2026/06/30 - SupportAuthZ - 11 new api methods
Changes New SDK release for SupportAuthZ.
Lists available support actions for a specified AWS service. Use pagination to ensure that the operation returns quickly and successfully.
See also: AWS API Documentation
Request Syntax
client.list_actions(
nextToken='string',
maxResults=123,
service='string'
)
string
The token for the next page of results.
integer
The maximum number of results to return in a single call. Valid range is 1 to 100.
string
[REQUIRED]
The name of the AWS service for which to list available support actions.
dict
Response Syntax
{
'actionSummaries': [
{
'action': 'string',
'service': 'string',
'description': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
actionSummaries (list) --
The list of support actions.
(dict) --
A summary of a support action.
action (string) --
The name of the support action.
service (string) --
The AWS service associated with the support action.
description (string) --
A description of what the support action does.
nextToken (string) --
The token for the next page of results, or null if there are no more results.
Rejects a permit request from an AWS support operator. The operator cannot proceed with the requested action.
See also: AWS API Documentation
Request Syntax
client.reject_support_permit_request(
requestArn='string'
)
string
[REQUIRED]
The ARN of the permit request to reject.
dict
Response Syntax
{
'requestArn': 'string'
}
Response Structure
(dict) --
requestArn (string) --
The ARN of the rejected permit request.
Retrieves the details of a support permit by its ARN or name.
See also: AWS API Documentation
Request Syntax
client.get_support_permit(
supportPermitIdentifier='string'
)
string
[REQUIRED]
The ARN or name of the support permit to retrieve.
dict
Response Syntax
{
'name': 'string',
'arn': 'string',
'description': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
name (string) --
The name of the support permit.
arn (string) --
The ARN of the support permit.
description (string) --
The description of the support permit.
permit (dict) --
The permit definition.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The current status of the support permit.
signingKeyInfo (dict) --
The signing key information for the permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the permit.
tags (dict) --
The tags associated with the support permit.
(string) --
(string) --
Retrieves the description of a specific support action.
See also: AWS API Documentation
Request Syntax
client.get_action(
action='string'
)
string
[REQUIRED]
The name of the support action to retrieve.
dict
Response Syntax
{
'action': 'string',
'service': 'string',
'description': 'string'
}
Response Structure
(dict) --
action (string) --
The name of the support action.
service (string) --
The AWS service associated with the support action.
description (string) --
A description of what the support action does.
Lists the tags associated with a support permit resource.
See also: AWS API Documentation
Request Syntax
client.list_tags_for_resource(
resourceArn='string'
)
string
[REQUIRED]
The ARN of the resource to list tags for.
dict
Response Syntax
{
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
tags (dict) --
The tags associated with the resource.
(string) --
(string) --
Removes one or more tags from a support permit resource.
See also: AWS API Documentation
Request Syntax
client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
string
[REQUIRED]
The ARN of the resource to untag.
list
[REQUIRED]
The tag keys to remove from the resource.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Lists all support permits in the caller's account. Use pagination to ensure that the operation returns quickly and successfully.
See also: AWS API Documentation
Request Syntax
client.list_support_permits(
nextToken='string',
maxResults=123,
supportPermitStatuses=[
'ACTIVE'|'INACTIVE'|'DELETING',
]
)
string
The token for the next page of results.
integer
The maximum number of results to return in a single call. Valid range is 1 to 100.
list
Filters the results by support permit status. Valid values: ACTIVE, INACTIVE, DELETING.
(string) --
The status of a support permit.
dict
Response Syntax
{
'supportPermits': [
{
'name': 'string',
'arn': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
supportPermits (list) --
The list of support permits.
(dict) --
A summary of a support permit.
name (string) --
The name of the support permit.
arn (string) --
The ARN of the support permit.
permit (dict) --
The permit definition.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The current status of the support permit.
signingKeyInfo (dict) --
The signing key information for the permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the permit.
nextToken (string) --
The token for the next page of results, or null if there are no more results.
Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.
See also: AWS API Documentation
Request Syntax
client.create_support_permit(
permit={
'actions': {
'allActions': {}
,
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {}
,
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
name='string',
description='string',
signingKeyInfo={
'kmsKey': 'string'
},
supportCaseDisplayId='string',
clientToken='string',
tags={
'string': 'string'
}
)
dict
[REQUIRED]
The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.
actions (dict) -- [REQUIRED]
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) -- [REQUIRED]
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
string
[REQUIRED]
A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.
string
A human-readable description of why this permit is being created. Maximum length of 1024 characters.
dict
[REQUIRED]
The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
string
The display identifier of the AWS Support case associated with this permit.
string
A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.
This field is autopopulated if not provided.
dict
The tags to associate with the support permit on creation.
(string) --
(string) --
dict
Response Syntax
{
'name': 'string',
'arn': 'string',
'description': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
name (string) --
The name of the support permit.
arn (string) --
The Amazon Resource Name (ARN) of the support permit.
description (string) --
The description of the support permit.
permit (dict) --
The permit definition.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The current status of the support permit.
signingKeyInfo (dict) --
The signing key information for the permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the permit.
tags (dict) --
The tags associated with the support permit.
(string) --
(string) --
Adds or overwrites one or more tags for a support permit resource.
See also: AWS API Documentation
Request Syntax
client.tag_resource(
resourceArn='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The ARN of the resource to tag.
dict
[REQUIRED]
The tags to add to the resource. Maximum of 50 tags.
(string) --
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Lists permit requests from AWS support operators. Use pagination to ensure that the operation returns quickly and successfully.
See also: AWS API Documentation
Request Syntax
client.list_support_permit_requests(
nextToken='string',
maxResults=123,
supportCaseDisplayId='string'
)
string
The token for the next page of results.
integer
The maximum number of results to return in a single call. Valid range is 1 to 100.
string
Filters the results by support case display identifier.
dict
Response Syntax
{
'supportPermitRequests': [
{
'requestArn': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'supportCaseDisplayId': 'string',
'status': 'PENDING'|'ACCEPTED'|'REJECTED'|'CANCELLED',
'createdAt': datetime(2015, 1, 1),
'updatedAt': datetime(2015, 1, 1)
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
supportPermitRequests (list) --
The list of permit requests.
(dict) --
A permit request from an AWS support operator.
requestArn (string) --
The ARN of the permit request.
permit (dict) --
The permit definition requested by the operator.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the request.
status (string) --
The current status of the permit request.
createdAt (datetime) --
The timestamp when the request was created.
updatedAt (datetime) --
The timestamp when the request was last updated.
nextToken (string) --
The token for the next page of results, or null if there are no more results.
Deletes a support permit, revoking the authorization previously granted to the AWS support operator.
See also: AWS API Documentation
Request Syntax
client.delete_support_permit(
supportPermitIdentifier='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) or name of the support permit to delete.
dict
Response Syntax
{
'name': 'string',
'arn': 'string',
'description': 'string',
'permit': {
'actions': {
'allActions': {},
'actions': [
'string',
]
},
'resources': {
'allResourcesInRegion': {},
'resources': [
'string',
]
},
'conditions': [
{
'allowAfter': datetime(2015, 1, 1),
'allowBefore': datetime(2015, 1, 1)
},
]
},
'status': 'ACTIVE'|'INACTIVE'|'DELETING',
'signingKeyInfo': {
'kmsKey': 'string'
},
'createdAt': datetime(2015, 1, 1),
'supportCaseDisplayId': 'string'
}
Response Structure
(dict) --
name (string) --
The name of the deleted support permit.
arn (string) --
The ARN of the deleted support permit.
description (string) --
The description of the deleted support permit.
permit (dict) --
The permit definition of the deleted permit.
actions (dict) --
The set of actions that the support operator is authorized to perform.
allActions (dict) --
Authorizes all available support actions.
actions (list) --
A list of specific support actions to authorize. Maximum of 10 actions.
(string) --
resources (dict) --
The set of resources that the support operator is authorized to act upon.
allResourcesInRegion (dict) --
Authorizes the support operator to act on all resources in the Region.
resources (list) --
A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.
(string) --
conditions (list) --
The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.
(dict) --
A time-window condition that constrains when a support permit is valid.
allowAfter (datetime) --
The earliest time at which the permit becomes valid.
allowBefore (datetime) --
The latest time at which the permit remains valid.
status (string) --
The status of the support permit. Returns DELETING.
signingKeyInfo (dict) --
The signing key information for the deleted permit.
kmsKey (string) --
The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.
createdAt (datetime) --
The timestamp when the permit was originally created.
supportCaseDisplayId (string) --
The display identifier of the support case associated with the deleted permit.