EC2

Client

class EC2.Client

A low-level client representing Amazon Elastic Compute Cloud (EC2)

Amazon Elastic Compute Cloud (Amazon EC2) provides secure and resizable computing capacity in the AWS Cloud. Using Amazon EC2 eliminates the need to invest in hardware up front, so you can develop and deploy applications faster. Amazon Virtual Private Cloud (Amazon VPC) enables you to provision a logically isolated section of the AWS Cloud where you can launch AWS resources in a virtual network that you've defined. Amazon Elastic Block Store (Amazon EBS) provides block level storage volumes for use with EC2 instances. EBS volumes are highly available and reliable storage volumes that can be attached to any running instance and used like a hard drive.

To learn more, see the following resources:

client = session.create_client('ec2')

These are the available methods:

accept_reserved_instances_exchange_quote(**kwargs)

Accepts the Convertible Reserved Instance exchange quote described in the GetReservedInstancesExchangeQuote call.

See also: AWS API Documentation

Request Syntax

response = client.accept_reserved_instances_exchange_quote(
    DryRun=True|False,
    ReservedInstanceIds=[
        'string',
    ],
    TargetConfigurations=[
        {
            'InstanceCount': 123,
            'OfferingId': 'string'
        },
    ]
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ReservedInstanceIds (list) --

    [REQUIRED]

    The IDs of the Convertible Reserved Instances to exchange for another Convertible Reserved Instance of the same or higher value.

    • (string) --
  • TargetConfigurations (list) --

    The configuration of the target Convertible Reserved Instance to exchange for your current Convertible Reserved Instances.

    • (dict) --

      Details about the target configuration.

      • InstanceCount (integer) --

        The number of instances the Convertible Reserved Instance offering can be applied to. This parameter is reserved and cannot be specified in a request

      • OfferingId (string) -- [REQUIRED]

        The Convertible Reserved Instance offering ID.

Return type

dict

Returns

Response Syntax

{
    'ExchangeId': 'string'
}

Response Structure

  • (dict) --

    The result of the exchange and whether it was successful .

    • ExchangeId (string) --

      The ID of the successful exchange.

accept_transit_gateway_multicast_domain_associations(**kwargs)

Accepts a request to associate subnets with a transit gateway multicast domain.

See also: AWS API Documentation

Request Syntax

response = client.accept_transit_gateway_multicast_domain_associations(
    TransitGatewayMulticastDomainId='string',
    TransitGatewayAttachmentId='string',
    SubnetIds=[
        'string',
    ],
    DryRun=True|False
)
Parameters
  • TransitGatewayMulticastDomainId (string) -- The ID of the transit gateway multicast domain.
  • TransitGatewayAttachmentId (string) -- The ID of the transit gateway attachment.
  • SubnetIds (list) --

    The IDs of the subnets to associate with the transit gateway multicast domain.

    • (string) --
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'Associations': {
        'TransitGatewayMulticastDomainId': 'string',
        'TransitGatewayAttachmentId': 'string',
        'ResourceId': 'string',
        'ResourceType': 'vpc'|'vpn'|'direct-connect-gateway'|'connect'|'peering'|'tgw-peering',
        'ResourceOwnerId': 'string',
        'Subnets': [
            {
                'SubnetId': 'string',
                'State': 'pendingAcceptance'|'associating'|'associated'|'disassociating'|'disassociated'|'rejected'|'failed'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • Associations (dict) --

      Describes the multicast domain associations.

      • TransitGatewayMulticastDomainId (string) --

        The ID of the transit gateway multicast domain.

      • TransitGatewayAttachmentId (string) --

        The ID of the transit gateway attachment.

      • ResourceId (string) --

        The ID of the resource.

      • ResourceType (string) --

        The type of resource, for example a VPC attachment.

      • ResourceOwnerId (string) --

        The ID of the Amazon Web Services account that owns the resource.

      • Subnets (list) --

        The subnets associated with the multicast domain.

        • (dict) --

          Describes the subnet association with the transit gateway multicast domain.

          • SubnetId (string) --

            The ID of the subnet.

          • State (string) --

            The state of the subnet association.

accept_transit_gateway_peering_attachment(**kwargs)

Accepts a transit gateway peering attachment request. The peering attachment must be in the pendingAcceptance state.

See also: AWS API Documentation

Request Syntax

response = client.accept_transit_gateway_peering_attachment(
    TransitGatewayAttachmentId='string',
    DryRun=True|False
)
Parameters
  • TransitGatewayAttachmentId (string) --

    [REQUIRED]

    The ID of the transit gateway attachment.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'TransitGatewayPeeringAttachment': {
        'TransitGatewayAttachmentId': 'string',
        'RequesterTgwInfo': {
            'TransitGatewayId': 'string',
            'OwnerId': 'string',
            'Region': 'string'
        },
        'AccepterTgwInfo': {
            'TransitGatewayId': 'string',
            'OwnerId': 'string',
            'Region': 'string'
        },
        'Status': {
            'Code': 'string',
            'Message': 'string'
        },
        'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
        'CreationTime': datetime(2015, 1, 1),
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGatewayPeeringAttachment (dict) --

      The transit gateway peering attachment.

      • TransitGatewayAttachmentId (string) --

        The ID of the transit gateway peering attachment.

      • RequesterTgwInfo (dict) --

        Information about the requester transit gateway.

        • TransitGatewayId (string) --

          The ID of the transit gateway.

        • OwnerId (string) --

          The ID of the Amazon Web Services account that owns the transit gateway.

        • Region (string) --

          The Region of the transit gateway.

      • AccepterTgwInfo (dict) --

        Information about the accepter transit gateway.

        • TransitGatewayId (string) --

          The ID of the transit gateway.

        • OwnerId (string) --

          The ID of the Amazon Web Services account that owns the transit gateway.

        • Region (string) --

          The Region of the transit gateway.

      • Status (dict) --

        The status of the transit gateway peering attachment.

        • Code (string) --

          The status code.

        • Message (string) --

          The status message, if applicable.

      • State (string) --

        The state of the transit gateway peering attachment. Note that the initiating state has been deprecated.

      • CreationTime (datetime) --

        The time the transit gateway peering attachment was created.

      • Tags (list) --

        The tags for the transit gateway peering attachment.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

accept_transit_gateway_vpc_attachment(**kwargs)

Accepts a request to attach a VPC to a transit gateway.

The VPC attachment must be in the pendingAcceptance state. Use DescribeTransitGatewayVpcAttachments to view your pending VPC attachment requests. Use RejectTransitGatewayVpcAttachment to reject a VPC attachment request.

See also: AWS API Documentation

Request Syntax

response = client.accept_transit_gateway_vpc_attachment(
    TransitGatewayAttachmentId='string',
    DryRun=True|False
)
Parameters
  • TransitGatewayAttachmentId (string) --

    [REQUIRED]

    The ID of the attachment.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'TransitGatewayVpcAttachment': {
        'TransitGatewayAttachmentId': 'string',
        'TransitGatewayId': 'string',
        'VpcId': 'string',
        'VpcOwnerId': 'string',
        'State': 'initiating'|'initiatingRequest'|'pendingAcceptance'|'rollingBack'|'pending'|'available'|'modifying'|'deleting'|'deleted'|'failed'|'rejected'|'rejecting'|'failing',
        'SubnetIds': [
            'string',
        ],
        'CreationTime': datetime(2015, 1, 1),
        'Options': {
            'DnsSupport': 'enable'|'disable',
            'Ipv6Support': 'enable'|'disable',
            'ApplianceModeSupport': 'enable'|'disable'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • TransitGatewayVpcAttachment (dict) --

      The VPC attachment.

      • TransitGatewayAttachmentId (string) --

        The ID of the attachment.

      • TransitGatewayId (string) --

        The ID of the transit gateway.

      • VpcId (string) --

        The ID of the VPC.

      • VpcOwnerId (string) --

        The ID of the Amazon Web Services account that owns the VPC.

      • State (string) --

        The state of the VPC attachment. Note that the initiating state has been deprecated.

      • SubnetIds (list) --

        The IDs of the subnets.

        • (string) --
      • CreationTime (datetime) --

        The creation time.

      • Options (dict) --

        The VPC attachment options.

        • DnsSupport (string) --

          Indicates whether DNS support is enabled.

        • Ipv6Support (string) --

          Indicates whether IPv6 support is disabled.

        • ApplianceModeSupport (string) --

          Indicates whether appliance mode support is enabled.

      • Tags (list) --

        The tags for the VPC attachment.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

accept_vpc_endpoint_connections(**kwargs)

Accepts one or more interface VPC endpoint connection requests to your VPC endpoint service.

See also: AWS API Documentation

Request Syntax

response = client.accept_vpc_endpoint_connections(
    DryRun=True|False,
    ServiceId='string',
    VpcEndpointIds=[
        'string',
    ]
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ServiceId (string) --

    [REQUIRED]

    The ID of the VPC endpoint service.

  • VpcEndpointIds (list) --

    [REQUIRED]

    The IDs of one or more interface VPC endpoints.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'Unsuccessful': [
        {
            'Error': {
                'Code': 'string',
                'Message': 'string'
            },
            'ResourceId': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • Unsuccessful (list) --

      Information about the interface endpoints that were not accepted, if applicable.

      • (dict) --

        Information about items that were not successfully processed in a batch call.

        • Error (dict) --

          Information about the error.

          • Code (string) --

            The error code.

          • Message (string) --

            The error message accompanying the error code.

        • ResourceId (string) --

          The ID of the resource.

accept_vpc_peering_connection(**kwargs)

Accept a VPC peering connection request. To accept a request, the VPC peering connection must be in the pending-acceptance state, and you must be the owner of the peer VPC. Use DescribeVpcPeeringConnections to view your outstanding VPC peering connection requests.

For an inter-Region VPC peering connection request, you must accept the VPC peering connection in the Region of the accepter VPC.

See also: AWS API Documentation

Request Syntax

response = client.accept_vpc_peering_connection(
    DryRun=True|False,
    VpcPeeringConnectionId='string'
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • VpcPeeringConnectionId (string) -- The ID of the VPC peering connection. You must specify this parameter in the request.
Return type

dict

Returns

Response Syntax

{
    'VpcPeeringConnection': {
        'AccepterVpcInfo': {
            'CidrBlock': 'string',
            'Ipv6CidrBlockSet': [
                {
                    'Ipv6CidrBlock': 'string'
                },
            ],
            'CidrBlockSet': [
                {
                    'CidrBlock': 'string'
                },
            ],
            'OwnerId': 'string',
            'PeeringOptions': {
                'AllowDnsResolutionFromRemoteVpc': True|False,
                'AllowEgressFromLocalClassicLinkToRemoteVpc': True|False,
                'AllowEgressFromLocalVpcToRemoteClassicLink': True|False
            },
            'VpcId': 'string',
            'Region': 'string'
        },
        'ExpirationTime': datetime(2015, 1, 1),
        'RequesterVpcInfo': {
            'CidrBlock': 'string',
            'Ipv6CidrBlockSet': [
                {
                    'Ipv6CidrBlock': 'string'
                },
            ],
            'CidrBlockSet': [
                {
                    'CidrBlock': 'string'
                },
            ],
            'OwnerId': 'string',
            'PeeringOptions': {
                'AllowDnsResolutionFromRemoteVpc': True|False,
                'AllowEgressFromLocalClassicLinkToRemoteVpc': True|False,
                'AllowEgressFromLocalVpcToRemoteClassicLink': True|False
            },
            'VpcId': 'string',
            'Region': 'string'
        },
        'Status': {
            'Code': 'initiating-request'|'pending-acceptance'|'active'|'deleted'|'rejected'|'failed'|'expired'|'provisioning'|'deleting',
            'Message': 'string'
        },
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'VpcPeeringConnectionId': 'string'
    }
}

Response Structure

  • (dict) --

    • VpcPeeringConnection (dict) --

      Information about the VPC peering connection.

      • AccepterVpcInfo (dict) --

        Information about the accepter VPC. CIDR block information is only returned when describing an active VPC peering connection.

        • CidrBlock (string) --

          The IPv4 CIDR block for the VPC.

        • Ipv6CidrBlockSet (list) --

          The IPv6 CIDR block for the VPC.

          • (dict) --

            Describes an IPv6 CIDR block.

            • Ipv6CidrBlock (string) --

              The IPv6 CIDR block.

        • CidrBlockSet (list) --

          Information about the IPv4 CIDR blocks for the VPC.

          • (dict) --

            Describes an IPv4 CIDR block.

            • CidrBlock (string) --

              The IPv4 CIDR block.

        • OwnerId (string) --

          The ID of the Amazon Web Services account that owns the VPC.

        • PeeringOptions (dict) --

          Information about the VPC peering connection options for the accepter or requester VPC.

          • AllowDnsResolutionFromRemoteVpc (boolean) --

            Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.

          • AllowEgressFromLocalClassicLinkToRemoteVpc (boolean) --

            Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection.

          • AllowEgressFromLocalVpcToRemoteClassicLink (boolean) --

            Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection.

        • VpcId (string) --

          The ID of the VPC.

        • Region (string) --

          The Region in which the VPC is located.

      • ExpirationTime (datetime) --

        The time that an unaccepted VPC peering connection will expire.

      • RequesterVpcInfo (dict) --

        Information about the requester VPC. CIDR block information is only returned when describing an active VPC peering connection.

        • CidrBlock (string) --

          The IPv4 CIDR block for the VPC.

        • Ipv6CidrBlockSet (list) --

          The IPv6 CIDR block for the VPC.

          • (dict) --

            Describes an IPv6 CIDR block.

            • Ipv6CidrBlock (string) --

              The IPv6 CIDR block.

        • CidrBlockSet (list) --

          Information about the IPv4 CIDR blocks for the VPC.

          • (dict) --

            Describes an IPv4 CIDR block.

            • CidrBlock (string) --

              The IPv4 CIDR block.

        • OwnerId (string) --

          The ID of the Amazon Web Services account that owns the VPC.

        • PeeringOptions (dict) --

          Information about the VPC peering connection options for the accepter or requester VPC.

          • AllowDnsResolutionFromRemoteVpc (boolean) --

            Indicates whether a local VPC can resolve public DNS hostnames to private IP addresses when queried from instances in a peer VPC.

          • AllowEgressFromLocalClassicLinkToRemoteVpc (boolean) --

            Indicates whether a local ClassicLink connection can communicate with the peer VPC over the VPC peering connection.

          • AllowEgressFromLocalVpcToRemoteClassicLink (boolean) --

            Indicates whether a local VPC can communicate with a ClassicLink connection in the peer VPC over the VPC peering connection.

        • VpcId (string) --

          The ID of the VPC.

        • Region (string) --

          The Region in which the VPC is located.

      • Status (dict) --

        The status of the VPC peering connection.

        • Code (string) --

          The status of the VPC peering connection.

        • Message (string) --

          A message that provides more information about the status, if applicable.

      • Tags (list) --

        Any tags assigned to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

      • VpcPeeringConnectionId (string) --

        The ID of the VPC peering connection.

advertise_byoip_cidr(**kwargs)

Advertises an IPv4 or IPv6 address range that is provisioned for use with your Amazon Web Services resources through bring your own IP addresses (BYOIP).

You can perform this operation at most once every 10 seconds, even if you specify different address ranges each time.

We recommend that you stop advertising the BYOIP CIDR from other locations when you advertise it from Amazon Web Services. To minimize down time, you can configure your Amazon Web Services resources to use an address from a BYOIP CIDR before it is advertised, and then simultaneously stop advertising it from the current location and start advertising it through Amazon Web Services.

It can take a few minutes before traffic to the specified addresses starts routing to Amazon Web Services because of BGP propagation delays.

To stop advertising the BYOIP CIDR, use WithdrawByoipCidr .

See also: AWS API Documentation

Request Syntax

response = client.advertise_byoip_cidr(
    Cidr='string',
    DryRun=True|False
)
Parameters
  • Cidr (string) --

    [REQUIRED]

    The address range, in CIDR notation. This must be the exact range that you provisioned. You can't advertise only a portion of the provisioned range.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'ByoipCidr': {
        'Cidr': 'string',
        'Description': 'string',
        'StatusMessage': 'string',
        'State': 'advertised'|'deprovisioned'|'failed-deprovision'|'failed-provision'|'pending-deprovision'|'pending-provision'|'provisioned'|'provisioned-not-publicly-advertisable'
    }
}

Response Structure

  • (dict) --

    • ByoipCidr (dict) --

      Information about the address range.

      • Cidr (string) --

        The address range, in CIDR notation.

      • Description (string) --

        The description of the address range.

      • StatusMessage (string) --

        Upon success, contains the ID of the address pool. Otherwise, contains an error message.

      • State (string) --

        The state of the address pool.

allocate_address(**kwargs)

Allocates an Elastic IP address to your Amazon Web Services account. After you allocate the Elastic IP address you can associate it with an instance or network interface. After you release an Elastic IP address, it is released to the IP address pool and can be allocated to a different Amazon Web Services account.

You can allocate an Elastic IP address from an address pool owned by Amazon Web Services or from an address pool created from a public IPv4 address range that you have brought to Amazon Web Services for use with your Amazon Web Services resources using bring your own IP addresses (BYOIP). For more information, see Bring Your Own IP Addresses (BYOIP) in the Amazon Elastic Compute Cloud User Guide .

[EC2-VPC] If you release an Elastic IP address, you might be able to recover it. You cannot recover an Elastic IP address that you released after it is allocated to another Amazon Web Services account. You cannot recover an Elastic IP address for EC2-Classic. To attempt to recover an Elastic IP address that you released, specify it in this operation.

An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. By default, you can allocate 5 Elastic IP addresses for EC2-Classic per Region and 5 Elastic IP addresses for EC2-VPC per Region.

For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide .

You can allocate a carrier IP address which is a public IP address from a telecommunication carrier, to a network interface which resides in a subnet in a Wavelength Zone (for example an EC2 instance).

See also: AWS API Documentation

Request Syntax

response = client.allocate_address(
    Domain='vpc'|'standard',
    Address='string',
    PublicIpv4Pool='string',
    NetworkBorderGroup='string',
    CustomerOwnedIpv4Pool='string',
    DryRun=True|False,
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)
Parameters
  • Domain (string) --

    Indicates whether the Elastic IP address is for use with instances in a VPC or instances in EC2-Classic.

    Default: If the Region supports EC2-Classic, the default is standard . Otherwise, the default is vpc .

  • Address (string) -- [EC2-VPC] The Elastic IP address to recover or an IPv4 address from an address pool.
  • PublicIpv4Pool (string) -- The ID of an address pool that you own. Use this parameter to let Amazon EC2 select an address from the address pool. To specify a specific address from the address pool, use the Address parameter instead.
  • NetworkBorderGroup (string) --

    A unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses. Use this parameter to limit the IP address to this location. IP addresses cannot move between network border groups.

    Use DescribeAvailabilityZones to view the network border groups.

    Note

    You cannot use a network border group with EC2 Classic. If you attempt this operation on EC2 classic, you will receive an InvalidParameterCombination error. For more information, see Error Codes .

  • CustomerOwnedIpv4Pool (string) -- The ID of a customer-owned address pool. Use this parameter to let Amazon EC2 select an address from the address pool. Alternatively, specify a specific address from the address pool.
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • TagSpecifications (list) --

    The tags to assign to the Elastic IP address.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Return type

dict

Returns

Response Syntax

{
    'PublicIp': 'string',
    'AllocationId': 'string',
    'PublicIpv4Pool': 'string',
    'NetworkBorderGroup': 'string',
    'Domain': 'vpc'|'standard',
    'CustomerOwnedIp': 'string',
    'CustomerOwnedIpv4Pool': 'string',
    'CarrierIp': 'string'
}

Response Structure

  • (dict) --

    • PublicIp (string) --

      The Elastic IP address.

    • AllocationId (string) --

      [EC2-VPC] The ID that Amazon Web Services assigns to represent the allocation of the Elastic IP address for use with instances in a VPC.

    • PublicIpv4Pool (string) --

      The ID of an address pool.

    • NetworkBorderGroup (string) --

      The set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses.

    • Domain (string) --

      Indicates whether the Elastic IP address is for use with instances in a VPC (vpc ) or instances in EC2-Classic (standard ).

    • CustomerOwnedIp (string) --

      The customer-owned IP address.

    • CustomerOwnedIpv4Pool (string) --

      The ID of the customer-owned address pool.

    • CarrierIp (string) --

      The carrier IP address. This option is only available for network interfaces which reside in a subnet in a Wavelength Zone (for example an EC2 instance).

Examples

This example allocates an Elastic IP address to use with an instance in a VPC.

response = client.allocate_address(
    Domain='vpc',
)

print(response)

Expected Output:

{
    'AllocationId': 'eipalloc-64d5890a',
    'Domain': 'vpc',
    'PublicIp': '203.0.113.0',
    'ResponseMetadata': {
        '...': '...',
    },
}

This example allocates an Elastic IP address to use with an instance in EC2-Classic.

response = client.allocate_address(
)

print(response)

Expected Output:

{
    'Domain': 'standard',
    'PublicIp': '198.51.100.0',
    'ResponseMetadata': {
        '...': '...',
    },
}
allocate_hosts(**kwargs)

Allocates a Dedicated Host to your account. At a minimum, specify the supported instance type or instance family, the Availability Zone in which to allocate the host, and the number of hosts to allocate.

See also: AWS API Documentation

Request Syntax

response = client.allocate_hosts(
    AutoPlacement='on'|'off',
    AvailabilityZone='string',
    ClientToken='string',
    InstanceType='string',
    InstanceFamily='string',
    Quantity=123,
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    HostRecovery='on'|'off'
)
Parameters
  • AutoPlacement (string) --

    Indicates whether the host accepts any untargeted instance launches that match its instance type configuration, or if it only accepts Host tenancy instance launches that specify its unique host ID. For more information, see Understanding auto-placement and affinity in the Amazon EC2 User Guide .

    Default: on

  • AvailabilityZone (string) --

    [REQUIRED]

    The Availability Zone in which to allocate the Dedicated Host.

  • ClientToken (string) -- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency .
  • InstanceType (string) --

    Specifies the instance type to be supported by the Dedicated Hosts. If you specify an instance type, the Dedicated Hosts support instances of the specified instance type only.

    If you want the Dedicated Hosts to support multiple instance types in a specific instance family, omit this parameter and specify InstanceFamily instead. You cannot specify InstanceType and InstanceFamily in the same request.

  • InstanceFamily (string) --

    Specifies the instance family to be supported by the Dedicated Hosts. If you specify an instance family, the Dedicated Hosts support multiple instance types within that instance family.

    If you want the Dedicated Hosts to support a specific instance type only, omit this parameter and specify InstanceType instead. You cannot specify InstanceFamily and InstanceType in the same request.

  • Quantity (integer) --

    [REQUIRED]

    The number of Dedicated Hosts to allocate to your account with these parameters.

  • TagSpecifications (list) --

    The tags to apply to the Dedicated Host during creation.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • HostRecovery (string) --

    Indicates whether to enable or disable host recovery for the Dedicated Host. Host recovery is disabled by default. For more information, see Host recovery in the Amazon EC2 User Guide .

    Default: off

Return type

dict

Returns

Response Syntax

{
    'HostIds': [
        'string',
    ]
}

Response Structure

  • (dict) --

    Contains the output of AllocateHosts.

    • HostIds (list) --

      The ID of the allocated Dedicated Host. This is used to launch an instance onto a specific host.

      • (string) --

apply_security_groups_to_client_vpn_target_network(**kwargs)

Applies a security group to the association between the target network and the Client VPN endpoint. This action replaces the existing security groups with the specified security groups.

See also: AWS API Documentation

Request Syntax

response = client.apply_security_groups_to_client_vpn_target_network(
    ClientVpnEndpointId='string',
    VpcId='string',
    SecurityGroupIds=[
        'string',
    ],
    DryRun=True|False
)
Parameters
  • ClientVpnEndpointId (string) --

    [REQUIRED]

    The ID of the Client VPN endpoint.

  • VpcId (string) --

    [REQUIRED]

    The ID of the VPC in which the associated target network is located.

  • SecurityGroupIds (list) --

    [REQUIRED]

    The IDs of the security groups to apply to the associated target network. Up to 5 security groups can be applied to an associated target network.

    • (string) --
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'SecurityGroupIds': [
        'string',
    ]
}

Response Structure

  • (dict) --

    • SecurityGroupIds (list) --

      The IDs of the applied security groups.

      • (string) --

assign_ipv6_addresses(**kwargs)

Assigns one or more IPv6 addresses to the specified network interface. You can specify one or more specific IPv6 addresses, or you can specify the number of IPv6 addresses to be automatically assigned from within the subnet's IPv6 CIDR block range. You can assign as many IPv6 addresses to a network interface as you can assign private IPv4 addresses, and the limit varies per instance type. For information, see IP Addresses Per Network Interface Per Instance Type in the Amazon Elastic Compute Cloud User Guide .

You must specify either the IPv6 addresses or the IPv6 address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPV6 Prefix Delegation prefixes, or the IPv6 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.assign_ipv6_addresses(
    Ipv6AddressCount=123,
    Ipv6Addresses=[
        'string',
    ],
    Ipv6PrefixCount=123,
    Ipv6Prefixes=[
        'string',
    ],
    NetworkInterfaceId='string'
)
Parameters
  • Ipv6AddressCount (integer) -- The number of additional IPv6 addresses to assign to the network interface. The specified number of IPv6 addresses are assigned in addition to the existing IPv6 addresses that are already assigned to the network interface. Amazon EC2 automatically selects the IPv6 addresses from the subnet range. You can't use this option if specifying specific IPv6 addresses.
  • Ipv6Addresses (list) --

    One or more specific IPv6 addresses to be assigned to the network interface. You can't use this option if you're specifying a number of IPv6 addresses.

    • (string) --
  • Ipv6PrefixCount (integer) -- The number of IPv6 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv6Prefixes option.
  • Ipv6Prefixes (list) --

    One or more IPv6 prefixes assigned to the network interface. You cannot use this option if you use the Ipv6PrefixCount option.

    • (string) --
  • NetworkInterfaceId (string) --

    [REQUIRED]

    The ID of the network interface.

Return type

dict

Returns

Response Syntax

{
    'AssignedIpv6Addresses': [
        'string',
    ],
    'AssignedIpv6Prefixes': [
        'string',
    ],
    'NetworkInterfaceId': 'string'
}

Response Structure

  • (dict) --

    • AssignedIpv6Addresses (list) --

      The new IPv6 addresses assigned to the network interface. Existing IPv6 addresses that were assigned to the network interface before the request are not included.

      • (string) --
    • AssignedIpv6Prefixes (list) --

      The IPv6 prefixes that are assigned to the network interface.

      • (string) --
    • NetworkInterfaceId (string) --

      The ID of the network interface.

assign_private_ip_addresses(**kwargs)

Assigns one or more secondary private IP addresses to the specified network interface.

You can specify one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to be automatically assigned within the subnet's CIDR block range. The number of secondary IP addresses that you can assign to an instance varies by instance type. For information about instance types, see Instance Types in the Amazon Elastic Compute Cloud User Guide . For more information about Elastic IP addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide .

When you move a secondary private IP address to another network interface, any Elastic IP address that is associated with the IP address is also moved.

Remapping an IP address is an asynchronous operation. When you move an IP address from one network interface to another, check network/interfaces/macs/mac/local-ipv4s in the instance metadata to confirm that the remapping is complete.

You must specify either the IP addresses or the IP address count in the request.

You can optionally use Prefix Delegation on the network interface. You must specify either the IPv4 Prefix Delegation prefixes, or the IPv4 Prefix Delegation count. For information, see Assigning prefixes to Amazon EC2 network interfaces in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.assign_private_ip_addresses(
    AllowReassignment=True|False,
    NetworkInterfaceId='string',
    PrivateIpAddresses=[
        'string',
    ],
    SecondaryPrivateIpAddressCount=123,
    Ipv4Prefixes=[
        'string',
    ],
    Ipv4PrefixCount=123
)
Parameters
  • AllowReassignment (boolean) -- Indicates whether to allow an IP address that is already assigned to another network interface or instance to be reassigned to the specified network interface.
  • NetworkInterfaceId (string) --

    [REQUIRED]

    The ID of the network interface.

  • PrivateIpAddresses (list) --

    One or more IP addresses to be assigned as a secondary private IP address to the network interface. You can't specify this parameter when also specifying a number of secondary IP addresses.

    If you don't specify an IP address, Amazon EC2 automatically selects an IP address within the subnet range.

    • (string) --
  • SecondaryPrivateIpAddressCount (integer) -- The number of secondary IP addresses to assign to the network interface. You can't specify this parameter when also specifying private IP addresses.
  • Ipv4Prefixes (list) --

    One or more IPv4 prefixes assigned to the network interface. You cannot use this option if you use the Ipv4PrefixCount option.

    • (string) --
  • Ipv4PrefixCount (integer) -- The number of IPv4 prefixes that Amazon Web Services automatically assigns to the network interface. You cannot use this option if you use the Ipv4 Prefixes option.
Return type

dict

Returns

Response Syntax

{
    'NetworkInterfaceId': 'string',
    'AssignedPrivateIpAddresses': [
        {
            'PrivateIpAddress': 'string'
        },
    ],
    'AssignedIpv4Prefixes': [
        {
            'Ipv4Prefix': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • NetworkInterfaceId (string) --

      The ID of the network interface.

    • AssignedPrivateIpAddresses (list) --

      The private IP addresses assigned to the network interface.

      • (dict) --

        Describes the private IP addresses assigned to a network interface.

        • PrivateIpAddress (string) --

          The private IP address assigned to the network interface.

    • AssignedIpv4Prefixes (list) --

      The IPv4 prefixes that are assigned to the network interface.

Examples

This example assigns the specified secondary private IP address to the specified network interface.

response = client.assign_private_ip_addresses(
    NetworkInterfaceId='eni-e5aa89a3',
    PrivateIpAddresses=[
        '10.0.0.82',
    ],
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}

This example assigns two secondary private IP addresses to the specified network interface. Amazon EC2 automatically assigns these IP addresses from the available IP addresses in the CIDR block range of the subnet the network interface is associated with.

response = client.assign_private_ip_addresses(
    NetworkInterfaceId='eni-e5aa89a3',
    SecondaryPrivateIpAddressCount=2,
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}
associate_address(**kwargs)

Associates an Elastic IP address, or carrier IP address (for instances that are in subnets in Wavelength Zones) with an instance or a network interface. Before you can use an Elastic IP address, you must allocate it to your account.

An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide .

[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a different instance, it is disassociated from that instance and associated with the specified instance. If you associate an Elastic IP address with an instance that has an existing Elastic IP address, the existing address is disassociated from the instance, but remains allocated to your account.

[VPC in an EC2-Classic account] If you don't specify a private IP address, the Elastic IP address is associated with the primary IP address. If the Elastic IP address is already associated with a different instance or a network interface, you get an error unless you allow reassociation. You cannot associate an Elastic IP address with an instance or network interface that has an existing Elastic IP address.

[Subnets in Wavelength Zones] You can associate an IP address from the telecommunication carrier to the instance or network interface.

You cannot associate an Elastic IP address with an interface in a different network border group.

Warning

This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesn't return an error, and you may be charged for each time the Elastic IP address is remapped to the same instance. For more information, see the Elastic IP Addresses section of Amazon EC2 Pricing .

See also: AWS API Documentation

Request Syntax

response = client.associate_address(
    AllocationId='string',
    InstanceId='string',
    PublicIp='string',
    AllowReassociation=True|False,
    DryRun=True|False,
    NetworkInterfaceId='string',
    PrivateIpAddress='string'
)
Parameters
  • AllocationId (string) -- [EC2-VPC] The allocation ID. This is required for EC2-VPC.
  • InstanceId (string) -- The ID of the instance. The instance must have exactly one attached network interface. For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both. For EC2-Classic, you must specify an instance ID and the instance must be in the running state.
  • PublicIp (string) -- [EC2-Classic] The Elastic IP address to associate with the instance. This is required for EC2-Classic.
  • AllowReassociation (boolean) -- [EC2-VPC] For a VPC in an EC2-Classic account, specify true to allow an Elastic IP address that is already associated with an instance or network interface to be reassociated with the specified instance or network interface. Otherwise, the operation fails. In a VPC in an EC2-VPC-only account, reassociation is automatic, therefore you can specify false to ensure the operation fails if the Elastic IP address is already associated with another resource.
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • NetworkInterfaceId (string) --

    [EC2-VPC] The ID of the network interface. If the instance has more than one network interface, you must specify a network interface ID.

    For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both.

  • PrivateIpAddress (string) -- [EC2-VPC] The primary or secondary private IP address to associate with the Elastic IP address. If no private IP address is specified, the Elastic IP address is associated with the primary private IP address.
Return type

dict

Returns

Response Syntax

{
    'AssociationId': 'string'
}

Response Structure

  • (dict) --

    • AssociationId (string) --

      [EC2-VPC] The ID that represents the association of the Elastic IP address with an instance.

Examples

This example associates the specified Elastic IP address with the specified instance in a VPC.

response = client.associate_address(
    AllocationId='eipalloc-64d5890a',
    InstanceId='i-0b263919b6498b123',
)

print(response)

Expected Output:

{
    'AssociationId': 'eipassoc-2bebb745',
    'ResponseMetadata': {
        '...': '...',
    },
}

This example associates the specified Elastic IP address with the specified network interface.

response = client.associate_address(
    AllocationId='eipalloc-64d5890a',
    NetworkInterfaceId='eni-1a2b3c4d',
)

print(response)

Expected Output:

{
    'AssociationId': 'eipassoc-2bebb745',
    'ResponseMetadata': {
        '...': '...',
    },
}

This example associates an Elastic IP address with an instance in EC2-Classic.

response = client.associate_address(
    InstanceId='i-07ffe74c7330ebf53',
    PublicIp='198.51.100.0',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}
associate_client_vpn_target_network(**kwargs)

Associates a target network with a Client VPN endpoint. A target network is a subnet in a VPC. You can associate multiple subnets from the same VPC with a Client VPN endpoint. You can associate only one subnet in each Availability Zone. We recommend that you associate at least two subnets to provide Availability Zone redundancy.

If you specified a VPC when you created the Client VPN endpoint or if you have previous subnet associations, the specified subnet must be in the same VPC. To specify a subnet that's in a different VPC, you must first modify the Client VPN endpoint ( ModifyClientVpnEndpoint ) and change the VPC that's associated with it.

See also: AWS API Documentation

Request Syntax

response = client.associate_client_vpn_target_network(
    ClientVpnEndpointId='string',
    SubnetId='string',
    ClientToken='string',
    DryRun=True|False
)
Parameters
  • ClientVpnEndpointId (string) --

    [REQUIRED]

    The ID of the Client VPN endpoint.

  • SubnetId (string) --

    [REQUIRED]

    The ID of the subnet to associate with the Client VPN endpoint.

  • ClientToken (string) --

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency .

    This field is autopopulated if not provided.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'AssociationId': 'string',
    'Status': {
        'Code': 'associating'|'associated'|'association-failed'|'disassociating'|'disassociated',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • AssociationId (string) --

      The unique ID of the target network association.

    • Status (dict) --

      The current state of the target network association.

      • Code (string) --

        The state of the target network association.

      • Message (string) --

        A message about the status of the target network association, if applicable.

associate_dhcp_options(**kwargs)

Associates a set of DHCP options (that you've previously created) with the specified VPC, or associates no DHCP options with the VPC.

After you associate the options with the VPC, any existing instances and all new instances that you launch in that VPC use the options. You don't need to restart or relaunch the instances. They automatically pick up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You can explicitly renew the lease using the operating system on the instance.

For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.associate_dhcp_options(
    DhcpOptionsId='string',
    VpcId='string',
    DryRun=True|False
)
Parameters
  • DhcpOptionsId (string) --

    [REQUIRED]

    The ID of the DHCP options set, or default to associate no DHCP options with the VPC.

  • VpcId (string) --

    [REQUIRED]

    The ID of the VPC.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Returns

None

Examples

This example associates the specified DHCP options set with the specified VPC.

response = client.associate_dhcp_options(
    DhcpOptionsId='dopt-d9070ebb',
    VpcId='vpc-a01106c2',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}

This example associates the default DHCP options set with the specified VPC.

response = client.associate_dhcp_options(
    DhcpOptionsId='default',
    VpcId='vpc-a01106c2',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}
associate_enclave_certificate_iam_role(**kwargs)

Associates an Identity and Access Management (IAM) role with an Certificate Manager (ACM) certificate. This enables the certificate to be used by the ACM for Nitro Enclaves application inside an enclave. For more information, see Certificate Manager for Nitro Enclaves in the Amazon Web Services Nitro Enclaves User Guide .

When the IAM role is associated with the ACM certificate, the certificate, certificate chain, and encrypted private key are placed in an Amazon S3 bucket that only the associated IAM role can access. The private key of the certificate is encrypted with an Amazon Web Services managed key that has an attached attestation-based key policy.

To enable the IAM role to access the Amazon S3 object, you must grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM role to access the KMS key, you must grant it permission to call kms:Decrypt on the KMS key returned by the command. For more information, see Grant the role permission to access the certificate and encryption key in the Amazon Web Services Nitro Enclaves User Guide .

See also: AWS API Documentation

Request Syntax

response = client.associate_enclave_certificate_iam_role(
    CertificateArn='string',
    RoleArn='string',
    DryRun=True|False
)
Parameters
  • CertificateArn (string) -- The ARN of the ACM certificate with which to associate the IAM role.
  • RoleArn (string) -- The ARN of the IAM role to associate with the ACM certificate. You can associate up to 16 IAM roles with an ACM certificate.
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'CertificateS3BucketName': 'string',
    'CertificateS3ObjectKey': 'string',
    'EncryptionKmsKeyId': 'string'
}

Response Structure

  • (dict) --

    • CertificateS3BucketName (string) --

      The name of the Amazon S3 bucket to which the certificate was uploaded.

    • CertificateS3ObjectKey (string) --

      The Amazon S3 object key where the certificate, certificate chain, and encrypted private key bundle are stored. The object key is formatted as follows: role_arn /certificate_arn .

    • EncryptionKmsKeyId (string) --

      The ID of the KMS key used to encrypt the private key of the certificate.

associate_iam_instance_profile(**kwargs)

Associates an IAM instance profile with a running or stopped instance. You cannot associate more than one IAM instance profile with an instance.

See also: AWS API Documentation

Request Syntax

response = client.associate_iam_instance_profile(
    IamInstanceProfile={
        'Arn': 'string',
        'Name': 'string'
    },
    InstanceId='string'
)
Parameters
  • IamInstanceProfile (dict) --

    [REQUIRED]

    The IAM instance profile.

    • Arn (string) --

      The Amazon Resource Name (ARN) of the instance profile.

    • Name (string) --

      The name of the instance profile.

  • InstanceId (string) --

    [REQUIRED]

    The ID of the instance.

Return type

dict

Returns

Response Syntax

{
    'IamInstanceProfileAssociation': {
        'AssociationId': 'string',
        'InstanceId': 'string',
        'IamInstanceProfile': {
            'Arn': 'string',
            'Id': 'string'
        },
        'State': 'associating'|'associated'|'disassociating'|'disassociated',
        'Timestamp': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    • IamInstanceProfileAssociation (dict) --

      Information about the IAM instance profile association.

      • AssociationId (string) --

        The ID of the association.

      • InstanceId (string) --

        The ID of the instance.

      • IamInstanceProfile (dict) --

        The IAM instance profile.

        • Arn (string) --

          The Amazon Resource Name (ARN) of the instance profile.

        • Id (string) --

          The ID of the instance profile.

      • State (string) --

        The state of the association.

      • Timestamp (datetime) --

        The time the IAM instance profile was associated with the instance.

Examples

This example associates an IAM instance profile named admin-role with the specified instance.

response = client.associate_iam_instance_profile(
    IamInstanceProfile={
        'Name': 'admin-role',
    },
    InstanceId='i-123456789abcde123',
)

print(response)

Expected Output:

{
    'IamInstanceProfileAssociation': {
        'AssociationId': 'iip-assoc-0e7736511a163c209',
        'IamInstanceProfile': {
            'Arn': 'arn:aws:iam::123456789012:instance-profile/admin-role',
            'Id': 'AIPAJBLK7RKJKWDXVHIEC',
        },
        'InstanceId': 'i-123456789abcde123',
        'State': 'associating',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}
associate_instance_event_window(**kwargs)

Associates one or more targets with an event window. Only one type of target (instance IDs, Dedicated Host IDs, or tags) can be specified with an event window.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide .

See also: AWS API Documentation

Request Syntax

response = client.associate_instance_event_window(
    DryRun=True|False,
    InstanceEventWindowId='string',
    AssociationTarget={
        'InstanceIds': [
            'string',
        ],
        'InstanceTags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'DedicatedHostIds': [
            'string',
        ]
    }
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • InstanceEventWindowId (string) --

    [REQUIRED]

    The ID of the event window.

  • AssociationTarget (dict) --

    [REQUIRED]

    One or more targets associated with the specified event window.

    • InstanceIds (list) --

      The IDs of the instances to associate with the event window. If the instance is on a Dedicated Host, you can't specify the Instance ID parameter; you must use the Dedicated Host ID parameter.

      • (string) --
    • InstanceTags (list) --

      The instance tags to associate with the event window. Any instances associated with the tags will be associated with the event window.

      • (dict) --

        Describes a tag.

        • Key (string) --

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

        • Value (string) --

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

    • DedicatedHostIds (list) --

      The IDs of the Dedicated Hosts to associate with the event window.

      • (string) --
Return type

dict

Returns

Response Syntax

{
    'InstanceEventWindow': {
        'InstanceEventWindowId': 'string',
        'TimeRanges': [
            {
                'StartWeekDay': 'sunday'|'monday'|'tuesday'|'wednesday'|'thursday'|'friday'|'saturday',
                'StartHour': 123,
                'EndWeekDay': 'sunday'|'monday'|'tuesday'|'wednesday'|'thursday'|'friday'|'saturday',
                'EndHour': 123
            },
        ],
        'Name': 'string',
        'CronExpression': 'string',
        'AssociationTarget': {
            'InstanceIds': [
                'string',
            ],
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'DedicatedHostIds': [
                'string',
            ]
        },
        'State': 'creating'|'deleting'|'active'|'deleted',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • InstanceEventWindow (dict) --

      Information about the event window.

      • InstanceEventWindowId (string) --

        The ID of the event window.

      • TimeRanges (list) --

        One or more time ranges defined for the event window.

        • (dict) --

          The start day and time and the end day and time of the time range, in UTC.

          • StartWeekDay (string) --

            The day on which the time range begins.

          • StartHour (integer) --

            The hour when the time range begins.

          • EndWeekDay (string) --

            The day on which the time range ends.

          • EndHour (integer) --

            The hour when the time range ends.

      • Name (string) --

        The name of the event window.

      • CronExpression (string) --

        The cron expression defined for the event window.

      • AssociationTarget (dict) --

        One or more targets associated with the event window.

        • InstanceIds (list) --

          The IDs of the instances associated with the event window.

          • (string) --
        • Tags (list) --

          The instance tags associated with the event window. Any instances associated with the tags will be associated with the event window.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

        • DedicatedHostIds (list) --

          The IDs of the Dedicated Hosts associated with the event window.

          • (string) --
      • State (string) --

        The current state of the event window.

      • Tags (list) --

        The instance tags associated with the event window.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

associate_route_table(**kwargs)

Associates a subnet in your VPC or an internet gateway or virtual private gateway attached to your VPC with a route table in your VPC. This association causes traffic from the subnet or gateway to be routed according to the routes in the route table. The action returns an association ID, which you need in order to disassociate the route table later. A route table can be associated with multiple subnets.

For more information, see Route tables in the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.associate_route_table(
    DryRun=True|False,
    RouteTableId='string',
    SubnetId='string',
    GatewayId='string'
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • RouteTableId (string) --

    [REQUIRED]

    The ID of the route table.

  • SubnetId (string) -- The ID of the subnet.
  • GatewayId (string) -- The ID of the internet gateway or virtual private gateway.
Return type

dict

Returns

Response Syntax

{
    'AssociationId': 'string',
    'AssociationState': {
        'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failed',
        'StatusMessage': 'string'
    }
}

Response Structure

  • (dict) --

    • AssociationId (string) --

      The route table association ID. This ID is required for disassociating the route table.

    • AssociationState (dict) --

      The state of the association.

      • State (string) --

        The state of the association.

      • StatusMessage (string) --

        The status message, if applicable.

Examples

This example associates the specified route table with the specified subnet.

response = client.associate_route_table(
    RouteTableId='rtb-22574640',
    SubnetId='subnet-9d4a7b6',
)

print(response)

Expected Output:

{
    'AssociationId': 'rtbassoc-781d0d1a',
    'ResponseMetadata': {
        '...': '...',
    },
}
associate_subnet_cidr_block(**kwargs)

Associates a CIDR block with your subnet. You can only associate a single IPv6 CIDR block with your subnet. An IPv6 CIDR block must have a prefix length of /64.

See also: AWS API Documentation

Request Syntax

response = client.associate_subnet_cidr_block(
    Ipv6CidrBlock='string',
    SubnetId='string'
)
Parameters
  • Ipv6CidrBlock (string) --

    [REQUIRED]

    The IPv6 CIDR block for your subnet. The subnet must have a /64 prefix length.

  • SubnetId (string) --

    [REQUIRED]

    The ID of your subnet.

Return type

dict

Returns

Response Syntax

{
    'Ipv6CidrBlockAssociation': {
        'AssociationId': 'string',
        'Ipv6CidrBlock': 'string',
        'Ipv6CidrBlockState': {
            'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
            'StatusMessage': 'string'
        }
    },
    'SubnetId': 'string'
}

Response Structure

  • (dict) --

    • Ipv6CidrBlockAssociation (dict) --

      Information about the IPv6 CIDR block association.

      • AssociationId (string) --

        The association ID for the CIDR block.

      • Ipv6CidrBlock (string) --

        The IPv6 CIDR block.

      • Ipv6CidrBlockState (dict) --

        Information about the state of the CIDR block.

        • State (string) --

          The state of a CIDR block.

        • StatusMessage (string) --

          A message about the status of the CIDR block, if applicable.

    • SubnetId (string) --

      The ID of the subnet.

associate_transit_gateway_multicast_domain(**kwargs)

Associates the specified subnets and transit gateway attachments with the specified transit gateway multicast domain.

The transit gateway attachment must be in the available state before you can add a resource. Use DescribeTransitGatewayAttachments to see the state of the attachment.

See also: AWS API Documentation

Request Syntax

response = client.associate_transit_gateway_multicast_domain(
    TransitGatewayMulticastDomainId='string',
    TransitGatewayAttachmentId='string',
    SubnetIds=[
        'string',
    ],
    DryRun=True|False
)
Parameters
  • TransitGatewayMulticastDomainId (string) -- The ID of the transit gateway multicast domain.
  • TransitGatewayAttachmentId (string) -- The ID of the transit gateway attachment to associate with the transit gateway multicast domain.
  • SubnetIds (list) --

    The IDs of the subnets to associate with the transit gateway multicast domain.

    • (string) --
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'Associations': {
        'TransitGatewayMulticastDomainId': 'string',
        'TransitGatewayAttachmentId': 'string',
        'ResourceId': 'string',
        'ResourceType': 'vpc'|'vpn'|'direct-connect-gateway'|'connect'|'peering'|'tgw-peering',
        'ResourceOwnerId': 'string',
        'Subnets': [
            {
                'SubnetId': 'string',
                'State': 'pendingAcceptance'|'associating'|'associated'|'disassociating'|'disassociated'|'rejected'|'failed'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • Associations (dict) --

      Information about the transit gateway multicast domain associations.

      • TransitGatewayMulticastDomainId (string) --

        The ID of the transit gateway multicast domain.

      • TransitGatewayAttachmentId (string) --

        The ID of the transit gateway attachment.

      • ResourceId (string) --

        The ID of the resource.

      • ResourceType (string) --

        The type of resource, for example a VPC attachment.

      • ResourceOwnerId (string) --

        The ID of the Amazon Web Services account that owns the resource.

      • Subnets (list) --

        The subnets associated with the multicast domain.

        • (dict) --

          Describes the subnet association with the transit gateway multicast domain.

          • SubnetId (string) --

            The ID of the subnet.

          • State (string) --

            The state of the subnet association.

associate_transit_gateway_route_table(**kwargs)

Associates the specified attachment with the specified transit gateway route table. You can associate only one route table with an attachment.

See also: AWS API Documentation

Request Syntax

response = client.associate_transit_gateway_route_table(
    TransitGatewayRouteTableId='string',
    TransitGatewayAttachmentId='string',
    DryRun=True|False
)
Parameters
  • TransitGatewayRouteTableId (string) --

    [REQUIRED]

    The ID of the transit gateway route table.

  • TransitGatewayAttachmentId (string) --

    [REQUIRED]

    The ID of the attachment.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'Association': {
        'TransitGatewayRouteTableId': 'string',
        'TransitGatewayAttachmentId': 'string',
        'ResourceId': 'string',
        'ResourceType': 'vpc'|'vpn'|'direct-connect-gateway'|'connect'|'peering'|'tgw-peering',
        'State': 'associating'|'associated'|'disassociating'|'disassociated'
    }
}

Response Structure

  • (dict) --

    • Association (dict) --

      The ID of the association.

      • TransitGatewayRouteTableId (string) --

        The ID of the transit gateway route table.

      • TransitGatewayAttachmentId (string) --

        The ID of the attachment.

      • ResourceId (string) --

        The ID of the resource.

      • ResourceType (string) --

        The resource type. Note that the tgw-peering resource type has been deprecated.

      • State (string) --

        The state of the association.

associate_trunk_interface(**kwargs)

Note

This API action is currently in limited preview only . If you are interested in using this feature, contact your account manager.

Associates a branch network interface with a trunk network interface.

Before you create the association, run the create-network-interface command and set --interface-type to trunk . You must also create a network interface for each branch network interface that you want to associate with the trunk network interface.

See also: AWS API Documentation

Request Syntax

response = client.associate_trunk_interface(
    BranchInterfaceId='string',
    TrunkInterfaceId='string',
    VlanId=123,
    GreKey=123,
    ClientToken='string',
    DryRun=True|False
)
Parameters
  • BranchInterfaceId (string) --

    [REQUIRED]

    The ID of the branch network interface.

  • TrunkInterfaceId (string) --

    [REQUIRED]

    The ID of the trunk network interface.

  • VlanId (integer) -- The ID of the VLAN. This applies to the VLAN protocol.
  • GreKey (integer) -- The application key. This applies to the GRE protocol.
  • ClientToken (string) --

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency .

    This field is autopopulated if not provided.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'InterfaceAssociation': {
        'AssociationId': 'string',
        'BranchInterfaceId': 'string',
        'TrunkInterfaceId': 'string',
        'InterfaceProtocol': 'VLAN'|'GRE',
        'VlanId': 123,
        'GreKey': 123,
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    },
    'ClientToken': 'string'
}

Response Structure

  • (dict) --

    • InterfaceAssociation (dict) --

      Information about the association between the trunk network interface and branch network interface.

      • AssociationId (string) --

        The ID of the association.

      • BranchInterfaceId (string) --

        The ID of the branch network interface.

      • TrunkInterfaceId (string) --

        The ID of the trunk network interface.

      • InterfaceProtocol (string) --

        The interface protocol. Valid values are VLAN and GRE .

      • VlanId (integer) --

        The ID of the VLAN when you use the VLAN protocol.

      • GreKey (integer) --

        The application key when you use the GRE protocol.

      • Tags (list) --

        The tags for the trunk interface association.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

    • ClientToken (string) --

      Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to Ensure Idempotency .

associate_vpc_cidr_block(**kwargs)

Associates a CIDR block with your VPC. You can associate a secondary IPv4 CIDR block, an Amazon-provided IPv6 CIDR block, or an IPv6 CIDR block from an IPv6 address pool that you provisioned through bring your own IP addresses (BYOIP ). The IPv6 CIDR block size is fixed at /56.

You must specify one of the following in the request: an IPv4 CIDR block, an IPv6 pool, or an Amazon-provided IPv6 CIDR block.

For more information about associating CIDR blocks with your VPC and applicable restrictions, see VPC and subnet sizing in the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.associate_vpc_cidr_block(
    AmazonProvidedIpv6CidrBlock=True|False,
    CidrBlock='string',
    VpcId='string',
    Ipv6CidrBlockNetworkBorderGroup='string',
    Ipv6Pool='string',
    Ipv6CidrBlock='string'
)
Parameters
  • AmazonProvidedIpv6CidrBlock (boolean) -- Requests an Amazon-provided IPv6 CIDR block with a /56 prefix length for the VPC. You cannot specify the range of IPv6 addresses, or the size of the CIDR block.
  • CidrBlock (string) -- An IPv4 CIDR block to associate with the VPC.
  • VpcId (string) --

    [REQUIRED]

    The ID of the VPC.

  • Ipv6CidrBlockNetworkBorderGroup (string) --

    The name of the location from which we advertise the IPV6 CIDR block. Use this parameter to limit the CIDR block to this location.

    You must set AmazonProvidedIpv6CidrBlock to true to use this parameter.

    You can have one IPv6 CIDR block association per network border group.

  • Ipv6Pool (string) -- The ID of an IPv6 address pool from which to allocate the IPv6 CIDR block.
  • Ipv6CidrBlock (string) --

    An IPv6 CIDR block from the IPv6 address pool. You must also specify Ipv6Pool in the request.

    To let Amazon choose the IPv6 CIDR block for you, omit this parameter.

Return type

dict

Returns

Response Syntax

{
    'Ipv6CidrBlockAssociation': {
        'AssociationId': 'string',
        'Ipv6CidrBlock': 'string',
        'Ipv6CidrBlockState': {
            'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
            'StatusMessage': 'string'
        },
        'NetworkBorderGroup': 'string',
        'Ipv6Pool': 'string'
    },
    'CidrBlockAssociation': {
        'AssociationId': 'string',
        'CidrBlock': 'string',
        'CidrBlockState': {
            'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
            'StatusMessage': 'string'
        }
    },
    'VpcId': 'string'
}

Response Structure

  • (dict) --

    • Ipv6CidrBlockAssociation (dict) --

      Information about the IPv6 CIDR block association.

      • AssociationId (string) --

        The association ID for the IPv6 CIDR block.

      • Ipv6CidrBlock (string) --

        The IPv6 CIDR block.

      • Ipv6CidrBlockState (dict) --

        Information about the state of the CIDR block.

        • State (string) --

          The state of the CIDR block.

        • StatusMessage (string) --

          A message about the status of the CIDR block, if applicable.

      • NetworkBorderGroup (string) --

        The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses, for example, us-east-1-wl1-bos-wlz-1 .

      • Ipv6Pool (string) --

        The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.

    • CidrBlockAssociation (dict) --

      Information about the IPv4 CIDR block association.

      • AssociationId (string) --

        The association ID for the IPv4 CIDR block.

      • CidrBlock (string) --

        The IPv4 CIDR block.

      • CidrBlockState (dict) --

        Information about the state of the CIDR block.

        • State (string) --

          The state of the CIDR block.

        • StatusMessage (string) --

          A message about the status of the CIDR block, if applicable.

    • VpcId (string) --

      The ID of the VPC.

Links an EC2-Classic instance to a ClassicLink-enabled VPC through one or more of the VPC's security groups. You cannot link an EC2-Classic instance to more than one VPC at a time. You can only link an instance that's in the running state. An instance is automatically unlinked from a VPC when it's stopped - you can link it to the VPC again when you restart it.

After you've linked an instance, you cannot change the VPC security groups that are associated with it. To change the security groups, you must first unlink the instance, and then link it again.

Linking your instance to a VPC is sometimes referred to as attaching your instance.

See also: AWS API Documentation

Request Syntax

response = client.attach_classic_link_vpc(
    DryRun=True|False,
    Groups=[
        'string',
    ],
    InstanceId='string',
    VpcId='string'
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • Groups (list) --

    [REQUIRED]

    The ID of one or more of the VPC's security groups. You cannot specify security groups from a different VPC.

    • (string) --
  • InstanceId (string) --

    [REQUIRED]

    The ID of an EC2-Classic instance to link to the ClassicLink-enabled VPC.

  • VpcId (string) --

    [REQUIRED]

    The ID of a ClassicLink-enabled VPC.

Return type

dict

Returns

Response Syntax

{
    'Return': True|False
}

Response Structure

  • (dict) --

    • Return (boolean) --

      Returns true if the request succeeds; otherwise, it returns an error.

attach_internet_gateway(**kwargs)

Attaches an internet gateway or a virtual private gateway to a VPC, enabling connectivity between the internet and the VPC. For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.attach_internet_gateway(
    DryRun=True|False,
    InternetGatewayId='string',
    VpcId='string'
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • InternetGatewayId (string) --

    [REQUIRED]

    The ID of the internet gateway.

  • VpcId (string) --

    [REQUIRED]

    The ID of the VPC.

Returns

None

Examples

This example attaches the specified Internet gateway to the specified VPC.

response = client.attach_internet_gateway(
    InternetGatewayId='igw-c0a643a9',
    VpcId='vpc-a01106c2',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}
attach_network_interface(**kwargs)

Attaches a network interface to an instance.

See also: AWS API Documentation

Request Syntax

response = client.attach_network_interface(
    DeviceIndex=123,
    DryRun=True|False,
    InstanceId='string',
    NetworkInterfaceId='string',
    NetworkCardIndex=123
)
Parameters
  • DeviceIndex (integer) --

    [REQUIRED]

    The index of the device for the network interface attachment.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • InstanceId (string) --

    [REQUIRED]

    The ID of the instance.

  • NetworkInterfaceId (string) --

    [REQUIRED]

    The ID of the network interface.

  • NetworkCardIndex (integer) -- The index of the network card. Some instance types support multiple network cards. The primary network interface must be assigned to network card index 0. The default is network card index 0.
Return type

dict

Returns

Response Syntax

{
    'AttachmentId': 'string',
    'NetworkCardIndex': 123
}

Response Structure

  • (dict) --

    Contains the output of AttachNetworkInterface.

    • AttachmentId (string) --

      The ID of the network interface attachment.

    • NetworkCardIndex (integer) --

      The index of the network card.

Examples

This example attaches the specified network interface to the specified instance.

response = client.attach_network_interface(
    DeviceIndex=1,
    InstanceId='i-1234567890abcdef0',
    NetworkInterfaceId='eni-e5aa89a3',
)

print(response)

Expected Output:

{
    'AttachmentId': 'eni-attach-66c4350a',
    'ResponseMetadata': {
        '...': '...',
    },
}
attach_volume(**kwargs)

Attaches an EBS volume to a running or stopped instance and exposes it to the instance with the specified device name.

Encrypted EBS volumes must be attached to instances that support Amazon EBS encryption. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide .

After you attach an EBS volume, you must make it available. For more information, see Make an EBS volume available for use .

If a volume has an Amazon Web Services Marketplace product code:

  • The volume can be attached only to a stopped instance.
  • Amazon Web Services Marketplace product codes are copied from the volume to the instance.
  • You must be subscribed to the product.
  • The instance type and operating system of the instance must support the product. For example, you can't detach a volume from a Windows instance and attach it to a Linux instance.

For more information, see Attach an Amazon EBS volume to an instance in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.attach_volume(
    Device='string',
    InstanceId='string',
    VolumeId='string',
    DryRun=True|False
)
Parameters
  • Device (string) --

    [REQUIRED]

    The device name (for example, /dev/sdh or xvdh ).

  • InstanceId (string) --

    [REQUIRED]

    The ID of the instance.

  • VolumeId (string) --

    [REQUIRED]

    The ID of the EBS volume. The volume and instance must be within the same Availability Zone.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'AttachTime': datetime(2015, 1, 1),
    'Device': 'string',
    'InstanceId': 'string',
    'State': 'attaching'|'attached'|'detaching'|'detached'|'busy',
    'VolumeId': 'string',
    'DeleteOnTermination': True|False
}

Response Structure

  • (dict) --

    Describes volume attachment details.

    • AttachTime (datetime) --

      The time stamp when the attachment initiated.

    • Device (string) --

      The device name.

    • InstanceId (string) --

      The ID of the instance.

    • State (string) --

      The attachment state of the volume.

    • VolumeId (string) --

      The ID of the volume.

    • DeleteOnTermination (boolean) --

      Indicates whether the EBS volume is deleted on instance termination.

Examples

This example attaches a volume (vol-1234567890abcdef0) to an instance (i-01474ef662b89480) as /dev/sdf.

response = client.attach_volume(
    Device='/dev/sdf',
    InstanceId='i-01474ef662b89480',
    VolumeId='vol-1234567890abcdef0',
)

print(response)

Expected Output:

{
    'AttachTime': datetime(2016, 8, 29, 18, 52, 32, 0, 242, 0),
    'Device': '/dev/sdf',
    'InstanceId': 'i-01474ef662b89480',
    'State': 'attaching',
    'VolumeId': 'vol-1234567890abcdef0',
    'ResponseMetadata': {
        '...': '...',
    },
}
attach_vpn_gateway(**kwargs)

Attaches a virtual private gateway to a VPC. You can attach one virtual private gateway to one VPC at a time.

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide .

See also: AWS API Documentation

Request Syntax

response = client.attach_vpn_gateway(
    VpcId='string',
    VpnGatewayId='string',
    DryRun=True|False
)
Parameters
  • VpcId (string) --

    [REQUIRED]

    The ID of the VPC.

  • VpnGatewayId (string) --

    [REQUIRED]

    The ID of the virtual private gateway.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'VpcAttachment': {
        'State': 'attaching'|'attached'|'detaching'|'detached',
        'VpcId': 'string'
    }
}

Response Structure

  • (dict) --

    Contains the output of AttachVpnGateway.

    • VpcAttachment (dict) --

      Information about the attachment.

      • State (string) --

        The current state of the attachment.

      • VpcId (string) --

        The ID of the VPC.

authorize_client_vpn_ingress(**kwargs)

Adds an ingress authorization rule to a Client VPN endpoint. Ingress authorization rules act as firewall rules that grant access to networks. You must configure ingress authorization rules to enable clients to access resources in Amazon Web Services or on-premises networks.

See also: AWS API Documentation

Request Syntax

response = client.authorize_client_vpn_ingress(
    ClientVpnEndpointId='string',
    TargetNetworkCidr='string',
    AccessGroupId='string',
    AuthorizeAllGroups=True|False,
    Description='string',
    ClientToken='string',
    DryRun=True|False
)
Parameters
  • ClientVpnEndpointId (string) --

    [REQUIRED]

    The ID of the Client VPN endpoint.

  • TargetNetworkCidr (string) --

    [REQUIRED]

    The IPv4 address range, in CIDR notation, of the network for which access is being authorized.

  • AccessGroupId (string) -- The ID of the group to grant access to, for example, the Active Directory group or identity provider (IdP) group. Required if AuthorizeAllGroups is false or not specified.
  • AuthorizeAllGroups (boolean) -- Indicates whether to grant access to all clients. Specify true to grant all clients who successfully establish a VPN connection access to the network. Must be set to true if AccessGroupId is not specified.
  • Description (string) -- A brief description of the authorization rule.
  • ClientToken (string) --

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency .

    This field is autopopulated if not provided.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'Status': {
        'Code': 'authorizing'|'active'|'failed'|'revoking',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • Status (dict) --

      The current state of the authorization rule.

      • Code (string) --

        The state of the authorization rule.

      • Message (string) --

        A message about the status of the authorization rule, if applicable.

authorize_security_group_egress(**kwargs)

[VPC only] Adds the specified outbound (egress) rules to a security group for use with a VPC.

An outbound rule permits instances to send traffic to the specified IPv4 or IPv6 CIDR address ranges, or to the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For the TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol, you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all codes.

Rule changes are propagated to affected instances as quickly as possible. However, a small delay might occur.

For information about VPC security group quotas, see Amazon VPC quotas .

See also: AWS API Documentation

Request Syntax

response = client.authorize_security_group_egress(
    DryRun=True|False,
    GroupId='string',
    IpPermissions=[
        {
            'FromPort': 123,
            'IpProtocol': 'string',
            'IpRanges': [
                {
                    'CidrIp': 'string',
                    'Description': 'string'
                },
            ],
            'Ipv6Ranges': [
                {
                    'CidrIpv6': 'string',
                    'Description': 'string'
                },
            ],
            'PrefixListIds': [
                {
                    'Description': 'string',
                    'PrefixListId': 'string'
                },
            ],
            'ToPort': 123,
            'UserIdGroupPairs': [
                {
                    'Description': 'string',
                    'GroupId': 'string',
                    'GroupName': 'string',
                    'PeeringStatus': 'string',
                    'UserId': 'string',
                    'VpcId': 'string',
                    'VpcPeeringConnectionId': 'string'
                },
            ]
        },
    ],
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    CidrIp='string',
    FromPort=123,
    IpProtocol='string',
    ToPort=123,
    SourceSecurityGroupName='string',
    SourceSecurityGroupOwnerId='string'
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • GroupId (string) --

    [REQUIRED]

    The ID of the security group.

  • IpPermissions (list) --

    The sets of IP permissions. You can't specify a destination security group and a CIDR IP address range in the same set of permissions.

    • (dict) --

      Describes a set of permissions for a security group rule.

      • FromPort (integer) --

        The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

      • IpProtocol (string) --

        The IP protocol name (tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

        [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

      • IpRanges (list) --

        The IPv4 ranges.

        • (dict) --

          Describes an IPv4 range.

          • CidrIp (string) --

            The IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.

          • Description (string) --

            A description for the security group rule that references this IPv4 address range.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

      • Ipv6Ranges (list) --

        [VPC only] The IPv6 ranges.

        • (dict) --

          [EC2-VPC only] Describes an IPv6 range.

          • CidrIpv6 (string) --

            The IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.

          • Description (string) --

            A description for the security group rule that references this IPv6 address range.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

      • PrefixListIds (list) --

        [VPC only] The prefix list IDs.

        • (dict) --

          Describes a prefix list ID.

          • Description (string) --

            A description for the security group rule that references this prefix list ID.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

          • PrefixListId (string) --

            The ID of the prefix.

      • ToPort (integer) --

        The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

      • UserIdGroupPairs (list) --

        The security group and Amazon Web Services account ID pairs.

        • (dict) --

          Describes a security group and Amazon Web Services account ID pair.

          • Description (string) --

            A description for the security group rule that references this user ID group pair.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

          • GroupId (string) --

            The ID of the security group.

          • GroupName (string) --

            The name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID.

            For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.

          • PeeringStatus (string) --

            The status of a VPC peering connection, if applicable.

          • UserId (string) --

            The ID of an Amazon Web Services account.

            For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

            [EC2-Classic] Required when adding or removing rules that reference a security group in another Amazon Web Services account.

          • VpcId (string) --

            The ID of the VPC for the referenced security group, if applicable.

          • VpcPeeringConnectionId (string) --

            The ID of the VPC peering connection, if applicable.

  • TagSpecifications (list) --

    The tags applied to the security group rule.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • CidrIp (string) -- Not supported. Use a set of IP permissions to specify the CIDR.
  • FromPort (integer) -- Not supported. Use a set of IP permissions to specify the port.
  • IpProtocol (string) -- Not supported. Use a set of IP permissions to specify the protocol name or number.
  • ToPort (integer) -- Not supported. Use a set of IP permissions to specify the port.
  • SourceSecurityGroupName (string) -- Not supported. Use a set of IP permissions to specify a destination security group.
  • SourceSecurityGroupOwnerId (string) -- Not supported. Use a set of IP permissions to specify a destination security group.
Return type

dict

Returns

Response Syntax

{
    'Return': True|False,
    'SecurityGroupRules': [
        {
            'SecurityGroupRuleId': 'string',
            'GroupId': 'string',
            'GroupOwnerId': 'string',
            'IsEgress': True|False,
            'IpProtocol': 'string',
            'FromPort': 123,
            'ToPort': 123,
            'CidrIpv4': 'string',
            'CidrIpv6': 'string',
            'PrefixListId': 'string',
            'ReferencedGroupInfo': {
                'GroupId': 'string',
                'PeeringStatus': 'string',
                'UserId': 'string',
                'VpcId': 'string',
                'VpcPeeringConnectionId': 'string'
            },
            'Description': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
}

Response Structure

  • (dict) --

    • Return (boolean) --

      Returns true if the request succeeds; otherwise, returns an error.

    • SecurityGroupRules (list) --

      Information about the outbound (egress) security group rules that were added.

      • (dict) --

        Describes a security group rule.

        • SecurityGroupRuleId (string) --

          The ID of the security group rule.

        • GroupId (string) --

          The ID of the security group.

        • GroupOwnerId (string) --

          The ID of the Amazon Web Services account that owns the security group.

        • IsEgress (boolean) --

          Indicates whether the security group rule is an outbound rule.

        • IpProtocol (string) --

          The IP protocol name (tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

          Use -1 to specify all protocols.

        • FromPort (integer) --

          The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

        • ToPort (integer) --

          The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

        • CidrIpv4 (string) --

          The IPv4 CIDR range.

        • CidrIpv6 (string) --

          The IPv6 CIDR range.

        • PrefixListId (string) --

          The ID of the prefix list.

        • ReferencedGroupInfo (dict) --

          Describes the security group that is referenced in the rule.

          • GroupId (string) --

            The ID of the security group.

          • PeeringStatus (string) --

            The status of a VPC peering connection, if applicable.

          • UserId (string) --

            The Amazon Web Services account ID.

          • VpcId (string) --

            The ID of the VPC.

          • VpcPeeringConnectionId (string) --

            The ID of the VPC peering connection.

        • Description (string) --

          The security group rule description.

        • Tags (list) --

          The tags applied to the security group rule.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Examples

This example adds a rule that grants access to the specified address ranges on TCP port 80.

response = client.authorize_security_group_egress(
    GroupId='sg-1a2b3c4d',
    IpPermissions=[
        {
            'FromPort': 80,
            'IpProtocol': 'tcp',
            'IpRanges': [
                {
                    'CidrIp': '10.0.0.0/16',
                },
            ],
            'ToPort': 80,
        },
    ],
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}

This example adds a rule that grants access to the specified security group on TCP port 80.

response = client.authorize_security_group_egress(
    GroupId='sg-1a2b3c4d',
    IpPermissions=[
        {
            'FromPort': 80,
            'IpProtocol': 'tcp',
            'ToPort': 80,
            'UserIdGroupPairs': [
                {
                    'GroupId': 'sg-4b51a32f',
                },
            ],
        },
    ],
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}
authorize_security_group_ingress(**kwargs)

Adds the specified inbound (ingress) rules to a security group.

An inbound rule permits instances to receive traffic from the specified IPv4 or IPv6 CIDR address range, or from the instances that are associated with the specified destination security groups.

You specify a protocol for each rule (for example, TCP). For TCP and UDP, you must also specify the destination port or port range. For ICMP/ICMPv6, you must also specify the ICMP/ICMPv6 type and code. You can use -1 to mean all types or all codes.

Rule changes are propagated to instances within the security group as quickly as possible. However, a small delay might occur.

For more information about VPC security group quotas, see Amazon VPC quotas .

See also: AWS API Documentation

Request Syntax

response = client.authorize_security_group_ingress(
    CidrIp='string',
    FromPort=123,
    GroupId='string',
    GroupName='string',
    IpPermissions=[
        {
            'FromPort': 123,
            'IpProtocol': 'string',
            'IpRanges': [
                {
                    'CidrIp': 'string',
                    'Description': 'string'
                },
            ],
            'Ipv6Ranges': [
                {
                    'CidrIpv6': 'string',
                    'Description': 'string'
                },
            ],
            'PrefixListIds': [
                {
                    'Description': 'string',
                    'PrefixListId': 'string'
                },
            ],
            'ToPort': 123,
            'UserIdGroupPairs': [
                {
                    'Description': 'string',
                    'GroupId': 'string',
                    'GroupName': 'string',
                    'PeeringStatus': 'string',
                    'UserId': 'string',
                    'VpcId': 'string',
                    'VpcPeeringConnectionId': 'string'
                },
            ]
        },
    ],
    IpProtocol='string',
    SourceSecurityGroupName='string',
    SourceSecurityGroupOwnerId='string',
    ToPort=123,
    DryRun=True|False,
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)
Parameters
  • CidrIp (string) --

    The IPv4 address range, in CIDR format. You can't specify this parameter when specifying a source security group. To specify an IPv6 address range, use a set of IP permissions.

    Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

  • FromPort (integer) --

    The start of port range for the TCP and UDP protocols, or an ICMP type number. For the ICMP type number, use -1 to specify all types. If you specify all ICMP types, you must specify all codes.

    Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

  • GroupId (string) -- The ID of the security group. You must specify either the security group ID or the security group name in the request. For security groups in a nondefault VPC, you must specify the security group ID.
  • GroupName (string) -- [EC2-Classic, default VPC] The name of the security group. You must specify either the security group ID or the security group name in the request.
  • IpPermissions (list) --

    The sets of IP permissions.

    • (dict) --

      Describes a set of permissions for a security group rule.

      • FromPort (integer) --

        The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type number. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

      • IpProtocol (string) --

        The IP protocol name (tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

        [VPC only] Use -1 to specify all protocols. When authorizing security group rules, specifying -1 or a protocol number other than tcp , udp , icmp , or icmpv6 allows traffic on all ports, regardless of any port range you specify. For tcp , udp , and icmp , you must specify a port range. For icmpv6 , the port range is optional; if you omit the port range, traffic for all types and codes is allowed.

      • IpRanges (list) --

        The IPv4 ranges.

        • (dict) --

          Describes an IPv4 range.

          • CidrIp (string) --

            The IPv4 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv4 address, use the /32 prefix length.

          • Description (string) --

            A description for the security group rule that references this IPv4 address range.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

      • Ipv6Ranges (list) --

        [VPC only] The IPv6 ranges.

        • (dict) --

          [EC2-VPC only] Describes an IPv6 range.

          • CidrIpv6 (string) --

            The IPv6 CIDR range. You can either specify a CIDR range or a source security group, not both. To specify a single IPv6 address, use the /128 prefix length.

          • Description (string) --

            A description for the security group rule that references this IPv6 address range.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=&;{}!$*

      • PrefixListIds (list) --

        [VPC only] The prefix list IDs.

        • (dict) --

          Describes a prefix list ID.

          • Description (string) --

            A description for the security group rule that references this prefix list ID.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

          • PrefixListId (string) --

            The ID of the prefix.

      • ToPort (integer) --

        The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

      • UserIdGroupPairs (list) --

        The security group and Amazon Web Services account ID pairs.

        • (dict) --

          Describes a security group and Amazon Web Services account ID pair.

          • Description (string) --

            A description for the security group rule that references this user ID group pair.

            Constraints: Up to 255 characters in length. Allowed characters are a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*

          • GroupId (string) --

            The ID of the security group.

          • GroupName (string) --

            The name of the security group. In a request, use this parameter for a security group in EC2-Classic or a default VPC only. For a security group in a nondefault VPC, use the security group ID.

            For a referenced security group in another VPC, this value is not returned if the referenced security group is deleted.

          • PeeringStatus (string) --

            The status of a VPC peering connection, if applicable.

          • UserId (string) --

            The ID of an Amazon Web Services account.

            For a referenced security group in another VPC, the account ID of the referenced security group is returned in the response. If the referenced security group is deleted, this value is not returned.

            [EC2-Classic] Required when adding or removing rules that reference a security group in another Amazon Web Services account.

          • VpcId (string) --

            The ID of the VPC for the referenced security group, if applicable.

          • VpcPeeringConnectionId (string) --

            The ID of the VPC peering connection, if applicable.

  • IpProtocol (string) --

    The IP protocol name (tcp , udp , icmp ) or number (see Protocol Numbers ). To specify icmpv6 , use a set of IP permissions.

    [VPC only] Use -1 to specify all protocols. If you specify -1 or a protocol other than tcp , udp , or icmp , traffic on all ports is allowed, regardless of any ports you specify.

    Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

  • SourceSecurityGroupName (string) -- [EC2-Classic, default VPC] The name of the source security group. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the start of the port range, the IP protocol, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead. For EC2-VPC, the source security group must be in the same VPC.
  • SourceSecurityGroupOwnerId (string) -- [nondefault VPC] The Amazon Web Services account ID for the source security group, if the source security group is in a different account. You can't specify this parameter in combination with the following parameters: the CIDR IP address range, the IP protocol, the start of the port range, and the end of the port range. Creates rules that grant full ICMP, UDP, and TCP access. To create a rule with a specific IP protocol and port range, use a set of IP permissions instead.
  • ToPort (integer) --

    The end of port range for the TCP and UDP protocols, or an ICMP code number. For the ICMP code number, use -1 to specify all codes. If you specify all ICMP types, you must specify all codes.

    Alternatively, use a set of IP permissions to specify multiple rules and a description for the rule.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • TagSpecifications (list) --

    [VPC Only] The tags applied to the security group rule.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Return type

dict

Returns

Response Syntax

{
    'Return': True|False,
    'SecurityGroupRules': [
        {
            'SecurityGroupRuleId': 'string',
            'GroupId': 'string',
            'GroupOwnerId': 'string',
            'IsEgress': True|False,
            'IpProtocol': 'string',
            'FromPort': 123,
            'ToPort': 123,
            'CidrIpv4': 'string',
            'CidrIpv6': 'string',
            'PrefixListId': 'string',
            'ReferencedGroupInfo': {
                'GroupId': 'string',
                'PeeringStatus': 'string',
                'UserId': 'string',
                'VpcId': 'string',
                'VpcPeeringConnectionId': 'string'
            },
            'Description': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
}

Response Structure

  • (dict) --

    • Return (boolean) --

      Returns true if the request succeeds; otherwise, returns an error.

    • SecurityGroupRules (list) --

      Information about the inbound (ingress) security group rules that were added.

      • (dict) --

        Describes a security group rule.

        • SecurityGroupRuleId (string) --

          The ID of the security group rule.

        • GroupId (string) --

          The ID of the security group.

        • GroupOwnerId (string) --

          The ID of the Amazon Web Services account that owns the security group.

        • IsEgress (boolean) --

          Indicates whether the security group rule is an outbound rule.

        • IpProtocol (string) --

          The IP protocol name (tcp , udp , icmp , icmpv6 ) or number (see Protocol Numbers ).

          Use -1 to specify all protocols.

        • FromPort (integer) --

          The start of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 type. A value of -1 indicates all ICMP/ICMPv6 types. If you specify all ICMP/ICMPv6 types, you must specify all codes.

        • ToPort (integer) --

          The end of port range for the TCP and UDP protocols, or an ICMP/ICMPv6 code. A value of -1 indicates all ICMP/ICMPv6 codes. If you specify all ICMP/ICMPv6 types, you must specify all codes.

        • CidrIpv4 (string) --

          The IPv4 CIDR range.

        • CidrIpv6 (string) --

          The IPv6 CIDR range.

        • PrefixListId (string) --

          The ID of the prefix list.

        • ReferencedGroupInfo (dict) --

          Describes the security group that is referenced in the rule.

          • GroupId (string) --

            The ID of the security group.

          • PeeringStatus (string) --

            The status of a VPC peering connection, if applicable.

          • UserId (string) --

            The Amazon Web Services account ID.

          • VpcId (string) --

            The ID of the VPC.

          • VpcPeeringConnectionId (string) --

            The ID of the VPC peering connection.

        • Description (string) --

          The security group rule description.

        • Tags (list) --

          The tags applied to the security group rule.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Examples

This example enables inbound traffic on TCP port 22 (SSH). The rule includes a description to help you identify it later.

response = client.authorize_security_group_ingress(
    GroupId='sg-903004f8',
    IpPermissions=[
        {
            'FromPort': 22,
            'IpProtocol': 'tcp',
            'IpRanges': [
                {
                    'CidrIp': '203.0.113.0/24',
                    'Description': 'SSH access from the LA office',
                },
            ],
            'ToPort': 22,
        },
    ],
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}

This example enables inbound traffic on TCP port 80 from the specified security group. The group must be in the same VPC or a peer VPC. Incoming traffic is allowed based on the private IP addresses of instances that are associated with the specified security group.

response = client.authorize_security_group_ingress(
    GroupId='sg-111aaa22',
    IpPermissions=[
        {
            'FromPort': 80,
            'IpProtocol': 'tcp',
            'ToPort': 80,
            'UserIdGroupPairs': [
                {
                    'Description': 'HTTP access from other instances',
                    'GroupId': 'sg-1a2b3c4d',
                },
            ],
        },
    ],
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}

This example adds an inbound rule that allows RDP traffic from the specified IPv6 address range. The rule includes a description to help you identify it later.

response = client.authorize_security_group_ingress(
    GroupId='sg-123abc12 ',
    IpPermissions=[
        {
            'FromPort': 3389,
            'IpProtocol': 'tcp',
            'Ipv6Ranges': [
                {
                    'CidrIpv6': '2001:db8:1234:1a00::/64',
                    'Description': 'RDP access from the NY office',
                },
            ],
            'ToPort': 3389,
        },
    ],
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}
bundle_instance(**kwargs)

Bundles an Amazon instance store-backed Windows instance.

During bundling, only the root device volume (C:) is bundled. Data on other instance store volumes is not preserved.

Note

This action is not applicable for Linux/Unix instances or Windows instances that are backed by Amazon EBS.

See also: AWS API Documentation

Request Syntax

response = client.bundle_instance(
    InstanceId='string',
    Storage={
        'S3': {
            'AWSAccessKeyId': 'string',
            'Bucket': 'string',
            'Prefix': 'string',
            'UploadPolicy': b'bytes',
            'UploadPolicySignature': 'string'
        }
    },
    DryRun=True|False
)
Parameters
  • InstanceId (string) --

    [REQUIRED]

    The ID of the instance to bundle.

    Type: String

    Default: None

    Required: Yes

  • Storage (dict) --

    [REQUIRED]

    The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.

    • S3 (dict) --

      An Amazon S3 storage location.

      • AWSAccessKeyId (string) --

        The access key ID of the owner of the bucket. Before you specify a value for your access key ID, review and follow the guidance in Best Practices for Managing Amazon Web Services Access Keys .

      • Bucket (string) --

        The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.

      • Prefix (string) --

        The beginning of the file name of the AMI.

      • UploadPolicy (bytes) --

        An Amazon S3 upload policy that gives Amazon EC2 permission to upload items into Amazon S3 on your behalf.

      • UploadPolicySignature (string) --

        The signature of the JSON document.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'BundleTask': {
        'BundleId': 'string',
        'BundleTaskError': {
            'Code': 'string',
            'Message': 'string'
        },
        'InstanceId': 'string',
        'Progress': 'string',
        'StartTime': datetime(2015, 1, 1),
        'State': 'pending'|'waiting-for-shutdown'|'bundling'|'storing'|'cancelling'|'complete'|'failed',
        'Storage': {
            'S3': {
                'AWSAccessKeyId': 'string',
                'Bucket': 'string',
                'Prefix': 'string',
                'UploadPolicy': b'bytes',
                'UploadPolicySignature': 'string'
            }
        },
        'UpdateTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    Contains the output of BundleInstance.

    • BundleTask (dict) --

      Information about the bundle task.

      • BundleId (string) --

        The ID of the bundle task.

      • BundleTaskError (dict) --

        If the task fails, a description of the error.

        • Code (string) --

          The error code.

        • Message (string) --

          The error message.

      • InstanceId (string) --

        The ID of the instance associated with this bundle task.

      • Progress (string) --

        The level of task completion, as a percent (for example, 20%).

      • StartTime (datetime) --

        The time this task started.

      • State (string) --

        The state of the task.

      • Storage (dict) --

        The Amazon S3 storage locations.

        • S3 (dict) --

          An Amazon S3 storage location.

          • AWSAccessKeyId (string) --

            The access key ID of the owner of the bucket. Before you specify a value for your access key ID, review and follow the guidance in Best Practices for Managing Amazon Web Services Access Keys .

          • Bucket (string) --

            The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.

          • Prefix (string) --

            The beginning of the file name of the AMI.

          • UploadPolicy (bytes) --

            An Amazon S3 upload policy that gives Amazon EC2 permission to upload items into Amazon S3 on your behalf.

          • UploadPolicySignature (string) --

            The signature of the JSON document.

      • UpdateTime (datetime) --

        The time of the most recent update for the task.

can_paginate(operation_name)

Check if an operation can be paginated.

Parameters
operation_name (string) -- The operation name. This is the same name as the method name on the client. For example, if the method name is create_foo, and you'd normally invoke the operation as client.create_foo(**kwargs), if the create_foo operation can be paginated, you can use the call client.get_paginator("create_foo").
Returns
True if the operation can be paginated, False otherwise.
cancel_bundle_task(**kwargs)

Cancels a bundling operation for an instance store-backed Windows instance.

See also: AWS API Documentation

Request Syntax

response = client.cancel_bundle_task(
    BundleId='string',
    DryRun=True|False
)
Parameters
  • BundleId (string) --

    [REQUIRED]

    The ID of the bundle task.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'BundleTask': {
        'BundleId': 'string',
        'BundleTaskError': {
            'Code': 'string',
            'Message': 'string'
        },
        'InstanceId': 'string',
        'Progress': 'string',
        'StartTime': datetime(2015, 1, 1),
        'State': 'pending'|'waiting-for-shutdown'|'bundling'|'storing'|'cancelling'|'complete'|'failed',
        'Storage': {
            'S3': {
                'AWSAccessKeyId': 'string',
                'Bucket': 'string',
                'Prefix': 'string',
                'UploadPolicy': b'bytes',
                'UploadPolicySignature': 'string'
            }
        },
        'UpdateTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) --

    Contains the output of CancelBundleTask.

    • BundleTask (dict) --

      Information about the bundle task.

      • BundleId (string) --

        The ID of the bundle task.

      • BundleTaskError (dict) --

        If the task fails, a description of the error.

        • Code (string) --

          The error code.

        • Message (string) --

          The error message.

      • InstanceId (string) --

        The ID of the instance associated with this bundle task.

      • Progress (string) --

        The level of task completion, as a percent (for example, 20%).

      • StartTime (datetime) --

        The time this task started.

      • State (string) --

        The state of the task.

      • Storage (dict) --

        The Amazon S3 storage locations.

        • S3 (dict) --

          An Amazon S3 storage location.

          • AWSAccessKeyId (string) --

            The access key ID of the owner of the bucket. Before you specify a value for your access key ID, review and follow the guidance in Best Practices for Managing Amazon Web Services Access Keys .

          • Bucket (string) --

            The bucket in which to store the AMI. You can specify a bucket that you already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a bucket that belongs to someone else, Amazon EC2 returns an error.

          • Prefix (string) --

            The beginning of the file name of the AMI.

          • UploadPolicy (bytes) --

            An Amazon S3 upload policy that gives Amazon EC2 permission to upload items into Amazon S3 on your behalf.

          • UploadPolicySignature (string) --

            The signature of the JSON document.

      • UpdateTime (datetime) --

        The time of the most recent update for the task.

cancel_capacity_reservation(**kwargs)

Cancels the specified Capacity Reservation, releases the reserved capacity, and changes the Capacity Reservation's state to cancelled .

Instances running in the reserved capacity continue running until you stop them. Stopped instances that target the Capacity Reservation can no longer launch. Modify these instances to either target a different Capacity Reservation, launch On-Demand Instance capacity, or run in any open Capacity Reservation that has matching attributes and sufficient capacity.

See also: AWS API Documentation

Request Syntax

response = client.cancel_capacity_reservation(
    CapacityReservationId='string',
    DryRun=True|False
)
Parameters
  • CapacityReservationId (string) --

    [REQUIRED]

    The ID of the Capacity Reservation to be cancelled.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'Return': True|False
}

Response Structure

  • (dict) --

    • Return (boolean) --

      Returns true if the request succeeds; otherwise, it returns an error.

cancel_conversion_task(**kwargs)

Cancels an active conversion task. The task can be the import of an instance or volume. The action removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion is complete or is in the process of transferring the final disk image, the command fails and returns an exception.

For more information, see Importing a Virtual Machine Using the Amazon EC2 CLI .

See also: AWS API Documentation

Request Syntax

response = client.cancel_conversion_task(
    ConversionTaskId='string',
    DryRun=True|False,
    ReasonMessage='string'
)
Parameters
  • ConversionTaskId (string) --

    [REQUIRED]

    The ID of the conversion task.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ReasonMessage (string) -- The reason for canceling the conversion task.
Returns

None

cancel_export_task(**kwargs)

Cancels an active export task. The request removes all artifacts of the export, including any partially-created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk image, the command fails and returns an error.

See also: AWS API Documentation

Request Syntax

response = client.cancel_export_task(
    ExportTaskId='string'
)
Parameters
ExportTaskId (string) --

[REQUIRED]

The ID of the export task. This is the ID returned by CreateInstanceExportTask .

Returns
None
cancel_import_task(**kwargs)

Cancels an in-process import virtual machine or import snapshot task.

See also: AWS API Documentation

Request Syntax

response = client.cancel_import_task(
    CancelReason='string',
    DryRun=True|False,
    ImportTaskId='string'
)
Parameters
  • CancelReason (string) -- The reason for canceling the task.
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ImportTaskId (string) -- The ID of the import image or import snapshot task to be canceled.
Return type

dict

Returns

Response Syntax

{
    'ImportTaskId': 'string',
    'PreviousState': 'string',
    'State': 'string'
}

Response Structure

  • (dict) --

    • ImportTaskId (string) --

      The ID of the task being canceled.

    • PreviousState (string) --

      The current state of the task being canceled.

    • State (string) --

      The current state of the task being canceled.

cancel_reserved_instances_listing(**kwargs)

Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.

For more information, see Reserved Instance Marketplace in the Amazon EC2 User Guide .

See also: AWS API Documentation

Request Syntax

response = client.cancel_reserved_instances_listing(
    ReservedInstancesListingId='string'
)
Parameters
ReservedInstancesListingId (string) --

[REQUIRED]

The ID of the Reserved Instance listing.

Return type
dict
Returns
Response Syntax
{
    'ReservedInstancesListings': [
        {
            'ClientToken': 'string',
            'CreateDate': datetime(2015, 1, 1),
            'InstanceCounts': [
                {
                    'InstanceCount': 123,
                    'State': 'available'|'sold'|'cancelled'|'pending'
                },
            ],
            'PriceSchedules': [
                {
                    'Active': True|False,
                    'CurrencyCode': 'USD',
                    'Price': 123.0,
                    'Term': 123
                },
            ],
            'ReservedInstancesId': 'string',
            'ReservedInstancesListingId': 'string',
            'Status': 'active'|'pending'|'cancelled'|'closed',
            'StatusMessage': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'UpdateDate': datetime(2015, 1, 1)
        },
    ]
}

Response Structure

  • (dict) --

    Contains the output of CancelReservedInstancesListing.

    • ReservedInstancesListings (list) --

      The Reserved Instance listing.

      • (dict) --

        Describes a Reserved Instance listing.

        • ClientToken (string) --

          A unique, case-sensitive key supplied by the client to ensure that the request is idempotent. For more information, see Ensuring Idempotency .

        • CreateDate (datetime) --

          The time the listing was created.

        • InstanceCounts (list) --

          The number of instances in this state.

          • (dict) --

            Describes a Reserved Instance listing state.

            • InstanceCount (integer) --

              The number of listed Reserved Instances in the state specified by the state .

            • State (string) --

              The states of the listed Reserved Instances.

        • PriceSchedules (list) --

          The price of the Reserved Instance listing.

          • (dict) --

            Describes the price for a Reserved Instance.

            • Active (boolean) --

              The current price schedule, as determined by the term remaining for the Reserved Instance in the listing.

              A specific price schedule is always in effect, but only one price schedule can be active at any time. Take, for example, a Reserved Instance listing that has five months remaining in its term. When you specify price schedules for five months and two months, this means that schedule 1, covering the first three months of the remaining term, will be active during months 5, 4, and 3. Then schedule 2, covering the last two months of the term, will be active for months 2 and 1.

            • CurrencyCode (string) --

              The currency for transacting the Reserved Instance resale. At this time, the only supported currency is USD .

            • Price (float) --

              The fixed price for the term.

            • Term (integer) --

              The number of months remaining in the reservation. For example, 2 is the second to the last month before the capacity reservation expires.

        • ReservedInstancesId (string) --

          The ID of the Reserved Instance.

        • ReservedInstancesListingId (string) --

          The ID of the Reserved Instance listing.

        • Status (string) --

          The status of the Reserved Instance listing.

        • StatusMessage (string) --

          The reason for the current status of the Reserved Instance listing. The response can be blank.

        • Tags (list) --

          Any tags assigned to the resource.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

        • UpdateDate (datetime) --

          The last modified timestamp of the listing.

cancel_spot_fleet_requests(**kwargs)

Cancels the specified Spot Fleet requests.

After you cancel a Spot Fleet request, the Spot Fleet launches no new Spot Instances. You must specify whether the Spot Fleet should also terminate its Spot Instances. If you terminate the instances, the Spot Fleet request enters the cancelled_terminating state. Otherwise, the Spot Fleet request enters the cancelled_running state and the instances continue to run until they are interrupted or you terminate them manually.

See also: AWS API Documentation

Request Syntax

response = client.cancel_spot_fleet_requests(
    DryRun=True|False,
    SpotFleetRequestIds=[
        'string',
    ],
    TerminateInstances=True|False
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • SpotFleetRequestIds (list) --

    [REQUIRED]

    The IDs of the Spot Fleet requests.

    • (string) --
  • TerminateInstances (boolean) --

    [REQUIRED]

    Indicates whether to terminate instances for a Spot Fleet request if it is canceled successfully.

Return type

dict

Returns

Response Syntax

{
    'SuccessfulFleetRequests': [
        {
            'CurrentSpotFleetRequestState': 'submitted'|'active'|'cancelled'|'failed'|'cancelled_running'|'cancelled_terminating'|'modifying',
            'PreviousSpotFleetRequestState': 'submitted'|'active'|'cancelled'|'failed'|'cancelled_running'|'cancelled_terminating'|'modifying',
            'SpotFleetRequestId': 'string'
        },
    ],
    'UnsuccessfulFleetRequests': [
        {
            'Error': {
                'Code': 'fleetRequestIdDoesNotExist'|'fleetRequestIdMalformed'|'fleetRequestNotInCancellableState'|'unexpectedError',
                'Message': 'string'
            },
            'SpotFleetRequestId': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    Contains the output of CancelSpotFleetRequests.

    • SuccessfulFleetRequests (list) --

      Information about the Spot Fleet requests that are successfully canceled.

      • (dict) --

        Describes a Spot Fleet request that was successfully canceled.

        • CurrentSpotFleetRequestState (string) --

          The current state of the Spot Fleet request.

        • PreviousSpotFleetRequestState (string) --

          The previous state of the Spot Fleet request.

        • SpotFleetRequestId (string) --

          The ID of the Spot Fleet request.

    • UnsuccessfulFleetRequests (list) --

      Information about the Spot Fleet requests that are not successfully canceled.

      • (dict) --

        Describes a Spot Fleet request that was not successfully canceled.

        • Error (dict) --

          The error.

          • Code (string) --

            The error code.

          • Message (string) --

            The description for the error code.

        • SpotFleetRequestId (string) --

          The ID of the Spot Fleet request.

Examples

This example cancels the specified Spot fleet request and terminates its associated Spot Instances.

response = client.cancel_spot_fleet_requests(
    SpotFleetRequestIds=[
        'sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE',
    ],
    TerminateInstances=True,
)

print(response)

Expected Output:

{
    'SuccessfulFleetRequests': [
        {
            'CurrentSpotFleetRequestState': 'cancelled_running',
            'PreviousSpotFleetRequestState': 'active',
            'SpotFleetRequestId': 'sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE',
        },
    ],
    'ResponseMetadata': {
        '...': '...',
    },
}

This example cancels the specified Spot fleet request without terminating its associated Spot Instances.

response = client.cancel_spot_fleet_requests(
    SpotFleetRequestIds=[
        'sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE',
    ],
    TerminateInstances=False,
)

print(response)

Expected Output:

{
    'SuccessfulFleetRequests': [
        {
            'CurrentSpotFleetRequestState': 'cancelled_terminating',
            'PreviousSpotFleetRequestState': 'active',
            'SpotFleetRequestId': 'sfr-73fbd2ce-aa30-494c-8788-1cee4EXAMPLE',
        },
    ],
    'ResponseMetadata': {
        '...': '...',
    },
}
cancel_spot_instance_requests(**kwargs)

Cancels one or more Spot Instance requests.

Warning

Canceling a Spot Instance request does not terminate running Spot Instances associated with the request.

See also: AWS API Documentation

Request Syntax

response = client.cancel_spot_instance_requests(
    DryRun=True|False,
    SpotInstanceRequestIds=[
        'string',
    ]
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • SpotInstanceRequestIds (list) --

    [REQUIRED]

    One or more Spot Instance request IDs.

    • (string) --
Return type

dict

Returns

Response Syntax

{
    'CancelledSpotInstanceRequests': [
        {
            'SpotInstanceRequestId': 'string',
            'State': 'active'|'open'|'closed'|'cancelled'|'completed'
        },
    ]
}

Response Structure

  • (dict) --

    Contains the output of CancelSpotInstanceRequests.

    • CancelledSpotInstanceRequests (list) --

      One or more Spot Instance requests.

      • (dict) --

        Describes a request to cancel a Spot Instance.

        • SpotInstanceRequestId (string) --

          The ID of the Spot Instance request.

        • State (string) --

          The state of the Spot Instance request.

Examples

This example cancels a Spot Instance request.

response = client.cancel_spot_instance_requests(
    SpotInstanceRequestIds=[
        'sir-08b93456',
    ],
)

print(response)

Expected Output:

{
    'CancelledSpotInstanceRequests': [
        {
            'SpotInstanceRequestId': 'sir-08b93456',
            'State': 'cancelled',
        },
    ],
    'ResponseMetadata': {
        '...': '...',
    },
}
confirm_product_instance(**kwargs)

Determines whether a product code is associated with an instance. This action can only be used by the owner of the product code. It is useful when a product code owner must verify whether another user's instance is eligible for support.

See also: AWS API Documentation

Request Syntax

response = client.confirm_product_instance(
    InstanceId='string',
    ProductCode='string',
    DryRun=True|False
)
Parameters
  • InstanceId (string) --

    [REQUIRED]

    The ID of the instance.

  • ProductCode (string) --

    [REQUIRED]

    The product code. This must be a product code that you own.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'OwnerId': 'string',
    'Return': True|False
}

Response Structure

  • (dict) --

    • OwnerId (string) --

      The Amazon Web Services account ID of the instance owner. This is only present if the product code is attached to the instance.

    • Return (boolean) --

      The return value of the request. Returns true if the specified product code is owned by the requester and associated with the specified instance.

Examples

This example determines whether the specified product code is associated with the specified instance.

response = client.confirm_product_instance(
    InstanceId='i-1234567890abcdef0',
    ProductCode='774F4FF8',
)

print(response)

Expected Output:

{
    'OwnerId': '123456789012',
    'ResponseMetadata': {
        '...': '...',
    },
}
copy_fpga_image(**kwargs)

Copies the specified Amazon FPGA Image (AFI) to the current Region.

See also: AWS API Documentation

Request Syntax

response = client.copy_fpga_image(
    DryRun=True|False,
    SourceFpgaImageId='string',
    Description='string',
    Name='string',
    SourceRegion='string',
    ClientToken='string'
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • SourceFpgaImageId (string) --

    [REQUIRED]

    The ID of the source AFI.

  • Description (string) -- The description for the new AFI.
  • Name (string) -- The name for the new AFI. The default is the name of the source AFI.
  • SourceRegion (string) --

    [REQUIRED]

    The Region that contains the source AFI.

  • ClientToken (string) -- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency .
Return type

dict

Returns

Response Syntax

{
    'FpgaImageId': 'string'
}

Response Structure

  • (dict) --

    • FpgaImageId (string) --

      The ID of the new AFI.

copy_image(**kwargs)

Initiates the copy of an AMI. You can copy an AMI from one Region to another, or from a Region to an Outpost. You can't copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost. To copy an AMI to another partition, see CreateStoreImageTask .

To copy an AMI from one Region to another, specify the source Region using the SourceRegion parameter, and specify the destination Region using its endpoint. Copies of encrypted backing snapshots for the AMI are encrypted. Copies of unencrypted backing snapshots remain unencrypted, unless you set Encrypted during the copy operation. You cannot create an unencrypted copy of an encrypted backing snapshot.

To copy an AMI from a Region to an Outpost, specify the source Region using the SourceRegion parameter, and specify the ARN of the destination Outpost using DestinationOutpostArn . Backing snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId . Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide .

For more information about the prerequisites and limits when copying an AMI, see Copying an AMI in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.copy_image(
    ClientToken='string',
    Description='string',
    Encrypted=True|False,
    KmsKeyId='string',
    Name='string',
    SourceImageId='string',
    SourceRegion='string',
    DestinationOutpostArn='string',
    DryRun=True|False
)
Parameters
  • ClientToken (string) -- Unique, case-sensitive identifier you provide to ensure idempotency of the request. For more information, see Ensuring idempotency in the Amazon EC2 API Reference .
  • Description (string) -- A description for the new AMI in the destination Region.
  • Encrypted (boolean) -- Specifies whether the destination snapshots of the copied image should be encrypted. You can encrypt a copy of an unencrypted snapshot, but you cannot create an unencrypted copy of an encrypted snapshot. The default KMS key for Amazon EBS is used unless you specify a non-default Key Management Service (KMS) KMS key using KmsKeyId . For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide .
  • KmsKeyId (string) --

    The identifier of the symmetric Key Management Service (KMS) KMS key to use when creating encrypted volumes. If this parameter is not specified, your Amazon Web Services managed KMS key for Amazon EBS is used. If you specify a KMS key, you must also set the encrypted state to true .

    You can specify a KMS key using any of the following:

    • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
    • Key alias. For example, alias/ExampleAlias.
    • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.
    • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

    Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an identifier that is not valid, the action can appear to complete, but eventually fails.

    The specified KMS key must exist in the destination Region.

    Amazon EBS does not support asymmetric KMS keys.

  • Name (string) --

    [REQUIRED]

    The name of the new AMI in the destination Region.

  • SourceImageId (string) --

    [REQUIRED]

    The ID of the AMI to copy.

  • SourceRegion (string) --

    [REQUIRED]

    The name of the Region that contains the AMI to copy.

  • DestinationOutpostArn (string) --

    The Amazon Resource Name (ARN) of the Outpost to which to copy the AMI. Only specify this parameter when copying an AMI from an Amazon Web Services Region to an Outpost. The AMI must be in the Region of the destination Outpost. You cannot copy an AMI from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

    For more information, see Copying AMIs from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide .

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'ImageId': 'string'
}

Response Structure

  • (dict) --

    Contains the output of CopyImage.

    • ImageId (string) --

      The ID of the new AMI.

Examples

This example copies the specified AMI from the us-east-1 region to the current region.

response = client.copy_image(
    Description='',
    Name='My server',
    SourceImageId='ami-5731123e',
    SourceRegion='us-east-1',
)

print(response)

Expected Output:

{
    'ImageId': 'ami-438bea42',
    'ResponseMetadata': {
        '...': '...',
    },
}
copy_snapshot(**kwargs)

Copies a point-in-time snapshot of an EBS volume and stores it in Amazon S3. You can copy a snapshot within the same Region, from one Region to another, or from a Region to an Outpost. You can't copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

You can use the snapshot to create EBS volumes or Amazon Machine Images (AMIs).

When copying snapshots to a Region, copies of encrypted EBS snapshots remain encrypted. Copies of unencrypted snapshots remain unencrypted, unless you enable encryption for the snapshot copy operation. By default, encrypted snapshot copies use the default Key Management Service (KMS) KMS key; however, you can specify a different KMS key. To copy an encrypted snapshot that has been shared from another account, you must have permissions for the KMS key used to encrypt the snapshot.

Snapshots copied to an Outpost are encrypted by default using the default encryption key for the Region, or a different key that you specify in the request using KmsKeyId . Outposts do not support unencrypted snapshots. For more information, Amazon EBS local snapshots on Outposts in the Amazon Elastic Compute Cloud User Guide .

Snapshots created by copying another snapshot have an arbitrary volume ID that should not be used for any purpose.

For more information, see Copy an Amazon EBS snapshot in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.copy_snapshot(
    Description='string',
    DestinationOutpostArn='string',
    Encrypted=True|False,
    KmsKeyId='string',
    SourceRegion='string',
    SourceSnapshotId='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DryRun=True|False
)
Parameters
  • Description (string) -- A description for the EBS snapshot.
  • DestinationOutpostArn (string) --

    The Amazon Resource Name (ARN) of the Outpost to which to copy the snapshot. Only specify this parameter when copying a snapshot from an Amazon Web Services Region to an Outpost. The snapshot must be in the Region for the destination Outpost. You cannot copy a snapshot from an Outpost to a Region, from one Outpost to another, or within the same Outpost.

    For more information, see Copy snapshots from an Amazon Web Services Region to an Outpost in the Amazon Elastic Compute Cloud User Guide .

  • DestinationRegion (string) --

    The destination Region to use in the PresignedUrl parameter of a snapshot copy operation. This parameter is only valid for specifying the destination Region in a PresignedUrl parameter, where it is required.

    The snapshot copy is sent to the regional endpoint that you sent the HTTP request to (for example, ec2.us-east-1.amazonaws.com ). With the CLI, this is specified using the --region parameter or the default Region in your Amazon Web Services configuration file.

    Please note that this parameter is automatically populated if it is not provided. Including this parameter is not required
  • Encrypted (boolean) -- To encrypt a copy of an unencrypted snapshot if encryption by default is not enabled, enable encryption using this parameter. Otherwise, omit this parameter. Encrypted snapshots are encrypted, even if you omit this parameter and encryption by default is not enabled. You cannot set this parameter to false. For more information, see Amazon EBS encryption in the Amazon Elastic Compute Cloud User Guide .
  • KmsKeyId (string) --

    The identifier of the Key Management Service (KMS) KMS key to use for Amazon EBS encryption. If this parameter is not specified, your KMS key for Amazon EBS is used. If KmsKeyId is specified, the encrypted state must be true .

    You can specify the KMS key using any of the following:

    • Key ID. For example, 1234abcd-12ab-34cd-56ef-1234567890ab.
    • Key alias. For example, alias/ExampleAlias.
    • Key ARN. For example, arn:aws:kms:us-east-1:012345678910:key/1234abcd-12ab-34cd-56ef-1234567890ab.
    • Alias ARN. For example, arn:aws:kms:us-east-1:012345678910:alias/ExampleAlias.

    Amazon Web Services authenticates the KMS key asynchronously. Therefore, if you specify an ID, alias, or ARN that is not valid, the action can appear to complete, but eventually fails.

  • PresignedUrl (string) --

    When you copy an encrypted source snapshot using the Amazon EC2 Query API, you must supply a pre-signed URL. This parameter is optional for unencrypted snapshots. For more information, see Query requests .

    The PresignedUrl should use the snapshot source endpoint, the CopySnapshot action, and include the SourceRegion , SourceSnapshotId , and DestinationRegion parameters. The PresignedUrl must be signed using Amazon Web Services Signature Version 4. Because EBS snapshots are stored in Amazon S3, the signing algorithm for this parameter uses the same logic that is described in Authenticating Requests: Using Query Parameters (Amazon Web Services Signature Version 4) in the Amazon Simple Storage Service API Reference . An invalid or improperly signed PresignedUrl will cause the copy operation to fail asynchronously, and the snapshot will move to an error state.

    Please note that this parameter is automatically populated if it is not provided. Including this parameter is not required
  • SourceRegion (string) --

    [REQUIRED]

    The ID of the Region that contains the snapshot to be copied.

  • SourceSnapshotId (string) --

    [REQUIRED]

    The ID of the EBS snapshot to copy.

  • TagSpecifications (list) --

    The tags to apply to the new snapshot.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'SnapshotId': 'string',
    'Tags': [
        {
            'Key': 'string',
            'Value': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • SnapshotId (string) --

      The ID of the new snapshot.

    • Tags (list) --

      Any tags applied to the new snapshot.

      • (dict) --

        Describes a tag.

        • Key (string) --

          The key of the tag.

          Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

        • Value (string) --

          The value of the tag.

          Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Examples

This example copies a snapshot with the snapshot ID of snap-066877671789bd71b from the us-west-2 region to the us-east-1 region and adds a short description to identify the snapshot.

response = client.copy_snapshot(
    Description='This is my copied snapshot.',
    DestinationRegion='us-east-1',
    SourceRegion='us-west-2',
    SourceSnapshotId='snap-066877671789bd71b',
)

print(response)

Expected Output:

{
    'SnapshotId': 'snap-066877671789bd71b',
    'ResponseMetadata': {
        '...': '...',
    },
}
create_capacity_reservation(**kwargs)

Creates a new Capacity Reservation with the specified attributes.

Capacity Reservations enable you to reserve capacity for your Amazon EC2 instances in a specific Availability Zone for any duration. This gives you the flexibility to selectively add capacity reservations and still get the Regional RI discounts for that usage. By creating Capacity Reservations, you ensure that you always have access to Amazon EC2 capacity when you need it, for as long as you need it. For more information, see Capacity Reservations in the Amazon EC2 User Guide .

Your request to create a Capacity Reservation could fail if Amazon EC2 does not have sufficient capacity to fulfill the request. If your request fails due to Amazon EC2 capacity constraints, either try again at a later time, try in a different Availability Zone, or request a smaller capacity reservation. If your application is flexible across instance types and sizes, try to create a Capacity Reservation with different instance attributes.

Your request could also fail if the requested quantity exceeds your On-Demand Instance limit for the selected instance type. If your request fails due to limit constraints, increase your On-Demand Instance limit for the required instance type and try again. For more information about increasing your instance limits, see Amazon EC2 Service Quotas in the Amazon EC2 User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_capacity_reservation(
    ClientToken='string',
    InstanceType='string',
    InstancePlatform='Linux/UNIX'|'Red Hat Enterprise Linux'|'SUSE Linux'|'Windows'|'Windows with SQL Server'|'Windows with SQL Server Enterprise'|'Windows with SQL Server Standard'|'Windows with SQL Server Web'|'Linux with SQL Server Standard'|'Linux with SQL Server Web'|'Linux with SQL Server Enterprise',
    AvailabilityZone='string',
    AvailabilityZoneId='string',
    Tenancy='default'|'dedicated',
    InstanceCount=123,
    EbsOptimized=True|False,
    EphemeralStorage=True|False,
    EndDate=datetime(2015, 1, 1),
    EndDateType='unlimited'|'limited',
    InstanceMatchCriteria='open'|'targeted',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DryRun=True|False,
    OutpostArn='string'
)
Parameters
  • ClientToken (string) -- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensure Idempotency .
  • InstanceType (string) --

    [REQUIRED]

    The instance type for which to reserve capacity. For more information, see Instance types in the Amazon EC2 User Guide .

  • InstancePlatform (string) --

    [REQUIRED]

    The type of operating system for which to reserve capacity.

  • AvailabilityZone (string) -- The Availability Zone in which to create the Capacity Reservation.
  • AvailabilityZoneId (string) -- The ID of the Availability Zone in which to create the Capacity Reservation.
  • Tenancy (string) --

    Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

    • default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.
    • dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.
  • InstanceCount (integer) --

    [REQUIRED]

    The number of instances for which to reserve capacity.

    Valid range: 1 - 1000

  • EbsOptimized (boolean) -- Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance.
  • EphemeralStorage (boolean) -- Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.
  • EndDate (datetime) --

    The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to expired when it reaches its end date and time.

    You must provide an EndDate value if EndDateType is limited . Omit EndDate if EndDateType is unlimited .

    If the EndDateType is limited , the Capacity Reservation is cancelled within an hour from the specified time. For example, if you specify 5/31/2019, 13:30:55, the Capacity Reservation is guaranteed to end between 13:30:55 and 14:30:55 on 5/31/2019.

  • EndDateType (string) --

    Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

    • unlimited - The Capacity Reservation remains active until you explicitly cancel it. Do not provide an EndDate if the EndDateType is unlimited .
    • limited - The Capacity Reservation expires automatically at a specified date and time. You must provide an EndDate value if the EndDateType value is limited .
  • InstanceMatchCriteria (string) --

    Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

    • open - The Capacity Reservation automatically matches all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes run in the Capacity Reservation automatically without specifying any additional parameters.
    • targeted - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.

    Default: open

  • TagSpecifications (list) --

    The tags to apply to the Capacity Reservation during launch.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • OutpostArn (string) -- The Amazon Resource Name (ARN) of the Outpost on which to create the Capacity Reservation.
Return type

dict

Returns

Response Syntax

{
    'CapacityReservation': {
        'CapacityReservationId': 'string',
        'OwnerId': 'string',
        'CapacityReservationArn': 'string',
        'AvailabilityZoneId': 'string',
        'InstanceType': 'string',
        'InstancePlatform': 'Linux/UNIX'|'Red Hat Enterprise Linux'|'SUSE Linux'|'Windows'|'Windows with SQL Server'|'Windows with SQL Server Enterprise'|'Windows with SQL Server Standard'|'Windows with SQL Server Web'|'Linux with SQL Server Standard'|'Linux with SQL Server Web'|'Linux with SQL Server Enterprise',
        'AvailabilityZone': 'string',
        'Tenancy': 'default'|'dedicated',
        'TotalInstanceCount': 123,
        'AvailableInstanceCount': 123,
        'EbsOptimized': True|False,
        'EphemeralStorage': True|False,
        'State': 'active'|'expired'|'cancelled'|'pending'|'failed',
        'StartDate': datetime(2015, 1, 1),
        'EndDate': datetime(2015, 1, 1),
        'EndDateType': 'unlimited'|'limited',
        'InstanceMatchCriteria': 'open'|'targeted',
        'CreateDate': datetime(2015, 1, 1),
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'OutpostArn': 'string'
    }
}

Response Structure

  • (dict) --

    • CapacityReservation (dict) --

      Information about the Capacity Reservation.

      • CapacityReservationId (string) --

        The ID of the Capacity Reservation.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the Capacity Reservation.

      • CapacityReservationArn (string) --

        The Amazon Resource Name (ARN) of the Capacity Reservation.

      • AvailabilityZoneId (string) --

        The Availability Zone ID of the Capacity Reservation.

      • InstanceType (string) --

        The type of instance for which the Capacity Reservation reserves capacity.

      • InstancePlatform (string) --

        The type of operating system for which the Capacity Reservation reserves capacity.

      • AvailabilityZone (string) --

        The Availability Zone in which the capacity is reserved.

      • Tenancy (string) --

        Indicates the tenancy of the Capacity Reservation. A Capacity Reservation can have one of the following tenancy settings:

        • default - The Capacity Reservation is created on hardware that is shared with other Amazon Web Services accounts.
        • dedicated - The Capacity Reservation is created on single-tenant hardware that is dedicated to a single Amazon Web Services account.
      • TotalInstanceCount (integer) --

        The total number of instances for which the Capacity Reservation reserves capacity.

      • AvailableInstanceCount (integer) --

        The remaining capacity. Indicates the number of instances that can be launched in the Capacity Reservation.

      • EbsOptimized (boolean) --

        Indicates whether the Capacity Reservation supports EBS-optimized instances. This optimization provides dedicated throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This optimization isn't available with all instance types. Additional usage charges apply when using an EBS- optimized instance.

      • EphemeralStorage (boolean) --

        Indicates whether the Capacity Reservation supports instances with temporary, block-level storage.

      • State (string) --

        The current state of the Capacity Reservation. A Capacity Reservation can be in one of the following states:

        • active - The Capacity Reservation is active and the capacity is available for your use.
        • expired - The Capacity Reservation expired automatically at the date and time specified in your request. The reserved capacity is no longer available for your use.
        • cancelled - The Capacity Reservation was cancelled. The reserved capacity is no longer available for your use.
        • pending - The Capacity Reservation request was successful but the capacity provisioning is still pending.
        • failed - The Capacity Reservation request has failed. A request might fail due to invalid request parameters, capacity constraints, or instance limit constraints. Failed requests are retained for 60 minutes.
      • StartDate (datetime) --

        The date and time at which the Capacity Reservation was started.

      • EndDate (datetime) --

        The date and time at which the Capacity Reservation expires. When a Capacity Reservation expires, the reserved capacity is released and you can no longer launch instances into it. The Capacity Reservation's state changes to expired when it reaches its end date and time.

      • EndDateType (string) --

        Indicates the way in which the Capacity Reservation ends. A Capacity Reservation can have one of the following end types:

        • unlimited - The Capacity Reservation remains active until you explicitly cancel it.
        • limited - The Capacity Reservation expires automatically at a specified date and time.
      • InstanceMatchCriteria (string) --

        Indicates the type of instance launches that the Capacity Reservation accepts. The options include:

        • open - The Capacity Reservation accepts all instances that have matching attributes (instance type, platform, and Availability Zone). Instances that have matching attributes launch into the Capacity Reservation automatically without specifying any additional parameters.
        • targeted - The Capacity Reservation only accepts instances that have matching attributes (instance type, platform, and Availability Zone), and explicitly target the Capacity Reservation. This ensures that only permitted instances can use the reserved capacity.
      • CreateDate (datetime) --

        The date and time at which the Capacity Reservation was created.

      • Tags (list) --

        Any tags assigned to the Capacity Reservation.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

      • OutpostArn (string) --

        The Amazon Resource Name (ARN) of the Outpost on which the Capacity Reservation was created.

create_carrier_gateway(**kwargs)

Creates a carrier gateway. For more information about carrier gateways, see Carrier gateways in the Amazon Web Services Wavelength Developer Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_carrier_gateway(
    VpcId='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DryRun=True|False,
    ClientToken='string'
)
Parameters
  • VpcId (string) --

    [REQUIRED]

    The ID of the VPC to associate with the carrier gateway.

  • TagSpecifications (list) --

    The tags to associate with the carrier gateway.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ClientToken (string) --

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency .

    This field is autopopulated if not provided.

Return type

dict

Returns

Response Syntax

{
    'CarrierGateway': {
        'CarrierGatewayId': 'string',
        'VpcId': 'string',
        'State': 'pending'|'available'|'deleting'|'deleted',
        'OwnerId': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • CarrierGateway (dict) --

      Information about the carrier gateway.

      • CarrierGatewayId (string) --

        The ID of the carrier gateway.

      • VpcId (string) --

        The ID of the VPC associated with the carrier gateway.

      • State (string) --

        The state of the carrier gateway.

      • OwnerId (string) --

        The Amazon Web Services account ID of the owner of the carrier gateway.

      • Tags (list) --

        The tags assigned to the carrier gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

create_client_vpn_endpoint(**kwargs)

Creates a Client VPN endpoint. A Client VPN endpoint is the resource you create and configure to enable and manage client VPN sessions. It is the destination endpoint at which all client VPN sessions are terminated.

See also: AWS API Documentation

Request Syntax

response = client.create_client_vpn_endpoint(
    ClientCidrBlock='string',
    ServerCertificateArn='string',
    AuthenticationOptions=[
        {
            'Type': 'certificate-authentication'|'directory-service-authentication'|'federated-authentication',
            'ActiveDirectory': {
                'DirectoryId': 'string'
            },
            'MutualAuthentication': {
                'ClientRootCertificateChainArn': 'string'
            },
            'FederatedAuthentication': {
                'SAMLProviderArn': 'string',
                'SelfServiceSAMLProviderArn': 'string'
            }
        },
    ],
    ConnectionLogOptions={
        'Enabled': True|False,
        'CloudwatchLogGroup': 'string',
        'CloudwatchLogStream': 'string'
    },
    DnsServers=[
        'string',
    ],
    TransportProtocol='tcp'|'udp',
    VpnPort=123,
    Description='string',
    SplitTunnel=True|False,
    DryRun=True|False,
    ClientToken='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    SecurityGroupIds=[
        'string',
    ],
    VpcId='string',
    SelfServicePortal='enabled'|'disabled',
    ClientConnectOptions={
        'Enabled': True|False,
        'LambdaFunctionArn': 'string'
    }
)
Parameters
  • ClientCidrBlock (string) --

    [REQUIRED]

    The IPv4 address range, in CIDR notation, from which to assign client IP addresses. The address range cannot overlap with the local CIDR of the VPC in which the associated subnet is located, or the routes that you add manually. The address range cannot be changed after the Client VPN endpoint has been created. The CIDR block should be /22 or greater.

  • ServerCertificateArn (string) --

    [REQUIRED]

    The ARN of the server certificate. For more information, see the Certificate Manager User Guide .

  • AuthenticationOptions (list) --

    [REQUIRED]

    Information about the authentication method to be used to authenticate clients.

    • (dict) --

      Describes the authentication method to be used by a Client VPN endpoint. For more information, see Authentication in the Client VPN Administrator Guide .

      • Type (string) --

        The type of client authentication to be used.

      • ActiveDirectory (dict) --

        Information about the Active Directory to be used, if applicable. You must provide this information if Type is directory-service-authentication .

        • DirectoryId (string) --

          The ID of the Active Directory to be used for authentication.

      • MutualAuthentication (dict) --

        Information about the authentication certificates to be used, if applicable. You must provide this information if Type is certificate-authentication .

        • ClientRootCertificateChainArn (string) --

          The ARN of the client certificate. The certificate must be signed by a certificate authority (CA) and it must be provisioned in Certificate Manager (ACM).

      • FederatedAuthentication (dict) --

        Information about the IAM SAML identity provider to be used, if applicable. You must provide this information if Type is federated-authentication .

        • SAMLProviderArn (string) --

          The Amazon Resource Name (ARN) of the IAM SAML identity provider.

        • SelfServiceSAMLProviderArn (string) --

          The Amazon Resource Name (ARN) of the IAM SAML identity provider for the self-service portal.

  • ConnectionLogOptions (dict) --

    [REQUIRED]

    Information about the client connection logging options.

    If you enable client connection logging, data about client connections is sent to a Cloudwatch Logs log stream. The following information is logged:

    • Client connection requests
    • Client connection results (successful and unsuccessful)
    • Reasons for unsuccessful client connection requests
    • Client connection termination time
    • Enabled (boolean) --

      Indicates whether connection logging is enabled.

    • CloudwatchLogGroup (string) --

      The name of the CloudWatch Logs log group. Required if connection logging is enabled.

    • CloudwatchLogStream (string) --

      The name of the CloudWatch Logs log stream to which the connection data is published.

  • DnsServers (list) --

    Information about the DNS servers to be used for DNS resolution. A Client VPN endpoint can have up to two DNS servers. If no DNS server is specified, the DNS address configured on the device is used for the DNS server.

    • (string) --
  • TransportProtocol (string) --

    The transport protocol to be used by the VPN session.

    Default value: udp

  • VpnPort (integer) --

    The port number to assign to the Client VPN endpoint for TCP and UDP traffic.

    Valid Values: 443 | 1194

    Default Value: 443

  • Description (string) -- A brief description of the Client VPN endpoint.
  • SplitTunnel (boolean) --

    Indicates whether split-tunnel is enabled on the Client VPN endpoint.

    By default, split-tunnel on a VPN endpoint is disabled.

    For information about split-tunnel VPN endpoints, see Split-tunnel Client VPN endpoint in the Client VPN Administrator Guide .

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ClientToken (string) --

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency .

    This field is autopopulated if not provided.

  • TagSpecifications (list) --

    The tags to apply to the Client VPN endpoint during creation.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • SecurityGroupIds (list) --

    The IDs of one or more security groups to apply to the target network. You must also specify the ID of the VPC that contains the security groups.

    • (string) --
  • VpcId (string) -- The ID of the VPC to associate with the Client VPN endpoint. If no security group IDs are specified in the request, the default security group for the VPC is applied.
  • SelfServicePortal (string) --

    Specify whether to enable the self-service portal for the Client VPN endpoint.

    Default Value: enabled

  • ClientConnectOptions (dict) --

    The options for managing connection authorization for new client connections.

    • Enabled (boolean) --

      Indicates whether client connect options are enabled. The default is false (not enabled).

    • LambdaFunctionArn (string) --

      The Amazon Resource Name (ARN) of the Lambda function used for connection authorization.

Return type

dict

Returns

Response Syntax

{
    'ClientVpnEndpointId': 'string',
    'Status': {
        'Code': 'pending-associate'|'available'|'deleting'|'deleted',
        'Message': 'string'
    },
    'DnsName': 'string'
}

Response Structure

  • (dict) --

    • ClientVpnEndpointId (string) --

      The ID of the Client VPN endpoint.

    • Status (dict) --

      The current state of the Client VPN endpoint.

      • Code (string) --

        The state of the Client VPN endpoint. Possible states include:

        • pending-associate - The Client VPN endpoint has been created but no target networks have been associated. The Client VPN endpoint cannot accept connections.
        • available - The Client VPN endpoint has been created and a target network has been associated. The Client VPN endpoint can accept connections.
        • deleting - The Client VPN endpoint is being deleted. The Client VPN endpoint cannot accept connections.
        • deleted - The Client VPN endpoint has been deleted. The Client VPN endpoint cannot accept connections.
      • Message (string) --

        A message about the status of the Client VPN endpoint.

    • DnsName (string) --

      The DNS name to be used by clients when establishing their VPN session.

create_client_vpn_route(**kwargs)

Adds a route to a network to a Client VPN endpoint. Each Client VPN endpoint has a route table that describes the available destination network routes. Each route in the route table specifies the path for traffic to specific resources or networks.

See also: AWS API Documentation

Request Syntax

response = client.create_client_vpn_route(
    ClientVpnEndpointId='string',
    DestinationCidrBlock='string',
    TargetVpcSubnetId='string',
    Description='string',
    ClientToken='string',
    DryRun=True|False
)
Parameters
  • ClientVpnEndpointId (string) --

    [REQUIRED]

    The ID of the Client VPN endpoint to which to add the route.

  • DestinationCidrBlock (string) --

    [REQUIRED]

    The IPv4 address range, in CIDR notation, of the route destination. For example:

    • To add a route for Internet access, enter 0.0.0.0/0
    • To add a route for a peered VPC, enter the peered VPC's IPv4 CIDR range
    • To add a route for an on-premises network, enter the Amazon Web Services Site-to-Site VPN connection's IPv4 CIDR range
    • To add a route for the local network, enter the client CIDR range
  • TargetVpcSubnetId (string) --

    [REQUIRED]

    The ID of the subnet through which you want to route traffic. The specified subnet must be an existing target network of the Client VPN endpoint.

    Alternatively, if you're adding a route for the local network, specify local .

  • Description (string) -- A brief description of the route.
  • ClientToken (string) --

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency .

    This field is autopopulated if not provided.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'Status': {
        'Code': 'creating'|'active'|'failed'|'deleting',
        'Message': 'string'
    }
}

Response Structure

  • (dict) --

    • Status (dict) --

      The current state of the route.

      • Code (string) --

        The state of the Client VPN endpoint route.

      • Message (string) --

        A message about the status of the Client VPN endpoint route, if applicable.

create_customer_gateway(**kwargs)

Provides information to Amazon Web Services about your VPN customer gateway device. The customer gateway is the appliance at your end of the VPN connection. (The device on the Amazon Web Services side of the VPN connection is the virtual private gateway.) You must provide the internet-routable IP address of the customer gateway's external interface. The IP address must be static and can be behind a device performing network address translation (NAT).

For devices that use Border Gateway Protocol (BGP), you can also provide the device's BGP Autonomous System Number (ASN). You can use an existing ASN assigned to your network. If you don't have an ASN already, you can use a private ASN (in the 64512 - 65534 range).

Note

Amazon EC2 supports all 4-byte ASN numbers in the range of 1 - 2147483647, with the exception of the following:

  • 7224 - reserved in the us-east-1 Region
  • 9059 - reserved in the eu-west-1 Region
  • 17943 - reserved in the ap-southeast-1 Region
  • 10124 - reserved in the ap-northeast-1 Region

For more information, see Amazon Web Services Site-to-Site VPN in the Amazon Web Services Site-to-Site VPN User Guide .

Warning

To create more than one customer gateway with the same VPN type, IP address, and BGP ASN, specify a unique device name for each customer gateway. Identical requests return information about the existing customer gateway and do not create new customer gateways.

See also: AWS API Documentation

Request Syntax

response = client.create_customer_gateway(
    BgpAsn=123,
    PublicIp='string',
    CertificateArn='string',
    Type='ipsec.1',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DeviceName='string',
    DryRun=True|False
)
Parameters
  • BgpAsn (integer) --

    [REQUIRED]

    For devices that support BGP, the customer gateway's BGP ASN.

    Default: 65000

  • PublicIp (string) -- The Internet-routable IP address for the customer gateway's outside interface. The address must be static.
  • CertificateArn (string) -- The Amazon Resource Name (ARN) for the customer gateway certificate.
  • Type (string) --

    [REQUIRED]

    The type of VPN connection that this customer gateway supports (ipsec.1 ).

  • TagSpecifications (list) --

    The tags to apply to the customer gateway.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • DeviceName (string) --

    A name for the customer gateway device.

    Length Constraints: Up to 255 characters.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'CustomerGateway': {
        'BgpAsn': 'string',
        'CustomerGatewayId': 'string',
        'IpAddress': 'string',
        'CertificateArn': 'string',
        'State': 'string',
        'Type': 'string',
        'DeviceName': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    Contains the output of CreateCustomerGateway.

    • CustomerGateway (dict) --

      Information about the customer gateway.

      • BgpAsn (string) --

        The customer gateway's Border Gateway Protocol (BGP) Autonomous System Number (ASN).

      • CustomerGatewayId (string) --

        The ID of the customer gateway.

      • IpAddress (string) --

        The Internet-routable IP address of the customer gateway's outside interface.

      • CertificateArn (string) --

        The Amazon Resource Name (ARN) for the customer gateway certificate.

      • State (string) --

        The current state of the customer gateway (pending | available | deleting | deleted ).

      • Type (string) --

        The type of VPN connection the customer gateway supports (ipsec.1 ).

      • DeviceName (string) --

        The name of customer gateway device.

      • Tags (list) --

        Any tags assigned to the customer gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Examples

This example creates a customer gateway with the specified IP address for its outside interface.

response = client.create_customer_gateway(
    BgpAsn=65534,
    PublicIp='12.1.2.3',
    Type='ipsec.1',
)

print(response)

Expected Output:

{
    'CustomerGateway': {
        'BgpAsn': '65534',
        'CustomerGatewayId': 'cgw-0e11f167',
        'IpAddress': '12.1.2.3',
        'State': 'available',
        'Type': 'ipsec.1',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}
create_default_subnet(**kwargs)

Creates a default subnet with a size /20 IPv4 CIDR block in the specified Availability Zone in your default VPC. You can have only one default subnet per Availability Zone. For more information, see Creating a default subnet in the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_default_subnet(
    AvailabilityZone='string',
    DryRun=True|False
)
Parameters
  • AvailabilityZone (string) --

    [REQUIRED]

    The Availability Zone in which to create the default subnet.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'Subnet': {
        'AvailabilityZone': 'string',
        'AvailabilityZoneId': 'string',
        'AvailableIpAddressCount': 123,
        'CidrBlock': 'string',
        'DefaultForAz': True|False,
        'MapPublicIpOnLaunch': True|False,
        'MapCustomerOwnedIpOnLaunch': True|False,
        'CustomerOwnedIpv4Pool': 'string',
        'State': 'pending'|'available',
        'SubnetId': 'string',
        'VpcId': 'string',
        'OwnerId': 'string',
        'AssignIpv6AddressOnCreation': True|False,
        'Ipv6CidrBlockAssociationSet': [
            {
                'AssociationId': 'string',
                'Ipv6CidrBlock': 'string',
                'Ipv6CidrBlockState': {
                    'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
                    'StatusMessage': 'string'
                }
            },
        ],
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ],
        'SubnetArn': 'string',
        'OutpostArn': 'string'
    }
}

Response Structure

  • (dict) --

    • Subnet (dict) --

      Information about the subnet.

      • AvailabilityZone (string) --

        The Availability Zone of the subnet.

      • AvailabilityZoneId (string) --

        The AZ ID of the subnet.

      • AvailableIpAddressCount (integer) --

        The number of unused private IPv4 addresses in the subnet. The IPv4 addresses for any stopped instances are considered unavailable.

      • CidrBlock (string) --

        The IPv4 CIDR block assigned to the subnet.

      • DefaultForAz (boolean) --

        Indicates whether this is the default subnet for the Availability Zone.

      • MapPublicIpOnLaunch (boolean) --

        Indicates whether instances launched in this subnet receive a public IPv4 address.

      • MapCustomerOwnedIpOnLaunch (boolean) --

        Indicates whether a network interface created in this subnet (including a network interface created by RunInstances ) receives a customer-owned IPv4 address.

      • CustomerOwnedIpv4Pool (string) --

        The customer-owned IPv4 address pool associated with the subnet.

      • State (string) --

        The current state of the subnet.

      • SubnetId (string) --

        The ID of the subnet.

      • VpcId (string) --

        The ID of the VPC the subnet is in.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the subnet.

      • AssignIpv6AddressOnCreation (boolean) --

        Indicates whether a network interface created in this subnet (including a network interface created by RunInstances ) receives an IPv6 address.

      • Ipv6CidrBlockAssociationSet (list) --

        Information about the IPv6 CIDR blocks associated with the subnet.

        • (dict) --

          Describes an IPv6 CIDR block associated with a subnet.

          • AssociationId (string) --

            The association ID for the CIDR block.

          • Ipv6CidrBlock (string) --

            The IPv6 CIDR block.

          • Ipv6CidrBlockState (dict) --

            Information about the state of the CIDR block.

            • State (string) --

              The state of a CIDR block.

            • StatusMessage (string) --

              A message about the status of the CIDR block, if applicable.

      • Tags (list) --

        Any tags assigned to the subnet.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

      • SubnetArn (string) --

        The Amazon Resource Name (ARN) of the subnet.

      • OutpostArn (string) --

        The Amazon Resource Name (ARN) of the Outpost.

create_default_vpc(**kwargs)

Creates a default VPC with a size /16 IPv4 CIDR block and a default subnet in each Availability Zone. For more information about the components of a default VPC, see Default VPC and default subnets in the Amazon Virtual Private Cloud User Guide . You cannot specify the components of the default VPC yourself.

If you deleted your previous default VPC, you can create a default VPC. You cannot have more than one default VPC per Region.

If your account supports EC2-Classic, you cannot use this action to create a default VPC in a Region that supports EC2-Classic. If you want a default VPC in a Region that supports EC2-Classic, see "I really want a default VPC for my existing EC2 account. Is that possible?" in the Default VPCs FAQ .

See also: AWS API Documentation

Request Syntax

response = client.create_default_vpc(
    DryRun=True|False
)
Parameters
DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type
dict
Returns
Response Syntax
{
    'Vpc': {
        'CidrBlock': 'string',
        'DhcpOptionsId': 'string',
        'State': 'pending'|'available',
        'VpcId': 'string',
        'OwnerId': 'string',
        'InstanceTenancy': 'default'|'dedicated'|'host',
        'Ipv6CidrBlockAssociationSet': [
            {
                'AssociationId': 'string',
                'Ipv6CidrBlock': 'string',
                'Ipv6CidrBlockState': {
                    'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
                    'StatusMessage': 'string'
                },
                'NetworkBorderGroup': 'string',
                'Ipv6Pool': 'string'
            },
        ],
        'CidrBlockAssociationSet': [
            {
                'AssociationId': 'string',
                'CidrBlock': 'string',
                'CidrBlockState': {
                    'State': 'associating'|'associated'|'disassociating'|'disassociated'|'failing'|'failed',
                    'StatusMessage': 'string'
                }
            },
        ],
        'IsDefault': True|False,
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --
    • Vpc (dict) --

      Information about the VPC.

      • CidrBlock (string) --

        The primary IPv4 CIDR block for the VPC.

      • DhcpOptionsId (string) --

        The ID of the set of DHCP options you've associated with the VPC.

      • State (string) --

        The current state of the VPC.

      • VpcId (string) --

        The ID of the VPC.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the VPC.

      • InstanceTenancy (string) --

        The allowed tenancy of instances launched into the VPC.

      • Ipv6CidrBlockAssociationSet (list) --

        Information about the IPv6 CIDR blocks associated with the VPC.

        • (dict) --

          Describes an IPv6 CIDR block associated with a VPC.

          • AssociationId (string) --

            The association ID for the IPv6 CIDR block.

          • Ipv6CidrBlock (string) --

            The IPv6 CIDR block.

          • Ipv6CidrBlockState (dict) --

            Information about the state of the CIDR block.

            • State (string) --

              The state of the CIDR block.

            • StatusMessage (string) --

              A message about the status of the CIDR block, if applicable.

          • NetworkBorderGroup (string) --

            The name of the unique set of Availability Zones, Local Zones, or Wavelength Zones from which AWS advertises IP addresses, for example, us-east-1-wl1-bos-wlz-1 .

          • Ipv6Pool (string) --

            The ID of the IPv6 address pool from which the IPv6 CIDR block is allocated.

      • CidrBlockAssociationSet (list) --

        Information about the IPv4 CIDR blocks associated with the VPC.

        • (dict) --

          Describes an IPv4 CIDR block associated with a VPC.

          • AssociationId (string) --

            The association ID for the IPv4 CIDR block.

          • CidrBlock (string) --

            The IPv4 CIDR block.

          • CidrBlockState (dict) --

            Information about the state of the CIDR block.

            • State (string) --

              The state of the CIDR block.

            • StatusMessage (string) --

              A message about the status of the CIDR block, if applicable.

      • IsDefault (boolean) --

        Indicates whether the VPC is the default VPC.

      • Tags (list) --

        Any tags assigned to the VPC.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

create_dhcp_options(**kwargs)

Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC, causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The following are the individual DHCP options you can specify. For more information about the options, see RFC 2132 .

  • domain-name-servers - The IP addresses of up to four domain name servers, or AmazonProvidedDNS. The default DHCP option set specifies AmazonProvidedDNS. If specifying more than one domain name server, specify the IP addresses in a single parameter, separated by commas. To have your instance receive a custom DNS hostname as specified in domain-name , you must set domain-name-servers to a custom DNS server.
  • domain-name - If you're using AmazonProvidedDNS in us-east-1 , specify ec2.internal . If you're using AmazonProvidedDNS in another Region, specify region.compute.internal (for example, ap-northeast-1.compute.internal ). Otherwise, specify a domain name (for example, ExampleCompany.com ). This value is used to complete unqualified DNS hostnames. Important : Some Linux operating systems accept multiple domain names separated by spaces. However, Windows and other Linux operating systems treat the value as a single domain, which results in unexpected behavior. If your DHCP options set is associated with a VPC that has instances with multiple operating systems, specify only one domain name.
  • ntp-servers - The IP addresses of up to four Network Time Protocol (NTP) servers.
  • netbios-name-servers - The IP addresses of up to four NetBIOS name servers.
  • netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2 (broadcast and multicast are not currently supported). For more information about these node types, see RFC 2132 .

Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an internet gateway, make sure to set the domain-name-servers option either to AmazonProvidedDNS or to a domain name server of your choice. For more information, see DHCP options sets in the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_dhcp_options(
    DhcpConfigurations=[
        {
            'Key': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DryRun=True|False
)
Parameters
  • DhcpConfigurations (list) --

    [REQUIRED]

    A DHCP configuration option.

    • (dict) --
      • Key (string) --
      • Values (list) --
        • (string) --
  • TagSpecifications (list) --

    The tags to assign to the DHCP option.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'DhcpOptions': {
        'DhcpConfigurations': [
            {
                'Key': 'string',
                'Values': [
                    {
                        'Value': 'string'
                    },
                ]
            },
        ],
        'DhcpOptionsId': 'string',
        'OwnerId': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • DhcpOptions (dict) --

      A set of DHCP options.

      • DhcpConfigurations (list) --

        One or more DHCP options in the set.

        • (dict) --

          Describes a DHCP configuration option.

          • Key (string) --

            The name of a DHCP option.

          • Values (list) --

            One or more values for the DHCP option.

            • (dict) --

              Describes a value for a resource attribute that is a String.

              • Value (string) --

                The attribute value. The value is case-sensitive.

      • DhcpOptionsId (string) --

        The ID of the set of DHCP options.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the DHCP options set.

      • Tags (list) --

        Any tags assigned to the DHCP options set.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Examples

This example creates a DHCP options set.

response = client.create_dhcp_options(
    DhcpConfigurations=[
        {
            'Key': 'domain-name-servers',
            'Values': [
                '10.2.5.1',
                '10.2.5.2',
            ],
        },
    ],
)

print(response)

Expected Output:

{
    'DhcpOptions': {
        'DhcpConfigurations': [
            {
                'Key': 'domain-name-servers',
                'Values': [
                    {
                        'Value': '10.2.5.2',
                    },
                    {
                        'Value': '10.2.5.1',
                    },
                ],
            },
        ],
        'DhcpOptionsId': 'dopt-d9070ebb',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}
create_egress_only_internet_gateway(**kwargs)

[IPv6 only] Creates an egress-only internet gateway for your VPC. An egress-only internet gateway is used to enable outbound communication over IPv6 from instances in your VPC to the internet, and prevents hosts outside of your VPC from initiating an IPv6 connection with your instance.

See also: AWS API Documentation

Request Syntax

response = client.create_egress_only_internet_gateway(
    ClientToken='string',
    DryRun=True|False,
    VpcId='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)
Parameters
  • ClientToken (string) -- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency .
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • VpcId (string) --

    [REQUIRED]

    The ID of the VPC for which to create the egress-only internet gateway.

  • TagSpecifications (list) --

    The tags to assign to the egress-only internet gateway.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Return type

dict

Returns

Response Syntax

{
    'ClientToken': 'string',
    'EgressOnlyInternetGateway': {
        'Attachments': [
            {
                'State': 'attaching'|'attached'|'detaching'|'detached',
                'VpcId': 'string'
            },
        ],
        'EgressOnlyInternetGatewayId': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • ClientToken (string) --

      Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    • EgressOnlyInternetGateway (dict) --

      Information about the egress-only internet gateway.

      • Attachments (list) --

        Information about the attachment of the egress-only internet gateway.

        • (dict) --

          Describes the attachment of a VPC to an internet gateway or an egress-only internet gateway.

          • State (string) --

            The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned.

          • VpcId (string) --

            The ID of the VPC.

      • EgressOnlyInternetGatewayId (string) --

        The ID of the egress-only internet gateway.

      • Tags (list) --

        The tags assigned to the egress-only internet gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

create_fleet(**kwargs)

Launches an EC2 Fleet.

You can create a single EC2 Fleet that includes multiple launch specifications that vary by instance type, AMI, Availability Zone, or subnet.

For more information, see Launching an EC2 Fleet in the Amazon EC2 User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_fleet(
    DryRun=True|False,
    ClientToken='string',
    SpotOptions={
        'AllocationStrategy': 'lowest-price'|'diversified'|'capacity-optimized'|'capacity-optimized-prioritized',
        'MaintenanceStrategies': {
            'CapacityRebalance': {
                'ReplacementStrategy': 'launch'
            }
        },
        'InstanceInterruptionBehavior': 'hibernate'|'stop'|'terminate',
        'InstancePoolsToUseCount': 123,
        'SingleInstanceType': True|False,
        'SingleAvailabilityZone': True|False,
        'MinTargetCapacity': 123,
        'MaxTotalPrice': 'string'
    },
    OnDemandOptions={
        'AllocationStrategy': 'lowest-price'|'prioritized',
        'CapacityReservationOptions': {
            'UsageStrategy': 'use-capacity-reservations-first'
        },
        'SingleInstanceType': True|False,
        'SingleAvailabilityZone': True|False,
        'MinTargetCapacity': 123,
        'MaxTotalPrice': 'string'
    },
    ExcessCapacityTerminationPolicy='no-termination'|'termination',
    LaunchTemplateConfigs=[
        {
            'LaunchTemplateSpecification': {
                'LaunchTemplateId': 'string',
                'LaunchTemplateName': 'string',
                'Version': 'string'
            },
            'Overrides': [
                {
                    'InstanceType': 't1.micro'|'t2.nano'|'t2.micro'|'t2.small'|'t2.medium'|'t2.large'|'t2.xlarge'|'t2.2xlarge'|'t3.nano'|'t3.micro'|'t3.small'|'t3.medium'|'t3.large'|'t3.xlarge'|'t3.2xlarge'|'t3a.nano'|'t3a.micro'|'t3a.small'|'t3a.medium'|'t3a.large'|'t3a.xlarge'|'t3a.2xlarge'|'t4g.nano'|'t4g.micro'|'t4g.small'|'t4g.medium'|'t4g.large'|'t4g.xlarge'|'t4g.2xlarge'|'m1.small'|'m1.medium'|'m1.large'|'m1.xlarge'|'m3.medium'|'m3.large'|'m3.xlarge'|'m3.2xlarge'|'m4.large'|'m4.xlarge'|'m4.2xlarge'|'m4.4xlarge'|'m4.10xlarge'|'m4.16xlarge'|'m2.xlarge'|'m2.2xlarge'|'m2.4xlarge'|'cr1.8xlarge'|'r3.large'|'r3.xlarge'|'r3.2xlarge'|'r3.4xlarge'|'r3.8xlarge'|'r4.large'|'r4.xlarge'|'r4.2xlarge'|'r4.4xlarge'|'r4.8xlarge'|'r4.16xlarge'|'r5.large'|'r5.xlarge'|'r5.2xlarge'|'r5.4xlarge'|'r5.8xlarge'|'r5.12xlarge'|'r5.16xlarge'|'r5.24xlarge'|'r5.metal'|'r5a.large'|'r5a.xlarge'|'r5a.2xlarge'|'r5a.4xlarge'|'r5a.8xlarge'|'r5a.12xlarge'|'r5a.16xlarge'|'r5a.24xlarge'|'r5b.large'|'r5b.xlarge'|'r5b.2xlarge'|'r5b.4xlarge'|'r5b.8xlarge'|'r5b.12xlarge'|'r5b.16xlarge'|'r5b.24xlarge'|'r5b.metal'|'r5d.large'|'r5d.xlarge'|'r5d.2xlarge'|'r5d.4xlarge'|'r5d.8xlarge'|'r5d.12xlarge'|'r5d.16xlarge'|'r5d.24xlarge'|'r5d.metal'|'r5ad.large'|'r5ad.xlarge'|'r5ad.2xlarge'|'r5ad.4xlarge'|'r5ad.8xlarge'|'r5ad.12xlarge'|'r5ad.16xlarge'|'r5ad.24xlarge'|'r6g.metal'|'r6g.medium'|'r6g.large'|'r6g.xlarge'|'r6g.2xlarge'|'r6g.4xlarge'|'r6g.8xlarge'|'r6g.12xlarge'|'r6g.16xlarge'|'r6gd.metal'|'r6gd.medium'|'r6gd.large'|'r6gd.xlarge'|'r6gd.2xlarge'|'r6gd.4xlarge'|'r6gd.8xlarge'|'r6gd.12xlarge'|'r6gd.16xlarge'|'x1.16xlarge'|'x1.32xlarge'|'x1e.xlarge'|'x1e.2xlarge'|'x1e.4xlarge'|'x1e.8xlarge'|'x1e.16xlarge'|'x1e.32xlarge'|'i2.xlarge'|'i2.2xlarge'|'i2.4xlarge'|'i2.8xlarge'|'i3.large'|'i3.xlarge'|'i3.2xlarge'|'i3.4xlarge'|'i3.8xlarge'|'i3.16xlarge'|'i3.metal'|'i3en.large'|'i3en.xlarge'|'i3en.2xlarge'|'i3en.3xlarge'|'i3en.6xlarge'|'i3en.12xlarge'|'i3en.24xlarge'|'i3en.metal'|'hi1.4xlarge'|'hs1.8xlarge'|'c1.medium'|'c1.xlarge'|'c3.large'|'c3.xlarge'|'c3.2xlarge'|'c3.4xlarge'|'c3.8xlarge'|'c4.large'|'c4.xlarge'|'c4.2xlarge'|'c4.4xlarge'|'c4.8xlarge'|'c5.large'|'c5.xlarge'|'c5.2xlarge'|'c5.4xlarge'|'c5.9xlarge'|'c5.12xlarge'|'c5.18xlarge'|'c5.24xlarge'|'c5.metal'|'c5a.large'|'c5a.xlarge'|'c5a.2xlarge'|'c5a.4xlarge'|'c5a.8xlarge'|'c5a.12xlarge'|'c5a.16xlarge'|'c5a.24xlarge'|'c5ad.large'|'c5ad.xlarge'|'c5ad.2xlarge'|'c5ad.4xlarge'|'c5ad.8xlarge'|'c5ad.12xlarge'|'c5ad.16xlarge'|'c5ad.24xlarge'|'c5d.large'|'c5d.xlarge'|'c5d.2xlarge'|'c5d.4xlarge'|'c5d.9xlarge'|'c5d.12xlarge'|'c5d.18xlarge'|'c5d.24xlarge'|'c5d.metal'|'c5n.large'|'c5n.xlarge'|'c5n.2xlarge'|'c5n.4xlarge'|'c5n.9xlarge'|'c5n.18xlarge'|'c5n.metal'|'c6g.metal'|'c6g.medium'|'c6g.large'|'c6g.xlarge'|'c6g.2xlarge'|'c6g.4xlarge'|'c6g.8xlarge'|'c6g.12xlarge'|'c6g.16xlarge'|'c6gd.metal'|'c6gd.medium'|'c6gd.large'|'c6gd.xlarge'|'c6gd.2xlarge'|'c6gd.4xlarge'|'c6gd.8xlarge'|'c6gd.12xlarge'|'c6gd.16xlarge'|'c6gn.medium'|'c6gn.large'|'c6gn.xlarge'|'c6gn.2xlarge'|'c6gn.4xlarge'|'c6gn.8xlarge'|'c6gn.12xlarge'|'c6gn.16xlarge'|'cc1.4xlarge'|'cc2.8xlarge'|'g2.2xlarge'|'g2.8xlarge'|'g3.4xlarge'|'g3.8xlarge'|'g3.16xlarge'|'g3s.xlarge'|'g4ad.xlarge'|'g4ad.2xlarge'|'g4ad.4xlarge'|'g4ad.8xlarge'|'g4ad.16xlarge'|'g4dn.xlarge'|'g4dn.2xlarge'|'g4dn.4xlarge'|'g4dn.8xlarge'|'g4dn.12xlarge'|'g4dn.16xlarge'|'g4dn.metal'|'cg1.4xlarge'|'p2.xlarge'|'p2.8xlarge'|'p2.16xlarge'|'p3.2xlarge'|'p3.8xlarge'|'p3.16xlarge'|'p3dn.24xlarge'|'p4d.24xlarge'|'d2.xlarge'|'d2.2xlarge'|'d2.4xlarge'|'d2.8xlarge'|'d3.xlarge'|'d3.2xlarge'|'d3.4xlarge'|'d3.8xlarge'|'d3en.xlarge'|'d3en.2xlarge'|'d3en.4xlarge'|'d3en.6xlarge'|'d3en.8xlarge'|'d3en.12xlarge'|'f1.2xlarge'|'f1.4xlarge'|'f1.16xlarge'|'m5.large'|'m5.xlarge'|'m5.2xlarge'|'m5.4xlarge'|'m5.8xlarge'|'m5.12xlarge'|'m5.16xlarge'|'m5.24xlarge'|'m5.metal'|'m5a.large'|'m5a.xlarge'|'m5a.2xlarge'|'m5a.4xlarge'|'m5a.8xlarge'|'m5a.12xlarge'|'m5a.16xlarge'|'m5a.24xlarge'|'m5d.large'|'m5d.xlarge'|'m5d.2xlarge'|'m5d.4xlarge'|'m5d.8xlarge'|'m5d.12xlarge'|'m5d.16xlarge'|'m5d.24xlarge'|'m5d.metal'|'m5ad.large'|'m5ad.xlarge'|'m5ad.2xlarge'|'m5ad.4xlarge'|'m5ad.8xlarge'|'m5ad.12xlarge'|'m5ad.16xlarge'|'m5ad.24xlarge'|'m5zn.large'|'m5zn.xlarge'|'m5zn.2xlarge'|'m5zn.3xlarge'|'m5zn.6xlarge'|'m5zn.12xlarge'|'m5zn.metal'|'h1.2xlarge'|'h1.4xlarge'|'h1.8xlarge'|'h1.16xlarge'|'z1d.large'|'z1d.xlarge'|'z1d.2xlarge'|'z1d.3xlarge'|'z1d.6xlarge'|'z1d.12xlarge'|'z1d.metal'|'u-6tb1.56xlarge'|'u-6tb1.112xlarge'|'u-9tb1.112xlarge'|'u-12tb1.112xlarge'|'u-6tb1.metal'|'u-9tb1.metal'|'u-12tb1.metal'|'u-18tb1.metal'|'u-24tb1.metal'|'a1.medium'|'a1.large'|'a1.xlarge'|'a1.2xlarge'|'a1.4xlarge'|'a1.metal'|'m5dn.large'|'m5dn.xlarge'|'m5dn.2xlarge'|'m5dn.4xlarge'|'m5dn.8xlarge'|'m5dn.12xlarge'|'m5dn.16xlarge'|'m5dn.24xlarge'|'m5dn.metal'|'m5n.large'|'m5n.xlarge'|'m5n.2xlarge'|'m5n.4xlarge'|'m5n.8xlarge'|'m5n.12xlarge'|'m5n.16xlarge'|'m5n.24xlarge'|'m5n.metal'|'r5dn.large'|'r5dn.xlarge'|'r5dn.2xlarge'|'r5dn.4xlarge'|'r5dn.8xlarge'|'r5dn.12xlarge'|'r5dn.16xlarge'|'r5dn.24xlarge'|'r5dn.metal'|'r5n.large'|'r5n.xlarge'|'r5n.2xlarge'|'r5n.4xlarge'|'r5n.8xlarge'|'r5n.12xlarge'|'r5n.16xlarge'|'r5n.24xlarge'|'r5n.metal'|'inf1.xlarge'|'inf1.2xlarge'|'inf1.6xlarge'|'inf1.24xlarge'|'m6g.metal'|'m6g.medium'|'m6g.large'|'m6g.xlarge'|'m6g.2xlarge'|'m6g.4xlarge'|'m6g.8xlarge'|'m6g.12xlarge'|'m6g.16xlarge'|'m6gd.metal'|'m6gd.medium'|'m6gd.large'|'m6gd.xlarge'|'m6gd.2xlarge'|'m6gd.4xlarge'|'m6gd.8xlarge'|'m6gd.12xlarge'|'m6gd.16xlarge'|'m6i.large'|'m6i.xlarge'|'m6i.2xlarge'|'m6i.4xlarge'|'m6i.8xlarge'|'m6i.12xlarge'|'m6i.16xlarge'|'m6i.24xlarge'|'m6i.32xlarge'|'mac1.metal'|'x2gd.medium'|'x2gd.large'|'x2gd.xlarge'|'x2gd.2xlarge'|'x2gd.4xlarge'|'x2gd.8xlarge'|'x2gd.12xlarge'|'x2gd.16xlarge'|'x2gd.metal'|'vt1.3xlarge'|'vt1.6xlarge'|'vt1.24xlarge',
                    'MaxPrice': 'string',
                    'SubnetId': 'string',
                    'AvailabilityZone': 'string',
                    'WeightedCapacity': 123.0,
                    'Priority': 123.0,
                    'Placement': {
                        'AvailabilityZone': 'string',
                        'Affinity': 'string',
                        'GroupName': 'string',
                        'PartitionNumber': 123,
                        'HostId': 'string',
                        'Tenancy': 'default'|'dedicated'|'host',
                        'SpreadDomain': 'string',
                        'HostResourceGroupArn': 'string'
                    }
                },
            ]
        },
    ],
    TargetCapacitySpecification={
        'TotalTargetCapacity': 123,
        'OnDemandTargetCapacity': 123,
        'SpotTargetCapacity': 123,
        'DefaultTargetCapacityType': 'spot'|'on-demand'
    },
    TerminateInstancesWithExpiration=True|False,
    Type='request'|'maintain'|'instant',
    ValidFrom=datetime(2015, 1, 1),
    ValidUntil=datetime(2015, 1, 1),
    ReplaceUnhealthyInstances=True|False,
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    Context='string'
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ClientToken (string) -- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency .
  • SpotOptions (dict) --

    Describes the configuration of Spot Instances in an EC2 Fleet.

    • AllocationStrategy (string) --

      Indicates how to allocate the target Spot Instance capacity across the Spot Instance pools specified by the EC2 Fleet.

      If the allocation strategy is lowest-price , EC2 Fleet launches instances from the Spot Instance pools with the lowest price. This is the default allocation strategy.

      If the allocation strategy is diversified , EC2 Fleet launches instances from all of the Spot Instance pools that you specify.

      If the allocation strategy is capacity-optimized (recommended), EC2 Fleet launches instances from Spot Instance pools with optimal capacity for the number of instances that are launching. To give certain instance types a higher chance of launching first, use capacity-optimized-prioritized . Set a priority for each instance type by using the Priority parameter for LaunchTemplateOverrides . You can assign the same priority to different LaunchTemplateOverrides . EC2 implements the priorities on a best-effort basis, but optimizes for capacity first. capacity-optimized-prioritized is supported only if your fleet uses a launch template. Note that if the On-Demand AllocationStrategy is set to prioritized , the same priority is applied when fulfilling On-Demand capacity.

    • MaintenanceStrategies (dict) --

      The strategies for managing your Spot Instances that are at an elevated risk of being interrupted.

      • CapacityRebalance (dict) --

        The strategy to use when Amazon EC2 emits a signal that your Spot Instance is at an elevated risk of being interrupted.

        • ReplacementStrategy (string) --

          The replacement strategy to use. Only available for fleets of type maintain .

          To allow EC2 Fleet to launch a replacement Spot Instance when an instance rebalance notification is emitted for an existing Spot Instance in the fleet, specify launch . You must specify a value, otherwise you get an error.

          Note

          When a replacement instance is launched, the instance marked for rebalance is not automatically terminated. You can terminate it, or you can leave it running. You are charged for all instances while they are running.

    • InstanceInterruptionBehavior (string) --

      The behavior when a Spot Instance is interrupted. The default is terminate .

    • InstancePoolsToUseCount (integer) --

      The number of Spot pools across which to allocate your target Spot capacity. Valid only when Spot AllocationStrategy is set to lowest-price . EC2 Fleet selects the cheapest Spot pools and evenly allocates your target Spot capacity across the number of Spot pools that you specify.

      Note that EC2 Fleet attempts to draw Spot Instances from the number of pools that you specify on a best effort basis. If a pool runs out of Spot capacity before fulfilling your target capacity, EC2 Fleet will continue to fulfill your request by drawing from the next cheapest pool. To ensure that your target capacity is met, you might receive Spot Instances from more than the number of pools that you specified. Similarly, if most of the pools have no Spot capacity, you might receive your full target capacity from fewer than the number of pools that you specified.

    • SingleInstanceType (boolean) --

      Indicates that the fleet uses a single instance type to launch all Spot Instances in the fleet. Supported only for fleets of type instant .

    • SingleAvailabilityZone (boolean) --

      Indicates that the fleet launches all Spot Instances into a single Availability Zone. Supported only for fleets of type instant .

    • MinTargetCapacity (integer) --

      The minimum target capacity for Spot Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.

    • MaxTotalPrice (string) --

      The maximum amount per hour for Spot Instances that you're willing to pay.

  • OnDemandOptions (dict) --

    Describes the configuration of On-Demand Instances in an EC2 Fleet.

    • AllocationStrategy (string) --

      The order of the launch template overrides to use in fulfilling On-Demand capacity. If you specify lowest-price , EC2 Fleet uses price to determine the order, launching the lowest price first. If you specify prioritized , EC2 Fleet uses the priority that you assigned to each launch template override, launching the highest priority first. If you do not specify a value, EC2 Fleet defaults to lowest-price .

    • CapacityReservationOptions (dict) --

      The strategy for using unused Capacity Reservations for fulfilling On-Demand capacity. Supported only for fleets of type instant .

      • UsageStrategy (string) --

        Indicates whether to use unused Capacity Reservations for fulfilling On-Demand capacity.

        If you specify use-capacity-reservations-first , the fleet uses unused Capacity Reservations to fulfill On-Demand capacity up to the target On-Demand capacity. If multiple instance pools have unused Capacity Reservations, the On-Demand allocation strategy (lowest-price or prioritized ) is applied. If the number of unused Capacity Reservations is less than the On-Demand target capacity, the remaining On-Demand target capacity is launched according to the On-Demand allocation strategy (lowest-price or prioritized ).

        If you do not specify a value, the fleet fulfils the On-Demand capacity according to the chosen On-Demand allocation strategy.

    • SingleInstanceType (boolean) --

      Indicates that the fleet uses a single instance type to launch all On-Demand Instances in the fleet. Supported only for fleets of type instant .

    • SingleAvailabilityZone (boolean) --

      Indicates that the fleet launches all On-Demand Instances into a single Availability Zone. Supported only for fleets of type instant .

    • MinTargetCapacity (integer) --

      The minimum target capacity for On-Demand Instances in the fleet. If the minimum target capacity is not reached, the fleet launches no instances.

    • MaxTotalPrice (string) --

      The maximum amount per hour for On-Demand Instances that you're willing to pay.

  • ExcessCapacityTerminationPolicy (string) -- Indicates whether running instances should be terminated if the total target capacity of the EC2 Fleet is decreased below the current size of the EC2 Fleet.
  • LaunchTemplateConfigs (list) --

    [REQUIRED]

    The configuration for the EC2 Fleet.

    • (dict) --

      Describes a launch template and overrides.

      • LaunchTemplateSpecification (dict) --

        The launch template to use. You must specify either the launch template ID or launch template name in the request.

        • LaunchTemplateId (string) --

          The ID of the launch template. If you specify the template ID, you can't specify the template name.

        • LaunchTemplateName (string) --

          The name of the launch template. If you specify the template name, you can't specify the template ID.

        • Version (string) --

          The launch template version number, $Latest , or $Default . You must specify a value, otherwise the request fails.

          If the value is $Latest , Amazon EC2 uses the latest version of the launch template.

          If the value is $Default , Amazon EC2 uses the default version of the launch template.

      • Overrides (list) --

        Any parameters that you specify override the same parameters in the launch template.

        For fleets of type request and maintain , a maximum of 300 items is allowed across all launch templates.

        • (dict) --

          Describes overrides for a launch template.

          • InstanceType (string) --

            The instance type.

          • MaxPrice (string) --

            The maximum price per unit hour that you are willing to pay for a Spot Instance.

          • SubnetId (string) --

            The IDs of the subnets in which to launch the instances. Separate multiple subnet IDs using commas (for example, subnet-1234abcdeexample1, subnet-0987cdef6example2 ). A request of type instant can have only one subnet ID.

          • AvailabilityZone (string) --

            The Availability Zone in which to launch the instances.

          • WeightedCapacity (float) --

            The number of units provided by the specified instance type.

          • Priority (float) --

            The priority for the launch template override. The highest priority is launched first.

            If the On-Demand AllocationStrategy is set to prioritized , EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

            If the Spot AllocationStrategy is set to capacity-optimized-prioritized , EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

            Valid values are whole numbers starting at 0 . The lower the number, the higher the priority. If no number is set, the launch template override has the lowest priority. You can set the same priority for different launch template overrides.

          • Placement (dict) --

            The location where the instance launched, if applicable.

            • AvailabilityZone (string) --

              The Availability Zone of the instance.

              If not specified, an Availability Zone will be automatically chosen for you based on the load balancing criteria for the Region.

              This parameter is not supported by CreateFleet .

            • Affinity (string) --

              The affinity setting for the instance on the Dedicated Host. This parameter is not supported for the ImportInstance command.

              This parameter is not supported by CreateFleet .

            • GroupName (string) --

              The name of the placement group the instance is in.

            • PartitionNumber (integer) --

              The number of the partition the instance is in. Valid only if the placement group strategy is set to partition .

              This parameter is not supported by CreateFleet .

            • HostId (string) --

              The ID of the Dedicated Host on which the instance resides. This parameter is not supported for the ImportInstance command.

              This parameter is not supported by CreateFleet .

            • Tenancy (string) --

              The tenancy of the instance (if the instance is running in a VPC). An instance with a tenancy of dedicated runs on single-tenant hardware. The host tenancy is not supported for the ImportInstance command.

              This parameter is not supported by CreateFleet .

              T3 instances that use the unlimited CPU credit option do not support host tenancy.

            • SpreadDomain (string) --

              Reserved for future use.

              This parameter is not supported by CreateFleet .

            • HostResourceGroupArn (string) --

              The ARN of the host resource group in which to launch the instances. If you specify a host resource group ARN, omit the Tenancy parameter or set it to host .

              This parameter is not supported by CreateFleet .

  • TargetCapacitySpecification (dict) --

    [REQUIRED]

    The number of units to request.

    • TotalTargetCapacity (integer) -- [REQUIRED]

      The number of units to request, filled using DefaultTargetCapacityType .

    • OnDemandTargetCapacity (integer) --

      The number of On-Demand units to request.

    • SpotTargetCapacity (integer) --

      The number of Spot units to request.

    • DefaultTargetCapacityType (string) --

      The default TotalTargetCapacity , which is either Spot or On-Demand .

  • TerminateInstancesWithExpiration (boolean) -- Indicates whether running instances should be terminated when the EC2 Fleet expires.
  • Type (string) --

    The fleet type. The default value is maintain .

    • maintain - The EC2 Fleet places an asynchronous request for your desired capacity, and continues to maintain your desired Spot capacity by replenishing interrupted Spot Instances.
    • request - The EC2 Fleet places an asynchronous one-time request for your desired capacity, but does submit Spot requests in alternative capacity pools if Spot capacity is unavailable, and does not maintain Spot capacity if Spot Instances are interrupted.
    • instant - The EC2 Fleet places a synchronous one-time request for your desired capacity, and returns errors for any instances that could not be launched.

    For more information, see EC2 Fleet request types in the Amazon EC2 User Guide .

  • ValidFrom (datetime) -- The start date and time of the request, in UTC format (for example, YYYY -MM -DD T*HH* :MM :SS Z). The default is to start fulfilling the request immediately.
  • ValidUntil (datetime) -- The end date and time of the request, in UTC format (for example, YYYY -MM -DD T*HH* :MM :SS Z). At this point, no new EC2 Fleet requests are placed or able to fulfill the request. If no value is specified, the request remains until you cancel it.
  • ReplaceUnhealthyInstances (boolean) -- Indicates whether EC2 Fleet should replace unhealthy Spot Instances. Supported only for fleets of type maintain . For more information, see EC2 Fleet health checks in the Amazon EC2 User Guide .
  • TagSpecifications (list) --

    The key-value pair for tagging the EC2 Fleet request on creation. For more information, see Tagging your resources .

    If the fleet type is instant , specify a resource type of fleet to tag the fleet or instance to tag the instances at launch.

    If the fleet type is maintain or request , specify a resource type of fleet to tag the fleet. You cannot specify a resource type of instance . To tag instances at launch, specify the tags in a launch template .

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • Context (string) -- Reserved.
Return type

dict

Returns

Response Syntax

{
    'FleetId': 'string',
    'Errors': [
        {
            'LaunchTemplateAndOverrides': {
                'LaunchTemplateSpecification': {
                    'LaunchTemplateId': 'string',
                    'LaunchTemplateName': 'string',
                    'Version': 'string'
                },
                'Overrides': {
                    'InstanceType': 't1.micro'|'t2.nano'|'t2.micro'|'t2.small'|'t2.medium'|'t2.large'|'t2.xlarge'|'t2.2xlarge'|'t3.nano'|'t3.micro'|'t3.small'|'t3.medium'|'t3.large'|'t3.xlarge'|'t3.2xlarge'|'t3a.nano'|'t3a.micro'|'t3a.small'|'t3a.medium'|'t3a.large'|'t3a.xlarge'|'t3a.2xlarge'|'t4g.nano'|'t4g.micro'|'t4g.small'|'t4g.medium'|'t4g.large'|'t4g.xlarge'|'t4g.2xlarge'|'m1.small'|'m1.medium'|'m1.large'|'m1.xlarge'|'m3.medium'|'m3.large'|'m3.xlarge'|'m3.2xlarge'|'m4.large'|'m4.xlarge'|'m4.2xlarge'|'m4.4xlarge'|'m4.10xlarge'|'m4.16xlarge'|'m2.xlarge'|'m2.2xlarge'|'m2.4xlarge'|'cr1.8xlarge'|'r3.large'|'r3.xlarge'|'r3.2xlarge'|'r3.4xlarge'|'r3.8xlarge'|'r4.large'|'r4.xlarge'|'r4.2xlarge'|'r4.4xlarge'|'r4.8xlarge'|'r4.16xlarge'|'r5.large'|'r5.xlarge'|'r5.2xlarge'|'r5.4xlarge'|'r5.8xlarge'|'r5.12xlarge'|'r5.16xlarge'|'r5.24xlarge'|'r5.metal'|'r5a.large'|'r5a.xlarge'|'r5a.2xlarge'|'r5a.4xlarge'|'r5a.8xlarge'|'r5a.12xlarge'|'r5a.16xlarge'|'r5a.24xlarge'|'r5b.large'|'r5b.xlarge'|'r5b.2xlarge'|'r5b.4xlarge'|'r5b.8xlarge'|'r5b.12xlarge'|'r5b.16xlarge'|'r5b.24xlarge'|'r5b.metal'|'r5d.large'|'r5d.xlarge'|'r5d.2xlarge'|'r5d.4xlarge'|'r5d.8xlarge'|'r5d.12xlarge'|'r5d.16xlarge'|'r5d.24xlarge'|'r5d.metal'|'r5ad.large'|'r5ad.xlarge'|'r5ad.2xlarge'|'r5ad.4xlarge'|'r5ad.8xlarge'|'r5ad.12xlarge'|'r5ad.16xlarge'|'r5ad.24xlarge'|'r6g.metal'|'r6g.medium'|'r6g.large'|'r6g.xlarge'|'r6g.2xlarge'|'r6g.4xlarge'|'r6g.8xlarge'|'r6g.12xlarge'|'r6g.16xlarge'|'r6gd.metal'|'r6gd.medium'|'r6gd.large'|'r6gd.xlarge'|'r6gd.2xlarge'|'r6gd.4xlarge'|'r6gd.8xlarge'|'r6gd.12xlarge'|'r6gd.16xlarge'|'x1.16xlarge'|'x1.32xlarge'|'x1e.xlarge'|'x1e.2xlarge'|'x1e.4xlarge'|'x1e.8xlarge'|'x1e.16xlarge'|'x1e.32xlarge'|'i2.xlarge'|'i2.2xlarge'|'i2.4xlarge'|'i2.8xlarge'|'i3.large'|'i3.xlarge'|'i3.2xlarge'|'i3.4xlarge'|'i3.8xlarge'|'i3.16xlarge'|'i3.metal'|'i3en.large'|'i3en.xlarge'|'i3en.2xlarge'|'i3en.3xlarge'|'i3en.6xlarge'|'i3en.12xlarge'|'i3en.24xlarge'|'i3en.metal'|'hi1.4xlarge'|'hs1.8xlarge'|'c1.medium'|'c1.xlarge'|'c3.large'|'c3.xlarge'|'c3.2xlarge'|'c3.4xlarge'|'c3.8xlarge'|'c4.large'|'c4.xlarge'|'c4.2xlarge'|'c4.4xlarge'|'c4.8xlarge'|'c5.large'|'c5.xlarge'|'c5.2xlarge'|'c5.4xlarge'|'c5.9xlarge'|'c5.12xlarge'|'c5.18xlarge'|'c5.24xlarge'|'c5.metal'|'c5a.large'|'c5a.xlarge'|'c5a.2xlarge'|'c5a.4xlarge'|'c5a.8xlarge'|'c5a.12xlarge'|'c5a.16xlarge'|'c5a.24xlarge'|'c5ad.large'|'c5ad.xlarge'|'c5ad.2xlarge'|'c5ad.4xlarge'|'c5ad.8xlarge'|'c5ad.12xlarge'|'c5ad.16xlarge'|'c5ad.24xlarge'|'c5d.large'|'c5d.xlarge'|'c5d.2xlarge'|'c5d.4xlarge'|'c5d.9xlarge'|'c5d.12xlarge'|'c5d.18xlarge'|'c5d.24xlarge'|'c5d.metal'|'c5n.large'|'c5n.xlarge'|'c5n.2xlarge'|'c5n.4xlarge'|'c5n.9xlarge'|'c5n.18xlarge'|'c5n.metal'|'c6g.metal'|'c6g.medium'|'c6g.large'|'c6g.xlarge'|'c6g.2xlarge'|'c6g.4xlarge'|'c6g.8xlarge'|'c6g.12xlarge'|'c6g.16xlarge'|'c6gd.metal'|'c6gd.medium'|'c6gd.large'|'c6gd.xlarge'|'c6gd.2xlarge'|'c6gd.4xlarge'|'c6gd.8xlarge'|'c6gd.12xlarge'|'c6gd.16xlarge'|'c6gn.medium'|'c6gn.large'|'c6gn.xlarge'|'c6gn.2xlarge'|'c6gn.4xlarge'|'c6gn.8xlarge'|'c6gn.12xlarge'|'c6gn.16xlarge'|'cc1.4xlarge'|'cc2.8xlarge'|'g2.2xlarge'|'g2.8xlarge'|'g3.4xlarge'|'g3.8xlarge'|'g3.16xlarge'|'g3s.xlarge'|'g4ad.xlarge'|'g4ad.2xlarge'|'g4ad.4xlarge'|'g4ad.8xlarge'|'g4ad.16xlarge'|'g4dn.xlarge'|'g4dn.2xlarge'|'g4dn.4xlarge'|'g4dn.8xlarge'|'g4dn.12xlarge'|'g4dn.16xlarge'|'g4dn.metal'|'cg1.4xlarge'|'p2.xlarge'|'p2.8xlarge'|'p2.16xlarge'|'p3.2xlarge'|'p3.8xlarge'|'p3.16xlarge'|'p3dn.24xlarge'|'p4d.24xlarge'|'d2.xlarge'|'d2.2xlarge'|'d2.4xlarge'|'d2.8xlarge'|'d3.xlarge'|'d3.2xlarge'|'d3.4xlarge'|'d3.8xlarge'|'d3en.xlarge'|'d3en.2xlarge'|'d3en.4xlarge'|'d3en.6xlarge'|'d3en.8xlarge'|'d3en.12xlarge'|'f1.2xlarge'|'f1.4xlarge'|'f1.16xlarge'|'m5.large'|'m5.xlarge'|'m5.2xlarge'|'m5.4xlarge'|'m5.8xlarge'|'m5.12xlarge'|'m5.16xlarge'|'m5.24xlarge'|'m5.metal'|'m5a.large'|'m5a.xlarge'|'m5a.2xlarge'|'m5a.4xlarge'|'m5a.8xlarge'|'m5a.12xlarge'|'m5a.16xlarge'|'m5a.24xlarge'|'m5d.large'|'m5d.xlarge'|'m5d.2xlarge'|'m5d.4xlarge'|'m5d.8xlarge'|'m5d.12xlarge'|'m5d.16xlarge'|'m5d.24xlarge'|'m5d.metal'|'m5ad.large'|'m5ad.xlarge'|'m5ad.2xlarge'|'m5ad.4xlarge'|'m5ad.8xlarge'|'m5ad.12xlarge'|'m5ad.16xlarge'|'m5ad.24xlarge'|'m5zn.large'|'m5zn.xlarge'|'m5zn.2xlarge'|'m5zn.3xlarge'|'m5zn.6xlarge'|'m5zn.12xlarge'|'m5zn.metal'|'h1.2xlarge'|'h1.4xlarge'|'h1.8xlarge'|'h1.16xlarge'|'z1d.large'|'z1d.xlarge'|'z1d.2xlarge'|'z1d.3xlarge'|'z1d.6xlarge'|'z1d.12xlarge'|'z1d.metal'|'u-6tb1.56xlarge'|'u-6tb1.112xlarge'|'u-9tb1.112xlarge'|'u-12tb1.112xlarge'|'u-6tb1.metal'|'u-9tb1.metal'|'u-12tb1.metal'|'u-18tb1.metal'|'u-24tb1.metal'|'a1.medium'|'a1.large'|'a1.xlarge'|'a1.2xlarge'|'a1.4xlarge'|'a1.metal'|'m5dn.large'|'m5dn.xlarge'|'m5dn.2xlarge'|'m5dn.4xlarge'|'m5dn.8xlarge'|'m5dn.12xlarge'|'m5dn.16xlarge'|'m5dn.24xlarge'|'m5dn.metal'|'m5n.large'|'m5n.xlarge'|'m5n.2xlarge'|'m5n.4xlarge'|'m5n.8xlarge'|'m5n.12xlarge'|'m5n.16xlarge'|'m5n.24xlarge'|'m5n.metal'|'r5dn.large'|'r5dn.xlarge'|'r5dn.2xlarge'|'r5dn.4xlarge'|'r5dn.8xlarge'|'r5dn.12xlarge'|'r5dn.16xlarge'|'r5dn.24xlarge'|'r5dn.metal'|'r5n.large'|'r5n.xlarge'|'r5n.2xlarge'|'r5n.4xlarge'|'r5n.8xlarge'|'r5n.12xlarge'|'r5n.16xlarge'|'r5n.24xlarge'|'r5n.metal'|'inf1.xlarge'|'inf1.2xlarge'|'inf1.6xlarge'|'inf1.24xlarge'|'m6g.metal'|'m6g.medium'|'m6g.large'|'m6g.xlarge'|'m6g.2xlarge'|'m6g.4xlarge'|'m6g.8xlarge'|'m6g.12xlarge'|'m6g.16xlarge'|'m6gd.metal'|'m6gd.medium'|'m6gd.large'|'m6gd.xlarge'|'m6gd.2xlarge'|'m6gd.4xlarge'|'m6gd.8xlarge'|'m6gd.12xlarge'|'m6gd.16xlarge'|'m6i.large'|'m6i.xlarge'|'m6i.2xlarge'|'m6i.4xlarge'|'m6i.8xlarge'|'m6i.12xlarge'|'m6i.16xlarge'|'m6i.24xlarge'|'m6i.32xlarge'|'mac1.metal'|'x2gd.medium'|'x2gd.large'|'x2gd.xlarge'|'x2gd.2xlarge'|'x2gd.4xlarge'|'x2gd.8xlarge'|'x2gd.12xlarge'|'x2gd.16xlarge'|'x2gd.metal'|'vt1.3xlarge'|'vt1.6xlarge'|'vt1.24xlarge',
                    'MaxPrice': 'string',
                    'SubnetId': 'string',
                    'AvailabilityZone': 'string',
                    'WeightedCapacity': 123.0,
                    'Priority': 123.0,
                    'Placement': {
                        'GroupName': 'string'
                    }
                }
            },
            'Lifecycle': 'spot'|'on-demand',
            'ErrorCode': 'string',
            'ErrorMessage': 'string'
        },
    ],
    'Instances': [
        {
            'LaunchTemplateAndOverrides': {
                'LaunchTemplateSpecification': {
                    'LaunchTemplateId': 'string',
                    'LaunchTemplateName': 'string',
                    'Version': 'string'
                },
                'Overrides': {
                    'InstanceType': 't1.micro'|'t2.nano'|'t2.micro'|'t2.small'|'t2.medium'|'t2.large'|'t2.xlarge'|'t2.2xlarge'|'t3.nano'|'t3.micro'|'t3.small'|'t3.medium'|'t3.large'|'t3.xlarge'|'t3.2xlarge'|'t3a.nano'|'t3a.micro'|'t3a.small'|'t3a.medium'|'t3a.large'|'t3a.xlarge'|'t3a.2xlarge'|'t4g.nano'|'t4g.micro'|'t4g.small'|'t4g.medium'|'t4g.large'|'t4g.xlarge'|'t4g.2xlarge'|'m1.small'|'m1.medium'|'m1.large'|'m1.xlarge'|'m3.medium'|'m3.large'|'m3.xlarge'|'m3.2xlarge'|'m4.large'|'m4.xlarge'|'m4.2xlarge'|'m4.4xlarge'|'m4.10xlarge'|'m4.16xlarge'|'m2.xlarge'|'m2.2xlarge'|'m2.4xlarge'|'cr1.8xlarge'|'r3.large'|'r3.xlarge'|'r3.2xlarge'|'r3.4xlarge'|'r3.8xlarge'|'r4.large'|'r4.xlarge'|'r4.2xlarge'|'r4.4xlarge'|'r4.8xlarge'|'r4.16xlarge'|'r5.large'|'r5.xlarge'|'r5.2xlarge'|'r5.4xlarge'|'r5.8xlarge'|'r5.12xlarge'|'r5.16xlarge'|'r5.24xlarge'|'r5.metal'|'r5a.large'|'r5a.xlarge'|'r5a.2xlarge'|'r5a.4xlarge'|'r5a.8xlarge'|'r5a.12xlarge'|'r5a.16xlarge'|'r5a.24xlarge'|'r5b.large'|'r5b.xlarge'|'r5b.2xlarge'|'r5b.4xlarge'|'r5b.8xlarge'|'r5b.12xlarge'|'r5b.16xlarge'|'r5b.24xlarge'|'r5b.metal'|'r5d.large'|'r5d.xlarge'|'r5d.2xlarge'|'r5d.4xlarge'|'r5d.8xlarge'|'r5d.12xlarge'|'r5d.16xlarge'|'r5d.24xlarge'|'r5d.metal'|'r5ad.large'|'r5ad.xlarge'|'r5ad.2xlarge'|'r5ad.4xlarge'|'r5ad.8xlarge'|'r5ad.12xlarge'|'r5ad.16xlarge'|'r5ad.24xlarge'|'r6g.metal'|'r6g.medium'|'r6g.large'|'r6g.xlarge'|'r6g.2xlarge'|'r6g.4xlarge'|'r6g.8xlarge'|'r6g.12xlarge'|'r6g.16xlarge'|'r6gd.metal'|'r6gd.medium'|'r6gd.large'|'r6gd.xlarge'|'r6gd.2xlarge'|'r6gd.4xlarge'|'r6gd.8xlarge'|'r6gd.12xlarge'|'r6gd.16xlarge'|'x1.16xlarge'|'x1.32xlarge'|'x1e.xlarge'|'x1e.2xlarge'|'x1e.4xlarge'|'x1e.8xlarge'|'x1e.16xlarge'|'x1e.32xlarge'|'i2.xlarge'|'i2.2xlarge'|'i2.4xlarge'|'i2.8xlarge'|'i3.large'|'i3.xlarge'|'i3.2xlarge'|'i3.4xlarge'|'i3.8xlarge'|'i3.16xlarge'|'i3.metal'|'i3en.large'|'i3en.xlarge'|'i3en.2xlarge'|'i3en.3xlarge'|'i3en.6xlarge'|'i3en.12xlarge'|'i3en.24xlarge'|'i3en.metal'|'hi1.4xlarge'|'hs1.8xlarge'|'c1.medium'|'c1.xlarge'|'c3.large'|'c3.xlarge'|'c3.2xlarge'|'c3.4xlarge'|'c3.8xlarge'|'c4.large'|'c4.xlarge'|'c4.2xlarge'|'c4.4xlarge'|'c4.8xlarge'|'c5.large'|'c5.xlarge'|'c5.2xlarge'|'c5.4xlarge'|'c5.9xlarge'|'c5.12xlarge'|'c5.18xlarge'|'c5.24xlarge'|'c5.metal'|'c5a.large'|'c5a.xlarge'|'c5a.2xlarge'|'c5a.4xlarge'|'c5a.8xlarge'|'c5a.12xlarge'|'c5a.16xlarge'|'c5a.24xlarge'|'c5ad.large'|'c5ad.xlarge'|'c5ad.2xlarge'|'c5ad.4xlarge'|'c5ad.8xlarge'|'c5ad.12xlarge'|'c5ad.16xlarge'|'c5ad.24xlarge'|'c5d.large'|'c5d.xlarge'|'c5d.2xlarge'|'c5d.4xlarge'|'c5d.9xlarge'|'c5d.12xlarge'|'c5d.18xlarge'|'c5d.24xlarge'|'c5d.metal'|'c5n.large'|'c5n.xlarge'|'c5n.2xlarge'|'c5n.4xlarge'|'c5n.9xlarge'|'c5n.18xlarge'|'c5n.metal'|'c6g.metal'|'c6g.medium'|'c6g.large'|'c6g.xlarge'|'c6g.2xlarge'|'c6g.4xlarge'|'c6g.8xlarge'|'c6g.12xlarge'|'c6g.16xlarge'|'c6gd.metal'|'c6gd.medium'|'c6gd.large'|'c6gd.xlarge'|'c6gd.2xlarge'|'c6gd.4xlarge'|'c6gd.8xlarge'|'c6gd.12xlarge'|'c6gd.16xlarge'|'c6gn.medium'|'c6gn.large'|'c6gn.xlarge'|'c6gn.2xlarge'|'c6gn.4xlarge'|'c6gn.8xlarge'|'c6gn.12xlarge'|'c6gn.16xlarge'|'cc1.4xlarge'|'cc2.8xlarge'|'g2.2xlarge'|'g2.8xlarge'|'g3.4xlarge'|'g3.8xlarge'|'g3.16xlarge'|'g3s.xlarge'|'g4ad.xlarge'|'g4ad.2xlarge'|'g4ad.4xlarge'|'g4ad.8xlarge'|'g4ad.16xlarge'|'g4dn.xlarge'|'g4dn.2xlarge'|'g4dn.4xlarge'|'g4dn.8xlarge'|'g4dn.12xlarge'|'g4dn.16xlarge'|'g4dn.metal'|'cg1.4xlarge'|'p2.xlarge'|'p2.8xlarge'|'p2.16xlarge'|'p3.2xlarge'|'p3.8xlarge'|'p3.16xlarge'|'p3dn.24xlarge'|'p4d.24xlarge'|'d2.xlarge'|'d2.2xlarge'|'d2.4xlarge'|'d2.8xlarge'|'d3.xlarge'|'d3.2xlarge'|'d3.4xlarge'|'d3.8xlarge'|'d3en.xlarge'|'d3en.2xlarge'|'d3en.4xlarge'|'d3en.6xlarge'|'d3en.8xlarge'|'d3en.12xlarge'|'f1.2xlarge'|'f1.4xlarge'|'f1.16xlarge'|'m5.large'|'m5.xlarge'|'m5.2xlarge'|'m5.4xlarge'|'m5.8xlarge'|'m5.12xlarge'|'m5.16xlarge'|'m5.24xlarge'|'m5.metal'|'m5a.large'|'m5a.xlarge'|'m5a.2xlarge'|'m5a.4xlarge'|'m5a.8xlarge'|'m5a.12xlarge'|'m5a.16xlarge'|'m5a.24xlarge'|'m5d.large'|'m5d.xlarge'|'m5d.2xlarge'|'m5d.4xlarge'|'m5d.8xlarge'|'m5d.12xlarge'|'m5d.16xlarge'|'m5d.24xlarge'|'m5d.metal'|'m5ad.large'|'m5ad.xlarge'|'m5ad.2xlarge'|'m5ad.4xlarge'|'m5ad.8xlarge'|'m5ad.12xlarge'|'m5ad.16xlarge'|'m5ad.24xlarge'|'m5zn.large'|'m5zn.xlarge'|'m5zn.2xlarge'|'m5zn.3xlarge'|'m5zn.6xlarge'|'m5zn.12xlarge'|'m5zn.metal'|'h1.2xlarge'|'h1.4xlarge'|'h1.8xlarge'|'h1.16xlarge'|'z1d.large'|'z1d.xlarge'|'z1d.2xlarge'|'z1d.3xlarge'|'z1d.6xlarge'|'z1d.12xlarge'|'z1d.metal'|'u-6tb1.56xlarge'|'u-6tb1.112xlarge'|'u-9tb1.112xlarge'|'u-12tb1.112xlarge'|'u-6tb1.metal'|'u-9tb1.metal'|'u-12tb1.metal'|'u-18tb1.metal'|'u-24tb1.metal'|'a1.medium'|'a1.large'|'a1.xlarge'|'a1.2xlarge'|'a1.4xlarge'|'a1.metal'|'m5dn.large'|'m5dn.xlarge'|'m5dn.2xlarge'|'m5dn.4xlarge'|'m5dn.8xlarge'|'m5dn.12xlarge'|'m5dn.16xlarge'|'m5dn.24xlarge'|'m5dn.metal'|'m5n.large'|'m5n.xlarge'|'m5n.2xlarge'|'m5n.4xlarge'|'m5n.8xlarge'|'m5n.12xlarge'|'m5n.16xlarge'|'m5n.24xlarge'|'m5n.metal'|'r5dn.large'|'r5dn.xlarge'|'r5dn.2xlarge'|'r5dn.4xlarge'|'r5dn.8xlarge'|'r5dn.12xlarge'|'r5dn.16xlarge'|'r5dn.24xlarge'|'r5dn.metal'|'r5n.large'|'r5n.xlarge'|'r5n.2xlarge'|'r5n.4xlarge'|'r5n.8xlarge'|'r5n.12xlarge'|'r5n.16xlarge'|'r5n.24xlarge'|'r5n.metal'|'inf1.xlarge'|'inf1.2xlarge'|'inf1.6xlarge'|'inf1.24xlarge'|'m6g.metal'|'m6g.medium'|'m6g.large'|'m6g.xlarge'|'m6g.2xlarge'|'m6g.4xlarge'|'m6g.8xlarge'|'m6g.12xlarge'|'m6g.16xlarge'|'m6gd.metal'|'m6gd.medium'|'m6gd.large'|'m6gd.xlarge'|'m6gd.2xlarge'|'m6gd.4xlarge'|'m6gd.8xlarge'|'m6gd.12xlarge'|'m6gd.16xlarge'|'m6i.large'|'m6i.xlarge'|'m6i.2xlarge'|'m6i.4xlarge'|'m6i.8xlarge'|'m6i.12xlarge'|'m6i.16xlarge'|'m6i.24xlarge'|'m6i.32xlarge'|'mac1.metal'|'x2gd.medium'|'x2gd.large'|'x2gd.xlarge'|'x2gd.2xlarge'|'x2gd.4xlarge'|'x2gd.8xlarge'|'x2gd.12xlarge'|'x2gd.16xlarge'|'x2gd.metal'|'vt1.3xlarge'|'vt1.6xlarge'|'vt1.24xlarge',
                    'MaxPrice': 'string',
                    'SubnetId': 'string',
                    'AvailabilityZone': 'string',
                    'WeightedCapacity': 123.0,
                    'Priority': 123.0,
                    'Placement': {
                        'GroupName': 'string'
                    }
                }
            },
            'Lifecycle': 'spot'|'on-demand',
            'InstanceIds': [
                'string',
            ],
            'InstanceType': 't1.micro'|'t2.nano'|'t2.micro'|'t2.small'|'t2.medium'|'t2.large'|'t2.xlarge'|'t2.2xlarge'|'t3.nano'|'t3.micro'|'t3.small'|'t3.medium'|'t3.large'|'t3.xlarge'|'t3.2xlarge'|'t3a.nano'|'t3a.micro'|'t3a.small'|'t3a.medium'|'t3a.large'|'t3a.xlarge'|'t3a.2xlarge'|'t4g.nano'|'t4g.micro'|'t4g.small'|'t4g.medium'|'t4g.large'|'t4g.xlarge'|'t4g.2xlarge'|'m1.small'|'m1.medium'|'m1.large'|'m1.xlarge'|'m3.medium'|'m3.large'|'m3.xlarge'|'m3.2xlarge'|'m4.large'|'m4.xlarge'|'m4.2xlarge'|'m4.4xlarge'|'m4.10xlarge'|'m4.16xlarge'|'m2.xlarge'|'m2.2xlarge'|'m2.4xlarge'|'cr1.8xlarge'|'r3.large'|'r3.xlarge'|'r3.2xlarge'|'r3.4xlarge'|'r3.8xlarge'|'r4.large'|'r4.xlarge'|'r4.2xlarge'|'r4.4xlarge'|'r4.8xlarge'|'r4.16xlarge'|'r5.large'|'r5.xlarge'|'r5.2xlarge'|'r5.4xlarge'|'r5.8xlarge'|'r5.12xlarge'|'r5.16xlarge'|'r5.24xlarge'|'r5.metal'|'r5a.large'|'r5a.xlarge'|'r5a.2xlarge'|'r5a.4xlarge'|'r5a.8xlarge'|'r5a.12xlarge'|'r5a.16xlarge'|'r5a.24xlarge'|'r5b.large'|'r5b.xlarge'|'r5b.2xlarge'|'r5b.4xlarge'|'r5b.8xlarge'|'r5b.12xlarge'|'r5b.16xlarge'|'r5b.24xlarge'|'r5b.metal'|'r5d.large'|'r5d.xlarge'|'r5d.2xlarge'|'r5d.4xlarge'|'r5d.8xlarge'|'r5d.12xlarge'|'r5d.16xlarge'|'r5d.24xlarge'|'r5d.metal'|'r5ad.large'|'r5ad.xlarge'|'r5ad.2xlarge'|'r5ad.4xlarge'|'r5ad.8xlarge'|'r5ad.12xlarge'|'r5ad.16xlarge'|'r5ad.24xlarge'|'r6g.metal'|'r6g.medium'|'r6g.large'|'r6g.xlarge'|'r6g.2xlarge'|'r6g.4xlarge'|'r6g.8xlarge'|'r6g.12xlarge'|'r6g.16xlarge'|'r6gd.metal'|'r6gd.medium'|'r6gd.large'|'r6gd.xlarge'|'r6gd.2xlarge'|'r6gd.4xlarge'|'r6gd.8xlarge'|'r6gd.12xlarge'|'r6gd.16xlarge'|'x1.16xlarge'|'x1.32xlarge'|'x1e.xlarge'|'x1e.2xlarge'|'x1e.4xlarge'|'x1e.8xlarge'|'x1e.16xlarge'|'x1e.32xlarge'|'i2.xlarge'|'i2.2xlarge'|'i2.4xlarge'|'i2.8xlarge'|'i3.large'|'i3.xlarge'|'i3.2xlarge'|'i3.4xlarge'|'i3.8xlarge'|'i3.16xlarge'|'i3.metal'|'i3en.large'|'i3en.xlarge'|'i3en.2xlarge'|'i3en.3xlarge'|'i3en.6xlarge'|'i3en.12xlarge'|'i3en.24xlarge'|'i3en.metal'|'hi1.4xlarge'|'hs1.8xlarge'|'c1.medium'|'c1.xlarge'|'c3.large'|'c3.xlarge'|'c3.2xlarge'|'c3.4xlarge'|'c3.8xlarge'|'c4.large'|'c4.xlarge'|'c4.2xlarge'|'c4.4xlarge'|'c4.8xlarge'|'c5.large'|'c5.xlarge'|'c5.2xlarge'|'c5.4xlarge'|'c5.9xlarge'|'c5.12xlarge'|'c5.18xlarge'|'c5.24xlarge'|'c5.metal'|'c5a.large'|'c5a.xlarge'|'c5a.2xlarge'|'c5a.4xlarge'|'c5a.8xlarge'|'c5a.12xlarge'|'c5a.16xlarge'|'c5a.24xlarge'|'c5ad.large'|'c5ad.xlarge'|'c5ad.2xlarge'|'c5ad.4xlarge'|'c5ad.8xlarge'|'c5ad.12xlarge'|'c5ad.16xlarge'|'c5ad.24xlarge'|'c5d.large'|'c5d.xlarge'|'c5d.2xlarge'|'c5d.4xlarge'|'c5d.9xlarge'|'c5d.12xlarge'|'c5d.18xlarge'|'c5d.24xlarge'|'c5d.metal'|'c5n.large'|'c5n.xlarge'|'c5n.2xlarge'|'c5n.4xlarge'|'c5n.9xlarge'|'c5n.18xlarge'|'c5n.metal'|'c6g.metal'|'c6g.medium'|'c6g.large'|'c6g.xlarge'|'c6g.2xlarge'|'c6g.4xlarge'|'c6g.8xlarge'|'c6g.12xlarge'|'c6g.16xlarge'|'c6gd.metal'|'c6gd.medium'|'c6gd.large'|'c6gd.xlarge'|'c6gd.2xlarge'|'c6gd.4xlarge'|'c6gd.8xlarge'|'c6gd.12xlarge'|'c6gd.16xlarge'|'c6gn.medium'|'c6gn.large'|'c6gn.xlarge'|'c6gn.2xlarge'|'c6gn.4xlarge'|'c6gn.8xlarge'|'c6gn.12xlarge'|'c6gn.16xlarge'|'cc1.4xlarge'|'cc2.8xlarge'|'g2.2xlarge'|'g2.8xlarge'|'g3.4xlarge'|'g3.8xlarge'|'g3.16xlarge'|'g3s.xlarge'|'g4ad.xlarge'|'g4ad.2xlarge'|'g4ad.4xlarge'|'g4ad.8xlarge'|'g4ad.16xlarge'|'g4dn.xlarge'|'g4dn.2xlarge'|'g4dn.4xlarge'|'g4dn.8xlarge'|'g4dn.12xlarge'|'g4dn.16xlarge'|'g4dn.metal'|'cg1.4xlarge'|'p2.xlarge'|'p2.8xlarge'|'p2.16xlarge'|'p3.2xlarge'|'p3.8xlarge'|'p3.16xlarge'|'p3dn.24xlarge'|'p4d.24xlarge'|'d2.xlarge'|'d2.2xlarge'|'d2.4xlarge'|'d2.8xlarge'|'d3.xlarge'|'d3.2xlarge'|'d3.4xlarge'|'d3.8xlarge'|'d3en.xlarge'|'d3en.2xlarge'|'d3en.4xlarge'|'d3en.6xlarge'|'d3en.8xlarge'|'d3en.12xlarge'|'f1.2xlarge'|'f1.4xlarge'|'f1.16xlarge'|'m5.large'|'m5.xlarge'|'m5.2xlarge'|'m5.4xlarge'|'m5.8xlarge'|'m5.12xlarge'|'m5.16xlarge'|'m5.24xlarge'|'m5.metal'|'m5a.large'|'m5a.xlarge'|'m5a.2xlarge'|'m5a.4xlarge'|'m5a.8xlarge'|'m5a.12xlarge'|'m5a.16xlarge'|'m5a.24xlarge'|'m5d.large'|'m5d.xlarge'|'m5d.2xlarge'|'m5d.4xlarge'|'m5d.8xlarge'|'m5d.12xlarge'|'m5d.16xlarge'|'m5d.24xlarge'|'m5d.metal'|'m5ad.large'|'m5ad.xlarge'|'m5ad.2xlarge'|'m5ad.4xlarge'|'m5ad.8xlarge'|'m5ad.12xlarge'|'m5ad.16xlarge'|'m5ad.24xlarge'|'m5zn.large'|'m5zn.xlarge'|'m5zn.2xlarge'|'m5zn.3xlarge'|'m5zn.6xlarge'|'m5zn.12xlarge'|'m5zn.metal'|'h1.2xlarge'|'h1.4xlarge'|'h1.8xlarge'|'h1.16xlarge'|'z1d.large'|'z1d.xlarge'|'z1d.2xlarge'|'z1d.3xlarge'|'z1d.6xlarge'|'z1d.12xlarge'|'z1d.metal'|'u-6tb1.56xlarge'|'u-6tb1.112xlarge'|'u-9tb1.112xlarge'|'u-12tb1.112xlarge'|'u-6tb1.metal'|'u-9tb1.metal'|'u-12tb1.metal'|'u-18tb1.metal'|'u-24tb1.metal'|'a1.medium'|'a1.large'|'a1.xlarge'|'a1.2xlarge'|'a1.4xlarge'|'a1.metal'|'m5dn.large'|'m5dn.xlarge'|'m5dn.2xlarge'|'m5dn.4xlarge'|'m5dn.8xlarge'|'m5dn.12xlarge'|'m5dn.16xlarge'|'m5dn.24xlarge'|'m5dn.metal'|'m5n.large'|'m5n.xlarge'|'m5n.2xlarge'|'m5n.4xlarge'|'m5n.8xlarge'|'m5n.12xlarge'|'m5n.16xlarge'|'m5n.24xlarge'|'m5n.metal'|'r5dn.large'|'r5dn.xlarge'|'r5dn.2xlarge'|'r5dn.4xlarge'|'r5dn.8xlarge'|'r5dn.12xlarge'|'r5dn.16xlarge'|'r5dn.24xlarge'|'r5dn.metal'|'r5n.large'|'r5n.xlarge'|'r5n.2xlarge'|'r5n.4xlarge'|'r5n.8xlarge'|'r5n.12xlarge'|'r5n.16xlarge'|'r5n.24xlarge'|'r5n.metal'|'inf1.xlarge'|'inf1.2xlarge'|'inf1.6xlarge'|'inf1.24xlarge'|'m6g.metal'|'m6g.medium'|'m6g.large'|'m6g.xlarge'|'m6g.2xlarge'|'m6g.4xlarge'|'m6g.8xlarge'|'m6g.12xlarge'|'m6g.16xlarge'|'m6gd.metal'|'m6gd.medium'|'m6gd.large'|'m6gd.xlarge'|'m6gd.2xlarge'|'m6gd.4xlarge'|'m6gd.8xlarge'|'m6gd.12xlarge'|'m6gd.16xlarge'|'m6i.large'|'m6i.xlarge'|'m6i.2xlarge'|'m6i.4xlarge'|'m6i.8xlarge'|'m6i.12xlarge'|'m6i.16xlarge'|'m6i.24xlarge'|'m6i.32xlarge'|'mac1.metal'|'x2gd.medium'|'x2gd.large'|'x2gd.xlarge'|'x2gd.2xlarge'|'x2gd.4xlarge'|'x2gd.8xlarge'|'x2gd.12xlarge'|'x2gd.16xlarge'|'x2gd.metal'|'vt1.3xlarge'|'vt1.6xlarge'|'vt1.24xlarge',
            'Platform': 'Windows'
        },
    ]
}

Response Structure

  • (dict) --

    • FleetId (string) --

      The ID of the EC2 Fleet.

    • Errors (list) --

      Information about the instances that could not be launched by the fleet. Supported only for fleets of type instant .

      • (dict) --

        Describes the instances that could not be launched by the fleet.

        • LaunchTemplateAndOverrides (dict) --

          The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template.

          • LaunchTemplateSpecification (dict) --

            The launch template.

            • LaunchTemplateId (string) --

              The ID of the launch template. If you specify the template ID, you can't specify the template name.

            • LaunchTemplateName (string) --

              The name of the launch template. If you specify the template name, you can't specify the template ID.

            • Version (string) --

              The launch template version number, $Latest , or $Default . You must specify a value, otherwise the request fails.

              If the value is $Latest , Amazon EC2 uses the latest version of the launch template.

              If the value is $Default , Amazon EC2 uses the default version of the launch template.

          • Overrides (dict) --

            Any parameters that you specify override the same parameters in the launch template.

            • InstanceType (string) --

              The instance type.

            • MaxPrice (string) --

              The maximum price per unit hour that you are willing to pay for a Spot Instance.

            • SubnetId (string) --

              The ID of the subnet in which to launch the instances.

            • AvailabilityZone (string) --

              The Availability Zone in which to launch the instances.

            • WeightedCapacity (float) --

              The number of units provided by the specified instance type.

            • Priority (float) --

              The priority for the launch template override. The highest priority is launched first.

              If the On-Demand AllocationStrategy is set to prioritized , EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

              If the Spot AllocationStrategy is set to capacity-optimized-prioritized , EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

              Valid values are whole numbers starting at 0 . The lower the number, the higher the priority. If no number is set, the override has the lowest priority. You can set the same priority for different launch template overrides.

            • Placement (dict) --

              The location where the instance launched, if applicable.

              • GroupName (string) --

                The name of the placement group that the instance is in.

        • Lifecycle (string) --

          Indicates if the instance that could not be launched was a Spot Instance or On-Demand Instance.

        • ErrorCode (string) --

          The error code that indicates why the instance could not be launched. For more information about error codes, see Error Codes .

        • ErrorMessage (string) --

          The error message that describes why the instance could not be launched. For more information about error messages, see Error Codes .

    • Instances (list) --

      Information about the instances that were launched by the fleet. Supported only for fleets of type instant .

      • (dict) --

        Describes the instances that were launched by the fleet.

        • LaunchTemplateAndOverrides (dict) --

          The launch templates and overrides that were used for launching the instances. The values that you specify in the Overrides replace the values in the launch template.

          • LaunchTemplateSpecification (dict) --

            The launch template.

            • LaunchTemplateId (string) --

              The ID of the launch template. If you specify the template ID, you can't specify the template name.

            • LaunchTemplateName (string) --

              The name of the launch template. If you specify the template name, you can't specify the template ID.

            • Version (string) --

              The launch template version number, $Latest , or $Default . You must specify a value, otherwise the request fails.

              If the value is $Latest , Amazon EC2 uses the latest version of the launch template.

              If the value is $Default , Amazon EC2 uses the default version of the launch template.

          • Overrides (dict) --

            Any parameters that you specify override the same parameters in the launch template.

            • InstanceType (string) --

              The instance type.

            • MaxPrice (string) --

              The maximum price per unit hour that you are willing to pay for a Spot Instance.

            • SubnetId (string) --

              The ID of the subnet in which to launch the instances.

            • AvailabilityZone (string) --

              The Availability Zone in which to launch the instances.

            • WeightedCapacity (float) --

              The number of units provided by the specified instance type.

            • Priority (float) --

              The priority for the launch template override. The highest priority is launched first.

              If the On-Demand AllocationStrategy is set to prioritized , EC2 Fleet uses priority to determine which launch template override to use first in fulfilling On-Demand capacity.

              If the Spot AllocationStrategy is set to capacity-optimized-prioritized , EC2 Fleet uses priority on a best-effort basis to determine which launch template override to use in fulfilling Spot capacity, but optimizes for capacity first.

              Valid values are whole numbers starting at 0 . The lower the number, the higher the priority. If no number is set, the override has the lowest priority. You can set the same priority for different launch template overrides.

            • Placement (dict) --

              The location where the instance launched, if applicable.

              • GroupName (string) --

                The name of the placement group that the instance is in.

        • Lifecycle (string) --

          Indicates if the instance that was launched is a Spot Instance or On-Demand Instance.

        • InstanceIds (list) --

          The IDs of the instances.

          • (string) --
        • InstanceType (string) --

          The instance type.

        • Platform (string) --

          The value is Windows for Windows instances. Otherwise, the value is blank.

create_flow_logs(**kwargs)

Creates one or more flow logs to capture information about IP traffic for a specific network interface, subnet, or VPC.

Flow log data for a monitored network interface is recorded as flow log records, which are log events consisting of fields that describe the traffic flow. For more information, see Flow log records in the Amazon Virtual Private Cloud User Guide .

When publishing to CloudWatch Logs, flow log records are published to a log group, and each network interface has a unique log stream in the log group. When publishing to Amazon S3, flow log records for all of the monitored network interfaces are published to a single log file object that is stored in the specified bucket.

For more information, see VPC Flow Logs in the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_flow_logs(
    DryRun=True|False,
    ClientToken='string',
    DeliverLogsPermissionArn='string',
    LogGroupName='string',
    ResourceIds=[
        'string',
    ],
    ResourceType='VPC'|'Subnet'|'NetworkInterface',
    TrafficType='ACCEPT'|'REJECT'|'ALL',
    LogDestinationType='cloud-watch-logs'|'s3',
    LogDestination='string',
    LogFormat='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    MaxAggregationInterval=123
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • ClientToken (string) -- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see How to ensure idempotency .
  • DeliverLogsPermissionArn (string) --

    The ARN for the IAM role that permits Amazon EC2 to publish flow logs to a CloudWatch Logs log group in your account.

    If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

  • LogGroupName (string) --

    The name of a new or existing CloudWatch Logs log group where Amazon EC2 publishes your flow logs.

    If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

  • ResourceIds (list) --

    [REQUIRED]

    The ID of the subnet, network interface, or VPC for which you want to create a flow log.

    Constraints: Maximum of 1000 resources

    • (string) --
  • ResourceType (string) --

    [REQUIRED]

    The type of resource for which to create the flow log. For example, if you specified a VPC ID for the ResourceId property, specify VPC for this property.

  • TrafficType (string) --

    [REQUIRED]

    The type of traffic to log. You can log traffic that the resource accepts or rejects, or all traffic.

  • LogDestinationType (string) --

    Specifies the type of destination to which the flow log data is to be published. Flow log data can be published to CloudWatch Logs or Amazon S3. To publish flow log data to CloudWatch Logs, specify cloud-watch-logs . To publish flow log data to Amazon S3, specify s3 .

    If you specify LogDestinationType as s3 , do not specify DeliverLogsPermissionArn or LogGroupName .

    Default: cloud-watch-logs

  • LogDestination (string) --

    Specifies the destination to which the flow log data is to be published. Flow log data can be published to a CloudWatch Logs log group or an Amazon S3 bucket. The value specified for this parameter depends on the value specified for LogDestinationType .

    If LogDestinationType is not specified or cloud-watch-logs , specify the Amazon Resource Name (ARN) of the CloudWatch Logs log group. For example, to publish to a log group called my-logs , specify arn:aws:logs:us-east-1:123456789012:log-group:my-logs . Alternatively, use LogGroupName instead.

    If LogDestinationType is s3 , specify the ARN of the Amazon S3 bucket. You can also specify a subfolder in the bucket. To specify a subfolder in the bucket, use the following ARN format: bucket_ARN/subfolder_name/ . For example, to specify a subfolder named my-logs in a bucket named my-bucket , use the following ARN: arn:aws:s3:::my-bucket/my-logs/ . You cannot use AWSLogs as a subfolder name. This is a reserved term.

  • LogFormat (string) --

    The fields to include in the flow log record, in the order in which they should appear. For a list of available fields, see Flow log records . If you omit this parameter, the flow log is created using the default format. If you specify this parameter, you must specify at least one field.

    Specify the fields using the ${field-id} format, separated by spaces. For the CLI, use single quotation marks (' ') to surround the parameter value.

  • TagSpecifications (list) --

    The tags to apply to the flow logs.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • MaxAggregationInterval (integer) --

    The maximum interval of time during which a flow of packets is captured and aggregated into a flow log record. You can specify 60 seconds (1 minute) or 600 seconds (10 minutes).

    When a network interface is attached to a Nitro-based instance , the aggregation interval is always 60 seconds or less, regardless of the value that you specify.

    Default: 600

Return type

dict

Returns

Response Syntax

{
    'ClientToken': 'string',
    'FlowLogIds': [
        'string',
    ],
    'Unsuccessful': [
        {
            'Error': {
                'Code': 'string',
                'Message': 'string'
            },
            'ResourceId': 'string'
        },
    ]
}

Response Structure

  • (dict) --

    • ClientToken (string) --

      Unique, case-sensitive identifier that you provide to ensure the idempotency of the request.

    • FlowLogIds (list) --

      The IDs of the flow logs.

      • (string) --
    • Unsuccessful (list) --

      Information about the flow logs that could not be created successfully.

      • (dict) --

        Information about items that were not successfully processed in a batch call.

        • Error (dict) --

          Information about the error.

          • Code (string) --

            The error code.

          • Message (string) --

            The error message accompanying the error code.

        • ResourceId (string) --

          The ID of the resource.

create_fpga_image(**kwargs)

Creates an Amazon FPGA Image (AFI) from the specified design checkpoint (DCP).

The create operation is asynchronous. To verify that the AFI is ready for use, check the output logs.

An AFI contains the FPGA bitstream that is ready to download to an FPGA. You can securely deploy an AFI on multiple FPGA-accelerated instances. For more information, see the AWS FPGA Hardware Development Kit .

See also: AWS API Documentation

Request Syntax

response = client.create_fpga_image(
    DryRun=True|False,
    InputStorageLocation={
        'Bucket': 'string',
        'Key': 'string'
    },
    LogsStorageLocation={
        'Bucket': 'string',
        'Key': 'string'
    },
    Description='string',
    Name='string',
    ClientToken='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • InputStorageLocation (dict) --

    [REQUIRED]

    The location of the encrypted design checkpoint in Amazon S3. The input must be a tarball.

    • Bucket (string) --

      The name of the S3 bucket.

    • Key (string) --

      The key.

  • LogsStorageLocation (dict) --

    The location in Amazon S3 for the output logs.

    • Bucket (string) --

      The name of the S3 bucket.

    • Key (string) --

      The key.

  • Description (string) -- A description for the AFI.
  • Name (string) -- A name for the AFI.
  • ClientToken (string) -- Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see Ensuring Idempotency .
  • TagSpecifications (list) --

    The tags to apply to the FPGA image during creation.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Return type

dict

Returns

Response Syntax

{
    'FpgaImageId': 'string',
    'FpgaImageGlobalId': 'string'
}

Response Structure

  • (dict) --

    • FpgaImageId (string) --

      The FPGA image identifier (AFI ID).

    • FpgaImageGlobalId (string) --

      The global FPGA image identifier (AGFI ID).

create_image(**kwargs)

Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or stopped.

If you customized your instance with instance store volumes or Amazon EBS volumes in addition to the root device volume, the new AMI contains block device mapping information for those volumes. When you launch an instance from this new AMI, the instance automatically launches with those additional volumes.

For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_image(
    BlockDeviceMappings=[
        {
            'DeviceName': 'string',
            'VirtualName': 'string',
            'Ebs': {
                'DeleteOnTermination': True|False,
                'Iops': 123,
                'SnapshotId': 'string',
                'VolumeSize': 123,
                'VolumeType': 'standard'|'io1'|'io2'|'gp2'|'sc1'|'st1'|'gp3',
                'KmsKeyId': 'string',
                'Throughput': 123,
                'OutpostArn': 'string',
                'Encrypted': True|False
            },
            'NoDevice': 'string'
        },
    ],
    Description='string',
    DryRun=True|False,
    InstanceId='string',
    Name='string',
    NoReboot=True|False,
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)
Parameters
  • BlockDeviceMappings (list) --

    The block device mappings. This parameter cannot be used to modify the encryption status of existing volumes or snapshots. To create an AMI with encrypted snapshots, use the CopyImage action.

    • (dict) --

      Describes a block device mapping, which defines the EBS volumes and instance store volumes to attach to an instance at launch.

      • DeviceName (string) --

        The device name (for example, /dev/sdh or xvdh ).

      • VirtualName (string) --

        The virtual device name (ephemeral N). Instance store volumes are numbered starting from 0. An instance type with 2 available instance store volumes can specify mappings for ephemeral0 and ephemeral1 . The number of available instance store volumes depends on the instance type. After you connect to the instance, you must mount the volume.

        NVMe instance store volumes are automatically enumerated and assigned a device name. Including them in your block device mapping has no effect.

        Constraints: For M3 instances, you must specify instance store volumes in the block device mapping for the instance. When you launch an M3 instance, we ignore any instance store volumes specified in the block device mapping for the AMI.

      • Ebs (dict) --

        Parameters used to automatically set up EBS volumes when the instance is launched.

        • DeleteOnTermination (boolean) --

          Indicates whether the EBS volume is deleted on instance termination. For more information, see Preserving Amazon EBS volumes on instance termination in the Amazon EC2 User Guide .

        • Iops (integer) --

          The number of I/O operations per second (IOPS). For gp3 , io1 , and io2 volumes, this represents the number of IOPS that are provisioned for the volume. For gp2 volumes, this represents the baseline performance of the volume and the rate at which the volume accumulates I/O credits for bursting.

          The following are the supported values for each volume type:

          • gp3 : 3,000-16,000 IOPS
          • io1 : 100-64,000 IOPS
          • io2 : 100-64,000 IOPS

          For io1 and io2 volumes, we guarantee 64,000 IOPS only for Instances built on the Nitro System . Other instance families guarantee performance up to 32,000 IOPS.

          This parameter is required for io1 and io2 volumes. The default for gp3 volumes is 3,000 IOPS. This parameter is not supported for gp2 , st1 , sc1 , or standard volumes.

        • SnapshotId (string) --

          The ID of the snapshot.

        • VolumeSize (integer) --

          The size of the volume, in GiBs. You must specify either a snapshot ID or a volume size. If you specify a snapshot, the default is the snapshot size. You can specify a volume size that is equal to or larger than the snapshot size.

          The following are the supported volumes sizes for each volume type:

          • gp2 and gp3 :1-16,384
          • io1 and io2 : 4-16,384
          • st1 and sc1 : 125-16,384
          • standard : 1-1,024
        • VolumeType (string) --

          The volume type. For more information, see Amazon EBS volume types in the Amazon EC2 User Guide . If the volume type is io1 or io2 , you must specify the IOPS that the volume supports.

        • KmsKeyId (string) --

          Identifier (key ID, key alias, ID ARN, or alias ARN) for a customer managed CMK under which the EBS volume is encrypted.

          This parameter is only supported on BlockDeviceMapping objects called by RunInstances , RequestSpotFleet , and RequestSpotInstances .

        • Throughput (integer) --

          The throughput that the volume supports, in MiB/s.

          This parameter is valid only for gp3 volumes.

          Valid Range: Minimum value of 125. Maximum value of 1000.

        • OutpostArn (string) --

          The ARN of the Outpost on which the snapshot is stored.

        • Encrypted (boolean) --

          Indicates whether the encryption state of an EBS volume is changed while being restored from a backing snapshot. The effect of setting the encryption state to true depends on the volume origin (new or from a snapshot), starting encryption state, ownership, and whether encryption by default is enabled. For more information, see Amazon EBS encryption in the Amazon EC2 User Guide .

          In no case can you remove encryption from an encrypted volume.

          Encrypted volumes can only be attached to instances that support Amazon EBS encryption. For more information, see Supported instance types .

          This parameter is not returned by .

      • NoDevice (string) --

        To omit the device from the block device mapping, specify an empty string. When this property is specified, the device is removed from the block device mapping regardless of the assigned value.

  • Description (string) -- A description for the new image.
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • InstanceId (string) --

    [REQUIRED]

    The ID of the instance.

  • Name (string) --

    [REQUIRED]

    A name for the new image.

    Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces ( ), periods (.), slashes (/), dashes (-), single quotes ('), at-signs (@), or underscores(_)

  • NoReboot (boolean) -- By default, Amazon EC2 attempts to shut down and reboot the instance before creating the image. If the No Reboot option is set, Amazon EC2 doesn't shut down the instance before creating the image. Without a reboot, the AMI will be crash consistent (all the volumes are snapshotted at the same time), but not application consistent (all the operating system buffers are not flushed to disk before the snapshots are created).
  • TagSpecifications (list) --

    The tags to apply to the AMI and snapshots on creation. You can tag the AMI, the snapshots, or both.

    • To tag the AMI, the value for ResourceType must be image .
    • To tag the snapshots that are created of the root volume and of other Amazon EBS volumes that are attached to the instance, the value for ResourceType must be snapshot . The same tag is applied to all of the snapshots that are created.

    If you specify other values for ResourceType , the request fails.

    To tag an AMI or snapshot after it has been created, see CreateTags .

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Return type

dict

Returns

Response Syntax

{
    'ImageId': 'string'
}

Response Structure

  • (dict) --

    • ImageId (string) --

      The ID of the new AMI.

Examples

This example creates an AMI from the specified instance and adds an EBS volume with the device name /dev/sdh and an instance store volume with the device name /dev/sdc.

response = client.create_image(
    BlockDeviceMappings=[
        {
            'DeviceName': '/dev/sdh',
            'Ebs': {
                'VolumeSize': '100',
            },
        },
        {
            'DeviceName': '/dev/sdc',
            'VirtualName': 'ephemeral1',
        },
    ],
    Description='An AMI for my server',
    InstanceId='i-1234567890abcdef0',
    Name='My server',
    NoReboot=True,
)

print(response)

Expected Output:

{
    'ImageId': 'ami-1a2b3c4d',
    'ResponseMetadata': {
        '...': '...',
    },
}
create_instance_event_window(**kwargs)

Creates an event window in which scheduled events for the associated Amazon EC2 instances can run.

You can define either a set of time ranges or a cron expression when creating the event window, but not both. All event window times are in UTC.

You can create up to 200 event windows per Amazon Web Services Region.

When you create the event window, targets (instance IDs, Dedicated Host IDs, or tags) are not yet associated with it. To ensure that the event window can be used, you must associate one or more targets with it by using the AssociateInstanceEventWindow API.

Warning

Event windows are applicable only for scheduled events that stop, reboot, or terminate instances.

Event windows are not applicable for:

  • Expedited scheduled events and network maintenance events.
  • Unscheduled maintenance such as AutoRecovery and unplanned reboots.

For more information, see Define event windows for scheduled events in the Amazon EC2 User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_instance_event_window(
    DryRun=True|False,
    Name='string',
    TimeRanges=[
        {
            'StartWeekDay': 'sunday'|'monday'|'tuesday'|'wednesday'|'thursday'|'friday'|'saturday',
            'StartHour': 123,
            'EndWeekDay': 'sunday'|'monday'|'tuesday'|'wednesday'|'thursday'|'friday'|'saturday',
            'EndHour': 123
        },
    ],
    CronExpression='string',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)
Parameters
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • Name (string) -- The name of the event window.
  • TimeRanges (list) --

    The time range for the event window. If you specify a time range, you can't specify a cron expression.

    • (dict) --

      The start day and time and the end day and time of the time range, in UTC.

      • StartWeekDay (string) --

        The day on which the time range begins.

      • StartHour (integer) --

        The hour when the time range begins.

      • EndWeekDay (string) --

        The day on which the time range ends.

      • EndHour (integer) --

        The hour when the time range ends.

  • CronExpression (string) --

    The cron expression for the event window, for example, * 0-4,20-23 * * 1,5 . If you specify a cron expression, you can't specify a time range.

    Constraints:

    • Only hour and day of the week values are supported.
    • For day of the week values, you can specify either integers 0 through 6 , or alternative single values SUN through SAT .
    • The minute, month, and year must be specified by * .
    • The hour value must be one or a multiple range, for example, 0-4 or 0-4,20-23 .
    • Each hour range must be >= 2 hours, for example, 0-2 or 20-23 .
    • The event window must be >= 4 hours. The combined total time ranges in the event window must be >= 4 hours.

    For more information about cron expressions, see cron on the Wikipedia website .

  • TagSpecifications (list) --

    The tags to apply to the event window.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Return type

dict

Returns

Response Syntax

{
    'InstanceEventWindow': {
        'InstanceEventWindowId': 'string',
        'TimeRanges': [
            {
                'StartWeekDay': 'sunday'|'monday'|'tuesday'|'wednesday'|'thursday'|'friday'|'saturday',
                'StartHour': 123,
                'EndWeekDay': 'sunday'|'monday'|'tuesday'|'wednesday'|'thursday'|'friday'|'saturday',
                'EndHour': 123
            },
        ],
        'Name': 'string',
        'CronExpression': 'string',
        'AssociationTarget': {
            'InstanceIds': [
                'string',
            ],
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'DedicatedHostIds': [
                'string',
            ]
        },
        'State': 'creating'|'deleting'|'active'|'deleted',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • InstanceEventWindow (dict) --

      Information about the event window.

      • InstanceEventWindowId (string) --

        The ID of the event window.

      • TimeRanges (list) --

        One or more time ranges defined for the event window.

        • (dict) --

          The start day and time and the end day and time of the time range, in UTC.

          • StartWeekDay (string) --

            The day on which the time range begins.

          • StartHour (integer) --

            The hour when the time range begins.

          • EndWeekDay (string) --

            The day on which the time range ends.

          • EndHour (integer) --

            The hour when the time range ends.

      • Name (string) --

        The name of the event window.

      • CronExpression (string) --

        The cron expression defined for the event window.

      • AssociationTarget (dict) --

        One or more targets associated with the event window.

        • InstanceIds (list) --

          The IDs of the instances associated with the event window.

          • (string) --
        • Tags (list) --

          The instance tags associated with the event window. Any instances associated with the tags will be associated with the event window.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

        • DedicatedHostIds (list) --

          The IDs of the Dedicated Hosts associated with the event window.

          • (string) --
      • State (string) --

        The current state of the event window.

      • Tags (list) --

        The instance tags associated with the event window.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

create_instance_export_task(**kwargs)

Exports a running or stopped instance to an Amazon S3 bucket.

For information about the supported operating systems, image formats, and known limitations for the types of instances you can export, see Exporting an instance as a VM Using VM Import/Export in the VM Import/Export User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_instance_export_task(
    Description='string',
    ExportToS3Task={
        'ContainerFormat': 'ova',
        'DiskImageFormat': 'VMDK'|'RAW'|'VHD',
        'S3Bucket': 'string',
        'S3Prefix': 'string'
    },
    InstanceId='string',
    TargetEnvironment='citrix'|'vmware'|'microsoft',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ]
)
Parameters
  • Description (string) -- A description for the conversion task or the resource being exported. The maximum length is 255 characters.
  • ExportToS3Task (dict) --

    [REQUIRED]

    The format and location for an export instance task.

    • ContainerFormat (string) --

      The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.

    • DiskImageFormat (string) --

      The format for the exported image.

    • S3Bucket (string) --

      The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com .

    • S3Prefix (string) --

      The image is written to a single object in the Amazon S3 bucket at the S3 key s3prefix + exportTaskId + '.' + diskImageFormat.

  • InstanceId (string) --

    [REQUIRED]

    The ID of the instance.

  • TargetEnvironment (string) --

    [REQUIRED]

    The target virtualization environment.

  • TagSpecifications (list) --

    The tags to apply to the export instance task during creation.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Return type

dict

Returns

Response Syntax

{
    'ExportTask': {
        'Description': 'string',
        'ExportTaskId': 'string',
        'ExportToS3Task': {
            'ContainerFormat': 'ova',
            'DiskImageFormat': 'VMDK'|'RAW'|'VHD',
            'S3Bucket': 'string',
            'S3Key': 'string'
        },
        'InstanceExportDetails': {
            'InstanceId': 'string',
            'TargetEnvironment': 'citrix'|'vmware'|'microsoft'
        },
        'State': 'active'|'cancelling'|'cancelled'|'completed',
        'StatusMessage': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • ExportTask (dict) --

      Information about the export instance task.

      • Description (string) --

        A description of the resource being exported.

      • ExportTaskId (string) --

        The ID of the export task.

      • ExportToS3Task (dict) --

        Information about the export task.

        • ContainerFormat (string) --

          The container format used to combine disk images with metadata (such as OVF). If absent, only the disk image is exported.

        • DiskImageFormat (string) --

          The format for the exported image.

        • S3Bucket (string) --

          The Amazon S3 bucket for the destination image. The destination bucket must exist and grant WRITE and READ_ACP permissions to the Amazon Web Services account vm-import-export@amazon.com .

        • S3Key (string) --

          The encryption key for your S3 bucket.

      • InstanceExportDetails (dict) --

        Information about the instance to export.

        • InstanceId (string) --

          The ID of the resource being exported.

        • TargetEnvironment (string) --

          The target virtualization environment.

      • State (string) --

        The state of the export task.

      • StatusMessage (string) --

        The status message related to the export task.

      • Tags (list) --

        The tags for the export task.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

create_internet_gateway(**kwargs)

Creates an internet gateway for use with a VPC. After creating the internet gateway, you attach it to a VPC using AttachInternetGateway .

For more information about your VPC and internet gateway, see the Amazon Virtual Private Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_internet_gateway(
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-route-table'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-service'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ]
        },
    ],
    DryRun=True|False
)
Parameters
  • TagSpecifications (list) --

    The tags to assign to the internet gateway.

    • (dict) --

      The tags to apply to a resource when the resource is being created.

      • ResourceType (string) --

        The type of resource to tag on creation. The possible values are: capacity-reservation | carrier-gateway | client-vpn-endpoint | customer-gateway | dedicated-host | dhcp-options | egress-only-internet-gateway | elastic-gpu | elastic-ip | export-image-task | export-instance-task | fleet | fpga-image | host-reservation | image | import-image-task | import-snapshot-task | instance | instance-event-window | internet-gateway | ipv4pool-ec2 | ipv6pool-ec2 | key-pair | launch-template | local-gateway-route-table-vpc-association | natgateway | network-acl | network-insights-analysis | network-insights-path | network-interface | placement-group | prefix-list | reserved-instances | route-table | security-group | security-group-rule | snapshot | spot-fleet-request | spot-instances-request | subnet | traffic-mirror-filter | traffic-mirror-session | traffic-mirror-target | transit-gateway | transit-gateway-attachment | transit-gateway-multicast-domain | transit-gateway-route-table | volume | vpc | vpc-endpoint | vpc-endpoint-service | vpc-flow-log | vpc-peering-connection | vpn-connection | vpn-gateway .

        To tag a resource after it has been created, see CreateTags .

      • Tags (list) --

        The tags to apply to the resource.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
Return type

dict

Returns

Response Syntax

{
    'InternetGateway': {
        'Attachments': [
            {
                'State': 'attaching'|'attached'|'detaching'|'detached',
                'VpcId': 'string'
            },
        ],
        'InternetGatewayId': 'string',
        'OwnerId': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    }
}

Response Structure

  • (dict) --

    • InternetGateway (dict) --

      Information about the internet gateway.

      • Attachments (list) --

        Any VPCs attached to the internet gateway.

        • (dict) --

          Describes the attachment of a VPC to an internet gateway or an egress-only internet gateway.

          • State (string) --

            The current state of the attachment. For an internet gateway, the state is available when attached to a VPC; otherwise, this value is not returned.

          • VpcId (string) --

            The ID of the VPC.

      • InternetGatewayId (string) --

        The ID of the internet gateway.

      • OwnerId (string) --

        The ID of the Amazon Web Services account that owns the internet gateway.

      • Tags (list) --

        Any tags assigned to the internet gateway.

        • (dict) --

          Describes a tag.

          • Key (string) --

            The key of the tag.

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

          • Value (string) --

            The value of the tag.

            Constraints: Tag values are case-sensitive and accept a maximum of 255 Unicode characters.

Examples

This example creates an Internet gateway.

response = client.create_internet_gateway(
)

print(response)

Expected Output:

{
    'InternetGateway': {
        'Attachments': [
        ],
        'InternetGatewayId': 'igw-c0a643a9',
        'Tags': [
        ],
    },
    'ResponseMetadata': {
        '...': '...',
    },
}
create_key_pair(**kwargs)

Creates an ED25519 or 2048-bit RSA key pair with the specified name. Amazon EC2 stores the public key and displays the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded PKCS#1 private key. If a key with the specified name already exists, Amazon EC2 returns an error.

The key pair returned to you is available only in the Amazon Web Services Region in which you create it. If you prefer, you can create your own key pair using a third-party tool and upload it to any Region using ImportKeyPair .

You can have up to 5,000 key pairs per Amazon Web Services Region.

For more information, see Amazon EC2 key pairs in the Amazon Elastic Compute Cloud User Guide .

See also: AWS API Documentation

Request Syntax

response = client.create_key_pair(
    KeyName='string',
    DryRun=True|False,
    KeyType='rsa'|'ed25519',
    TagSpecifications=[
        {
            'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'