2025/10/31 - Amazon Elastic Compute Cloud - 11 new16 updated api methods
Changes Amazon VPC IP Address Manager (IPAM) now supports automated prefix list management, allowing you to create rules that automatically populate customer-managed prefix lists with CIDRs from your IPAM pools or AWS resources based on tags, Regions, or other criteria.
Modifies an IPAM prefix list resolver. You can update the description and CIDR selection rules. Changes to rules will trigger re-evaluation and potential updates to associated prefix lists.
See also: AWS API Documentation
Request Syntax
client.modify_ipam_prefix_list_resolver(
DryRun=True|False,
IpamPrefixListResolverId='string',
Description='string',
Rules=[
{
'RuleType': 'static-cidr'|'ipam-resource-cidr'|'ipam-pool-cidr',
'StaticCidr': 'string',
'IpamScopeId': 'string',
'ResourceType': 'vpc'|'subnet'|'eip'|'public-ipv4-pool'|'ipv6-pool'|'eni',
'Conditions': [
{
'Operation': 'equals'|'not-equals'|'subnet-of',
'IpamPoolId': 'string',
'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceTag': {
'Key': 'string',
'Value': 'string'
},
'Cidr': 'string'
},
]
},
]
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver to modify.
string
A new description for the IPAM prefix list resolver.
list
The updated CIDR selection rules for the resolver. These rules replace the existing rules entirely.
(dict) --
Describes a CIDR selection rule to include in a request. This is used when creating or modifying resolver rules.
CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.
There are three rule types:
Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool).
Scope resource CIDR: CIDRs for Amazon Web Services resources like VPCs, subnets, and EIPs within a specific IPAM scope.
Condition availability by resource type:
Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.
Condition available for the IPAM pool CIDR resource type:
Property:
IPAM Pool ID
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
Conditions for the Scope resource CIDR resource type:
Property:
Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)
Resource type (like VPC or Subnet)
Resource owner (like 111122223333)
Resource region (like us-east-1)
Resource tag (like key: name, value: dev-vpc-1)
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
When setting conditions for a rule, one or more conditions is required.
RuleType (string) -- [REQUIRED]
The type of CIDR selection rule. Valid values include include for selecting CIDRs that match the conditions, and exclude for excluding CIDRs that match the conditions.
StaticCidr (string) --
A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IpamScopeId (string) --
The ID of the IPAM scope from which to select CIDRs. This determines whether to select from public or private IP address space.
ResourceType (string) --
For rules of type ipam-resource-cidr, this is the resource type.
Conditions (list) --
The conditions that determine which CIDRs are selected by this rule. Conditions specify criteria such as resource type, tags, account IDs, and Regions.
(dict) --
Describes a condition used when creating or modifying resolver rules.
CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.
There are three rule types:
Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool).
Scope resource CIDR: CIDRs for Amazon Web Services resources like VPCs, subnets, and EIPs within a specific IPAM scope.
Condition availability by resource type:
Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.
Condition available for the IPAM pool CIDR resource type:
Property:
IPAM Pool ID
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
Conditions for the Scope resource CIDR resource type:
Property:
Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)
Resource type (like VPC or Subnet)
Resource owner (like 111122223333)
Resource region (like us-east-1)
Resource tag (like key: name, value: dev-vpc-1)
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
When setting conditions for a rule, one or more conditions is required.
Operation (string) -- [REQUIRED]
The operation to perform when evaluating this condition.
IpamPoolId (string) --
The ID of the IPAM pool to match against. This condition selects CIDRs that belong to the specified IPAM pool.
ResourceId (string) --
The ID of the Amazon Web Services resource to match against. This condition selects CIDRs associated with the specified resource.
ResourceOwner (string) --
The Amazon Web Services account ID that owns the resources to match against. This condition selects CIDRs from resources owned by the specified account.
ResourceRegion (string) --
The Amazon Web Services Region where the resources are located. This condition selects CIDRs from resources in the specified Region.
ResourceTag (dict) --
A tag key-value pair to match against. This condition selects CIDRs from resources that have the specified tag.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value for the tag.
Cidr (string) --
A CIDR block to match against. This condition selects CIDRs that fall within or match the specified CIDR range.
dict
Response Syntax
{
'IpamPrefixListResolver': {
'OwnerId': 'string',
'IpamPrefixListResolverId': 'string',
'IpamPrefixListResolverArn': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'Description': 'string',
'AddressFamily': 'ipv4'|'ipv6',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'LastVersionCreationStatus': 'pending'|'success'|'failure',
'LastVersionCreationStatusMessage': 'string'
}
}
Response Structure
(dict) --
IpamPrefixListResolver (dict) --
Information about the modified IPAM prefix list resolver.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver.
IpamPrefixListResolverArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM associated with this resolver.
IpamRegion (string) --
The Amazon Web Services Region where the associated IPAM is located.
Description (string) --
The description of the IPAM prefix list resolver.
AddressFamily (string) --
The address family (IPv4 or IPv6) for the IPAM prefix list resolver.
State (string) --
The current state of the IPAM prefix list resolver. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
LastVersionCreationStatus (string) --
The status for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
LastVersionCreationStatusMessage (string) --
The status message for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
Describes one or more IPAM prefix list resolver Targets. Use this operation to view the configuration and status of resolver targets.
See also: AWS API Documentation
Request Syntax
client.describe_ipam_prefix_list_resolver_targets(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string',
IpamPrefixListResolverTargetIds=[
'string',
],
IpamPrefixListResolverId='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
One or more filters to limit the results.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
string
The token for the next page of results.
list
The IDs of the IPAM prefix list resolver Targets to describe. If not specified, all targets in your account are described.
(string) --
string
The ID of the IPAM prefix list resolver to filter targets by. Only targets associated with this resolver will be returned.
dict
Response Syntax
{
'NextToken': 'string',
'IpamPrefixListResolverTargets': [
{
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverTargetArn': 'string',
'IpamPrefixListResolverId': 'string',
'OwnerId': 'string',
'PrefixListId': 'string',
'PrefixListRegion': 'string',
'DesiredVersion': 123,
'LastSyncedVersion': 123,
'TrackLatestVersion': True|False,
'StateMessage': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'sync-in-progress'|'sync-complete'|'sync-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
IpamPrefixListResolverTargets (list) --
Information about the IPAM prefix list resolver Targets.
(dict) --
Describes an IPAM prefix list resolver target.
An IPAM prefix list resolver target is an association between a specific customer-managed prefix list and an IPAM prefix list resolver. The target enables the resolver to synchronize CIDRs selected by its rules into the specified prefix list, which can then be referenced in Amazon Web Services resources.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target.
IpamPrefixListResolverTargetArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver target.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver associated with this target.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver target.
PrefixListId (string) --
The ID of the managed prefix list associated with this target.
PrefixListRegion (string) --
The Amazon Web Services Region where the prefix list associated with this target is located.
DesiredVersion (integer) --
The desired version of the prefix list that this target should synchronize with.
LastSyncedVersion (integer) --
The version of the prefix list that was last successfully synchronized by this target.
TrackLatestVersion (boolean) --
Indicates whether this target automatically tracks the latest version of the prefix list.
StateMessage (string) --
A message describing the current state of the IPAM prefix list resolver target, including any error information.
State (string) --
The current state of the IPAM prefix list resolver target. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver target.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
Deletes an IPAM prefix list resolver. Before deleting a resolver, you must first delete all resolver targets associated with it.
See also: AWS API Documentation
Request Syntax
client.delete_ipam_prefix_list_resolver(
DryRun=True|False,
IpamPrefixListResolverId='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver to delete.
dict
Response Syntax
{
'IpamPrefixListResolver': {
'OwnerId': 'string',
'IpamPrefixListResolverId': 'string',
'IpamPrefixListResolverArn': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'Description': 'string',
'AddressFamily': 'ipv4'|'ipv6',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'LastVersionCreationStatus': 'pending'|'success'|'failure',
'LastVersionCreationStatusMessage': 'string'
}
}
Response Structure
(dict) --
IpamPrefixListResolver (dict) --
Information about the IPAM prefix list resolver that was deleted.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver.
IpamPrefixListResolverArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM associated with this resolver.
IpamRegion (string) --
The Amazon Web Services Region where the associated IPAM is located.
Description (string) --
The description of the IPAM prefix list resolver.
AddressFamily (string) --
The address family (IPv4 or IPv6) for the IPAM prefix list resolver.
State (string) --
The current state of the IPAM prefix list resolver. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
LastVersionCreationStatus (string) --
The status for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
LastVersionCreationStatusMessage (string) --
The status message for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
Deletes an IPAM prefix list resolver target. This removes the association between the resolver and the managed prefix list, stopping automatic CIDR synchronization.
For more information about IPAM prefix list resolver, see Automate prefix list updates with IPAM in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.delete_ipam_prefix_list_resolver_target(
DryRun=True|False,
IpamPrefixListResolverTargetId='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver target to delete.
dict
Response Syntax
{
'IpamPrefixListResolverTarget': {
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverTargetArn': 'string',
'IpamPrefixListResolverId': 'string',
'OwnerId': 'string',
'PrefixListId': 'string',
'PrefixListRegion': 'string',
'DesiredVersion': 123,
'LastSyncedVersion': 123,
'TrackLatestVersion': True|False,
'StateMessage': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'sync-in-progress'|'sync-complete'|'sync-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
}
Response Structure
(dict) --
IpamPrefixListResolverTarget (dict) --
Information about the IPAM prefix list resolver target that was deleted.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target.
IpamPrefixListResolverTargetArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver target.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver associated with this target.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver target.
PrefixListId (string) --
The ID of the managed prefix list associated with this target.
PrefixListRegion (string) --
The Amazon Web Services Region where the prefix list associated with this target is located.
DesiredVersion (integer) --
The desired version of the prefix list that this target should synchronize with.
LastSyncedVersion (integer) --
The version of the prefix list that was last successfully synchronized by this target.
TrackLatestVersion (boolean) --
Indicates whether this target automatically tracks the latest version of the prefix list.
StateMessage (string) --
A message describing the current state of the IPAM prefix list resolver target, including any error information.
State (string) --
The current state of the IPAM prefix list resolver target. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver target.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
Retrieves version information for an IPAM prefix list resolver.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
Version example:
Initial State (Version 1)
Production environment:
vpc-prod-web (10.1.0.0/16) - tagged env=prod
vpc-prod-db (10.2.0.0/16) - tagged env=prod
Resolver rule: Include all VPCs tagged env=prod
Version 1 CIDRs: 10.1.0.0/16, 10.2.0.0/16
Infrastructure Change (Version 2)
New VPC added:
vpc-prod-api (10.3.0.0/16) - tagged env=prod
IPAM automatically detects the change and creates a new version.
Version 2 CIDRs: 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16
See also: AWS API Documentation
Request Syntax
client.get_ipam_prefix_list_resolver_versions(
DryRun=True|False,
IpamPrefixListResolverId='string',
IpamPrefixListResolverVersions=[
123,
],
MaxResults=123,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
NextToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver whose versions you want to retrieve.
list
Specific version numbers to retrieve. If not specified, all versions are returned.
(integer) --
integer
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
list
One or more filters to limit the results.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
string
The token for the next page of results.
dict
Response Syntax
{
'IpamPrefixListResolverVersions': [
{
'Version': 123
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
IpamPrefixListResolverVersions (list) --
Information about the IPAM prefix list resolver versions.
(dict) --
Describes a version of an IPAM prefix list resolver.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
Version example:
Initial State (Version 1)
Production environment:
vpc-prod-web (10.1.0.0/16) - tagged env=prod
vpc-prod-db (10.2.0.0/16) - tagged env=prod
Resolver rule: Include all VPCs tagged env=prod
Version 1 CIDRs: 10.1.0.0/16, 10.2.0.0/16
Infrastructure Change (Version 2)
New VPC added:
vpc-prod-api (10.3.0.0/16) - tagged env=prod
IPAM automatically detects the change and creates a new version.
Version 2 CIDRs: 10.1.0.0/16, 10.2.0.0/16, 10.3.0.0/16
Version (integer) --
The version number of the IPAM prefix list resolver.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Describes one or more IPAM prefix list resolvers. Use this operation to view the configuration, status, and properties of your resolvers.
See also: AWS API Documentation
Request Syntax
client.describe_ipam_prefix_list_resolvers(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string',
IpamPrefixListResolverIds=[
'string',
]
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
One or more filters to limit the results.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
string
The token for the next page of results.
list
The IDs of the IPAM prefix list resolvers to describe. If not specified, all resolvers in your account are described.
(string) --
dict
Response Syntax
{
'NextToken': 'string',
'IpamPrefixListResolvers': [
{
'OwnerId': 'string',
'IpamPrefixListResolverId': 'string',
'IpamPrefixListResolverArn': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'Description': 'string',
'AddressFamily': 'ipv4'|'ipv6',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'LastVersionCreationStatus': 'pending'|'success'|'failure',
'LastVersionCreationStatusMessage': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
IpamPrefixListResolvers (list) --
Information about the IPAM prefix list resolvers.
(dict) --
Describes an IPAM prefix list resolver.
An IPAM prefix list resolver is a component that manages the synchronization between IPAM's CIDR selection rules and customer-managed prefix lists. It automates connectivity configurations by selecting CIDRs from IPAM's database based on your business logic and synchronizing them with prefix lists used in resources such as VPC route tables and security groups.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver.
IpamPrefixListResolverArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM associated with this resolver.
IpamRegion (string) --
The Amazon Web Services Region where the associated IPAM is located.
Description (string) --
The description of the IPAM prefix list resolver.
AddressFamily (string) --
The address family (IPv4 or IPv6) for the IPAM prefix list resolver.
State (string) --
The current state of the IPAM prefix list resolver. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
LastVersionCreationStatus (string) --
The status for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
LastVersionCreationStatusMessage (string) --
The status message for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
Retrieves the CIDR selection rules for an IPAM prefix list resolver. Use this operation to view the business logic that determines which CIDRs are selected for synchronization with prefix lists.
See also: AWS API Documentation
Request Syntax
client.get_ipam_prefix_list_resolver_rules(
DryRun=True|False,
IpamPrefixListResolverId='string',
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver whose rules you want to retrieve.
list
One or more filters to limit the results.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
string
The token for the next page of results.
dict
Response Syntax
{
'Rules': [
{
'RuleType': 'static-cidr'|'ipam-resource-cidr'|'ipam-pool-cidr',
'StaticCidr': 'string',
'IpamScopeId': 'string',
'ResourceType': 'vpc'|'subnet'|'eip'|'public-ipv4-pool'|'ipv6-pool'|'eni',
'Conditions': [
{
'Operation': 'equals'|'not-equals'|'subnet-of',
'IpamPoolId': 'string',
'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceTag': {
'Key': 'string',
'Value': 'string'
},
'Cidr': 'string'
},
]
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Rules (list) --
The CIDR selection rules for the IPAM prefix list resolver.
(dict) --
Describes a CIDR selection rule.
CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.
RuleType (string) --
The type of CIDR selection rule. Valid values include include for selecting CIDRs that match the conditions, and exclude for excluding CIDRs that match the conditions.
StaticCidr (string) --
A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IpamScopeId (string) --
The ID of the IPAM scope from which to select CIDRs. This determines whether to select from public or private IP address space.
ResourceType (string) --
For rules of type ipam-resource-cidr, this is the resource type.
Conditions (list) --
The conditions that determine which CIDRs are selected by this rule. Conditions specify criteria such as resource type, tags, account IDs, and Regions.
(dict) --
Describes a condition within a CIDR selection rule. Conditions define the criteria for selecting CIDRs from IPAM's database based on resource attributes.
CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.
There are three rule types:
Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool).
Scope resource CIDR: CIDRs for Amazon Web Services resources like VPCs, subnets, and EIPs within a specific IPAM scope.
Condition availability by resource type:
Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.
Condition available for the IPAM pool CIDR resource type:
Property:
IPAM Pool ID
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
Conditions for the Scope resource CIDR resource type:
Property:
Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)
Resource type (like VPC or Subnet)
Resource owner (like 111122223333)
Resource region (like us-east-1)
Resource tag (like key: name, value: dev-vpc-1)
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
When setting conditions for a rule, one or more conditions is required.
Operation (string) --
The operation to perform when evaluating this condition. Valid values include equals, not-equals, contains, and not-contains.
IpamPoolId (string) --
The ID of the IPAM pool to match against. This condition selects CIDRs that belong to the specified IPAM pool.
ResourceId (string) --
The ID of the Amazon Web Services resource to match against. This condition selects CIDRs associated with the specified resource.
ResourceOwner (string) --
The Amazon Web Services account ID that owns the resources to match against. This condition selects CIDRs from resources owned by the specified account.
ResourceRegion (string) --
The Amazon Web Services Region where the resources are located. This condition selects CIDRs from resources in the specified Region.
ResourceTag (dict) --
A tag key-value pair to match against. This condition selects CIDRs from resources that have the specified tag.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value of the tag.
Cidr (string) --
A CIDR block to match against. This condition selects CIDRs that fall within or match the specified CIDR range.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Retrieves the CIDR entries for a specific version of an IPAM prefix list resolver. This shows the actual CIDRs that were selected and synchronized at a particular point in time.
See also: AWS API Documentation
Request Syntax
client.get_ipam_prefix_list_resolver_version_entries(
DryRun=True|False,
IpamPrefixListResolverId='string',
IpamPrefixListResolverVersion=123,
MaxResults=123,
NextToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver whose version entries you want to retrieve.
integer
[REQUIRED]
The version number of the resolver for which to retrieve CIDR entries. If not specified, the latest version is used.
integer
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
string
The token for the next page of results.
dict
Response Syntax
{
'Entries': [
{
'Cidr': 'string'
},
],
'NextToken': 'string'
}
Response Structure
(dict) --
Entries (list) --
The CIDR entries for the specified resolver version.
(dict) --
Describes a CIDR entry in a specific version of an IPAM prefix list resolver. This represents a CIDR that was selected and synchronized at a particular point in time.
Cidr (string) --
The CIDR block that was selected and synchronized in this resolver version.
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
Modifies an IPAM prefix list resolver target. You can update version tracking settings and the desired version of the target prefix list.
See also: AWS API Documentation
Request Syntax
client.modify_ipam_prefix_list_resolver_target(
DryRun=True|False,
IpamPrefixListResolverTargetId='string',
DesiredVersion=123,
TrackLatestVersion=True|False,
ClientToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver target to modify.
integer
The desired version of the prefix list to target. This allows you to pin the target to a specific version.
boolean
Indicates whether the resolver target should automatically track the latest version of the prefix list. When enabled, the target will always synchronize with the most current version.
Choose this for automatic updates when you want your prefix lists to stay current with infrastructure changes without manual intervention.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.
This field is autopopulated if not provided.
dict
Response Syntax
{
'IpamPrefixListResolverTarget': {
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverTargetArn': 'string',
'IpamPrefixListResolverId': 'string',
'OwnerId': 'string',
'PrefixListId': 'string',
'PrefixListRegion': 'string',
'DesiredVersion': 123,
'LastSyncedVersion': 123,
'TrackLatestVersion': True|False,
'StateMessage': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'sync-in-progress'|'sync-complete'|'sync-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
}
Response Structure
(dict) --
IpamPrefixListResolverTarget (dict) --
Information about the modified IPAM prefix list resolver target.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target.
IpamPrefixListResolverTargetArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver target.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver associated with this target.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver target.
PrefixListId (string) --
The ID of the managed prefix list associated with this target.
PrefixListRegion (string) --
The Amazon Web Services Region where the prefix list associated with this target is located.
DesiredVersion (integer) --
The desired version of the prefix list that this target should synchronize with.
LastSyncedVersion (integer) --
The version of the prefix list that was last successfully synchronized by this target.
TrackLatestVersion (boolean) --
Indicates whether this target automatically tracks the latest version of the prefix list.
StateMessage (string) --
A message describing the current state of the IPAM prefix list resolver target, including any error information.
State (string) --
The current state of the IPAM prefix list resolver target. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver target.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
Creates an IPAM prefix list resolver target.
An IPAM prefix list resolver target is an association between a specific customer-managed prefix list and an IPAM prefix list resolver. The target enables the resolver to synchronize CIDRs selected by its rules into the specified prefix list, which can then be referenced in Amazon Web Services resources.
For more information about IPAM prefix list resolver, see Automate prefix list updates with IPAM in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.create_ipam_prefix_list_resolver_target(
DryRun=True|False,
IpamPrefixListResolverId='string',
PrefixListId='string',
PrefixListRegion='string',
DesiredVersion=123,
TrackLatestVersion=True|False,
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
ClientToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM prefix list resolver that will manage the synchronization of CIDRs to the target prefix list.
string
[REQUIRED]
The ID of the managed prefix list that will be synchronized with CIDRs selected by the IPAM prefix list resolver. This prefix list becomes an IPAM managed prefix list.
An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.
string
[REQUIRED]
The Amazon Web Services Region where the prefix list is located. This is required when referencing a prefix list in a different Region.
integer
The specific version of the prefix list to target. If not specified, the resolver will target the latest version.
boolean
[REQUIRED]
Indicates whether the resolver target should automatically track the latest version of the prefix list. When enabled, the target will always synchronize with the most current version of the prefix list.
Choose this for automatic updates when you want your prefix lists to stay current with infrastructure changes without manual intervention.
list
The tags to apply to the IPAM prefix list resolver target during creation. Tags help you organize and manage your Amazon Web Services resources.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.
This field is autopopulated if not provided.
dict
Response Syntax
{
'IpamPrefixListResolverTarget': {
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverTargetArn': 'string',
'IpamPrefixListResolverId': 'string',
'OwnerId': 'string',
'PrefixListId': 'string',
'PrefixListRegion': 'string',
'DesiredVersion': 123,
'LastSyncedVersion': 123,
'TrackLatestVersion': True|False,
'StateMessage': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'sync-in-progress'|'sync-complete'|'sync-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
}
}
Response Structure
(dict) --
IpamPrefixListResolverTarget (dict) --
Information about the IPAM prefix list resolver target that was created.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target.
IpamPrefixListResolverTargetArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver target.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver associated with this target.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver target.
PrefixListId (string) --
The ID of the managed prefix list associated with this target.
PrefixListRegion (string) --
The Amazon Web Services Region where the prefix list associated with this target is located.
DesiredVersion (integer) --
The desired version of the prefix list that this target should synchronize with.
LastSyncedVersion (integer) --
The version of the prefix list that was last successfully synchronized by this target.
TrackLatestVersion (boolean) --
Indicates whether this target automatically tracks the latest version of the prefix list.
StateMessage (string) --
A message describing the current state of the IPAM prefix list resolver target, including any error information.
State (string) --
The current state of the IPAM prefix list resolver target. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver target.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
Creates an IPAM prefix list resolver.
An IPAM prefix list resolver is a component that manages the synchronization between IPAM's CIDR selection rules and customer-managed prefix lists. It automates connectivity configurations by selecting CIDRs from IPAM's database based on your business logic and synchronizing them with prefix lists used in resources such as VPC route tables and security groups.
For more information about IPAM prefix list resolver, see Automate prefix list updates with IPAM in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.create_ipam_prefix_list_resolver(
DryRun=True|False,
IpamId='string',
Description='string',
AddressFamily='ipv4'|'ipv6',
Rules=[
{
'RuleType': 'static-cidr'|'ipam-resource-cidr'|'ipam-pool-cidr',
'StaticCidr': 'string',
'IpamScopeId': 'string',
'ResourceType': 'vpc'|'subnet'|'eip'|'public-ipv4-pool'|'ipv6-pool'|'eni',
'Conditions': [
{
'Operation': 'equals'|'not-equals'|'subnet-of',
'IpamPoolId': 'string',
'ResourceId': 'string',
'ResourceOwner': 'string',
'ResourceRegion': 'string',
'ResourceTag': {
'Key': 'string',
'Value': 'string'
},
'Cidr': 'string'
},
]
},
],
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
ClientToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM that will serve as the source of the IP address database for CIDR selection. The IPAM must be in the Advanced tier to use this feature.
string
A description for the IPAM prefix list resolver to help you identify its purpose and configuration.
string
[REQUIRED]
The address family for the IPAM prefix list resolver. Valid values are ipv4 and ipv6. You must create separate resolvers for IPv4 and IPv6 CIDRs as they cannot be mixed in the same resolver.
list
The CIDR selection rules for the resolver.
CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.
(dict) --
Describes a CIDR selection rule to include in a request. This is used when creating or modifying resolver rules.
CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.
There are three rule types:
Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool).
Scope resource CIDR: CIDRs for Amazon Web Services resources like VPCs, subnets, and EIPs within a specific IPAM scope.
Condition availability by resource type:
Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.
Condition available for the IPAM pool CIDR resource type:
Property:
IPAM Pool ID
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
Conditions for the Scope resource CIDR resource type:
Property:
Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)
Resource type (like VPC or Subnet)
Resource owner (like 111122223333)
Resource region (like us-east-1)
Resource tag (like key: name, value: dev-vpc-1)
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
When setting conditions for a rule, one or more conditions is required.
RuleType (string) -- [REQUIRED]
The type of CIDR selection rule. Valid values include include for selecting CIDRs that match the conditions, and exclude for excluding CIDRs that match the conditions.
StaticCidr (string) --
A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IpamScopeId (string) --
The ID of the IPAM scope from which to select CIDRs. This determines whether to select from public or private IP address space.
ResourceType (string) --
For rules of type ipam-resource-cidr, this is the resource type.
Conditions (list) --
The conditions that determine which CIDRs are selected by this rule. Conditions specify criteria such as resource type, tags, account IDs, and Regions.
(dict) --
Describes a condition used when creating or modifying resolver rules.
CIDR selection rules define the business logic for selecting CIDRs from IPAM. If a CIDR matches any of the rules, it will be included. If a rule has multiple conditions, the CIDR has to match every condition of that rule. You can create a prefix list resolver without any CIDR selection rules, but it will generate empty versions (containing no CIDRs) until you add rules.
There are three rule types:
Static CIDR: A fixed list of CIDRs that do not change (like a manual list replicated across Regions).
IPAM pool CIDR: CIDRs from specific IPAM pools (like all CIDRs from your IPAM production pool).
Scope resource CIDR: CIDRs for Amazon Web Services resources like VPCs, subnets, and EIPs within a specific IPAM scope.
Condition availability by resource type:
Only 2 of the 3 rule types support conditions - IPAM pool CIDR and Scope resource CIDR. Static CIDR rules cannot have conditions.
Condition available for the IPAM pool CIDR resource type:
Property:
IPAM Pool ID
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
Conditions for the Scope resource CIDR resource type:
Property:
Resource ID: The unique ID of a resource (like vpc-1234567890abcdef0)
Resource type (like VPC or Subnet)
Resource owner (like 111122223333)
Resource region (like us-east-1)
Resource tag (like key: name, value: dev-vpc-1)
CIDR (like 10.24.34.0/23)
Operation: Equals/Not equals
Value: The value on which to match the condition
When setting conditions for a rule, one or more conditions is required.
Operation (string) -- [REQUIRED]
The operation to perform when evaluating this condition.
IpamPoolId (string) --
The ID of the IPAM pool to match against. This condition selects CIDRs that belong to the specified IPAM pool.
ResourceId (string) --
The ID of the Amazon Web Services resource to match against. This condition selects CIDRs associated with the specified resource.
ResourceOwner (string) --
The Amazon Web Services account ID that owns the resources to match against. This condition selects CIDRs from resources owned by the specified account.
ResourceRegion (string) --
The Amazon Web Services Region where the resources are located. This condition selects CIDRs from resources in the specified Region.
ResourceTag (dict) --
A tag key-value pair to match against. This condition selects CIDRs from resources that have the specified tag.
Key (string) --
The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
Value (string) --
The value for the tag.
Cidr (string) --
A CIDR block to match against. This condition selects CIDRs that fall within or match the specified CIDR range.
list
The tags to apply to the IPAM prefix list resolver during creation. Tags help you organize and manage your Amazon Web Services resources.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.
This field is autopopulated if not provided.
dict
Response Syntax
{
'IpamPrefixListResolver': {
'OwnerId': 'string',
'IpamPrefixListResolverId': 'string',
'IpamPrefixListResolverArn': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'Description': 'string',
'AddressFamily': 'ipv4'|'ipv6',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'LastVersionCreationStatus': 'pending'|'success'|'failure',
'LastVersionCreationStatusMessage': 'string'
}
}
Response Structure
(dict) --
IpamPrefixListResolver (dict) --
Information about the IPAM prefix list resolver that was created.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the IPAM prefix list resolver.
IpamPrefixListResolverId (string) --
The ID of the IPAM prefix list resolver.
IpamPrefixListResolverArn (string) --
The Amazon Resource Name (ARN) of the IPAM prefix list resolver.
IpamArn (string) --
The Amazon Resource Name (ARN) of the IPAM associated with this resolver.
IpamRegion (string) --
The Amazon Web Services Region where the associated IPAM is located.
Description (string) --
The description of the IPAM prefix list resolver.
AddressFamily (string) --
The address family (IPv4 or IPv6) for the IPAM prefix list resolver.
State (string) --
The current state of the IPAM prefix list resolver. Valid values include create-in-progress, create-complete, create-failed, modify-in-progress, modify-complete, modify-failed, delete-in-progress, delete-complete, and delete-failed.
Tags (list) --
The tags assigned to the IPAM prefix list resolver.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
LastVersionCreationStatus (string) --
The status for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
LastVersionCreationStatusMessage (string) --
The status message for the last time a version was created.
Each version is a snapshot of what CIDRs matched your rules at that moment in time. The version number increments every time the CIDR list changes due to infrastructure changes.
{'Vpc': {'EncryptionControl': {'ResourceExclusions': {'ElasticFileSystem': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'},
'Lambda': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'},
'VpcLattice': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'}}}}}
Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPCs in the Amazon VPC User Guide. You cannot specify the components of the default VPC yourself.
If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.
See also: AWS API Documentation
Request Syntax
client.create_default_vpc(
DryRun=True|False
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
dict
Response Syntax
{
'Vpc': {
'OwnerId': 'string',
'InstanceTenancy': 'default'|'dedicated'|'host',
'Ipv6CidrBlockAssociationSet': [
{
'AssociationId': 'string',
'Ipv6CidrBlock': 'string',
'Ipv6CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
},
'NetworkBorderGroup': 'string',
'Ipv6Pool': 'string',
'Ipv6AddressAttribute': 'public'|'private',
'IpSource': 'amazon'|'byoip'|'none'
},
],
'CidrBlockAssociationSet': [
{
'AssociationId': 'string',
'CidrBlock': 'string',
'CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
}
},
],
'IsDefault': True|False,
'EncryptionControl': {
'VpcId': 'string',
'VpcEncryptionControlId': 'string',
'Mode': 'monitor'|'enforce',
'State': 'enforce-in-progress'|'monitor-in-progress'|'enforce-failed'|'monitor-failed'|'deleting'|'deleted'|'available'|'creating'|'delete-failed',
'StateMessage': 'string',
'ResourceExclusions': {
'InternetGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'EgressOnlyInternetGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'NatGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VirtualPrivateGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VpcPeering': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'Lambda': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VpcLattice': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'ElasticFileSystem': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
}
},
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'BlockPublicAccessStates': {
'InternetGatewayBlockMode': 'off'|'block-bidirectional'|'block-ingress'
},
'VpcId': 'string',
'State': 'pending'|'available',
'CidrBlock': 'string',
'DhcpOptionsId': 'string'
}
}
Response Structure
(dict) --
Vpc (dict) --
Information about the VPC.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the VPC.
InstanceTenancy (string) --
The allowed tenancy of instances launched into the VPC.
Ipv6CidrBlockAssociationSet (list) --
Information about the IPv6 CIDR blocks associated with the VPC.
(dict) --
Describes an IPv6 CIDR block associated with a VPC.
AssociationId (string) --
The association ID for the IPv6 CIDR block.
Ipv6CidrBlock (string) --
The IPv6 CIDR block.
Ipv6CidrBlockState (dict) --
Information about the state of the CIDR block.
State (string) --
The state of the CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
NetworkBorderGroup (string) --
The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses, for example, us-east-1-wl1-bos-wlz-1.
Ipv6Pool (string) --
The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
Ipv6AddressAttribute (string) --
Public IPv6 addresses are those advertised on the internet from Amazon Web Services. Private IP addresses are not and cannot be advertised on the internet from Amazon Web Services.
IpSource (string) --
The source that allocated the IP address space. byoip or amazon indicates public IP address space allocated by Amazon or space that you have allocated with Bring your own IP (BYOIP). none indicates private space.
CidrBlockAssociationSet (list) --
Information about the IPv4 CIDR blocks associated with the VPC.
(dict) --
Describes an IPv4 CIDR block associated with a VPC.
AssociationId (string) --
The association ID for the IPv4 CIDR block.
CidrBlock (string) --
The IPv4 CIDR block.
CidrBlockState (dict) --
Information about the state of the CIDR block.
State (string) --
The state of the CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
IsDefault (boolean) --
Indicates whether the VPC is the default VPC.
EncryptionControl (dict) --
VpcId (string) --
VpcEncryptionControlId (string) --
Mode (string) --
State (string) --
StateMessage (string) --
ResourceExclusions (dict) --
InternetGateway (dict) --
State (string) --
StateMessage (string) --
EgressOnlyInternetGateway (dict) --
State (string) --
StateMessage (string) --
NatGateway (dict) --
State (string) --
StateMessage (string) --
VirtualPrivateGateway (dict) --
State (string) --
StateMessage (string) --
VpcPeering (dict) --
State (string) --
StateMessage (string) --
Lambda (dict) --
State (string) --
StateMessage (string) --
VpcLattice (dict) --
State (string) --
StateMessage (string) --
ElasticFileSystem (dict) --
State (string) --
StateMessage (string) --
Tags (list) --
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
Tags (list) --
Any tags assigned to the VPC.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
BlockPublicAccessStates (dict) --
The state of VPC Block Public Access (BPA).
InternetGatewayBlockMode (string) --
The mode of VPC BPA.
off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
VpcId (string) --
The ID of the VPC.
State (string) --
The current state of the VPC.
CidrBlock (string) --
The primary IPv4 CIDR block for the VPC.
DhcpOptionsId (string) --
The ID of the set of DHCP options you've associated with the VPC.
{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}}
{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}}
Response {'LaunchTemplateVersion': {'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}}}
{'PrefixList': {'IpamPrefixListResolverSyncEnabled': 'boolean',
'IpamPrefixListResolverTargetId': 'string'}}
Creates a managed prefix list. You can specify entries for the prefix list. Each entry consists of a CIDR block and an optional description.
See also: AWS API Documentation
Request Syntax
client.create_managed_prefix_list(
DryRun=True|False,
PrefixListName='string',
Entries=[
{
'Cidr': 'string',
'Description': 'string'
},
],
MaxEntries=123,
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
AddressFamily='string',
ClientToken='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
A name for the prefix list.
Constraints: Up to 255 characters in length. The name cannot start with com.amazonaws.
list
One or more entries for the prefix list.
(dict) --
An entry for a prefix list.
Cidr (string) -- [REQUIRED]
The CIDR block.
Description (string) --
A description for the entry.
Constraints: Up to 255 characters in length.
integer
[REQUIRED]
The maximum number of entries for the prefix list.
list
The tags to apply to the prefix list during creation.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
[REQUIRED]
The IP address type.
Valid Values: IPv4 | IPv6
string
Unique, case-sensitive identifier you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.
Constraints: Up to 255 UTF-8 characters in length.
This field is autopopulated if not provided.
dict
Response Syntax
{
'PrefixList': {
'PrefixListId': 'string',
'AddressFamily': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'restore-in-progress'|'restore-complete'|'restore-failed'|'delete-in-progress'|'delete-complete'|'delete-failed',
'StateMessage': 'string',
'PrefixListArn': 'string',
'PrefixListName': 'string',
'MaxEntries': 123,
'Version': 123,
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'OwnerId': 'string',
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverSyncEnabled': True|False
}
}
Response Structure
(dict) --
PrefixList (dict) --
Information about the prefix list.
PrefixListId (string) --
The ID of the prefix list.
AddressFamily (string) --
The IP address version.
State (string) --
The current state of the prefix list.
StateMessage (string) --
The state message.
PrefixListArn (string) --
The Amazon Resource Name (ARN) for the prefix list.
PrefixListName (string) --
The name of the prefix list.
MaxEntries (integer) --
The maximum number of entries for the prefix list.
Version (integer) --
The version of the prefix list.
Tags (list) --
The tags for the prefix list.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
OwnerId (string) --
The ID of the owner of the prefix list.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target associated with this managed prefix list. When set, this prefix list becomes an IPAM managed prefix list.
An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.
IpamPrefixListResolverSyncEnabled (boolean) --
Indicates whether synchronization with an IPAM prefix list resolver is enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the resolver's CIDR selection rules.
{'Vpc': {'EncryptionControl': {'ResourceExclusions': {'ElasticFileSystem': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'},
'Lambda': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'},
'VpcLattice': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'}}}}}
Creates a VPC with the specified CIDR blocks.
A VPC must have an associated IPv4 CIDR block. You can choose an IPv4 CIDR block or an IPAM-allocated IPv4 CIDR block. You can optionally associate an IPv6 CIDR block with a VPC. You can choose an IPv6 CIDR block, an Amazon-provided IPv6 CIDR block, an IPAM-allocated IPv6 CIDR block, or an IPv6 CIDR block that you brought to Amazon Web Services. For more information, see IP addressing for your VPCs and subnets in the Amazon VPC User Guide.
By default, each instance that you launch in the VPC has the default DHCP options, which include only a default DNS server that we provide (AmazonProvidedDNS). For more information, see DHCP option sets in the Amazon VPC User Guide.
You can specify DNS options and tenancy for a VPC when you create it. You can't change the tenancy of a VPC after you create it. For more information, see VPC configuration options in the Amazon VPC User Guide.
See also: AWS API Documentation
Request Syntax
client.create_vpc(
CidrBlock='string',
Ipv6Pool='string',
Ipv6CidrBlock='string',
Ipv4IpamPoolId='string',
Ipv4NetmaskLength=123,
Ipv6IpamPoolId='string',
Ipv6NetmaskLength=123,
Ipv6CidrBlockNetworkBorderGroup='string',
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
DryRun=True|False,
InstanceTenancy='default'|'dedicated'|'host',
AmazonProvidedIpv6CidrBlock=True|False
)
string
The IPv4 network range for the VPC, in CIDR notation. For example, 10.0.0.0/16. We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18.
string
The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.
string
The IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool in the request.
To let Amazon choose the IPv6 CIDR block for you, omit this parameter.
string
The ID of an IPv4 IPAM pool you want to use for allocating this VPC's CIDR. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.
integer
The netmask length of the IPv4 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.
string
The ID of an IPv6 IPAM pool which will be used to allocate this VPC an IPv6 CIDR. IPAM is a VPC feature that you can use to automate your IP address management workflows including assigning, tracking, troubleshooting, and auditing IP addresses across Amazon Web Services Regions and accounts throughout your Amazon Web Services Organization. For more information, see What is IPAM? in the Amazon VPC IPAM User Guide.
integer
The netmask length of the IPv6 CIDR you want to allocate to this VPC from an Amazon VPC IP Address Manager (IPAM) pool. For more information about IPAM, see What is IPAM? in the Amazon VPC IPAM User Guide.
string
The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the address to this location.
You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.
list
The tags to assign to the VPC.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
The tenancy options for instances launched into the VPC. For default, instances are launched with shared tenancy by default. You can launch instances with any tenancy into a shared tenancy VPC. For dedicated, instances are launched as dedicated tenancy instances by default. You can only launch instances with a tenancy of dedicated or host into a dedicated tenancy VPC.
Important: The host value cannot be used with this parameter. Use the default or dedicated values only.
Default: default
boolean
Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IP addresses, or the size of the CIDR block.
dict
Response Syntax
{
'Vpc': {
'OwnerId': 'string',
'InstanceTenancy': 'default'|'dedicated'|'host',
'Ipv6CidrBlockAssociationSet': [
{
'AssociationId': 'string',
'Ipv6CidrBlock': 'string',
'Ipv6CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
},
'NetworkBorderGroup': 'string',
'Ipv6Pool': 'string',
'Ipv6AddressAttribute': 'public'|'private',
'IpSource': 'amazon'|'byoip'|'none'
},
],
'CidrBlockAssociationSet': [
{
'AssociationId': 'string',
'CidrBlock': 'string',
'CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
}
},
],
'IsDefault': True|False,
'EncryptionControl': {
'VpcId': 'string',
'VpcEncryptionControlId': 'string',
'Mode': 'monitor'|'enforce',
'State': 'enforce-in-progress'|'monitor-in-progress'|'enforce-failed'|'monitor-failed'|'deleting'|'deleted'|'available'|'creating'|'delete-failed',
'StateMessage': 'string',
'ResourceExclusions': {
'InternetGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'EgressOnlyInternetGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'NatGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VirtualPrivateGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VpcPeering': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'Lambda': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VpcLattice': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'ElasticFileSystem': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
}
},
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'BlockPublicAccessStates': {
'InternetGatewayBlockMode': 'off'|'block-bidirectional'|'block-ingress'
},
'VpcId': 'string',
'State': 'pending'|'available',
'CidrBlock': 'string',
'DhcpOptionsId': 'string'
}
}
Response Structure
(dict) --
Vpc (dict) --
Information about the VPC.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the VPC.
InstanceTenancy (string) --
The allowed tenancy of instances launched into the VPC.
Ipv6CidrBlockAssociationSet (list) --
Information about the IPv6 CIDR blocks associated with the VPC.
(dict) --
Describes an IPv6 CIDR block associated with a VPC.
AssociationId (string) --
The association ID for the IPv6 CIDR block.
Ipv6CidrBlock (string) --
The IPv6 CIDR block.
Ipv6CidrBlockState (dict) --
Information about the state of the CIDR block.
State (string) --
The state of the CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
NetworkBorderGroup (string) --
The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses, for example, us-east-1-wl1-bos-wlz-1.
Ipv6Pool (string) --
The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
Ipv6AddressAttribute (string) --
Public IPv6 addresses are those advertised on the internet from Amazon Web Services. Private IP addresses are not and cannot be advertised on the internet from Amazon Web Services.
IpSource (string) --
The source that allocated the IP address space. byoip or amazon indicates public IP address space allocated by Amazon or space that you have allocated with Bring your own IP (BYOIP). none indicates private space.
CidrBlockAssociationSet (list) --
Information about the IPv4 CIDR blocks associated with the VPC.
(dict) --
Describes an IPv4 CIDR block associated with a VPC.
AssociationId (string) --
The association ID for the IPv4 CIDR block.
CidrBlock (string) --
The IPv4 CIDR block.
CidrBlockState (dict) --
Information about the state of the CIDR block.
State (string) --
The state of the CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
IsDefault (boolean) --
Indicates whether the VPC is the default VPC.
EncryptionControl (dict) --
VpcId (string) --
VpcEncryptionControlId (string) --
Mode (string) --
State (string) --
StateMessage (string) --
ResourceExclusions (dict) --
InternetGateway (dict) --
State (string) --
StateMessage (string) --
EgressOnlyInternetGateway (dict) --
State (string) --
StateMessage (string) --
NatGateway (dict) --
State (string) --
StateMessage (string) --
VirtualPrivateGateway (dict) --
State (string) --
StateMessage (string) --
VpcPeering (dict) --
State (string) --
StateMessage (string) --
Lambda (dict) --
State (string) --
StateMessage (string) --
VpcLattice (dict) --
State (string) --
StateMessage (string) --
ElasticFileSystem (dict) --
State (string) --
StateMessage (string) --
Tags (list) --
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
Tags (list) --
Any tags assigned to the VPC.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
BlockPublicAccessStates (dict) --
The state of VPC Block Public Access (BPA).
InternetGatewayBlockMode (string) --
The mode of VPC BPA.
off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
VpcId (string) --
The ID of the VPC.
State (string) --
The current state of the VPC.
CidrBlock (string) --
The primary IPv4 CIDR block for the VPC.
DhcpOptionsId (string) --
The ID of the set of DHCP options you've associated with the VPC.
{'PrefixList': {'IpamPrefixListResolverSyncEnabled': 'boolean',
'IpamPrefixListResolverTargetId': 'string'}}
Deletes the specified managed prefix list. You must first remove all references to the prefix list in your resources.
See also: AWS API Documentation
Request Syntax
client.delete_managed_prefix_list(
DryRun=True|False,
PrefixListId='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the prefix list.
dict
Response Syntax
{
'PrefixList': {
'PrefixListId': 'string',
'AddressFamily': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'restore-in-progress'|'restore-complete'|'restore-failed'|'delete-in-progress'|'delete-complete'|'delete-failed',
'StateMessage': 'string',
'PrefixListArn': 'string',
'PrefixListName': 'string',
'MaxEntries': 123,
'Version': 123,
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'OwnerId': 'string',
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverSyncEnabled': True|False
}
}
Response Structure
(dict) --
PrefixList (dict) --
Information about the prefix list.
PrefixListId (string) --
The ID of the prefix list.
AddressFamily (string) --
The IP address version.
State (string) --
The current state of the prefix list.
StateMessage (string) --
The state message.
PrefixListArn (string) --
The Amazon Resource Name (ARN) for the prefix list.
PrefixListName (string) --
The name of the prefix list.
MaxEntries (integer) --
The maximum number of entries for the prefix list.
Version (integer) --
The version of the prefix list.
Tags (list) --
The tags for the prefix list.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
OwnerId (string) --
The ID of the owner of the prefix list.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target associated with this managed prefix list. When set, this prefix list becomes an IPAM managed prefix list.
An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.
IpamPrefixListResolverSyncEnabled (boolean) --
Indicates whether synchronization with an IPAM prefix list resolver is enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the resolver's CIDR selection rules.
{'LaunchTemplateVersions': {'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}}}
{'PrefixLists': {'IpamPrefixListResolverSyncEnabled': 'boolean',
'IpamPrefixListResolverTargetId': 'string'}}
Describes your managed prefix lists and any Amazon Web Services-managed prefix lists.
See also: AWS API Documentation
Request Syntax
client.describe_managed_prefix_lists(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string',
PrefixListIds=[
'string',
]
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
One or more filters.
owner-id - The ID of the prefix list owner.
prefix-list-id - The ID of the prefix list.
prefix-list-name - The name of the prefix list.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.
string
The token for the next page of results.
list
One or more prefix list IDs.
(string) --
dict
Response Syntax
{
'NextToken': 'string',
'PrefixLists': [
{
'PrefixListId': 'string',
'AddressFamily': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'restore-in-progress'|'restore-complete'|'restore-failed'|'delete-in-progress'|'delete-complete'|'delete-failed',
'StateMessage': 'string',
'PrefixListArn': 'string',
'PrefixListName': 'string',
'MaxEntries': 123,
'Version': 123,
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'OwnerId': 'string',
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverSyncEnabled': True|False
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
PrefixLists (list) --
Information about the prefix lists.
(dict) --
Describes a managed prefix list.
PrefixListId (string) --
The ID of the prefix list.
AddressFamily (string) --
The IP address version.
State (string) --
The current state of the prefix list.
StateMessage (string) --
The state message.
PrefixListArn (string) --
The Amazon Resource Name (ARN) for the prefix list.
PrefixListName (string) --
The name of the prefix list.
MaxEntries (integer) --
The maximum number of entries for the prefix list.
Version (integer) --
The version of the prefix list.
Tags (list) --
The tags for the prefix list.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
OwnerId (string) --
The ID of the owner of the prefix list.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target associated with this managed prefix list. When set, this prefix list becomes an IPAM managed prefix list.
An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.
IpamPrefixListResolverSyncEnabled (boolean) --
Indicates whether synchronization with an IPAM prefix list resolver is enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the resolver's CIDR selection rules.
{'SpotFleetRequestConfigs': {'SpotFleetRequestConfig': {'LaunchSpecifications': {'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}},
'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}}}
{'Tags': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}
Describes the specified tags for your EC2 resources.
For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.
See also: AWS API Documentation
Request Syntax
client.describe_tags(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
The filters.
key - The tag key.
resource-id - The ID of the resource.
resource-type - The resource type. For a list of possible values, see TagSpecification.
tag:<key> - The key/value combination of the tag. For example, specify "tag:Owner" for the filter name and "TeamA" for the filter value to find resources with the tag "Owner=TeamA".
value - The tag value.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of items to return for this request. This value can be between 5 and 1000. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
string
The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
dict
Response Syntax
{
'NextToken': 'string',
'Tags': [
{
'Key': 'string',
'ResourceId': 'string',
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export',
'Value': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to include in another request to get the next page of items. This value is null when there are no more items to return.
Tags (list) --
The tags.
(dict) --
Describes a tag.
Key (string) --
The tag key.
ResourceId (string) --
The ID of the resource.
ResourceType (string) --
The resource type.
Value (string) --
The tag value.
{'Vpcs': {'EncryptionControl': {'ResourceExclusions': {'ElasticFileSystem': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'},
'Lambda': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'},
'VpcLattice': {'State': 'enabling '
'| '
'enabled '
'| '
'disabling '
'| '
'disabled',
'StateMessage': 'string'}}}}}
Describes your VPCs. The default is to describe all your VPCs. Alternatively, you can specify specific VPC IDs or filter the results to include only the VPCs that match specific criteria.
See also: AWS API Documentation
Request Syntax
client.describe_vpcs(
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
VpcIds=[
'string',
],
NextToken='string',
MaxResults=123,
DryRun=True|False
)
list
The filters.
cidr - The primary IPv4 CIDR block of the VPC. The CIDR block you specify must exactly match the VPC's CIDR block for information to be returned for the VPC. Must contain the slash followed by one or two digits (for example, /28).
cidr-block-association.cidr-block - An IPv4 CIDR block associated with the VPC.
cidr-block-association.association-id - The association ID for an IPv4 CIDR block associated with the VPC.
cidr-block-association.state - The state of an IPv4 CIDR block associated with the VPC.
dhcp-options-id - The ID of a set of DHCP options.
ipv6-cidr-block-association.ipv6-cidr-block - An IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.ipv6-pool - The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
ipv6-cidr-block-association.association-id - The association ID for an IPv6 CIDR block associated with the VPC.
ipv6-cidr-block-association.state - The state of an IPv6 CIDR block associated with the VPC.
is-default - Indicates whether the VPC is the default VPC.
owner-id - The ID of the Amazon Web Services account that owns the VPC.
state - The state of the VPC ( pending | available).
tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.
tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
vpc-id - The ID of the VPC.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
list
The IDs of the VPCs.
(string) --
string
The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
integer
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
dict
Response Syntax
{
'NextToken': 'string',
'Vpcs': [
{
'OwnerId': 'string',
'InstanceTenancy': 'default'|'dedicated'|'host',
'Ipv6CidrBlockAssociationSet': [
{
'AssociationId': 'string',
'Ipv6CidrBlock': 'string',
'Ipv6CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
},
'NetworkBorderGroup': 'string',
'Ipv6Pool': 'string',
'Ipv6AddressAttribute': 'public'|'private',
'IpSource': 'amazon'|'byoip'|'none'
},
],
'CidrBlockAssociationSet': [
{
'AssociationId': 'string',
'CidrBlock': 'string',
'CidrBlockState': {
'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
'StatusMessage': 'string'
}
},
],
'IsDefault': True|False,
'EncryptionControl': {
'VpcId': 'string',
'VpcEncryptionControlId': 'string',
'Mode': 'monitor'|'enforce',
'State': 'enforce-in-progress'|'monitor-in-progress'|'enforce-failed'|'monitor-failed'|'deleting'|'deleted'|'available'|'creating'|'delete-failed',
'StateMessage': 'string',
'ResourceExclusions': {
'InternetGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'EgressOnlyInternetGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'NatGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VirtualPrivateGateway': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VpcPeering': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'Lambda': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'VpcLattice': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
},
'ElasticFileSystem': {
'State': 'enabling'|'enabled'|'disabling'|'disabled',
'StateMessage': 'string'
}
},
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'BlockPublicAccessStates': {
'InternetGatewayBlockMode': 'off'|'block-bidirectional'|'block-ingress'
},
'VpcId': 'string',
'State': 'pending'|'available',
'CidrBlock': 'string',
'DhcpOptionsId': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to include in another request to get the next page of items. This value is null when there are no more items to return.
Vpcs (list) --
Information about the VPCs.
(dict) --
Describes a VPC.
OwnerId (string) --
The ID of the Amazon Web Services account that owns the VPC.
InstanceTenancy (string) --
The allowed tenancy of instances launched into the VPC.
Ipv6CidrBlockAssociationSet (list) --
Information about the IPv6 CIDR blocks associated with the VPC.
(dict) --
Describes an IPv6 CIDR block associated with a VPC.
AssociationId (string) --
The association ID for the IPv6 CIDR block.
Ipv6CidrBlock (string) --
The IPv6 CIDR block.
Ipv6CidrBlockState (dict) --
Information about the state of the CIDR block.
State (string) --
The state of the CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
NetworkBorderGroup (string) --
The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses, for example, us-east-1-wl1-bos-wlz-1.
Ipv6Pool (string) --
The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.
Ipv6AddressAttribute (string) --
Public IPv6 addresses are those advertised on the internet from Amazon Web Services. Private IP addresses are not and cannot be advertised on the internet from Amazon Web Services.
IpSource (string) --
The source that allocated the IP address space. byoip or amazon indicates public IP address space allocated by Amazon or space that you have allocated with Bring your own IP (BYOIP). none indicates private space.
CidrBlockAssociationSet (list) --
Information about the IPv4 CIDR blocks associated with the VPC.
(dict) --
Describes an IPv4 CIDR block associated with a VPC.
AssociationId (string) --
The association ID for the IPv4 CIDR block.
CidrBlock (string) --
The IPv4 CIDR block.
CidrBlockState (dict) --
Information about the state of the CIDR block.
State (string) --
The state of the CIDR block.
StatusMessage (string) --
A message about the status of the CIDR block, if applicable.
IsDefault (boolean) --
Indicates whether the VPC is the default VPC.
EncryptionControl (dict) --
VpcId (string) --
VpcEncryptionControlId (string) --
Mode (string) --
State (string) --
StateMessage (string) --
ResourceExclusions (dict) --
InternetGateway (dict) --
State (string) --
StateMessage (string) --
EgressOnlyInternetGateway (dict) --
State (string) --
StateMessage (string) --
NatGateway (dict) --
State (string) --
StateMessage (string) --
VirtualPrivateGateway (dict) --
State (string) --
StateMessage (string) --
VpcPeering (dict) --
State (string) --
StateMessage (string) --
Lambda (dict) --
State (string) --
StateMessage (string) --
VpcLattice (dict) --
State (string) --
StateMessage (string) --
ElasticFileSystem (dict) --
State (string) --
StateMessage (string) --
Tags (list) --
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
Tags (list) --
Any tags assigned to the VPC.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
BlockPublicAccessStates (dict) --
The state of VPC Block Public Access (BPA).
InternetGatewayBlockMode (string) --
The mode of VPC BPA.
off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
VpcId (string) --
The ID of the VPC.
State (string) --
The current state of the VPC.
CidrBlock (string) --
The primary IPv4 CIDR block for the VPC.
DhcpOptionsId (string) --
The ID of the set of DHCP options you've associated with the VPC.
{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}}
{'IpamPrefixListResolverSyncEnabled': 'boolean'}
Response {'PrefixList': {'IpamPrefixListResolverSyncEnabled': 'boolean',
'IpamPrefixListResolverTargetId': 'string'}}
Modifies the specified managed prefix list.
Adding or removing entries in a prefix list creates a new version of the prefix list. Changing the name of the prefix list does not affect the version.
If you specify a current version number that does not match the true current version number, the request fails.
See also: AWS API Documentation
Request Syntax
client.modify_managed_prefix_list(
DryRun=True|False,
PrefixListId='string',
CurrentVersion=123,
PrefixListName='string',
AddEntries=[
{
'Cidr': 'string',
'Description': 'string'
},
],
RemoveEntries=[
{
'Cidr': 'string'
},
],
MaxEntries=123,
IpamPrefixListResolverSyncEnabled=True|False
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the prefix list.
integer
The current version of the prefix list.
string
A name for the prefix list.
list
One or more entries to add to the prefix list.
(dict) --
An entry for a prefix list.
Cidr (string) -- [REQUIRED]
The CIDR block.
Description (string) --
A description for the entry.
Constraints: Up to 255 characters in length.
list
One or more entries to remove from the prefix list.
(dict) --
An entry for a prefix list.
Cidr (string) -- [REQUIRED]
The CIDR block.
integer
The maximum number of entries for the prefix list. You cannot modify the entries of a prefix list and modify the size of a prefix list at the same time.
If any of the resources that reference the prefix list cannot support the new maximum size, the modify operation fails. Check the state message for the IDs of the first ten resources that do not support the new maximum size.
boolean
Indicates whether synchronization with an IPAM prefix list resolver should be enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the associated resolver's CIDR selection rules.
dict
Response Syntax
{
'PrefixList': {
'PrefixListId': 'string',
'AddressFamily': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'restore-in-progress'|'restore-complete'|'restore-failed'|'delete-in-progress'|'delete-complete'|'delete-failed',
'StateMessage': 'string',
'PrefixListArn': 'string',
'PrefixListName': 'string',
'MaxEntries': 123,
'Version': 123,
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'OwnerId': 'string',
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverSyncEnabled': True|False
}
}
Response Structure
(dict) --
PrefixList (dict) --
Information about the prefix list.
PrefixListId (string) --
The ID of the prefix list.
AddressFamily (string) --
The IP address version.
State (string) --
The current state of the prefix list.
StateMessage (string) --
The state message.
PrefixListArn (string) --
The Amazon Resource Name (ARN) for the prefix list.
PrefixListName (string) --
The name of the prefix list.
MaxEntries (integer) --
The maximum number of entries for the prefix list.
Version (integer) --
The version of the prefix list.
Tags (list) --
The tags for the prefix list.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
OwnerId (string) --
The ID of the owner of the prefix list.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target associated with this managed prefix list. When set, this prefix list becomes an IPAM managed prefix list.
An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.
IpamPrefixListResolverSyncEnabled (boolean) --
Indicates whether synchronization with an IPAM prefix list resolver is enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the resolver's CIDR selection rules.
{'PoolTagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}
Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised.
Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon EC2 User Guide.
Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. For more information, see Onboard your address range.
See also: AWS API Documentation
Request Syntax
client.provision_byoip_cidr(
Cidr='string',
CidrAuthorizationContext={
'Message': 'string',
'Signature': 'string'
},
PubliclyAdvertisable=True|False,
Description='string',
DryRun=True|False,
PoolTagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
MultiRegion=True|False,
NetworkBorderGroup='string'
)
string
[REQUIRED]
The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 address range that you can bring is /48 for CIDRs that are publicly advertisable and /56 for CIDRs that are not publicly advertisable. The address range cannot overlap with another address range that you've brought to this or another Region.
dict
A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.
Message (string) -- [REQUIRED]
The plain-text authorization message for the prefix and account.
Signature (string) -- [REQUIRED]
The signed authorization message for the prefix and account.
boolean
(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.
Default: true
string
A description for the address range and the address pool.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
The tags to apply to the address pool.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
boolean
Reserved.
string
If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
You can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
us-east-1-dfw-2
us-west-2-lax-1
us-west-2-phx-2
dict
Response Syntax
{
'ByoipCidr': {
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable',
'NetworkBorderGroup': 'string'
}
}
Response Structure
(dict) --
ByoipCidr (dict) --
Information about the address range.
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address range.
advertised: The address range is being advertised to the internet by Amazon Web Services.
deprovisioned: The address range is deprovisioned.
failed-deprovision: The request to deprovision the address range was unsuccessful. Ensure that all EIPs from the range have been deallocated and try again.
failed-provision: The request to provision the address range was unsuccessful.
pending-deprovision: You’ve submitted a request to deprovision an address range and it's pending.
pending-provision: You’ve submitted a request to provision an address range and it's pending.
provisioned: The address range is provisioned and can be advertised. The range is not currently advertised.
provisioned-not-publicly-advertisable: The address range is provisioned and cannot be advertised.
NetworkBorderGroup (string) --
If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
You can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
us-east-1-dfw-2
us-west-2-lax-1
us-west-2-phx-2
{'SpotFleetRequestConfig': {'LaunchSpecifications': {'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}},
'TagSpecifications': {'ResourceType': {'ipam-prefix-list-resolver',
'ipam-prefix-list-resolver-target'}}}}
{'PrefixList': {'IpamPrefixListResolverSyncEnabled': 'boolean',
'IpamPrefixListResolverTargetId': 'string'}}
Restores the entries from a previous version of a managed prefix list to a new version of the prefix list.
See also: AWS API Documentation
Request Syntax
client.restore_managed_prefix_list_version(
DryRun=True|False,
PrefixListId='string',
PreviousVersion=123,
CurrentVersion=123
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the prefix list.
integer
[REQUIRED]
The version to restore.
integer
[REQUIRED]
The current version number for the prefix list.
dict
Response Syntax
{
'PrefixList': {
'PrefixListId': 'string',
'AddressFamily': 'string',
'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'restore-in-progress'|'restore-complete'|'restore-failed'|'delete-in-progress'|'delete-complete'|'delete-failed',
'StateMessage': 'string',
'PrefixListArn': 'string',
'PrefixListName': 'string',
'MaxEntries': 123,
'Version': 123,
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'OwnerId': 'string',
'IpamPrefixListResolverTargetId': 'string',
'IpamPrefixListResolverSyncEnabled': True|False
}
}
Response Structure
(dict) --
PrefixList (dict) --
Information about the prefix list.
PrefixListId (string) --
The ID of the prefix list.
AddressFamily (string) --
The IP address version.
State (string) --
The current state of the prefix list.
StateMessage (string) --
The state message.
PrefixListArn (string) --
The Amazon Resource Name (ARN) for the prefix list.
PrefixListName (string) --
The name of the prefix list.
MaxEntries (integer) --
The maximum number of entries for the prefix list.
Version (integer) --
The version of the prefix list.
Tags (list) --
The tags for the prefix list.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
OwnerId (string) --
The ID of the owner of the prefix list.
IpamPrefixListResolverTargetId (string) --
The ID of the IPAM prefix list resolver target associated with this managed prefix list. When set, this prefix list becomes an IPAM managed prefix list.
An IPAM-managed prefix list is a customer-managed prefix list that has been associated with an IPAM prefix list resolver target. When a prefix list becomes IPAM managed, its CIDRs are automatically synchronized based on the IPAM prefix list resolver's CIDR selection rules, and direct CIDR modifications are restricted.
IpamPrefixListResolverSyncEnabled (boolean) --
Indicates whether synchronization with an IPAM prefix list resolver is enabled for this managed prefix list. When enabled, the prefix list CIDRs are automatically updated based on the resolver's CIDR selection rules.