Amazon Elastic Compute Cloud

2023/11/20 - Amazon Elastic Compute Cloud - 11 updated api methods

Changes  This release adds support for Security group referencing over Transit gateways, enabling you to simplify Security group management and control of instance-to-instance traffic across VPCs that are connected by Transit gateway.

AcceptTransitGatewayVpcAttachment (updated) Link ¶
Changes (response)
{'TransitGatewayVpcAttachment': {'Options': {'SecurityGroupReferencingSupport': 'enable '
                                                                                '| '
                                                                                'disable'}}}

Accepts a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.

See also: AWS API Documentation

Request Syntax

client.accept_transit_gateway_vpc_attachment(
    TransitGatewayAttachmentId='string',
    DryRun=True|False
)
type TransitGatewayAttachmentId

string

param TransitGatewayAttachmentId

[REQUIRED]

The ID of the attachment.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGatewayVpcAttachment': {
        'TransitGatewayAttachmentId': 'string',
        'TransitGatewayId': 'string',
        'VpcId': 'string',
        'VpcOwnerId': 'string',
        'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
        'SubnetIds': [
            'string',
        ],
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'Ipv6Support': 'enable'|'disable',
            'ApplianceModeSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGatewayVpcAttachment (dict) --

      The VPC attachment.

      • TransitGatewayAttachmentId (string) --

        The ID of the attachment.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • VpcId (string) --

        The ID of the VPC.

      • VpcOwnerId (string) --

        The ID of the Amazon Web Services account that owns the VPC.

      • State (string) --

        The state of the VPC attachment. Note that the initiating state has been deprecated.

      • SubnetIds (list) --

        The IDs of the subnets.

        • (string) --

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The VPC attachment options.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

        • Ipv6Support (string) --

          Indicates whether IPv6 support is disabled.

        • ApplianceModeSupport (string) --

          Indicates whether appliance mode support is enabled.

      • Tags (list) --

        The tags for the VPC attachment.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

CreateTransitGateway (updated) Link ¶
Changes (request, response)
Request
{'Options': {'SecurityGroupReferencingSupport': 'enable | disable'}}
Response
{'TransitGateway': {'Options': {'SecurityGroupReferencingSupport': 'enable | '
                                                                   'disable'}}}

Creates a transit gateway.

You can use a transit gateway to interconnect your virtual private clouds (VPC) and on-premises networks. After the transit gateway enters the available state, you can attach your VPCs and VPN connections to the transit gateway.

To attach your VPCs, use CreateTransitGatewayVpcAttachment .

To attach a VPN connection, use CreateCustomerGateway to create a customer gateway and specify the ID of the customer gateway and the ID of the transit gateway in a call to CreateVpnConnection .

When you create a transit gateway, we create a default transit gateway route table and use it as the default association route table and the default propagation route table. You can use CreateTransitGatewayRouteTable to create additional transit gateway route tables. If you disable automatic route propagation, we do not create a default transit gateway route table. You can use EnableTransitGatewayRouteTablePropagation to propagate routes from a resource attachment to a transit gateway route table. If you disable automatic associations, you can use AssociateTransitGatewayRouteTable to associate a resource attachment with a transit gateway route table.

See also: AWS API Documentation

Request Syntax

client.create_transit_gateway(
    Description='string',
    Options={
        'AmazonSideAsn': 123,
        'AutoAcceptSharedAttachments': 'enable'|'disable',
        'DefaultRouteTableAssociation': 'enable'|'disable',
        'DefaultRouteTablePropagation': 'enable'|'disable',
        'VpnEcmpSupport': 'enable'|'disable',
        'DnsSupport': 'enable'|'disable',
        'SecurityGroupReferencingSupport': 'enable'|'disable',
        'MulticastSupport': 'enable'|'disable',
        'TransitGatewayCidrBlocks': [
            'string',
        ]
    },
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DryRun=True|False
)
type Description

string

param Description

A description of the transit gateway.

type Options

dict

param Options

The transit gateway options.

  • AmazonSideAsn (integer) --

    A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs. The default is 64512 .

  • AutoAcceptSharedAttachments (string) --

    Enable or disable automatic acceptance of attachment requests. Disabled by default.

  • DefaultRouteTableAssociation (string) --

    Enable or disable automatic association with the default association route table. Enabled by default.

  • DefaultRouteTablePropagation (string) --

    Enable or disable automatic propagation of routes to the default propagation route table. Enabled by default.

  • VpnEcmpSupport (string) --

    Enable or disable Equal Cost Multipath Protocol support. Enabled by default.

  • DnsSupport (string) --

    Enable or disable DNS support. Enabled by default.

  • SecurityGroupReferencingSupport (string) --

    Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

    For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide .

  • MulticastSupport (string) --

    Indicates whether multicast is enabled on the transit gateway

  • TransitGatewayCidrBlocks (list) --

    One or more IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.

    • (string) --

type TagSpecifications

list

param TagSpecifications

The tags to apply to the transit gateway.

  • (dict) --

    The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

    Note

    The Valid Values lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.

    • ResourceType (string) --

      The type of resource to tag on creation.

    • Tags (list) --

      The tags to apply to the resource.

      • (dict) --

        Describes a tag.

        • Key (string) --

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

        • Value (string) --

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGateway': {
        'TransitGatewayId': 'string',
        'TransitGatewayArn': 'string',
        'State': 'pending'|'available'|'modifying'|'deleting'|'deleted',
        'OwnerId': 'string',
        'Description': 'string',
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'AmazonSideAsn': 123,
            'TransitGatewayCidrBlocks': [
                'string',
            ],
            'AutoAcceptSharedAttachments': 'enable'|'disable',
            'DefaultRouteTableAssociation': 'enable'|'disable',
            'AssociationDefaultRouteTableId': 'string',
            'DefaultRouteTablePropagation': 'enable'|'disable',
            'PropagationDefaultRouteTableId': 'string',
            'VpnEcmpSupport': 'enable'|'disable',
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'MulticastSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGateway (dict) --

      Information about the transit gateway.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • TransitGatewayArn (string) --

        The Amazon Resource Name (ARN) of the transit gateway.

      • State (string) --

        The state of the transit gateway.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the transit gateway.

      • Description (string) --

        The description of the transit gateway.

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The transit gateway options.

        • AmazonSideAsn (integer) --

          A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

        • TransitGatewayCidrBlocks (list) --

          The transit gateway CIDR blocks.

          • (string) --

        • AutoAcceptSharedAttachments (string) --

          Indicates whether attachment requests are automatically accepted.

        • DefaultRouteTableAssociation (string) --

          Indicates whether resource attachments are automatically associated with the default association route table.

        • AssociationDefaultRouteTableId (string) --

          The ID of the default association route table.

        • DefaultRouteTablePropagation (string) --

          Indicates whether resource attachments automatically propagate routes to the default propagation route table.

        • PropagationDefaultRouteTableId (string) --

          The ID of the default propagation route table.

        • VpnEcmpSupport (string) --

          Indicates whether Equal Cost Multipath Protocol support is enabled.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

          For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide .

        • MulticastSupport (string) --

          Indicates whether multicast is enabled on the transit gateway

      • Tags (list) --

        The tags for the transit gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

CreateTransitGatewayVpcAttachment (updated) Link ¶
Changes (request, response)
Request
{'Options': {'SecurityGroupReferencingSupport': 'enable | disable'}}
Response
{'TransitGatewayVpcAttachment': {'Options': {'SecurityGroupReferencingSupport': 'enable '
                                                                                '| '
                                                                                'disable'}}}

Attaches the specified VPC to the specified transit gateway.

If you attach a VPC with a CIDR range that overlaps the CIDR range of a VPC that is already attached, the new VPC CIDR range is not propagated to the default propagation route table.

To send VPC traffic to an attached transit gateway, add a route to the VPC route table using CreateRoute .

See also: AWS API Documentation

Request Syntax

client.create_transit_gateway_vpc_attachment(
    TransitGatewayId='string',
    VpcId='string',
    SubnetIds=[
        'string',
    ],
    Options={
        'DnsSupport': 'enable'|'disable',
        'SecurityGroupReferencingSupport': 'enable'|'disable',
        'Ipv6Support': 'enable'|'disable',
        'ApplianceModeSupport': 'enable'|'disable'
    },
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DryRun=True|False
)
type TransitGatewayId

string

param TransitGatewayId

[REQUIRED]

The ID of the transit gateway.

type VpcId

string

param VpcId

[REQUIRED]

The ID of the VPC.

type SubnetIds

list

param SubnetIds

[REQUIRED]

The IDs of one or more subnets. You can specify only one subnet per Availability Zone. You must specify at least one subnet, but we recommend that you specify two subnets for better availability. The transit gateway uses one IP address from each specified subnet.

  • (string) --

type Options

dict

param Options

The VPC attachment options.

  • DnsSupport (string) --

    Enable or disable DNS support. The default is enable .

  • SecurityGroupReferencingSupport (string) --

    Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

    If you don't enable or disable SecurityGroupReferencingSupport in the request, the attachment will inherit the security group referencing support setting on the transit gateway.

    For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

  • Ipv6Support (string) --

    Enable or disable IPv6 support. The default is disable .

  • ApplianceModeSupport (string) --

    Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable .

type TagSpecifications

list

param TagSpecifications

The tags to apply to the VPC attachment.

  • (dict) --

    The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

    Note

    The Valid Values lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.

    • ResourceType (string) --

      The type of resource to tag on creation.

    • Tags (list) --

      The tags to apply to the resource.

      • (dict) --

        Describes a tag.

        • Key (string) --

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

        • Value (string) --

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGatewayVpcAttachment': {
        'TransitGatewayAttachmentId': 'string',
        'TransitGatewayId': 'string',
        'VpcId': 'string',
        'VpcOwnerId': 'string',
        'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
        'SubnetIds': [
            'string',
        ],
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'Ipv6Support': 'enable'|'disable',
            'ApplianceModeSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGatewayVpcAttachment (dict) --

      Information about the VPC attachment.

      • TransitGatewayAttachmentId (string) --

        The ID of the attachment.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • VpcId (string) --

        The ID of the VPC.

      • VpcOwnerId (string) --

        The ID of the Amazon Web Services account that owns the VPC.

      • State (string) --

        The state of the VPC attachment. Note that the initiating state has been deprecated.

      • SubnetIds (list) --

        The IDs of the subnets.

        • (string) --

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The VPC attachment options.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

        • Ipv6Support (string) --

          Indicates whether IPv6 support is disabled.

        • ApplianceModeSupport (string) --

          Indicates whether appliance mode support is enabled.

      • Tags (list) --

        The tags for the VPC attachment.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

DeleteTransitGateway (updated) Link ¶
Changes (response)
{'TransitGateway': {'Options': {'SecurityGroupReferencingSupport': 'enable | '
                                                                   'disable'}}}

Deletes the specified transit gateway.

See also: AWS API Documentation

Request Syntax

client.delete_transit_gateway(
    TransitGatewayId='string',
    DryRun=True|False
)
type TransitGatewayId

string

param TransitGatewayId

[REQUIRED]

The ID of the transit gateway.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGateway': {
        'TransitGatewayId': 'string',
        'TransitGatewayArn': 'string',
        'State': 'pending'|'available'|'modifying'|'deleting'|'deleted',
        'OwnerId': 'string',
        'Description': 'string',
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'AmazonSideAsn': 123,
            'TransitGatewayCidrBlocks': [
                'string',
            ],
            'AutoAcceptSharedAttachments': 'enable'|'disable',
            'DefaultRouteTableAssociation': 'enable'|'disable',
            'AssociationDefaultRouteTableId': 'string',
            'DefaultRouteTablePropagation': 'enable'|'disable',
            'PropagationDefaultRouteTableId': 'string',
            'VpnEcmpSupport': 'enable'|'disable',
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'MulticastSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGateway (dict) --

      Information about the deleted transit gateway.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • TransitGatewayArn (string) --

        The Amazon Resource Name (ARN) of the transit gateway.

      • State (string) --

        The state of the transit gateway.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the transit gateway.

      • Description (string) --

        The description of the transit gateway.

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The transit gateway options.

        • AmazonSideAsn (integer) --

          A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

        • TransitGatewayCidrBlocks (list) --

          The transit gateway CIDR blocks.

          • (string) --

        • AutoAcceptSharedAttachments (string) --

          Indicates whether attachment requests are automatically accepted.

        • DefaultRouteTableAssociation (string) --

          Indicates whether resource attachments are automatically associated with the default association route table.

        • AssociationDefaultRouteTableId (string) --

          The ID of the default association route table.

        • DefaultRouteTablePropagation (string) --

          Indicates whether resource attachments automatically propagate routes to the default propagation route table.

        • PropagationDefaultRouteTableId (string) --

          The ID of the default propagation route table.

        • VpnEcmpSupport (string) --

          Indicates whether Equal Cost Multipath Protocol support is enabled.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

          For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide .

        • MulticastSupport (string) --

          Indicates whether multicast is enabled on the transit gateway

      • Tags (list) --

        The tags for the transit gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

DeleteTransitGatewayVpcAttachment (updated) Link ¶
Changes (response)
{'TransitGatewayVpcAttachment': {'Options': {'SecurityGroupReferencingSupport': 'enable '
                                                                                '| '
                                                                                'disable'}}}

Deletes the specified VPC attachment.

See also: AWS API Documentation

Request Syntax

client.delete_transit_gateway_vpc_attachment(
    TransitGatewayAttachmentId='string',
    DryRun=True|False
)
type TransitGatewayAttachmentId

string

param TransitGatewayAttachmentId

[REQUIRED]

The ID of the attachment.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGatewayVpcAttachment': {
        'TransitGatewayAttachmentId': 'string',
        'TransitGatewayId': 'string',
        'VpcId': 'string',
        'VpcOwnerId': 'string',
        'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
        'SubnetIds': [
            'string',
        ],
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'Ipv6Support': 'enable'|'disable',
            'ApplianceModeSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGatewayVpcAttachment (dict) --

      Information about the deleted VPC attachment.

      • TransitGatewayAttachmentId (string) --

        The ID of the attachment.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • VpcId (string) --

        The ID of the VPC.

      • VpcOwnerId (string) --

        The ID of the Amazon Web Services account that owns the VPC.

      • State (string) --

        The state of the VPC attachment. Note that the initiating state has been deprecated.

      • SubnetIds (list) --

        The IDs of the subnets.

        • (string) --

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The VPC attachment options.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

        • Ipv6Support (string) --

          Indicates whether IPv6 support is disabled.

        • ApplianceModeSupport (string) --

          Indicates whether appliance mode support is enabled.

      • Tags (list) --

        The tags for the VPC attachment.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

DescribeSecurityGroupReferences (updated) Link ¶
Changes (response)
{'SecurityGroupReferenceSet': {'TransitGatewayId': 'string'}}

Describes the VPCs on the other side of a VPC peering connection or the VPCs attached to a transit gateway that are referencing the security groups you've specified in this request.

See also: AWS API Documentation

Request Syntax

client.describe_security_group_references(
    DryRun=True|False,
    GroupId=[
        'string',
    ]
)
type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

type GroupId

list

param GroupId

[REQUIRED]

The IDs of the security groups in your account.

  • (string) --

rtype

dict

returns

Response Syntax

{
    'SecurityGroupReferenceSet': [
        {
            'GroupId': 'string',
            'ReferencingVpcId': 'string',
            'VpcPeeringConnectionId': 'string',
            'TransitGatewayId': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • SecurityGroupReferenceSet (list) --

      Information about the VPCs with the referencing security groups.

      • (dict) --

        Describes a VPC with a security group that references your security group.

        • GroupId (string) --

          The ID of your security group.

        • ReferencingVpcId (string) --

          The ID of the VPC with the referencing security group.

        • VpcPeeringConnectionId (string) --

          The ID of the VPC peering connection (if applicable). For more information about security group referencing for peering connections, see Update your security groups to reference peer security groups in the VPC Peering Guide .

        • TransitGatewayId (string) --

          The ID of the transit gateway (if applicable). For more information about security group referencing for transit gateways, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

DescribeTransitGatewayVpcAttachments (updated) Link ¶
Changes (response)
{'TransitGatewayVpcAttachments': {'Options': {'SecurityGroupReferencingSupport': 'enable '
                                                                                 '| '
                                                                                 'disable'}}}

Describes one or more VPC attachments. By default, all VPC attachments are described. Alternatively, you can filter the results.

See also: AWS API Documentation

Request Syntax

client.describe_transit_gateway_vpc_attachments(
    TransitGatewayAttachmentIds=[
        'string',
    ],
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string',
    DryRun=True|False
)
type TransitGatewayAttachmentIds

list

param TransitGatewayAttachmentIds

The IDs of the attachments.

  • (string) --

type Filters

list

param Filters

One or more filters. The possible values are:

  • state - The state of the attachment. Valid values are available | deleted | deleting | failed | failing | initiatingRequest | modifying | pendingAcceptance | pending | rollingBack | rejected | rejecting .

  • transit-gateway-attachment-id - The ID of the attachment.

  • transit-gateway-id - The ID of the transit gateway.

  • vpc-id - The ID of the VPC.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

    If you specify multiple filters, the filters are joined with an AND , and the request returns only results that match all of the specified filters.

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR , and the request returns all results that match any of the specified values.

      • (string) --

type MaxResults

integer

param MaxResults

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

type NextToken

string

param NextToken

The token for the next page of results.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGatewayVpcAttachments': [
        {
            'TransitGatewayAttachmentId': 'string',
            'TransitGatewayId': 'string',
            'VpcId': 'string',
            'VpcOwnerId': 'string',
            'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
            'SubnetIds': [
                'string',
            ],
            'CreationTime': datetime(2015, 1, 1),
            'Options': {
                'DnsSupport': 'enable'|'disable',
                'SecurityGroupReferencingSupport': 'enable'|'disable',
                'Ipv6Support': 'enable'|'disable',
                'ApplianceModeSupport': 'enable'|'disable'
            },
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • TransitGatewayVpcAttachments (list) --

      Information about the VPC attachments.

      • (dict) --

        Describes a VPC attachment.

        • TransitGatewayAttachmentId (string) --

          The ID of the attachment.

        • TransitGatewayId (string) --

          The ID of the transit gateway.

        • VpcId (string) --

          The ID of the VPC.

        • VpcOwnerId (string) --

          The ID of the Amazon Web Services account that owns the VPC.

        • State (string) --

          The state of the VPC attachment. Note that the initiating state has been deprecated.

        • SubnetIds (list) --

          The IDs of the subnets.

          • (string) --

        • CreationTime (datetime) --

          The creation time.

        • Options (dict) --

          The VPC attachment options.

          • DnsSupport (string) --

            Indicates whether DNS support is enabled.

          • SecurityGroupReferencingSupport (string) --

            For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

          • Ipv6Support (string) --

            Indicates whether IPv6 support is disabled.

          • ApplianceModeSupport (string) --

            Indicates whether appliance mode support is enabled.

        • Tags (list) --

          The tags for the VPC attachment.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

DescribeTransitGateways (updated) Link ¶
Changes (response)
{'TransitGateways': {'Options': {'SecurityGroupReferencingSupport': 'enable | '
                                                                    'disable'}}}

Describes one or more transit gateways. By default, all transit gateways are described. Alternatively, you can filter the results.

See also: AWS API Documentation

Request Syntax

client.describe_transit_gateways(
    TransitGatewayIds=[
        'string',
    ],
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    MaxResults=123,
    NextToken='string',
    DryRun=True|False
)
type TransitGatewayIds

list

param TransitGatewayIds

The IDs of the transit gateways.

  • (string) --

type Filters

list

param Filters

One or more filters. The possible values are:

  • options.propagation-default-route-table-id - The ID of the default propagation route table.

  • options.amazon-side-asn - The private ASN for the Amazon side of a BGP session.

  • options.association-default-route-table-id - The ID of the default association route table.

  • options.auto-accept-shared-attachments - Indicates whether there is automatic acceptance of attachment requests (enable | disable ).

  • options.default-route-table-association - Indicates whether resource attachments are automatically associated with the default association route table (enable | disable ).

  • options.default-route-table-propagation - Indicates whether resource attachments automatically propagate routes to the default propagation route table (enable | disable ).

  • options.dns-support - Indicates whether DNS support is enabled (enable | disable ).

  • options.vpn-ecmp-support - Indicates whether Equal Cost Multipath Protocol support is enabled (enable | disable ).

  • owner-id - The ID of the Amazon Web Services account that owns the transit gateway.

  • state - The state of the transit gateway (available | deleted | deleting | modifying | pending ).

  • transit-gateway-id - The ID of the transit gateway.

  • (dict) --

    A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

    If you specify multiple filters, the filters are joined with an AND , and the request returns only results that match all of the specified filters.

    • Name (string) --

      The name of the filter. Filter names are case-sensitive.

    • Values (list) --

      The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR , and the request returns all results that match any of the specified values.

      • (string) --

type MaxResults

integer

param MaxResults

The maximum number of results to return with a single call. To retrieve the remaining results, make another call with the returned nextToken value.

type NextToken

string

param NextToken

The token for the next page of results.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGateways': [
        {
            'TransitGatewayId': 'string',
            'TransitGatewayArn': 'string',
            'State': 'pending'|'available'|'modifying'|'deleting'|'deleted',
            'OwnerId': 'string',
            'Description': 'string',
            'CreationTime': datetime(2015, 1, 1),
            'Options': {
                'AmazonSideAsn': 123,
                'TransitGatewayCidrBlocks': [
                    'string',
                ],
                'AutoAcceptSharedAttachments': 'enable'|'disable',
                'DefaultRouteTableAssociation': 'enable'|'disable',
                'AssociationDefaultRouteTableId': 'string',
                'DefaultRouteTablePropagation': 'enable'|'disable',
                'PropagationDefaultRouteTableId': 'string',
                'VpnEcmpSupport': 'enable'|'disable',
                'DnsSupport': 'enable'|'disable',
                'SecurityGroupReferencingSupport': 'enable'|'disable',
                'MulticastSupport': 'enable'|'disable'
            },
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) --

    • TransitGateways (list) --

      Information about the transit gateways.

      • (dict) --

        Describes a transit gateway.

        • TransitGatewayId (string) --

          The ID of the transit gateway.

        • TransitGatewayArn (string) --

          The Amazon Resource Name (ARN) of the transit gateway.

        • State (string) --

          The state of the transit gateway.

        • OwnerId (string) --

          The ID of the Amazon Web Services account that owns the transit gateway.

        • Description (string) --

          The description of the transit gateway.

        • CreationTime (datetime) --

          The creation time.

        • Options (dict) --

          The transit gateway options.

          • AmazonSideAsn (integer) --

            A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

          • TransitGatewayCidrBlocks (list) --

            The transit gateway CIDR blocks.

            • (string) --

          • AutoAcceptSharedAttachments (string) --

            Indicates whether attachment requests are automatically accepted.

          • DefaultRouteTableAssociation (string) --

            Indicates whether resource attachments are automatically associated with the default association route table.

          • AssociationDefaultRouteTableId (string) --

            The ID of the default association route table.

          • DefaultRouteTablePropagation (string) --

            Indicates whether resource attachments automatically propagate routes to the default propagation route table.

          • PropagationDefaultRouteTableId (string) --

            The ID of the default propagation route table.

          • VpnEcmpSupport (string) --

            Indicates whether Equal Cost Multipath Protocol support is enabled.

          • DnsSupport (string) --

            Indicates whether DNS support is enabled.

          • SecurityGroupReferencingSupport (string) --

            Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

            For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide .

          • MulticastSupport (string) --

            Indicates whether multicast is enabled on the transit gateway

        • Tags (list) --

          The tags for the transit gateway.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

    • NextToken (string) --

      The token to use to retrieve the next page of results. This value is null when there are no more results to return.

ModifyTransitGateway (updated) Link ¶
Changes (request, response)
Request
{'Options': {'SecurityGroupReferencingSupport': 'enable | disable'}}
Response
{'TransitGateway': {'Options': {'SecurityGroupReferencingSupport': 'enable | '
                                                                   'disable'}}}

Modifies the specified transit gateway. When you modify a transit gateway, the modified options are applied to new transit gateway attachments only. Your existing transit gateway attachments are not modified.

See also: AWS API Documentation

Request Syntax

client.modify_transit_gateway(
    TransitGatewayId='string',
    Description='string',
    Options={
        'AddTransitGatewayCidrBlocks': [
            'string',
        ],
        'RemoveTransitGatewayCidrBlocks': [
            'string',
        ],
        'VpnEcmpSupport': 'enable'|'disable',
        'DnsSupport': 'enable'|'disable',
        'SecurityGroupReferencingSupport': 'enable'|'disable',
        'AutoAcceptSharedAttachments': 'enable'|'disable',
        'DefaultRouteTableAssociation': 'enable'|'disable',
        'AssociationDefaultRouteTableId': 'string',
        'DefaultRouteTablePropagation': 'enable'|'disable',
        'PropagationDefaultRouteTableId': 'string',
        'AmazonSideAsn': 123
    },
    DryRun=True|False
)
type TransitGatewayId

string

param TransitGatewayId

[REQUIRED]

The ID of the transit gateway.

type Description

string

param Description

The description for the transit gateway.

type Options

dict

param Options

The options to modify.

  • AddTransitGatewayCidrBlocks (list) --

    Adds IPv4 or IPv6 CIDR blocks for the transit gateway. Must be a size /24 CIDR block or larger for IPv4, or a size /64 CIDR block or larger for IPv6.

    • (string) --

  • RemoveTransitGatewayCidrBlocks (list) --

    Removes CIDR blocks for the transit gateway.

    • (string) --

  • VpnEcmpSupport (string) --

    Enable or disable Equal Cost Multipath Protocol support.

  • DnsSupport (string) --

    Enable or disable DNS support.

  • SecurityGroupReferencingSupport (string) --

    Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

    For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide .

  • AutoAcceptSharedAttachments (string) --

    Enable or disable automatic acceptance of attachment requests.

  • DefaultRouteTableAssociation (string) --

    Enable or disable automatic association with the default association route table.

  • AssociationDefaultRouteTableId (string) --

    The ID of the default association route table.

  • DefaultRouteTablePropagation (string) --

    Enable or disable automatic propagation of routes to the default propagation route table.

  • PropagationDefaultRouteTableId (string) --

    The ID of the default propagation route table.

  • AmazonSideAsn (integer) --

    A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

    The modify ASN operation is not allowed on a transit gateway with active BGP sessions. You must first delete all transit gateway attachments that have BGP configured prior to modifying the ASN on the transit gateway.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGateway': {
        'TransitGatewayId': 'string',
        'TransitGatewayArn': 'string',
        'State': 'pending'|'available'|'modifying'|'deleting'|'deleted',
        'OwnerId': 'string',
        'Description': 'string',
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'AmazonSideAsn': 123,
            'TransitGatewayCidrBlocks': [
                'string',
            ],
            'AutoAcceptSharedAttachments': 'enable'|'disable',
            'DefaultRouteTableAssociation': 'enable'|'disable',
            'AssociationDefaultRouteTableId': 'string',
            'DefaultRouteTablePropagation': 'enable'|'disable',
            'PropagationDefaultRouteTableId': 'string',
            'VpnEcmpSupport': 'enable'|'disable',
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'MulticastSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGateway (dict) --

      Information about the transit gateway.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • TransitGatewayArn (string) --

        The Amazon Resource Name (ARN) of the transit gateway.

      • State (string) --

        The state of the transit gateway.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the transit gateway.

      • Description (string) --

        The description of the transit gateway.

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The transit gateway options.

        • AmazonSideAsn (integer) --

          A private Autonomous System Number (ASN) for the Amazon side of a BGP session. The range is 64512 to 65534 for 16-bit ASNs and 4200000000 to 4294967294 for 32-bit ASNs.

        • TransitGatewayCidrBlocks (list) --

          The transit gateway CIDR blocks.

          • (string) --

        • AutoAcceptSharedAttachments (string) --

          Indicates whether attachment requests are automatically accepted.

        • DefaultRouteTableAssociation (string) --

          Indicates whether resource attachments are automatically associated with the default association route table.

        • AssociationDefaultRouteTableId (string) --

          The ID of the default association route table.

        • DefaultRouteTablePropagation (string) --

          Indicates whether resource attachments automatically propagate routes to the default propagation route table.

        • PropagationDefaultRouteTableId (string) --

          The ID of the default propagation route table.

        • VpnEcmpSupport (string) --

          Indicates whether Equal Cost Multipath Protocol support is enabled.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

          For important information about this feature, see Create a transit gateway in the Amazon Web Services Transit Gateway Guide .

        • MulticastSupport (string) --

          Indicates whether multicast is enabled on the transit gateway

      • Tags (list) --

        The tags for the transit gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

ModifyTransitGatewayVpcAttachment (updated) Link ¶
Changes (request, response)
Request
{'Options': {'SecurityGroupReferencingSupport': 'enable | disable'}}
Response
{'TransitGatewayVpcAttachment': {'Options': {'SecurityGroupReferencingSupport': 'enable '
                                                                                '| '
                                                                                'disable'}}}

Modifies the specified VPC attachment.

See also: AWS API Documentation

Request Syntax

client.modify_transit_gateway_vpc_attachment(
    TransitGatewayAttachmentId='string',
    AddSubnetIds=[
        'string',
    ],
    RemoveSubnetIds=[
        'string',
    ],
    Options={
        'DnsSupport': 'enable'|'disable',
        'SecurityGroupReferencingSupport': 'enable'|'disable',
        'Ipv6Support': 'enable'|'disable',
        'ApplianceModeSupport': 'enable'|'disable'
    },
    DryRun=True|False
)
type TransitGatewayAttachmentId

string

param TransitGatewayAttachmentId

[REQUIRED]

The ID of the attachment.

type AddSubnetIds

list

param AddSubnetIds

The IDs of one or more subnets to add. You can specify at most one subnet per Availability Zone.

  • (string) --

type RemoveSubnetIds

list

param RemoveSubnetIds

The IDs of one or more subnets to remove.

  • (string) --

type Options

dict

param Options

The new VPC attachment options.

  • DnsSupport (string) --

    Enable or disable DNS support. The default is enable .

  • SecurityGroupReferencingSupport (string) --

    Enables you to reference a security group across VPCs attached to a transit gateway (TGW). Use this option to simplify security group management and control of instance-to-instance traffic across VPCs that are connected by transit gateway. You can also use this option to migrate from VPC peering (which was the only option that supported security group referencing) to transit gateways (which now also support security group referencing). This option is disabled by default and there are no additional costs to use this feature.

    For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

  • Ipv6Support (string) --

    Enable or disable IPv6 support. The default is enable .

  • ApplianceModeSupport (string) --

    Enable or disable support for appliance mode. If enabled, a traffic flow between a source and destination uses the same Availability Zone for the VPC attachment for the lifetime of that flow. The default is disable .

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGatewayVpcAttachment': {
        'TransitGatewayAttachmentId': 'string',
        'TransitGatewayId': 'string',
        'VpcId': 'string',
        'VpcOwnerId': 'string',
        'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
        'SubnetIds': [
            'string',
        ],
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'Ipv6Support': 'enable'|'disable',
            'ApplianceModeSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGatewayVpcAttachment (dict) --

      Information about the modified attachment.

      • TransitGatewayAttachmentId (string) --

        The ID of the attachment.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • VpcId (string) --

        The ID of the VPC.

      • VpcOwnerId (string) --

        The ID of the Amazon Web Services account that owns the VPC.

      • State (string) --

        The state of the VPC attachment. Note that the initiating state has been deprecated.

      • SubnetIds (list) --

        The IDs of the subnets.

        • (string) --

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The VPC attachment options.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

        • Ipv6Support (string) --

          Indicates whether IPv6 support is disabled.

        • ApplianceModeSupport (string) --

          Indicates whether appliance mode support is enabled.

      • Tags (list) --

        The tags for the VPC attachment.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

RejectTransitGatewayVpcAttachment (updated) Link ¶
Changes (response)
{'TransitGatewayVpcAttachment': {'Options': {'SecurityGroupReferencingSupport': 'enable '
                                                                                '| '
                                                                                'disable'}}}

Rejects a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use AcceptTransitGatewayVpcAttachment to accept a VPC attachment request.

See also: AWS API Documentation

Request Syntax

client.reject_transit_gateway_vpc_attachment(
    TransitGatewayAttachmentId='string',
    DryRun=True|False
)
type TransitGatewayAttachmentId

string

param TransitGatewayAttachmentId

[REQUIRED]

The ID of the attachment.

type DryRun

boolean

param DryRun

Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .

rtype

dict

returns

Response Syntax

{
    'TransitGatewayVpcAttachment': {
        'TransitGatewayAttachmentId': 'string',
        'TransitGatewayId': 'string',
        'VpcId': 'string',
        'VpcOwnerId': 'string',
        'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
        'SubnetIds': [
            'string',
        ],
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'DnsSupport': 'enable'|'disable',
            'SecurityGroupReferencingSupport': 'enable'|'disable',
            'Ipv6Support': 'enable'|'disable',
            'ApplianceModeSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGatewayVpcAttachment (dict) --

      Information about the attachment.

      • TransitGatewayAttachmentId (string) --

        The ID of the attachment.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • VpcId (string) --

        The ID of the VPC.

      • VpcOwnerId (string) --

        The ID of the Amazon Web Services account that owns the VPC.

      • State (string) --

        The state of the VPC attachment. Note that the initiating state has been deprecated.

      • SubnetIds (list) --

        The IDs of the subnets.

        • (string) --

      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The VPC attachment options.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • SecurityGroupReferencingSupport (string) --

          For important information about this feature, see Create a transit gateway attachment to a VPC in the Amazon Web Services Transit Gateway Guide .

        • Ipv6Support (string) --

          Indicates whether IPv6 support is disabled.

        • ApplianceModeSupport (string) --

          Indicates whether appliance mode support is enabled.

      • Tags (list) --

        The tags for the VPC attachment.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.