AWS Global Accelerator

2024/03/25 - AWS Global Accelerator - 5 updated api methods

Changes  AWS Global Accelerator now supports cross-account sharing for bring your own IP addresses.

CreateCrossAccountAttachment (updated) Link ¶
Changes (request, response)
Request
{'Resources': {'Cidr': 'string'}}
Response
{'CrossAccountAttachment': {'Resources': {'Cidr': 'string'}}}

Create a cross-account attachment in Global Accelerator. You create a cross-account attachment to specify the principals who have permission to work with resources in accelerators in their own account. You specify, in the same attachment, the resources that are shared.

A principal can be an Amazon Web Services account number or the Amazon Resource Name (ARN) for an accelerator. For account numbers that are listed as principals, to work with a resource listed in the attachment, you must sign in to an account specified as a principal. Then, you can work with resources that are listed, with any of your accelerators. If an accelerator ARN is listed in the cross-account attachment as a principal, anyone with permission to make updates to the accelerator can work with resources that are listed in the attachment.

Specify each principal and resource separately. To specify two CIDR address pools, list them individually under Resources, and so on. For a command line operation, for example, you might use a statement like the following:

"Resources": [{"Cidr": "169.254.60.0/24"},{"Cidr": "169.254.59.0/24"}]

For more information, see Working with cross-account attachments and resources in Global Accelerator in the Global Accelerator Developer Guide.

See also: AWS API Documentation

Request Syntax

client.create_cross_account_attachment(
    Name='string',
    Principals=[
        'string',
    ],
    Resources=[
        {
            'EndpointId': 'string',
            'Cidr': 'string',
            'Region': 'string'
        },
    ],
    IdempotencyToken='string',
    Tags=[
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
)
type Name:

string

param Name:

[REQUIRED]

The name of the cross-account attachment.

type Principals:

list

param Principals:

The principals to include in the cross-account attachment. A principal can be an Amazon Web Services account number or the Amazon Resource Name (ARN) for an accelerator.

  • (string) --

type Resources:

list

param Resources:

The Amazon Resource Names (ARNs) for the resources to include in the cross-account attachment. A resource can be any supported Amazon Web Services resource type for Global Accelerator or a CIDR range for a bring your own IP address (BYOIP) address pool.

  • (dict) --

    A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

    • EndpointId (string) --

      The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

      An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

    • Cidr (string) --

      An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

      For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

    • Region (string) --

      The Amazon Web Services Region where a shared endpoint resource is located.

type IdempotencyToken:

string

param IdempotencyToken:

[REQUIRED]

A unique, case-sensitive identifier that you provide to ensure the idempotency—that is, the uniqueness—of the request.

This field is autopopulated if not provided.

type Tags:

list

param Tags:

Add tags for a cross-account attachment.

For more information, see Tagging in Global Accelerator in the Global Accelerator Developer Guide.

  • (dict) --

    A complex type that contains a Tag key and Tag value.

    • Key (string) -- [REQUIRED]

      A string that contains a Tag key.

    • Value (string) -- [REQUIRED]

      A string that contains a Tag value.

rtype:

dict

returns:

Response Syntax

{
    'CrossAccountAttachment': {
        'AttachmentArn': 'string',
        'Name': 'string',
        'Principals': [
            'string',
        ],
        'Resources': [
            {
                'EndpointId': 'string',
                'Cidr': 'string',
                'Region': 'string'
            },
        ],
        'LastModifiedTime': datetime(2015, 1, 1),
        'CreatedTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • CrossAccountAttachment (dict) --

      Information about the cross-account attachment.

      • AttachmentArn (string) --

        The Amazon Resource Name (ARN) of the cross-account attachment.

      • Name (string) --

        The name of the cross-account attachment.

      • Principals (list) --

        The principals included in the cross-account attachment.

        • (string) --

      • Resources (list) --

        The resources included in the cross-account attachment.

        • (dict) --

          A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

          • EndpointId (string) --

            The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

            An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

          • Cidr (string) --

            An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

            For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

          • Region (string) --

            The Amazon Web Services Region where a shared endpoint resource is located.

      • LastModifiedTime (datetime) --

        The date and time that the cross-account attachment was last modified.

      • CreatedTime (datetime) --

        The date and time that the cross-account attachment was created.

DescribeCrossAccountAttachment (updated) Link ¶
Changes (response)
{'CrossAccountAttachment': {'Resources': {'Cidr': 'string'}}}

Gets configuration information about a cross-account attachment.

See also: AWS API Documentation

Request Syntax

client.describe_cross_account_attachment(
    AttachmentArn='string'
)
type AttachmentArn:

string

param AttachmentArn:

[REQUIRED]

The Amazon Resource Name (ARN) for the cross-account attachment to describe.

rtype:

dict

returns:

Response Syntax

{
    'CrossAccountAttachment': {
        'AttachmentArn': 'string',
        'Name': 'string',
        'Principals': [
            'string',
        ],
        'Resources': [
            {
                'EndpointId': 'string',
                'Cidr': 'string',
                'Region': 'string'
            },
        ],
        'LastModifiedTime': datetime(2015, 1, 1),
        'CreatedTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • CrossAccountAttachment (dict) --

      Information about the cross-account attachment.

      • AttachmentArn (string) --

        The Amazon Resource Name (ARN) of the cross-account attachment.

      • Name (string) --

        The name of the cross-account attachment.

      • Principals (list) --

        The principals included in the cross-account attachment.

        • (string) --

      • Resources (list) --

        The resources included in the cross-account attachment.

        • (dict) --

          A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

          • EndpointId (string) --

            The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

            An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

          • Cidr (string) --

            An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

            For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

          • Region (string) --

            The Amazon Web Services Region where a shared endpoint resource is located.

      • LastModifiedTime (datetime) --

        The date and time that the cross-account attachment was last modified.

      • CreatedTime (datetime) --

        The date and time that the cross-account attachment was created.

ListCrossAccountAttachments (updated) Link ¶
Changes (response)
{'CrossAccountAttachments': {'Resources': {'Cidr': 'string'}}}

List the cross-account attachments that have been created in Global Accelerator.

See also: AWS API Documentation

Request Syntax

client.list_cross_account_attachments(
    MaxResults=123,
    NextToken='string'
)
type MaxResults:

integer

param MaxResults:

The number of cross-account attachment objects that you want to return with this call. The default value is 10.

type NextToken:

string

param NextToken:

The token for the next set of results. You receive this token from a previous call.

rtype:

dict

returns:

Response Syntax

{
    'CrossAccountAttachments': [
        {
            'AttachmentArn': 'string',
            'Name': 'string',
            'Principals': [
                'string',
            ],
            'Resources': [
                {
                    'EndpointId': 'string',
                    'Cidr': 'string',
                    'Region': 'string'
                },
            ],
            'LastModifiedTime': datetime(2015, 1, 1),
            'CreatedTime': datetime(2015, 1, 1)
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • CrossAccountAttachments (list) --

      Information about the cross-account attachments.

      • (dict) --

        A cross-account attachment in Global Accelerator. A cross-account attachment specifies the principals who have permission to work with resources in your account, which you also list in the attachment.

        • AttachmentArn (string) --

          The Amazon Resource Name (ARN) of the cross-account attachment.

        • Name (string) --

          The name of the cross-account attachment.

        • Principals (list) --

          The principals included in the cross-account attachment.

          • (string) --

        • Resources (list) --

          The resources included in the cross-account attachment.

          • (dict) --

            A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

            • EndpointId (string) --

              The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

              An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

            • Cidr (string) --

              An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

              For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

            • Region (string) --

              The Amazon Web Services Region where a shared endpoint resource is located.

        • LastModifiedTime (datetime) --

          The date and time that the cross-account attachment was last modified.

        • CreatedTime (datetime) --

          The date and time that the cross-account attachment was created.

    • NextToken (string) --

      The token for the next set of results. You receive this token from a previous call.

ListCrossAccountResources (updated) Link ¶
Changes (response)
{'CrossAccountResources': {'Cidr': 'string'}}

List the cross-account resources available to work with.

See also: AWS API Documentation

Request Syntax

client.list_cross_account_resources(
    AcceleratorArn='string',
    ResourceOwnerAwsAccountId='string',
    MaxResults=123,
    NextToken='string'
)
type AcceleratorArn:

string

param AcceleratorArn:

The Amazon Resource Name (ARN) of an accelerator in a cross-account attachment.

type ResourceOwnerAwsAccountId:

string

param ResourceOwnerAwsAccountId:

[REQUIRED]

The account ID of a resource owner in a cross-account attachment.

type MaxResults:

integer

param MaxResults:

The number of cross-account resource objects that you want to return with this call. The default value is 10.

type NextToken:

string

param NextToken:

The token for the next set of results. You receive this token from a previous call.

rtype:

dict

returns:

Response Syntax

{
    'CrossAccountResources': [
        {
            'EndpointId': 'string',
            'Cidr': 'string',
            'AttachmentArn': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • CrossAccountResources (list) --

      The cross-account resources used with an accelerator.

      • (dict) --

        An endpoint (Amazon Web Services resource) or an IP address range, in CIDR format, that is listed in a cross-account attachment. A cross-account resource can be added to an accelerator by specified principals, which are also listed in the attachment.

        For more information, see Working with cross-account attachments and resources in Global Accelerator in the Global Accelerator Developer Guide.

        • EndpointId (string) --

          The endpoint ID for the endpoint that is listed in a cross-account attachment and can be added to an accelerator by specified principals.

        • Cidr (string) --

          An IP address range, in CIDR format, that is specified as an Amazon Web Services resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator.

          For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

        • AttachmentArn (string) --

          The Amazon Resource Name (ARN) of the cross-account attachment that specifies the resources (endpoints or CIDR range) that can be added to accelerators and principals that have permission to add them.

    • NextToken (string) --

      The token for the next set of results. You receive this token from a previous call.

UpdateCrossAccountAttachment (updated) Link ¶
Changes (request, response)
Request
{'AddResources': {'Cidr': 'string'}, 'RemoveResources': {'Cidr': 'string'}}
Response
{'CrossAccountAttachment': {'Resources': {'Cidr': 'string'}}}

Update a cross-account attachment to add or remove principals or resources. When you update an attachment to remove a principal (account ID or accelerator) or a resource, Global Accelerator revokes the permission for specific resources.

For more information, see Working with cross-account attachments and resources in Global Accelerator in the Global Accelerator Developer Guide.

See also: AWS API Documentation

Request Syntax

client.update_cross_account_attachment(
    AttachmentArn='string',
    Name='string',
    AddPrincipals=[
        'string',
    ],
    RemovePrincipals=[
        'string',
    ],
    AddResources=[
        {
            'EndpointId': 'string',
            'Cidr': 'string',
            'Region': 'string'
        },
    ],
    RemoveResources=[
        {
            'EndpointId': 'string',
            'Cidr': 'string',
            'Region': 'string'
        },
    ]
)
type AttachmentArn:

string

param AttachmentArn:

[REQUIRED]

The Amazon Resource Name (ARN) of the cross-account attachment to update.

type Name:

string

param Name:

The name of the cross-account attachment.

type AddPrincipals:

list

param AddPrincipals:

The principals to add to the cross-account attachment. A principal is an account or the Amazon Resource Name (ARN) of an accelerator that the attachment gives permission to work with resources from another account. The resources are also listed in the attachment.

To add more than one principal, separate the account numbers or accelerator ARNs, or both, with commas.

  • (string) --

type RemovePrincipals:

list

param RemovePrincipals:

The principals to remove from the cross-account attachment. A principal is an account or the Amazon Resource Name (ARN) of an accelerator that the attachment gives permission to work with resources from another account. The resources are also listed in the attachment.

To remove more than one principal, separate the account numbers or accelerator ARNs, or both, with commas.

  • (string) --

type AddResources:

list

param AddResources:

The resources to add to the cross-account attachment. A resource listed in a cross-account attachment can be used with an accelerator by the principals that are listed in the attachment.

To add more than one resource, separate the resource ARNs with commas.

  • (dict) --

    A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

    • EndpointId (string) --

      The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

      An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

    • Cidr (string) --

      An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

      For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

    • Region (string) --

      The Amazon Web Services Region where a shared endpoint resource is located.

type RemoveResources:

list

param RemoveResources:

The resources to remove from the cross-account attachment. A resource listed in a cross-account attachment can be used with an accelerator by the principals that are listed in the attachment.

To remove more than one resource, separate the resource ARNs with commas.

  • (dict) --

    A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

    • EndpointId (string) --

      The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

      An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

    • Cidr (string) --

      An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

      For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

    • Region (string) --

      The Amazon Web Services Region where a shared endpoint resource is located.

rtype:

dict

returns:

Response Syntax

{
    'CrossAccountAttachment': {
        'AttachmentArn': 'string',
        'Name': 'string',
        'Principals': [
            'string',
        ],
        'Resources': [
            {
                'EndpointId': 'string',
                'Cidr': 'string',
                'Region': 'string'
            },
        ],
        'LastModifiedTime': datetime(2015, 1, 1),
        'CreatedTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • CrossAccountAttachment (dict) --

      Information about the updated cross-account attachment.

      • AttachmentArn (string) --

        The Amazon Resource Name (ARN) of the cross-account attachment.

      • Name (string) --

        The name of the cross-account attachment.

      • Principals (list) --

        The principals included in the cross-account attachment.

        • (string) --

      • Resources (list) --

        The resources included in the cross-account attachment.

        • (dict) --

          A resource is one of the following: the ARN for an Amazon Web Services resource that is supported by Global Accelerator to be added as an endpoint, or a CIDR range that specifies a bring your own IP (BYOIP) address pool.

          • EndpointId (string) --

            The endpoint ID for the endpoint that is specified as a Amazon Web Services resource.

            An endpoint ID for the cross-account feature is the ARN of an Amazon Web Services resource, such as a Network Load Balancer, that Global Accelerator supports as an endpoint for an accelerator.

          • Cidr (string) --

            An IP address range, in CIDR format, that is specified as resource. The address must be provisioned and advertised in Global Accelerator by following the bring your own IP address (BYOIP) process for Global Accelerator

            For more information, see Bring your own IP addresses (BYOIP) in the Global Accelerator Developer Guide.

          • Region (string) --

            The Amazon Web Services Region where a shared endpoint resource is located.

      • LastModifiedTime (datetime) --

        The date and time that the cross-account attachment was last modified.

      • CreatedTime (datetime) --

        The date and time that the cross-account attachment was created.