Amazon Elastic Compute Cloud

2023/11/09 - Amazon Elastic Compute Cloud - 3 new api methods

Changes  AWS EBS now supports Block Public Access for EBS Snapshots. This release introduces the EnableSnapshotBlockPublicAccess, DisableSnapshotBlockPublicAccess and GetSnapshotBlockPublicAccessState APIs to manage account-level public access settings for EBS Snapshots in an AWS Region.

EnableSnapshotBlockPublicAccess (new) Link ¶

Enables or modifies the block public access for snapshots setting at the account level for the specified Amazon Web Services Region. After you enable block public access for snapshots in a Region, users can no longer request public sharing for snapshots in that Region. Snapshots that are already publicly shared are either treated as private or they remain publicly shared, depending on the State that you specify.

If block public access is enabled in block-all-sharing mode, and you change the mode to block-new-sharing , all snapshots that were previously publicly shared are no longer treated as private and they become publicly accessible again.

For more information, see Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

client.enable_snapshot_block_public_access(
    State='block-all-sharing'|'block-new-sharing'|'unblocked',
    DryRun=True|False
)
type State

string

param State

[REQUIRED]

The mode in which to enable block public access for snapshots for the Region. Specify one of the following values:

  • block-all-sharing - Prevents all public sharing of snapshots in the Region. Users in the account will no longer be able to request new public sharing. Additionally, snapshots that are already publicly shared are treated as private and they are no longer publicly available.

Note

If you enable block public access for snapshots in block-all-sharing mode, it does not change the permissions for snapshots that are already publicly shared. Instead, it prevents these snapshots from be publicly visible and publicly accessible. Therefore, the attributes for these snapshots still indicate that they are publicly shared, even though they are not publicly available.

  • block-new-sharing - Prevents only new public sharing of snapshots in the Region. Users in the account will no longer be able to request new public sharing. However, snapshots that are already publicly shared, remain publicly available.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'State': 'block-all-sharing'|'block-new-sharing'|'unblocked'
}

Response Structure

  • (dict) --

    • State (string) --

      The state of block public access for snapshots for the account and Region. Returns either block-all-sharing or block-new-sharing if the request succeeds.

DisableSnapshotBlockPublicAccess (new) Link ¶

Disables the block public access for snapshots setting at the account level for the specified Amazon Web Services Region. After you disable block public access for snapshots in a Region, users can publicly share snapshots in that Region.

If block public access is enabled in block-all-sharing mode, and you disable block public access, all snapshots that were previously publicly shared are no longer treated as private and they become publicly accessible again.

For more information, see Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

client.disable_snapshot_block_public_access(
    DryRun=True|False
)
type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'State': 'block-all-sharing'|'block-new-sharing'|'unblocked'
}

Response Structure

  • (dict) --

    • State (string) --

      Returns unblocked if the request succeeds.

GetSnapshotBlockPublicAccessState (new) Link ¶

Gets the current state of block public access for snapshots setting for the account and Region.

For more information, see Block public access for snapshots in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

client.get_snapshot_block_public_access_state(
    DryRun=True|False
)
type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'State': 'block-all-sharing'|'block-new-sharing'|'unblocked'
}

Response Structure

  • (dict) --

    • State (string) --

      The current state of block public access for snapshots. Possible values include:

      • block-all-sharing - All public sharing of snapshots is blocked. Users in the account can't request new public sharing. Additionally, snapshots that were already publicly shared are treated as private and are not publicly available.

      • block-new-sharing - Only new public sharing of snapshots is blocked. Users in the account can't request new public sharing. However, snapshots that were already publicly shared, remain publicly available.

      • unblocked - Public sharing is not blocked. Users can publicly share snapshots.