Disassociates an Amazon Virtual Private Cloud (Amazon VPC) from an Amazon Route 53 private hosted zone. Note the following:

  • You can't disassociate the last Amazon VPC from a private hosted zone.
  • You can't convert a private hosted zone into a public hosted zone.
  • You can submit a DisassociateVPCFromHostedZone request using either the account that created the hosted zone or the account that created the Amazon VPC.
  • Some services, such as Cloud Map and Amazon Elastic File System (Amazon EFS) automatically create hosted zones and associate VPCs with the hosted zones. A service can create a hosted zone using your account or using its own account. You can disassociate a VPC from a hosted zone only if the service created the hosted zone using your account. When you run DisassociateVPCFromHostedZone, if the hosted zone has a value for OwningAccount , you can use DisassociateVPCFromHostedZone . If the hosted zone has a value for OwningService , you can't use DisassociateVPCFromHostedZone .


When revoking access, the hosted zone and the Amazon VPC must belong to the same partition. A partition is a group of Amazon Web Services Regions. Each Amazon Web Services account is scoped to one partition.

The following are the supported partitions:

  • aws - Amazon Web Services Regions
  • aws-cn - China Regions
  • aws-us-gov - Amazon Web Services GovCloud (US) Region

For more information, see Access Management in the Amazon Web Services General Reference .

See also: AWS API Documentation

Request Syntax

response = client.disassociate_vpc_from_hosted_zone(
        'VPCRegion': 'us-east-1'|'us-east-2'|'us-west-1'|'us-west-2'|'eu-west-1'|'eu-west-2'|'eu-west-3'|'eu-central-1'|'eu-central-2'|'ap-east-1'|'me-south-1'|'us-gov-west-1'|'us-gov-east-1'|'us-iso-east-1'|'us-iso-west-1'|'us-isob-east-1'|'me-central-1'|'ap-southeast-1'|'ap-southeast-2'|'ap-southeast-3'|'ap-south-1'|'ap-south-2'|'ap-northeast-1'|'ap-northeast-2'|'ap-northeast-3'|'eu-north-1'|'sa-east-1'|'ca-central-1'|'cn-north-1'|'af-south-1'|'eu-south-1'|'eu-south-2'|'ap-southeast-4',
        'VPCId': 'string'
  • HostedZoneId (string) --


    The ID of the private hosted zone that you want to disassociate a VPC from.

  • VPC (dict) --


    A complex type that contains information about the VPC that you're disassociating from the specified hosted zone.

    • VPCRegion (string) --

      (Private hosted zones only) The region that an Amazon VPC was created in.

    • VPCId (string) --

      (Private hosted zones only) The ID of an Amazon VPC.

  • Comment (string) -- Optional: A comment about the disassociation request.
Return type



Response Syntax

    'ChangeInfo': {
        'Id': 'string',
        'Status': 'PENDING'|'INSYNC',
        'SubmittedAt': datetime(2015, 1, 1),
        'Comment': 'string'

Response Structure

  • (dict) --

    A complex type that contains the response information for the disassociate request.

    • ChangeInfo (dict) --

      A complex type that describes the changes made to the specified private hosted zone.

      • Id (string) --

        This element contains an ID that you use when performing a GetChange action to get detailed information about the change.

      • Status (string) --

        The current state of the request. PENDING indicates that this request has not yet been applied to all Amazon Route 53 DNS servers.

      • SubmittedAt (datetime) --

        The date and time that the change request was submitted in ISO 8601 format and Coordinated Universal Time (UTC). For example, the value 2017-03-27T17:48:16.751Z represents March 27, 2017 at 17:48:16.751 UTC.

      • Comment (string) --

        A comment you can provide.


  • Route53.Client.exceptions.NoSuchHostedZone
  • Route53.Client.exceptions.InvalidVPCId
  • Route53.Client.exceptions.VPCAssociationNotFound
  • Route53.Client.exceptions.LastVPCAssociation
  • Route53.Client.exceptions.InvalidInput