EC2 / Client / modify_vpc_block_public_access_options

modify_vpc_block_public_access_options#

EC2.Client.modify_vpc_block_public_access_options(**kwargs)#

Modify VPC Block Public Access (BPA) options. VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.

See also: AWS API Documentation

Request Syntax

response = client.modify_vpc_block_public_access_options(
    DryRun=True|False,
    InternetGatewayBlockMode='off'|'block-bidirectional'|'block-ingress'
)
Parameters:

  • DryRun (boolean) – Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.

  • InternetGatewayBlockMode (string) –

    [REQUIRED]

    The mode of VPC BPA.

    • off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.

    • block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).

    • block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.

Return type:

dict

Returns:

Response Syntax

{
    'VpcBlockPublicAccessOptions': {
        'AwsAccountId': 'string',
        'AwsRegion': 'string',
        'State': 'default-state'|'update-in-progress'|'update-complete',
        'InternetGatewayBlockMode': 'off'|'block-bidirectional'|'block-ingress',
        'Reason': 'string',
        'LastUpdateTimestamp': datetime(2015, 1, 1),
        'ManagedBy': 'account'|'declarative-policy',
        'ExclusionsAllowed': 'allowed'|'not-allowed'
    }
}

Response Structure

  • (dict) –

    • VpcBlockPublicAccessOptions (dict) –

      Details related to the VPC Block Public Access (BPA) options.

      • AwsAccountId (string) –

        An Amazon Web Services account ID.

      • AwsRegion (string) –

        An Amazon Web Services Region.

      • State (string) –

        The current state of VPC BPA.

      • InternetGatewayBlockMode (string) –

        The current mode of VPC BPA.

        • off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.

        • block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).

        • block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.

      • Reason (string) –

        The reason for the current state.

      • LastUpdateTimestamp (datetime) –

        The last time the VPC BPA mode was updated.

      • ManagedBy (string) –

        The entity that manages the state of VPC BPA. Possible values include:

        • account - The state is managed by the account.

        • declarative-policy - The state is managed by a declarative policy and can’t be modified by the account.

      • ExclusionsAllowed (string) –

        Determines if exclusions are allowed. If you have enabled VPC BPA at the Organization level, exclusions may be not-allowed. Otherwise, they are allowed.