SupportAuthZ

2026/06/30 - SupportAuthZ - 11 new api methods

Changes  New SDK release for SupportAuthZ.

ListActions (new) Link ¶

Lists available support actions for a specified AWS service. Use pagination to ensure that the operation returns quickly and successfully.

See also: AWS API Documentation

Request Syntax

client.list_actions(
    nextToken='string',
    maxResults=123,
    service='string'
)
type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call. Valid range is 1 to 100.

type service:

string

param service:

[REQUIRED]

The name of the AWS service for which to list available support actions.

rtype:

dict

returns:

Response Syntax

{
    'actionSummaries': [
        {
            'action': 'string',
            'service': 'string',
            'description': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • actionSummaries (list) --

      The list of support actions.

      • (dict) --

        A summary of a support action.

        • action (string) --

          The name of the support action.

        • service (string) --

          The AWS service associated with the support action.

        • description (string) --

          A description of what the support action does.

    • nextToken (string) --

      The token for the next page of results, or null if there are no more results.

RejectSupportPermitRequest (new) Link ¶

Rejects a permit request from an AWS support operator. The operator cannot proceed with the requested action.

See also: AWS API Documentation

Request Syntax

client.reject_support_permit_request(
    requestArn='string'
)
type requestArn:

string

param requestArn:

[REQUIRED]

The ARN of the permit request to reject.

rtype:

dict

returns:

Response Syntax

{
    'requestArn': 'string'
}

Response Structure

  • (dict) --

    • requestArn (string) --

      The ARN of the rejected permit request.

GetSupportPermit (new) Link ¶

Retrieves the details of a support permit by its ARN or name.

See also: AWS API Documentation

Request Syntax

client.get_support_permit(
    supportPermitIdentifier='string'
)
type supportPermitIdentifier:

string

param supportPermitIdentifier:

[REQUIRED]

The ARN or name of the support permit to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'arn': 'string',
    'description': 'string',
    'permit': {
        'actions': {
            'allActions': {},
            'actions': [
                'string',
            ]
        },
        'resources': {
            'allResourcesInRegion': {},
            'resources': [
                'string',
            ]
        },
        'conditions': [
            {
                'allowAfter': datetime(2015, 1, 1),
                'allowBefore': datetime(2015, 1, 1)
            },
        ]
    },
    'status': 'ACTIVE'|'INACTIVE'|'DELETING',
    'signingKeyInfo': {
        'kmsKey': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'supportCaseDisplayId': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • name (string) --

      The name of the support permit.

    • arn (string) --

      The ARN of the support permit.

    • description (string) --

      The description of the support permit.

    • permit (dict) --

      The permit definition.

      • actions (dict) --

        The set of actions that the support operator is authorized to perform.

        • allActions (dict) --

          Authorizes all available support actions.

        • actions (list) --

          A list of specific support actions to authorize. Maximum of 10 actions.

          • (string) --

      • resources (dict) --

        The set of resources that the support operator is authorized to act upon.

        • allResourcesInRegion (dict) --

          Authorizes the support operator to act on all resources in the Region.

        • resources (list) --

          A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.

          • (string) --

      • conditions (list) --

        The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.

        • (dict) --

          A time-window condition that constrains when a support permit is valid.

          • allowAfter (datetime) --

            The earliest time at which the permit becomes valid.

          • allowBefore (datetime) --

            The latest time at which the permit remains valid.

    • status (string) --

      The current status of the support permit.

    • signingKeyInfo (dict) --

      The signing key information for the permit.

      • kmsKey (string) --

        The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.

    • createdAt (datetime) --

      The timestamp when the permit was created.

    • supportCaseDisplayId (string) --

      The display identifier of the support case associated with the permit.

    • tags (dict) --

      The tags associated with the support permit.

      • (string) --

        • (string) --

GetAction (new) Link ¶

Retrieves the description of a specific support action.

See also: AWS API Documentation

Request Syntax

client.get_action(
    action='string'
)
type action:

string

param action:

[REQUIRED]

The name of the support action to retrieve.

rtype:

dict

returns:

Response Syntax

{
    'action': 'string',
    'service': 'string',
    'description': 'string'
}

Response Structure

  • (dict) --

    • action (string) --

      The name of the support action.

    • service (string) --

      The AWS service associated with the support action.

    • description (string) --

      A description of what the support action does.

ListTagsForResource (new) Link ¶

Lists the tags associated with a support permit resource.

See also: AWS API Documentation

Request Syntax

client.list_tags_for_resource(
    resourceArn='string'
)
type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource to list tags for.

rtype:

dict

returns:

Response Syntax

{
    'tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • tags (dict) --

      The tags associated with the resource.

      • (string) --

        • (string) --

UntagResource (new) Link ¶

Removes one or more tags from a support permit resource.

See also: AWS API Documentation

Request Syntax

client.untag_resource(
    resourceArn='string',
    tagKeys=[
        'string',
    ]
)
type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource to untag.

type tagKeys:

list

param tagKeys:

[REQUIRED]

The tag keys to remove from the resource.

  • (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

ListSupportPermits (new) Link ¶

Lists all support permits in the caller's account. Use pagination to ensure that the operation returns quickly and successfully.

See also: AWS API Documentation

Request Syntax

client.list_support_permits(
    nextToken='string',
    maxResults=123,
    supportPermitStatuses=[
        'ACTIVE'|'INACTIVE'|'DELETING',
    ]
)
type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call. Valid range is 1 to 100.

type supportPermitStatuses:

list

param supportPermitStatuses:

Filters the results by support permit status. Valid values: ACTIVE, INACTIVE, DELETING.

  • (string) --

    The status of a support permit.

rtype:

dict

returns:

Response Syntax

{
    'supportPermits': [
        {
            'name': 'string',
            'arn': 'string',
            'permit': {
                'actions': {
                    'allActions': {},
                    'actions': [
                        'string',
                    ]
                },
                'resources': {
                    'allResourcesInRegion': {},
                    'resources': [
                        'string',
                    ]
                },
                'conditions': [
                    {
                        'allowAfter': datetime(2015, 1, 1),
                        'allowBefore': datetime(2015, 1, 1)
                    },
                ]
            },
            'status': 'ACTIVE'|'INACTIVE'|'DELETING',
            'signingKeyInfo': {
                'kmsKey': 'string'
            },
            'createdAt': datetime(2015, 1, 1),
            'supportCaseDisplayId': 'string'
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • supportPermits (list) --

      The list of support permits.

      • (dict) --

        A summary of a support permit.

        • name (string) --

          The name of the support permit.

        • arn (string) --

          The ARN of the support permit.

        • permit (dict) --

          The permit definition.

          • actions (dict) --

            The set of actions that the support operator is authorized to perform.

            • allActions (dict) --

              Authorizes all available support actions.

            • actions (list) --

              A list of specific support actions to authorize. Maximum of 10 actions.

              • (string) --

          • resources (dict) --

            The set of resources that the support operator is authorized to act upon.

            • allResourcesInRegion (dict) --

              Authorizes the support operator to act on all resources in the Region.

            • resources (list) --

              A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.

              • (string) --

          • conditions (list) --

            The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.

            • (dict) --

              A time-window condition that constrains when a support permit is valid.

              • allowAfter (datetime) --

                The earliest time at which the permit becomes valid.

              • allowBefore (datetime) --

                The latest time at which the permit remains valid.

        • status (string) --

          The current status of the support permit.

        • signingKeyInfo (dict) --

          The signing key information for the permit.

          • kmsKey (string) --

            The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.

        • createdAt (datetime) --

          The timestamp when the permit was created.

        • supportCaseDisplayId (string) --

          The display identifier of the support case associated with the permit.

    • nextToken (string) --

      The token for the next page of results, or null if there are no more results.

CreateSupportPermit (new) Link ¶

Creates a support permit that authorizes an AWS support operator to perform specified actions on specified resources. The permit is cryptographically signed using a customer-managed AWS KMS key (ECC_NIST_P384, SIGN_VERIFY) to ensure non-repudiation.

See also: AWS API Documentation

Request Syntax

client.create_support_permit(
    permit={
        'actions': {
            'allActions': {}
            ,
            'actions': [
                'string',
            ]
        },
        'resources': {
            'allResourcesInRegion': {}
            ,
            'resources': [
                'string',
            ]
        },
        'conditions': [
            {
                'allowAfter': datetime(2015, 1, 1),
                'allowBefore': datetime(2015, 1, 1)
            },
        ]
    },
    name='string',
    description='string',
    signingKeyInfo={
        'kmsKey': 'string'
    },
    supportCaseDisplayId='string',
    clientToken='string',
    tags={
        'string': 'string'
    }
)
type permit:

dict

param permit:

[REQUIRED]

The permit definition specifying the actions, resources, and time-window conditions that the support operator is authorized to use.

  • actions (dict) -- [REQUIRED]

    The set of actions that the support operator is authorized to perform.

    • allActions (dict) --

      Authorizes all available support actions.

    • actions (list) --

      A list of specific support actions to authorize. Maximum of 10 actions.

      • (string) --

  • resources (dict) -- [REQUIRED]

    The set of resources that the support operator is authorized to act upon.

    • allResourcesInRegion (dict) --

      Authorizes the support operator to act on all resources in the Region.

    • resources (list) --

      A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.

      • (string) --

  • conditions (list) --

    The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.

    • (dict) --

      A time-window condition that constrains when a support permit is valid.

      • allowAfter (datetime) --

        The earliest time at which the permit becomes valid.

      • allowBefore (datetime) --

        The latest time at which the permit remains valid.

type name:

string

param name:

[REQUIRED]

A customer-chosen name for the support permit. Must be between 1 and 256 alphanumeric characters.

type description:

string

param description:

A human-readable description of why this permit is being created. Maximum length of 1024 characters.

type signingKeyInfo:

dict

param signingKeyInfo:

[REQUIRED]

The signing key information used to sign the permit. Must reference an AWS KMS key with key usage SIGN_VERIFY and key spec ECC_NIST_P384.

  • kmsKey (string) --

    The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.

type supportCaseDisplayId:

string

param supportCaseDisplayId:

The display identifier of the AWS Support case associated with this permit.

type clientToken:

string

param clientToken:

A unique, case-sensitive identifier to ensure that the operation completes no more than one time. If this token matches a previous request, the service returns the existing permit without creating a duplicate.

This field is autopopulated if not provided.

type tags:

dict

param tags:

The tags to associate with the support permit on creation.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'arn': 'string',
    'description': 'string',
    'permit': {
        'actions': {
            'allActions': {},
            'actions': [
                'string',
            ]
        },
        'resources': {
            'allResourcesInRegion': {},
            'resources': [
                'string',
            ]
        },
        'conditions': [
            {
                'allowAfter': datetime(2015, 1, 1),
                'allowBefore': datetime(2015, 1, 1)
            },
        ]
    },
    'status': 'ACTIVE'|'INACTIVE'|'DELETING',
    'signingKeyInfo': {
        'kmsKey': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'supportCaseDisplayId': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) --

    • name (string) --

      The name of the support permit.

    • arn (string) --

      The Amazon Resource Name (ARN) of the support permit.

    • description (string) --

      The description of the support permit.

    • permit (dict) --

      The permit definition.

      • actions (dict) --

        The set of actions that the support operator is authorized to perform.

        • allActions (dict) --

          Authorizes all available support actions.

        • actions (list) --

          A list of specific support actions to authorize. Maximum of 10 actions.

          • (string) --

      • resources (dict) --

        The set of resources that the support operator is authorized to act upon.

        • allResourcesInRegion (dict) --

          Authorizes the support operator to act on all resources in the Region.

        • resources (list) --

          A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.

          • (string) --

      • conditions (list) --

        The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.

        • (dict) --

          A time-window condition that constrains when a support permit is valid.

          • allowAfter (datetime) --

            The earliest time at which the permit becomes valid.

          • allowBefore (datetime) --

            The latest time at which the permit remains valid.

    • status (string) --

      The current status of the support permit.

    • signingKeyInfo (dict) --

      The signing key information for the permit.

      • kmsKey (string) --

        The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.

    • createdAt (datetime) --

      The timestamp when the permit was created.

    • supportCaseDisplayId (string) --

      The display identifier of the support case associated with the permit.

    • tags (dict) --

      The tags associated with the support permit.

      • (string) --

        • (string) --

TagResource (new) Link ¶

Adds or overwrites one or more tags for a support permit resource.

See also: AWS API Documentation

Request Syntax

client.tag_resource(
    resourceArn='string',
    tags={
        'string': 'string'
    }
)
type resourceArn:

string

param resourceArn:

[REQUIRED]

The ARN of the resource to tag.

type tags:

dict

param tags:

[REQUIRED]

The tags to add to the resource. Maximum of 50 tags.

  • (string) --

    • (string) --

rtype:

dict

returns:

Response Syntax

{}

Response Structure

  • (dict) --

ListSupportPermitRequests (new) Link ¶

Lists permit requests from AWS support operators. Use pagination to ensure that the operation returns quickly and successfully.

See also: AWS API Documentation

Request Syntax

client.list_support_permit_requests(
    nextToken='string',
    maxResults=123,
    supportCaseDisplayId='string'
)
type nextToken:

string

param nextToken:

The token for the next page of results.

type maxResults:

integer

param maxResults:

The maximum number of results to return in a single call. Valid range is 1 to 100.

type supportCaseDisplayId:

string

param supportCaseDisplayId:

Filters the results by support case display identifier.

rtype:

dict

returns:

Response Syntax

{
    'supportPermitRequests': [
        {
            'requestArn': 'string',
            'permit': {
                'actions': {
                    'allActions': {},
                    'actions': [
                        'string',
                    ]
                },
                'resources': {
                    'allResourcesInRegion': {},
                    'resources': [
                        'string',
                    ]
                },
                'conditions': [
                    {
                        'allowAfter': datetime(2015, 1, 1),
                        'allowBefore': datetime(2015, 1, 1)
                    },
                ]
            },
            'supportCaseDisplayId': 'string',
            'status': 'PENDING'|'ACCEPTED'|'REJECTED'|'CANCELLED',
            'createdAt': datetime(2015, 1, 1),
            'updatedAt': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • supportPermitRequests (list) --

      The list of permit requests.

      • (dict) --

        A permit request from an AWS support operator.

        • requestArn (string) --

          The ARN of the permit request.

        • permit (dict) --

          The permit definition requested by the operator.

          • actions (dict) --

            The set of actions that the support operator is authorized to perform.

            • allActions (dict) --

              Authorizes all available support actions.

            • actions (list) --

              A list of specific support actions to authorize. Maximum of 10 actions.

              • (string) --

          • resources (dict) --

            The set of resources that the support operator is authorized to act upon.

            • allResourcesInRegion (dict) --

              Authorizes the support operator to act on all resources in the Region.

            • resources (list) --

              A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.

              • (string) --

          • conditions (list) --

            The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.

            • (dict) --

              A time-window condition that constrains when a support permit is valid.

              • allowAfter (datetime) --

                The earliest time at which the permit becomes valid.

              • allowBefore (datetime) --

                The latest time at which the permit remains valid.

        • supportCaseDisplayId (string) --

          The display identifier of the support case associated with the request.

        • status (string) --

          The current status of the permit request.

        • createdAt (datetime) --

          The timestamp when the request was created.

        • updatedAt (datetime) --

          The timestamp when the request was last updated.

    • nextToken (string) --

      The token for the next page of results, or null if there are no more results.

DeleteSupportPermit (new) Link ¶

Deletes a support permit, revoking the authorization previously granted to the AWS support operator.

See also: AWS API Documentation

Request Syntax

client.delete_support_permit(
    supportPermitIdentifier='string'
)
type supportPermitIdentifier:

string

param supportPermitIdentifier:

[REQUIRED]

The Amazon Resource Name (ARN) or name of the support permit to delete.

rtype:

dict

returns:

Response Syntax

{
    'name': 'string',
    'arn': 'string',
    'description': 'string',
    'permit': {
        'actions': {
            'allActions': {},
            'actions': [
                'string',
            ]
        },
        'resources': {
            'allResourcesInRegion': {},
            'resources': [
                'string',
            ]
        },
        'conditions': [
            {
                'allowAfter': datetime(2015, 1, 1),
                'allowBefore': datetime(2015, 1, 1)
            },
        ]
    },
    'status': 'ACTIVE'|'INACTIVE'|'DELETING',
    'signingKeyInfo': {
        'kmsKey': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'supportCaseDisplayId': 'string'
}

Response Structure

  • (dict) --

    • name (string) --

      The name of the deleted support permit.

    • arn (string) --

      The ARN of the deleted support permit.

    • description (string) --

      The description of the deleted support permit.

    • permit (dict) --

      The permit definition of the deleted permit.

      • actions (dict) --

        The set of actions that the support operator is authorized to perform.

        • allActions (dict) --

          Authorizes all available support actions.

        • actions (list) --

          A list of specific support actions to authorize. Maximum of 10 actions.

          • (string) --

      • resources (dict) --

        The set of resources that the support operator is authorized to act upon.

        • allResourcesInRegion (dict) --

          Authorizes the support operator to act on all resources in the Region.

        • resources (list) --

          A list of specific resource identifiers that the support operator is authorized to act upon. Maximum of 5 resources.

          • (string) --

      • conditions (list) --

        The time-window conditions that constrain when the permit is valid. Maximum of 2 conditions.

        • (dict) --

          A time-window condition that constrains when a support permit is valid.

          • allowAfter (datetime) --

            The earliest time at which the permit becomes valid.

          • allowBefore (datetime) --

            The latest time at which the permit remains valid.

    • status (string) --

      The status of the support permit. Returns DELETING.

    • signingKeyInfo (dict) --

      The signing key information for the deleted permit.

      • kmsKey (string) --

        The ARN of the AWS KMS key used to sign the permit. The key must have key spec ECC_NIST_P384 and key usage SIGN_VERIFY.

    • createdAt (datetime) --

      The timestamp when the permit was originally created.

    • supportCaseDisplayId (string) --

      The display identifier of the support case associated with the deleted permit.