Amazon Elastic Compute Cloud

Gets the enabled IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

See also: AWS API Documentation

Request Syntax

client.get_enabled_ipam_policy(
    DryRun=True|False
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'IpamPolicyEnabled': True|False,
    'IpamPolicyId': 'string',
    'ManagedBy': 'account'|'delegated-administrator-for-ipam'
}

Response Structure

• (dict) --

  • IpamPolicyEnabled (boolean) --

    Indicates whether the IPAM policy is enabled.

  • IpamPolicyId (string) --

    The ID of the enabled IPAM policy.

  • ManagedBy (string) --

    The entity that manages the IPAM policy.

Disables an IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

See also: AWS API Documentation

Request Syntax

client.disable_ipam_policy(
    DryRun=True|False,
    IpamPolicyId='string',
    OrganizationTargetId='string'
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type IpamPolicyId:

string

param IpamPolicyId:

[REQUIRED]

The ID of the IPAM policy to disable.

type OrganizationTargetId:

string

param OrganizationTargetId:

The ID of the Amazon Web Services Organizations target for which to disable the IPAM policy. This parameter is required only when IPAM is integrated with Amazon Web Services Organizations. When IPAM is not integrated with Amazon Web Services Organizations, omit this parameter and the policy will be disabled for the current account.

A target can be an individual Amazon Web Services account or an entity within an Amazon Web Services Organization to which an IPAM policy can be applied.

rtype:

dict

returns:

Response Syntax

{
    'Return': True|False
}

Response Structure

• (dict) --

  • Return (boolean) --

    Returns true if the IPAM policy was successfully disabled.

Describes one or more IPAM policies.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

See also: AWS API Documentation

Request Syntax

client.describe_ipam_policies(
    DryRun=True|False,
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string',
    IpamPolicyIds=[
        'string',
    ]
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type Filters:

list

param Filters:

One or more filters for the IPAM policy description.

• (dict) --

  A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

  If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

  For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.

  • Name (string) --

    The name of the filter. Filter names are case-sensitive.

  • Values (list) --

    The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of results to return in a single call.

type NextToken:

string

param NextToken:

The token for the next page of results.

type IpamPolicyIds:

list

param IpamPolicyIds:

The IDs of the IPAM policies to describe.

• (string) --

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'IpamPolicies': [
        {
            'OwnerId': 'string',
            'IpamPolicyId': 'string',
            'IpamPolicyArn': 'string',
            'IpamPolicyRegion': 'string',
            'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
            'StateMessage': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'IpamId': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • NextToken (string) --

    The token to use to retrieve the next page of results. This value is null when there are no more results to return.

  • IpamPolicies (list) --

    Information about the IPAM policies.

    An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

    • (dict) --

      Information about an IPAM policy.

      An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

      • OwnerId (string) --

        The account ID that owns the IPAM policy.

      • IpamPolicyId (string) --

        The ID of the IPAM policy.

      • IpamPolicyArn (string) --

        The Amazon Resource Name (ARN) of the IPAM policy.

      • IpamPolicyRegion (string) --

        The Region of the IPAM policy.

      • State (string) --

        The state of the IPAM policy.

      • StateMessage (string) --

        A message about the state of the IPAM policy.

      • Tags (list) --

        The tags assigned to the IPAM policy.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

      • IpamId (string) --

        The ID of the IPAM this policy belongs to.

Gets the Amazon Web Services Organizations targets for an IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

A target can be an individual Amazon Web Services account or an entity within an Amazon Web Services Organization to which an IPAM policy can be applied.

See also: AWS API Documentation

Request Syntax

client.get_ipam_policy_organization_targets(
    DryRun=True|False,
    MaxResults=123,
    NextToken='string',
    IpamPolicyId='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ]
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type MaxResults:

integer

param MaxResults:

The maximum number of results to return in a single call.

type NextToken:

string

param NextToken:

The token for the next page of results.

type IpamPolicyId:

string

param IpamPolicyId:

[REQUIRED]

The ID of the IPAM policy for which to get Amazon Web Services Organizations targets.

type Filters:

list

param Filters:

One or more filters for the Amazon Web Services Organizations targets.

• (dict) --

  A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

  If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

  For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.

  • Name (string) --

    The name of the filter. Filter names are case-sensitive.

  • Values (list) --

    The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    • (string) --

rtype:

dict

returns:

Response Syntax

{
    'OrganizationTargets': [
        {
            'OrganizationTargetId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

• (dict) --

  • OrganizationTargets (list) --

    The Amazon Web Services Organizations targets for an IPAM policy.

    • (dict) --

      The Amazon Web Services Organizations target for an IPAM policy.

      • OrganizationTargetId (string) --

        The ID of a Amazon Web Services Organizations target for an IPAM policy.

  • NextToken (string) --

    The token to use to retrieve the next page of results.

Modifies the allocation rules in an IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

See also: AWS API Documentation

Request Syntax

client.modify_ipam_policy_allocation_rules(
    DryRun=True|False,
    IpamPolicyId='string',
    Locale='string',
    ResourceType='alb'|'eip'|'rds'|'rnat',
    AllocationRules=[
        {
            'SourceIpamPoolId': 'string'
        },
    ]
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type IpamPolicyId:

string

param IpamPolicyId:

[REQUIRED]

The ID of the IPAM policy whose allocation rules you want to modify.

type Locale:

string

param Locale:

[REQUIRED]

The locale for which to modify the allocation rules.

type ResourceType:

string

param ResourceType:

[REQUIRED]

The resource type for which to modify the allocation rules.

The Amazon Web Services service or resource type that can use IP addresses through IPAM policies. Supported services and resource types include:

• Elastic IP addresses

type AllocationRules:

list

param AllocationRules:

The new allocation rules to apply to the IPAM policy.

Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

• (dict) --

  Information about a requested IPAM policy allocation rule.

  Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

  • SourceIpamPoolId (string) --

    The ID of the source IPAM pool for the requested allocation rule.

    An IPAM pool is a collection of IP addresses in IPAM that can be allocated to Amazon Web Services resources.

rtype:

dict

returns:

Response Syntax

{
    'IpamPolicyDocument': {
        'IpamPolicyId': 'string',
        'Locale': 'string',
        'ResourceType': 'alb'|'eip'|'rds'|'rnat',
        'AllocationRules': [
            {
                'SourceIpamPoolId': 'string'
            },
        ]
    }
}

Response Structure

• (dict) --

  • IpamPolicyDocument (dict) --

    The modified IPAM policy containing the updated allocation rules.

    • IpamPolicyId (string) --

      The ID of the IPAM policy.

    • Locale (string) --

      The locale of the IPAM policy document.

    • ResourceType (string) --

      The resource type of the IPAM policy document.

      The Amazon Web Services service or resource type that can use IP addresses through IPAM policies. Supported services and resource types include:

      • Elastic IP addresses

    • AllocationRules (list) --

      The allocation rules in the IPAM policy document.

      Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

      • (dict) --

        Information about an IPAM policy allocation rule.

        Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

        • SourceIpamPoolId (string) --

          The ID of the source IPAM pool for the allocation rule.

          An IPAM pool is a collection of IP addresses in IPAM that can be allocated to Amazon Web Services resources.

Gets the allocation rules for an IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

See also: AWS API Documentation

Request Syntax

client.get_ipam_policy_allocation_rules(
    DryRun=True|False,
    IpamPolicyId='string',
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    Locale='string',
    ResourceType='alb'|'eip'|'rds'|'rnat',
    MaxResults=123,
    NextToken='string'
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type IpamPolicyId:

string

param IpamPolicyId:

[REQUIRED]

The ID of the IPAM policy for which to get allocation rules.

type Filters:

list

param Filters:

One or more filters for the allocation rules.

• (dict) --

  A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

  If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

  For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.

  • Name (string) --

    The name of the filter. Filter names are case-sensitive.

  • Values (list) --

    The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    • (string) --

type Locale:

string

param Locale:

The locale for which to get the allocation rules.

type ResourceType:

string

param ResourceType:

The resource type for which to get the allocation rules.

The Amazon Web Services service or resource type that can use IP addresses through IPAM policies. Supported services and resource types include:

• Elastic IP addresses

type MaxResults:

integer

param MaxResults:

The maximum number of results to return in a single call.

type NextToken:

string

param NextToken:

The token for the next page of results.

rtype:

dict

returns:

Response Syntax

{
    'IpamPolicyDocuments': [
        {
            'IpamPolicyId': 'string',
            'Locale': 'string',
            'ResourceType': 'alb'|'eip'|'rds'|'rnat',
            'AllocationRules': [
                {
                    'SourceIpamPoolId': 'string'
                },
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

• (dict) --

  • IpamPolicyDocuments (list) --

    The IPAM policy documents containing the allocation rules.

    Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

    • (dict) --

      Information about an IPAM policy.

      • IpamPolicyId (string) --

        The ID of the IPAM policy.

      • Locale (string) --

        The locale of the IPAM policy document.

      • ResourceType (string) --

        The resource type of the IPAM policy document.

        The Amazon Web Services service or resource type that can use IP addresses through IPAM policies. Supported services and resource types include:

        • Elastic IP addresses

      • AllocationRules (list) --

        The allocation rules in the IPAM policy document.

        Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

        • (dict) --

          Information about an IPAM policy allocation rule.

          Allocation rules are optional configurations within an IPAM policy that map Amazon Web Services resource types to specific IPAM pools. If no rules are defined, the resource types default to using Amazon-provided IP addresses.

          • SourceIpamPoolId (string) --

            The ID of the source IPAM pool for the allocation rule.

            An IPAM pool is a collection of IP addresses in IPAM that can be allocated to Amazon Web Services resources.

  • NextToken (string) --

    The token to use to retrieve the next page of results.

Enables an IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

For more information, see Define public IPv4 allocation strategy with IPAM policies in the Amazon VPC IPAM User Guide.

See also: AWS API Documentation

Request Syntax

client.enable_ipam_policy(
    DryRun=True|False,
    IpamPolicyId='string',
    OrganizationTargetId='string'
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type IpamPolicyId:

string

param IpamPolicyId:

[REQUIRED]

The ID of the IPAM policy to enable.

type OrganizationTargetId:

string

param OrganizationTargetId:

The ID of the Amazon Web Services Organizations target for which to enable the IPAM policy. This parameter is required only when IPAM is integrated with Amazon Web Services Organizations. When IPAM is not integrated with Amazon Web Services Organizations, omit this parameter and the policy will apply to the current account.

A target can be an individual Amazon Web Services account or an entity within an Amazon Web Services Organization to which an IPAM policy can be applied.

rtype:

dict

returns:

Response Syntax

{
    'IpamPolicyId': 'string'
}

Response Structure

• (dict) --

  • IpamPolicyId (string) --

    The ID of the IPAM policy that was enabled.

Creates an IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

For more information, see Define public IPv4 allocation strategy with IPAM policies in the Amazon VPC IPAM User Guide.

See also: AWS API Documentation

Request Syntax

client.create_ipam_policy(
    DryRun=True|False,
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export'|'vpn-concentrator',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    ClientToken='string',
    IpamId='string'
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type TagSpecifications:

list

param TagSpecifications:

The tags to assign to the IPAM policy.

• (dict) --

  The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

  • ResourceType (string) --

    The type of resource to tag on creation.

  • Tags (list) --

    The tags to apply to the resource.

    • (dict) --

      Describes a tag.

      • Key (string) --

        The key of the tag.

        Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

      • Value (string) --

        The value of the tag.

        Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

type ClientToken:

string

param ClientToken:

A unique, case-sensitive identifier to ensure the idempotency of the request.

This field is autopopulated if not provided.

type IpamId:

string

param IpamId:

[REQUIRED]

The ID of the IPAM for which you're creating the policy.

rtype:

dict

returns:

Response Syntax

{
    'IpamPolicy': {
        'OwnerId': 'string',
        'IpamPolicyId': 'string',
        'IpamPolicyArn': 'string',
        'IpamPolicyRegion': 'string',
        'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
        'StateMessage': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'IpamId': 'string'
    }
}

Response Structure

• (dict) --

  • IpamPolicy (dict) --

    Information about the created IPAM policy.

    An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

    • OwnerId (string) --

      The account ID that owns the IPAM policy.

    • IpamPolicyId (string) --

      The ID of the IPAM policy.

    • IpamPolicyArn (string) --

      The Amazon Resource Name (ARN) of the IPAM policy.

    • IpamPolicyRegion (string) --

      The Region of the IPAM policy.

    • State (string) --

      The state of the IPAM policy.

    • StateMessage (string) --

      A message about the state of the IPAM policy.

    • Tags (list) --

      The tags assigned to the IPAM policy.

      • (dict) --

        Describes a tag.

        • Key (string) --

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

        • Value (string) --

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

    • IpamId (string) --

      The ID of the IPAM this policy belongs to.

Deletes an IPAM policy.

An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

See also: AWS API Documentation

Request Syntax

client.delete_ipam_policy(
    DryRun=True|False,
    IpamPolicyId='string'
)

type DryRun:

boolean

param DryRun:

A check for whether you have the required permissions for the action without actually making the request and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type IpamPolicyId:

string

param IpamPolicyId:

[REQUIRED]

The ID of the IPAM policy to delete.

rtype:

dict

returns:

Response Syntax

{
    'IpamPolicy': {
        'OwnerId': 'string',
        'IpamPolicyId': 'string',
        'IpamPolicyArn': 'string',
        'IpamPolicyRegion': 'string',
        'State': 'create-in-progress'|'create-complete'|'create-failed'|'modify-in-progress'|'modify-complete'|'modify-failed'|'delete-in-progress'|'delete-complete'|'delete-failed'|'isolate-in-progress'|'isolate-complete'|'restore-in-progress',
        'StateMessage': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'IpamId': 'string'
    }
}

Response Structure

• (dict) --

  • IpamPolicy (dict) --

    Information about the deleted IPAM policy.

    An IPAM policy is a set of rules that define how public IPv4 addresses from IPAM pools are allocated to Amazon Web Services resources. Each rule maps an Amazon Web Services service to IPAM pools that the service will use to get IP addresses. A single policy can have multiple rules and be applied to multiple Amazon Web Services Regions. If the IPAM pool run out of addresses then the services fallback to Amazon-provided IP addresses. A policy can be applied to an individual Amazon Web Services account or an entity within Amazon Web Services Organizations.

    • OwnerId (string) --

      The account ID that owns the IPAM policy.

    • IpamPolicyId (string) --

      The ID of the IPAM policy.

    • IpamPolicyArn (string) --

      The Amazon Resource Name (ARN) of the IPAM policy.

    • IpamPolicyRegion (string) --

      The Region of the IPAM policy.

    • State (string) --

      The state of the IPAM policy.

    • StateMessage (string) --

      A message about the state of the IPAM policy.

    • Tags (list) --

      The tags assigned to the IPAM policy.

      • (dict) --

        Describes a tag.

        • Key (string) --

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

        • Value (string) --

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

    • IpamId (string) --

      The ID of the IPAM this policy belongs to.

{'NatGatewayAddresses': {'AvailabilityZone': 'string',
                         'AvailabilityZoneId': 'string'}}

Assigns private IPv4 addresses to a private NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.

See also: AWS API Documentation

Request Syntax

client.assign_private_nat_gateway_address(
    NatGatewayId='string',
    PrivateIpAddresses=[
        'string',
    ],
    PrivateIpAddressCount=123,
    DryRun=True|False
)

type NatGatewayId:

string

param NatGatewayId:

[REQUIRED]

The ID of the NAT gateway.

type PrivateIpAddresses:

list

param PrivateIpAddresses:

The private IPv4 addresses you want to assign to the private NAT gateway.

• (string) --

type PrivateIpAddressCount:

integer

param PrivateIpAddressCount:

The number of private IP addresses to assign to the NAT gateway. You can't specify this parameter when also specifying private IP addresses.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'NatGatewayId': 'string',
    'NatGatewayAddresses': [
        {
            'AllocationId': 'string',
            'NetworkInterfaceId': 'string',
            'PrivateIp': 'string',
            'PublicIp': 'string',
            'AssociationId': 'string',
            'IsPrimary': True|False,
            'FailureMessage': 'string',
            'Status': 'assigning'|'unassigning'|'associating'|'disassociating'|'succeeded'|'failed',
            'AvailabilityZone': 'string',
            'AvailabilityZoneId': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • NatGatewayId (string) --

    The ID of the NAT gateway.

  • NatGatewayAddresses (list) --

    NAT gateway IP addresses.

    • (dict) --

      Describes the IP addresses and network interface associated with a NAT gateway.

      • AllocationId (string) --

        [Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway.

      • NetworkInterfaceId (string) --

        The ID of the network interface associated with the NAT gateway.

      • PrivateIp (string) --

        The private IP address associated with the NAT gateway.

      • PublicIp (string) --

        [Public NAT gateway only] The Elastic IP address associated with the NAT gateway.

      • AssociationId (string) --

        [Public NAT gateway only] The association ID of the Elastic IP address that's associated with the NAT gateway.

      • IsPrimary (boolean) --

        Defines if the IP address is the primary address.

      • FailureMessage (string) --

        The address failure message.

      • Status (string) --

        The address status.

      • AvailabilityZone (string) --

        The Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic.

      • AvailabilityZoneId (string) --

        The ID of the Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.

{'AvailabilityZone': 'string', 'AvailabilityZoneId': 'string'}

{'NatGatewayAddresses': {'AvailabilityZone': 'string',
                         'AvailabilityZoneId': 'string'}}

Associates Elastic IP addresses (EIPs) and private IPv4 addresses with a public NAT gateway. For more information, see Work with NAT gateways in the Amazon VPC User Guide.

By default, you can associate up to 2 Elastic IP addresses per public NAT gateway. You can increase the limit by requesting a quota adjustment. For more information, see Elastic IP address quotas in the Amazon VPC User Guide.

See also: AWS API Documentation

Request Syntax

client.associate_nat_gateway_address(
    NatGatewayId='string',
    AllocationIds=[
        'string',
    ],
    PrivateIpAddresses=[
        'string',
    ],
    DryRun=True|False,
    AvailabilityZone='string',
    AvailabilityZoneId='string'
)

type NatGatewayId:

string

param NatGatewayId:

[REQUIRED]

The ID of the NAT gateway.

type AllocationIds:

list

param AllocationIds:

[REQUIRED]

The allocation IDs of EIPs that you want to associate with your NAT gateway.

• (string) --

type PrivateIpAddresses:

list

param PrivateIpAddresses:

The private IPv4 addresses that you want to assign to the NAT gateway.

• (string) --

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type AvailabilityZone:

string

param AvailabilityZone:

For regional NAT gateways only: The Availability Zone where you want to associate an Elastic IP address (EIP). The regional NAT gateway uses a separate EIP in each AZ to handle outbound NAT traffic from that AZ.

A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

type AvailabilityZoneId:

string

param AvailabilityZoneId:

For regional NAT gateways only: The ID of the Availability Zone where you want to associate an Elastic IP address (EIP). The regional NAT gateway uses a separate EIP in each AZ to handle outbound NAT traffic from that AZ. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.

A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

rtype:

dict

returns:

Response Syntax

{
    'NatGatewayId': 'string',
    'NatGatewayAddresses': [
        {
            'AllocationId': 'string',
            'NetworkInterfaceId': 'string',
            'PrivateIp': 'string',
            'PublicIp': 'string',
            'AssociationId': 'string',
            'IsPrimary': True|False,
            'FailureMessage': 'string',
            'Status': 'assigning'|'unassigning'|'associating'|'disassociating'|'succeeded'|'failed',
            'AvailabilityZone': 'string',
            'AvailabilityZoneId': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • NatGatewayId (string) --

    The ID of the NAT gateway.

  • NatGatewayAddresses (list) --

    The IP addresses.

    • (dict) --

      Describes the IP addresses and network interface associated with a NAT gateway.

      • AllocationId (string) --

        [Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway.

      • NetworkInterfaceId (string) --

        The ID of the network interface associated with the NAT gateway.

      • PrivateIp (string) --

        The private IP address associated with the NAT gateway.

      • PublicIp (string) --

        [Public NAT gateway only] The Elastic IP address associated with the NAT gateway.

      • AssociationId (string) --

        [Public NAT gateway only] The association ID of the Elastic IP address that's associated with the NAT gateway.

      • IsPrimary (boolean) --

        Defines if the IP address is the primary address.

      • FailureMessage (string) --

        The address failure message.

      • Status (string) --

        The address status.

      • AvailabilityZone (string) --

        The Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic.

      • AvailabilityZoneId (string) --

        The ID of the Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.

{'ResourceType': {'RegionalNatGateway'}}

Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.

Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon VPC User Guide.

When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.

For more information, see VPC Flow Logs in the Amazon VPC User Guide.

See also: AWS API Documentation

Request Syntax

client.create_flow_logs(
    DryRun=True|False,
    ClientToken='string',
    DeliverLogsPermissionArn='string',
    DeliverCrossAccountRole='string',
    LogGroupName='string',
    ResourceIds=[
        'string',
    ],
    ResourceType='VPC'|'Subnet'|'NetworkInterface'|'TransitGateway'|'TransitGatewayAttachment'|'RegionalNatGateway',
    TrafficType='ACCEPT'|'REJECT'|'ALL',
    LogDestinationType='cloud-watch-logs'|'s3'|'kinesis-data-firehose',
    LogDestination='string',
    LogFormat='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export'|'vpn-concentrator',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    MaxAggregationInterval=123,
    DestinationOptions={
        'FileFormat': 'plain-text'|'parquet',
        'HiveCompatiblePartitions': True|False,
        'PerHourPartition': True|False
    }
)

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type ClientToken:

string

param ClientToken:

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency.

type DeliverLogsPermissionArn:

string

param DeliverLogsPermissionArn:

The ARN of the IAM role that allows Amazon EC2 to publish flow logs to the log destination.

This parameter is required if the destination type is cloud-watch-logs, or if the destination type is kinesis-data-firehose and the delivery stream and the resources to monitor are in different accounts.

type DeliverCrossAccountRole:

string

param DeliverCrossAccountRole:

The ARN of the IAM role that allows Amazon EC2 to publish flow logs across accounts.

type LogGroupName:

string

param LogGroupName:

The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

This parameter is valid only if the destination type is cloud-watch-logs.

type ResourceIds:

list

param ResourceIds:

[REQUIRED]

The IDs of the resources to monitor. For example, if the resource type is VPC, specify the IDs of the VPCs.

Constraints: Maximum of 25 for transit gateway resource types. Maximum of 1000 for the other resource types.

• (string) --

type ResourceType:

string

param ResourceType:

[REQUIRED]

The type of resource to monitor.

type TrafficType:

string

param TrafficType:

The type of traffic to monitor (accepted traffic, rejected traffic, or all traffic). This parameter is not supported for transit gateway resource types. It is required for the other resource types.

type LogDestinationType:

string

param LogDestinationType:

The type of destination for the flow log data.

Default: cloud-watch-logs

type LogDestination:

string

param LogDestination:

The destination for the flow log data. The meaning of this parameter depends on the destination type.

• If the destination type is cloud-watch-logs, specify the ARN of a CloudWatch Logs log group. For example: arn:aws:logs:region:account_id:log-group:my_group Alternatively, use the LogGroupName parameter.

• If the destination type is s3, specify the ARN of an S3 bucket. For example: arn:aws:s3:::my_bucket/my_subfolder/ The subfolder is optional. Note that you can't use AWSLogs as a subfolder name.

• If the destination type is kinesis-data-firehose, specify the ARN of a Kinesis Data Firehose delivery stream. For example: arn:aws:firehose:region:account_id:deliverystream:my_stream

type LogFormat:

string

param LogFormat:

The fields to include in the flow log record. List the fields in the order in which they should appear. If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must include at least one field. For more information about the available fields, see Flow log records in the Amazon VPC User Guide or Transit Gateway Flow Log records in the Amazon Web Services Transit Gateway Guide.

Specify the fields using the ${field-id} format, separated by spaces.

type TagSpecifications:

list

param TagSpecifications:

The tags to apply to the flow logs.

• (dict) --

  The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

  • ResourceType (string) --

    The type of resource to tag on creation.

  • Tags (list) --

    The tags to apply to the resource.

    • (dict) --

      Describes a tag.

      • Key (string) --

        The key of the tag.

        Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

      • Value (string) --

        The value of the tag.

        Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

type MaxAggregationInterval:

integer

param MaxAggregationInterval:

The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. The possible values are 60 seconds (1 minute) or 600 seconds (10 minutes). This parameter must be 60 seconds for transit gateway resource types.

When a network interface is attached to a Nitro-based instance, the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

Default: 600

type DestinationOptions:

dict

param DestinationOptions:

The destination options.

• FileFormat (string) --

  The format for the flow log. The default is plain-text.

• HiveCompatiblePartitions (boolean) --

  Indicates whether to use Hive-compatible prefixes for flow logs stored in Amazon S3. The default is false.

• PerHourPartition (boolean) --

  Indicates whether to partition the flow log per hour. This reduces the cost and response time for queries. The default is false.

rtype:

dict

returns:

Response Syntax

{
    'ClientToken': 'string',
    'FlowLogIds': [
        'string',
    ],
    'Unsuccessful': [
        {
            'Error': {
                'Code': 'string',
                'Message': 'string'
            },
            'ResourceId': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • ClientToken (string) --

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

  • FlowLogIds (list) --

    The IDs of the flow logs.

    • (string) --

  • Unsuccessful (list) --

    Information about the flow logs that could not be created successfully.

    • (dict) --

      Information about items that were not successfully processed in a batch call.

      • Error (dict) --

        Information about the error.

        • Code (string) --

          The error code.

        • Message (string) --

          The error message accompanying the error code.

      • ResourceId (string) --

        The ID of the resource.

{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-policy'}}}}

{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-policy'}}}}

{'LaunchTemplateVersion': {'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-policy'}}}}}

{'AvailabilityMode': 'zonal | regional',
 'AvailabilityZoneAddresses': [{'AllocationIds': ['string'],
                                'AvailabilityZone': 'string',
                                'AvailabilityZoneId': 'string'}],
 'VpcId': 'string'}

{'NatGateway': {'AutoProvisionZones': 'enabled | disabled',
                'AutoScalingIps': 'enabled | disabled',
                'AvailabilityMode': 'zonal | regional',
                'NatGatewayAddresses': {'AvailabilityZone': 'string',
                                        'AvailabilityZoneId': 'string'},
                'RouteTableId': 'string'}}

Creates a NAT gateway in the specified subnet. This action creates a network interface in the specified subnet with a private IP address from the IP address range of the subnet. You can create either a public NAT gateway or a private NAT gateway.

With a public NAT gateway, internet-bound traffic from a private subnet can be routed to the NAT gateway, so that instances in a private subnet can connect to the internet.

With a private NAT gateway, private communication is routed across VPCs and on-premises networks through a transit gateway or virtual private gateway. Common use cases include running large workloads behind a small pool of allowlisted IPv4 addresses, preserving private IPv4 addresses, and communicating between overlapping networks.

For more information, see NAT gateways in the Amazon VPC User Guide.

See also: AWS API Documentation

Request Syntax

client.create_nat_gateway(
    AvailabilityMode='zonal'|'regional',
    AllocationId='string',
    ClientToken='string',
    DryRun=True|False,
    SubnetId='string',
    VpcId='string',
    AvailabilityZoneAddresses=[
        {
            'AvailabilityZone': 'string',
            'AvailabilityZoneId': 'string',
            'AllocationIds': [
                'string',
            ]
        },
    ],
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export'|'vpn-concentrator',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    ConnectivityType='private'|'public',
    PrivateIpAddress='string',
    SecondaryAllocationIds=[
        'string',
    ],
    SecondaryPrivateIpAddresses=[
        'string',
    ],
    SecondaryPrivateIpAddressCount=123
)

type AvailabilityMode:

string

param AvailabilityMode:

Specifies whether to create a zonal (single-AZ) or regional (multi-AZ) NAT gateway. Defaults to zonal.

A zonal NAT gateway is a NAT Gateway that provides redundancy and scalability within a single availability zone. A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

type AllocationId:

string

param AllocationId:

[Public NAT gateways only] The allocation ID of an Elastic IP address to associate with the NAT gateway. You cannot specify an Elastic IP address with a private NAT gateway. If the Elastic IP address is associated with another resource, you must first disassociate it.

type ClientToken:

string

param ClientToken:

Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring idempotency.

Constraint: Maximum 64 ASCII characters.

This field is autopopulated if not provided.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type SubnetId:

string

param SubnetId:

The ID of the subnet in which to create the NAT gateway.

type VpcId:

string

param VpcId:

The ID of the VPC where you want to create a regional NAT gateway.

type AvailabilityZoneAddresses:

list

param AvailabilityZoneAddresses:

For regional NAT gateways only: Specifies which Availability Zones you want the NAT gateway to support and the Elastic IP addresses (EIPs) to use in each AZ. The regional NAT gateway uses these EIPs to handle outbound NAT traffic from their respective AZs. If not specified, the NAT gateway will automatically expand to new AZs and associate EIPs upon detection of an elastic network interface. If you specify this parameter, auto-expansion is disabled and you must manually manage AZ coverage.

A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

• (dict) --

  For regional NAT gateways only: The configuration specifying which Elastic IP address (EIP) to use for handling outbound NAT traffic from a specific Availability Zone.

  A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

  For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

  • AvailabilityZone (string) --

    For regional NAT gateways only: The Availability Zone where this specific NAT gateway configuration will be active. Each AZ in a regional NAT gateway has its own configuration to handle outbound NAT traffic from that AZ.

    A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

  • AvailabilityZoneId (string) --

    For regional NAT gateways only: The ID of the Availability Zone where this specific NAT gateway configuration will be active. Each AZ in a regional NAT gateway has its own configuration to handle outbound NAT traffic from that AZ. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.

    A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

  • AllocationIds (list) --

    The allocation IDs of the Elastic IP addresses (EIPs) to be used for handling outbound NAT traffic in this specific Availability Zone.

    • (string) --

type TagSpecifications:

list

param TagSpecifications:

The tags to assign to the NAT gateway.

• (dict) --

  The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

  • ResourceType (string) --

    The type of resource to tag on creation.

  • Tags (list) --

    The tags to apply to the resource.

    • (dict) --

      Describes a tag.

      • Key (string) --

        The key of the tag.

        Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

      • Value (string) --

        The value of the tag.

        Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

type ConnectivityType:

string

param ConnectivityType:

Indicates whether the NAT gateway supports public or private connectivity. The default is public connectivity.

type PrivateIpAddress:

string

param PrivateIpAddress:

The private IPv4 address to assign to the NAT gateway. If you don't provide an address, a private IPv4 address will be automatically assigned.

type SecondaryAllocationIds:

list

param SecondaryAllocationIds:

Secondary EIP allocation IDs. For more information, see Create a NAT gateway in the Amazon VPC User Guide.

• (string) --

type SecondaryPrivateIpAddresses:

list

param SecondaryPrivateIpAddresses:

Secondary private IPv4 addresses. For more information about secondary addresses, see Create a NAT gateway in the Amazon VPC User Guide.

• (string) --

type SecondaryPrivateIpAddressCount:

integer

param SecondaryPrivateIpAddressCount:

[Private NAT gateway only] The number of secondary private IPv4 addresses you want to assign to the NAT gateway. For more information about secondary addresses, see Create a NAT gateway in the Amazon VPC User Guide.

rtype:

dict

returns:

Response Syntax

{
    'ClientToken': 'string',
    'NatGateway': {
        'CreateTime': datetime(2015, 1, 1),
        'DeleteTime': datetime(2015, 1, 1),
        'FailureCode': 'string',
        'FailureMessage': 'string',
        'NatGatewayAddresses': [
            {
                'AllocationId': 'string',
                'NetworkInterfaceId': 'string',
                'PrivateIp': 'string',
                'PublicIp': 'string',
                'AssociationId': 'string',
                'IsPrimary': True|False,
                'FailureMessage': 'string',
                'Status': 'assigning'|'unassigning'|'associating'|'disassociating'|'succeeded'|'failed',
                'AvailabilityZone': 'string',
                'AvailabilityZoneId': 'string'
            },
        ],
        'NatGatewayId': 'string',
        'ProvisionedBandwidth': {
            'ProvisionTime': datetime(2015, 1, 1),
            'Provisioned': 'string',
            'RequestTime': datetime(2015, 1, 1),
            'Requested': 'string',
            'Status': 'string'
        },
        'State': 'pending'|'failed'|'available'|'deleting'|'deleted',
        'SubnetId': 'string',
        'VpcId': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'ConnectivityType': 'private'|'public',
        'AvailabilityMode': 'zonal'|'regional',
        'AutoScalingIps': 'enabled'|'disabled',
        'AutoProvisionZones': 'enabled'|'disabled',
        'RouteTableId': 'string'
    }
}

Response Structure

• (dict) --

  • ClientToken (string) --

    Unique, case-sensitive identifier to ensure the idempotency of the request. Only returned if a client token was provided in the request.

  • NatGateway (dict) --

    Information about the NAT gateway.

    • CreateTime (datetime) --

      The date and time the NAT gateway was created.

    • DeleteTime (datetime) --

      The date and time the NAT gateway was deleted, if applicable.

    • FailureCode (string) --

      If the NAT gateway could not be created, specifies the error code for the failure. ( InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound)

    • FailureMessage (string) --

      If the NAT gateway could not be created, specifies the error message for the failure, that corresponds to the error code.

      • For InsufficientFreeAddressesInSubnet: "Subnet has insufficient free addresses to create this NAT gateway"

      • For Gateway.NotAttached: "Network vpc-xxxxxxxx has no Internet gateway attached"

      • For InvalidAllocationID.NotFound: "Elastic IP address eipalloc-xxxxxxxx could not be associated with this NAT gateway"

      • For Resource.AlreadyAssociated: "Elastic IP address eipalloc-xxxxxxxx is already associated"

      • For InternalError: "Network interface eni-xxxxxxxx, created and used internally by this NAT gateway is in an invalid state. Please try again."

      • For InvalidSubnetID.NotFound: "The specified subnet subnet-xxxxxxxx does not exist or could not be found."

    • NatGatewayAddresses (list) --

      Information about the IP addresses and network interface associated with the NAT gateway.

      • (dict) --

        Describes the IP addresses and network interface associated with a NAT gateway.

        • AllocationId (string) --

          [Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway.

        • NetworkInterfaceId (string) --

          The ID of the network interface associated with the NAT gateway.

        • PrivateIp (string) --

          The private IP address associated with the NAT gateway.

        • PublicIp (string) --

          [Public NAT gateway only] The Elastic IP address associated with the NAT gateway.

        • AssociationId (string) --

          [Public NAT gateway only] The association ID of the Elastic IP address that's associated with the NAT gateway.

        • IsPrimary (boolean) --

          Defines if the IP address is the primary address.

        • FailureMessage (string) --

          The address failure message.

        • Status (string) --

          The address status.

        • AvailabilityZone (string) --

          The Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic.

        • AvailabilityZoneId (string) --

          The ID of the Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.

    • NatGatewayId (string) --

      The ID of the NAT gateway.

    • ProvisionedBandwidth (dict) --

      Reserved. If you need to sustain traffic greater than the documented limits, contact Amazon Web Services Support.

      • ProvisionTime (datetime) --

        Reserved.

      • Provisioned (string) --

        Reserved.

      • RequestTime (datetime) --

        Reserved.

      • Requested (string) --

        Reserved.

      • Status (string) --

        Reserved.

    • State (string) --

      The state of the NAT gateway.

      • pending: The NAT gateway is being created and is not ready to process traffic.

      • failed: The NAT gateway could not be created. Check the failureCode and failureMessage fields for the reason.

      • available: The NAT gateway is able to process traffic. This status remains until you delete the NAT gateway, and does not indicate the health of the NAT gateway.

      • deleting: The NAT gateway is in the process of being terminated and may still be processing traffic.

      • deleted: The NAT gateway has been terminated and is no longer processing traffic.

    • SubnetId (string) --

      The ID of the subnet in which the NAT gateway is located.

    • VpcId (string) --

      The ID of the VPC in which the NAT gateway is located.

    • Tags (list) --

      The tags for the NAT gateway.

      • (dict) --

        Describes a tag.

        • Key (string) --

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

        • Value (string) --

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

    • ConnectivityType (string) --

      Indicates whether the NAT gateway supports public or private connectivity.

    • AvailabilityMode (string) --

      Indicates whether this is a zonal (single-AZ) or regional (multi-AZ) NAT gateway.

      A zonal NAT gateway is a NAT Gateway that provides redundancy and scalability within a single availability zone. A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

      For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

    • AutoScalingIps (string) --

      For regional NAT gateways only: Indicates whether Amazon Web Services automatically allocates additional Elastic IP addresses (EIPs) in an AZ when the NAT gateway needs more ports due to increased concurrent connections to a single destination from that AZ.

      For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

    • AutoProvisionZones (string) --

      For regional NAT gateways only: Indicates whether Amazon Web Services automatically manages AZ coverage. When enabled, the NAT gateway associates EIPs in all AZs where your VPC has subnets to handle outbound NAT traffic, expands to new AZs when you create subnets there, and retracts from AZs where you've removed all subnets. When disabled, you must manually manage which AZs the NAT gateway supports and their corresponding EIPs.

      A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

      For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

    • RouteTableId (string) --

      For regional NAT gateways only, this is the ID of the NAT gateway.

{'Addresses': {'ServiceManaged': {'rds'}}}

Describes the specified Elastic IP addresses or all of your Elastic IP addresses.

See also: AWS API Documentation

Request Syntax

client.describe_addresses(
    PublicIps=[
        'string',
    ],
    DryRun=True|False,
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    AllocationIds=[
        'string',
    ]
)

type PublicIps:

list

param PublicIps:

One or more Elastic IP addresses.

Default: Describes all your Elastic IP addresses.

• (string) --

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type Filters:

list

param Filters:

One or more filters. Filter names and values are case-sensitive.

• allocation-id - The allocation ID for the address.

• association-id - The association ID for the address.

• instance-id - The ID of the instance the address is associated with, if any.

• network-border-group - A unique set of Availability Zones, Local Zones, or Wavelength Zones from where Amazon Web Services advertises IP addresses.

• network-interface-id - The ID of the network interface that the address is associated with, if any.

• network-interface-owner-id - The Amazon Web Services account ID of the owner.

• private-ip-address - The private IP address associated with the Elastic IP address.

• public-ip - The Elastic IP address, or the carrier IP address.

• tag:<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

• (dict) --

  A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

  If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

  For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.

  • Name (string) --

    The name of the filter. Filter names are case-sensitive.

  • Values (list) --

    The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    • (string) --

type AllocationIds:

list

param AllocationIds:

Information about the allocation IDs.

• (string) --

rtype:

dict

returns:

Response Syntax

{
    'Addresses': [
        {
            'AllocationId': 'string',
            'AssociationId': 'string',
            'Domain': 'vpc'|'standard',
            'NetworkInterfaceId': 'string',
            'NetworkInterfaceOwnerId': 'string',
            'PrivateIpAddress': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'PublicIpv4Pool': 'string',
            'NetworkBorderGroup': 'string',
            'CustomerOwnedIp': 'string',
            'CustomerOwnedIpv4Pool': 'string',
            'CarrierIp': 'string',
            'SubnetId': 'string',
            'ServiceManaged': 'alb'|'nlb'|'rnat'|'rds',
            'InstanceId': 'string',
            'PublicIp': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • Addresses (list) --

    Information about the Elastic IP addresses.

    • (dict) --

      Describes an Elastic IP address, or a carrier IP address.

      • AllocationId (string) --

        The ID representing the allocation of the address.

      • AssociationId (string) --

        The ID representing the association of the address with an instance.

      • Domain (string) --

        The network ( vpc).

      • NetworkInterfaceId (string) --

        The ID of the network interface.

      • NetworkInterfaceOwnerId (string) --

        The ID of the Amazon Web Services account that owns the network interface.

      • PrivateIpAddress (string) --

        The private IP address associated with the Elastic IP address.

      • Tags (list) --

        Any tags assigned to the Elastic IP address.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

      • PublicIpv4Pool (string) --

        The ID of an address pool.

      • NetworkBorderGroup (string) --

        The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which Amazon Web Services advertises IP addresses.

      • CustomerOwnedIp (string) --

        The customer-owned IP address.

      • CustomerOwnedIpv4Pool (string) --

        The ID of the customer-owned address pool.

      • CarrierIp (string) --

        The carrier IP address associated. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance).

      • SubnetId (string) --

        The ID of the subnet where the IP address is allocated.

      • ServiceManaged (string) --

        The service that manages the elastic IP address.

      • InstanceId (string) --

        The ID of the instance that the address is associated with (if any).

      • PublicIp (string) --

        The Elastic IP address.

{'LaunchTemplateVersions': {'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-policy'}}}}}

{'NatGateways': {'AutoProvisionZones': 'enabled | disabled',
                 'AutoScalingIps': 'enabled | disabled',
                 'AvailabilityMode': 'zonal | regional',
                 'NatGatewayAddresses': {'AvailabilityZone': 'string',
                                         'AvailabilityZoneId': 'string'},
                 'RouteTableId': 'string'}}

Describes your NAT gateways. The default is to describe all your NAT gateways. Alternatively, you can specify specific NAT gateway IDs or filter the results to include only the NAT gateways that match specific criteria.

See also: AWS API Documentation

Request Syntax

client.describe_nat_gateways(
    DryRun=True|False,
    Filter=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NatGatewayIds=[
        'string',
    ],
    NextToken='string'
)

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type Filter:

list

param Filter:

The filters.

• nat-gateway-id - The ID of the NAT gateway.

• state - The state of the NAT gateway ( pending | failed | available | deleting | deleted).

• subnet-id - The ID of the subnet in which the NAT gateway resides.

• tag - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

• tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

• vpc-id - The ID of the VPC in which the NAT gateway resides.

• (dict) --

  A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

  If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

  For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.

  • Name (string) --

    The name of the filter. Filter names are case-sensitive.

  • Values (list) --

    The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

type NatGatewayIds:

list

param NatGatewayIds:

The IDs of the NAT gateways.

• (string) --

type NextToken:

string

param NextToken:

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

rtype:

dict

returns:

Response Syntax

{
    'NatGateways': [
        {
            'CreateTime': datetime(2015, 1, 1),
            'DeleteTime': datetime(2015, 1, 1),
            'FailureCode': 'string',
            'FailureMessage': 'string',
            'NatGatewayAddresses': [
                {
                    'AllocationId': 'string',
                    'NetworkInterfaceId': 'string',
                    'PrivateIp': 'string',
                    'PublicIp': 'string',
                    'AssociationId': 'string',
                    'IsPrimary': True|False,
                    'FailureMessage': 'string',
                    'Status': 'assigning'|'unassigning'|'associating'|'disassociating'|'succeeded'|'failed',
                    'AvailabilityZone': 'string',
                    'AvailabilityZoneId': 'string'
                },
            ],
            'NatGatewayId': 'string',
            'ProvisionedBandwidth': {
                'ProvisionTime': datetime(2015, 1, 1),
                'Provisioned': 'string',
                'RequestTime': datetime(2015, 1, 1),
                'Requested': 'string',
                'Status': 'string'
            },
            'State': 'pending'|'failed'|'available'|'deleting'|'deleted',
            'SubnetId': 'string',
            'VpcId': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'ConnectivityType': 'private'|'public',
            'AvailabilityMode': 'zonal'|'regional',
            'AutoScalingIps': 'enabled'|'disabled',
            'AutoProvisionZones': 'enabled'|'disabled',
            'RouteTableId': 'string'
        },
    ],
    'NextToken': 'string'
}

Response Structure

• (dict) --

  • NatGateways (list) --

    Information about the NAT gateways.

    • (dict) --

      Describes a NAT gateway.

      • CreateTime (datetime) --

        The date and time the NAT gateway was created.

      • DeleteTime (datetime) --

        The date and time the NAT gateway was deleted, if applicable.

      • FailureCode (string) --

        If the NAT gateway could not be created, specifies the error code for the failure. ( InsufficientFreeAddressesInSubnet | Gateway.NotAttached | InvalidAllocationID.NotFound | Resource.AlreadyAssociated | InternalError | InvalidSubnetID.NotFound)

      • FailureMessage (string) --

        If the NAT gateway could not be created, specifies the error message for the failure, that corresponds to the error code.

        • For InsufficientFreeAddressesInSubnet: "Subnet has insufficient free addresses to create this NAT gateway"

        • For Gateway.NotAttached: "Network vpc-xxxxxxxx has no Internet gateway attached"

        • For InvalidAllocationID.NotFound: "Elastic IP address eipalloc-xxxxxxxx could not be associated with this NAT gateway"

        • For Resource.AlreadyAssociated: "Elastic IP address eipalloc-xxxxxxxx is already associated"

        • For InternalError: "Network interface eni-xxxxxxxx, created and used internally by this NAT gateway is in an invalid state. Please try again."

        • For InvalidSubnetID.NotFound: "The specified subnet subnet-xxxxxxxx does not exist or could not be found."

      • NatGatewayAddresses (list) --

        Information about the IP addresses and network interface associated with the NAT gateway.

        • (dict) --

          Describes the IP addresses and network interface associated with a NAT gateway.

          • AllocationId (string) --

            [Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway.

          • NetworkInterfaceId (string) --

            The ID of the network interface associated with the NAT gateway.

          • PrivateIp (string) --

            The private IP address associated with the NAT gateway.

          • PublicIp (string) --

            [Public NAT gateway only] The Elastic IP address associated with the NAT gateway.

          • AssociationId (string) --

            [Public NAT gateway only] The association ID of the Elastic IP address that's associated with the NAT gateway.

          • IsPrimary (boolean) --

            Defines if the IP address is the primary address.

          • FailureMessage (string) --

            The address failure message.

          • Status (string) --

            The address status.

          • AvailabilityZone (string) --

            The Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic.

          • AvailabilityZoneId (string) --

            The ID of the Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.

      • NatGatewayId (string) --

        The ID of the NAT gateway.

      • ProvisionedBandwidth (dict) --

        Reserved. If you need to sustain traffic greater than the documented limits, contact Amazon Web Services Support.

        • ProvisionTime (datetime) --

          Reserved.

        • Provisioned (string) --

          Reserved.

        • RequestTime (datetime) --

          Reserved.

        • Requested (string) --

          Reserved.

        • Status (string) --

          Reserved.

      • State (string) --

        The state of the NAT gateway.

        • pending: The NAT gateway is being created and is not ready to process traffic.

        • failed: The NAT gateway could not be created. Check the failureCode and failureMessage fields for the reason.

        • available: The NAT gateway is able to process traffic. This status remains until you delete the NAT gateway, and does not indicate the health of the NAT gateway.

        • deleting: The NAT gateway is in the process of being terminated and may still be processing traffic.

        • deleted: The NAT gateway has been terminated and is no longer processing traffic.

      • SubnetId (string) --

        The ID of the subnet in which the NAT gateway is located.

      • VpcId (string) --

        The ID of the VPC in which the NAT gateway is located.

      • Tags (list) --

        The tags for the NAT gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

      • ConnectivityType (string) --

        Indicates whether the NAT gateway supports public or private connectivity.

      • AvailabilityMode (string) --

        Indicates whether this is a zonal (single-AZ) or regional (multi-AZ) NAT gateway.

        A zonal NAT gateway is a NAT Gateway that provides redundancy and scalability within a single availability zone. A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

        For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

      • AutoScalingIps (string) --

        For regional NAT gateways only: Indicates whether Amazon Web Services automatically allocates additional Elastic IP addresses (EIPs) in an AZ when the NAT gateway needs more ports due to increased concurrent connections to a single destination from that AZ.

        For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

      • AutoProvisionZones (string) --

        For regional NAT gateways only: Indicates whether Amazon Web Services automatically manages AZ coverage. When enabled, the NAT gateway associates EIPs in all AZs where your VPC has subnets to handle outbound NAT traffic, expands to new AZs when you create subnets there, and retracts from AZs where you've removed all subnets. When disabled, you must manually manage which AZs the NAT gateway supports and their corresponding EIPs.

        A regional NAT gateway is a single NAT Gateway that works across multiple availability zones (AZs) in your VPC, providing redundancy, scalability and availability across all the AZs in a Region.

        For more information, see Regional NAT gateways for automatic multi-AZ expansion in the Amazon VPC User Guide.

      • RouteTableId (string) --

        For regional NAT gateways only, this is the ID of the NAT gateway.

  • NextToken (string) --

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

{'SpotFleetRequestConfigs': {'SpotFleetRequestConfig': {'LaunchSpecifications': {'TagSpecifications': {'ResourceType': {'ipam-policy'}}},
                                                        'TagSpecifications': {'ResourceType': {'ipam-policy'}}}}}

{'Tags': {'ResourceType': {'ipam-policy'}}}

Describes the specified tags for your EC2 resources.

For more information about tags, see Tag your Amazon EC2 resources in the Amazon Elastic Compute Cloud User Guide.

See also: AWS API Documentation

Request Syntax

client.describe_tags(
    DryRun=True|False,
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string'
)

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type Filters:

list

param Filters:

The filters.

• key - The tag key.

• resource-id - The ID of the resource.

• resource-type - The resource type. For a list of possible values, see TagSpecification.

• tag:<key> - The key/value combination of the tag. For example, specify "tag:Owner" for the filter name and "TeamA" for the filter value to find resources with the tag "Owner=TeamA".

• value - The tag value.

• (dict) --

  A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

  If you specify multiple filters, the filters are joined with an AND, and the request returns only results that match all of the specified filters.

  For more information, see List and filter using the CLI and API in the Amazon EC2 User Guide.

  • Name (string) --

    The name of the filter. Filter names are case-sensitive.

  • Values (list) --

    The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR, and the request returns all results that match any of the specified values.

    • (string) --

type MaxResults:

integer

param MaxResults:

The maximum number of items to return for this request. This value can be between 5 and 1000. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.

type NextToken:

string

param NextToken:

The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.

rtype:

dict

returns:

Response Syntax

{
    'NextToken': 'string',
    'Tags': [
        {
            'Key': 'string',
            'ResourceId': 'string',
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export'|'vpn-concentrator',
            'Value': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • NextToken (string) --

    The token to include in another request to get the next page of items. This value is null when there are no more items to return.

  • Tags (list) --

    The tags.

    • (dict) --

      Describes a tag.

      • Key (string) --

        The tag key.

      • ResourceId (string) --

        The ID of the resource.

      • ResourceType (string) --

        The resource type.

      • Value (string) --

        The tag value.

{'NatGatewayAddresses': {'AvailabilityZone': 'string',
                         'AvailabilityZoneId': 'string'}}

Disassociates secondary Elastic IP addresses (EIPs) from a public NAT gateway. You cannot disassociate your primary EIP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.

While disassociating is in progress, you cannot associate/disassociate additional EIPs while the connections are being drained. You are, however, allowed to delete the NAT gateway.

An EIP is released only at the end of MaxDrainDurationSeconds. It stays associated and supports the existing connections but does not support any new connections (new connections are distributed across the remaining associated EIPs). As the existing connections drain out, the EIPs (and the corresponding private IP addresses mapped to them) are released.

See also: AWS API Documentation

Request Syntax

client.disassociate_nat_gateway_address(
    NatGatewayId='string',
    AssociationIds=[
        'string',
    ],
    MaxDrainDurationSeconds=123,
    DryRun=True|False
)

type NatGatewayId:

string

param NatGatewayId:

[REQUIRED]

The ID of the NAT gateway.

type AssociationIds:

list

param AssociationIds:

[REQUIRED]

The association IDs of EIPs that have been associated with the NAT gateway.

• (string) --

type MaxDrainDurationSeconds:

integer

param MaxDrainDurationSeconds:

The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'NatGatewayId': 'string',
    'NatGatewayAddresses': [
        {
            'AllocationId': 'string',
            'NetworkInterfaceId': 'string',
            'PrivateIp': 'string',
            'PublicIp': 'string',
            'AssociationId': 'string',
            'IsPrimary': True|False,
            'FailureMessage': 'string',
            'Status': 'assigning'|'unassigning'|'associating'|'disassociating'|'succeeded'|'failed',
            'AvailabilityZone': 'string',
            'AvailabilityZoneId': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • NatGatewayId (string) --

    The ID of the NAT gateway.

  • NatGatewayAddresses (list) --

    Information about the NAT gateway IP addresses.

    • (dict) --

      Describes the IP addresses and network interface associated with a NAT gateway.

      • AllocationId (string) --

        [Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway.

      • NetworkInterfaceId (string) --

        The ID of the network interface associated with the NAT gateway.

      • PrivateIp (string) --

        The private IP address associated with the NAT gateway.

      • PublicIp (string) --

        [Public NAT gateway only] The Elastic IP address associated with the NAT gateway.

      • AssociationId (string) --

        [Public NAT gateway only] The association ID of the Elastic IP address that's associated with the NAT gateway.

      • IsPrimary (boolean) --

        Defines if the IP address is the primary address.

      • FailureMessage (string) --

        The address failure message.

      • Status (string) --

        The address status.

      • AvailabilityZone (string) --

        The Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic.

      • AvailabilityZoneId (string) --

        The ID of the Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.

{'LaunchTemplateData': {'TagSpecifications': {'ResourceType': {'ipam-policy'}}}}

{'PoolTagSpecifications': {'ResourceType': {'ipam-policy'}}}

Provisions an IPv4 or IPv6 address range for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP) and creates a corresponding address pool. After the address range is provisioned, it is ready to be advertised.

Amazon Web Services verifies that you own the address range and are authorized to advertise it. You must ensure that the address range is registered to you and that you created an RPKI ROA to authorize Amazon ASNs 16509 and 14618 to advertise the address range. For more information, see Bring your own IP addresses (BYOIP) in the Amazon EC2 User Guide.

Provisioning an address range is an asynchronous operation, so the call returns immediately, but the address range is not ready to use until its status changes from pending-provision to provisioned. For more information, see Onboard your address range.

See also: AWS API Documentation

Request Syntax

client.provision_byoip_cidr(
    Cidr='string',
    CidrAuthorizationContext={
        'Message': 'string',
        'Signature': 'string'
    },
    PubliclyAdvertisable=True|False,
    Description='string',
    DryRun=True|False,
    PoolTagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'capacity-manager-data-export'|'vpn-concentrator',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    MultiRegion=True|False,
    NetworkBorderGroup='string'
)

type Cidr:

string

param Cidr:

[REQUIRED]

The public IPv4 or IPv6 address range, in CIDR notation. The most specific IPv4 prefix that you can specify is /24. The most specific IPv6 address range that you can bring is /48 for CIDRs that are publicly advertisable and /56 for CIDRs that are not publicly advertisable. The address range cannot overlap with another address range that you've brought to this or another Region.

type CidrAuthorizationContext:

dict

param CidrAuthorizationContext:

A signed document that proves that you are authorized to bring the specified IP address range to Amazon using BYOIP.

• Message (string) -- [REQUIRED]

  The plain-text authorization message for the prefix and account.

• Signature (string) -- [REQUIRED]

  The signed authorization message for the prefix and account.

type PubliclyAdvertisable:

boolean

param PubliclyAdvertisable:

(IPv6 only) Indicate whether the address range will be publicly advertised to the internet.

Default: true

type Description:

string

param Description:

A description for the address range and the address pool.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

type PoolTagSpecifications:

list

param PoolTagSpecifications:

The tags to apply to the address pool.

• (dict) --

  The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

  • ResourceType (string) --

    The type of resource to tag on creation.

  • Tags (list) --

    The tags to apply to the resource.

    • (dict) --

      Describes a tag.

      • Key (string) --

        The key of the tag.

        Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws:.

      • Value (string) --

        The value of the tag.

        Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

type MultiRegion:

boolean

param MultiRegion:

Reserved.

type NetworkBorderGroup:

string

param NetworkBorderGroup:

If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.

You can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:

• us-east-1-dfw-2

• us-west-2-lax-1

• us-west-2-phx-2

rtype:

dict

returns:

Response Syntax

{
    'ByoipCidr': {
        'Cidr': 'string',
        'Description': 'string',
        'AsnAssociations': [
            {
                'Asn': 'string',
                'Cidr': 'string',
                'StatusMessage': 'string',
                'State': 'disassociated'|'failed-disassociation'|'failed-association'|'pending-disassociation'|'pending-association'|'associated'
            },
        ],
        'StatusMessage': 'string',
        'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable',
        'NetworkBorderGroup': 'string'
    }
}

Response Structure

• (dict) --

  • ByoipCidr (dict) --

    Information about the address range.

    • Cidr (string) --

      The address range, in CIDR notation.

    • Description (string) --

      The description of the address range.

    • AsnAssociations (list) --

      The BYOIP CIDR associations with ASNs.

      • (dict) --

        An Autonomous System Number (ASN) and BYOIP CIDR association.

        • Asn (string) --

          The association's ASN.

        • Cidr (string) --

          The association's CIDR.

        • StatusMessage (string) --

          The association's status message.

        • State (string) --

          The association's state.

    • StatusMessage (string) --

      Upon success, contains the ID of the address pool. Otherwise, contains an error message.

    • State (string) --

      The state of the address range.

      • advertised: The address range is being advertised to the internet by Amazon Web Services.

      • deprovisioned: The address range is deprovisioned.

      • failed-deprovision: The request to deprovision the address range was unsuccessful. Ensure that all EIPs from the range have been deallocated and try again.

      • failed-provision: The request to provision the address range was unsuccessful.

      • pending-deprovision: You’ve submitted a request to deprovision an address range and it's pending.

      • pending-provision: You’ve submitted a request to provision an address range and it's pending.

      • provisioned: The address range is provisioned and can be advertised. The range is not currently advertised.

      • provisioned-not-publicly-advertisable: The address range is provisioned and cannot be advertised.

    • NetworkBorderGroup (string) --

      If you have Local Zones enabled, you can choose a network border group for Local Zones when you provision and advertise a BYOIPv4 CIDR. Choose the network border group carefully as the EIP and the Amazon Web Services resource it is associated with must reside in the same network border group.

      You can provision BYOIP address ranges to and advertise them in the following Local Zone network border groups:

      • us-east-1-dfw-2

      • us-west-2-lax-1

      • us-west-2-phx-2

{'SpotFleetRequestConfig': {'LaunchSpecifications': {'TagSpecifications': {'ResourceType': {'ipam-policy'}}},
                            'TagSpecifications': {'ResourceType': {'ipam-policy'}}}}

{'NatGatewayAddresses': {'AvailabilityZone': 'string',
                         'AvailabilityZoneId': 'string'}}

Unassigns secondary private IPv4 addresses from a private NAT gateway. You cannot unassign your primary private IP. For more information, see Edit secondary IP address associations in the Amazon VPC User Guide.

While unassigning is in progress, you cannot assign/unassign additional IP addresses while the connections are being drained. You are, however, allowed to delete the NAT gateway.

A private IP address will only be released at the end of MaxDrainDurationSeconds. The private IP addresses stay associated and support the existing connections, but do not support any new connections (new connections are distributed across the remaining assigned private IP address). After the existing connections drain out, the private IP addresses are released.

See also: AWS API Documentation

Request Syntax

client.unassign_private_nat_gateway_address(
    NatGatewayId='string',
    PrivateIpAddresses=[
        'string',
    ],
    MaxDrainDurationSeconds=123,
    DryRun=True|False
)

type NatGatewayId:

string

param NatGatewayId:

[REQUIRED]

The ID of the NAT gateway.

type PrivateIpAddresses:

list

param PrivateIpAddresses:

[REQUIRED]

The private IPv4 addresses you want to unassign.

• (string) --

type MaxDrainDurationSeconds:

integer

param MaxDrainDurationSeconds:

The maximum amount of time to wait (in seconds) before forcibly releasing the IP addresses if connections are still in progress. Default value is 350 seconds.

type DryRun:

boolean

param DryRun:

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

rtype:

dict

returns:

Response Syntax

{
    'NatGatewayId': 'string',
    'NatGatewayAddresses': [
        {
            'AllocationId': 'string',
            'NetworkInterfaceId': 'string',
            'PrivateIp': 'string',
            'PublicIp': 'string',
            'AssociationId': 'string',
            'IsPrimary': True|False,
            'FailureMessage': 'string',
            'Status': 'assigning'|'unassigning'|'associating'|'disassociating'|'succeeded'|'failed',
            'AvailabilityZone': 'string',
            'AvailabilityZoneId': 'string'
        },
    ]
}

Response Structure

• (dict) --

  • NatGatewayId (string) --

    The ID of the NAT gateway.

  • NatGatewayAddresses (list) --

    Information about the NAT gateway IP addresses.

    • (dict) --

      Describes the IP addresses and network interface associated with a NAT gateway.

      • AllocationId (string) --

        [Public NAT gateway only] The allocation ID of the Elastic IP address that's associated with the NAT gateway.

      • NetworkInterfaceId (string) --

        The ID of the network interface associated with the NAT gateway.

      • PrivateIp (string) --

        The private IP address associated with the NAT gateway.

      • PublicIp (string) --

        [Public NAT gateway only] The Elastic IP address associated with the NAT gateway.

      • AssociationId (string) --

        [Public NAT gateway only] The association ID of the Elastic IP address that's associated with the NAT gateway.

      • IsPrimary (boolean) --

        Defines if the IP address is the primary address.

      • FailureMessage (string) --

        The address failure message.

      • Status (string) --

        The address status.

      • AvailabilityZone (string) --

        The Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic.

      • AvailabilityZoneId (string) --

        The ID of the Availability Zone where this Elastic IP address (EIP) is being used to handle outbound NAT traffic. Use this instead of AvailabilityZone for consistent identification of AZs across Amazon Web Services Regions.