2024/07/18 - Amazon Elastic Compute Cloud - 3 new9 updated api methods
Changes Amazon VPC IP Address Manager (IPAM) now supports Bring-Your-Own-IP (BYOIP) for IP addresses registered with any Internet Registry. This feature uses DNS TXT records to validate ownership of a public IP address range.
Describe verification tokens. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
See also: AWS API Documentation
Request Syntax
client.describe_ipam_external_resource_verification_tokens(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
NextToken='string',
MaxResults=123,
IpamExternalResourceVerificationTokenIds=[
'string',
]
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
One or more filters for the request. For more information about filtering, see Filtering CLI output.
Available filters:
ipam-arn
ipam-external-resource-verification-token-arn
ipam-external-resource-verification-token-id
ipam-id
ipam-region
state
status
token-name
token-value
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
string
The token for the next page of results.
integer
The maximum number of tokens to return in one page of results.
list
Verification token IDs.
(string) --
dict
Response Syntax
{
'NextToken': 'string',
'IpamExternalResourceVerificationTokens': [
{
'IpamExternalResourceVerificationTokenId': 'string',
'IpamExternalResourceVerificationTokenArn': 'string',
'IpamId': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'TokenValue': 'string',
'TokenName': 'string',
'NotAfter': datetime(2015, 1, 1),
'Status': 'valid'|'expired',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'State': 'create-in-progress'|'create-complete'|'create-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to use to retrieve the next page of results. This value is null when there are no more results to return.
IpamExternalResourceVerificationTokens (list) --
Verification tokens.
(dict) --
A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
IpamExternalResourceVerificationTokenId (string) --
The ID of the token.
IpamExternalResourceVerificationTokenArn (string) --
Token ARN.
IpamId (string) --
The ID of the IPAM that created the token.
IpamArn (string) --
ARN of the IPAM that created the token.
IpamRegion (string) --
Region of the IPAM that created the token.
TokenValue (string) --
Token value.
TokenName (string) --
Token name.
NotAfter (datetime) --
Token expiration.
Status (string) --
Token status.
Tags (list) --
Token tags.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
State (string) --
Token state.
Delete a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
See also: AWS API Documentation
Request Syntax
client.delete_ipam_external_resource_verification_token(
DryRun=True|False,
IpamExternalResourceVerificationTokenId='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The token ID.
dict
Response Syntax
{
'IpamExternalResourceVerificationToken': {
'IpamExternalResourceVerificationTokenId': 'string',
'IpamExternalResourceVerificationTokenArn': 'string',
'IpamId': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'TokenValue': 'string',
'TokenName': 'string',
'NotAfter': datetime(2015, 1, 1),
'Status': 'valid'|'expired',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'State': 'create-in-progress'|'create-complete'|'create-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'
}
}
Response Structure
(dict) --
IpamExternalResourceVerificationToken (dict) --
The verification token.
IpamExternalResourceVerificationTokenId (string) --
The ID of the token.
IpamExternalResourceVerificationTokenArn (string) --
Token ARN.
IpamId (string) --
The ID of the IPAM that created the token.
IpamArn (string) --
ARN of the IPAM that created the token.
IpamRegion (string) --
Region of the IPAM that created the token.
TokenValue (string) --
Token value.
TokenName (string) --
Token name.
NotAfter (datetime) --
Token expiration.
Status (string) --
Token status.
Tags (list) --
Token tags.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
State (string) --
Token state.
Create a verification token. A verification token is an Amazon Web Services-generated random value that you can use to prove ownership of an external resource. For example, you can use a verification token to validate that you control a public IP address range when you bring an IP address range to Amazon Web Services (BYOIP).
See also: AWS API Documentation
Request Syntax
client.create_ipam_external_resource_verification_token(
DryRun=True|False,
IpamId='string',
TagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'ipam-external-resource-verification-token',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
ClientToken='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM that will create the token.
list
Token tags.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.
This field is autopopulated if not provided.
dict
Response Syntax
{
'IpamExternalResourceVerificationToken': {
'IpamExternalResourceVerificationTokenId': 'string',
'IpamExternalResourceVerificationTokenArn': 'string',
'IpamId': 'string',
'IpamArn': 'string',
'IpamRegion': 'string',
'TokenValue': 'string',
'TokenName': 'string',
'NotAfter': datetime(2015, 1, 1),
'Status': 'valid'|'expired',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
],
'State': 'create-in-progress'|'create-complete'|'create-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'
}
}
Response Structure
(dict) --
IpamExternalResourceVerificationToken (dict) --
The verification token.
IpamExternalResourceVerificationTokenId (string) --
The ID of the token.
IpamExternalResourceVerificationTokenArn (string) --
Token ARN.
IpamId (string) --
The ID of the IPAM that created the token.
IpamArn (string) --
ARN of the IPAM that created the token.
IpamRegion (string) --
Region of the IPAM that created the token.
TokenValue (string) --
Token value.
TokenName (string) --
Token name.
NotAfter (datetime) --
Token expiration.
Status (string) --
Token status.
Tags (list) --
Token tags.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
State (string) --
Token state.
{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}}
{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}}
Response {'LaunchTemplateVersion': {'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}}}
{'LaunchTemplateVersions': {'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}}}
{'SpotFleetRequestConfigs': {'SpotFleetRequestConfig': {'LaunchSpecifications': {'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}},
'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}}}
{'Tags': {'ResourceType': {'ipam-external-resource-verification-token'}}}
Describes the specified tags for your EC2 resources.
For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.
See also: AWS API Documentation
Request Syntax
client.describe_tags(
DryRun=True|False,
Filters=[
{
'Name': 'string',
'Values': [
'string',
]
},
],
MaxResults=123,
NextToken='string'
)
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
The filters.
key - The tag key.
resource-id - The ID of the resource.
resource-type - The resource type. For a list of possible values, see TagSpecification.
tag:<key> - The key/value combination of the tag. For example, specify "tag:Owner" for the filter name and "TeamA" for the filter value to find resources with the tag "Owner=TeamA".
value - The tag value.
(dict) --
A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.
If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.
Name (string) --
The name of the filter. Filter names are case-sensitive.
Values (list) --
The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.
(string) --
integer
The maximum number of items to return for this request. This value can be between 5 and 1000. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.
string
The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.
dict
Response Syntax
{
'NextToken': 'string',
'Tags': [
{
'Key': 'string',
'ResourceId': 'string',
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'ipam-external-resource-verification-token',
'Value': 'string'
},
]
}
Response Structure
(dict) --
NextToken (string) --
The token to include in another request to get the next page of items. This value is null when there are no more items to return.
Tags (list) --
The tags.
(dict) --
Describes a tag.
Key (string) --
The tag key.
ResourceId (string) --
The ID of the resource.
ResourceType (string) --
The resource type.
Value (string) --
The tag value.
{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}}
{'PoolTagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}
Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised using AdvertiseByoipCidr.
Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon EC2 User Guide.
Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. To monitor the status of an address range, use DescribeByoipCidrs. To allocate an Elastic IP address from your IPv4 address pool, use AllocateAddress with either the specific address from the address pool or the ID of the address pool.
See also: AWS API Documentation
Request Syntax
client.provision_byoip_cidr(
Cidr='string',
CidrAuthorizationContext={
'Message': 'string',
'Signature': 'string'
},
PubliclyAdvertisable=True|False,
Description='string',
DryRun=True|False,
PoolTagSpecifications=[
{
'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'ipam-external-resource-verification-token',
'Tags': [
{
'Key': 'string',
'Value': 'string'
},
]
},
],
MultiRegion=True|False,
NetworkBorderGroup='string'
)
string
[REQUIRED]
The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 address range that you can bring is /48 for CIDRs that are publicly advertisable and /56 for CIDRs that are not publicly advertisable. The address range cannot overlap with another address range that you've brought to this or another Region.
dict
A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.
Message (string) -- [REQUIRED]
The plain-text authorization message for the prefix and account.
Signature (string) -- [REQUIRED]
The signed authorization message for the prefix and account.
boolean
(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.
Default: true
string
A description for the address range and the address pool.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
list
The tags to apply to the address pool.
(dict) --
The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.
ResourceType (string) --
The type of resource to tag on creation.
Tags (list) --
The tags to apply to the resource.
(dict) --
Describes a tag.
Key (string) --
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.
Value (string) --
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.
boolean
Reserved.
string
If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
You can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
us-east-1-dfw-2
us-west-2-lax-1
us-west-2-phx-2
dict
Response Syntax
{
'ByoipCidr': {
'Cidr': 'string',
'Description': 'string',
'AsnAssociations': [
{
'Asn': 'string',
'Cidr': 'string',
'StatusMessage': 'string',
'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
},
],
'StatusMessage': 'string',
'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable',
'NetworkBorderGroup': 'string'
}
}
Response Structure
(dict) --
ByoipCidr (dict) --
Information about the address range.
Cidr (string) --
The address range, in CIDR notation.
Description (string) --
The description of the address range.
AsnAssociations (list) --
The BYOIP CIDR associations with ASNs.
(dict) --
An Autonomous System Number (ASN) and BYOIP CIDR association.
Asn (string) --
The association's ASN.
Cidr (string) --
The association's CIDR.
StatusMessage (string) --
The association's status message.
State (string) --
The association's state.
StatusMessage (string) --
Upon success, contains the ID of the address pool. Otherwise, contains an error message.
State (string) --
The state of the address range.
advertised: The address range is being advertised to the internet by Amazon Web Services.
deprovisioned: The address range is deprovisioned.
failed-deprovision: The request to deprovision the address range was unsuccessful. Ensure that all EIPs from the range have been deallocated and try again.
failed-provision: The request to provision the address range was unsuccessful.
pending-deprovision: You’ve submitted a request to deprovision an address range and it's pending.
pending-provision: You’ve submitted a request to provision an address range and it's pending.
provisioned: The address range is provisioned and can be advertised. The range is not currently advertised.
provisioned-not-publicly-advertisable: The address range is provisioned and cannot be advertised.
NetworkBorderGroup (string) --
If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.
You can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:
us-east-1-dfw-2
us-west-2-lax-1
us-west-2-phx-2
{'IpamExternalResourceVerificationTokenId': 'string',
'VerificationMethod': 'remarks-x509 | dns-token'}
Provision a CIDR to an IPAM pool. You can use this action to provision new CIDRs to a top-level pool or to transfer a CIDR from a top-level pool to a pool within it.
For more information, see Provision CIDRs to pools in the Amazon VPC IPAM User Guide.
See also: AWS API Documentation
Request Syntax
client.provision_ipam_pool_cidr(
DryRun=True|False,
IpamPoolId='string',
Cidr='string',
CidrAuthorizationContext={
'Message': 'string',
'Signature': 'string'
},
NetmaskLength=123,
ClientToken='string',
VerificationMethod='remarks-x509'|'dns-token',
IpamExternalResourceVerificationTokenId='string'
)
boolean
A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.
string
[REQUIRED]
The ID of the IPAM pool to which you want to assign a CIDR.
string
The CIDR you want to assign to the IPAM pool. Either "NetmaskLength" or "Cidr" is required. This value will be null if you specify "NetmaskLength" and will be filled in during the provisioning process.
dict
A signed document that proves that you are authorized to bring a specified IP address range to Amazon using BYOIP. This option only applies to IPv4 and IPv6 pools in the public scope.
Message (string) --
The plain-text authorization message for the prefix and account.
Signature (string) --
The signed authorization message for the prefix and account.
integer
The netmask length of the CIDR you'd like to provision to a pool. Can be used for provisioning Amazon-provided IPv6 CIDRs to top-level pools and for provisioning CIDRs to pools with source pools. Cannot be used to provision BYOIP CIDRs to top-level pools. Either "NetmaskLength" or "Cidr" is required.
string
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.
This field is autopopulated if not provided.
string
The method for verifying control of a public IP address range. Defaults to remarks-x509 if not specified. This option only applies to IPv4 and IPv6 pools in the public scope.
string
Verification token ID. This option only applies to IPv4 and IPv6 pools in the public scope.
dict
Response Syntax
{
'IpamPoolCidr': {
'Cidr': 'string',
'State': 'pending-provision'|'provisioned'|'failed-provision'|'pending-deprovision'|'deprovisioned'|'failed-deprovision'|'pending-import'|'failed-import',
'FailureReason': {
'Code': 'cidr-not-available'|'limit-exceeded',
'Message': 'string'
},
'IpamPoolCidrId': 'string',
'NetmaskLength': 123
}
}
Response Structure
(dict) --
IpamPoolCidr (dict) --
Information about the provisioned CIDR.
Cidr (string) --
The CIDR provisioned to the IPAM pool. A CIDR is a representation of an IP address and its associated network mask (or netmask) and refers to a range of IP addresses. An IPv4 CIDR example is 10.24.34.0/23. An IPv6 CIDR example is 2001:DB8::/32.
State (string) --
The state of the CIDR.
FailureReason (dict) --
Details related to why an IPAM pool CIDR failed to be provisioned.
Code (string) --
An error code related to why an IPAM pool CIDR failed to be provisioned.
Message (string) --
A message related to why an IPAM pool CIDR failed to be provisioned.
IpamPoolCidrId (string) --
The IPAM pool CIDR ID.
NetmaskLength (integer) --
The netmask length of the CIDR you'd like to provision to a pool. Can be used for provisioning Amazon-provided IPv6 CIDRs to top-level pools and for provisioning CIDRs to pools with source pools. Cannot be used to provision BYOIP CIDRs to top-level pools. "NetmaskLength" or "Cidr" is required.
{'SpotFleetRequestConfig': {'LaunchSpecifications': {'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}},
'TagSpecifications': {'ResourceType': {'ipam-external-resource-verification-token'}}}}