2019/05/22 - Amazon Elastic Compute Cloud - 3 updated api methods
Changes This release adds idempotency support for associate, create route and authorization APIs for AWS Client VPN Endpoints.
{'ClientToken': 'string'}
Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.
See also: AWS API Documentation
Request Syntax
client.associate_client_vpn_target_network(
ClientVpnEndpointId='string',
SubnetId='string',
ClientToken='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
string
[REQUIRED]
The ID of the subnet to associate with the Client VPN endpoint.
string
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency .
This field is autopopulated if not provided.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'AssociationId': 'string',
'Status': {
'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
'Message': 'string'
}
}
Response Structure
(dict) --
AssociationId (string) --
The unique ID of the target network association.
Status (dict) --
The current state of the target network association.
Code (string) --
The state of the target network association.
Message (string) --
A message about the status of the target network association, if applicable.
{'ClientToken': 'string'}
Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in AWS or on-premises networks.
See also: AWS API Documentation
Request Syntax
client.authorize_client_vpn_ingress(
ClientVpnEndpointId='string',
TargetNetworkCidr='string',
AccessGroupId='string',
AuthorizeAllGroups=True|False,
Description='string',
ClientToken='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint.
string
[REQUIRED]
The IPv4 address range, in CIDR notation, of the network for which access is being authorized.
string
The ID of the Active Directory group to grant access.
boolean
Indicates whether to grant access to all clients. Use true to grant all clients who successfully establish a VPN connection access to the network.
string
A brief description of the authorization rule.
string
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency .
This field is autopopulated if not provided.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Status': {
'Code': 'authorizing'|'active'|'failed'|'revoking',
'Message': 'string'
}
}
Response Structure
(dict) --
Status (dict) --
The current state of the authorization rule.
Code (string) --
The state of the authorization rule.
Message (string) --
A message about the status of the authorization rule, if applicable.
{'ClientToken': 'string'}
Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.
See also: AWS API Documentation
Request Syntax
client.create_client_vpn_route(
ClientVpnEndpointId='string',
DestinationCidrBlock='string',
TargetVpcSubnetId='string',
Description='string',
ClientToken='string',
DryRun=True|False
)
string
[REQUIRED]
The ID of the Client VPN endpoint to which to add the route.
string
[REQUIRED]
The IPv4 address range, in CIDR notation, of the route destination. For example:
To add a route for Internet access, enter 0.0.0.0/0
To add a route for a peered VPC, enter the peered VPC's IPv4 CIDR range
To add a route for an on-premises network, enter the AWS Site-to-Site VPN connection's IPv4 CIDR range
Route address ranges cannot overlap with the CIDR range specified for client allocation.
string
[REQUIRED]
The ID of the subnet through which you want to route traffic. The specified subnet must be an existing target network of the Client VPN endpoint.
string
A brief description of the route.
string
Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency .
This field is autopopulated if not provided.
boolean
Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
dict
Response Syntax
{
'Status': {
'Code': 'creating'|'active'|'failed'|'deleting',
'Message': 'string'
}
}
Response Structure
(dict) --
Status (dict) --
The current state of the route.
Code (string) --
The state of the Client VPN endpoint route.
Message (string) --
A message about the status of the Client VPN endpoint route, if applicable.