs (list) --
The resource CIDRs.
(dict) --
The CIDR for an IPAM resource.
IpamId (string) --
The IPAM ID for an IPAM resource.
IpamScopeId (string) --
The scope ID for an IPAM resource.
IpamPoolId (string) --
The pool ID for an IPAM resource.
ResourceRegion (string) --
The Amazon Web Services Region for an IPAM resource.
ResourceOwnerId (string) --
The Amazon Web Services account number of the owner of an IPAM resource.
ResourceId (string) --
The ID of an IPAM resource.
ResourceName (string) --
The name of an IPAM resource.
ResourceCidr (string) --
The CIDR for an IPAM resource.
ResourceType (string) --
The type of IPAM resource.
ResourceTags (list) --
The tags for an IPAM resource.
(dict) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
IpUsage (float) --
The percentage of IP address space in use. To convert the decimal to a percentage, multiply the decimal by 100. Note the following:
For resources that are VPCs, this is the percentage of IP address space in the VPC that's taken up by subnet CIDRs.
For resources that are subnets, if the subnet has an IPv4 CIDR provisioned to it, this is the percentage of IPv4 address space in the subnet that's in use. If the subnet has an IPv6 CIDR provisioned to it, the percentage of IPv6 address space in use is not represented. The percentage of IPv6 address space in use cannot currently be calculated.
For resources that are public IPv4 pools, this is the percentage of IP address space in the pool that's been allocated to Elastic IP addresses (EIPs).
ComplianceStatus (string) --
The compliance status of the IPAM resource. For more information on compliance statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.
ManagementState (string) --
The management state of the resource. For more information about management states, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.
OverlapStatus (string) --
The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.
VpcId (string) --
The ID of a VPC.
{'LaunchTemplateData': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}
{'Tier': 'free | advanced'}
Response {'Ipam': {'StateMessage': 'string', 'Tier': 'free | advanced'}}
Modify the configurations of an IPAM.
See also: AWS API Documentation
Request Syntax
client.modify_ipam(
DryRun=True|False,
IpamId='string',
Description='string',
AddOperatingRegions=[
{
'RegionName': 'string'
},
],
RemoveOperatingRegions=[
{
'RegionName': 'string'
},
],
Tier='free'|'advanced'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM you want to modify.
string
The description of the IPAM you want to modify.
list
Choose the operating Regions for the IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
(dict) --
Add an operating Region to an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
RegionName (string) --
The name of the operating Region.
list
The operating Regions to remove.
(dict) --
Remove an operating Region from an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide
RegionName (string) --
The name of the operating Region you want to remove.
string
IPAM is offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.
dict
Response Syntax
{
'Ipam': {
'OwnerId': 'string',
'IpamId': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'PublicDefaultScopeId': 'string',
'PrivateDefaultScopeId': 'string',
'ScopeCount': 123,
'Description': 'string',
'OperatingRegions': [
{
'RegionName': 'string'
},
],
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'DefaultResourceDiscoveryId': 'string',
'DefaultResourceDiscoveryAssociationId': 'string',
'ResourceDiscoveryAssociationCount': 123,
'StateMessage': 'string',
'Tier': 'free'|'advanced'
}
}
Response Structure
(dict) --
Ipam (dict) --
The results of the modification.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM.
IpamId (string) --
The ID of the IPAM.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM.
PublicDefaultScopeId (string) --
The ID of the IPAM's default public scope.
PrivateDefaultScopeId (string) --
The ID of the IPAM's default private scope.
ScopeCount (integer) --
The number of scopes in the IPAM. The scope quota is 5. For more information on quotas, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
Description (string) --
The description for the IPAM.
OperatingRegions (list) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
(dict) --
The operating Regions for an IPAM. Operating Regions are Amazon Web Services Regions where the IPAM is allowed to manage IP address CIDRs. IPAM only discovers and monitors resources in the Amazon Web Services Regions you select as operating Regions.
For more information about operating Regions, see Create an IPAM in the Amazon VPC IPAM User Guide.
RegionName (string) --
The name of the operating Region.
State (string) --
The state of the IPAM.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
DefaultResourceDiscoveryId (string) --
The IPAM's default resource discovery ID.
DefaultResourceDiscoveryAssociationId (string) --
The IPAM's default resource discovery association ID.
ResourceDiscoveryAssociationCount (integer) --
The IPAM's resource discovery association count.
StateMessage (string) --
The state message.
Tier (string) --
IPAM is offered in a Free Tier and an Advanced Tier. For more information about the features available in each tier and the costs associated with the tiers, see Amazon VPC pricing > IPAM tab.
{'IpamPool': {'SourceResource': {'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceType': 'vpc'}}}
Modify the configurations of an IPAM pool.
For more information, see Modify a pool in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.modify_ipam_pool(
DryRun=True|False,
IpamPoolId='string',
Description='string',
AutoImport=True|False,
AllocationMinNetmaskLength=123,
AllocationMaxNetmaskLength=123,
AllocationDefaultNetmaskLength=123,
ClearAllocationDefaultNetmaskLength=True|False,
AddAllocationResourceTags=[
{
'Key': 'string',
'Value': 'string'
},
],
RemoveAllocationResourceTags=[
{
'Key': 'string',
'Value': 'string'
},
]
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM pool you want to modify.
string
The description of the IPAM pool you want to modify.
boolean
If true, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.
A locale must be set on the pool for this feature to work.
integer
The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128. The minimum netmask length must be less than the maximum netmask length.
integer
The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.The maximum netmask length must be greater than the minimum netmask length.
integer
The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.
boolean
Clear the default netmask length allocation rule for this pool.
list
Add tag allocation rules to a pool. For more information about allocation rules, see Create a top-level pool in the Amazon VPC IPAM User Guide.
(dict) --
A tag on an IPAM resource.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value for the tag.
list
Remove tag allocation rules from a pool.
(dict) --
A tag on an IPAM resource.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value for the tag.
dict
Response Syntax
{
'IpamPool': {
'OwnerId': 'string',
'IpamPoolId': 'string',
'SourceIpamPoolId': 'string',
'IpamPoolArn': 'string',
'IpamScopeArn': 'string',
'IpamScopeType': 'public'|'private',
'IpamArn': 'string',
'IpamRegion': 'string',
'Locale': 'string',
'PoolDepth': 123,
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'StateMessage': 'string',
'Description': 'string',
'AutoImport': True|False,
'PubliclyAdvertisable': True|False,
'AddressFamily': 'ipv4'|'ipv6',
'AllocationMinNetmaskLength': 123,
'AllocationMaxNetmaskLength': 123,
'AllocationDefaultNetmaskLength': 123,
'AllocationResourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'AwsService': 'ec2',
'PublicIpSource': 'amazon'|'byoip',
'SourceResource': {
'ResourceId': 'string',
'ResourceType': 'vpc',
'ResourceRegion': 'string',
'ResourceOwner': 'string'
}
}
}
Response Structure
(dict) --
IpamPool (dict) --
The results of the modification.
OwnerId (string) --
The Amazon Web Services account ID of the owner of the IPAM pool.
IpamPoolId (string) --
The ID of the IPAM pool.
SourceIpamPoolId (string) --
The ID of the source IPAM pool. You can use this option to create an IPAM pool within an existing source pool.
IpamPoolArn (string) --
The Amazon Resource Name (ARN) of the IPAM pool.
IpamScopeArn (string) --
The ARN of the scope of the IPAM pool.
IpamScopeType (string) --
In IPAM, a scope is the highest-level container within IPAM. An IPAM contains two default scopes. Each scope represents the IP space for a single network. The private scope is intended for all private IP address space. The public scope is intended for all public IP address space. Scopes enable you to reuse IP addresses across multiple unconnected networks without causing IP address overlap or conflict.
IpamArn (string) --
The ARN of the IPAM.
IpamRegion (string) --
The Amazon Web Services Region of the IPAM pool.
Locale (string) --
The locale of the IPAM pool. In IPAM, the locale is the Amazon Web Services Region where you want to make an IPAM pool available for allocations. Only resources in the same Region as the locale of the pool can get IP address allocations from the pool. You can only allocate a CIDR for a VPC, for example, from an IPAM pool that shares a locale with the VPC’s Region. Note that once you choose a Locale for a pool, you cannot modify it. If you choose an Amazon Web Services Region for locale that has not been configured as an operating Region for the IPAM, you'll get an error.
PoolDepth (integer) --
The depth of pools in your IPAM pool. The pool depth quota is 10. For more information, see Quotas in IPAM in the Amazon VPC IPAM User Guide.
State (string) --
The state of the IPAM pool.
StateMessage (string) --
The state message.
Description (string) --
The description of the IPAM pool.
AutoImport (boolean) --
If selected, IPAM will continuously look for resources within the CIDR range of this pool and automatically import them as allocations into your IPAM. The CIDRs that will be allocated for these resources must not already be allocated to other resources in order for the import to succeed. IPAM will import a CIDR regardless of its compliance with the pool's allocation rules, so a resource might be imported and subsequently marked as noncompliant. If IPAM discovers multiple CIDRs that overlap, IPAM will import the largest CIDR only. If IPAM discovers multiple CIDRs with matching CIDRs, IPAM will randomly import one of them only.
A locale must be set on the pool for this feature to work.
PubliclyAdvertisable (boolean) --
Determines if a pool is publicly advertisable. This option is not available for pools with AddressFamily set to ipv4.
AddressFamily (string) --
The address family of the pool.
AllocationMinNetmaskLength (integer) --
The minimum netmask length required for CIDR allocations in this IPAM pool to be compliant. The minimum netmask length must be less than the maximum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationMaxNetmaskLength (integer) --
The maximum netmask length possible for CIDR allocations in this IPAM pool to be compliant. The maximum netmask length must be greater than the minimum netmask length. Possible netmask lengths for IPv4 addresses are 0 - 32. Possible netmask lengths for IPv6 addresses are 0 - 128.
AllocationDefaultNetmaskLength (integer) --
The default netmask length for allocations added to this pool. If, for example, the CIDR assigned to this pool is 10.0.0.0/8 and you enter 16 here, new allocations will default to 10.0.0.0/16.
AllocationResourceTags (list) --
Tags that are required for resources that use CIDRs from this IPAM pool. Resources that do not have these tags will not be allowed to allocate space from the pool. If the resources have their tags changed after they have allocated space or if the allocation tagging requirements are changed on the pool, the resource may be marked as noncompliant.
(dict) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
Tags (list) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
AwsService (string) --
Limits which service in Amazon Web Services that the pool can be used in. "ec2", for example, allows users to use space for Elastic IP addresses and VPCs.
PublicIpSource (string) --
The IP address source for pools in the public scope. Only used for provisioning IP address CIDRs to pools in the public scope. Default is BYOIP. For more information, see Create IPv6 pools in the Amazon VPC IPAM User Guide. By default, you can add only one Amazon-provided IPv6 CIDR block to a top-level IPv6 pool. For information on increasing the default limit, see Quotas for your IPAM in the Amazon VPC IPAM User Guide.
SourceResource (dict) --
The resource used to provision CIDRs to a resource planning pool.
ResourceId (string) --
The source resource ID.
ResourceType (string) --
The source resource type.
ResourceRegion (string) --
The source resource Region.
ResourceOwner (string) --
The source resource owner.
{'IpamResourceCidr': {'ResourceType': {'eni'}}}
Modify a resource CIDR. You can use this action to transfer resource CIDRs between scopes and ignore resource CIDRs that you do not want to manage. If set to false, the resource will not be tracked for overlap, it cannot be auto-imported into a pool, and it will be removed from any pool it has an allocation in.
For more information, see Move resource CIDRs between scopes and Change the monitoring state of resource CIDRs in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.modify_ipam_resource_cidr(
DryRun=True|False,
ResourceId='string',
ResourceCidr='string',
ResourceRegion='string',
CurrentIpamScopeId='string',
DestinationIpamScopeId='string',
Monitored=True|False
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the resource you want to modify.
string
[REQUIRED]
The CIDR of the resource you want to modify.
string
[REQUIRED]
The Amazon Web Services Region of the resource you want to modify.
string
[REQUIRED]
The ID of the current scope that the resource CIDR is in.
string
The ID of the scope you want to transfer the resource CIDR to.
boolean
[REQUIRED]
Determines if the resource is monitored by IPAM. If a resource is monitored, the resource is discovered by IPAM and you can view details about the resource’s CIDR.
dict
Response Syntax
{
'IpamResourceCidr': {
'IpamId': 'string',
'IpamScopeId': 'string',
'IpamPoolId': 'string',
'ResourceRegion': 'string',
'ResourceOwnerId': 'string',
'ResourceId': 'string',
'ResourceName': 'string',
'ResourceCidr': 'string',
'ResourceType': 'vpc'|'subnet'|'eip'|'public-ipv4-pool'|'ipv6-pool'|'eni',
'ResourceTags': [
{
'Key': 'string',
'Value': 'string'
},
],
'IpUsage': 123.0,
'ComplianceStatus': 'compliant'|'noncompliant'|'unmanaged'|'ignored',
'ManagementState': 'managed'|'unmanaged'|'ignored',
'OverlapStatus': 'overlapping'|'nonoverlapping'|'ignored',
'VpcId': 'string'
}
}
Response Structure
(dict) --
IpamResourceCidr (dict) --
The CIDR of the resource.
IpamId (string) --
The IPAM ID for an IPAM resource.
IpamScopeId (string) --
The scope ID for an IPAM resource.
IpamPoolId (string) --
The pool ID for an IPAM resource.
ResourceRegion (string) --
The Amazon Web Services Region for an IPAM resource.
ResourceOwnerId (string) --
The Amazon Web Services account number of the owner of an IPAM resource.
ResourceId (string) --
The ID of an IPAM resource.
ResourceName (string) --
The name of an IPAM resource.
ResourceCidr (string) --
The CIDR for an IPAM resource.
ResourceType (string) --
The type of IPAM resource.
ResourceTags (list) --
The tags for an IPAM resource.
(dict) --
The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
IpUsage (float) --
The percentage of IP address space in use. To convert the decimal to a percentage, multiply the decimal by 100. Note the following:
For resources that are VPCs, this is the percentage of IP address space in the VPC that's taken up by subnet CIDRs.
For resources that are subnets, if the subnet has an IPv4 CIDR provisioned to it, this is the percentage of IPv4 address space in the subnet that's in use. If the subnet has an IPv6 CIDR provisioned to it, the percentage of IPv6 address space in use is not represented. The percentage of IPv6 address space in use cannot currently be calculated.
For resources that are public IPv4 pools, this is the percentage of IP address space in the pool that's been allocated to Elastic IP addresses (EIPs).
ComplianceStatus (string) --
The compliance status of the IPAM resource. For more information on compliance statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.
ManagementState (string) --
The management state of the resource. For more information about management states, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.
OverlapStatus (string) --
The overlap status of an IPAM resource. The overlap status tells you if the CIDR for a resource overlaps with another CIDR in the scope. For more information on overlap statuses, see Monitor CIDR usage by resource in the Amazon VPC IPAM User Guide.
VpcId (string) --
The ID of a VPC.
{'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}
Modifies the specified network interface attribute. You can specify only one attribute at a time. You can use this action to attach and detach security groups from an existing EC2 instance.
See also: AWS API Documentation
Request Syntax
client.modify_network_interface_attribute(
Attachment={
'AttachmentId': 'string',
'DeleteOnTermination': True|False
},
Description={
'Value': 'string'
},
DryRun=True|False,
Groups=[
'string',
],
NetworkInterfaceId='string',
SourceDestCheck={
'Value': True|False
},
EnaSrdSpecification={
'EnaSrdEnabled': True|False,
'EnaSrdUdpSpecification': {
'EnaSrdUdpEnabled': True|False
}
},
EnablePrimaryIpv6=True|False,
ConnectionTrackingSpecification={
'TcpEstablishedTimeout': 123,
'UdpStreamTimeout': 123,
'UdpTimeout': 123
}
)
dict
Information about the interface attachment. If modifying the delete on termination attribute, you must specify the ID of the interface attachment.
AttachmentId (string) --
The ID of the network interface attachment.
DeleteOnTermination (boolean) --
Indicates whether the network interface is deleted when the instance is terminated.
dict
A description for the network interface.
Value (string) --
The attribute value. The value is case-sensitive.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
Changes the security groups for the network interface. The new set of groups you specify replaces the current set. You must specify at least one group, even if it's just the default security group in the VPC. You must specify the ID of the security group, not the name.
(string) --
string
[REQUIRED]
The ID of the network interface.
dict
Enable or disable source/destination checks, which ensure that the instance is either the source or the destination of any traffic that it receives. If the value is true, source/destination checks are enabled; otherwise, they are disabled. The default value is true. You must disable source/destination checks if the instance runs services such as network address translation, routing, or firewalls.
Value (boolean) --
The attribute value. The valid values are true or false.
dict
Updates the ENA Express configuration for the network interface that’s attached to the instance.
EnaSrdEnabled (boolean) --
Indicates whether ENA Express is enabled for the network interface.
EnaSrdUdpSpecification (dict) --
Configures ENA Express for UDP network traffic.
EnaSrdUdpEnabled (boolean) --
Indicates whether UDP traffic to and from the instance uses ENA Express. To specify this setting, you must first enable ENA Express.
boolean
If you’re modifying a network interface in a dual-stack or IPv6-only subnet, you have the option to assign a primary IPv6 IP address. A primary IPv6 address is an IPv6 GUA address associated with an ENI that you have enabled to use a primary IPv6 address. Use this option if the instance that this ENI will be attached to relies on its IPv6 address not changing. Amazon Web Services will automatically assign an IPv6 address associated with the ENI attached to your instance to be the primary IPv6 address. Once you enable an IPv6 GUA address to be a primary IPv6, you cannot disable it. When you enable an IPv6 GUA address to be a primary IPv6, the first IPv6 GUA will be made the primary IPv6 address until the instance is terminated or the network interface is detached. If you have multiple IPv6 addresses associated with an ENI attached to your instance and you enable a primary IPv6 address, the first IPv6 GUA address associated with the ENI becomes the primary IPv6 address.
dict
A connection tracking specification.
TcpEstablishedTimeout (integer) --
Timeout (in seconds) for idle TCP connections in an established state. Min: 60 seconds. Max: 432000 seconds (5 days). Default: 432000 seconds. Recommended: Less than 432000 seconds.
UdpStreamTimeout (integer) --
Timeout (in seconds) for idle UDP flows classified as streams which have seen more than one request-response transaction. Min: 60 seconds. Max: 180 seconds (3 minutes). Default: 180 seconds.
UdpTimeout (integer) --
Timeout (in seconds) for idle UDP flows that have seen traffic only in a single direction or a single request-response transaction. Min: 30 seconds. Max: 60 seconds. Default: 30 seconds.
None
{'ByoipCidr': {'AsnAssociations': [{'Asn': 'string',
'Cidr': 'string',
'State': 'disassociated | '
'failed-disassociation | '
'failed-association | '
'pending-disassociation | '
'pending-association | associated',
'StatusMessage': 'string'}]}}
Move a BYOIPv4 CIDR to IPAM from a public IPv4 pool.
If you already have a BYOIPv4 CIDR with Amazon Web Services, you can move the CIDR to IPAM from a public IPv4 pool. You cannot move an IPv6 CIDR to IPAM. If you are bringing a new IP address to Amazon Web Services for the first time, complete the steps in Tutorial: BYOIP address CIDRs to IPAM.
See also: AWS API Documentation
Request Syntax
client.move_byoip_cidr_to_ipam(
DryRun=True|False,
Cidr='string',
IpamPoolId='string',
IpamPoolOwner='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The BYOIP CIDR.
string
[REQUIRED]
The IPAM pool ID.
string
[REQUIRED]
The Amazon Web Services account ID of the owner of the IPAM pool.
dict
Response Syntax
{
'ByoipCidr': {
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable'
}
}
Response Structure
(dict) --
ByoipCidr (dict) --
The BYOIP CIDR.
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address pool.
{'ByoipCidr': {'AsnAssociations': [{'Asn': 'string',
'Cidr': 'string',
'State': 'disassociated | '
'failed-disassociation | '
'failed-association | '
'pending-disassociation | '
'pending-association | associated',
'StatusMessage': 'string'}]}}
Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.
Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide.
Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.
See also: AWS API Documentation
Request Syntax
client.provision_byoip_cidr(
Cidr='string',
CidrAuthorizationContext={
'Message': 'string',
'Signature': 'string'
},
PubliclyAdvertisable=True|False,
Description='string',
DryRun=True|False,
PoolTagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
MultiRegion=True|False
)
string
[REQUIRED]
The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 prefix you can specify is /56. The address range cannot overlap with another address range that you've brought to this or another Region.
dict
A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.
Message (string) -- [REQUIRED]
The plain-text authorization message for the prefix and account.
Signature (string) -- [REQUIRED]
The signed authorization message for the prefix and account.
boolean
(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.
Default: true
string
A description for the address range and the address pool.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
The tags to apply to the address pool.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
boolean
Reserved.
dict
Response Syntax
{
'ByoipCidr': {
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable'
}
}
Response Structure
(dict) --
ByoipCidr (dict) --
Information about the address range.
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address pool.
{'SpotFleetRequestConfig': {'LaunchSpecifications': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}}
{'LaunchSpecification': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}
Response {'SpotInstanceRequests': {'LaunchSpecification': {'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}}
{'NetworkInterfaces': {'ConnectionTrackingSpecification': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}
Response {'Instances': {'NetworkInterfaces': {'ConnectionTrackingConfiguration': {'TcpEstablishedTimeout': 'integer',
'UdpStreamTimeout': 'integer',
'UdpTimeout': 'integer'}}}}
{'ByoipCidr': {'AsnAssociations': [{'Asn': 'string',
'Cidr': 'string',
'State': 'disassociated | '
'failed-disassociation | '
'failed-association | '
'pending-disassociation | '
'pending-association | associated',
'StatusMessage': 'string'}]}}
Stops advertising an address range that is provisioned as an address pool.
You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.
It can take a few minutes before traffic to the specified addresses stops routing to Amazon Web Services because of BGP propagation delays.
See also: AWS API Documentation
Request Syntax
client.withdraw_byoip_cidr(
Cidr='string',
DryRun=True|False
)
string
[REQUIRED]
The address range, in CIDR notation.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
dict
Response Syntax
{
'ByoipCidr': {
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable'
}
}
Response Structure
(dict) --
ByoipCidr (dict) --
Information about the address pool.
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address pool.