GlobalAccelerator / Client / update_cross_account_attachment

update_cross_account_attachment#

GlobalAccelerator.Client.update_cross_account_attachment(**kwargs)#

Update a cross-account attachment to add or remove principals or resources. When you update an attachment to remove a principal (account ID or accelerator) or a resource, Global Accelerator revokes the permission for specific resources by doing the following:

  • If the principal is an account ID, Global Accelerator reviews every accelerator in the account and removes cross-account endpoints from all accelerators.

  • If the principal is an accelerator, Global Accelerator reviews just that accelerator and removes cross-account endpoints from it.

If there are overlapping permissions provided by multiple cross-account attachments, Global Accelerator only removes endpoints if there are no current cross-account attachments that provide access permission. For example, if you delete a cross-account attachment that lists an accelerator as a principal, but another cross-account attachment includes the account ID that owns that accelerator, endpoints will not be removed from the accelerator.

See also: AWS API Documentation

Request Syntax

response = client.update_cross_account_attachment(
    AttachmentArn='string',
    Name='string',
    AddPrincipals=[
        'string',
    ],
    RemovePrincipals=[
        'string',
    ],
    AddResources=[
        {
            'EndpointId': 'string',
            'Region': 'string'
        },
    ],
    RemoveResources=[
        {
            'EndpointId': 'string',
            'Region': 'string'
        },
    ]
)
Parameters:

  • AttachmentArn (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of the cross-account attachment to update.

  • Name (string) – The name of the cross-account attachment.

  • AddPrincipals (list) –

    The principals to add to the cross-account attachment. A principal is an account or the Amazon Resource Name (ARN) of an accelerator that the attachment gives permission to add the resources from another account, listed in the attachment.

    To add more than one principal, separate the account numbers or accelerator ARNs, or both, with commas.

    • (string) –

  • RemovePrincipals (list) –

    The principals to remove from the cross-account attachment. A principal is an account or the Amazon Resource Name (ARN) of an accelerator that is given permission to add the resources from another account, listed in the cross-account attachment.

    To remove more than one principal, separate the account numbers or accelerator ARNs, or both, with commas.

    • (string) –

  • AddResources (list) –

    The resources to add to the cross-account attachment. A resource listed in a cross-account attachment can be added to an accelerator by the principals that are listed in the attachment.

    To add more than one resource, separate the resource ARNs with commas.

    • (dict) –

      An Amazon Web Services resource that is supported by Global Accelerator and can be added as an endpoint for an accelerator.

      • EndpointId (string) – [REQUIRED]

        The endpoint ID for the endpoint (Amazon Web Services resource).

      • Region (string) –

        The Amazon Web Services Region where a resource is located.

  • RemoveResources (list) –

    The resources to remove from the cross-account attachment. A resource listed in a cross-account attachment can be added to an accelerator fy principals that are listed in the cross-account attachment.

    To remove more than one resource, separate the resource ARNs with commas.

    • (dict) –

      An Amazon Web Services resource that is supported by Global Accelerator and can be added as an endpoint for an accelerator.

      • EndpointId (string) – [REQUIRED]

        The endpoint ID for the endpoint (Amazon Web Services resource).

      • Region (string) –

        The Amazon Web Services Region where a resource is located.

Return type:

dict

Returns:

Response Syntax

{
    'CrossAccountAttachment': {
        'AttachmentArn': 'string',
        'Name': 'string',
        'Principals': [
            'string',
        ],
        'Resources': [
            {
                'EndpointId': 'string',
                'Region': 'string'
            },
        ],
        'LastModifiedTime': datetime(2015, 1, 1),
        'CreatedTime': datetime(2015, 1, 1)
    }
}

Response Structure

  • (dict) –

    • CrossAccountAttachment (dict) –

      Information about the updated cross-account attachment.

      • AttachmentArn (string) –

        The Amazon Resource Name (ARN) of the cross-account attachment.

      • Name (string) –

        The name of the cross-account attachment.

      • Principals (list) –

        The principals included in the cross-account attachment.

        • (string) –

      • Resources (list) –

        The resources included in the cross-account attachment.

        • (dict) –

          An Amazon Web Services resource that is supported by Global Accelerator and can be added as an endpoint for an accelerator.

          • EndpointId (string) –

            The endpoint ID for the endpoint (Amazon Web Services resource).

          • Region (string) –

            The Amazon Web Services Region where a resource is located.

      • LastModifiedTime (datetime) –

        The date and time that the cross-account attachment was last modified.

      • CreatedTime (datetime) –

        The date and time that the cross-account attachment was created.

Exceptions

  • GlobalAccelerator.Client.exceptions.AttachmentNotFoundException

  • GlobalAccelerator.Client.exceptions.AccessDeniedException

  • GlobalAccelerator.Client.exceptions.InternalServiceErrorException

  • GlobalAccelerator.Client.exceptions.InvalidArgumentException

  • GlobalAccelerator.Client.exceptions.LimitExceededException

  • GlobalAccelerator.Client.exceptions.TransactionInProgressException