VPCLattice / Client / create_service_network_vpc_association
create_service_network_vpc_association#
- VPCLattice.Client.create_service_network_vpc_association(**kwargs)#
Associates a VPC with a service network. When you associate a VPC with the service network, it enables all the resources within that VPC to be clients and communicate with other services in the service network. For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.
You can’t use this operation if there is a disassociation in progress. If the association fails, retry by deleting the association and recreating it.
As a result of this operation, the association gets created in the service network account and the VPC owner account.
Once a security group is added to the VPC association it cannot be removed. You can add or update the security groups being used for the VPC association once a security group is attached. To remove all security groups you must reassociate the VPC.
See also: AWS API Documentation
Request Syntax
response = client.create_service_network_vpc_association( clientToken='string', securityGroupIds=[ 'string', ], serviceNetworkIdentifier='string', tags={ 'string': 'string' }, vpcIdentifier='string' )
- Parameters:
clientToken (string) –
A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren’t identical, the retry fails.
This field is autopopulated if not provided.
securityGroupIds (list) –
The IDs of the security groups. Security groups aren’t added by default. You can add a security group to apply network level controls to control which resources in a VPC are allowed to access the service network and its services. For more information, see Control traffic to resources using security groups in the Amazon VPC User Guide.
(string) –
serviceNetworkIdentifier (string) –
[REQUIRED]
The ID or Amazon Resource Name (ARN) of the service network. You must use the ARN when the resources specified in the operation are in different accounts.
tags (dict) –
The tags for the association.
(string) –
The key of the tag.
Constraints: Tag keys are case-sensitive and accept a maximum of 128 Unicode characters. Valid characters are Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @ May not begin with
aws:.(string) –
The value of the tag.
Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters. Valid characters are Unicode letters, digits, white space, and any of the following symbols: _ . : / = + - @
vpcIdentifier (string) –
[REQUIRED]
The ID of the VPC.
- Return type:
dict
- Returns:
Response Syntax
{ 'arn': 'string', 'createdBy': 'string', 'id': 'string', 'securityGroupIds': [ 'string', ], 'status': 'CREATE_IN_PROGRESS'|'ACTIVE'|'UPDATE_IN_PROGRESS'|'DELETE_IN_PROGRESS'|'CREATE_FAILED'|'DELETE_FAILED'|'UPDATE_FAILED' }
Response Structure
(dict) –
arn (string) –
The Amazon Resource Name (ARN) of the association.
createdBy (string) –
The account that created the association.
id (string) –
The ID of the association.
securityGroupIds (list) –
The IDs of the security groups.
(string) –
status (string) –
The operation’s status.
Exceptions
VPCLattice.Client.exceptions.ValidationExceptionVPCLattice.Client.exceptions.AccessDeniedExceptionVPCLattice.Client.exceptions.ThrottlingExceptionVPCLattice.Client.exceptions.ResourceNotFoundExceptionVPCLattice.Client.exceptions.ConflictExceptionVPCLattice.Client.exceptions.ServiceQuotaExceededExceptionVPCLattice.Client.exceptions.InternalServerException