2026/06/30 - SupportAuthZ - 11 new api methods
Changes New SDK release for SupportAuthZ.
Lists available support actions for a specified AWS service. Use pagination to ensure that the operation returns quickly and successfully.
See also: AWS API Documentation
Request Syntax
client.list_actions(
nextToken='string',
maxResults=123,
service='string'
)
string
The token for the next page of results.
integer
The maximum number of results to return in a single call. Valid range is 1 to 100.
string
[REQUIRED]
The name of the AWS service for which to list available support actions.
dict
Response Syntax
{
'actionSummaries': [
{
'action': 'string',
'service': 'string',
'description': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionSummaries (list) --
The list of support actions.
(dict) --
A summary of a support action.
action (string) --
The name of the support action.
service (string) --
The AWS service associated with the support action.
description (string) --
A description of what the support action does.
nextToken (string) --
The token for the next page of results, or null if there are no more results.
Lists permit requests from AWS support operators. Use pagination to ensure that the operation returns quickly and successfully.
See also: AWS API Documentation
Request Syntax
client.list_support_permit_requests(
nextToken='string',
maxResults=123,
supportCaseDisplayId='string'
)
string
The token for the next page of results.
integer
The maximum number of results to return in a single call. Valid range is 1 to 100.
string
Filters the results by support case display identifier.
dict
Response Syntax
{
'supportPermitRequests': [
{
'requestArn': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'supportCaseDisplayId': 'string',
'status': 'PENDING'|'ACCEPTED'|'REJECTED'|'CANCELLED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
supportPermitRequests (list) --
The list of permit requests.
(dict) --
A permit request from an AWS support operator.
requestArn (string) --
The ARN of the permit request.
permit (dict) --
The permit definition requested by the operator.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the request.
status (string) --
The current status of the permit request.
createdAt (datetime) --
The timestamp when the request was created.
updatedAt (datetime) --
The timestamp when the request was last updated.
nextToken (string) --
The token for the next page of results, or null if there are no more results.
Rejects a permit request from an AWS support operator. The operator cannot proceed with the requested action.
See also: AWS API Documentation
Request Syntax
client.reject_support_permit_request(
requestArn='string'
)
string
[REQUIRED]
The ARN of the permit request to reject.
dict
Response Syntax
{
'requestArn': 'string'
}
Response Structure
(dict) --
requestArn (string) --
The ARN of the rejected permit request.
Adds or overwrites one or more tags for a support permit resource.
See also: AWS API Documentation
Request Syntax
client.tag_resource(
resourceArn='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The ARN of the resource to tag.
dict
[REQUIRED]
The tags to add to the resource. Maximum of 50 tags.
(string) --
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Removes one or more tags from a support permit resource.
See also: AWS API Documentation
Request Syntax
client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
string
[REQUIRED]
The ARN of the resource to untag.
list
[REQUIRED]
The tag keys to remove from the resource.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Retrieves the details of a support permit by its ARN or name.
See also: AWS API Documentation
Request Syntax
client.get_support_permit(
supportPermitIdentifier='string'
)
string
[REQUIRED]
The ARN or name of the support permit to retrieve.
dict
Response Syntax
{
'name': 'string',
'arn': 'string',
'description': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
name (string) --
The name of the support permit.
arn (string) --
The ARN of the support permit.
description (string) --
The description of the support permit.
permit (dict) --
The permit definition.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The current status of the support permit.
signingKeyInfo (dict) --
The signing key information for the permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the permit.
tags (dict) --
The tags associated with the support permit.
(string) --
(string) --
Retrieves the description of a specific support action.
See also: AWS API Documentation
Request Syntax
client.get_action(
action='string'
)
string
[REQUIRED]
The name of the support action to retrieve.
dict
Response Syntax
{
'action': 'string',
'service': 'string',
'description': 'string'
}
Response Structure
(dict) --
action (string) --
The name of the support action.
service (string) --
The AWS service associated with the support action.
description (string) --
A description of what the support action does.
Lists the tags associated with a support permit resource.
See also: AWS API Documentation
Request Syntax
client.list_tags_for_resource(
resourceArn='string'
)
string
[REQUIRED]
The ARN of the resource to list tags for.
dict
Response Syntax
{
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
tags (dict) --
The tags associated with the resource.
(string) --
(string) --
Deletes a support permit, revoking the authorization previously granted to the AWS support operator.
See also: AWS API Documentation
Request Syntax
client.delete_support_permit(
supportPermitIdentifier='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) or name of the support permit to delete.
dict
Response Syntax
{
'name': 'string',
'arn': 'string',
'description': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string'
}
Response Structure
(dict) --
name (string) --
The name of the deleted support permit.
arn (string) --
The ARN of the deleted support permit.
description (string) --
The description of the deleted support permit.
permit (dict) --
The permit definition of the deleted permit.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The status of the support permit. Returns DELETING.
signingKeyInfo (dict) --
The signing key information for the deleted permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was originally created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the deleted permit.
Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.
See also: AWS API Documentation
Request Syntax
client.create_support_permit(
permit={
'actions': {
'allActions': {}
,
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {}
,
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
name='string',
description='string',
signingKeyInfo={
'kmsKey': 'string'
},
supportCaseDisplayId='string',
clientToken='string',
tags={
'string': 'string'
}
)
dict
[REQUIRED]
The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.
actions (dict) -- [REQUIRED]
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) -- [REQUIRED]
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
string
[REQUIRED]
A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.
string
A human-readable description of why this permit is being created. Maximum length of 1024 characters.
dict
[REQUIRED]
The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
string
The display identifier of the AWS Support case associated with this permit.
string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.
This field is autopopulated if not provided.
dict
The tags to associate with the support permit on creation.
(string) --
(string) --
dict
Response Syntax
{
'name': 'string',
'arn': 'string',
'description': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
name (string) --
The name of the support permit.
arn (string) --
The Amazon Resource Name (ARN) of the support permit.
description (string) --
The description of the support permit.
permit (dict) --
The permit definition.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The current status of the support permit.
signingKeyInfo (dict) --
The signing key information for the permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the permit.
tags (dict) --
The tags associated with the support permit.
(string) --
(string) --
Lists all support permits in the caller's account. Use pagination to ensure that the operation returns quickly and successfully.
See also: AWS API Documentation
Request Syntax
client.list_support_permits(
nextToken='string',
maxResults=123,
supportPermitStatuses=[
'ACTIVE'|'INACTIVE'|'DELETING',
]
)
string
The token for the next page of results.
integer
The maximum number of results to return in a single call. Valid range is 1 to 100.
list
Filters the results by support permit status. Valid values: ACTIVE, INACTIVE, DELETING.
(string) --
The status of a support permit.
dict
Response Syntax
{
'supportPermits': [
{
'name': 'string',
'arn': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
supportPermits (list) --
The list of support permits.
(dict) --
A summary of a support permit.
name (string) --
The name of the support permit.
arn (string) --
The ARN of the support permit.
permit (dict) --
The permit definition.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The current status of the support permit.
signingKeyInfo (dict) --
The signing key information for the permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the permit.
nextToken (string) --
The token for the next page of results, or null if there are no more results.