Boto 3

Boto3 Documentation
Release 0.0.4
Amazon.com, Inc.
December 04, 2014

Contents
1 User Guide 3
1.1 Whats New . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.2 Quickstart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.3 Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.4 Collections . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.5 Tutorial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
1.6 Low-level Clients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
1.7 Session . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
1.8 Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
2 API Reference 17
2.1 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
2.2 Core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 666
3 Indices and tables 679
Python Module Index 681
i
ii
Boto3 Documentation, Release 0.0.4
Boto is the Amazon Web Services (AWS) SDK for Python, which allows Python developers to write software that
makes use of Amazon services like S3 and EC2. Boto provides an easy to use, object-oriented API as well as low-
level direct service access.
Danger: Boto 3 is in developer preview and should not be used in production yet. However, we would greatly
appreciate it if you try out Boto 3 and give us some feedback!
Contents 1
2 Contents
CHAPTER 1
User Guide
1.1 Whats New
Boto 3 is a ground-up rewrite of Boto. It uses a data-driven approach to generate classes at runtime from JSON
description files that are shared between SDKs in various languages. This includes descriptions for a high level, object
oriented interface similar to those availabe in previous versions of Boto.
Because Boto 3 is generated from these shared JSON files, we get fast updates to the latest services and features and
a consistent API across services. Community contributions to JSON description files in other SDKs also benefit Boto
3, just as contributions to Boto 3 benefit the other SDKs.
1.1.1 Major Features
Boto 3 consists of the following major features:

Resources: a high level, object oriented interface
Collections: a tool to iterate and manipulate groups of resources
Clients: low level service connections
Paginators: automatic paging of responses
Waiters: a way to block until a certain state has been reached
Along with these major features, Boto 3 also provides sessions and per-session credentials & configuration, as well as
basic components like authentication, parameter & response handling, an event system for customizations and logic
to retry failed requests.
Botocore
Boto 3 is built atop of a library called Botocore, which is shared by the AWS CLI. Botocore provides the low level
clients, session, and credential & configuration data. Boto 3 builds on top of Botocore by providing its own session,
resources and collections.
1.1.2 Migration
Current Boto users can begin using Boto 3 right away. The two modules can live side-by-side in the same project,
which means that a piecemeal approach can be used. New features can be written in Boto 3, or existing code can be
migrated over as needed, piece by piece.
3
Boto 3 is currently in developer preview. A full migration guide is coming soon.
1.2 Quickstart
Getting started with Boto 3 is easy, but requires a few steps.
1.2.1 Installation
Install the latest Boto 3 release via pip:

pip install boto3
You may also install a specific version:

pip install boto3==1.0.0
Note: The latest development version can always be found on GitHub.
1.2.2 Configuration
Before you can begin using Boto 3, you should set up authentication credentials. Credentials for your AWS account
can be found in the IAM Console. You can create or use an existing user. Go to manage access keys and generate a
new set of keys.
If you have the AWS CLI installed, then you can use it to configure your credentials file:
aws configure
Alternatively, you can create the credential file yourself. By default, its location is at ~/.aws/credentials:
[default]
aws_access_key_id = YOUR_ACCESS_KEY
aws_secret_access_key = YOUR_SECRET_KEY
You may also want to set a default region. This can be done in the configuration file. By default, its location is at
~/.aws/config:
[default]
region=us-east-1
Alternatively, you can pass a region_name when creating clients and resources.
This sets up credentials for the default profile as well as a default region to use when creating connections. See
Configuration for in-depth configuration sources and options.
1.2.3 Using Boto 3
To use Boto 3, you must first import it and tell it what service you are going to use:
import boto3
# Lets use Amazon S3

s3 = boto3.resource(s3)
4 Chapter 1. User Guide

Now that you have an s3 resource, you can make requests and process responses from the service. The following uses
the buckets collection to print out all bucket names:
# Print out bucket names
for bucket in s3.buckets.all():
print(bucket.name)
Its also easy to upload and download binary data. For example, the following uploads a new file to S3. It assumes
that the bucket my-bucket already exists:
# Upload a new file
data = open(test.jpg, rb)
s3.Bucket(my-bucket).put_object(Key=test.jpg, Body=data)
Resources and Collections will be covered in more detail in the following sections, so dont worry if you do not
completely understand the examples.
1.3 Resources
1.3.1 Overview
Resources represent an object-oriented interface to Amazon Web Services (AWS). They provide a higher-level abstrac-
tion than the raw, low-level calls made by service clients. To use resources, you invoke the resource() method of
a Session and pass in a service name:
# Get resources from the default session
sqs = boto3.resource(sqs)
Every resource instance has a number of attributes and methods. These can conceptually be split up into identifiers,
attributes, actions, references, sub-resources, and collections. Each of these is described in further detail below and in
the following section.
Resources themselves can also be conceptually split into service resources (like sqs, s3, ec2, etc) and individual
resources (like sqs.Queue or s3.Bucket). Service resources do not have identifiers or attributes. The two share
the same components otherwise.
1.3.2 Identifiers & Attributes
An identifier is a unique value that is used to call actions on the resource. Resources must have at least one identifier,
except for the top-level service resources (e.g. sqs or s3). An identifier is set at instance creation-time, and failing to
provide all necessary identifiers during instantiation will result in an exception. Examples of identifiers:
# SQS Queue (url is an identifier)
queue = sqs.Queue(url=http://...)
print(queue.url)
# S3 Object (bucket_name and key are identifiers)

obj = s3.Object(bucket_name=boto3, key=test.py)
print(obj.bucket_name)
print(obj.key)
# Raises exception, missing identifier: key!

obj = s3.Object(bucket_name=boto3)
1.3. Resources 5
Identifiers may also be passed as positional arguments:

# SQS Queue
queue = sqs.Queue(http://...)
# S3 Object
obj = s3.Object(boto3, test.py)
# Raises exception, missing key!

obj = s3.Object(boto3)
Identifiers also play a role in resource instance equality. For two instances of a resource to be considered equal, their
identifiers must be equal:
>>> bucket1 = s3.Bucket(boto3)
>>> bucket2 = s3.Bucket(boto3)
>>> bucket3 = s3.Bucket(some-other-bucket)
>>> bucket1 == bucket2

True
>>> bucket1 == bucket3
False
Note: Only identifiers are taken into account for instance equality. Region, account ID and other data members are
not considered. When using temporary credentials or multiple regions in your code please keep this in mind.
Resources may also have attributes, which are lazy-loaded properties on the instance. They may be set at creation
time from the response of an action on another resource, or they may be set when accessed or via an explicit call to
the load or reload action. Examples of attributes:
# SQS Message
message.body
# S3 Object
obj.last_modified
obj.md5
Warning: Attributes may incur a load action when first accessed. If latency is a concern, then manually calling
load will allow you to control exactly when the load action (and thus latency) is invoked. The documentation for
each resource explicitly lists its attributes.
Additionally, attributes may be reloaded after an action has been performed on the resource. For example, if the
last_modified attribute of an S3 object is loaded and then a put action is called, then the next time you access
last_modified it will reload the objects metadata.
1.3.3 Actions
An action is a method which makes a call to the service. Actions may return a low-level response, a new resource
instance or a list of new resource instances. Actions automatically set the resource identifiers as parameters, but allow
you to pass additional parameters via keyword arguments. Examples of actions:
# SQS Queue
messages = queue.receive_messages()
# SQS Message
for message in messages:
message.delete()

# S3 Object
obj = s3.Object(bucket_name=boto3, key=test.py)
response = obj.get()
data = response[Body].read()
Examples of sending additional parameters:

# SQS Service
queue = sqs.get_queue_by_name(QueueName=test)
# SQS Queue
queue.send_message(MessageBody=hello)
1.3.4 References
A reference is an attribute which may be None or a related resource instance. The resource instance does not share
identifiers with its reference resource, that is, it is not a strict parent to child relationship. In relational terms, these can
be considered many-to-one or one-to-one. Examples of references:
# EC2 Instance
instance.subnet
instance.vpc
In the above example, an EC2 instance may have exactly one associated subnet, and may have exactly one associated
VPC. The subnet does not require the instance ID to exist, hence it is not a parent to child relationship.
1.3.5 Sub-resources
A sub-resource is similar to a reference, but is a related class rather than an instance. Sub-resources, when instantiated,
share identifiers with their parent. It is a strict parent-child relationship. In relational terms, these can be considered
one-to-many. Examples of sub-resources:
# SQS
queue = sqs.Queue(url=...)
message = queue.Message(receipt_handle=...)
print(queue.url == message.queue_url)
print(message.receipt_handle)
# S3
obj = bucket.Object(key=new_file.txt)
print(obj.bucket_name)
print(obj.key)
Because an SQS message cannot exist without a queue, and an S3 object cannot exist without a bucket, these are parent
to child relationships.
1.4 Collections
1.4.1 Overview
A collection provides an iterable interface to a group of resources. Collections behave similarly to Django QuerySets
and expose a similar API. A collection seamlessly handles pagination for you, making it possible to easily iterate over
all items from all pages of data. Example of a collection:
1.4. Collections 7
# SQS list all queues

for queue in sqs.queues.all():
print(queue.url)
When Collections Make Requests
Collections can be created and manipulated without any request being made to the underlying service. A collection
makes a remote service request under the following conditions:
Iteration:
print(bucket.name)
Conversion to list():
buckets = list(s3.buckets.all())
1.4.2 Filtering
Some collections support extra arguments to filter the returned data set, which are passed into the underlying service
operation. Use the filter() method to filter the results:
# S3 list all keys with the prefix /photos
for obj in bucket.objects.filter(Prefix=/photos):
print({0}:{1}.format(bucket.name, obj.key))
Warning: Behind the scenes, the above example will call ListBuckets, ListObjects, and HeadObject
many times. If you have a large number of S3 objects then this could incur a significant cost.
1.4.3 Chainability
Collection methods are chainable. They return copies of the collection rather than modifying the collection, including
a deep copy of any associated operation parameters. For example, this allows you to build up multiple collections
from a base which they all have in common:
# EC2 find instances
ec2 = boto3.resource(ec2)
base = ec2.instances.filter(InstanceIds=[id1, id2, id3])
filters = [{
name: tenancy,
value: dedicated
}]
filtered1 = base.filter(Filters=filters)
# Note, this does NOT modify the filters in filtered1!

filters.append({name: instance-type, value: t1.micro})
filtered2 = base.filter(Filters=filters)
print(All instances:)

for instance in base:

print(instance.id)
print(Dedicated instances:)
for instance in filtered1:
print(instance.id)
print(Dedicated micro instances:)

for instance in filtered2:
print(instance.id)
1.4.4 Limiting Results
It is possible to limit the number of items returned from a collection by using either the limit() method or keyword
argument:
# S3 iterate over first ten buckets
for bucket in s3.buckets.limit(10):
print(bucket.name)
# Keyword argument example

for bucket in s3.buckets.filter(limit=10):
print(bucket.name)
In both cases, up to 10 items total will be returned. If you do not have 10 buckets, then all of your buckets will be
returned.
1.4.5 Controlling Page Size
Collections automatically handle paging through results, but you may want to control the number of items returned
from a single service operation call. You can do so using the page_size() method or keyword argument:
# S3 iterate over all objects 100 at a time
for obj in bucket.objects.page_size(100):
print(obj.key)
# Keyword argument example

for obj in bucket.objects.all(page_size=100):
print(obj.key)
By default, S3 will return 1000 objects at a time, so the above code would let you process the items in smaller batches,
which could be beneficial for slow or unreliable internet connections.
1.4.6 Batch Actions
Some collections support batch actions, which are actions that operate on an entire page of results at a time. They will
automatically handle pagination:
# S3 delete everything in my-bucket
s3.buckets(my-bucket).objects.delete()
Danger: The above example will completely erase all data in the my-bucket bucket! Please be careful with
batch actions.
1.4. Collections 9
1.5 Tutorial
Simple Queue Service (SQS) allows you to queue and then process messages. This tutorial covers how to create a new
queue, get and use an existing queue, push new messages onto the queue, and process messages from the queue by
using Resources and Collections.
1.5.1 Creating a Queue
Queues are created with a name. You may also optionally set queue attributes, such as the number of seconds to wait
before an item may be processed. The examples below will use the queue name test. Before creating a queue, you
must first get the SQS service resource:
# Get the service resource
# Create the queue. This returns an SQS.Queue instance

queue = sqs.create_queue(QueueName=test, Attributes={DelaySeconds: 5})
# You can now access identifiers and attributes

print(queue.url)
print(queue.attributes.get[DelaySeconds])
Reference: sqs.ServiceResource.create_queue()
Warning: The code above may throw an exception if you already have a queue named test.
1.5.2 Using an Existing Queue
It is possible to look up a queue by its name. If the queue does not exist, then an exception will be thrown:
# Get the queue. This returns an SQS.Queue instance

# You can now access identifiers and attributes

print(queue.url)
print(queue.attributes.get(DelaySeconds))
It is also possible to list all of our existing queues:

# Print out each queue name, which is part of its ARN
for queue in sqs.queues.all():
print(queue.url)
Note: To get the name from a queue, you must use its ARN, which is available in the queues attributes attribute.
Using queue.attributes[QueueArn].split(:)[-1] will return its name.
Reference: sqs.ServiceResource.get_queue_by_name(), sqs.ServiceResource.queues

1.5.3 Sending Messages
Sending a message adds it to the end of the queue:

# Get the queue

# Create a new message

response = queue.send_message(MessageBody=world)
# The response is NOT a resource, but gives you a message ID and MD5
print(response.get(MessageId))
print(response.get(MD5OfMessageBody))
You can also create messages with custom attributes:

queue.send_message(MessageBody=boto3, MessageAttributes={
Author: {
StringValue: Daniel,
DataType: string
}
})
Messages can also be sent in batches. For example, sending the two messages described above in a single request
would look like the following:
response = queue.send_messages(Entries=[
{
Id: 1,
MessageBody: world
},
{
Id: 2,
MessageBody: boto3,
MessageAttributes: {
Author: {
StringValue: Daniel,
DataType: string
}
}
}
])
# Print out any failures

print(response.get(Failed))
In this case, the response contains lists of Successful and Failed messages, so you can retry failures if needed.
Reference: sqs.Queue.send_message(), sqs.Queue.send_messages()
1.5.4 Processing Messages
Messages are processed in batches:
1.5. Tutorial 11

# Get the queue

# Process messages by printing out body and optional author name

for message in queue.receive_messages(MessageAttributeNames=[Author]):
# Get the custom author message attribute if it was set
author_text =
if message.message_attributes is not None:
author_name = message.message_attributes.get(Author)
if author_name:
author_text = ({0}).format(author_name)
# Print out the body and author (if set)

print(Hello, {0}!{1}.format(message.body, author_name))
# Let the queue know that the message is processed

message.delete()
Given only the messages that were sent in a batch with send_messages() in the previous section, the above code
will print out:
Hello, world!
Hello, boto3! (Daniel)
Reference: sqs.Queue.receive_messages(), sqs.Message.delete()
1.6 Low-level Clients
Clients provide a low-level interface to AWS whose methods map close to 1:1 with service APIs. All service operations
are supported by clients. Clients are generated from a JSON service definition file.
1.6.1 Creating Clients
Clients are created in a similar fashion to resources:

import boto3
# Create a low-level client with the service name

sqs = boto3.client(sqs)
It is also possible to access the low-level client from an existing resource:

# Create the resource
sqs_resource = boto3.resource(sqs)
# Get the client from the resource

sqs = sqs_resource.meta[client]

1.6.2 Service Operations
Service operations map to client methods of the same name and provide access to the same operation parameters via
keyword arguments:
# Make a call using the low-level client
response = sqs.send_message(QueueUrl=..., MessageBody=...)
As can be seen above, the method arguments map directly to the associated SQS API.
Note: The method names have been snake-cased for better looking Python code.
1.6.3 Handling Responses
Responses are returned as python dictionaries. It is up to you to traverse or otherwise process the response for the
data you need, keeping in mind that responses may not always include all of the expected data. In the example below,
response.get(QueueUrls, []) is used to ensure that a list is always returned, even when the response has
no key QueueUrls:
# List all your queues
response = sqs.list_queues()
for url in response.get(QueueUrls, []):
print(url)
The response in the example above looks something like this:

{
"QueueUrls": [
"http://url1",
"http://url2",
"http://url3"
]
}
1.7 Session
A session manages state about a particular configuration. By default a session is created for you when needed. How-
ever it is possible and recommended to maintain your own session(s) in some scenarios. Sessions typically store:
Credentials
Region
Other configurations
1.7.1 Default Session
The boto3 module acts as a proxy to the default session, which is created automatically when needed. Example
default session use:
# Using the default session
1.7. Session 13
1.7.2 Custom Session
It is also possible to manage your own session and create clients or resources from it:
# Creating your own session
session = boto3.session.Session()
sqs = session.client(sqs)
s3 = session.resource(s3)
1.8 Configuration
Boto can be configured in multiple ways. Regardless of the source or sources that you choose, you must have AWS
credentials and a region set in order to make requests.
1.8.1 Interactive Configuration
If you have the AWS CLI, then you can use its interactive configure command to set up your credentials and
default region:
aws configure
Follow the prompts and it will generate configuration files in the correct locations for you.
1.8.2 Configuration Sources
There are multiple sources from which configuration data can be loaded. The general order in which they are checked
is as follows:
1. Method parameters
2. Environment variables
3. Configuration files
4. EC2 Instance metadata
If a configuration value is set in multiple places, then the first will be used according the the order above. For example,
if I have set a default region in both my environment variables and configuration file, then the environment variable is
used.
1.8.3 Available Options
The available options for various configuration sources are listed below.
Method Parameters
When creating a session, client, or resource you can pass in credential and configuration options:
from boto3.session import Session
session = Session(aws_access_key_id=<YOUR ACCESS KEY ID>,

aws_secret_access_key=<YOUR SECRET KEY>,

region_name=<REGION NAME>)
ec2 = session.resource(ec2)
ec2_us_west_2 = session.resource(ec2, region_name=us-west-2)
# List all of my EC2 instances in my default region.

print(Default region:)
for instance in ec2.instances.all():
print(instance.id)
# List all of my EC2 instances in us-west-2.

print(US West 2 region:)
for instance in ec2_us_west_2.instances.all():
print(instance.id)
For a list of all options, look at the Session documentation.
Environment Variables
AWS_ACCESS_KEY_ID The access key for your AWS account.

AWS_SECRET_ACCESS_KEY The secret key for your AWS account.
BOTO_DEFAULT_REGION The default region to use, e.g. us-east-1.
BOTO_DEFAULT_PROFILE The default credential and configuration profile to use, if any.
BOTO_DATA_PATH The data path from which to load service and resource JSON files.
Configuration Files
There are two configuration files that Boto checks. The first is the shared credential file, which holds only creden-
tials and is shared between various SDKs and tools like Boto and the AWS CLI. By default, this file is located at
~/.aws/credentials:
[default]
# The access key for your AWS account
aws_access_key_id=<YOUR ACCESS KEY ID>
# The secret key for your AWS account

aws_secret_access_key=<YOUR SECRET KEY>
Credentials can also be set for individual profiles:

[dev-profile]
# The access key for your dev-profile account
aws_access_key_id=<YOUR ACCESS KEY ID>
# The secret key for your dev-profile account

aws_secret_access_key=<YOUR SECRET KEY>
The second configuration file stores all settings which are not credentials. Its default location is ~/.aws/config:
[default]
# The default region when making requests
region=<REGION NAME>
1.8. Configuration 15
It also supports profiles, but these are prefixed with the word profile because this file supports sections other than
profiles:
[profile dev-profile]
# The default region when using the dev-profile account
region=<REGION NAME>

CHAPTER 2
API Reference
2.1 Services
2.1.1 Auto Scaling
Table of Contents
Auto Scaling
Client
Client
class autoscaling.Client
A low-level client representing Auto Scaling:
import boto3
autoscaling = boto3.client(autoscaling)
attach_instances(AutoScalingGroupName, InstanceIds=None)
Attaches one or more EC2 instances to the specified Auto Scaling group.
For more information, see Attach Amazon EC2 Instances to Your Existing Auto Scaling Group in the Auto
Scaling Developer Guide .
Parameters
InstanceIds (list) One or more EC2 instance IDs. You must specify at least one ID.
AutoScalingGroupName (string) The name of the group.
Return type dict
complete_lifecycle_action(LifecycleHookName, AutoScalingGroupName, LifecycleActionTo-
ken, LifecycleActionResult)
Completes the lifecycle action for the associated token initiated under the given lifecycle hook with the
specified result.
This operation is a part of the basic sequence for adding a lifecycle hook to an Auto Scaling group:
Create a notification target. A target can be either an Amazon SQS queue or an Amazon SNS topic.
17
Create an IAM role. This role allows Auto Scaling to publish lifecycle notifications to the designated
SQS queue or SNS topic.
Create the lifecycle hook. You can create a hook that acts when instances launch or when instances
terminate.
If necessary, record the lifecycle action heartbeat to keep the instance in a pending state.
Complete the lifecycle action .
For more information, see Auto Scaling Pending State and Auto Scaling Terminating State in the Auto
Parameters
LifecycleHookName (string) The name of the lifecycle hook.
AutoScalingGroupName (string) The name of the group for the lifecycle hook.
LifecycleActionToken (string) A universally unique identifier (UUID) that identifies a
specific lifecycle action associated with an instance. Auto Scaling sends this token to the
notification target you specified when you created the lifecycle hook.
LifecycleActionResult (string) The action for the group to take. This parameter can be
either CONTINUE or ABANDON .
Return type dict
create_auto_scaling_group(AutoScalingGroupName, MinSize, MaxSize, LaunchConfigura-
tionName=None, InstanceId=None, DesiredCapacity=None, De-
faultCooldown=None, AvailabilityZones=None, LoadBalancer-
Names=None, HealthCheckType=None, HealthCheckGracePe-
riod=None, PlacementGroup=None, VPCZoneIdentifier=None,
TerminationPolicies=None, Tags=None)
Creates an Auto Scaling group with the specified name and attributes.
If you exceed your maximum limit of Auto Scaling groups, which by default is 20 per region, the call fails.
For information about viewing and updating these limits, see DescribeAccountLimits .
Parameters
AutoScalingGroupName (string) The name of the group. This name must be unique
within the scope of your AWS account.
LaunchConfigurationName (string) The name of the launch configuration. Alterna-
tively, use the InstanceId parameter to specify an EC2 instance instead of a launch
configuration.
InstanceId (string) The ID of the EC2 instance used to create a launch configuration for
the group. Alternatively, use the LaunchConfigurationName parameter to specify a
launch configuration instead of an EC2 instance.
When you specify an ID of an instance, Auto Scaling creates a new launch configuration
and associates it with the group. This launch configuration derives its attributes from the
specified instance, with the exception of the block device mapping.
For more information, see Create an Auto Scaling Group Using an EC2 Instance ID in the
Auto Scaling Developer Guide .
MinSize (integer) The minimum size of the group.
MaxSize (integer) The maximum size of the group.
18 Chapter 2. API Reference

DesiredCapacity (integer) The number of EC2 instances that should be running in the
group. This value must be greater than or equal to the minimum size of the group and less
than or equal to the maximum size of the group.
DefaultCooldown (integer) The amount of time, in seconds, after a scaling activity
completes before another scaling activity can start.
If DefaultCooldown is not specified, the default value is 300. For more information,
see Understanding Auto Scaling Cooldowns in the Auto Scaling Developer Guide .
AvailabilityZones (list) One or more Availability Zones for the group. This parameter
is optional if you specify subnets using the VPCZoneIdentifier parameter.
LoadBalancerNames (list) One or more load balancers.
For more information, see Load Balance Your Auto Scaling Group in the Auto Scaling
Developer Guide .
HealthCheckType (string) The service to use for the health checks. The valid values
are EC2 and ELB .
By default, health checks use Amazon EC2 instance status checks to determine the health
of an instance. For more information, see Health Checks .
HealthCheckGracePeriod (integer) The amount of time, in seconds, after an EC2 in-
stance comes into service that Auto Scaling starts checking its health. During this time,
any health check failures for the instance are ignored.
This parameter is required if you are adding an ELB health check. Frequently, new in-
stances need to warm up, briefly, before they can pass a health check. To provide ample
warm-up time, set the health check grace period of the group to match the expected startup
period of your application.
For more information, see Add an Elastic Load Balancing Health Check to Your Auto
Scaling Group in the Auto Scaling Developer Guide .
PlacementGroup (string) The name of the placement group into which youll launch
your instances, if any. For more information, see Placement Groups .
VPCZoneIdentifier (string) A comma-separated list of subnet identifiers for your vir-
tual private cloud (VPC).
If you specify subnets and Availability Zones with this call, ensure that the subnets Avail-
ability Zones match the Availability Zones specified.
For more information, see Auto Scaling and Amazon VPC in the Auto Scaling Developer
Guide .
TerminationPolicies (list) One or more termination policies used to select the instance
to terminate. These policies are executed in the order that they are listed.
For more information, see Choosing a Termination Policy for Your Auto Scaling Group in
the Auto Scaling Developer Guide .
Tags (list) The tag to be created or updated. Each tag should be defined by its re-
source type, resource ID, key, value, and a propagate flag. Valid values: key=*value* ,
value=*value* , propagate=*true* or false . Value and propagate are optional parameters.
For more information, see Add, Modify, or Remove Auto Scaling Group Tags in the Auto
Return type dict
2.1. Services 19
create_launch_configuration(LaunchConfigurationName, ImageId=None, KeyName=None,

SecurityGroups=None, UserData=None, InstanceId=None,
InstanceType=None, KernelId=None, RamdiskId=None, Block-
DeviceMappings=None, InstanceMonitoring=None, Spot-
Price=None, IamInstanceProfile=None, EbsOptimized=None,
AssociatePublicIpAddress=None, PlacementTenancy=None)
Creates a launch configuration.
If you exceed your maximum limit of launch configurations, which by default is 100 per region, the call
fails. For information about viewing and updating these limits, see DescribeAccountLimits .
Parameters
LaunchConfigurationName (string) The name of the launch configuration. This name
must be unique within the scope of your AWS account.
ImageId (string) The ID of the Amazon Machine Image (AMI) to use to launch your
EC2 instances. For more information, see Finding an AMI in the Amazon Elastic Compute
Cloud User Guide .
KeyName (string) The name of the key pair. For more information, see Amazon EC2
Key Pairs in the Amazon Elastic Compute Cloud User Guide .
SecurityGroups (list) One or more security groups with which to associate the instances.
If your instances are launched in EC2-Classic, you can either specify security group names
or the security group IDs. For more information about security groups for EC2-Classic,
see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide .
If your instances are launched in a VPC, specify security group IDs. For more information,
see Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide .
UserData (string) The user data to make available to the launched EC2 instances. For
more information, see Instance Metadata and User Data in the Amazon Elastic Compute
Cloud User Guide .
Note: At this time, launch configurations dont support compressed (zipped) user data
files.
InstanceId (string) The ID of the EC2 instance to use to create the launch configuration.
The new launch configuration derives attributes from the instance, with the exception of
the block device mapping.
To create a launch configuration with a block device mapping or override any other in-
stance attributes, specify them as part of the same request.
For more information, see Create a Launch Configuration Using an EC2 Instance in the
Auto Scaling Developer Guide .
InstanceType (string) The instance type of the Amazon EC2 instance. For information
about available Amazon EC2 instance types, see Available Instance Types in the Amazon
Elastic Cloud Compute User Guide.
KernelId (string) The ID of the kernel associated with the Amazon EC2 AMI.
RamdiskId (string) The ID of the RAM disk associated with the Amazon EC2 AMI.
BlockDeviceMappings (list) One or more mappings that specify how block devices are
exposed to the instance. For more information, see Block Device Mapping in the Amazon
Elastic Compute Cloud User Guide .

InstanceMonitoring (dict) Enables detailed monitoring if it is disabled. Detailed mon-

itoring is enabled by default.
When detailed monitoring is enabled, Amazon Cloudwatch generates metrics every minute
and your account is charged a fee. When you disable detailed monitoring, by specifying
False , Cloudwatch generates metrics every 5 minutes. For more information, see Mon-
itor Your Auto Scaling Instances in the Auto Scaling Developer Guide .
SpotPrice (string) The maximum hourly price to be paid for any Spot Instance launched
to fulfill the request. Spot Instances are launched when the price you specify exceeds the
current Spot market price. For more information, see Launch Spot Instances in Your Auto
Scaling Group in the Auto Scaling Developer Guide .
IamInstanceProfile (string) The name or the Amazon Resource Name (ARN) of the
instance profile associated with the IAM role for the instance.
Amazon EC2 instances launched with an IAM role will automatically have AWS security
credentials available. You can use IAM roles with Auto Scaling to automatically enable
applications running on your Amazon EC2 instances to securely access other AWS re-
sources. For more information, see Launch Auto Scaling Instances with an IAM Role in
EbsOptimized (boolean) Indicates whether the instance is optimized for Amazon EBS
I/O. By default, the instance is not optimized for EBS I/O. The optimization provides dedi-
cated throughput to Amazon EBS and an optimized configuration stack to provide optimal
I/O performance. This optimization is not available with all instance types. Additional
usage charges apply. For more information, see Amazon EBS-Optimized Instances in the
Amazon Elastic Compute Cloud User Guide .
AssociatePublicIpAddress (boolean) Used for groups that launch instances into a vir-
tual private cloud (VPC). Specifies whether to assign a public IP address to each instance.
Guide .
Note: If you specify a value for this parameter, be sure to specify at least one subnet using
the VPCZoneIdentifier parameter when you create your group.
Default: If the instance is launched into a default subnet, the default is true . If the
instance is launched into a nondefault subnet, the default is false . For more information,
see Supported Platforms in the Amazon Elastic Compute Cloud User Guide .
PlacementTenancy (string) The tenancy of the instance. An instance with a tenancy of
dedicated runs on single-tenant hardware and can only be launched in a VPC.
You must set the value of this parameter to dedicated if want to launch Dedicated
Instances in a shared tenancy VPC (VPC with instance placement tenancy attribute set to
default ).
If you specify a value for this parameter, be sure to specify at least one VPC subnet using
the VPCZoneIdentifier parameter when you create your group.
Guide .
Valid values: default | dedicated
Return type dict
create_or_update_tags(Tags)
Creates or updates tags for the specified Auto Scaling group.
2.1. Services 21
Note: A tags definition is composed of a resource ID, resource type, key and value, and the propagate flag.
Value and the propagate flag are optional parameters. See the Request Parameters for more information.
For more information, see Add, Modify, or Remove Auto Scaling Group Tags in the Auto Scaling Devel-
oper Guide .
Parameters Tags (list) The tag to be created or updated. Each tag should be defined by its
resource type, resource ID, key, value, and a propagate flag. The resource type and re-
source ID identify the type and name of resource for which the tag is created. Currently,
auto-scaling-group is the only supported resource type. The valid value for the re-
source ID is groupname .
The PropagateAtLaunch flag defines whether the new tag will be applied to instances
launched by the group. Valid values are true or false . However, instances that are
already running will not get the new or updated tag. Likewise, when you modify a tag, the
updated version will be applied only to new instances launched by the group after the change.
Running instances that had the previous version of the tag will continue to have the older tag.
When you create a tag and a tag of the same name already exists, the operation overwrites
the previous tag definition, but you will not get an error message.
Return type dict
delete_auto_scaling_group(AutoScalingGroupName, ForceDelete=None)
Deletes the specified Auto Scaling group.
The group must have no instances and no scaling activities in progress.
To remove all instances before calling DeleteAutoScalingGroup , you can call UpdateAutoScalingGroup
to set the minimum and maximum size of the AutoScalingGroup to zero.
Parameters
AutoScalingGroupName (string) The name of the group to delete.
ForceDelete (boolean) Specifies that the group will be deleted along with all instances
associated with the group, without waiting for all instances to be terminated. This param-
eter also deletes any lifecycle actions associated with the group.
Return type dict
delete_launch_configuration(LaunchConfigurationName)
Deletes the specified launch configuration.
The launch configuration must not be attached to an Auto Scaling group. When this call completes, the
launch configuration is no longer available for use.
Parameters LaunchConfigurationName (string) The name of the launch configuration.
Return type dict
delete_lifecycle_hook(LifecycleHookName, AutoScalingGroupName)
Deletes the specified lifecycle hook.
If there are any outstanding lifecycle actions, they are completed first (ABANDON for launching instances,
CONTINUE for terminating instances).
Parameters
AutoScalingGroupName (string) The name of the Auto Scaling group for the lifecycle
hook.

Return type dict

delete_notification_configuration(AutoScalingGroupName, TopicARN)
Deletes the specified notification.
Parameters
AutoScalingGroupName (string) The name of the Auto Scaling group.
TopicARN (string) The Amazon Resource Name (ARN) of the Amazon Simple Notifi-
cation Service (SNS) topic.
Return type dict
delete_policy(PolicyName, AutoScalingGroupName=None)
Deletes the specified Auto Scaling policy.
Parameters
PolicyName (string) The name or Amazon Resource Name (ARN) of the policy.
Return type dict
delete_scheduled_action(ScheduledActionName, AutoScalingGroupName=None)
Deletes the specified scheduled action.
Parameters
ScheduledActionName (string) The name of the action to delete.
Return type dict
delete_tags(Tags)
Deletes the specified tags.
Parameters Tags (list) Each tag should be defined by its resource type, resource ID, key,
value, and a propagate flag. Valid values are: Resource type = auto-scaling-group , Resource
ID = AutoScalingGroupName , key=*value* , value=*value* , propagate=*true* or false .
Return type dict
describe_account_limits()
Describes the current Auto Scaling resource limits for your AWS account.
For information about requesting an increase in these limits, see AWS Service Limits .
Return type dict
describe_adjustment_types()
Lists the policy adjustment types for use with PutScalingPolicy .
Return type dict
describe_auto_scaling_groups(AutoScalingGroupNames=None, NextToken=None,
MaxRecords=None)
Describes one or more Auto Scaling groups. If a list of names is not provided, the call describes all Auto
Scaling groups.
You can specify a maximum number of items to be returned with a single call. If there are more items to
return, the call returns a token. To get the next set of items, repeat the call with the returned token in the
NextToken parameter.
This operation can be paginated.
2.1. Services 23
Parameters
AutoScalingGroupNames (list) The group names.
NextToken (string) The token for the next set of items to return. (You received this
token from a previous call.)
MaxRecords (integer) The maximum number of items to return with this call.
Return type dict
describe_auto_scaling_instances(InstanceIds=None, MaxRecords=None, NextTo-
ken=None)
Describes one or more Auto Scaling instances. If a list is not provided, the call describes all instances.
You can describe up to a maximum of 50 instances with a single call. By default, a call returns up to 20
instances. If there are more items to return, the call returns a token. To get the next set of items, repeat the
call with the returned token in the NextToken parameter.
Parameters
InstanceIds (list) One or more Auto Scaling instances to describe, up to 50 instances.
If you omit this parameter, all Auto Scaling instances are described. If you specify an ID
that does not exist, it is ignored with no error.
Return type dict
describe_auto_scaling_notification_types()
Lists the notification types that are supported by Auto Scaling.
Return type dict
describe_launch_configurations(LaunchConfigurationNames=None, NextToken=None,
MaxRecords=None)
Describes one or more launch configurations. If you omit the list of names, then the call describes all
launch configurations.
Parameters
LaunchConfigurationNames (list) The launch configuration names.
MaxRecords (integer) The maximum number of items to return with this call. The
default is 100.
Return type dict
describe_lifecycle_hook_types()
Describes the available types of lifecycle hooks.
Return type dict

describe_lifecycle_hooks(AutoScalingGroupName, LifecycleHookNames=None)
Describes the lifecycle hooks for the specified Auto Scaling group.
Parameters
LifecycleHookNames (list) The names of one or more lifecycle hooks.
Return type dict
describe_metric_collection_types()
Returns a list of metrics and a corresponding list of granularities for each metric.
Note: The GroupStandbyInstances metric is not returned by default. You must explicitly request
it when calling EnableMetricsCollection .
Return type dict
describe_notification_configurations(AutoScalingGroupNames=None, NextTo-
ken=None, MaxRecords=None)
Describes the notification actions associated with the specified Auto Scaling group.
Parameters
AutoScalingGroupNames (list) The name of the group.
Return type dict
describe_policies(AutoScalingGroupName=None, PolicyNames=None, NextToken=None,
MaxRecords=None)
Describes the policies for the specified Auto Scaling group.
Parameters
PolicyNames (list) One or more policy names or policy ARNs to be described. If you
omit this list, all policy names are described. If an group name is provided, the results are
limited to that group. This list is limited to 50 items. If you specify an unknown policy
name, it is ignored with no error.
MaxRecords (integer) The maximum number of items to be returned with each call.
Return type dict
2.1. Services 25
describe_scaling_activities(ActivityIds=None, AutoScalingGroupName=None,
MaxRecords=None, NextToken=None)
Describes one or more scaling activities for the specified Auto Scaling group. If you omit the
ActivityIds , the call returns all activities from the past six weeks. Activities are sorted by the start
time. Activities still in progress appear first on the list.
Parameters
ActivityIds (list) A list containing the activity IDs of the desired scaling activities. If this
list is omitted, all activities are described. If an AutoScalingGroupName is provided,
the results are limited to that group. The list of requested activities cannot contain more
than 50 items. If unknown activities are requested, they are ignored with no error.
Return type dict
describe_scaling_process_types()
Returns scaling process types for use in the ResumeProcesses and SuspendProcesses actions.
Return type dict
describe_scheduled_actions(AutoScalingGroupName=None, ScheduledActionNames=None,
StartTime=None, EndTime=None, NextToken=None,
MaxRecords=None)
Lists the actions scheduled for your Auto Scaling group that havent been executed. To list the actions that
were already executed, use DescribeScalingActivities .
Parameters
ScheduledActionNames (list) Describes one or more scheduled actions. If you omit
this list, the call describes all scheduled actions. If you specify an unknown scheduled
action it is ignored with no error.
You can describe up to a maximum of 50 instances with a single call. If there are more
items to return, the call returns a token. To get the next set of items, repeat the call with
the returned token in the NextToken parameter.
StartTime (datetime) The earliest scheduled start time to return. If scheduled action
names are provided, this parameter is ignored.
EndTime (datetime) The latest scheduled start time to return. If scheduled action names
are provided, this parameter is ignored.
Return type dict

describe_tags(Filters=None, NextToken=None, MaxRecords=None)

Describes the specified tags.
You can use filters to limit the results. For example, you can query for the tags for a specific Auto Scaling
group. You can specify multiple values for a filter. A tag must match at least one of the specified values
for it to be included in the results.
You can also specify multiple filters. The result includes information for a particular tag only if it matches
all the filters. If theres no match, no special message is returned.
Parameters
Filters (list) The value of the filter type used to identify the tags to be returned. For
example, you can filter so that tags are returned according to Auto Scaling group, the key
and value, or whether the new tag will be applied to instances launched after the tag is
created (PropagateAtLaunch).
Return type dict
describe_termination_policy_types()
Lists the termination policies supported by Auto Scaling.
Return type dict
detach_instances(AutoScalingGroupName, ShouldDecrementDesiredCapacity, Instan-
ceIds=None)
Removes one or more instances from the specified Auto Scaling group. After the instances are detached,
you can manage them independently from the rest of the Auto Scaling group.
For more information, see Detach EC2 Instances from Your Auto Scaling Group in the Auto Scaling
Developer Guide .
Parameters
InstanceIds (list) One or more instance IDs.
ShouldDecrementDesiredCapacity (boolean) If True , the Auto Scaling group decre-
ments the desired capacity value by the number of instances detached.
Return type dict
disable_metrics_collection(AutoScalingGroupName, Metrics=None)
Disables monitoring of the specified metrics for the specified Auto Scaling group.
Parameters
AutoScalingGroupName (string) The name or Amazon Resource Name (ARN) of the
group.
Metrics (list) One or more of the following metrics:
GroupMinSize
GroupMaxSize
GroupDesiredCapacity
GroupInServiceInstances
2.1. Services 27
GroupPendingInstances
GroupStandbyInstances
GroupTerminatingInstances
GroupTotalInstances
If you omit this parameter, all metrics are disabled.
Return type dict
enable_metrics_collection(AutoScalingGroupName, Granularity, Metrics=None)
Enables monitoring of the specified metrics for the specified Auto Scaling group.
You can only enable metrics collection if InstanceMonitoring in the launch configuration for the
group is set to True .
Parameters
AutoScalingGroupName (string) The name or ARN of the Auto Scaling group.
Metrics (list) One or more of the following metrics:
GroupMinSize
GroupMaxSize
GroupDesiredCapacity
GroupInServiceInstances
GroupPendingInstances
GroupStandbyInstances
GroupTerminatingInstances
GroupTotalInstances
If you omit this parameter, all metrics are enabled.
Note: The GroupStandbyInstances metric is not returned by default. You must

explicitly request it when calling EnableMetricsCollection .
Granularity (string) The granularity to associate with the metrics to collect. Currently,
the only valid value is 1Minute.
Return type dict
enter_standby(AutoScalingGroupName, ShouldDecrementDesiredCapacity, InstanceIds=None)
Moves the specified instances into Standby mode.
For more information, see Auto Scaling InService State in the Auto Scaling Developer Guide .
Parameters
InstanceIds (list) One or more instances to move into Standby mode. You must
specify at least one instance ID.
ShouldDecrementDesiredCapacity (boolean) Specifies whether the instances moved
to Standby mode count as part of the Auto Scaling groups desired capacity. If set, the
desired capacity for the Auto Scaling group decrements by the number of instances moved
to Standby mode.

Return type dict

execute_policy(PolicyName, AutoScalingGroupName=None, HonorCooldown=None)
Executes the specified policy.
Parameters
Auto Scaling group.
PolicyName (string) The name or ARN of the policy.
HonorCooldown (boolean) Set to True if you want Auto Scaling to wait for the
cooldown period associated with the Auto Scaling group to complete before executing
the policy.
Set to False if you want Auto Scaling to circumvent the cooldown period associated with
the Auto Scaling group and execute the policy before the cooldown period ends.
For more information, see Understanding Auto Scaling Cooldowns in the Auto Scaling
Developer Guide .
Return type dict
exit_standby(AutoScalingGroupName, InstanceIds=None)
Moves the specified instances out of Standby mode.
For more information, see Auto Scaling InService State in the Auto Scaling Developer Guide .
Parameters
InstanceIds (list) One or more instance IDs. You must specify at least one instance ID.
Return type dict
put_lifecycle_hook(LifecycleHookName, AutoScalingGroupName, LifecycleTransition=None,
RoleARN=None, NotificationTargetARN=None, NotificationMeta-
data=None, HeartbeatTimeout=None, DefaultResult=None)
Creates or updates a lifecycle hook for the specified Auto Scaling Group.
A lifecycle hook tells Auto Scaling that you want to perform an action on an instance that is not actively
in service; for example, either when the instance launches or before the instance terminates.
Create the lifecycle hook. You can create a hook that acts when instances launch or when
instances terminate.
Complete the lifecycle action.
Parameters
2.1. Services 29
AutoScalingGroupName (string) The name of the Auto Scaling group to which you
want to assign the lifecycle hook.
LifecycleTransition (string) The Amazon EC2 instance state to which you want to at-
tach the lifecycle hook. See DescribeLifecycleHookTypes for a list of available lifecycle
hook types.
Note: This parameter is required for new lifecycle hooks, but optional when updating
existing hooks.
RoleARN (string) The ARN of the IAM role that allows the Auto Scaling group to
publish to the specified notification target.
existing hooks.
NotificationTargetARN (string) The ARN of the notification target that Auto Scaling
will use to notify you when an instance is in the transition state for the lifecycle hook. This
ARN target can be either an SQS queue or an SNS topic.
existing hooks.
The notification message sent to the target will include:

LifecycleActionToken . The Lifecycle action token.
AccountId . The user account ID.
AutoScalingGroupName . The name of the Auto Scaling group.
LifecycleHookName . The lifecycle hook name.
EC2InstanceId . The EC2 instance ID.
LifecycleTransition . The lifecycle transition.
NotificationMetadata . The notification metadata.
This operation uses the JSON format when sending notifications to an Amazon SQS queue,
and an email key/value pair format when sending notifications to an Amazon SNS topic.
When you call this operation, a test message is sent to the notifica-
tion target. This test message contains an additional key/value pair:
Event:autoscaling:TEST_NOTIFICATION .
NotificationMetadata (string) Contains additional information that you want to include
any time Auto Scaling sends a message to the notification target.
HeartbeatTimeout (integer) Defines the amount of time, in seconds, that can elapse
before the lifecycle hook times out. When the lifecycle hook times out, Auto Scaling
performs the action defined in the DefaultResult parameter. You can prevent the
lifecycle hook from timing out by calling RecordLifecycleActionHeartbeat . The default
value for this parameter is 3600 seconds (1 hour).
DefaultResult (string) Defines the action the Auto Scaling group should take when
the lifecycle hook timeout elapses or if an unexpected failure occurs. The value for this
parameter can be either CONTINUE or ABANDON . The default value for this parameter is
ABANDON .

Return type dict

put_notification_configuration(AutoScalingGroupName, TopicARN, NotificationTypes)
Configures an Auto Scaling group to send notifications when specified events take place. Subscribers to
this topic can have messages for events delivered to an endpoint such as a web server or email address.
For more information see Getting Notifications When Your Auto Scaling Group Changes in the Auto
This configuration overwrites an existing configuration.
Parameters
TopicARN (string) The Amazon Resource Name (ARN) of the Amazon Simple Notifi-
cation Service (SNS) topic.
NotificationTypes (list) The type of event that will cause the notification to be sent. For
details about notification types supported by Auto Scaling, see DescribeAutoScalingNoti-
ficationTypes .
Return type dict
put_scaling_policy(AutoScalingGroupName, PolicyName, ScalingAdjustment, AdjustmentType,
Cooldown=None, MinAdjustmentStep=None)
Creates or updates a policy for an Auto Scaling group. To update an existing policy, use the existing policy
name and set the parameters you want to change. Any existing parameter not changed in an update to an
existing policy is not changed in this update request.
Parameters
AutoScalingGroupName (string) The name or ARN of the group.
PolicyName (string) The name of the policy.
ScalingAdjustment (integer) The number of instances by which to scale.
AdjustmentType determines the interpretation of this number (e.g., as an absolute
number or as a percentage of the existing Auto Scaling group size). A positive increment
adds to the current capacity and a negative value removes from the current capacity.
AdjustmentType (string) Specifies whether the ScalingAdjustment is an absolute
number or a percentage of the current capacity. Valid values are ChangeInCapacity ,
ExactCapacity , and PercentChangeInCapacity .
For more information, see Dynamic Scaling in the Auto Scaling Developer Guide .
Cooldown (integer) The amount of time, in seconds, after a scaling activity completes
and before the next scaling activity can start.
For more information, see Understanding Auto Scaling Cooldowns in the Auto Scaling
Developer Guide .
MinAdjustmentStep (integer) Used with AdjustmentType with the value
PercentChangeInCapacity , the scaling policy changes the DesiredCapacity
of the Auto Scaling group by at least the number of instances specified in the value.
You will get a ValidationError if you use MinAdjustmentStep on a policy with
an AdjustmentType other than PercentChangeInCapacity .
Return type dict
2.1. Services 31
put_scheduled_update_group_action(AutoScalingGroupName, ScheduledActionName,
Time=None, StartTime=None, EndTime=None, Re-
currence=None, MinSize=None, MaxSize=None,
DesiredCapacity=None)
Creates or updates a scheduled scaling action for an Auto Scaling group. When updating a scheduled
scaling action, if you leave a parameter unspecified, the corresponding value remains unchanged in the
affected Auto Scaling group.
For more information, see Scheduled Scaling in the Auto Scaling Developer Guide .
Note: Auto Scaling supports the date and time expressed in YYYY-MM-DDThh:mm:ssZ format in
UTC/GMT only.
Parameters
Auto Scaling group.
ScheduledActionName (string) The name of this scaling action.
Time (datetime) Time is deprecated.
The time for this action to start. Time is an alias for StartTime and can be specified
instead of StartTime , or vice versa. If both Time and StartTime are specified,
their values should be identical. Otherwise, PutScheduledUpdateGroupAction
will return an error.
StartTime (datetime) The time for this action to start, as in --start-time
2010-06-01T00:00:00Z .
If you try to schedule your action in the past, Auto Scaling returns an error message.
When StartTime and EndTime are specified with Recurrence , they form the
boundaries of when the recurring action will start and stop.
EndTime (datetime) The time for this action to end.
Recurrence (string) The time when recurring future actions will start. Start time is
specified by the user following the Unix cron syntax format. For information about cron
syntax, go to Wikipedia, The Free Encyclopedia .
When StartTime and EndTime are specified with Recurrence , they form the
boundaries of when the recurring action will start and stop.
MinSize (integer) The minimum size for the new Auto Scaling group.
MaxSize (integer) The maximum size for the Auto Scaling group.
DesiredCapacity (integer) The number of Amazon EC2 instances that should be run-
ning in the group.
Return type dict
record_lifecycle_action_heartbeat(LifecycleHookName, AutoScalingGroupName, Lifecy-

cleActionToken)
Records a heartbeat for the lifecycle action associated with a specific token. This extends the timeout by
the length of time defined by the HeartbeatTimeout parameter of PutLifecycleHook .

Create the lifecycle hook. You can create a hook that acts when instances launch or when instances
terminate.
Complete the lifecycle action.
Parameters
AutoScalingGroupName (string) The name of the Auto Scaling group for the hook.
LifecycleActionToken (string) A token that uniquely identifies a specific lifecycle ac-
tion associated with an instance. Auto Scaling sends this token to the notification target
you specified when you created the lifecycle hook.
Return type dict
resume_processes(AutoScalingGroupName, ScalingProcesses=None)
Resumes the specified suspended Auto Scaling processes for the specified Auto Scaling group. To re-
sume specific processes, use the ScalingProcesses parameter. To resume all processes, omit the
ScalingProcesses parameter. For more information, see Suspend and Resume Auto Scaling Pro-
cesses in the Auto Scaling Developer Guide .
Parameters
Auto Scaling group.
ScalingProcesses (list) One or more of the following processes:
Launch
Terminate
HealthCheck
ReplaceUnhealthy
AZRebalance
AlarmNotification
ScheduledActions
AddToLoadBalancer
Return type dict
set_desired_capacity(AutoScalingGroupName, DesiredCapacity, HonorCooldown=None)
Sets the size of the specified AutoScalingGroup .
Parameters
Auto Scaling group.
2.1. Services 33
HonorCooldown (boolean) By default, SetDesiredCapacity overrides any

cooldown period associated with the Auto Scaling group. Specify True to make Auto
Scaling to wait for the cool-down period associated with the Auto Scaling group to com-
plete before initiating a scaling activity to set your Auto Scaling group to its new capacity.
Return type dict
set_instance_health(InstanceId, HealthStatus, ShouldRespectGracePeriod=None)
Sets the health status of the specified instance.
For more information, see Health Checks in the Auto Scaling Developer Guide .
Parameters
InstanceId (string) The ID of the EC2 instance.
HealthStatus (string) The health status of the instance. Set to Healthy if you want
the instance to remain in service. Set to Unhealthy if you want the instance to be out of
service. Auto Scaling will terminate and replace the unhealthy instance.
ShouldRespectGracePeriod (boolean) If the Auto Scaling group of the specified in-
stance has a HealthCheckGracePeriod specified for the group, by default, this call
will respect the grace period. Set this to False , if you do not want the call to respect the
grace period associated with the group.
For more information, see the HealthCheckGracePeriod parameter description for
CreateAutoScalingGroup .
Return type dict
suspend_processes(AutoScalingGroupName, ScalingProcesses=None)
Suspends the specified Auto Scaling processes for the specified Auto Scaling group. To suspend
specific processes, use the ScalingProcesses parameter. To suspend all processes, omit the
ScalingProcesses parameter.
Note that if you suspend either the Launch or Terminate process types, it can prevent other process
types from functioning properly.
To resume processes that have been suspended, use ResumeProcesses .
For more information, see Suspend and Resume Auto Scaling Processes in the Auto Scaling Developer
Guide .
Parameters
Auto Scaling group.
ScalingProcesses (list) One or more of the following processes:
Launch
Terminate
HealthCheck
ReplaceUnhealthy
AZRebalance
AlarmNotification
ScheduledActions
AddToLoadBalancer

Return type dict

terminate_instance_in_auto_scaling_group(InstanceId, ShouldDecrementDesiredCa-
pacity)
Terminates the specified instance and optionally adjusts the desired group size.
Note: This call simply makes a termination request. The instances is not terminated immediately.
Parameters
InstanceId (string) The ID of the EC2 instance.
ShouldDecrementDesiredCapacity (boolean) If true , terminating this instance also
decrements the size of the Auto Scaling group.
Return type dict
update_auto_scaling_group(AutoScalingGroupName, LaunchConfigurationName=None,
MinSize=None, MaxSize=None, DesiredCapacity=None, De-
faultCooldown=None, AvailabilityZones=None, HealthCheck-
Type=None, HealthCheckGracePeriod=None, Placement-
Group=None, VPCZoneIdentifier=None, TerminationPoli-
cies=None)
Updates the configuration for the specified AutoScalingGroup .
Note: To update an Auto Scaling group with a launch configuration that has the
InstanceMonitoring flag set to False , you must first ensure that collection of group metrics is
disabled. Otherwise, calls to UpdateAutoScalingGroup will fail. If you have previously enabled group
metrics collection, you can disable collection of all group metrics by calling DisableMetricsCollection .
The new settings are registered upon the completion of this call. Any launch configuration settings take
effect on any triggers after this call returns. Scaling activities that are currently in progress arent affected.
Note:
If a new value is specified for MinSize without specifying the value for DesiredCapacity , and if the
new MinSize is larger than the current size of the Auto Scaling group, there will be an implicit call to
SetDesiredCapacity to set the group to the new MinSize .
If a new value is specified for MaxSize without specifying the value for DesiredCapacity , and the
new MaxSize is smaller than the current size of the Auto Scaling group, there will be an implicit call
to SetDesiredCapacity to set the group to the new MaxSize .
All other optional parameters are left unchanged if not passed in the request.
Parameters
LaunchConfigurationName (string) The name of the launch configuration.
MinSize (integer) The minimum size of the Auto Scaling group.
MaxSize (integer) The maximum size of the Auto Scaling group.
Auto Scaling group. This value must be greater than or equal to the minimum size of the
group and less than or equal to the maximum size of the group.
2.1. Services 35
DefaultCooldown (integer) The amount of time, in seconds, after a scaling activity com-
pletes before another scaling activity can start. For more information, see Understanding
Auto Scaling Cooldowns .
AvailabilityZones (list) One or more Availability Zones for the group.
HealthCheckType (string) The type of health check for the instances in the Auto Scaling
group. The health check type can either be EC2 for Amazon EC2 or ELB for Elastic Load
Balancing.
HealthCheckGracePeriod (integer) The amount of time, in second, that Auto Scaling
waits before checking the health status of an instance. The grace period begins when the
instance passes System Status and the Instance Status checks from Amazon EC2. For
more information, see DescribeInstanceStatus .
PlacementGroup (string) The name of the placement group into which youll launch
your instances, if any. For more information, see Placement Groups .
VPCZoneIdentifier (string) The subnet identifier for the Amazon VPC connection, if
applicable. You can specify several subnets in a comma-separated list.
When you specify VPCZoneIdentifier with AvailabilityZones , ensure that
the subnets Availability Zones match the values you specify for AvailabilityZones
.
Guide .
TerminationPolicies (list) A standalone termination policy or a list of termination poli-
cies used to select the instance to terminate. The policies are executed in the order that
they are listed.
For more information, see Choosing a Termination Policy for Your Auto Scaling Group in
Return type dict
2.1.2 AWS CloudFormation
Table of Contents
AWS CloudFormation
Client
Service Resource
Event
Stack
StackResource
StackResourceSummary
Client
class cloudformation.Client
A low-level client representing AWS CloudFormation:

import boto3
cloudformation = boto3.client(cloudformation)
cancel_update_stack(StackName)
Cancels an update on the specified stack. If the call completes successfully, the stack will roll back the
update and revert to the previous stack configuration.
Note: Only stacks that are in the UPDATE_IN_PROGRESS state can be canceled.
Parameters StackName (string) The name or the unique identifier associated with the stack.
Return type dict
create_stack(StackName, TemplateBody=None, TemplateURL=None, Parameters=None, Dis-

ableRollback=None, TimeoutInMinutes=None, NotificationARNs=None, Capa-
bilities=None, OnFailure=None, StackPolicyBody=None, StackPolicyURL=None,
Tags=None)
Creates a stack as specified in the template. After the call completes successfully, the stack creation starts.
You can check the status of the stack via the DescribeStacks API.
Parameters
StackName (string) The name associated with the stack. The name must be unique
within your AWS account.
Note: Must contain only alphanumeric characters (case sensitive) and start with an alpha
character. Maximum length of the name is 255 characters.
TemplateBody (string) Structure containing the template body with a minimum length
of 1 byte and a maximum length of 51,200 bytes. For more information, go to Template
Anatomy in the AWS CloudFormation User Guide.
Conditional: You must specify either the TemplateBody or the TemplateURL param-
eter, but not both.
TemplateURL (string) Location of file containing the template body. The URL must
point to a template (max size: 307,200 bytes) located in an S3 bucket in the same region as
the stack. For more information, go to the Template Anatomy in the AWS CloudFormation
User Guide.
eter, but not both.
Parameters (list) A list of Parameter structures that specify input parameters for the
stack.
DisableRollback (boolean) Set to true to disable rollback of the stack if stack creation
failed. You can specify either DisableRollback or OnFailure , but not both.
Default: false
TimeoutInMinutes (integer) The amount of time that can pass before the stack status
becomes CREATE_FAILED; if DisableRollback is not set or is set to false , the
stack will be rolled back.
NotificationARNs (list) The Simple Notification Service (SNS) topic ARNs to publish
stack related events. You can find your SNS topic ARNs using the SNS console or your
Command Line Interface (CLI).
2.1. Services 37
Capabilities (list) A list of capabilities that you must specify before AWS CloudFor-
mation can create or update certain stacks. Some stack templates might include resources
that can affect permissions in your AWS account. For those stacks, you must explicitly
acknowledge their capabilities by specifying this parameter.
Currently, the only valid value is CAPABILITY_IAM , which is required for the following
resources: AWS::CloudFormation::Stack , AWS::IAM::AccessKey , AWS::IAM::Group ,
AWS::IAM::InstanceProfile , AWS::IAM::Policy , AWS::IAM::Role , AWS::IAM::User ,
and AWS::IAM::UserToGroupAddition . If your stack template contains these resources,
we recommend that you review any permissions associated with them. If you dont specify
this parameter, this action returns an InsufficientCapabilities error.
OnFailure (string) Determines what action will be taken if stack creation fails. This
must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either
OnFailure or DisableRollback , but not both.
Default: ROLLBACK
StackPolicyBody (string) Structure containing the stack policy body. For more informa-
tion, go to Prevent Updates to Stack Resources in the AWS CloudFormation User Guide.
You can specify either the StackPolicyBody or the StackPolicyURL parameter,
but not both.
StackPolicyURL (string) Location of a file containing the stack policy. The URL must
point to a policy (max size: 16KB) located in an S3 bucket in the same region as the stack.
but not both.
Tags (list) A set of user-defined Tags to associate with this stack, represented by
key/value pairs. Tags defined for the stack are propagated to EC2 resources that are created
as part of the stack. A maximum number of 10 tags can be specified.
Return type dict
delete_stack(StackName)
Deletes a specified stack. Once the call completes successfully, stack deletion starts. Deleted stacks do not
show up in the DescribeStacks API if the deletion has been completed successfully.
Parameters StackName (string) The name or the unique identifier associated with the stack.
Return type dict
describe_stack_events(StackName=None, NextToken=None)
Returns all stack related events for a specified stack. For more information about a stacks event history,
go to Stacks in the AWS CloudFormation User Guide.
Note: You can list events for stacks that have failed to create or have been deleted by specifying the
unique stack identifier (stack ID).

Parameters
StackName (string) The name or the unique identifier associated with the stack, which
are not always interchangeable:
Running stacks: You can specify either the stacks name or its unique stack ID.
Deleted stacks: You must specify the unique stack ID.
Default: There is no default value.

NextToken (string) String that identifies the start of the next list of events, if there is
one.
Return type dict
describe_stack_resource(StackName, LogicalResourceId)
Returns a description of the specified resource in the specified stack.
For deleted stacks, DescribeStackResource returns resource information for up to 90 days after the stack
has been deleted.
Parameters
LogicalResourceId (string) The logical name of the resource as specified in the tem-
plate.
Return type dict
describe_stack_resources(StackName=None, LogicalResourceId=None, PhysicalResour-
ceId=None)
Returns AWS resource descriptions for running and deleted stacks. If StackName is specified, all the
associated resources that are part of the stack are returned. If PhysicalResourceId is specified, the
associated resources of the stack that the resource belongs to are returned.
Note: Only the first 100 resources will be returned. If your stack has more resources than this, you should
use ListStackResources instead.
For deleted stacks, DescribeStackResources returns resource information for up to 90 days after
the stack has been deleted.
You must specify either StackName or PhysicalResourceId , but not both. In addition, you can
specify LogicalResourceId to filter the returned result. For more information about resources, the
LogicalResourceId and PhysicalResourceId , go to the AWS CloudFormation User Guide .
Note: A ValidationError is returned if you specify both StackName and

PhysicalResourceId in the same request.
Parameters
Required: Conditional. If you do not specify StackName , you must specify
PhysicalResourceId .
2.1. Services 39
LogicalResourceId (string) The logical name of the resource as specified in the tem-
plate.
PhysicalResourceId (string) The name or unique identifier that corresponds to a physi-
cal instance ID of a resource supported by AWS CloudFormation.
For example, for an Amazon Elastic Compute Cloud (EC2) instance,
PhysicalResourceId corresponds to the InstanceId . You can pass the
EC2 InstanceId to DescribeStackResources to find which stack the instance
belongs to and what other resources are part of the stack.
Required: Conditional. If you do not specify PhysicalResourceId , you must spec-
ify StackName .
Return type dict
describe_stacks(StackName=None, NextToken=None)
Returns the description for the specified stack; if no stack name was specified, then it returns the description
for all the stacks created.
Parameters
NextToken (string) String that identifies the start of the next list of stacks, if there is one.
Return type dict
estimate_template_cost(TemplateBody=None, TemplateURL=None, Parameters=None)
Returns the estimated monthly cost of a template. The return value is an AWS Simple Monthly Calculator
URL with a query string that describes the resources required to run the template.
Parameters
of 1 byte and a maximum length of 51,200 bytes. (For more information, go to Template
Anatomy in the AWS CloudFormation User Guide.)
Conditional: You must pass TemplateBody or TemplateURL . If both are passed,
only TemplateBody is used.
point to a template located in an S3 bucket in the same region as the stack. For more
information, go to Template Anatomy in the AWS CloudFormation User Guide.
Conditional: You must pass TemplateURL or TemplateBody . If both are passed,
Parameters (list) A list of Parameter structures that specify input parameters.
Return type dict

get_stack_policy(StackName)
Returns the stack policy for a specified stack. If a stack doesnt have a policy, a null value is returned.
Parameters StackName (string) The name or stack ID that is associated with the stack whose
policy you want to get.
Return type dict
get_template(StackName)
Returns the template body for a specified stack. You can get the template for running or deleted stacks.
For deleted stacks, GetTemplate returns the template for up to 90 days after the stack has been deleted.
Note: If the template does not exist, a ValidationError is returned.
Parameters StackName (string) The name or the unique identifier associated with the stack,
which are not always interchangeable:
Return type dict
get_template_summary(TemplateBody=None, TemplateURL=None, StackName=None)

Returns information about a new or existing template. The GetTemplateSummary action is useful for
viewing parameter information, such as default parameter values and parameter types, before you create
or update a stack.
You can use the GetTemplateSummary action when you submit a template, or you can get template
information for a running or deleted stack.
For deleted stacks, GetTemplateSummary returns the template information for up to 90 days after the
stack has been deleted. If the template does not exist, a ValidationError is returned.
Parameters
of 1 byte and a maximum length of 51,200 bytes. For more information about templates,
see Template Anatomy in the AWS CloudFormation User Guide.
Conditional: You must specify only one of the following parameters: StackName ,
TemplateBody , or TemplateURL .
point to a template (max size: 307,200 bytes) located in an Amazon S3 bucket. For more
information about templates, see Template Anatomy in the AWS CloudFormation User
Guide.
are not always interchangeable. For running stacks, you can specify either the stacks
name or its unique stack ID. For deleted stack, you must specify the unique stack ID.
Return type dict
2.1. Services 41
list_stack_resources(StackName, NextToken=None)
Returns descriptions of all resources of the specified stack.
For deleted stacks, ListStackResources returns resource information for up to 90 days after the stack has
been deleted.
Parameters
NextToken (string) String that identifies the start of the next list of stack resource sum-
maries, if there is one.
Return type dict
list_stacks(NextToken=None, StackStatusFilter=None)
Returns the summary information for stacks whose status matches the specified StackStatusFilter. Sum-
mary information for stacks that have been deleted is kept for 90 days after the stack is deleted. If no
StackStatusFilter is specified, summary information for all stacks is returned (including existing stacks
and stacks that have been deleted).
Parameters
NextToken (string) String that identifies the start of the next list of stacks, if there is one.
StackStatusFilter (list) Stack status to use as a filter. Specify one or more stack status
codes to list only stacks with the specified status codes. For a complete list of stack status
codes, see the StackStatus parameter of the Stack data type.
Return type dict
set_stack_policy(StackName, StackPolicyBody=None, StackPolicyURL=None)
Sets a stack policy for a specified stack.
Parameters
StackName (string) The name or stack ID that you want to associate a policy with.
but not both.
but not both.
Return type dict

signal_resource(StackName, LogicalResourceId, UniqueId, Status)

Sends a signal to the specified resource with a success or failure status. You can use the SignalResource
API in conjunction with a creation policy or update policy. AWS CloudFormation doesnt proceed with
a stack creation or update until resources receive the required number of signals or the timeout period is
exceeded. The SignalResource API is useful in cases where you want to send signals from anywhere other
than an Amazon EC2 instance.
Parameters
StackName (string) The stack name or ID that includes the resource that you want to
signal.
LogicalResourceId (string) The logical ID of the resource that you want to signal. The
logical ID is the name of the resource that given in the template.
UniqueId (string) A unique ID of the signal. When you signal Amazon EC2 instances
or Auto Scaling groups, specify the instance ID that you are signaling as the unique ID.
If you send multiple signals to a single resource (such as signaling a wait condition), each
signal requires a different unique ID.
Status (string) The status of the signal, which is either success or failure. A failure
signal causes AWS CloudFormation to immediately fail the stack creation or update.
Return type dict
update_stack(StackName, TemplateBody=None, TemplateURL=None, UsePreviousTemplate=None,
StackPolicyDuringUpdateBody=None, StackPolicyDuringUpdateURL=None, Param-
eters=None, Capabilities=None, StackPolicyBody=None, StackPolicyURL=None, No-
tificationARNs=None)
Updates a stack as specified in the template. After the call completes successfully, the stack update starts.
You can check the status of the stack via the DescribeStacks action.
To get a copy of the template for an existing stack, you can use the GetTemplate action.
Tags that were associated with this stack during creation time will still be associated with the stack after
an UpdateStack operation.
For more information about creating an update template, updating a stack, and monitoring the progress of
the update, see Updating a Stack .
Parameters
StackName (string) The name or stack ID of the stack to update.
eter, but not both.
eter, but not both.
2.1. Services 43
UsePreviousTemplate (boolean) Reuse the existing template that is associated with the
stack that you are updating.
StackPolicyDuringUpdateBody (string) Structure containing the temporary overriding
stack policy body. You can specify either the StackPolicyDuringUpdateBody or
the StackPolicyDuringUpdateURL parameter, but not both.
If you want to update protected resources, specify a temporary overriding stack policy
during this update. If you do not specify a stack policy, the current policy that is associated
with the stack will be used.
StackPolicyDuringUpdateURL (string) Location of a file containing the tempo-
rary overriding stack policy. The URL must point to a policy (max size: 16KB) lo-
cated in an S3 bucket in the same region as the stack. You can specify either the
StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL
parameter, but not both.
stack.
Capabilities (list) A list of capabilities that you must specify before AWS Cloud-
Formation can create or update certain stacks. Some stack templates might include
resources that can affect permissions in your AWS account. For those stacks, you
must explicitly acknowledge their capabilities by specifying this parameter. Currently,
the only valid value is CAPABILITY_IAM , which is required for the following re-
sources: AWS::CloudFormation::Stack , AWS::IAM::AccessKey , AWS::IAM::Group ,
StackPolicyBody (string) Structure containing a new stack policy body. You can specify
either the StackPolicyBody or the StackPolicyURL parameter, but not both.
You might update the stack policy, for example, in order to protect a new resource that you
created during a stack update. If you do not specify a stack policy, the current policy that
is associated with the stack is unchanged.
StackPolicyURL (string) Location of a file containing the updated stack policy. The
URL must point to a policy (max size: 16KB) located in an S3 bucket in the same region
as the stack. You can specify either the StackPolicyBody or the StackPolicyURL
NotificationARNs (list) Update the ARNs for the Amazon SNS topics that are associ-
ated with the stack.
Return type dict
validate_template(TemplateBody=None, TemplateURL=None)
Validates a specified template.
Parameters

point to a template (max size: 307,200 bytes) located in an S3 bucket in the same region
as the stack. For more information, go to Template Anatomy in the AWS CloudFormation
User Guide.
Return type dict
Service Resource
class cloudformation.Service
A resource representing AWS CloudFormation:
import boto3
cloudformation = boto3.resource(cloudformation)
Actions
Actions call operations on resources, automatically handling the passing in of arguments set from identifiers and
some attributes.
create_stack(StackName, TemplateBody=None, TemplateURL=None, Parameters=None, Dis-
ableRollback=None, TimeoutInMinutes=None, NotificationARNs=None, Capa-
bilities=None, OnFailure=None, StackPolicyBody=None, StackPolicyURL=None,
Tags=None)
This method calls cloudformation.Client.create_stack().
Parameters
StackName (string) The name associated with the stack. The name must be unique
within your AWS account.
eter, but not both.
point to a template (max size: 307,200 bytes) located in an S3 bucket in the same region as
the stack. For more information, go to the Template Anatomy in the AWS CloudFormation
User Guide.
eter, but not both.
2.1. Services 45
stack.
DisableRollback (boolean) Set to true to disable rollback of the stack if stack creation
failed. You can specify either DisableRollback or OnFailure , but not both.
Default: false
TimeoutInMinutes (integer) The amount of time that can pass before the stack status
becomes CREATE_FAILED; if DisableRollback is not set or is set to false , the
stack will be rolled back.
NotificationARNs (list) The Simple Notification Service (SNS) topic ARNs to publish
stack related events. You can find your SNS topic ARNs using the SNS console or your
Command Line Interface (CLI).
Capabilities (list) A list of capabilities that you must specify before AWS CloudFor-
mation can create or update certain stacks. Some stack templates might include resources
that can affect permissions in your AWS account. For those stacks, you must explicitly
acknowledge their capabilities by specifying this parameter.
Currently, the only valid value is CAPABILITY_IAM , which is required for the following
resources: AWS::CloudFormation::Stack , AWS::IAM::AccessKey , AWS::IAM::Group ,
OnFailure (string) Determines what action will be taken if stack creation fails. This
must be one of: DO_NOTHING, ROLLBACK, or DELETE. You can specify either
OnFailure or DisableRollback , but not both.
Default: ROLLBACK
but not both.
but not both.
Tags (list) A set of user-defined Tags to associate with this stack, represented by
key/value pairs. Tags defined for the stack are propagated to EC2 resources that are created
as part of the stack. A maximum number of 10 tags can be specified.
Return type cloudformation.Stack
Sub-resources
Sub-resources are methods that create a new instance of a child resource. This resources identifiers get passed
along to the child.
Event(id)
Create a cloudformation.Event instance.
Stack(name)
Create a cloudformation.Stack instance.

StackResource(logical_id, stack_name)
Create a cloudformation.StackResource instance.
StackResourceSummary(logical_id, stack_name)
Create a cloudformation.StackResourceSummary instance.
Collections
Collections provide an interface to iterate and manipulate groups of resources.
stacks
(CollectionManager) A collection of cloudformation.Stack instances. This collection uses
the cloudformation.Client.describe_stacks() operation to get items.
Event
class cloudformation.Event(id)
A resource representing an AWS CloudFormation Event:
import boto3
event = cloudformation.Event(id)
Attributes &Identifiers
Attributes & identifiers provide access to the properties of a resource. Attributes are lazy-loaded the first time
one is accessed via the load() method, if it exists.
Identifiers:
id
(string, identifier) The Events Id identifier. This attribute must be set for the actions below to work.
Attributes:
event_id
(string) The unique ID of this event.
logical_resource_id
(string) The logical name of the resource specified in the template.
physical_resource_id
(string) The name or unique identifier associated with the physical instance of the resource.
resource_properties
(string) BLOB of the properties used to create the resource.
resource_status
(string) Current status of the resource.
resource_status_reason
(string) Success/failure message associated with the resource.
resource_type
(string) Type of resource. (For more information, go to AWS Resource Types Reference in the AWS
CloudFormation User Guide.)
stack_id
(string) The unique ID name of the instance of the stack.
stack_name
(string) The name associated with a stack.
2.1. Services 47
timestamp
(datetime) Time the status was updated.
Actions
some attributes.
Stack
class cloudformation.Stack(name)
A resource representing an AWS CloudFormation Stack:
import boto3
stack = cloudformation.Stack(name)
Identifiers:
name
(string, identifier) The Stacks Name identifier. This attribute must be set for the actions below to
work.
Attributes:
capabilities
(list) The capabilities allowed in the stack.
creation_time
(datetime) Time at which the stack was created.
description
(string) User defined description associated with the stack.
disable_rollback
(boolean) Boolean to enable or disable rollback on stack creation failures:
true : disable rollback
false : enable rollback
last_updated_time
(datetime) The time the stack was last updated. This field will only be returned if the stack has been
updated at least once.
notification_arns
(list) SNS topic ARNs to which stack related events are published.
outputs
(list) A list of output structures.
parameters
(list) A list of Parameter structures.
stack_id
(string) Unique identifier of the stack.

stack_name
(string) The name associated with the stack.
stack_status
(string) Current status of the stack.
stack_status_reason
(string) Success/failure message associated with the stack status.
tags
(list) A list of Tag s that specify cost allocation information for the stack.
timeout_in_minutes
(integer) The amount of time within which stack creation should complete.
Actions
some attributes.
cancel_update()
This method calls cloudformation.Client.cancel_update_stack().
Return type dict
delete()
This method calls cloudformation.Client.delete_stack().
Return type dict
update(TemplateBody=None, TemplateURL=None, UsePreviousTemplate=None, StackPolicy-
DuringUpdateBody=None, StackPolicyDuringUpdateURL=None, Parameters=None, Capa-
bilities=None, StackPolicyBody=None, StackPolicyURL=None, NotificationARNs=None)
This method calls cloudformation.Client.update_stack().
Parameters
eter, but not both.
eter, but not both.
UsePreviousTemplate (boolean) Reuse the existing template that is associated with the
stack that you are updating.
StackPolicyDuringUpdateBody (string) Structure containing the temporary overriding
stack policy body. You can specify either the StackPolicyDuringUpdateBody or
the StackPolicyDuringUpdateURL parameter, but not both.
2.1. Services 49
StackPolicyDuringUpdateURL (string) Location of a file containing the tempo-

rary overriding stack policy. The URL must point to a policy (max size: 16KB) lo-
cated in an S3 bucket in the same region as the stack. You can specify either the
StackPolicyDuringUpdateBody or the StackPolicyDuringUpdateURL
stack.
Capabilities (list) A list of capabilities that you must specify before AWS Cloud-
Formation can create or update certain stacks. Some stack templates might include
resources that can affect permissions in your AWS account. For those stacks, you
must explicitly acknowledge their capabilities by specifying this parameter. Currently,
the only valid value is CAPABILITY_IAM , which is required for the following re-
sources: AWS::CloudFormation::Stack , AWS::IAM::AccessKey , AWS::IAM::Group ,
StackPolicyBody (string) Structure containing a new stack policy body. You can specify
either the StackPolicyBody or the StackPolicyURL parameter, but not both.
StackPolicyURL (string) Location of a file containing the updated stack policy. The
URL must point to a policy (max size: 16KB) located in an S3 bucket in the same region
as the stack. You can specify either the StackPolicyBody or the StackPolicyURL
NotificationARNs (list) Update the ARNs for the Amazon SNS topics that are associ-
ated with the stack.
Return type dict
Sub-resources
along to the child.
StackResource(stack_name)
Create a cloudformation.StackResource instance.
Collections
events
(CollectionManager) A collection of cloudformation.Event instances. This collection uses
the cloudformation.Client.describe_stack_events() operation to get items.

resource_summaries
(CollectionManager) A collection of cloudformation.StackResourceSummary instances.
This collection uses the cloudformation.Client.list_stack_resources() operation to get
items.
StackResource
class cloudformation.StackResource(logical_id, stack_name)

A resource representing an AWS CloudFormation StackResource:
import boto3
stack_resource = cloudformation.StackResource(logical_id, stack_name)
Identifiers:
logical_id
(string, identifier) The StackResources LogicalId identifier. This attribute must be set for the actions
below to work.
stack_name
(string, identifier) The StackResources StackName identifier. This attribute must be set for the actions
below to work.
Attributes:
description
(string) User defined description associated with the resource.
last_updated_timestamp
logical_resource_id
metadata
(string) The JSON format content of the Metadata attribute declared for the resource. For more
information, see Metadata Attribute in the AWS CloudFormation User Guide.
(string) The name or unique identifier that corresponds to a physical instance ID of a resource supported
by AWS CloudFormation.
resource_status
resource_type
(string) Type of resource. ((For more information, go to AWS Resource Types Reference in the AWS
stack_id
(string) Unique identifier of the stack.
2.1. Services 51
stack_name
(string) The name associated with the stack.
Actions
some attributes.
References
References are related resource instances that have a belongs-to relationship.
stack
(cloudformation.Stack) The related Stack if set, otherwise None.
StackResourceSummary
class cloudformation.StackResourceSummary(logical_id, stack_name)

A resource representing an AWS CloudFormation StackResourceSummary:
import boto3
stack_resource_summary = cloudformation.StackResourceSummary(logical_id, stack_name)
Identifiers:
logical_id
(string, identifier) The StackResourceSummarys LogicalId identifier. This attribute must be set for
the actions below to work.
stack_name
(string, identifier) The StackResourceSummarys StackName identifier. This attribute must be set for
Attributes:
last_updated_timestamp
logical_resource_id
(string) The name or unique identifier that corresponds to a physical instance ID of the resource.
resource_status
resource_type
(string) Type of resource. (For more information, go to AWS Resource Types Reference in the AWS

Actions
some attributes.
References
resource
(cloudformation.StackResource) The related StackResource if set, otherwise None.
2.1.3 Amazon CloudFront
Table of Contents
Amazon CloudFront
Client
Client
class cloudfront.Client
A low-level client representing Amazon CloudFront:
import boto3
cloudfront = boto3.client(cloudfront)
CreateCloudFrontOriginAccessIdentity2014_10_21(CloudFrontOriginAccessIdentityConfig)
Create a new origin access identity.
Parameters CloudFrontOriginAccessIdentityConfig (dict) The origin access identitys con-
figuration information.
Return type dict
CreateDistribution2014_10_21(DistributionConfig)
Create a new distribution.
Parameters DistributionConfig (dict) The distributions configuration information.
Return type dict
CreateInvalidation2014_10_21(DistributionId, InvalidationBatch)
Create a new invalidation.
Parameters
DistributionId (string) The distributions id.
InvalidationBatch (dict) The batch information for the invalidation.
Return type dict
CreateStreamingDistribution2014_10_21(StreamingDistributionConfig)
Create a new streaming distribution.
Parameters StreamingDistributionConfig (dict) The streaming distributions configuration
information.
2.1. Services 53
Return type dict

DeleteCloudFrontOriginAccessIdentity2014_10_21(Id, IfMatch=None)
Delete an origin access identity.
Parameters
Id (string) The origin access identitys id.
IfMatch (string) The value of the ETag header you received from a previous GET or
PUT request. For example: E2QWRUHAPOMQZL.
Return type dict
DeleteDistribution2014_10_21(Id, IfMatch=None)
Delete a distribution.
Parameters
Id (string) The distribution id.
IfMatch (string) The value of the ETag header you received when you disabled the
distribution. For example: E2QWRUHAPOMQZL.
Return type dict
DeleteStreamingDistribution2014_10_21(Id, IfMatch=None)
Delete a streaming distribution.
Parameters
Id (string) The distribution id.
IfMatch (string) The value of the ETag header you received when you disabled the
streaming distribution. For example: E2QWRUHAPOMQZL.
Return type dict
GetCloudFrontOriginAccessIdentity2014_10_21(Id)
Get the information about an origin access identity.
Parameters Id (string) The identitys id.
Return type dict
GetCloudFrontOriginAccessIdentityConfig2014_10_21(Id)
Get the configuration information about an origin access identity.
Parameters Id (string) The identitys id.
Return type dict
GetDistribution2014_10_21(Id)
Get the information about a distribution.
Parameters Id (string) The distributions id.
Return type dict
GetDistributionConfig2014_10_21(Id)
Get the configuration information about a distribution.
Parameters Id (string) The distributions id.
Return type dict
GetInvalidation2014_10_21(DistributionId, Id)
Get the information about an invalidation.

Parameters
Id (string) The invalidations id.
Return type dict
GetStreamingDistribution2014_10_21(Id)
Get the information about a streaming distribution.
Parameters Id (string) The streaming distributions id.
Return type dict
GetStreamingDistributionConfig2014_10_21(Id)
Get the configuration information about a streaming distribution.
Parameters Id (string) The streaming distributions id.
Return type dict
get_waiter(name)
Get a waiter by name. Available waiters:
distribution_deployed
invalidation_completed
streaming_distribution_deployed
ListCloudFrontOriginAccessIdentities2014_10_21(Marker=None, MaxItems=None)
List origin access identities.
Parameters
Marker (string) Use this when paginating results to indicate where to begin in your
list of origin access identities. The results include identities in the list that occur after the
marker. To get the next page of results, set the Marker to the value of the NextMarker from
the current pages response (which is also the ID of the last identity on that page).
MaxItems (string) The maximum number of origin access identities you want in the
response body.
Return type dict
ListDistributions2014_10_21(Marker=None, MaxItems=None)
List distributions.
Parameters
Marker (string) Use this when paginating results to indicate where to begin in your list
of distributions. The results include distributions in the list that occur after the marker. To
get the next page of results, set the Marker to the value of the NextMarker from the current
pages response (which is also the ID of the last distribution on that page).
MaxItems (string) The maximum number of distributions you want in the response
body.
Return type dict
2.1. Services 55
ListInvalidations2014_10_21(DistributionId, Marker=None, MaxItems=None)

List invalidation batches.
Parameters
Marker (string) Use this parameter when paginating results to indicate where to begin
in your list of invalidation batches. Because the results are returned in decreasing order
from most recent to oldest, the most recent results are on the first page, the second page
will contain earlier results, and so on. To get the next page of results, set the Marker to the
value of the NextMarker from the current pages response. This value is the same as the
ID of the last invalidation batch on that page.
MaxItems (string) The maximum number of invalidation batches you want in the re-
sponse body.
Return type dict
ListStreamingDistributions2014_10_21(Marker=None, MaxItems=None)
List streaming distributions.
Parameters
Marker (string) Use this when paginating results to indicate where to begin in your list
of streaming distributions. The results include distributions in the list that occur after the
marker. To get the next page of results, set the Marker to the value of the NextMarker from
the current pages response (which is also the ID of the last distribution on that page).
MaxItems (string) The maximum number of streaming distributions you want in the
response body.
Return type dict
UpdateCloudFrontOriginAccessIdentity2014_10_21(CloudFrontOriginAccessIdentityConfig,
Id, IfMatch=None)
Update an origin access identity.
Parameters
CloudFrontOriginAccessIdentityConfig (dict) The identitys configuration informa-
tion.
Id (string) The identitys id.
IfMatch (string) The value of the ETag header you received when retrieving the iden-
titys configuration. For example: E2QWRUHAPOMQZL.
Return type dict
UpdateDistribution2014_10_21(DistributionConfig, Id, IfMatch=None)
Update a distribution.
Parameters
DistributionConfig (dict) The distributions configuration information.
Id (string) The distributions id.
IfMatch (string) The value of the ETag header you received when retrieving the distri-
butions configuration. For example: E2QWRUHAPOMQZL.

Return type dict

UpdateStreamingDistribution2014_10_21(StreamingDistributionConfig, Id, If-
Match=None)
Update a streaming distribution.
Parameters
StreamingDistributionConfig (dict) The streaming distributions configuration infor-
mation.
Id (string) The streaming distributions id.
IfMatch (string) The value of the ETag header you received when retrieving the stream-
ing distributions configuration. For example: E2QWRUHAPOMQZL.
Return type dict
2.1.4 Amazon CloudSearch
Table of Contents
Amazon CloudSearch
Client
Client
class cloudsearch.Client
A low-level client representing Amazon CloudSearch:
import boto3
cloudsearch = boto3.client(cloudsearch)
build_suggesters(DomainName)
Indexes the search suggestions. For more information, see Configuring Suggesters in the Amazon Cloud-
Search Developer Guide .
Parameters DomainName (string) A string that represents the name of a domain. Domain
names are unique across the domains owned by an account within an AWS region. Domain
names start with a letter or number and can contain the following characters: a-z (lowercase),
0-9, and - (hyphen).
Return type dict
create_domain(DomainName)
Creates a new search domain. For more information, see Creating a Search Domain in the Amazon Cloud-
Parameters DomainName (string) A name for the domain you are creating. Allowed charac-
ters are a-z (lower-case letters), 0-9, and hyphen (-). Domain names must start with a letter
or number and be at least 3 and no more than 28 characters long.
Return type dict
2.1. Services 57
define_analysis_scheme(DomainName, AnalysisScheme)
Configures an analysis scheme that can be applied to a text or text-array field to define language-
specific text processing options. For more information, see Configuring Analysis Schemes in the Amazon
CloudSearch Developer Guide .
Parameters
DomainName (string) A string that represents the name of a domain. Domain names are
unique across the domains owned by an account within an AWS region. Domain names
start with a letter or number and can contain the following characters: a-z (lowercase), 0-9,
and - (hyphen).
AnalysisScheme (dict) Configuration information for an analysis scheme. Each anal-
ysis scheme has a unique name and specifies the language of the text to be pro-
cessed. The following options can be configured for an analysis scheme: Synonyms ,
Stopwords , StemmingDictionary , JapaneseTokenizationDictionary
and AlgorithmicStemming .
Return type dict
define_expression(DomainName, Expression)
Configures an Expression for the search domain. Used to create new expressions and modify existing
ones. If the expression exists, the new configuration replaces the old one. For more information, see
Configuring Expressions in the Amazon CloudSearch Developer Guide .
Parameters
and - (hyphen).
Expression (dict) A named expression that can be evaluated at search time. Can be used
to sort the search results, define other expressions, or return computed information in the
search results.
Return type dict
define_index_field(DomainName, IndexField)
Configures an IndexField for the search domain. Used to create new fields and modify existing ones.
You must specify the name of the domain you are configuring and an index field configuration. The index
field configuration specifies a unique name, the index field type, and the options you want to configure
for the field. The options you can specify depend on the IndexFieldType . If the field exists, the new
configuration replaces the old one. For more information, see Configuring Index Fields in the Amazon
Parameters
and - (hyphen).
IndexField (dict) The index field and field options you want to configure.
Return type dict
define_suggester(DomainName, Suggester)
Configures a suggester for a domain. A suggester enables you to display possible matches before users
finish typing their queries. When you configure a suggester, you must specify the name of the text field

you want to search for possible matches and a unique name for the suggester. For more information, see
Getting Search Suggestions in the Amazon CloudSearch Developer Guide .
Parameters
and - (hyphen).
Suggester (dict) Configuration information for a search suggester. Each suggester has
a unique name and specifies the text field you want to use for suggestions. The following
options can be configured for a suggester: FuzzyMatching , SortExpression .
Return type dict
delete_analysis_scheme(DomainName, AnalysisSchemeName)
Deletes an analysis scheme. For more information, see Configuring Analysis Schemes in the Amazon
Parameters
and - (hyphen).
AnalysisSchemeName (string) The name of the analysis scheme you want to delete.
Return type dict
delete_domain(DomainName)
Permanently deletes a search domain and all of its data. Once a domain has been deleted, it cannot be
recovered. For more information, see Deleting a Search Domain in the Amazon CloudSearch Developer
Guide .
Parameters DomainName (string) The name of the domain you want to permanently delete.
Return type dict
delete_expression(DomainName, ExpressionName)
Removes an Expression from the search domain. For more information, see Configuring Expressions
in the Amazon CloudSearch Developer Guide .
Parameters
and - (hyphen).
ExpressionName (string) The name of the Expression to delete.
Return type dict
delete_index_field(DomainName, IndexFieldName)
Removes an IndexField from the search domain. For more information, see Configuring Index Fields
Parameters
2.1. Services 59
and - (hyphen).
IndexFieldName (string) The name of the index field your want to remove from the
domains indexing options.
Return type dict
delete_suggester(DomainName, SuggesterName)
Deletes a suggester. For more information, see Getting Search Suggestions in the Amazon CloudSearch
Developer Guide .
Parameters
and - (hyphen).
SuggesterName (string) Specifies the name of the suggester you want to delete.
Return type dict
describe_analysis_schemes(DomainName, AnalysisSchemeNames=None, Deployed=None)
Gets the analysis schemes configured for a domain. An analysis scheme defines language-specific text
processing options for a text field. Can be limited to specific analysis schemes by name. By default,
shows all analysis schemes and includes any pending changes to the configuration. Set the Deployed
option to true to show the active configuration and exclude pending changes. For more information, see
Configuring Analysis Schemes in the Amazon CloudSearch Developer Guide .
Parameters
DomainName (string) The name of the domain you want to describe.
AnalysisSchemeNames (list) The analysis schemes you want to describe.
Deployed (boolean) Whether to display the deployed configuration (true ) or include
any pending changes (false ). Defaults to false .
Return type dict
describe_availability_options(DomainName, Deployed=None)
Gets the availability options configured for a domain. By default, shows the configuration with any pend-
ing changes. Set the Deployed option to true to show the active configuration and exclude pending
changes. For more information, see Configuring Availability Options in the Amazon CloudSearch Devel-
oper Guide .
Parameters
Return type dict
describe_domains(DomainNames=None)
Gets information about the search domains owned by this account. Can be limited to spe-
cific domains. Shows all domains by default. To get the number of searchable documents in
a domain, use the console or submit a matchall request to your domains search endpoint:
q=matchallamp;q.parser=structuredamp;size=0 . For more information, see Getting In-
formation about a Search Domain in the Amazon CloudSearch Developer Guide .

Parameters DomainNames (list) The names of the domains you want to include in the re-
sponse.
Return type dict
describe_expressions(DomainName, ExpressionNames=None, Deployed=None)
Gets the expressions configured for the search domain. Can be limited to specific expressions by name. By
default, shows all expressions and includes any pending changes to the configuration. Set the Deployed
option to true to show the active configuration and exclude pending changes. For more information, see
Configuring Expressions in the Amazon CloudSearch Developer Guide .
Parameters
ExpressionNames (list) Limits the DescribeExpressions response to the specified
expressions. If not specified, all expressions are shown.
Return type dict
describe_index_fields(DomainName, FieldNames=None, Deployed=None)
Gets information about the index fields configured for the search domain. Can be limited to specific fields
by name. By default, shows all fields and includes any pending changes to the configuration. Set the
Deployed option to true to show the active configuration and exclude pending changes. For more
information, see Getting Domain Information in the Amazon CloudSearch Developer Guide .
Parameters
FieldNames (list) A list of the index fields you want to describe. If not specified, infor-
mation is returned for all configured index fields.
Return type dict
describe_scaling_parameters(DomainName)
Gets the scaling parameters configured for a domain. A domains scaling parameters specify the desired
search instance type and replication count. For more information, see Configuring Scaling Options in the
Amazon CloudSearch Developer Guide .
Return type dict
describe_service_access_policies(DomainName, Deployed=None)
Gets information about the access policies that control access to the domains document and search end-
points. By default, shows the configuration with any pending changes. Set the Deployed option to true
to show the active configuration and exclude pending changes. For more information, see Configuring Ac-
cess for a Search Domain in the Amazon CloudSearch Developer Guide .
Parameters
2.1. Services 61

Return type dict
describe_suggesters(DomainName, SuggesterNames=None, Deployed=None)
Gets the suggesters configured for a domain. A suggester enables you to display possible matches before
users finish typing their queries. Can be limited to specific suggesters by name. By default, shows all
suggesters and includes any pending changes to the configuration. Set the Deployed option to true
to show the active configuration and exclude pending changes. For more information, see Getting Search
Suggestions in the Amazon CloudSearch Developer Guide .
Parameters
SuggesterNames (list) The suggesters you want to describe.
Return type dict
index_documents(DomainName)
Tells the search domain to start indexing its documents using the latest indexing options. This operation
must be invoked to activate options whose OptionStatus is RequiresIndexDocuments .
Return type dict
list_domain_names()
Lists all search domains owned by an account.
Return type dict
update_availability_options(DomainName, MultiAZ)
Configures the availability options for a domain. Enabling the Multi-AZ option expands an Amazon
CloudSearch domain to an additional Availability Zone in the same Region to increase fault tolerance in
the event of a service disruption. Changes to the Multi-AZ option can take about half an hour to become
active. For more information, see Configuring Availability Options in the Amazon CloudSearch Developer
Guide .
Parameters
and - (hyphen).
MultiAZ (boolean) You expand an existing search domain to a second Availability Zone
by setting the Multi-AZ option to true. Similarly, you can turn off the Multi-AZ option
to downgrade the domain to a single Availability Zone by setting the Multi-AZ option to
false .
Return type dict
update_scaling_parameters(DomainName, ScalingParameters)
Configures scaling parameters for a domain. A domains scaling parameters specify the desired search
instance type and replication count. Amazon CloudSearch will still automatically scale your domain based

on the volume of data and traffic, but not below the desired instance type and replication count. If the Multi-
AZ option is enabled, these values control the resources used per Availability Zone. For more information,
see Configuring Scaling Options in the Amazon CloudSearch Developer Guide .
Parameters
and - (hyphen).
ScalingParameters (dict) The desired instance type and desired number of replicas of
each index partition.
Return type dict
update_service_access_policies(DomainName, AccessPolicies)
Configures the access rules that control access to the domains document and search endpoints. For more
information, see Configuring Access for an Amazon CloudSearch Domain .
Parameters
and - (hyphen).
AccessPolicies (string) The access rules you want to configure. These rules replace any
existing rules.
Return type dict
2.1.5 Amazon CloudSearch Domain
Table of Contents
Amazon CloudSearch Domain
Client
Client
class cloudsearchdomain.Client
A low-level client representing Amazon CloudSearch Domain:
import boto3
cloudsearchdomain = boto3.client(cloudsearchdomain)
search(query, cursor=None, expr=None, facet=None, filterQuery=None, highlight=None, par-

tial=None, queryOptions=None, queryParser=None, return=None, size=None, sort=None,
start=None)
Retrieves a list of documents that match the specified search criteria. How you specify the search criteria
depends on which query parser you use. Amazon CloudSearch supports four query parsers:
simple : search all text and text-array fields for the specified string. Search for phrases,
individual terms, and prefixes.
2.1. Services 63
structured : search specific fields, construct compound queries using Boolean operators, and use
advanced features such as term boosting and proximity searching.
lucene : specify search criteria using the Apache Lucene query parser syntax.
dismax : specify search criteria using the simplified subset of the Apache Lucene query parser
syntax defined by the DisMax query parser.
For more information, see Searching Your Data in the Amazon CloudSearch Developer Guide .
The endpoint for submitting Search requests is domain-specific. You submit search requests to a do-
mains search endpoint. To get the search endpoint for your domain, use the Amazon CloudSearch con-
figuration service DescribeDomains action. A domains endpoints are also displayed on the domain
dashboard in the Amazon CloudSearch console.
Parameters
cursor (string) Retrieves a cursor value you can use to page through large result sets.
Use the size parameter to control the number of hits to include in each response. You can
specify either the cursor or start parameter in a request; they are mutually exclusive.
To get the first cursor, set the cursor value to initial . In subsequent requests, specify
the cursor value returned in the hits section of the response.
For more information, see Paginating Results in the Amazon CloudSearch Developer
Guide .
expr (string) Defines one or more numeric expressions that can be used to sort results or
specify search or filter criteria. You can also specify expressions as return fields.
For more information about defining and using expressions, see Configuring Expressions
facet (string) Specifies one or more fields for which to get facet in-
formation, and options that control how the facet information is re-
turned. Each specified field must be facet-enabled in the domain con-
figuration. The fields and options are specified in JSON using the form
{"FIELD":{"OPTION":VALUE,"OPTION:"STRING"},"FIELD":{"OPTION":VALUE,"OPTION"
.
You can specify the following faceting options:
buckets specifies an array of the facet values or ranges to count. Ranges are specified
using the same syntax that you use to search for a range of values. For more information,
see Searching for a Range of Values in the Amazon CloudSearch Developer Guide .
Buckets are returned in the order they are specified in the request. The sort and size
options are not valid if you specify buckets .
size specifies the maximum number of facets to include in the results. By default,
Amazon CloudSearch returns counts for the top 10. The size parameter is only valid
when you specify the sort option; it cannot be used in conjunction with buckets .
sort specifies how you want to sort the facets in the results: bucket or count
. Specify bucket to sort alphabetically or numerically by facet value (in ascending
order). Specify count to sort by the facet counts computed for each facet value (in
descending order). To retrieve facet counts for particular values or ranges of values, use
the buckets option instead of sort .
If no facet options are specified, facet counts are computed for all field values, the facets
are sorted by facet count, and the top 10 facets are returned in the results.
For more information, see Getting and Using Facet Information in the Amazon Cloud-

filterQuery (string) Specifies a structured query that filters the results of a search with-
out affecting how the results are scored and sorted. You use filterQuery in conjunc-
tion with the query parameter to filter the documents that match the constraints spec-
ified in the query parameter. Specifying a filter controls only which matching docu-
ments are included in the results, it has no effect on how they are scored and sorted. The
filterQuery parameter supports the full structured query syntax.
For more information about using filters, see Filtering Matching Documents in the Amazon
highlight (string) Retrieves highlights for matches in the specified text or
text-array fields. Each specified field must be highlight enabled in the do-
main configuration. The fields and options are specified in JSON using the form
{"FIELD":{"OPTION":VALUE,"OPTION:"STRING"},"FIELD":{"OPTION":VALUE,"OPTION"
.
You can specify the following highlight options:
format : specifies the format of the data in the text field: text or html . When
data is returned as HTML, all non-alphanumeric characters are encoded. The default is
html .
max_phrases : specifies the maximum number of occurrences of the search term(s)
you want to highlight. By default, the first occurrence is highlighted.
pre_tag : specifies the string to prepend to an occurrence of a search term. The
default for HTML highlights is lt;emgt; . The default for text highlights is * .
post_tag : specifies the string to append to an occurrence of a search term. The
default for HTML highlights is lt;/emgt; . The default for text highlights is * .
If no highlight options are specified for a field, the returned field text is
treated as HTML and the first match is highlighted with emphasis tags:
lt;emsearch-termlt;/emgt; .
partial (boolean) Enables partial results to be returned if one or more index partitions
are unavailable. When your search index is partitioned across multiple search instances,
by default Amazon CloudSearch only returns results if every partition can be queried.
This means that the failure of a single search instance can result in 5xx (internal server)
errors. When you enable partial results, Amazon CloudSearch returns whatever results are
available and includes the percentage of documents searched in the search results (percent-
searched). This enables you to more gracefully degrade your users search experience.
For example, rather than displaying no results, you could display the partial results and a
message indicating that the results might be incomplete due to a temporary system outage.
query (string) Specifies the search criteria for the request. How you specify the search
criteria depends on the query parser used for the request and the parser options specified in
the queryOptions parameter. By default, the simple query parser is used to process
requests. To use the structured , lucene , or dismax query parser, you must also
specify the queryParser parameter.
For more information about specifying search criteria, see Searching Your Data in the
Amazon CloudSearch Developer Guide .
queryOptions (string) Configures options for the query parser specified in the
queryParser parameter.
The options you can configure vary according to which parser you use:
defaultOperator : The default operator used to combine individual terms in the
search string. For example: defaultOperator: or . For the dismax parser,
2.1. Services 65
you specify a percentage that represents the percentage of terms in the search string
(rounded down) that must match, rather than a default operator. A value of 0% is the
equivalent to OR, and a value of 100% is equivalent to AND. The percentage must
be specified as a value in the range 0-100 followed by the percent (%) symbol. For
example, defaultOperator: 50% . Valid values: and , or , a percentage in the
range 0%-100% (dismax ). Default: and (simple , structured , lucene ) or
100 (dismax ). Valid for: simple , structured , lucene , and dismax .
fields : An array of the fields to search when no fields are specified in a search.
If no fields are specified in a search and this option is not specified, all text and text-
array fields are searched. You can specify a weight for each field to control the relative
importance of each field when Amazon CloudSearch calculates relevance scores. To
specify a field weight, append a caret (^ ) symbol and the weight to the field name. For
example, to boost the importance of the title field over the description field you
could specify: "fields":["title^5","description"] . Valid values: The
name of any configured field and an optional numeric value greater than zero. Default:
All text and text-array fields. Valid for: simple , structured , lucene ,
and dismax .
operators : An array of the operators or special characters you want to disable for
the simple query parser. If you disable the and , or , or not operators, the correspond-
ing operators (+ , | , - ) have no special meaning and are dropped from the search string.
Similarly, disabling prefix disables the wildcard operator (* ) and disabling phrase
disables the ability to search for phrases by enclosing phrases in double quotes. Dis-
abling precedence disables the ability to control order of precedence using parentheses.
Disabling near disables the ability to use the ~ operator to perform a sloppy phrase
search. Disabling the fuzzy operator disables the ability to use the ~ operator to per-
form a fuzzy search. escape disables the ability to use a backslash (\ ) to escape
special characters within the search string. Disabling whitespace is an advanced op-
tion that prevents the parser from tokenizing on whitespace, which can be useful for
Vietnamese. (It prevents Vietnamese words from being split incorrectly.) For example,
you could disable all operators other than the phrase operator to support just simple
term and phrase queries: "operators":["and","not","or", "prefix"] .
Valid values: and , escape , fuzzy , near , not , or , phrase , precedence
, prefix , whitespace . Default: All operators and special characters are enabled.
Valid for: simple .
phraseFields : An array of the text or text-array fields you want to use for
phrase searches. When the terms in the search string appear in close proximity within a
field, the field scores higher. You can specify a weight for each field to boost that score.
The phraseSlop option controls how much the matches can deviate from the search
string and still be boosted. To specify a field weight, append a caret (^ ) symbol and
the weight to the field name. For example, to boost phrase matches in the title field
over the abstract field, you could specify: "phraseFields":["title^3",
"plot"] Valid values: The name of any text or text-array field and an optional
numeric value greater than zero. Default: No fields. If you dont specify any fields with
phraseFields , proximity scoring is disabled even if phraseSlop is specified.
Valid for: dismax .
phraseSlop : An integer value that specifies how much matches can deviate
from the search phrase and still be boosted according to the weights specified in the
phraseFields option; for example, phraseSlop: 2 . You must also specify
phraseFields to enable proximity scoring. Valid values: positive integers. Default:
0. Valid for: dismax .
explicitPhraseSlop : An integer value that specifies how much a match can

deviate from the search phrase when the phrase is enclosed in double quotes in the
search string. (Phrases that exceed this proximity distance are not considered a match.)
For example, to specify a slop of three for dismax phrase queries, you would specify
"explicitPhraseSlop":3 . Valid values: positive integers. Default: 0. Valid for:
dismax .
tieBreaker : When a term in the search string is found in a documents field,
a score is calculated for that field based on how common the word is in that
field compared to other documents. If the term occurs in multiple fields within a
document, by default only the highest scoring field contributes to the documents
overall score. You can specify a tieBreaker value to enable the matches in
lower-scoring fields to contribute to the documents score. That way, if two docu-
ments have the same max field score for a particular term, the score for the doc-
ument that has matches in more fields will be higher. The formula for calcu-
lating the score with a tieBreaker is (max field score) + (tieBreaker)
* (sum of the scores for the rest of the matching fields) .
Set tieBreaker to 0 to disregard all but the highest scoring field (pure max):
"tieBreaker":0 . Set to 1 to sum the scores from all fields (pure sum):
"tieBreaker":1 . Valid values: 0.0 to 1.0. Default: 0.0. Valid for: dismax
.
queryParser (string) Specifies which query parser to use to process the request. If
queryParser is not specified, Amazon CloudSearch uses the simple query parser.
Amazon CloudSearch supports four query parsers:
simple : perform simple searches of text and text-array fields. By default, the
simple query parser searches all text and text-array fields. You can specify
which fields to search by with the queryOptions parameter. If you prefix a search
term with a plus sign (+) documents must contain the term to be considered a match.
(This is the default, unless you configure the default operator with the queryOptions
parameter.) You can use the - (NOT), | (OR), and * (wildcard) operators to exclude
particular terms, find results that match any of the specified terms, or search for a prefix.
To search for a phrase rather than individual terms, enclose the phrase in double quotes.
For more information, see Searching for Text in the Amazon CloudSearch Developer
Guide .
structured : perform advanced searches by combining multiple expressions to de-
fine the search criteria. You can also search within particular fields, search for values
and ranges of values, and use advanced options such as term boosting, matchall ,
and near . For more information, see Constructing Compound Queries in the Amazon
lucene : search using the Apache Lucene query parser syntax. For more information,
see Apache Lucene Query Parser Syntax .
dismax : search using the simplified subset of the Apache Lucene query parser syntax
defined by the DisMax query parser. For more information, see DisMax Query Parser
Syntax .
return (string) Specifies the field and expression values to include in the response. Mul-
tiple fields or expressions are specified as a comma-separated list. By default, a search
response includes all return enabled fields (_all_fields ). To return only the docu-
ment IDs for the matching documents, specify _no_fields . To retrieve the relevance
score calculated for each document, specify _score .
size (integer) Specifies the maximum number of search hits to include in the response.
2.1. Services 67
sort (string) Specifies the fields or custom expressions to use to sort the search results.
Multiple fields or expressions are specified as a comma-separated list. You must specify
the sort direction (asc or desc ) for each field; for example, year desc,title asc
. To use a field to sort results, the field must be sort-enabled in the domain configuration.
Array type fields cannot be used for sorting. If no sort parameter is specified, results are
sorted by their default relevance scores in descending order: _score desc . You can
also sort by document ID (_id asc ) and version (_version desc ).
For more information, see Sorting Results in the Amazon CloudSearch Developer Guide .
start (integer) Specifies the offset of the first search hit you want to return. Note that the
result set is zero-based; the first result is at index 0. You can specify either the start or
cursor parameter in a request, they are mutually exclusive.
For more information, see Paginating Results in the Amazon CloudSearch Developer
Guide .
Return type dict
suggest(query, suggester, size=None)
Retrieves autocomplete suggestions for a partial query string. You can use suggestions enable you to
display likely matches before users finish typing. In Amazon CloudSearch, suggestions are based on the
contents of a particular text field. When you request suggestions, Amazon CloudSearch finds all of the
documents whose values in the suggester field start with the specified query string. The beginning of the
field must match the query string to be considered a match.
For more information about configuring suggesters and retrieving suggestions, see Getting Suggestions in
the Amazon CloudSearch Developer Guide .
The endpoint for submitting Suggest requests is domain-specific. You submit suggest requests to a
domains search endpoint. To get the search endpoint for your domain, use the Amazon CloudSearch con-
figuration service DescribeDomains action. A domains endpoints are also displayed on the domain
dashboard in the Amazon CloudSearch console.
Parameters
query (string) Specifies the string for which you want to get suggestions.
suggester (string) Specifies the name of the suggester to use to find suggested matches.
size (integer) Specifies the maximum number of suggestions to return.
Return type dict
upload_documents(documents, contentType)
Posts a batch of documents to a search domain for indexing. A document batch is a collection of add
and delete operations that represent the documents you want to add, update, or delete from your domain.
Batches can be described in either JSON or XML. Each item that you want Amazon CloudSearch to return
as a search result (such as a product) is represented as a document. Every document has a unique ID and
one or more fields that contain the data that you want to search and return in results. Individual documents
cannot contain more than 1 MB of data. The entire batch cannot exceed 5 MB. To get the best possible
upload performance, group add and delete operations in batches that are close the 5 MB limit. Submitting
a large volume of single-document batches can overload a domains document service.
The endpoint for submitting UploadDocuments requests is domain-specific. To get the document end-
point for your domain, use the Amazon CloudSearch configuration service DescribeDomains action.
A domains endpoints are also displayed on the domain dashboard in the Amazon CloudSearch console.
For more information about formatting your data for Amazon CloudSearch, see Preparing Your Data in
the Amazon CloudSearch Developer Guide . For more information about uploading data for indexing, see
Uploading Data in the Amazon CloudSearch Developer Guide .

Parameters
documents (blob) A batch of documents formatted in JSON or HTML.
contentType (string) The format of the batch you are uploading. Amazon CloudSearch
supports two document batch formats:
application/json
application/xml
Return type dict
2.1.6 AWS CloudTrail
Table of Contents
AWS CloudTrail
Client
Client
class cloudtrail.Client
A low-level client representing AWS CloudTrail:
import boto3
cloudtrail = boto3.client(cloudtrail)
create_trail(Name, S3BucketName, S3KeyPrefix=None, SnsTopicName=None, Include-

GlobalServiceEvents=None, CloudWatchLogsLogGroupArn=None, Cloud-
WatchLogsRoleArn=None)
From the command line, use create-subscription .
Creates a trail that specifies the settings for delivery of log data to an Amazon S3 bucket.
Parameters
Name (string) Specifies the name of the trail.
S3BucketName (string) Specifies the name of the Amazon S3 bucket designated for
publishing log files.
S3KeyPrefix (string) Specifies the Amazon S3 key prefix that precedes the name of the
bucket you have designated for log file delivery.
SnsTopicName (string) Specifies the name of the Amazon SNS topic defined for notifi-
cation of log file delivery.
IncludeGlobalServiceEvents (boolean) Specifies whether the trail is publishing events
from global services such as IAM to the log files.
CloudWatchLogsLogGroupArn (string) Specifies a log group name using an Amazon
Resource Name (ARN), a unique identifier that represents the log group to which Cloud-
Trail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn.
CloudWatchLogsRoleArn (string) Specifies the role for the CloudWatch Logs endpoint
to assume to write to a users log group.
2.1. Services 69
Return type dict

delete_trail(Name)
Deletes a trail.
Parameters Name (string) The name of a trail to be deleted.
Return type dict
describe_trails(trailNameList=None)
Retrieves settings for the trail associated with the current region for your account.
Parameters trailNameList (list) The trail returned.
Return type dict
get_trail_status(Name)
Returns a JSON-formatted list of information about the specified trail. Fields include information on
delivery errors, Amazon SNS and Amazon S3 errors, and start and stop logging times for each trail.
Parameters Name (string) The name of the trail for which you are requesting the current
status.
Return type dict
start_logging(Name)
Starts the recording of AWS API calls and log file delivery for a trail.
Parameters Name (string) The name of the trail for which CloudTrail logs AWS API calls.
Return type dict
stop_logging(Name)
Suspends the recording of AWS API calls and log file delivery for the specified trail. Under most circum-
stances, there is no need to use this action. You can update a trail without stopping it first. This action is
the only way to stop recording.
Parameters Name (string) Communicates to CloudTrail the name of the trail for which to
stop logging AWS API calls.
Return type dict
update_trail(Name, S3BucketName=None, S3KeyPrefix=None, SnsTopicName=None, In-
cludeGlobalServiceEvents=None, CloudWatchLogsLogGroupArn=None, Cloud-
WatchLogsRoleArn=None)
From the command line, use update-subscription .
Updates the settings that specify delivery of log files. Changes to a trail do not require stopping the
CloudTrail service. Use this action to designate an existing bucket for log delivery. If the existing bucket
has previously been a target for CloudTrail log files, an IAM policy exists for the bucket.
Parameters
Name (string) Specifies the name of the trail.
S3BucketName (string) Specifies the name of the Amazon S3 bucket designated for
publishing log files.
S3KeyPrefix (string) Specifies the Amazon S3 key prefix that precedes the name of the
bucket you have designated for log file delivery.
SnsTopicName (string) Specifies the name of the Amazon SNS topic defined for notifi-
cation of log file delivery.
IncludeGlobalServiceEvents (boolean) Specifies whether the trail is publishing events
from global services such as IAM to the log files.

CloudWatchLogsLogGroupArn (string) Specifies a log group name using an Amazon

Resource Name (ARN), a unique identifier that represents the log group to which Cloud-
Trail logs will be delivered. Not required unless you specify CloudWatchLogsRoleArn.
CloudWatchLogsRoleArn (string) Specifies the role for the CloudWatch Logs endpoint
to assume to write to a users log group.
Return type dict
2.1.7 Amazon CloudWatch
Table of Contents
Amazon CloudWatch
Client
Client
class cloudwatch.Client
A low-level client representing Amazon CloudWatch:
import boto3
cloudwatch = boto3.client(cloudwatch)
delete_alarms(AlarmNames)
Deletes all specified alarms. In the event of an error, no alarms are deleted.
Parameters AlarmNames (list) A list of alarms to be deleted.
Return type dict
describe_alarm_history(AlarmName=None, HistoryItemType=None, StartDate=None, End-
Date=None, MaxRecords=None, NextToken=None)
Retrieves history for the specified alarm. Filter alarms by date range or item type. If an alarm name is not
specified, Amazon CloudWatch returns histories for all of the owners alarms.
Parameters
AlarmName (string) The name of the alarm.
HistoryItemType (string) The type of alarm histories to retrieve.
StartDate (datetime) The starting date to retrieve alarm history.
EndDate (datetime) The ending date to retrieve alarm history.
MaxRecords (integer) The maximum number of alarm history records to retrieve.
NextToken (string) The token returned by a previous call to indicate that there is more
data available.
Return type dict
describe_alarms(AlarmNames=None, AlarmNamePrefix=None, StateValue=None, ActionPre-
fix=None, MaxRecords=None, NextToken=None)
Retrieves alarms with the specified names. If no name is specified, all alarms for the user are returned.
2.1. Services 71
Alarms can be retrieved by using only a prefix for the alarm name, the alarm state, or a prefix for any
action.
Parameters
AlarmNames (list) A list of alarm names to retrieve information for.
AlarmNamePrefix (string) The alarm name prefix. AlarmNames cannot be specified
if this parameter is specified.
StateValue (string) The state value to be used in matching alarms.
ActionPrefix (string) The action name prefix.
MaxRecords (integer) The maximum number of alarm descriptions to retrieve.
data available.
Return type dict
describe_alarms_for_metric(MetricName, Namespace, Statistic=None, Dimensions=None,
Period=None, Unit=None)
Retrieves all alarms for a single metric. Specify a statistic, period, or unit to filter the set of alarms further.
Parameters
MetricName (string) The name of the metric.
Namespace (string) The namespace of the metric.
Statistic (string) The statistic for the metric.
Dimensions (list) The list of dimensions associated with the metric.
Period (integer) The period in seconds over which the statistic is applied.
Unit (string) The unit for the metric.
Return type dict
disable_alarm_actions(AlarmNames)
Disables actions for the specified alarms. When an alarms actions are disabled the alarms state may
change, but none of the alarms actions will execute.
Parameters AlarmNames (list) The names of the alarms to disable actions for.
Return type dict
enable_alarm_actions(AlarmNames)
Enables actions for the specified alarms.
Parameters AlarmNames (list) The names of the alarms to enable actions for.
Return type dict
get_metric_statistics(Namespace, MetricName, StartTime, EndTime, Period, Statistics, Dimen-
sions=None, Unit=None)
Gets statistics for the specified metric.
The maximum number of data points returned from a single GetMetricStatistics request is 1,440,
wereas the maximum number of data points that can be queried is 50,850. If you make a request that
generates more than 1,440 data points, Amazon CloudWatch returns an error. In such a case, you can alter
the request by narrowing the specified time range or increasing the specified period. Alternatively, you can
make multiple requests across adjacent time ranges.

Amazon CloudWatch aggregates data points based on the length of the period that you specify. For
example, if you request statistics with a one-minute granularity, Amazon CloudWatch aggregates data
points with time stamps that fall within the same one-minute period. In such a case, the data points queried
can greatly outnumber the data points returned.
The following examples show various statistics allowed by the data point query maximum of 50,850 when
you call GetMetricStatistics on Amazon EC2 instances with detailed (one-minute) monitoring
enabled:
Statistics for up to 400 instances for a span of one hour
Statistics for up to 35 instances over a span of 24 hours
Statistics for up to 2 instances over a span of 2 weeks
For information about the namespace, metric names, and dimensions that other Amazon Web Services
products use to send metrics to Cloudwatch, go to Amazon CloudWatch Metrics, Namespaces, and Di-
mensions Reference in the Amazon CloudWatch Developer Guide .
Parameters
Namespace (string) The namespace of the metric, with or without spaces.
MetricName (string) The name of the metric, with or without spaces.
Dimensions (list) A list of dimensions describing qualities of the metric.
StartTime (datetime) The time stamp to use for determining the first datapoint to return.
The value specified is inclusive; results include datapoints with the time stamp specified.
EndTime (datetime) The time stamp to use for determining the last datapoint to re-
turn. The value specified is exclusive; results will include datapoints up to the time stamp
specified.
Period (integer) The granularity, in seconds, of the returned datapoints. Period must
be at least 60 seconds and must be a multiple of 60. The default value is 60.
Statistics (list) The metric statistics to return. For information about specific statistics
returned by GetMetricStatistics, go to Statistics in the Amazon CloudWatch Developer
Guide .
Valid Values: Average | Sum | SampleCount | Maximum | Minimum
Unit (string) The unit for the metric.
Return type dict
list_metrics(Namespace=None, MetricName=None, Dimensions=None, NextToken=None)
Returns a list of valid metrics stored for the AWS account owner. Returned metrics can be used with
GetMetricStatistics to obtain statistical data for a given metric.
Parameters
Namespace (string) The namespace to filter against.
MetricName (string) The name of the metric to filter against.
Dimensions (list) A list of dimensions to filter against.
data available.
Return type dict
2.1. Services 73
put_metric_alarm(AlarmName, MetricName, Namespace, Statistic, Period, EvaluationPe-

riods, Threshold, ComparisonOperator, AlarmDescription=None, Action-
sEnabled=None, OKActions=None, AlarmActions=None, InsufficientDataAc-
tions=None, Dimensions=None, Unit=None)
Creates or updates an alarm and associates it with the specified Amazon CloudWatch metric. Optionally,
this operation can associate one or more Amazon Simple Notification Service resources with the alarm.
When this operation creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA
. The alarm is evaluated and its StateValue is set appropriately. Any actions associated with the
StateValue is then executed.
Parameters
AlarmName (string) The descriptive name for the alarm. This name must be unique
within the users AWS account
AlarmDescription (string) The description for the alarm.
ActionsEnabled (boolean) Indicates whether or not actions should be executed during
any changes to the alarms state.
OKActions (list) The list of actions to execute when this alarm transitions into an OK
state from any other state. Each action is specified as an Amazon Resource Number
(ARN). Currently the only action supported is publishing to an Amazon SNS topic or
an Amazon Auto Scaling policy.
AlarmActions (list) The list of actions to execute when this alarm transitions into an
ALARM state from any other state. Each action is specified as an Amazon Resource Num-
ber (ARN). Currently the only action supported is publishing to an Amazon SNS topic or
an Amazon Auto Scaling policy.
InsufficientDataActions (list) The list of actions to execute when this alarm transitions
into an INSUFFICIENT_DATA state from any other state. Each action is specified as an
Amazon Resource Number (ARN). Currently the only action supported is publishing to
an Amazon SNS topic or an Amazon Auto Scaling policy.
MetricName (string) The name for the alarms associated metric.
Namespace (string) The namespace for the alarms associated metric.
Statistic (string) The statistic to apply to the alarms associated metric.
Dimensions (list) The dimensions for the alarms associated metric.
Period (integer) The period in seconds over which the specified statistic is applied.
Unit (string) The unit for the alarms associated metric.
EvaluationPeriods (integer) The number of periods over which data is compared to the
specified threshold.
Threshold (float) The value against which the specified statistic is compared.
ComparisonOperator (string) The arithmetic operation to use when comparing the
specified Statistic and Threshold . The specified Statistic value is used as
the first operand.
Return type dict
put_metric_data(Namespace, MetricData)
Publishes metric data points to Amazon CloudWatch. Amazon Cloudwatch associates the data points with
the specified metric. If the specified metric does not exist, Amazon CloudWatch creates the metric. It can
take up to fifteen minutes for a new metric to appear in calls to the ListMetrics action.

The size of a PutMetricDatarequest is limited to 8 KB for HTTP GET requests and 40 KB for HTTP POST
requests.
Warning: Although the Value parameter accepts numbers of type Double , Amazon CloudWatch
truncates values with very large exponents. Values with base-10 exponents greater than 126 (1 x
10^126) are truncated. Likewise, values with base-10 exponents less than -130 (1 x 10^-130) are
also truncated.
Data that is timestamped 24 hours or more in the past may take in excess of 48 hours to become available
from submission time using GetMetricStatistics .
Parameters
Namespace (string) The namespace for the metric data.
MetricData (list) A list of data describing the metric.
Return type dict
set_alarm_state(AlarmName, StateValue, StateReason, StateReasonData=None)
Temporarily sets the state of an alarm. When the updated StateValue differs from the previous value,
the action configured for the appropriate state is invoked. This is not a permanent change. The next
periodic alarm check (in about a minute) will set the alarm to its actual state.
Parameters
AlarmName (string) The descriptive name for the alarm. This name must be unique
within the users AWS account. The maximum length is 255 characters.
StateValue (string) The value of the state.
StateReason (string) The reason that this alarm is set to this specific state (in human-
readable text format)
StateReasonData (string) The reason that this alarm is set to this specific state (in
machine-readable JSON format)
Return type dict
2.1.8 AWS CodeDeploy
Table of Contents
AWS CodeDeploy
Client
Client
class codedeploy.Client
A low-level client representing AWS CodeDeploy:
import boto3
codedeploy = boto3.client(codedeploy)
batch_get_applications(applicationNames=None)
Gets information about one or more applications.
2.1. Services 75
Parameters applicationNames (list) A list of application names, with multiple application

names separated by spaces.
Return type dict
batch_get_deployments(deploymentIds=None)
Gets information about one or more deployments.
Parameters deploymentIds (list) A list of deployment IDs, with multiple deployment IDs
separated by spaces.
Return type dict
create_application(applicationName)
Creates a new application.
Parameters applicationName (string) The name of the application. This name must be
unique within the AWS user account.
Return type dict
create_deployment(applicationName, deploymentGroupName=None, revision=None, deploy-
mentConfigName=None, description=None, ignoreApplicationStopFail-
ures=None)
Deploys an application revision to the specified deployment group.
Parameters
applicationName (string) The name of an existing AWS CodeDeploy application within
the AWS user account.
deploymentGroupName (string) The deployment groups name.
revision (dict) The type of revision to deploy, along with information about the revisions
location.
deploymentConfigName (string) The name of an existing deployment configuration
within the AWS user account.
If not specified, the value configured in the deployment group will be used as the default.
If the deployment group does not have a deployment configuration associated with it, then
CodeDeployDefault.OneAtATime will be used by default.
description (string) A comment about the deployment.
ignoreApplicationStopFailures (boolean) If set to true, then if the deployment causes
the ApplicationStop deployment lifecycle event to fail to a specific instance, the deploy-
ment will not be considered to have failed to that instance at that point and will continue
on to the BeforeInstall deployment lifecycle event.
If set to false or not specified, then if the deployment causes the ApplicationStop deploy-
ment lifecycle event to fail to a specific instance, the deployment will stop to that instance,
and the deployment to that instance will be considered to have failed.
Return type dict
create_deployment_config(deploymentConfigName, minimumHealthyHosts=None)
Creates a new deployment configuration.
Parameters
deploymentConfigName (string) The name of the deployment configuration to create.

minimumHealthyHosts (dict) The minimum number of healthy instances that should

be available at any time during the deployment. There are two parameters expected in the
input: type and value.
The type parameter takes either of the following values:
HOST_COUNT: The value parameter represents the minimum number of healthy in-
stances, as an absolute value.
FLEET_PERCENT: The value parameter represents the minimum number of healthy
instances, as a percentage of the total number of instances in the deployment. If you
specify FLEET_PERCENT, then at the start of the deployment AWS CodeDeploy con-
verts the percentage to the equivalent number of instances and rounds fractional in-
stances up.
The value parameter takes an integer.
For example, to set a minimum of 95% healthy instances, specify a type of
FLEET_PERCENT and a value of 95.
Return type dict
create_deployment_group(applicationName, deploymentGroupName, deploymentConfig-
Name=None, ec2TagFilters=None, autoScalingGroups=None,
serviceRoleArn=None)
Creates a new deployment group for application revisions to be deployed to.
Parameters
deploymentGroupName (string) The name of an existing deployment group for the
specified application.
deploymentConfigName (string) If specified, the deployment configuration name must
be one of the predefined values, or it can be a custom deployment configuration:
CodeDeployDefault.AllAtOnce deploys an application revision to up to all of the Ama-
zon EC2 instances at once. The overall deployment succeeds if the application revision
deploys to at least one of the instances. The overall deployment fails after the appli-
cation revision fails to deploy to all of the instances. For example, for 9 instances,
deploy to up to all 9 instances at once. The overall deployment succeeds if any of the 9
instances is successfully deployed to, and it fails if all 9 instances fail to be deployed to.
CodeDeployDefault.HalfAtATime deploys to up to half of the instances at a time (with
fractions rounded down). The overall deployment succeeds if the application revision
deploys to at least half of the instances (with fractions rounded up); otherwise, the
deployment fails. For example, for 9 instances, deploy to up to 4 instances at a time.
The overall deployment succeeds if 5 or more instances are successfully deployed to;
otherwise, the deployment fails. Note that the deployment may successfully deploy to
some instances, even if the overall deployment fails.
CodeDeployDefault.OneAtATime deploys the application revision to only one of the
instances at a time. The overall deployment succeeds if the application revision deploys
to all of the instances. The overall deployment fails after the application revision first
fails to deploy to any one instance. For example, for 9 instances, deploy to one instance
at a time. The overall deployment succeeds if all 9 instances are successfully deployed
to, and it fails if any of one of the 9 instances fail to be deployed to. Note that the
deployment may successfully deploy to some instances, even if the overall deployment
2.1. Services 77
fails. This is the default deployment configuration if a configuration isnt specified for
either the deployment or the deployment group.
To create a custom deployment configuration, call the create deployment configuration
operation.
ec2TagFilters (list) The Amazon EC2 tags to filter on.
autoScalingGroups (list) A list of associated Auto Scaling groups.
serviceRoleArn (string) A service role ARN that allows AWS CodeDeploy to act on the
users behalf when interacting with AWS services.
Return type dict
delete_application(applicationName)
Deletes an application.
Parameters applicationName (string) The name of an existing AWS CodeDeploy application
Return type dict
delete_deployment_config(deploymentConfigName)
Deletes a deployment configuration.
Note: A deployment configuration cannot be deleted if it is currently in use. Also, predefined configura-
tions cannot be deleted.
Parameters deploymentConfigName (string) The name of an existing deployment configu-

ration within the AWS user account.
Return type dict
delete_deployment_group(applicationName, deploymentGroupName)
Deletes a deployment group.
Parameters
Return type dict
get_application(applicationName)
Gets information about an application.
Parameters applicationName (string) The name of an existing AWS CodeDeploy application
Return type dict
get_application_revision(applicationName, revision)
Gets information about an application revision.
Parameters
applicationName (string) The name of the application that corresponds to the revision.
revision (dict) Information about the application revision to get, including the revisions
type and its location.

Return type dict

get_deployment(deploymentId)
Gets information about a deployment.
Parameters deploymentId (string) An existing deployment ID within the AWS user account.
Return type dict
get_deployment_config(deploymentConfigName)
Gets information about a deployment configuration.
Parameters deploymentConfigName (string) The name of an existing deployment configu-
ration within the AWS user account.
Return type dict
get_deployment_group(applicationName, deploymentGroupName)
Gets information about a deployment group.
Parameters
Return type dict
get_deployment_instance(deploymentId, instanceId)
Gets information about an Amazon EC2 instance as part of a deployment.
Parameters
deploymentId (string) The unique ID of a deployment.
instanceId (string) The unique ID of an Amazon EC2 instance in the deployments
deployment group.
Return type dict
list_application_revisions(applicationName, sortBy=None, sortOrder=None,
s3Bucket=None, s3KeyPrefix=None, deployed=None, next-
Token=None)
Lists information about revisions for an application.
Parameters
sortBy (string) The column name to sort the list results by:
registerTime: Sort the list results by when the revisions were registered with AWS Cod-
eDeploy.
firstUsedTime: Sort the list results by when the revisions were first used by in a deploy-
ment.
lastUsedTime: Sort the list results by when the revisions were last used in a deployment.
If not specified or set to null, the results will be returned in an arbitrary order.
sortOrder (string) The order to sort the list results by:
ascending: Sort the list results in ascending order.
2.1. Services 79
descending: Sort the list results in descending order.

If not specified, the results will be sorted in ascending order.
If set to null, the results will be sorted in an arbitrary order.
s3Bucket (string) A specific Amazon S3 bucket name to limit the search for revisions.
If set to null, then all of the users buckets will be searched.
s3KeyPrefix (string) A specific key prefix for the set of Amazon S3 objects to limit the
search for revisions.
deployed (string) Whether to list revisions based on whether the revision is the target
revision of an deployment group:
include: List revisions that are target revisions of a deployment group.
exclude: Do not list revisions that are target revisions of a deployment group.
ignore: List all revisions, regardless of whether they are target revisions of a deployment
group.
nextToken (string) An identifier that was returned from the previous list application
revisions call, which can be used to return the next set of applications in the list.
Return type dict
list_applications(nextToken=None)
Lists the applications registered within the AWS user account.
Parameters nextToken (string) An identifier that was returned from the previous list applica-
tions call, which can be used to return the next set of applications in the list.
Return type dict
list_deployment_configs(nextToken=None)
Lists the deployment configurations within the AWS user account.
Parameters nextToken (string) An identifier that was returned from the previous list deploy-
ment configurations call, which can be used to return the next set of deployment configura-
tions in the list.
Return type dict
list_deployment_groups(applicationName, nextToken=None)
Lists the deployment groups for an application registered within the AWS user account.
Parameters
nextToken (string) An identifier that was returned from the previous list deployment
groups call, which can be used to return the next set of deployment groups in the list.
Return type dict
list_deployment_instances(deploymentId, nextToken=None, instanceStatusFilter=None)
Lists the Amazon EC2 instances for a deployment within the AWS user account.
Parameters
deploymentId (string) The unique ID of a deployment.
nextToken (string) An identifier that was returned from the previous list deployment
instances call, which can be used to return the next set of deployment instances in the list.

instanceStatusFilter (list) A subset of instances to list, by status:

Pending: Include in the resulting list those instances with pending deployments.
InProgress: Include in the resulting list those instances with in-progress deployments.
Succeeded: Include in the resulting list those instances with succeeded deployments.
Failed: Include in the resulting list those instances with failed deployments.
Skipped: Include in the resulting list those instances with skipped deployments.
Unknown: Include in the resulting list those instances with deployments in an unknown
state.
Return type dict
list_deployments(applicationName=None, deploymentGroupName=None, includeOnlySta-
tuses=None, createTimeRange=None, nextToken=None)
Lists the deployments under a deployment group for an application registered within the AWS user ac-
count.
Parameters
includeOnlyStatuses (list) A subset of deployments to list, by status:
Created: Include in the resulting list created deployments.
Queued: Include in the resulting list queued deployments.
In Progress: Include in the resulting list in-progress deployments.
Succeeded: Include in the resulting list succeeded deployments.
Failed: Include in the resulting list failed deployments.
Aborted: Include in the resulting list aborted deployments.
createTimeRange (dict) A deployment creation start- and end-time range for returning
a subset of the list of deployments.
nextToken (string) An identifier that was returned from the previous list deployments
call, which can be used to return the next set of deployments in the list.
Return type dict
register_application_revision(applicationName, revision, description=None)
Registers with AWS CodeDeploy a revision for the specified application.
Parameters
description (string) A comment about the revision.
revision (dict) Information about the application revision to register, including the revi-
sions type and its location.
Return type dict
2.1. Services 81
stop_deployment(deploymentId)
Attempts to stop an ongoing deployment.
Parameters deploymentId (string) The unique ID of a deployment.
Return type dict
update_application(applicationName=None, newApplicationName=None)
Changes an existing applications name.
Parameters
applicationName (string) The current name of the application that you want to change.
newApplicationName (string) The new name that you want to change the application
to.
Return type dict
update_deployment_group(applicationName, currentDeploymentGroupName, newDe-
ploymentGroupName=None, deploymentConfigName=None,
ec2TagFilters=None, autoScalingGroups=None, ser-
viceRoleArn=None)
Changes information about an existing deployment group.
Parameters
applicationName (string) The application name corresponding to the deployment group
to update.
currentDeploymentGroupName (string) The current name of the existing deployment
group.
newDeploymentGroupName (string) The new name of the deployment group, if you
want to change it.
deploymentConfigName (string) The replacement deployment configuration name to
use, if you want to change it.
ec2TagFilters (list) The replacement set of Amazon EC2 tags to filter on, if you want to
change them.
autoScalingGroups (list) The replacement list of Auto Scaling groups to be included in
the deployment group, if you want to change them.
serviceRoleArn (string) A replacement service roles ARN, if you want to change it.
Return type dict
2.1.9 Amazon Cognito Identity
Table of Contents
Amazon Cognito Identity
Client
Client
cognito-identity.Client
A low-level client representing Amazon Cognito Identity:

import boto3
cognito-identity = boto3.client(cognito-identity)
create_identity_pool(IdentityPoolName, AllowUnauthenticatedIdentities, SupportedLogin-

Providers=None, DeveloperProviderName=None, OpenIdConnect-
ProviderARNs=None)
Creates a new identity pool. The identity pool is a store of user identity information that is specific to your
AWS account. The limit on identity pools is 60 per account.
Parameters
IdentityPoolName (string) A string that you provide.
AllowUnauthenticatedIdentities (boolean) TRUE if the identity pool supports unau-
thenticated logins.
SupportedLoginProviders (dict) Optional key:value pairs mapping provider names to
provider app IDs.
DeveloperProviderName (string) The domain by which Cognito will refer to your
users. This name acts as a placeholder that allows your backend and the Cognito service
to communicate about the developer provider. For the DeveloperProviderName ,
you can use letters as well as period (. ), underscore (_ ), and dash (- ).
Once you have set a developer provider name, you cannot change it. Please take care in
setting this parameter.
OpenIdConnectProviderARNs (list)
Return type dict
delete_identity_pool(IdentityPoolId)
Deletes a user pool. Once a pool is deleted, users will not be able to authenticate with the pool.
Parameters IdentityPoolId (string) An identity pool ID in the format REGION:GUID.
Return type dict
describe_identity_pool(IdentityPoolId)
Gets details about a particular identity pool, including the pool name, ID description, creation date, and
current number of users.
Parameters IdentityPoolId (string) An identity pool ID in the format REGION:GUID.
Return type dict
get_id(AccountId, IdentityPoolId, Logins=None)
Generates (or retrieves) a Cognito ID. Supplying multiple logins will create an implicit linked account.
Parameters
AccountId (string) A standard AWS account ID (9+ digits).
IdentityPoolId (string) An identity pool ID in the format REGION:GUID.
Logins (dict) A set of optional name-value pairs that map provider names to provider
tokens.
The available provider names for Logins are as follows:
Facebook: graph.facebook.com
Google: accounts.google.com
Amazon: www.amazon.com
2.1. Services 83
Return type dict

get_open_id_token(IdentityId, Logins=None)
Gets an OpenID token, using a known Cognito ID. This known Cognito ID is returned by GetId . You can
optionally add additional logins for the identity. Supplying multiple logins creates an implicit link.
The OpenId token is valid for 15 minutes.
Parameters
IdentityId (string) A unique identifier in the format REGION:GUID.
tokens.
Return type dict
get_open_id_token_for_developer_identity(IdentityPoolId, Logins, IdentityId=None,
TokenDuration=None)
Registers (or retrieves) a Cognito IdentityId and an OpenID Connect token for a user authenticated
by your backend authentication process. Supplying multiple logins will create an implicit linked account.
You can only specify one developer provider as part of the Logins map, which is linked to the identity
pool. The developer provider is the domain by which Cognito will refer to your users.
You can use GetOpenIdTokenForDeveloperIdentity to create a new identity and to link new
logins (that is, user credentials issued by a public provider or developer provider) to an existing identity.
When you want to create a new identity, the IdentityId should be null. When you want to associate a
new login with an existing authenticated/unauthenticated identity, you can do so by providing the existing
IdentityId . This API will create the identity in the specified IdentityPoolId .
Parameters
tokens. Each name-value pair represents a user from a public provider or developer
provider. If the user is from a developer provider, the name-value pair will follow the
syntax "developer_provider_name": "developer_user_identifier"
. The developer provider is the domain by which Cognito will refer to your users; you
provided this domain while creating/updating the identity pool. The developer user identi-
fier is an identifier from your backend that uniquely identifies a user. When you create an
identity pool, you can specify the supported logins.
TokenDuration (integer) The expiration time of the token, in seconds. You can specify
a custom expiration time for the token so that you can cache it. If you dont provide
an expiration time, the token is valid for 15 minutes. You can exchange the token with
Amazon STS for temporary AWS credentials, which are valid for a maximum of one hour.
The maximum token duration you can set is 24 hours. You should take care in setting the
expiration time for a token, as there are significant security implications: an attacker could
use a leaked token to access your AWS resources for the tokens duration.
Return type dict
list_identities(IdentityPoolId, MaxResults, NextToken=None)
Lists the identities in a pool.
Parameters
MaxResults (integer) The maximum number of identities to return.

NextToken (string) A pagination token.

Return type dict
list_identity_pools(MaxResults, NextToken=None)
Lists all of the Cognito identity pools registered for your account.
Parameters
NextToken (string) A pagination token.
Return type dict
lookup_developer_identity(IdentityPoolId, IdentityId=None, DeveloperUserIdentifier=None,
MaxResults=None, NextToken=None)
Retrieves the IdentityID associated with a DeveloperUserIdentifier or the list of
DeveloperUserIdentifier s associated with an IdentityId for an existing identity. Either
IdentityID or DeveloperUserIdentifier must not be null. If you supply only one of these
values, the other value will be searched in the database and returned as a part of the response. If you
supply both, DeveloperUserIdentifier will be matched against IdentityID . If the values are
verified against the database, the response returns both values and is the same as the request. Otherwise a
ResourceConflictException is thrown.
Parameters
DeveloperUserIdentifier (string) A unique ID used by your backend authentication pro-
cess to identify a user. Typically, a developer identity provider would issue many developer
user identifiers, in keeping with the number of users.
NextToken (string) A pagination token. The first call you make will have NextToken
set to null. After that the service will return NextToken values as needed. For example,
lets say you make a request with MaxResults set to 10, and there are 20 matches in the
database. The service will return a pagination token as a part of the response. This token
can be used to call the API again and get results starting from the 11th match.
Return type dict
merge_developer_identities(SourceUserIdentifier, DestinationUserIdentifier, Developer-
ProviderName, IdentityPoolId)
Merges two users having different IdentityId s, existing in the same identity pool, and identi-
fied by the same developer provider. You can use this action to request that discrete users be merged
and identified as a single user in the Cognito environment. Cognito associates the given source user
(SourceUserIdentifier ) with the IdentityId of the DestinationUserIdentifier .
Only developer-authenticated users can be merged. If the users to be merged are associated with the
same public provider, but as two different users, an exception will be thrown.
Parameters
SourceUserIdentifier (string) User identifier for the source user. The value should be a
DeveloperUserIdentifier .
DestinationUserIdentifier (string) User identifier for the destination user. The value
should be a DeveloperUserIdentifier .
users. This is a (pseudo) domain name that you provide while creating an identity pool.
2.1. Services 85
This name acts as a placeholder that allows your backend and the Cognito service to com-
municate about the developer provider. For the DeveloperProviderName , you can
use letters as well as period (.), underscore (_), and dash (-).
Return type dict
unlink_developer_identity(IdentityId, IdentityPoolId, DeveloperProviderName, Develope-
rUserIdentifier)
Unlinks a DeveloperUserIdentifier from an existing identity. Unlinked developer users will be
considered new identities next time they are seen. If, for a given Cognito identity, you remove all federated
identities as well as the developer user identifier, the Cognito identity becomes inaccessible.
Parameters
users.
DeveloperUserIdentifier (string) A unique ID used by your backend authentication
process to identify a user.
Return type dict
unlink_identity(IdentityId, Logins, LoginsToRemove)
Unlinks a federated identity from an existing account. Unlinked logins will be considered new identities
next time they are seen. Removing the last linked login will make this identity inaccessible.
Parameters
tokens.
LoginsToRemove (list) Provider names to unlink from this identity.
Return type dict
update_identity_pool(IdentityPoolId, IdentityPoolName, AllowUnauthenticatedIdentities, Sup-
portedLoginProviders=None, DeveloperProviderName=None, OpenId-
ConnectProviderARNs=None)
Updates a user pool.
Parameters
IdentityPoolName (string) A string that you provide.
AllowUnauthenticatedIdentities (boolean) TRUE if the identity pool supports unau-
thenticated logins.
SupportedLoginProviders (dict) Optional key:value pairs mapping provider names to
provider app IDs.
users.
OpenIdConnectProviderARNs (list)
Return type dict

2.1.10 Amazon Cognito Sync
Table of Contents
Amazon Cognito Sync
Client
Client
cognito-sync.Client
A low-level client representing Amazon Cognito Sync:
import boto3
cognito-sync = boto3.client(cognito-sync)
delete_dataset(IdentityPoolId, IdentityId, DatasetName)

Deletes the specific dataset. The dataset will be deleted permanently, and the action cant be undone.
Datasets that this dataset was merged with will no longer report the merge. Any consequent operation on
this dataset will result in a ResourceNotFoundException.
Parameters
IdentityPoolId (string) A name-spaced GUID (for example, us-east-1:23EC4050-
6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. GUID generation
is unique within a region.
IdentityId (string) A name-spaced GUID (for example, us-east-1:23EC4050-6AEA-
7089-A2DD-08002EXAMPLE) created by Amazon Cognito. GUID generation is unique
within a region.
DatasetName (string) A string of up to 128 characters. Allowed characters are a-z, A-Z,
0-9, _ (underscore), - (dash), and . (dot).
Return type dict
describe_dataset(IdentityPoolId, IdentityId, DatasetName)
Gets metadata about a dataset by identity and dataset name. The credentials used to make this API call
need to have access to the identity data. With Amazon Cognito Sync, each identity has access only to its
own data. You should use Amazon Cognito Identity service to retrieve the credentials necessary to make
this API call.
Parameters
within a region.
Return type dict
describe_identity_pool_usage(IdentityPoolId)
Gets usage details (for example, data storage) about a particular identity pool.
2.1. Services 87
Parameters IdentityPoolId (string) A name-spaced GUID (for example, us-east-

1:23EC4050-6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. GUID
generation is unique within a region.
Return type dict
describe_identity_usage(IdentityPoolId, IdentityId)
Gets usage information for an identity, including number of datasets and data usage.
Parameters
within a region.
Return type dict
get_identity_pool_configuration(IdentityPoolId)
Gets the configuration settings of an identity pool.
Parameters IdentityPoolId (string) A name-spaced GUID (for example, us-east-
1:23EC4050-6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. This is
the ID of the pool for which to return a configuration.
Return type dict
list_datasets(IdentityPoolId, IdentityId, NextToken=None, MaxResults=None)
Lists datasets for an identity. The credentials used to make this API call need to have access to the identity
data. With Amazon Cognito Sync, each identity has access only to its own data. You should use Amazon
Cognito Identity service to retrieve the credentials necessary to make this API call.
Parameters
within a region.
NextToken (string) A pagination token for obtaining the next page of results.
MaxResults (integer) The maximum number of results to be returned.
Return type dict
list_identity_pool_usage(NextToken=None, MaxResults=None)
Gets a list of identity pools registered with Cognito.
Parameters
Return type dict
list_records(IdentityPoolId, IdentityId, DatasetName, LastSyncCount=None, NextToken=None,
MaxResults=None, SyncSessionToken=None)
Gets paginated records, optionally changed after a particular sync count for a dataset and identity. The

credentials used to make this API call need to have access to the identity data. With Amazon Cognito
Sync, each identity has access only to its own data. You should use Amazon Cognito Identity service to
retrieve the credentials necessary to make this API call.
Parameters
within a region.
LastSyncCount (integer) The last server sync count for this record.
SyncSessionToken (string) A token containing a session ID, identity ID, and expiration.
Return type dict
register_device(IdentityPoolId, IdentityId, Platform, Token)
Registers a device to receive push sync notifications.
Parameters
6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. Here, the ID of the
pool that the identity belongs to.
IdentityId (string) The unique ID for this identity.
Platform (string) The SNS platform type (e.g. GCM, SDM, APNS,
APNS_SANDBOX).
Token (string) The push token.
Return type dict
set_identity_pool_configuration(IdentityPoolId, PushSync=None)
Sets the necessary configuration for push sync.
Parameters
6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. This is the ID of
the pool to modify.
PushSync (dict) Configuration options to be applied to the identity pool.
Return type dict
subscribe_to_dataset(IdentityPoolId, IdentityId, DatasetName, DeviceId)
Subscribes to receive notifications when a dataset is modified by another device.
Parameters
6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. The ID of the pool
to which the identity belongs.
2.1. Services 89
IdentityId (string) Unique ID for this identity.

DatasetName (string) The name of the dataset to subcribe to.
DeviceId (string) The unique ID generated for this device by Cognito.
Return type dict
unsubscribe_from_dataset(IdentityPoolId, IdentityId, DatasetName, DeviceId)
Unsubscribe from receiving notifications when a dataset is modified by another device.
Parameters
6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. The ID of the pool
to which this identity belongs.
IdentityId (string) Unique ID for this identity.
DatasetName (string) The name of the dataset from which to unsubcribe.
Return type dict
update_records(IdentityPoolId, IdentityId, DatasetName, SyncSessionToken, DeviceId=None,
RecordPatches=None, ClientContext=None)
Posts updates to records and add and delete records for a dataset and user. The credentials used to make
this API call need to have access to the identity data. With Amazon Cognito Sync, each identity has access
only to its own data. You should use Amazon Cognito Identity service to retrieve the credentials necessary
to make this API call.
Parameters
within a region.
RecordPatches (list) A list of patch operations.
SyncSessionToken (string) The SyncSessionToken returned by a previous call to
ListRecords for this dataset and identity.
ClientContext (string) Intended to supply a device ID that will populate the
lastModifiedBy field referenced in other methods. The ClientContext field is
not yet implemented.
Return type dict
2.1.11 AWS Config

Table of Contents
AWS Config
Client
Client
class config.Client
A low-level client representing AWS Config:
import boto3
config = boto3.client(config)
delete_delivery_channel(DeliveryChannelName)
Deletes the specified delivery channel.
The delivery channel cannot be deleted if it is the only delivery channel and the configuration recorder is
still running. To delete the delivery channel, stop the running configuration recorder using the StopCon-
figurationRecorder action.
Parameters DeliveryChannelName (string) The name of the delivery channel to delete.
Return type dict
deliver_config_snapshot(deliveryChannelName)
Schedules delivery of a configuration snapshot to the Amazon S3 bucket in the specified delivery channel.
After the delivery has started, AWS Config sends following notifications using an Amazon SNS topic that
you have specified.
Notification of starting the delivery.
Notification of delivery completed, if the delivery was successfully completed.
Notification of delivery failure, if the delivery failed to complete.
Parameters deliveryChannelName (string) The name of the delivery channel through which
the snapshot is delivered.
Return type dict
describe_configuration_recorder_status(ConfigurationRecorderNames=None)
Returns the current status of the specified configuration recorder. If a configuration recorder is not speci-
fied, this action returns the status of all configuration recorder associated with the account.
Parameters ConfigurationRecorderNames (list) The name(s) of the configuration recorder.
If the name is not specified, the action returns the current status of all the configuration
recorders associated with the account.
Return type dict
describe_configuration_recorders(ConfigurationRecorderNames=None)
Returns the name of one or more specified configuration recorders. If the recorder name is not specified,
this action returns the names of all the configuration recorders associated with the account.
Parameters ConfigurationRecorderNames (list) A list of configuration recorder names.
Return type dict
2.1. Services 91
describe_delivery_channel_status(DeliveryChannelNames=None)
Returns the current status of the specified delivery channel. If a delivery channel is not specified, this
action returns the current status of all delivery channels associated with the account.
Parameters DeliveryChannelNames (list) A list of delivery channel names.
Return type dict
describe_delivery_channels(DeliveryChannelNames=None)
Returns details about the specified delivery channel. If a delivery channel is not specified, this action
returns the details of all delivery channels associated with the account.
Parameters DeliveryChannelNames (list) A list of delivery channel names.
Return type dict
get_resource_config_history(resourceType, resourceId, laterTime=None, earlierTime=None,
chronologicalOrder=None, limit=None, nextToken=None)
Returns a list of configuration items for the specified resource. The list contains details about each state of
the resource during the specified time interval. You can specify a limit on the number of results returned
on the page. If a limit is specified, a nextToken is returned as part of the result that you can use to
continue this request.
Parameters
resourceType (string) The resource type.
resourceId (string) The ID of the resource (for example., sg-xxxxxx ).
laterTime (datetime) The time stamp that indicates a later time. If not specified, current
time is taken.
earlierTime (datetime) The time stamp that indicates an earlier time. If not specified,
the action returns paginated results that contain configuration items that start from when
the first configuration item was recorded.
chronologicalOrder (string) The chronological order for configuration items listed. By
default the results are listed in reverse chronological order.
limit (integer) The maximum number of configuration items returned in each page. The
default is 10. You cannot specify a limit greater than 100.
nextToken (string) An optional parameter used for pagination of the results.
Return type dict
put_configuration_recorder(ConfigurationRecorder)
Creates a new configuration recorder to record the resource configurations.
You can use this action to change the role (roleARN ) of an existing recorder. To change the role, call the
action on the existing configuration recorder and specify a role.
Parameters ConfigurationRecorder (dict) The configuration recorder object that records
each configuration change made to the resources.
Return type dict
put_delivery_channel(DeliveryChannel)
Creates a new delivery channel object to deliver the configuration information to an Amazon S3 bucket,
and to an Amazon SNS topic.
You can use this action to change the Amazon S3 bucket or an Amazon SNS topic of the existing delivery
channel. To change the Amazon S3 bucket or an Amazon SNS topic, call this action and specify the
changed values for the S3 bucket and the SNS topic. If you specify a different value for either the S3
bucket or the SNS topic, this action will keep the existing value for the parameter that is not changed.

Parameters DeliveryChannel (dict) The configuration delivery channel object that delivers
the configuration information to an Amazon S3 bucket, and to an Amazon SNS topic.
Return type dict
start_configuration_recorder(ConfigurationRecorderName)
Starts recording configurations of all the resources associated with the account.
You must have created at least one delivery channel to successfully start the configuration recorder.
Parameters ConfigurationRecorderName (string) The name of the recorder object that
records each configuration change made to the resources.
Return type dict
stop_configuration_recorder(ConfigurationRecorderName)
Stops recording configurations of all the resources associated with the account.
Parameters ConfigurationRecorderName (string) The name of the recorder object that
records each configuration change made to the resources.
Return type dict
2.1.12 AWS Data Pipeline
Table of Contents
AWS Data Pipeline
Client
Client
class datapipeline.Client
A low-level client representing AWS Data Pipeline:
import boto3
datapipeline = boto3.client(datapipeline)
activate_pipeline(pipelineId, parameterValues=None)
Validates a pipeline and initiates processing. If the pipeline does not pass validation, activation fails.
You cannot perform this operation on FINISHED pipelines and attempting to do so will return an In-
validRequestException.
Call this action to start processing pipeline tasks of a pipeline youve created using the CreatePipeline and
PutPipelineDefinition actions. A pipeline cannot be modified after it has been successfully activated.
Parameters
pipelineId (string) The identifier of the pipeline to activate.
parameterValues (list) Returns a list of parameter values to pass to the pipeline at
activation.
Return type dict
create_pipeline(name, uniqueId, description=None)
Creates a new empty pipeline. When this action succeeds, you can then use the PutPipelineDefinition
action to populate the pipeline.
2.1. Services 93
Parameters
name (string) The name of the new pipeline. You can use the same name for multiple
pipelines associated with your AWS account, because AWS Data Pipeline assigns each
new pipeline a unique pipeline identifier.
uniqueId (string) A unique identifier that you specify. This identifier is not the same as
the pipeline identifier assigned by AWS Data Pipeline. You are responsible for defining
the format and ensuring the uniqueness of this identifier. You use this parameter to ensure
idempotency during repeated calls to CreatePipeline . For example, if the first call to
CreatePipeline does not return a clear success, you can pass in the same unique identifier
and pipeline name combination on a subsequent call to CreatePipeline . CreatePipeline
ensures that if a pipeline already exists with the same name and unique identifier, a new
pipeline will not be created. Instead, youll receive the pipeline identifier from the previous
attempt. The uniqueness of the name and unique identifier combination is scoped to the
AWS account or IAM user credentials.
description (string) The description of the new pipeline.
Return type dict
delete_pipeline(pipelineId)
Permanently deletes a pipeline, its pipeline definition and its run history. You cannot query or restore a
deleted pipeline. AWS Data Pipeline will attempt to cancel instances associated with the pipeline that are
currently being processed by task runners. Deleting a pipeline cannot be undone.
To temporarily pause a pipeline instead of deleting it, call SetStatus with the status set to Pause on individ-
ual components. Components that are paused by SetStatus can be resumed.
Parameters pipelineId (string) The identifier of the pipeline to be deleted.
Return type dict
describe_objects(pipelineId, objectIds, evaluateExpressions=None, marker=None)
Returns the object definitions for a set of objects associated with the pipeline. Object definitions are
composed of a set of fields that define the properties of the object.
Parameters
pipelineId (string) Identifier of the pipeline that contains the object definitions.
objectIds (list) Identifiers of the pipeline objects that contain the definitions to be de-
scribed. You can pass as many as 25 identifiers in a single call to DescribeObjects.
evaluateExpressions (boolean) Indicates whether any expressions in the object should
be evaluated when the object descriptions are returned.
marker (string) The starting point for the results to be returned. The first time
you call DescribeObjects , this value should be empty. As long as the action returns
HasMoreResults as True , you can call DescribeObjects again and pass the marker
value from the response to retrieve the next set of results.
Return type dict
describe_pipelines(pipelineIds)
Retrieve metadata about one or more pipelines. The information retrieved includes the name of the
pipeline, the pipeline identifier, its current state, and the user account that owns the pipeline. Using account
credentials, you can retrieve metadata about pipelines that you or your IAM users have created. If you are
using an IAM user account, you can retrieve metadata about only those pipelines you have read permission
for.

To retrieve the full pipeline definition instead of metadata about the pipeline, call the GetPipelineDefinition
action.
Parameters pipelineIds (list) Identifiers of the pipelines to describe. You can pass as many
as 25 identifiers in a single call to DescribePipelines . You can obtain pipeline identifiers by
calling ListPipelines .
Return type dict
evaluate_expression(pipelineId, objectId, expression)
Evaluates a string in the context of a specified object. A task runner can use this action to evaluate SQL
queries stored in Amazon S3.
Parameters
pipelineId (string) The identifier of the pipeline.
objectId (string) The identifier of the object.
expression (string) The expression to evaluate.
Return type dict
get_pipeline_definition(pipelineId, version=None)
Returns the definition of the specified pipeline. You can call GetPipelineDefinition to retrieve the pipeline
definition you provided using PutPipelineDefinition .
Parameters
pipelineId (string) The identifier of the pipeline.
version (string) The version of the pipeline definition to retrieve. This parameter accepts
the values latest (default) and active . Where latest indicates the last definition
saved to the pipeline and active indicates the last definition of the pipeline that was
activated.
Return type dict
list_pipelines(marker=None)
Returns a list of pipeline identifiers for all active pipelines. Identifiers are returned only for pipelines you
have permission to access.
Parameters marker (string) The starting point for the results to be returned. The first
time you call ListPipelines , this value should be empty. As long as the action returns
HasMoreResults as True , you can call ListPipelines again and pass the marker value
from the response to retrieve the next set of results.
Return type dict
poll_for_task(workerGroup, hostname=None, instanceIdentity=None)
Task runners call this action to receive a task to perform from AWS Data Pipeline. The task runner specifies
which tasks it can perform by setting a value for the workerGroup parameter of the PollForTask call. The
task returned by PollForTask may come from any of the pipelines that match the workerGroup value passed
in by the task runner and that was launched using the IAM user credentials specified by the task runner.
If tasks are ready in the work queue, PollForTask returns a response immediately. If no tasks are available
in the queue, PollForTask uses long-polling and holds on to a poll connection for up to a 90 seconds during
which time the first newly scheduled task is handed to the task runner. To accomodate this, set the socket
timeout in your task runner to 90 seconds. The task runner should not call PollForTask again on the same
workerGroup until it receives a response, and this may take up to 90 seconds.
Parameters
2.1. Services 95
workerGroup (string) Indicates the type of task the task runner is configured to accept
and process. The worker group is set as a field on objects in the pipeline when they are
created. You can only specify a single value for workerGroup in the call to PollForTask
. There are no wildcard values permitted in workerGroup , the string must be an exact,
case-sensitive, match.
hostname (string) The public DNS name of the calling task runner.
instanceIdentity (dict) Identity information for the Amazon EC2 instance that
is hosting the task runner. You can get this value by calling the URI,
http://169.254.169.254/latest/meta-data/instance-id , from the
EC2 instance. For more information, go to Instance Metadata in the Amazon Elastic Com-
pute Cloud User Guide. Passing in this value proves that your task runner is running on
an EC2 instance, and ensures the proper AWS Data Pipeline service charges are applied to
your pipeline.
Return type dict
put_pipeline_definition(pipelineId, pipelineObjects, parameterObjects=None, parameterVal-
ues=None)
Adds tasks, schedules, and preconditions that control the behavior of the pipeline. You can use Put-
PipelineDefinition to populate a new pipeline.
PutPipelineDefinition also validates the configuration as it adds it to the pipeline. Changes to the
pipeline are saved unless one of the following three validation errors exists in the pipeline.
An object is missing a name or identifier field.

A string or reference field is empty.
The number of objects in the pipeline exceeds the maximum allowed objects.
The pipeline is in a FINISHED state.
Pipeline object definitions are passed to the PutPipelineDefinition action and returned by the Get-
PipelineDefinition action.
Parameters
pipelineId (string) The identifier of the pipeline to be configured.
pipelineObjects (list) The objects that define the pipeline. These will overwrite the
existing pipeline definition.
parameterObjects (list) A list of parameter objects used with the pipeline.
parameterValues (list) A list of parameter values used with the pipeline.
Return type dict
query_objects(pipelineId, sphere, query=None, marker=None, limit=None)
Queries a pipeline for the names of objects that match a specified set of conditions.
The objects returned by QueryObjects are paginated and then filtered by the value you set for query. This
means the action may return an empty result set with a value set for marker. If HasMoreResults is
set to True , you should continue to call QueryObjects , passing in the returned value for marker, until
HasMoreResults returns False .
Parameters
pipelineId (string) Identifier of the pipeline to be queried for object names.

query (dict) Query that defines the objects to be returned. The Query object can contain
a maximum of ten selectors. The conditions in the query are limited to top-level String
fields in the object. These filters can be applied to components, instances, and attempts.
sphere (string) Specifies whether the query applies to components or instances. Allow-
able values: COMPONENT , INSTANCE , ATTEMPT .
marker (string) The starting point for the results to be returned. The first time
you call QueryObjects , this value should be empty. As long as the action returns
HasMoreResults as True , you can call QueryObjects again and pass the marker
value from the response to retrieve the next set of results.
limit (integer) Specifies the maximum number of object names that QueryObjects will
return in a single call. The default value is 100.
Return type dict
report_task_progress(taskId, fields=None)
Updates the AWS Data Pipeline service on the progress of the calling task runner. When the task runner
is assigned a task, it should call ReportTaskProgress to acknowledge that it has the task within 2 minutes.
If the web service does not recieve this acknowledgement within the 2 minute window, it will assign the
task in a subsequent PollForTask call. After this initial acknowledgement, the task runner only needs to
report progress every 15 minutes to maintain its ownership of the task. You can change this reporting time
from 15 minutes by specifying a reportProgressTimeout field in your pipeline. If a task runner
does not report its status after 5 minutes, AWS Data Pipeline will assume that the task runner is unable to
process the task and will reassign the task in a subsequent response to PollForTask . task runners should
call ReportTaskProgress every 60 seconds.
Parameters
taskId (string) Identifier of the task assigned to the task runner. This value is provided
in the TaskObject that the service returns with the response for the PollForTask action.
fields (list) Key-value pairs that define the properties of the ReportTaskProgressInput
object.
Return type dict
report_task_runner_heartbeat(taskrunnerId, workerGroup=None, hostname=None)
Task runners call ReportTaskRunnerHeartbeat every 15 minutes to indicate that they are operational. In the
case of AWS Data Pipeline Task Runner launched on a resource managed by AWS Data Pipeline, the web
service can use this call to detect when the task runner application has failed and restart a new instance.
Parameters
taskrunnerId (string) The identifier of the task runner. This value should be unique
across your AWS account. In the case of AWS Data Pipeline Task Runner launched on
a resource managed by AWS Data Pipeline, the web service provides a unique identifier
when it launches the application. If you have written a custom task runner, you should
assign a unique identifier for the task runner.
workerGroup (string) Indicates the type of task the task runner is configured to accept
and process. The worker group is set as a field on objects in the pipeline when they are
created. You can only specify a single value for workerGroup in the call to Report-
TaskRunnerHeartbeat . There are no wildcard values permitted in workerGroup , the
string must be an exact, case-sensitive, match.
hostname (string) The public DNS name of the calling task runner.
Return type dict
2.1. Services 97
set_status(pipelineId, objectIds, status)

Requests that the status of an array of physical or logical pipeline objects be updated in the pipeline. This
update may not occur immediately, but is eventually consistent. The status that can be set depends on the
type of object, e.g. DataNode or Activity. You cannot perform this operation on FINISHED pipelines and
attempting to do so will return an InvalidRequestException.
Parameters
pipelineId (string) Identifies the pipeline that contains the objects.
objectIds (list) Identifies an array of objects. The corresponding objects can be either
physical or components, but not a mix of both types.
status (string) Specifies the status to be set on all the objects in objectIds . For
components, this can be either PAUSE or RESUME . For instances, this can be either
CANCEL , RERUN , or MARK_FINISHED .
Return type dict
set_task_status(taskId, taskStatus, errorId=None, errorMessage=None, errorStackTrace=None)
Notifies AWS Data Pipeline that a task is completed and provides information about the final status. The
task runner calls this action regardless of whether the task was sucessful. The task runner does not need to
call SetTaskStatus for tasks that are canceled by the web service during a call to ReportTaskProgress .
Parameters
taskId (string) Identifies the task assigned to the task runner. This value is set in the
TaskObject that is returned by the PollForTask action.
taskStatus (string) If FINISHED , the task successfully completed. If FAILED the task
ended unsuccessfully. The FALSE value is used by preconditions.
errorId (string) If an error occurred during the task, this value specifies an id value that
represents the error. This value is set on the physical attempt object. It is used to display
error information to the user. It should not start with string Service_ which is reserved
by the system.
errorMessage (string) If an error occurred during the task, this value specifies a text
description of the error. This value is set on the physical attempt object. It is used to
display error information to the user. The web service does not parse this value.
errorStackTrace (string) If an error occurred during the task, this value specifies the
stack trace associated with the error. This value is set on the physical attempt object. It is
used to display error information to the user. The web service does not parse this value.
Return type dict
validate_pipeline_definition(pipelineId, pipelineObjects, parameterObjects=None, param-
eterValues=None)
Tests the pipeline definition with a set of validation checks to ensure that it is well formed and can run
without error.
Parameters
pipelineId (string) Identifies the pipeline whose definition is to be validated.
pipelineObjects (list) A list of objects that define the pipeline changes to validate against
the pipeline.
parameterObjects (list) A list of parameter objects used with the pipeline.
parameterValues (list) A list of parameter values used with the pipeline.
Return type dict

2.1.13 AWS Direct Connect
Table of Contents
AWS Direct Connect
Client
Client
class directconnect.Client
A low-level client representing AWS Direct Connect:
import boto3
directconnect = boto3.client(directconnect)
allocate_connection_on_interconnect(bandwidth, connectionName, ownerAccount, inter-

connectId, vlan)
Creates a hosted connection on an interconnect.
Allocates a VLAN number and a specified amount of bandwidth for use by a hosted connection on the
given interconnect.
Parameters
bandwidth (string) Bandwidth of the connection.
Example: 500Mbps
Default: None
connectionName (string) Name of the provisioned connection.
Example: 500M Connection to AWS
Default: None
ownerAccount (string) Numeric account Id of the customer for whom the connection
will be provisioned.
Example: 123443215678
Default: None
interconnectId (string) ID of the interconnect on which the connection will be provi-
sioned.
Example: dxcon-456abc78
Default: None
vlan (integer) The dedicated VLAN provisioned to the connection.
Example: 101
Default: None
Return type dict
allocate_private_virtual_interface(connectionId, ownerAccount, newPrivateVirtualIn-
terfaceAllocation)
Provisions a private virtual interface to be owned by a different customer.
2.1. Services 99
The owner of a connection calls this function to provision a private virtual interface which will be owned
by another AWS customer.
Virtual interfaces created using this function must be confirmed by the virtual interface owner by call-
ing ConfirmPrivateVirtualInterface. Until this step has been completed, the virtual interface will be in
Confirming state, and will not be available for handling traffic.
Parameters
connectionId (string) The connection ID on which the private virtual interface is provi-
sioned.
Default: None
ownerAccount (string) The AWS account that will own the new private virtual interface.
Default: None
newPrivateVirtualInterfaceAllocation (dict) Detailed information for the private vir-
tual interface to be provisioned.
Default: None
Return type dict
allocate_public_virtual_interface(connectionId, ownerAccount, newPublicVirtualInter-
faceAllocation)
Provisions a public virtual interface to be owned by a different customer.
The owner of a connection calls this function to provision a public virtual interface which will be owned
by another AWS customer.
Virtual interfaces created using this function must be confirmed by the virtual interface owner by calling
ConfirmPublicVirtualInterface. Until this step has been completed, the virtual interface will be in Con-
firming state, and will not be available for handling traffic.
Parameters
connectionId (string) The connection ID on which the public virtual interface is provi-
sioned.
Default: None
ownerAccount (string) The AWS account that will own the new public virtual interface.
Default: None
newPublicVirtualInterfaceAllocation (dict) Detailed information for the public virtual
interface to be provisioned.
Default: None
Return type dict
confirm_connection(connectionId)
Confirm the creation of a hosted connection on an interconnect.
Upon creation, the hosted connection is initially in the Ordering state, and will remain in this state until
the owner calls ConfirmConnection to confirm creation of the hosted connection.
Parameters connectionId (string) ID of the connection.
Example: dxcon-fg5678gh
Default: None
Return type dict

confirm_private_virtual_interface(virtualInterfaceId, virtualGatewayId)
Accept ownership of a private virtual interface created by another customer.
After the virtual interface owner calls this function, the virtual interface will be created and attached to the
given virtual private gateway, and will be available for handling traffic.
Parameters
virtualInterfaceId (string) ID of the virtual interface.
Example: dxvif-123dfg56
Default: None
virtualGatewayId (string) ID of the virtual private gateway that will be attached to the
virtual interface.
A virtual private gateway can be managed via the Amazon Virtual Private Cloud (VPC)
console or the EC2 CreateVpnGateway action.
Default: None
Return type dict
confirm_public_virtual_interface(virtualInterfaceId)
Accept ownership of a public virtual interface created by another customer.
After the virtual interface owner calls this function, the specified virtual interface will be created and made
available for handling traffic.
Parameters virtualInterfaceId (string) ID of the virtual interface.
Default: None
Return type dict
create_connection(location, bandwidth, connectionName)
Creates a new connection between the customer network and a specific AWS Direct Connect location.
A connection links your internal network to an AWS Direct Connect location over a standard 1 gigabit or
10 gigabit Ethernet fiber-optic cable. One end of the cable is connected to your router, the other to an AWS
Direct Connect router. An AWS Direct Connect location provides access to Amazon Web Services in the
region it is associated with. You can establish connections with AWS Direct Connect locations in multiple
regions, but a connection in one region does not provide connectivity to other regions.
Parameters
location (string) Where the connection is located.
Example: EqSV5
Default: None
bandwidth (string) Bandwidth of the connection.
Example: 1Gbps
Default: None
connectionName (string) The name of the connection.
Example: My Connection to AWS
Default: None
Return type dict
2.1. Services 101

create_interconnect(interconnectName, bandwidth, location)

Creates a new interconnect between a AWS Direct Connect partners network and a specific AWS Direct
Connect location.
An interconnect is a connection which is capable of hosting other connections. The AWS Direct Connect
partner can use an interconnect to provide sub-1Gbps AWS Direct Connect service to tier 2 customers
who do not have their own connections. Like a standard connection, an interconnect links the AWS Direct
Connect partners network to an AWS Direct Connect location over a standard 1 Gbps or 10 Gbps Ethernet
fiber-optic cable. One end is connected to the partners router, the other to an AWS Direct Connect router.
For each end customer, the AWS Direct Connect partner provisions a connection on their interconnect
by calling AllocateConnectionOnInterconnect. The end customer can then connect to AWS resources by
creating a virtual interface on their connection, using the VLAN assigned to them by the AWS Direct
Connect partner.
Parameters
interconnectName (string) The name of the interconnect.
Example: 1G Interconnect to AWS
Default: None
bandwidth (string) The port bandwidth
Example: 1Gbps
Default: None
Available values: 1Gbps,10Gbps
location (string) Where the interconnect is located
Example: EqSV5
Default: None
Return type dict
create_private_virtual_interface(connectionId, newPrivateVirtualInterface)
Creates a new private virtual interface. A virtual interface is the VLAN that transports AWS Direct Connect
traffic. A private virtual interface supports sending traffic to a single virtual private cloud (VPC).
Parameters
connectionId (string) ID of the connection.
Default: None
newPrivateVirtualInterface (dict) Detailed information for the private virtual interface
to be created.
Default: None
Return type dict
create_public_virtual_interface(connectionId, newPublicVirtualInterface)
Creates a new public virtual interface. A virtual interface is the VLAN that transports AWS Direct Connect
traffic. A public virtual interface supports sending traffic to public services of AWS such as Amazon
Simple Storage Service (Amazon S3).
Parameters


Default: None
newPublicVirtualInterface (dict) Detailed information for the public virtual interface
to be created.
Default: None
Return type dict
delete_connection(connectionId)
Deletes the connection.
Deleting a connection only stops the AWS Direct Connect port hour and data transfer charges. You need
to cancel separately with the providers any services or charges for cross-connects or network circuits that
connect you to the AWS Direct Connect location.
Default: None
Return type dict
delete_interconnect(interconnectId)
Deletes the specified interconnect.
Parameters interconnectId (string) The ID of the interconnect.
Example: dxcon-abc123
Return type dict
delete_virtual_interface(virtualInterfaceId)
Deletes a virtual interface.
Parameters virtualInterfaceId (string) ID of the virtual interface.
Default: None
Return type dict
describe_connections(connectionId=None)
Displays all connections in this region.
If a connection ID is provided, the call returns only that particular connection.
Default: None
Return type dict
describe_connections_on_interconnect(interconnectId)
Return a list of connections that have been provisioned on the given interconnect.
Parameters interconnectId (string) ID of the interconnect on which a list of connection is
provisioned.
2.1. Services 103

Default: None
Return type dict
describe_interconnects(interconnectId=None)
Returns a list of interconnects owned by the AWS account.
If an interconnect ID is provided, it will only return this particular interconnect.
Parameters interconnectId (string) The ID of the interconnect.
Return type dict
describe_locations()
Returns the list of AWS Direct Connect locations in the current AWS region. These are the locations that
may be selected when calling CreateConnection or CreateInterconnect.
Return type dict
describe_virtual_gateways()
Returns a list of virtual private gateways owned by the AWS account.
You can create one or more AWS Direct Connect private virtual interfaces linking to a virtual private
gateway. A virtual private gateway can be managed via Amazon Virtual Private Cloud (VPC) console or
the EC2 CreateVpnGateway action.
Return type dict
describe_virtual_interfaces(connectionId=None, virtualInterfaceId=None)
Displays all virtual interfaces for an AWS account. Virtual interfaces deleted fewer than 15 minutes before
DescribeVirtualInterfaces is called are also returned. If a connection ID is included then only virtual
interfaces associated with this connection will be returned. If a virtual interface ID is included then only a
single virtual interface will be returned.
A virtual interface (VLAN) transmits the traffic between the AWS Direct Connect location and the cus-
tomer.
If a connection ID is provided, only virtual interfaces provisioned on the specified connection will be
returned. If a virtual interface ID is provided, only this particular virtual interface will be returned.
Parameters
Default: None
virtualInterfaceId (string) ID of the virtual interface.
Default: None
Return type dict
2.1.14 Amazon DynamoDB

Table of Contents
Amazon DynamoDB
Client
Client
class dynamodb.Client
A low-level client representing Amazon DynamoDB:
import boto3
dynamodb = boto3.client(dynamodb)
batch_get_item(RequestItems, ReturnConsumedCapacity=None)
The BatchGetItem operation returns the attributes of one or more items from one or more tables. You
identify requested items by primary key.
A single operation can retrieve up to 16 MB of data, which can contain as many as 100 items. BatchGetItem
will return a partial result if the response size limit is exceeded, the tables provisioned throughput is
exceeded, or an internal processing failure occurs. If a partial result is returned, the operation returns a
value for UnprocessedKeys . You can use this value to retry the operation starting with the next item to get.
For example, if you ask to retrieve 100 items, but each individual item is 300 KB in size, the system returns
52 items (so as not to exceed the 16 MB limit). It also returns an appropriate UnprocessedKeys value so
you can get the next page of results. If desired, your application can include its own logic to assemble the
pages of results into one data set.
If none of the items can be processed due to insufficient provisioned throughput on all of the tables in the
request, then BatchGetItem will return a ProvisionedThroughputExceededException . If at least one of the
items is successfully processed, then BatchGetItem completes successfully, while returning the keys of the
unread items in UnprocessedKeys .
Warning: If DynamoDB returns any unprocessed items, you should retry the batch operation on those
items. However, we strongly recommend that you use an exponential backoff algorithm . If you retry
the batch operation immediately, the underlying read or write requests can still fail due to throttling
on the individual tables. If you delay the batch operation using exponential backoff, the individual
requests in the batch are much more likely to succeed.
For more information, go to Batch Operations and Error Handling in the Amazon DynamoDB Devel-
oper Guide .
By default, BatchGetItem performs eventually consistent reads on every table in the request. If you want
strongly consistent reads instead, you can set ConsistentRead to true for any or all tables.
In order to minimize response latency, BatchGetItem retrieves items in parallel.
When designing your application, keep in mind that DynamoDB does not return attributes in any particular
order. To help parse the response by item, include the primary key values for the items in your request in
the AttributesToGet parameter.
If a requested item does not exist, it is not returned in the result. Requests for nonexistent items consume
the minimum read capacity units according to the type of read. For more information, see Capacity Units
Calculations in the Amazon DynamoDB Developer Guide .
Parameters
2.1. Services 105

RequestItems (dict) A map of one or more table names and, for each table, the cor-
responding primary keys for the items to retrieve. Each table name can be invoked only
once.
Each element in the map consists of the following:
Keys - An array of primary key attribute values that define specific items in the table.
For each primary key, you must provide all of the key attributes. For example, with a
hash type primary key, you only need to specify the hash attribute. For a hash-and-range
type primary key, you must specify both the hash attribute and the range attribute.
AttributesToGet - One or more attributes to be retrieved from the table. By default, all
attributes are returned. If a specified attribute is not found, it does not appear in the
result. Note that AttributesToGet has no effect on provisioned throughput consumption.
DynamoDB determines capacity units consumed based on item size, not on the amount
of data that is returned to an application.
ConsistentRead - If true , a strongly consistent read is used; if false (the default),
an eventually consistent read is used.
ReturnConsumedCapacity (string) A value that if set to TOTAL , the response includes
ConsumedCapacity data for tables and indexes. If set to INDEXES , the response includes
ConsumedCapacity for indexes. If set to NONE (the default), ConsumedCapacity is not
included in the response.
Return type dict
batch_write_item(RequestItems, ReturnConsumedCapacity=None, ReturnItemCollection-
Metrics=None)
The BatchWriteItem operation puts or deletes multiple items in one or more tables. A single call to Batch-
WriteItem can write up to 16 MB of data, which can comprise as many as 25 put or delete requests.
Individual items to be written can be as large as 400 KB.
The individual PutItem and DeleteItem operations specified in BatchWriteItem are atomic; however Batch-
WriteItem as a whole is not. If any requested operations fail because the tables provisioned through-
put is exceeded or an internal processing failure occurs, the failed operations are returned in the Unpro-
cessedItems response parameter. You can investigate and optionally resend the requests. Typically, you
would call BatchWriteItem in a loop. Each iteration would check for unprocessed items and submit a new
BatchWriteItem request with those unprocessed items until all items have been processed.
Note that if none of the items can be processed due to insufficient provisioned throughput on all of the
tables in the request, then BatchWriteItem will return a ProvisionedThroughputExceededException .
Warning: If DynamoDB returns any unprocessed items, you should retry the batch operation on those
items. However, we strongly recommend that you use an exponential backoff algorithm . If you retry
the batch operation immediately, the underlying read or write requests can still fail due to throttling
on the individual tables. If you delay the batch operation using exponential backoff, the individual
requests in the batch are much more likely to succeed.
For more information, go to Batch Operations and Error Handling in the Amazon DynamoDB Devel-
oper Guide .
With BatchWriteItem , you can efficiently write or delete large amounts of data, such as from Amazon
Elastic MapReduce (EMR), or copy data from another database into DynamoDB. In order to improve per-
formance with these large-scale operations, BatchWriteItem does not behave in the same way as individual
PutItem and DeleteItem calls would For example, you cannot specify conditions on individual put and
delete requests, and BatchWriteItem does not return deleted items in the response.
If you use a programming language that supports concurrency, such as Java, you can use threads to write
items in parallel. Your application must include the necessary logic to manage the threads. With languages

that dont support threading, such as PHP, you must update or delete the specified items one at a time.
In both situations, BatchWriteItem provides an alternative where the API performs the specified put and
delete operations in parallel, giving you the power of the thread pool approach without having to introduce
complexity into your application.
Parallel processing reduces latency, but each specified put and delete request consumes the same number
of write capacity units whether it is processed in parallel or not. Delete operations on nonexistent items
consume one write capacity unit.
If one or more of the following is true, DynamoDB rejects the entire batch write operation:
One or more tables specified in the BatchWriteItem request does not exist.
Primary key attributes specified on an item in the request do not match those in the corresponding
tables primary key schema.
You try to perform multiple operations on the same item in the same BatchWriteItem request. For
example, you cannot put and delete the same item in the same BatchWriteItem request.
There are more than 25 requests in the batch.
Any individual item in a batch exceeds 400 KB.
The total request size exceeds 16 MB.
Parameters
RequestItems (dict) A map of one or more table names and, for each table, a list of
operations to be performed (DeleteRequest or PutRequest ). Each element in the map
consists of the following:
DeleteRequest - Perform a DeleteItem operation on the specified item. The item to be
deleted is identified by a Key subelement: * Key - A map of primary key attribute values
that uniquely identify the ! item. Each entry in this map consists of an attribute name
and an attribute value. For each primary key, you must provide all of the key attributes.
For example, with a hash type primary key, you only need to specify the hash attribute.
For a hash-and-range type primary key, you must specify both the hash attribute and the
range attribute.
PutRequest - Perform a PutItem operation on the specified item. The item to be put is
identified by an Item subelement: * Item - A map of attributes and their values. Each
entry in this map consists of an attribute name and an attribute value. Attribute values
must not be null; string and binary type attributes must have lengths greater than zero;
and set type attributes must not be empty. Requests that contain empty values will be
rejected with a ValidationException exception. If you specify any attributes that are part
of an index key, then the data types for those attributes must match those of the schema
in the tables attribute definition.
ReturnItemCollectionMetrics (string) A value that if set to SIZE , the response in-
cludes statistics about item collections, if any, that were modified during the operation are
returned in the response. If set to NONE (the default), no statistics are returned.
Return type dict
2.1. Services 107

create_table(AttributeDefinitions, TableName, KeySchema, ProvisionedThroughput, LocalSec-

ondaryIndexes=None, GlobalSecondaryIndexes=None)
The CreateTable operation adds a new table to your account. In an AWS account, table names must be
unique within each region. That is, you can have two tables with same name if you create the tables in
different regions.
CreateTable is an asynchronous operation. Upon receiving a CreateTable request, DynamoDB immedi-
ately returns a response with a TableStatus of CREATING . After the table is created, DynamoDB sets the
TableStatus to ACTIVE . You can perform read and write operations only on an ACTIVE table.
If you want to create multiple tables with secondary indexes on them, you must create them sequentially.
Only one table with secondary indexes can be in the CREATING state at any given time.
You can use the DescribeTable API to check the table status.
Parameters
AttributeDefinitions (list) An array of attributes that describe the key schema for the
table and indexes.
TableName (string) The name of the table to create.
KeySchema (list) Specifies the attributes that make up the primary key for a table or an
index. The attributes in KeySchema must also be defined in the AttributeDefinitions array.
For more information, see Data Model in the Amazon DynamoDB Developer Guide .
Each KeySchemaElement in the array is composed of:
AttributeName - The name of this key attribute.
KeyType - Determines whether the key attribute is HASH or RANGE .
For a primary key that consists of a hash attribute, you must specify exactly one element
with a KeyType of HASH .
For a primary key that consists of hash and range attributes, you must specify exactly two
elements, in this order: The first element must have a KeyType of HASH , and the second
element must have a KeyType of RANGE .
For more information, see Specifying the Primary Key in the Amazon DynamoDB Devel-
oper Guide .
LocalSecondaryIndexes (list) One or more local secondary indexes (the maximum is
five) to be created on the table. Each index is scoped to a given hash key value. There is
a 10 GB size limit per hash key; otherwise, the size of a local secondary index is uncon-
strained.
Each local secondary index in the array includes the following:
IndexName - The name of the local secondary index. Must be unique only for this table.
KeySchema - Specifies the key schema for the local secondary index. The key schema
must begin with the same hash key attribute as the table.
Projection - Specifies attributes that are copied (projected) from the table into the index.
These are in addition to the primary key attributes and index key attributes, which are
automatically projected. Each attribute specification is composed of: * ProjectionType
- One of the following: * KEYS_ONLY - Only the index and primary keys are projected
into the index.
INCLUDE - Only the specified table attributes are projected into the index. The list of
projected attributes are in NonKeyAttributes .
ALL - All of the table attributes are projected into the index.

NonKeyAttributes - A list of one or more non-key attribute names that are projected
into the secondary index. The total count of attributes specified in NonKeyAttributes
, summed across all of the secondary indexes, must not exceed 20. If you project the
same attribute into two different indexes, this counts as two distinct attributes when
determining the total.
GlobalSecondaryIndexes (list) One or more global secondary indexes (the maximum
is five) to be created on the table. Each global secondary index in the array includes the
following:
IndexName - The name of the global secondary index. Must be unique only for this
table.
KeySchema - Specifies the key schema for the global secondary index.
Projection - Specifies attributes that are copied (projected) from the table into the index.
These are in addition to the primary key attributes and index key attributes, which are
automatically projected. Each attribute specification is composed of: * ProjectionType
- One of the following: * KEYS_ONLY - Only the index and primary keys are projected
into the index.
INCLUDE - Only the specified table attributes are projected into the index. The list of
projected attributes are in NonKeyAttributes .
ALL - All of the table attributes are projected into the index.
NonKeyAttributes - A list of one or more non-key attribute names that are projected
into the secondary index. The total count of attributes specified in NonKeyAttributes
, summed across all of the secondary indexes, must not exceed 20. If you project the
same attribute into two different indexes, this counts as two distinct attributes when
determining the total.
ProvisionedThroughput - The provisioned throughput settings for the global secondary
index, consisting of read and write capacity units.
ProvisionedThroughput (dict) Represents the provisioned throughput settings for a
specified table or index. The settings can be modified using the UpdateTable operation.
For current minimum and maximum provisioned throughput values, see Limits in the Ama-
zon DynamoDB Developer Guide .
Return type dict
delete_item(TableName, Key, Expected=None, ConditionalOperator=None, ReturnValues=None,
ReturnConsumedCapacity=None, ReturnItemCollectionMetrics=None, ConditionEx-
pression=None, ExpressionAttributeNames=None, ExpressionAttributeValues=None)
Deletes a single item in a table by primary key. You can perform a conditional delete operation that deletes
the item if it exists, or if it has an expected attribute value.
In addition to deleting an item, you can also return the items attribute values in the same operation, using
the ReturnValues parameter.
Unless you specify conditions, the DeleteItem is an idempotent operation; running it multiple times on the
same item or attribute does not result in an error response.
Conditional deletes are useful for deleting items only if specific conditions are met. If those conditions are
met, DynamoDB performs the delete. Otherwise, the item is not deleted.
Parameters
TableName (string) The name of the table from which to delete the item.
2.1. Services 109

Key (dict) A map of attribute names to AttributeValue objects, representing the primary
key of the item to delete.
For the primary key, you must provide all of the attributes. For example, with a hash
type primary key, you only need to specify the hash attribute. For a hash-and-range type
primary key, you must specify both the hash attribute and the range attribute.
Warning: There is a newer parameter available. Use ConditionExpression instead.

Note that if you use Expected and ConditionExpression at the same time, DynamoDB
Expected (dict)
will return a ValidationException exception.
This parameter does not support lists or maps.
A map of attribute/condition pairs. Expected provides a conditional block for the

DeleteItem operation.
Each element of Expected consists of an attribute name, a comparison operator, and one
or more values. DynamoDB compares the attribute with the value(s) you supplied, using
the comparison operator. For each Expected element, the result of the evaluation is either
true or false.
If you specify more than one element in the Expected map, then by default all of the
conditions must evaluate to true. In other words, the conditions are ANDed together. (You
can use the ConditionalOperator parameter to OR the conditions instead. If you do this,
then at least one of the conditions must evaluate to true, rather than all of them.)
If the Expected map evaluates to true, then the conditional operation succeeds; otherwise,
it fails.
Expected contains the following:
AttributeValueList - One or more values to evaluate against the supplied attribute. The
number of values in the list depends on the ComparisonOperator being used. For
type Number, value comparisons are numeric. String value comparisons for greater
than, equals, or less than are based on ASCII character code values. For exam-
ple, a is greater than A , and aa is greater than B . For a list of code values, see
http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters . For type Binary, Dy-
namoDB treats each byte of the binary data as unsigned when it compares binary values,
for example when evaluating query expressions.
ComparisonOperator - A comparator for evaluating attributes in the AttributeValueList
. When performing the comparison, DynamoDB uses strongly consistent reads. The
following comparison operators are available: EQ | NE | LE | LT | GE | GT
| NOT_NULL | NULL | CONTAINS | NOT_CONTAINS | BEGINS_WITH
| IN | BETWEEN The following are descriptions of each comparison operator. * EQ
: Equal. EQ is supported for all datatypes, including lists and maps. AttributeValueList
can contain only one AttributeValue element of type String, Number, Binary, String
Set, Number Set, or Binary Set. If an item contains an AttributeValue element of a
different type than the one specified in the request, the value does not match. For
example, {"S":"6"} does not equal {"N":"6"} . Also, {"N":"6"} does not
equal {"NS":["6", "2", "1"]} .
NE : Not equal. NE is supported for all datatypes, including lists and maps. Attribute-
ValueList can contain only one AttributeValue of type String, Number, Binary, String
Set, Number Set, or Binary Set. If an item contains an AttributeValue of a differ-
ent type than the one specified in the request, the value does not match. For exam-
ple, {"S":"6"} does not equal {"N":"6"} . Also, {"N":"6"} does not equal
{"NS":["6", "2", "1"]} .

LE : Less than or equal. AttributeValueList can contain only one AttributeValue element
of type String, Number, or Binary (not a set type). If an item contains an AttributeValue
element of a different type than the one specified in the request, the value does not
match. For example, {"S":"6"} does not equal {"N":"6"} . Also, {"N":"6"}
does not compare to {"NS":["6", "2", "1"]} .
LT : Less than. AttributeValueList can contain only one AttributeValue of type String,
Number, or Binary (not a set type). If an item contains an AttributeValue element of
a different type than the one specified in the request, the value does not match. For
compare to {"NS":["6", "2", "1"]} .
GE : Greater than or equal. AttributeValueList can contain only one AttributeValue ele-
ment of type String, Number, or Binary (not a set type). If an item contains an Attribute-
Value element of a different type than the one specified in the request, the value does not
GT : Greater than. AttributeValueList can contain only one AttributeValue element of
type String, Number, or Binary (not a set type). If an item contains an AttributeValue
NOT_NULL : The attribute exists. NOT_NULL is supported for all datatypes, including
lists and maps.
NULL : The attribute does not exist. NULL is supported for all datatypes, including lists
and maps.
CONTAINS : Checks for a subsequence, or value in a set. AttributeValueList can contain
only one AttributeValue element of type String, Number, or Binary (not a set type). If
the target attribute of the comparison is of type String, then the operator checks for a
substring match. If the target attribute of the comparison is of type Binary, then the
operator looks for a subsequence of the target that matches the input. If the target
attribute of the comparison is a set (SS , NS , or BS ), then the operator evaluates
to true if it finds an exact match with any member of the set. CONTAINS is supported
for lists: When evaluating a CONTAINS b , a can be a list; however, b cannot
be a set, a map, or a list.
NOT_CONTAINS : Checks for absence of a subsequence, or absence of a value in a set.
AttributeValueList can contain only one AttributeValue element of type String, Number,
or Binary (not a set type). If the target attribute of the comparison is a String, then
the operator checks for the absence of a substring match. If the target attribute of the
comparison is Binary, then the operator checks for the absence of a subsequence of the
target that matches the input. If the target attribute of the comparison is a set (SS ,
NS , or BS ), then the operator evaluates to true if it does not find an exact match
with any member of the set. NOT_CONTAINS is supported for lists: When evaluating
a NOT CONTAINS b , a can be a list; however, b cannot be a set, a map, or
a list.
BEGINS_WITH : Checks for a prefix. AttributeValueList can contain only one At-
tributeValue of type String or Binary (not a Number or a set type). The target attribute
of the comparison must be of type String or Binary (not a Number or a set type).
IN : Checks for matching elements within two sets. AttributeValueList can contain one
or more AttributeValue elements of type String, Number, or Binary (not a set type).
These attributes are compared against an existing set type attribute of an item. If any
2.1. Services 111

elements of the input set are present in the item attribute, the expression evaluates to
true.
BETWEEN : Greater than or equal to the first value, and less than or equal to the second
value. AttributeValueList must contain two AttributeValue elements of the same type,
either String, Number, or Binary (not a set type). A target attribute matches if the target
value is greater than, or equal to, the first element and less than, or equal to, the second
element. If an item contains an AttributeValue element of a different type than the one
specified in the request, the value does not match. For example, {"S":"6"} does not
compare to {"N":"6"} . Also, {"N":"6"} does not compare to {"NS":["6",
"2", "1"]}
For usage examples of AttributeValueList and ComparisonOperator , see Legacy Condi-
tional Parameters in the Amazon DynamoDB Developer Guide .
For backward compatibility with previous DynamoDB releases, the following parameters
can be used instead of AttributeValueList and ComparisonOperator :
Value - A value for DynamoDB to compare with an attribute.
Exists - A Boolean value that causes DynamoDB to evaluate the value before attempting
the conditional operation: * If Exists is true , DynamoDB will check to see if that
attribute value already exists in the table. If it is found, then the condition evaluates to
true; otherwise the condition evaluate to false.
If Exists is false , DynamoDB assumes that the attribute value does not exist in the
table. If in fact the value does not exist, then the assumption is valid and the condition
evaluates to true. If the value is found, despite the assumption that it does not exist, the
condition evaluates to false.
The Value and Exists parameters are incompatible with AttributeValueList and Compar-
isonOperator . Note that if you use both sets of parameters at once, DynamoDB will
return a ValidationException exception.
Warning: There is a newer parameter available. Use ConditionExpress

Note that if you use ConditionalOperator and ConditionExpression at the
ConditionalOperator (string)
DynamoDB will return a ValidationException exception.
A logical operator to apply to the conditions in the Expected map:

AND - If all of the conditions evaluate to true, then the entire map evaluates to true.
OR - If at least one of the conditions evaluate to true, then the entire map evaluates to
true.
If you omit ConditionalOperator , then AND is the default.
The operation will succeed only if the entire map evaluates to true.
ReturnValues (string) Use ReturnValues if you want to get the item attributes as they
appeared before they were deleted. For DeleteItem , the valid values are:
NONE - If ReturnValues is not specified, or if its value is NONE , then nothing is returned.
(This setting is the default for ReturnValues .)
ALL_OLD - The content of the old item is returned.


ConditionExpression (string) A condition that must be satisfied in order for a condi-
tional DeleteItem to succeed.
An expression can contain any of the following:
Boolean functions: ATTRIBUTE_EXIST | CONTAINS | BEGINS_WITH
Comparison operators: = | | | | = | = | BETWEEN | IN
Logical operators: NOT | AND | OR
ExpressionAttributeNames (dict) One or more substitution tokens for simplifying com-
plex expressions. The following are some use cases for an ExpressionAttributeNames
value:
To shorten an attribute name that is very long or unwieldy in an expression.
To create a placeholder for repeating occurrences of an attribute name in an expression.
To prevent special characters in an attribute name from being misinterpreted in an ex-
pression.
Use the # character in an expression to dereference an attribute name. For example, con-
sider the following expression:
order.customerInfo.LastName = "Smith" OR
order.customerInfo.LastName = "Jones"
Now suppose that you specified the following for ExpressionAttributeNames :
{"n":"order.customerInfo.LastName"}
The expression can now be simplified as follows:
#n = "Smith" OR #n = "Jones"
ExpressionAttributeValues (dict) One or more values that can be substituted in an
expression.
Use the : character in an expression to dereference an attribute value. For example, con-
ProductStatus IN ("Available","Backordered","Discontinued")
Now suppose that you specified the following for ExpressionAttributeValues :
{ "a":{"S":"Available"}, "b":{"S":"Backordered"},
"d":{"S":"Discontinued"} }
ProductStatus IN (:a,:b,:c)
Return type dict
delete_table(TableName)
The DeleteTable operation deletes a table and all of its items. After a DeleteTable request, the specified ta-
ble is in the DELETING state until DynamoDB completes the deletion. If the table is in the ACTIVE state,
2.1. Services 113

you can delete it. If a table is in CREATING or UPDATING states, then DynamoDB returns a ResourceI-
nUseException . If the specified table does not exist, DynamoDB returns a ResourceNotFoundException .
If table is already in the DELETING state, no error is returned.
When you delete a table, any indexes on that table are also deleted.
Use the DescribeTable API to check the status of the table.
Parameters TableName (string) The name of the table to delete.
Return type dict
describe_table(TableName)
Returns information about the table, including the current status of the table, when it was created, the
primary key schema, and any indexes on the table.
Parameters TableName (string) The name of the table to describe.
Return type dict
get_item(TableName, Key, AttributesToGet=None, ConsistentRead=None, ReturnConsumedCapac-
ity=None, ProjectionExpression=None, ExpressionAttributeNames=None)
The GetItem operation returns a set of attributes for the item with the given primary key. If there is no
matching item, GetItem does not return any data.
GetItem provides an eventually consistent read by default. If your application requires a strongly consistent
read, set ConsistentRead to true . Although a strongly consistent read might take more time than an
eventually consistent read, it always returns the last updated value.
Parameters
TableName (string) The name of the table containing the requested item.
Key (dict) A map of attribute names to AttributeValue objects, representing the primary
key of the item to retrieve.
Warning: There is a newer parameter available. Use ProjectionExpression inst

Note that if you use AttributesToGet and ProjectionExpression at the same time,
AttributesToGet (list) namoDB will return a ValidationException exception.
This parameter allows you to retrieve lists or maps; however, it cannot retrieve indi
ual list or map elements.
The names of one or more attributes to retrieve. If no attribute names are specified, then
all attributes will be returned. If any of the requested attributes are not found, they will not
appear in the result.
Note that AttributesToGet has no effect on provisioned throughput consumption. Dy-
namoDB determines capacity units consumed based on item size, not on the amount of
data that is returned to an application.
ConsistentRead (boolean) A value that if set to true , then the operation uses strongly
consistent reads; otherwise, eventually consistent reads are used.

ProjectionExpression (string) One or more attributes to retrieve from the table. These
attributes can include scalars, sets, or elements of a JSON document. The attributes in the
expression must be separated by commas.
If no attribute names are specified, then all attributes will be returned. If any of the re-
quested attributes are not found, they will not appear in the result.
value:
pression.
Return type dict
get_waiter(name)
table_exists
table_not_exists
list_tables(ExclusiveStartTableName=None, Limit=None)
Returns an array of table names associated with the current account and endpoint. The output from List-
Tables is paginated, with each page returning a maximum of 100 table names.
Parameters
ExclusiveStartTableName (string) The first table name that this operation will evaluate.
Use the value that was returned for LastEvaluatedTableName in a previous operation, so
that you can obtain the next page of results.
Limit (integer) A maximum number of table names to return. If this parameter is not
specified, the limit is 100.
Return type dict
put_item(TableName, Item, Expected=None, ReturnValues=None, ReturnConsumedCapacity=None,
ReturnItemCollectionMetrics=None, ConditionalOperator=None, ConditionExpres-
sion=None, ExpressionAttributeNames=None, ExpressionAttributeValues=None)
Creates a new item, or replaces an old item with a new item. If an item that has the same primary key
as the new item already exists in the specified table, the new item completely replaces the existing item.
You can perform a conditional put operation (add a new item if one with the specified primary key doesnt
exist), or replace an existing item if it has certain attribute values.
2.1. Services 115

In addition to putting an item, you can also return the items attribute values in the same operation, using
the ReturnValues parameter.
When you add an item, the primary key attribute(s) are the only required attributes. Attribute values cannot
be null. String and Binary type attributes must have lengths greater than zero. Set type attributes cannot
be empty. Requests with empty values will be rejected with a ValidationException exception.
You can request that PutItem return either a copy of the original item (before the update) or a copy of the
updated item (after the update). For more information, see the ReturnValues description below.
For more information about using this API, see Working with Items in the Amazon DynamoDB Developer
Guide .
Parameters
TableName (string) The name of the table to contain the item.
Item (dict) A map of attribute name/value pairs, one for each attribute. Only the primary
key attributes are required; you can optionally provide other attribute name-value pairs for
the item.
You must provide all of the attributes for the primary key. For example, with a hash
If you specify any attributes that are part of an index key, then the data types for those
attributes must match those of the schema in the tables attribute definition.
For more information about primary keys, see Primary Key in the Amazon DynamoDB
Developer Guide .
Each element in the Item map is an AttributeValue object.

Expected (dict)
A map of attribute/condition pairs. Expected provides a conditional block for the PutItem
operation.
true or false.
it fails.


equal {"NS":["6", "2", "1"]} .
{"NS":["6", "2", "1"]} .
compare to {"NS":["6", "2", "1"]} .
lists and maps.
and maps.
2.1. Services 117


a list.
true.
"2", "1"]}
appeared before they were updated with the PutItem request. For PutItem , the valid values

are:
ALL_OLD - If PutItem overwrote an attribute name-value pair, then the content of the
old item is returned.


true.
tional PutItem operation to succeed.
value:
pression.
2.1. Services 119


expression.
Return type dict
query(TableName, KeyConditions, IndexName=None, Select=None, AttributesToGet=None,
Limit=None, ConsistentRead=None, QueryFilter=None, ConditionalOperator=None, ScanIn-
dexForward=None, ExclusiveStartKey=None, ReturnConsumedCapacity=None, Projection-
Expression=None, FilterExpression=None, ExpressionAttributeNames=None, ExpressionAt-
tributeValues=None)
A Query operation directly accesses items from a table using the table primary key, or from an index using
the index key. You must provide a specific hash key value. You can narrow the scope of the query by using
comparison operators on the range key value, or on the index key. You can use the ScanIndexForward
parameter to get results in forward or reverse order, by range key or by index key.
Queries that do not return results consume the minimum number of read capacity units for that type of
read operation.
If the total number of items meeting the query criteria exceeds the result set size limit of 1 MB, the query
stops and results are returned to the user with LastEvaluatedKey to continue the query in a subsequent
operation. Unlike a Scan operation, a Query operation never returns both an empty result set and a LastE-
valuatedKey . The LastEvaluatedKey is only provided if the results exceed 1 MB, or if you have used Limit
.
You can query a table, a local secondary index, or a global secondary index. For a query on a table
or on a local secondary index, you can set ConsistentRead to true and obtain a strongly consistent result.
Global secondary indexes support eventually consistent reads only, so do not specify ConsistentRead when
querying a global secondary index.
Parameters
TableName (string) The name of the table containing the requested items.
IndexName (string) The name of an index to query. This index can be any local sec-
ondary index or global secondary index on the table.
Select (string) The attributes to be returned in the result. You can retrieve all item
attributes, specific item attributes, the count of matching items, or in the case of an index,
some or all of the attributes projected into the index.
ALL_ATTRIBUTES - Returns all of the item attributes from the specified table or in-
dex. If you query a local secondary index, then for each matching item in the index
DynamoDB will fetch the entire item from the parent table. If the index is configured to

project all item attributes, then all of the data can be obtained from the local secondary
index, and no fetching is required.
ALL_PROJECTED_ATTRIBUTES - Allowed only when querying an index. Retrieves
all attributes that have been projected into the index. If the index is configured to project
all attributes, this return value is equivalent to specifying ALL_ATTRIBUTES .
COUNT - Returns the number of matching items, rather than the matching items them-
selves.
SPECIFIC_ATTRIBUTES - Returns only the attributes listed in AttributesToGet .
This return value is equivalent to specifying AttributesToGet without specifying any
value for Select . If you query a local secondary index and request only attributes that
are projected into that index, the operation will read only the index and not the table.
If any of the requested attributes are not projected into the local secondary index, Dy-
namoDB will fetch each of these attributes from the parent table. This extra fetching
incurs additional throughput cost and latency. If you query a global secondary index,
you can only request attributes that are projected into the index. Global secondary index
queries cannot fetch attributes from the parent table.
If neither Select nor AttributesToGet are specified, DynamoDB defaults to
ALL_ATTRIBUTES when accessing a table, and ALL_PROJECTED_ATTRIBUTES
when accessing an index. You cannot use both Select and AttributesToGet together in a
single request, unless the value for Select is SPECIFIC_ATTRIBUTES . (This usage is
equivalent to specifying AttributesToGet without any value for Select .)

You cannot use both AttributesToGet and Select together in a Query request, unless the
value for Select is SPECIFIC_ATTRIBUTES . (This usage is equivalent to specifying
AttributesToGet without any value for Select .)
If you query a local secondary index and request only attributes that are projected into that
index, the operation will read only the index and not the table. If any of the requested
attributes are not projected into the local secondary index, DynamoDB will fetch each of
these attributes from the parent table. This extra fetching incurs additional throughput cost
and latency.
If you query a global secondary index, you can only request attributes that are projected
into the index. Global secondary index queries cannot fetch attributes from the parent
table.
Limit (integer) The maximum number of items to evaluate (not necessarily the number
of matching items). If DynamoDB processes the number of items up to the limit while
processing the results, it stops the operation and returns the matching values up to that
point, and a key in LastEvaluatedKey to apply in a subsequent operation, so that you can
2.1. Services 121

pick up where you left off. Also, if the processed data set size exceeds 1 MB before
DynamoDB reaches this limit, it stops the operation and returns the matching values up
to the limit, and a key in LastEvaluatedKey to apply in a subsequent operation to continue
the operation. For more information, see Query and Scan in the Amazon DynamoDB
Developer Guide .
ConsistentRead (boolean) A value that if set to true , then the operation uses strongly
consistent reads; otherwise, eventually consistent reads are used.
Strongly consistent reads are not supported on global secondary indexes. If you query
a global secondary index with ConsistentRead set to true , you will receive an error
message.
KeyConditions (dict) The selection criteria for the query. For a query on a table, you
can have conditions only on the table primary key attributes. You must specify the hash
key attribute name and value as an EQ condition. You can optionally specify a second
condition, referring to the range key attribute.
For a query on an index, you can have conditions only on the index key attributes. You
must specify the index hash attribute name and value as an EQ condition. You can option-
ally specify a second condition, referring to the index key range attribute.
Each KeyConditions element consists of an attribute name to compare, along with the
following:
AttributeValueList - One or more values to evaluate against the supplied attribute.
The number of values in the list depends on the ComparisonOperator being used.
For type Number, value comparisons are numeric. String value comparisons for
greater than, equals, or less than are based on ASCII character code values. For ex-
ample, a is greater than A , and aa is greater than B . For a list of code values,
see http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters . For Binary, Dy-
ComparisonOperator - A comparator for evaluating attributes, for example, equals,
greater than, less than, and so on. For KeyConditions , only the following com-
parison operators are supported: EQ | LE | LT | GE | GT | BEGINS_WITH
| BETWEEN The following are descriptions of these comparison operators. * EQ :
Equal. AttributeValueList can contain only one AttributeValue of type String, Number,
or Binary (not a set type). If an item contains an AttributeValue element of a differ-
{"NS":["6", "2", "1"]} .
compare to {"NS":["6", "2", "1"]} .

"2", "1"]}
Warning: There is a newer parameter available. Use FilterExpression instead. Note

that if you use QueryFilter and FilterExpression at the same time, DynamoDB will
QueryFilter (dict)
A condition that evaluates the query results and returns only the desired values.
If you specify more than one condition in the QueryFilter map, then by default all of the
Each QueryFilter element consists of an attribute name to compare, along with the follow-
ing:
number of values in the list depends on the operator specified in ComparisonOpera-
tor . For type Number, value comparisons are numeric. String value comparisons for
greater than, equals, or less than are based on ASCII character code values. For ex-
ample, a is greater than A , and aa is greater than B . For a list of code values, see
for example when evaluating query expressions. For information on specifying data
types in JSON, see JSON Data Format in the Amazon DynamoDB Developer Guide .
ComparisonOperator - A comparator for evaluating attributes. For example, equals,
greater than, less than, etc. The following comparison operators are available: EQ
| NE | LE | LT | GE | GT | NOT_NULL | NULL | CONTAINS |
NOT_CONTAINS | BEGINS_WITH | IN | BETWEEN For complete descrip-
tions of all comparison operators, see API_Condition.html .
2.1. Services 123


A logical operator to apply to the conditions in the QueryFilter map:

true.
ScanIndexForward (boolean) A value that specifies ascending (true) or descending
(false) traversal of the index. DynamoDB returns results reflecting the requested order
determined by the range key. If the data type is Number, the results are returned in numeric
order. For type String, the results are returned in order of ASCII character code values. For
type Binary, DynamoDB treats each byte of the binary data as unsigned when it compares
binary values.
If ScanIndexForward is not specified, the results are returned in ascending order.
ExclusiveStartKey (dict) The primary key of the first item that this operation will eval-
uate. Use the value that was returned for LastEvaluatedKey in the previous operation.
The data type for ExclusiveStartKey must be String, Number or Binary. No set data types
are allowed.
FilterExpression (string) A condition that evaluates the query results and returns only
the desired values.
The condition you specify is applied to the items queried; any items that do not match the
expression are not returned.
value:
pression.

expression.
Return type dict
scan(TableName, AttributesToGet=None, Limit=None, Select=None, ScanFilter=None, Condi-
tionalOperator=None, ExclusiveStartKey=None, ReturnConsumedCapacity=None, TotalSeg-
ments=None, Segment=None, ProjectionExpression=None, FilterExpression=None, Expression-
AttributeNames=None, ExpressionAttributeValues=None)
The Scan operation returns one or more items and item attributes by accessing every item in the table. To
have DynamoDB return fewer items, you can provide a ScanFilter operation.
If the total number of scanned items exceeds the maximum data set size limit of 1 MB, the scan stops and
results are returned to the user as a LastEvaluatedKey value to continue the scan in a subsequent operation.
The results also include the number of items exceeding the limit. A scan can result in no table data meeting
the filter criteria.
The result set is eventually consistent.
By default, Scan operations proceed sequentially; however, for faster performance on large tables, applica-
tions can request a parallel Scan operation by specifying the Segment and TotalSegments parameters. For
more information, see Parallel Scan in the Amazon DynamoDB Developer Guide .
Parameters
TableName (string) The name of the table containing the requested items.

2.1. Services 125


Limit (integer) The maximum number of items to evaluate (not necessarily the number
of matching items). If DynamoDB processes the number of items up to the limit while
processing the results, it stops the operation and returns the matching values up to that
point, and a key in LastEvaluatedKey to apply in a subsequent operation, so that you can
pick up where you left off. Also, if the processed data set size exceeds 1 MB before
DynamoDB reaches this limit, it stops the operation and returns the matching values up
to the limit, and a key in LastEvaluatedKey to apply in a subsequent operation to continue
the operation. For more information, see Query and Scan in the Amazon DynamoDB
Developer Guide .
Select (string) The attributes to be returned in the result. You can retrieve all item
attributes, specific item attributes, or the count of matching items.
ALL_ATTRIBUTES - Returns all of the item attributes.
COUNT - Returns the number of matching items, rather than the matching items them-
selves.
SPECIFIC_ATTRIBUTES - Returns only the attributes listed in AttributesToGet .
This return value is equivalent to specifying AttributesToGet without specifying any
value for Select .
If neither Select nor AttributesToGet are specified, DynamoDB defaults to
ALL_ATTRIBUTES . You cannot use both AttributesToGet and Select together in a
single request, unless the value for Select is SPECIFIC_ATTRIBUTES . (This usage is
equivalent to specifying AttributesToGet without any value for Select .)
Warning: There is a newer parameter available. Use FilterExpression instead. Note

that if you use ScanFilter and FilterExpression at the same time, DynamoDB will
ScanFilter (dict)
A condition that evaluates the scan results and returns only the desired values.
If you specify more than one condition in the ScanFilter map, then by default all of the
Each ScanFilter element consists of an attribute name to compare, along with the follow-
ing:
number of values in the list depends on the operator specified in ComparisonOper-
ator . For type Number, value comparisons are numeric. String value comparisons
for greater than, equals, or less than are based on ASCII character code values. For
example, a is greater than A , and aa is greater than B . For a list of code values,
see http://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters . For Binary, Dy-
for example when evaluating query expressions. For information on specifying data
types in JSON, see JSON Data Format in the Amazon DynamoDB Developer Guide .
ComparisonOperator - A comparator for evaluating attributes. For example, equals,
greater than, less than, etc. The following comparison operators are available: EQ
| NE | LE | LT | GE | GT | NOT_NULL | NULL | CONTAINS |

NOT_CONTAINS | BEGINS_WITH | IN | BETWEEN For complete descrip-

tions of all comparison operators, see Condition .

A logical operator to apply to the conditions in the ScanFilter map:

true.
ExclusiveStartKey (dict) The primary key of the first item that this operation will eval-
uate. Use the value that was returned for LastEvaluatedKey in the previous operation.
The data type for ExclusiveStartKey must be String, Number or Binary. No set data types
are allowed.
In a parallel scan, a Scan request that includes ExclusiveStartKey must specify the same
segment whose previous Scan returned the corresponding value of LastEvaluatedKey .
TotalSegments (integer) For a parallel Scan request, TotalSegments represents the total
number of segments into which the Scan operation will be divided. The value of TotalSeg-
ments corresponds to the number of application workers that will perform the parallel
scan. For example, if you want to scan a table using four application threads, specify a
TotalSegments value of 4.
The value for TotalSegments must be greater than or equal to 1, and less than or equal to
1000000. If you specify a TotalSegments value of 1, the Scan operation will be sequential
rather than parallel.
If you specify TotalSegments , you must also specify Segment .
Segment (integer) For a parallel Scan request, Segment identifies an individual segment
to be scanned by an application worker.
Segment IDs are zero-based, so the first segment is always 0. For example, if you want to
scan a table using four application threads, the first thread specifies a Segment value of 0,
the second thread specifies 1, and so on.
The value of LastEvaluatedKey returned from a parallel Scan request must be used as
ExclusiveStartKey with the same segment ID in a subsequent Scan operation.
The value for Segment must be greater than or equal to 0, and less than the value provided
for TotalSegments .
If you specify Segment , you must also specify TotalSegments .
2.1. Services 127

FilterExpression (string) A condition that evaluates the scan results and returns only
the desired values.
The condition you specify is applied to the items scanned; any items that do not match the
expression are not returned.
value:
pression.
expression.
Return type dict
update_item(TableName, Key, AttributeUpdates=None, Expected=None, ConditionalOpera-
tor=None, ReturnValues=None, ReturnConsumedCapacity=None, ReturnItem-
CollectionMetrics=None, UpdateExpression=None, ConditionExpression=None,
ExpressionAttributeNames=None, ExpressionAttributeValues=None)
Edits an existing items attributes, or adds a new item to the table if it does not already exist. You can
put, delete, or add attribute values. You can also perform a conditional update (insert a new attribute
name-value pair if it doesnt exist, or replace an existing name-value pair if it has certain expected attribute
values).

You can also return the items attribute values in the same UpdateItem operation using the ReturnValues
parameter.
Parameters
TableName (string) The name of the table containing the item to update.
Key (dict) The primary key of the item to be updated. Each element consists of an
attribute name and a value for that attribute.
Warning: There is a newer parameter available. Use UpdateExpression instead.

that if you use AttributeUpdates and UpdateExpression at the same time, Dynam
AttributeUpdates (dict) will return a ValidationException exception.
This parameter can be used for modifying top-level attributes; however, it doe
support individual list or map elements.
The names of attributes to be modified, the action to perform on each, and the new value for
each. If you are updating an attribute that is an index key attribute for any indexes on that
table, the attribute type must match the index key type defined in the AttributesDefinition
of the table description. You can use UpdateItem to update any nonkey attributes.
Attribute values cannot be null. String and Binary type attributes must have lengths greater
than zero. Set type attributes must not be empty. Requests with empty values will be
rejected with a ValidationException exception.
Each AttributeUpdates element consists of an attribute name to modify, along with the
following:
Value - The new value, if applicable, for this attribute.
Action - A value that specifies how to perform the update. This action is only valid for
an existing attribute whose data type is Number or is a set; do not use ADD for other
data types. If an item with the specified primary key is found in the table, the following
values perform the following actions: * PUT - Adds the specified attribute to the item.
If the attribute already exists, it is replaced by the new value.
DELETE - Removes the attribute and its value, if no value is specified for DELETE .
The data type of the specified value must match the existing values data type. If a set
of values is specified, then those values are subtracted from the old set. For example,
if the attribute value was the set [a,b,c] and the DELETE action specifies [a,c] ,
then the final attribute value is [b] . Specifying an empty set is an error.
ADD - Adds the specified value to the item, if the attribute does not already exist. If the
attribute does exist, then the behavior of ADD depends on the data type of the attribute:
* If the existing attribute is a number, and if Value is also a number, then Value is
mathematically added to the existing attribute. If Value is a negative number, then it is
subtracted from the existing attribute.
If the existing data type is a set, and if Value is also a set, then Value is appended to the
existing set. For example, if the attribute value is the set [1,2] , and the ADD action
specified [3] , then the final attribute value is [1,2,3] . An error occurs if an ADD
action is specified for a set attribute and the attribute type specified does not match the
existing set type. Both sets must have the same primitive data type. For example, if the
existing data type is a set of strings, Value must also be a set of strings.
2.1. Services 129

If no item with the specified key is found in the table, the following values perform the
following actions:
PUT - Causes DynamoDB to create a new item with the specified primary key, and then
adds the attribute.
DELETE - Causes nothing to happen; there is no attribute to delete.
ADD - Causes DynamoDB to creat an item with the supplied primary key and number
(or set of numbers) for the attribute value. The only data types allowed are Number and
Number Set.
If you specify any attributes that are part of an index key, then the data types for those
attributes must match those of the schema in the tables attribute definition.

Expected (dict)
A map of attribute/condition pairs. Expected provides a conditional block for the Up-
dateItem operation.
true or false.
it fails.
equal {"NS":["6", "2", "1"]} .

{"NS":["6", "2", "1"]} .
compare to {"NS":["6", "2", "1"]} .
lists and maps.
and maps.
a list.
2.1. Services 131

true.
"2", "1"]}


true.
appeared either before or after they were updated. For UpdateItem , the valid values are:

ALL_OLD - If UpdateItem overwrote an attribute name-value pair, then the content of
the old item is returned.
UPDATED_OLD - The old versions of only the updated attributes are returned.
ALL_NEW - All of the attributes of the new version of the item are returned.
UPDATED_NEW - The new versions of only the updated attributes are returned.
UpdateExpression (string) An expression that defines one or more attributes to be up-
dated, the action to be performed on them, and new value(s) for them.
The following action values are available for UpdateExpression .
SET - Adds one or more attributes and values to an item. If any of these attribute already
exist, they are replaced by the new values. You can also use SET to add or subtract
from an attribute that is of type Number. SET supports the following functions: *
if_not_exists (path, operand) - if the item does not contain an attribute at
the specified path, then if_not_exists evaluates to operand; otherwise, it evaluates
to path. You can use this function to avoid overwriting an attribute that may already be
present in the item.
list_append (operand, operand) - evaluates to a list with a new element
added to it. You can append the new element to the start or the end of the list by
reversing the order of the operands.
These function names are case-sensitive.
REMOVE - Removes one or more attributes from an item.
ADD - Adds the specified value to the item, if the attribute does not already exist. If the
attribute does exist, then the behavior of ADD depends on the data type of the attribute:
* If the existing attribute is a number, and if Value is also a number, then Value is
mathematically added to the existing attribute. If Value is a negative number, then it is
subtracted from the existing attribute.
If the existing data type is a set and if Value is also a set, then Value is added to the
existing set. For example, if the attribute value is the set [1,2] , and the ADD action
specified [3] , then the final attribute value is [1,2,3] . An error occurs if an ADD
action is specified for a set attribute and the attribute type specified does not match the
existing set type. Both sets must have the same primitive data type. For example, if the
existing data type is a set of strings, the Value must also be a set of strings.
Warning: The ADD action only supports Number and set data types. In addition, ADD
can only be used on top-level attributes, not nested attributes.
DELETE - Deletes an element from a set. If a set of values is specified, then those values
are subtracted from the old set. For example, if the attribute value was the set [a,b,c]
2.1. Services 133

and the DELETE action specifies [a,c] , then the final attribute value is [b] . Spec-
ifying an empty set is an error. .. warning::The DELETE action only supports Number
and set data types. In addition, DELETE can only be used on top-level attributes, not
nested attributes.
You can have many actions in a single expression, such as the following: SET
a=:value1, b=:value2 DELETE :value3, :value4, :value5
tional update to succeed.
value:
pression.
expression.

Return type dict
update_table(TableName, ProvisionedThroughput=None, GlobalSecondaryIndexUpdates=None)
Updates the provisioned throughput for the given table. Setting the throughput for a table helps you manage
performance and is part of the provisioned throughput feature of DynamoDB.
The provisioned throughput values can be upgraded or downgraded based on the maximums and mini-
mums listed in the Limits section in the Amazon DynamoDB Developer Guide .
The table must be in the ACTIVE state for this operation to succeed. UpdateTable is an asynchronous
operation; while executing the operation, the table is in the UPDATING state. While the table is in the
UPDATING state, the table still has the provisioned throughput from before the call. The new provisioned
throughput setting is in effect only when the table returns to the ACTIVE state after the UpdateTable
operation.
You cannot add, modify or delete indexes using UpdateTable . Indexes can only be defined at table creation
time.
Parameters
TableName (string) The name of the table to be updated.
ProvisionedThroughput (dict) Represents the provisioned throughput settings for a
specified table or index. The settings can be modified using the UpdateTable operation.
For current minimum and maximum provisioned throughput values, see Limits in the Ama-
zon DynamoDB Developer Guide .
GlobalSecondaryIndexUpdates (list) An array of one or more global secondary in-
dexes on the table, together with provisioned throughput settings for each index.
Return type dict
2.1.15 Amazon Elastic Compute Cloud
2.1. Services 135

Table of Contents
Amazon Elastic Compute Cloud
Client
Service Resource
DhcpOptions
Image
Instance
InternetGateway
KeyPair
NetworkAcl
NetworkInterface
PlacementGroup
RouteTable
RouteTableAssociation
SecurityGroup
Snapshot
Subnet
Tag
Volume
Vpc
VpcPeeringConnection
Client
class ec2.Client
A low-level client representing Amazon Elastic Compute Cloud:
import boto3
ec2 = boto3.client(ec2)
accept_vpc_peering_connection(DryRun=None, VpcPeeringConnectionId=None)
Accept a VPC peering connection request. To accept a request, the VPC peering connection must
be in the pending-acceptance state, and you must be the owner of the peer VPC. Use the
DescribeVpcPeeringConnections request to view your outstanding VPC peering connection re-
quests.
Parameters
DryRun (boolean)
VpcPeeringConnectionId (string) The ID of the VPC peering connection.
Return type dict
allocate_address(DryRun=None, Domain=None)
Acquires an Elastic IP address.
An Elastic IP address is for use either in the EC2-Classic platform or in a VPC. For more information, see
Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
Domain (string) Set to vpc to allocate the address for use with instances in a VPC.

Default: The address is for use with instances in EC2-Classic.

Return type dict
assign_private_ip_addresses(NetworkInterfaceId, PrivateIpAddresses=None, SecondaryPri-
vateIpAddressCount=None, AllowReassignment=None)
Assigns one or more secondary private IP addresses to the specified network interface. You can specify
one or more specific secondary IP addresses, or you can specify the number of secondary IP addresses to
be automatically assigned within the subnets CIDR block range. The number of secondary IP addresses
that you can assign to an instance varies by instance type. For information about instance types, see
Instance Types in the Amazon Elastic Compute Cloud User Guide . For more information about Elastic IP
addresses, see Elastic IP Addresses in the Amazon Elastic Compute Cloud User Guide .
AssignPrivateIpAddresses is available only in EC2-VPC.
Parameters
NetworkInterfaceId (string) The ID of the network interface.
PrivateIpAddresses (list) One or more IP addresses to be assigned as a secondary pri-
vate IP address to the network interface. You cant specify this parameter when also spec-
ifying a number of secondary IP addresses.
If you dont specify an IP address, Amazon EC2 automatically selects an IP address within
the subnet range.
SecondaryPrivateIpAddressCount (integer) The number of secondary IP addresses to
assign to the network interface. You cant specify this parameter when also specifying
private IP addresses.
AllowReassignment (boolean) Indicates whether to allow an IP address that is already
assigned to another network interface or instance to be reassigned to the specified network
interface.
Return type dict
associate_address(DryRun=None, InstanceId=None, PublicIp=None, AllocationId=None, Net-
workInterfaceId=None, PrivateIpAddress=None, AllowReassociation=None)
Associates an Elastic IP address with an instance or a network interface.
An Elastic IP address is for use in either the EC2-Classic platform or in a VPC. For more information, see
[EC2-Classic, VPC in an EC2-VPC-only account] If the Elastic IP address is already associated with a
different instance, it is disassociated from that instance and associated with the specified instance.
[VPC in an EC2-Classic account] If you dont specify a private IP address, the Elastic IP address is asso-
ciated with the primary IP address. If the Elastic IP address is already associated with a different instance
or a network interface, you get an error unless you allow reassociation.
This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesnt return
an error.
Parameters
DryRun (boolean)
InstanceId (string) The ID of the instance. This is required for EC2-Classic. For EC2-
VPC, you can specify either the instance ID or the network interface ID, but not both.
The operation fails if you specify an instance ID unless exactly one network interface is
attached.
PublicIp (string) The Elastic IP address. This is required for EC2-Classic.
2.1. Services 137

AllocationId (string) [EC2-VPC] The allocation ID. This is required for EC2-VPC.
NetworkInterfaceId (string) [EC2-VPC] The ID of the network interface. If the in-
stance has more than one network interface, you must specify a network interface ID.
PrivateIpAddress (string) [EC2-VPC] The primary or secondary private IP address to
associate with the Elastic IP address. If no private IP address is specified, the Elastic IP
address is associated with the primary private IP address.
AllowReassociation (boolean) [EC2-VPC] Allows an Elastic IP address that is already
associated with an instance or network interface to be re-associated with the specified
instance or network interface. Otherwise, the operation fails.
Default: false
Return type dict
associate_dhcp_options(DhcpOptionsId, VpcId, DryRun=None)
Associates a set of DHCP options (that youve previously created) with the specified VPC, or associates
no DHCP options with the VPC.
After you associate the options with the VPC, any existing instances and all new instances that you launch
in that VPC use the options. You dont need to restart or relaunch the instances. They automatically pick
up the changes within a few hours, depending on how frequently the instance renews its DHCP lease. You
can explicitly renew the lease using the operating system on the instance.
For more information, see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
DhcpOptionsId (string) The ID of the DHCP options set, or default to associate no
DHCP options with the VPC.
VpcId (string) The ID of the VPC.
Return type dict
associate_route_table(SubnetId, RouteTableId, DryRun=None)
Associates a subnet with a route table. The subnet and route table must be in the same VPC. This associ-
ation causes traffic originating from the subnet to be routed according to the routes in the route table. The
action returns an association ID, which you need in order to disassociate the route table from the subnet
later. A route table can be associated with multiple subnets.
For more information about route tables, see Route Tables in the Amazon Virtual Private Cloud User Guide
.
Parameters
DryRun (boolean)
SubnetId (string) The ID of the subnet.
RouteTableId (string) The ID of the route table.
Return type dict
attach_internet_gateway(InternetGatewayId, VpcId, DryRun=None)
Attaches an Internet gateway to a VPC, enabling connectivity between the Internet and the VPC. For more
information about your VPC and Internet gateway, see the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)

InternetGatewayId (string) The ID of the Internet gateway.

Return type dict
attach_network_interface(NetworkInterfaceId, InstanceId, DeviceIndex, DryRun=None)
Attaches a network interface to an instance.
Parameters
DryRun (boolean)
InstanceId (string) The ID of the instance.
DeviceIndex (integer) The index of the device for the network interface attachment.
Return type dict
attach_volume(VolumeId, InstanceId, Device, DryRun=None)
Attaches an Amazon EBS volume to a running or stopped instance and exposes it to the instance with the
specified device name.
Encrypted Amazon EBS volumes may only be attached to instances that support Amazon EBS encryption.
For more information, see Amazon EBS Encryption in the Amazon Elastic Compute Cloud User Guide .
For a list of supported device names, see Attaching an Amazon EBS Volume to an Instance . Any device
names that arent reserved for instance store volumes can be used for Amazon EBS volumes. For more
information, see Amazon EC2 Instance Store in the Amazon Elastic Compute Cloud User Guide .
If a volume has an AWS Marketplace product code:
The volume can only be attached as the root device of a stopped instance.
You must be subscribed to the AWS Marketplace code that is on the volume.
The configuration (instance type, operating system) of the instance must support that specific AWS
Marketplace code. For example, you cannot take a volume from a Windows instance and attach it to
a Linux instance.
AWS Marketplace product codes are copied from the volume to the instance.
For an overview of the AWS Marketplace, see https://aws.amazon.com/marketplace/help/200900000 . For
more information about how to use the AWS Marketplace, see AWS Marketplace .
For more information about Amazon EBS volumes, see Attaching Amazon EBS Volumes in the Amazon
Parameters
DryRun (boolean)
VolumeId (string) The ID of the Amazon EBS volume. The volume and instance must
be within the same Availability Zone.
Device (string) The device name to expose to the instance (for example, /dev/sdh or
xvdh ).
Return type dict
attach_vpn_gateway(VpnGatewayId, VpcId, DryRun=None)
Attaches a virtual private gateway to a VPC. For more information, see Adding a Hardware Virtual Private
Gateway to Your VPC in the Amazon Virtual Private Cloud User Guide .
2.1. Services 139

Parameters
DryRun (boolean)
VpnGatewayId (string) The ID of the virtual private gateway.
Return type dict
authorize_security_group_egress(GroupId, DryRun=None, SourceSecurityGroup-
Name=None, SourceSecurityGroupOwnerId=None,
IpProtocol=None, FromPort=None, ToPort=None,
CidrIp=None, IpPermissions=None)
Adds one or more egress rules to a security group for use with a VPC. Specifically, this action permits
instances to send traffic to one or more destination CIDR IP address ranges, or to one or more destination
security groups for the same VPC.
Warning: You can have up to 50 rules per security group (covering both ingress and egress rules).
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. This
action doesnt apply to security groups for use in EC2-Classic. For more information, see Security Groups
for Your VPC in the Amazon Virtual Private Cloud User Guide .
Each rule consists of the protocol (for example, TCP), plus either a CIDR range or a source group. For the
TCP and UDP protocols, you must also specify the destination port or port range. For the ICMP protocol,
you must also specify the ICMP type and code. You can use -1 for the type or code to mean all types or all
codes.
Rule changes are propagated to affected instances as quickly as possible. However, a small delay might
occur.
Parameters
DryRun (boolean)
GroupId (string) The ID of the security group.
SourceSecurityGroupName (string) [EC2-Classic, default VPC] The name of the des-
tination security group. You cant specify a destination security group and a CIDR IP
address range.
SourceSecurityGroupOwnerId (string) The ID of the destination security group. You
cant specify a destination security group and a CIDR IP address range.
IpProtocol (string) The IP protocol name (tcp , udp , icmp ) or number (see Protocol
Numbers ). Use -1 to specify all.
FromPort (integer) The start of port range for the TCP and UDP protocols, or an ICMP
type number. For the ICMP type number, use -1 to specify all ICMP types.
ToPort (integer) The end of port range for the TCP and UDP protocols, or an ICMP
code number. For the ICMP code number, use -1 to specify all ICMP codes for the ICMP
type.
CidrIp (string) The CIDR IP address range. You cant specify this parameter when
specifying a source security group.
IpPermissions (list) A set of IP permissions. You cant specify a destination security
group and a CIDR IP address range.
Return type dict

authorize_security_group_ingress(DryRun=None, GroupName=None, GroupId=None,

SourceSecurityGroupName=None, SourceSe-
curityGroupOwnerId=None, IpProtocol=None,
FromPort=None, ToPort=None, CidrIp=None, Ip-
Permissions=None)
Adds one or more ingress rules to a security group.
Warning: EC2-Classic: You can have up to 100 rules per group.

EC2-VPC: You can have up to 50 rules per group (covering both ingress and egress rules).
Rule changes are propagated to instances within the security group as quickly as possible. However, a
small delay might occur.
[EC2-Classic] This action gives one or more CIDR IP address ranges permission to access a security group
in your account, or gives one or more security groups (called the source groups ) permission to access a
security group for your account. A source group can be for your own AWS account, or another.
[EC2-VPC] This action gives one or more CIDR IP address ranges permission to access a security group
in your VPC, or gives one or more other security groups (called the source groups ) permission to access
a security group for your VPC. The security groups must all be for the same VPC.
Parameters
DryRun (boolean)
GroupName (string) [EC2-Classic, default VPC] The name of the security group.
SourceSecurityGroupName (string) [EC2-Classic, default VPC] The name of the
source security group. You cant specify a source security group and a CIDR IP address
range.
SourceSecurityGroupOwnerId (string) The ID of the source security group. You cant
specify a source security group and a CIDR IP address range.
type.
IpPermissions (list) A set of IP permissions. You cant specify a source security group
and a CIDR IP address range.
Return type dict
bundle_instance(InstanceId, Storage, DryRun=None)
Bundles an Amazon instance store-backed Windows instance.
During bundling, only the root device volume (C:) is bundled. Data on other instance store volumes is not
preserved.
Note: This procedure is not applicable for Linux/Unix instances or Windows instances that are backed by
Amazon EBS.
2.1. Services 141

For more information, see Creating an Instance Store-Backed Windows AMI .

Parameters
DryRun (boolean)
InstanceId (string) The ID of the instance to bundle.
Storage (dict) The bucket in which to store the AMI. You can specify a bucket that you
already own or a new bucket that Amazon EC2 creates on your behalf. If you specify a
bucket that belongs to someone else, Amazon EC2 returns an error.
Return type dict
cancel_bundle_task(BundleId, DryRun=None)
Cancels a bundling operation for an instance store-backed Windows instance.
Parameters
DryRun (boolean)
BundleId (string) The ID of the bundle task.
Return type dict
cancel_conversion_task(ConversionTaskId, DryRun=None, ReasonMessage=None)
Cancels an active conversion task. The task can be the import of an instance or volume. The action
removes all artifacts of the conversion, including a partially uploaded volume or instance. If the conversion
is complete or is in the process of transferring the final disk image, the command fails and returns an
exception.
For more information, see Using the Command Line Tools to Import Your Virtual Machine to Amazon
EC2 in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
ConversionTaskId (string) The ID of the conversion task.
ReasonMessage (string)
Return type dict
cancel_export_task(ExportTaskId)
Cancels an active export task. The request removes all artifacts of the export, including any partially-
created Amazon S3 objects. If the export task is complete or is in the process of transferring the final disk
image, the command fails and returns an error.
Parameters ExportTaskId (string) The ID of the export task. This is the ID returned by
CreateInstanceExportTask .
Return type dict
cancel_reserved_instances_listing(ReservedInstancesListingId)
Cancels the specified Reserved Instance listing in the Reserved Instance Marketplace.
For more information, see Reserved Instance Marketplace in the Amazon Elastic Compute Cloud User
Guide .
Parameters ReservedInstancesListingId (string) The ID of the Reserved Instance listing.
Return type dict

cancel_spot_instance_requests(SpotInstanceRequestIds, DryRun=None)
Cancels one or more Spot Instance requests. Spot Instances are instances that Amazon EC2 starts on your
behalf when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically
sets the Spot Price based on available Spot Instance capacity and current Spot Instance requests. For more
information about Spot Instances, see Spot Instances in the Amazon Elastic Compute Cloud User Guide .
Warning: Canceling a Spot Instance request does not terminate running Spot Instances associated
with the request.
Parameters
DryRun (boolean)
SpotInstanceRequestIds (list) One or more Spot Instance request IDs.
Return type dict
confirm_product_instance(ProductCode, InstanceId, DryRun=None)
Determines whether a product code is associated with an instance. This action can only be used by the
owner of the product code. It is useful when a product code owner needs to verify whether another users
instance is eligible for support.
Parameters
DryRun (boolean)
ProductCode (string) The product code. This must be a product code that you own.
Return type dict
copy_image(SourceRegion, SourceImageId, Name, DryRun=None, Description=None, ClientTo-
ken=None)
Initiates the copy of an AMI from the specified source region to the region in which the request was made.
You specify the destination region by using its endpoint when making the request. AMIs that use encrypted
Amazon EBS snapshots cannot be copied with this method.
For more information, see Copying AMIs in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
SourceRegion (string) The name of the region that contains the AMI to copy.
SourceImageId (string) The ID of the AMI to copy.
Name (string) The name of the new AMI in the destination region.
Description (string) A description for the new AMI in the destination region.
ClientToken (string) Unique, case-sensitive identifier you provide to ensure idempo-
tency of the request. For more information, see How to Ensure Idempotency in the Amazon
Return type dict
copy_snapshot(SourceRegion, SourceSnapshotId, DryRun=None, Description=None, Destination-
Region=None, PresignedUrl=None)
Copies a point-in-time snapshot of an Amazon EBS volume and stores it in Amazon S3. You can copy the
snapshot within the same region or from one region to another. You can use the snapshot to create Amazon
EBS volumes or Amazon Machine Images (AMIs). The snapshot is copied to the regional endpoint that
you send the HTTP request to.
2.1. Services 143

Copies of encrypted Amazon EBS snapshots remain encrypted. Copies of unencrypted snapshots remain
unencrypted.
For more information, see Copying an Amazon EBS Snapshot in the Amazon Elastic Compute Cloud User
Guide .
Parameters
DryRun (boolean)
SourceRegion (string) The ID of the region that contains the snapshot to be copied.
SourceSnapshotId (string) The ID of the Amazon EBS snapshot to copy.
Description (string) A description for the new Amazon EBS snapshot.
DestinationRegion (string) The destination region of the snapshot copy operation. This
parameter is required in the PresignedUrl .
PresignedUrl (string) The pre-signed URL that facilitates copying an encrypted
snapshot. This parameter is only required when copying an encrypted snapshot
with the Amazon EC2 Query API; it is available as an optional parameter in all
other cases. The PresignedUrl should use the snapshot source endpoint, the
CopySnapshot action, and include the SourceRegion , SourceSnapshotId ,
and DestinationRegion parameters. The PresignedUrl must be signed using
AWS Signature Version 4. Because Amazon EBS snapshots are stored in Amazon S3, the
signing algorithm for this parameter uses the same logic that is described in Authenticating
Requests by Using Query Parameters (AWS Signature Version 4) in the Amazon Simple
Storage Service API Reference . An invalid or improperly signed PresignedUrl will
cause the copy operation to fail asynchronously, and the snapshot will move to an error
state.
Return type dict
create_customer_gateway(Type, PublicIp, BgpAsn, DryRun=None)
Provides information to AWS about your VPN customer gateway device. The customer gateway is the
appliance at your end of the VPN connection. (The device on the AWS side of the VPN connection is
the virtual private gateway.) You must provide the Internet-routable IP address of the customer gateways
external interface. The IP address must be static and cant be behind a device performing network address
translation (NAT).
For devices that use Border Gateway Protocol (BGP), you can also provide the devices BGP Autonomous
System Number (ASN). You can use an existing ASN assigned to your network. If you dont have an ASN
already, you can use a private ASN (in the 64512 - 65534 range).
Note: Amazon EC2 supports all 2-byte ASN numbers in the range of 1 - 65534, with the exception
of 7224, which is reserved in the us-east-1 region, and 9059, which is reserved in the eu-west-1
region.
For more information about VPN customer gateways, see Adding a Hardware Virtual Private Gateway to
Your VPC in the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
Type (string) The type of VPN connection that this customer gateway supports
(ipsec.1 ).
PublicIp (string) The Internet-routable IP address for the customer gateways outside
interface. The address must be static.

BgpAsn (integer) For devices that support BGP, the customer gateways BGP ASN.
Default: 65000
Return type dict
create_dhcp_options(DhcpConfigurations, DryRun=None)
Creates a set of DHCP options for your VPC. After creating the set, you must associate it with the VPC,
causing all existing and new instances that you launch in the VPC to use this set of DHCP options. The
following are the individual DHCP options you can specify. For more information about the options, see
RFC 2132 .
domain-name-servers - The IP addresses of up to four domain name servers, or
AmazonProvidedDNS . The default DHCP option set specifies AmazonProvidedDNS . If spec-
ifying more than one domain name server, specify the IP addresses in a single parameter, separated
by commas.
domain-name - If youre using AmazonProvidedDNS in us-east-1 , specify ec2.internal
. If youre using AmazonProvidedDNS in another region, specify region.compute.internal
(for example, ap-northeast-1.compute.internal ). Otherwise, specify a domain name
(for example, MyCompany.com ). If specifying more than one domain name, separate them with
spaces.
ntp-servers - The IP addresses of up to four Network Time Protocol (NTP) servers.
netbios-name-servers - The IP addresses of up to four NetBIOS name servers.
netbios-node-type - The NetBIOS node type (1, 2, 4, or 8). We recommend that you specify 2
(broadcast and multicast are not currently supported). For more information about these node types,
see RFC 2132 .
Your VPC automatically starts out with a set of DHCP options that includes only a DNS server that we
provide (AmazonProvidedDNS). If you create a set of options, and if your VPC has an Internet gateway,
make sure to set the domain-name-servers option either to AmazonProvidedDNS or to a domain
name server of your choice. For more information about DHCP options, see DHCP Options Sets in the
Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
DhcpConfigurations (list) A DHCP configuration option.
Return type dict
create_image(InstanceId, Name, DryRun=None, Description=None, NoReboot=None, BlockDe-
viceMappings=None)
Creates an Amazon EBS-backed AMI from an Amazon EBS-backed instance that is either running or
stopped.
If you customized your instance with instance store volumes or EBS volumes in addition to the root device
volume, the new AMI contains block device mapping information for those volumes. When you launch
an instance from this new AMI, the instance automatically launches with those additional volumes.
For more information, see Creating Amazon EBS-Backed Linux AMIs in the Amazon Elastic Compute
Cloud User Guide .
Parameters
DryRun (boolean)
2.1. Services 145

Name (string) A name for the new image.

Constraints: 3-128 alphanumeric characters, parentheses (()), square brackets ([]), spaces
( ), periods (.), slashes (/), dashes (-), single quotes (), at-signs (@), or underscores(_)
Description (string) A description for the new image.
NoReboot (boolean) By default, this parameter is set to false , which means Amazon
EC2 attempts to shut down the instance cleanly before image creation and then reboots
the instance. When the parameter is set to true , Amazon EC2 doesnt shut down the
instance before creating the image. When this option is used, file system integrity on the
created image cant be guaranteed.
BlockDeviceMappings (list) Information about one or more block device mappings.
Return type dict
create_instance_export_task(InstanceId, Description=None, TargetEnvironment=None, Ex-
portToS3Task=None)
Exports a running or stopped instance to an Amazon S3 bucket.
For information about the supported operating systems, image formats, and known limitations for the
types of instances you can export, see Exporting EC2 Instances in the Amazon Elastic Compute Cloud
User Guide .
Parameters
Description (string) A description for the conversion task or the resource being exported.
The maximum length is 255 bytes.
TargetEnvironment (string) The target virtualization environment.
ExportToS3Task (dict)
Return type dict
create_internet_gateway(DryRun=None)
Creates an Internet gateway for use with a VPC. After creating the Internet gateway, you attach it to a VPC
using AttachInternetGateway .
For more information about your VPC and Internet gateway, see the Amazon Virtual Private Cloud User
Guide .
Parameters DryRun (boolean)
Return type dict
create_key_pair(KeyName, DryRun=None)
Creates a 2048-bit RSA key pair with the specified name. Amazon EC2 stores the public key and displays
the private key for you to save to a file. The private key is returned as an unencrypted PEM encoded
PKCS#8 private key. If a key with the specified name already exists, Amazon EC2 returns an error.
You can have up to five thousand key pairs per region.
The key pair returned to you is available only in the region in which you create it. To create a key pair that
is available in all regions, use ImportKeyPair .
For more information about key pairs, see Key Pairs in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)

KeyName (string) A unique name for the key pair.

Constraints: Up to 255 ASCII characters
Return type dict
create_network_acl(VpcId, DryRun=None)
Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (in addition to
security groups) for the instances in your VPC.
For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User
Guide .
Parameters
DryRun (boolean)
Return type dict
create_network_acl_entry(NetworkAclId, RuleNumber, Protocol, RuleAction, Egress, Cidr-
Block, DryRun=None, IcmpTypeCode=None, PortRange=None)
Creates an entry (a rule) in a network ACL with the specified rule number. Each network ACL has a
set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a
packet should be allowed in or out of a subnet associated with the ACL, we process the entries in the ACL
according to the rule numbers, in ascending order. Each network ACL has a set of ingress rules and a
separate set of egress rules.
We recommend that you leave room between the rule numbers (for example, 100, 110, 120, ...), and not
number them one right after the other (for example, 101, 102, 103, ...). This makes it easier to add a rule
between existing ones without having to renumber the rules.
After you add an entry, you cant modify it; you must either replace it, or create an entry and delete the old
one.
Guide .
Parameters
DryRun (boolean)
NetworkAclId (string) The ID of the network ACL.
RuleNumber (integer) The rule number for the entry (for example, 100). ACL entries
are processed in ascending order by rule number.
Constraints: Positive integer from 1 to 32766
Protocol (string) The protocol. A value of -1 means all protocols.
RuleAction (string) Indicates whether to allow or deny the traffic that matches the rule.
Egress (boolean) Indicates whether this is an egress rule (rule is applied to traffic leaving
the subnet).
CidrBlock (string) The network range to allow or deny, in CIDR notation (for example
172.16.0.0/24 ).
IcmpTypeCode (dict) ICMP protocol: The ICMP type and code. Required if specifying
ICMP for the protocol.
PortRange (dict) TCP or UDP protocols: The range of ports the rule applies to.
Return type dict
2.1. Services 147

create_network_interface(SubnetId, Description=None, PrivateIpAddress=None,

Groups=None, PrivateIpAddresses=None, SecondaryPrivateIpAd-
dressCount=None, DryRun=None)
Creates a network interface in the specified subnet.
For more information about network interfaces, see Elastic Network Interfaces in the Amazon Elastic
Compute Cloud User Guide .
Parameters
SubnetId (string) The ID of the subnet to associate with the network interface.
Description (string) A description for the network interface.
PrivateIpAddress (string) The primary private IP address of the network interface.
If you dont specify an IP address, Amazon EC2 selects one for you from the subnet
range. If you specify an IP address, you cannot indicate any IP addresses specified in
privateIpAddresses as primary (only one IP address can be designated as primary).
Groups (list) The IDs of one or more security groups.
PrivateIpAddresses (list) One or more private IP addresses.
SecondaryPrivateIpAddressCount (integer) The number of secondary private IP ad-
dresses to assign to a network interface. When you specify a number of secondary IP ad-
dresses, Amazon EC2 selects these IP addresses within the subnet range. You cant specify
this option and specify more than one private IP address using privateIpAddresses
.
The number of IP addresses you can assign to a network interface varies by instance type.
For more information, see Private IP Addresses Per ENI Per Instance Type in the Amazon
DryRun (boolean)
Return type dict
create_placement_group(GroupName, Strategy, DryRun=None)
Creates a placement group that you launch cluster instances into. You must give the group a name thats
unique within the scope of your account.
For more information about placement groups and cluster instances, see Cluster Instances in the Amazon
Parameters
DryRun (boolean)
GroupName (string) A name for the placement group.
Strategy (string) The placement strategy.
Return type dict
create_reserved_instances_listing(ReservedInstancesId, InstanceCount, PriceSchedules,
ClientToken)
Creates a listing for Amazon EC2 Reserved Instances to be sold in the Reserved Instance Marketplace.
You can submit one Reserved Instance listing at a time. To get a list of your Reserved Instances, you can
use the DescribeReservedInstances operation.
The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that
they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and
sold through the Reserved Instance Marketplace work like any other Reserved Instances.

To sell your Reserved Instances, you must first register as a Seller in the Reserved Instance Marketplace.
After completing the registration process, you can create a Reserved Instance Marketplace listing of some
or all of your Reserved Instances, and specify the upfront price to receive for them. Your Reserved Instance
listings then become available for purchase. To view the details of your Reserved Instance listing, you can
use the DescribeReservedInstancesListings operation.
Guide .
Parameters
ReservedInstancesId (string) The ID of the active Reserved Instance.
InstanceCount (integer) The number of instances that are a part of a Reserved Instance
account to be listed in the Reserved Instance Marketplace. This number should be less
than or equal to the instance count associated with the Reserved Instance ID specified in
this call.
PriceSchedules (list) A list specifying the price of the Reserved Instance for each month
remaining in the Reserved Instance term.
ClientToken (string) Unique, case-sensitive identifier you provide to ensure idempo-
tency of your listings. This helps avoid duplicate listings. For more information, see
Ensuring Idempotency in the Amazon Elastic Compute Cloud User Guide .
Return type dict
create_route(RouteTableId, DestinationCidrBlock, DryRun=None, GatewayId=None, Instan-
ceId=None, NetworkInterfaceId=None, VpcPeeringConnectionId=None)
Creates a route in a route table within a VPC.
You must specify one of the following targets: Internet gateway or virtual private gateway, NAT instance,
VPC peering connection, or network interface.
When determining how to route traffic, we use the route with the most specific match. For example, lets
say the traffic is destined for 192.0.2.3 , and the route table includes the following two routes:
192.0.2.0/24 (goes to some target A)
192.0.2.0/28 (goes to some target B)
Both routes apply to the traffic destined for 192.0.2.3 . However, the second route in the list covers a
smaller number of IP addresses and is therefore more specific, so we use that route to determine where to
target the traffic.
.
Parameters
DryRun (boolean)
RouteTableId (string) The ID of the route table for the route.
DestinationCidrBlock (string) The CIDR address block used for the destination match.
Routing decisions are based on the most specific match.
GatewayId (string) The ID of an Internet gateway or virtual private gateway attached to
your VPC.
InstanceId (string) The ID of a NAT instance in your VPC. The operation fails if you
specify an instance ID unless exactly one network interface is attached.
NetworkInterfaceId (string) The ID of a network interface.
2.1. Services 149

VpcPeeringConnectionId (string) The ID of a VPC peering connection.

Return type dict
create_route_table(VpcId, DryRun=None)
Creates a route table for the specified VPC. After you create a route table, you can add routes and associate
the table with a subnet.
.
Parameters
DryRun (boolean)
Return type dict
create_security_group(GroupName, Description, DryRun=None, VpcId=None)
Creates a security group.
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For
more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide
and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide .
Warning: EC2-Classic: You can have up to 500 security groups.

EC2-VPC: You can create up to 100 security groups per VPC.
When you create a security group, you specify a friendly name of your choice. You can have a security
group for use in EC2-Classic with the same name as a security group for use in a VPC. However, you cant
have two security groups for use in EC2-Classic with the same name or two security groups for use in a
VPC with the same name.
You have a default security group for use in EC2-Classic and a default security group for use in your
VPC. If you dont specify a security group when you launch an instance, the instance is launched into the
appropriate default security group. A default security group includes a default rule that grants instances
unrestricted network access to each other.
You can add or remove rules from your security groups using AuthorizeSecurityGroupIngress , Autho-
rizeSecurityGroupEgress , RevokeSecurityGroupIngress , and RevokeSecurityGroupEgress .
Parameters
DryRun (boolean)
GroupName (string) The name of the security group.
Constraints: Up to 255 characters in length
Constraints for EC2-Classic: ASCII characters
Constraints for EC2-VPC: a-z, A-Z, 0-9, spaces, and ._-:/()#,@[]+=;{}!$*
Description (string) A description for the security group. This is informational only.
VpcId (string) [EC2-VPC] The ID of the VPC. Required for EC2-VPC.
Return type dict

create_snapshot(VolumeId, DryRun=None, Description=None)

Creates a snapshot of an Amazon EBS volume and stores it in Amazon S3. You can use snapshots for
backups, to make copies of Amazon EBS volumes, and to save data before shutting down an instance.
When a snapshot is created, any AWS Marketplace product codes that are associated with the source
volume are propagated to the snapshot.
You can take a snapshot of an attached volume that is in use. However, snapshots only capture data that
has been written to your Amazon EBS volume at the time the snapshot command is issued; this may
exclude any data that has been cached by any applications or the operating system. If you can pause any
file systems on the volume long enough to take a snapshot, your snapshot should be complete. However, if
you cannot pause all file writes to the volume, you should unmount the volume from within the instance,
issue the snapshot command, and then remount the volume to ensure a consistent and complete snapshot.
You may remount and use your volume while the snapshot status is pending .
To create a snapshot for Amazon EBS volumes that serve as root devices, you should stop the instance
before taking the snapshot.
Snapshots that are taken from encrypted volumes are automatically encrypted. Volumes that are created
from encrypted snapshots are also automatically encrypted. Your encrypted volumes and any associated
snapshots always remain protected.
For more information, see Amazon Elastic Block Store and Amazon EBS Encryption in the Amazon Elastic
Parameters
DryRun (boolean)
VolumeId (string) The ID of the Amazon EBS volume.
Description (string) A description for the snapshot.
Return type dict
create_spot_datafeed_subscription(Bucket, DryRun=None, Prefix=None)
Creates a datafeed for Spot Instances, enabling you to view Spot Instance usage logs. You can create one
data feed per AWS account. For more information, see Spot Instances in the Amazon Elastic Compute
Cloud User Guide .
Parameters
DryRun (boolean)
Bucket (string) The Amazon S3 bucket in which to store the Spot Instance datafeed.
Constraints: Must be a valid bucket associated with your AWS account.
Prefix (string) A prefix for the datafeed file names.
Return type dict
create_subnet(VpcId, CidrBlock, DryRun=None, AvailabilityZone=None)
Creates a subnet in an existing VPC.
When you create each subnet, you provide the VPC ID and the CIDR block you want for the subnet. After
you create a subnet, you cant change its CIDR block. The subnets CIDR block can be the same as the
VPCs CIDR block (assuming you want only a single subnet in the VPC), or a subset of the VPCs CIDR
block. If you create more than one subnet in a VPC, the subnets CIDR blocks must not overlap. The
smallest subnet (and VPC) you can create uses a /28 netmask (16 IP addresses), and the largest uses a /16
netmask (65,536 IP addresses).
2.1. Services 151

Warning: AWS reserves both the first four and the last IP address in each subnets CIDR block.
Theyre not available for use.
If you add more than one subnet to a VPC, theyre set up in a star topology with a logical router in the
middle.
If you launch an instance in a VPC using an Amazon EBS-backed AMI, the IP address doesnt change
if you stop and restart the instance (unlike a similar instance launched outside a VPC, which gets a new
IP address when restarted). Its therefore possible to have a subnet with no running instances (theyre all
stopped), but no remaining IP addresses available.
For more information about subnets, see Your VPC and Subnets in the Amazon Virtual Private Cloud User
Guide .
Parameters
DryRun (boolean)
CidrBlock (string) The network range for the subnet, in CIDR notation. For example,
10.0.0.0/24 .
AvailabilityZone (string) The Availability Zone for the subnet.
Default: Amazon EC2 selects one for you (recommended).
Return type dict
create_tags(Resources, Tags, DryRun=None)
Adds or overwrites one or more tags for the specified EC2 resource or resources. Each resource can have a
maximum of 10 tags. Each tag consists of a key and optional value. Tag keys must be unique per resource.
For more information about tags, see Tagging Your Resources in the Amazon Elastic Compute Cloud User
Guide .
Parameters
DryRun (boolean)
Resources (list) The IDs of one or more resources to tag. For example, ami-1a2b3c4d.
Tags (list) One or more tags. The value parameter is required, but if you dont want
the tag to have a value, specify the parameter with no value, and we set the value to an
empty string.
Return type dict
create_volume(AvailabilityZone, DryRun=None, Size=None, SnapshotId=None, Volume-
Type=None, Iops=None, Encrypted=None, KmsKeyId=None)
Creates an Amazon EBS volume that can be attached to an instance in the same Availability Zone. The
volume is created in the specified region.
You can create a new empty volume or restore a volume from an Amazon EBS snapshot. Any AWS
Marketplace product codes from the snapshot are propagated to the volume.
You can create encrypted volumes with the Encrypted parameter. Encrypted volumes may only be
attached to instances that support Amazon EBS encryption. Volumes that are created from encrypted
snapshots are also automatically encrypted. For more information, see Amazon EBS Encryption in the
For more information, see Creating or Restoring an Amazon EBS Volume in the Amazon Elastic Compute
Cloud User Guide .

Parameters
DryRun (boolean)
Size (integer) The size of the volume, in GiBs.
Constraints: If the volume type is io1 , the minimum size of the volume is 4 GiB.
Default: If youre creating the volume from a snapshot and dont specify a volume size,
the default is the snapshot size.
SnapshotId (string) The snapshot from which to create the volume.
AvailabilityZone (string) The Availability Zone in which to create the volume. Use
DescribeAvailabilityZones to list the Availability Zones that are currently available to you.
VolumeType (string) The volume type. This can be gp2 for General Purpose (SSD) vol-
umes, io1 for Provisioned IOPS (SSD) volumes, or standard for Magnetic volumes.
Default: standard
Iops (integer) Only valid for Provisioned IOPS (SSD) volumes. The number of I/O
operations per second (IOPS) to provision for the volume.
Encrypted (boolean) Specifies whether the volume should be encrypted.
KmsKeyId (string) The full ARN of the AWS Key Management Service (KMS) Cus-
tomer Master Key (CMK) to use when creating the encrypted volume. This parameter is
only required if you want to use a non-default CMK; if this parameter is not specified, the
default CMK is used. The ARN contains the arn:aws:kms namespace, followed by the
region of the CMK, the AWS account ID of the CMK owner, the key namespace, and then
the CMK ID. For example, arn:aws:kms:us-east-1 :012345678910 :key/abcd1234-a123-
456a-a12b-a123b4cd56ef .
Return type dict
create_vpc(CidrBlock, DryRun=None, InstanceTenancy=None)
Creates a VPC with the specified CIDR block.
The smallest VPC you can create uses a /28 netmask (16 IP addresses), and the largest uses a /16 netmask
(65,536 IP addresses). To help you decide how big to make your VPC, see Your VPC and Subnets in the
By default, each instance you launch in the VPC has the default DHCP options, which includes only a
default DNS server that we provide (AmazonProvidedDNS). For more information about DHCP options,
see DHCP Options Sets in the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
CidrBlock (string) The network range for the VPC, in CIDR notation. For example,
10.0.0.0/16 .
InstanceTenancy (string) The supported tenancy options for instances launched into the
VPC. A value of default means that instances can be launched with any tenancy; a value
of dedicated means all instances launched into the VPC are launched as dedicated
tenancy instances regardless of the tenancy assigned to the instance at launch. Dedicated
tenancy instances run on single-tenant hardware.
Default: default
Return type dict
2.1. Services 153

create_vpc_peering_connection(DryRun=None, VpcId=None, PeerVpcId=None,

PeerOwnerId=None)
Requests a VPC peering connection between two VPCs: a requester VPC that you own and a peer VPC
with which to create the connection. The peer VPC can belong to another AWS account. The requester
VPC and peer VPC cannot have overlapping CIDR blocks.
The owner of the peer VPC must accept the peering request to activate the peering connection. The VPC
peering connection request expires after 7 days, after which it cannot be accepted or rejected.
A CreateVpcPeeringConnection request between VPCs with overlapping CIDR blocks results in
the VPC peering connection having a status of failed .
Parameters
DryRun (boolean)
VpcId (string) The ID of the requester VPC.
PeerVpcId (string) The ID of the VPC with which you are creating the VPC peering
connection.
PeerOwnerId (string) The AWS account ID of the owner of the peer VPC.
Default: Your AWS account ID
Return type dict
create_vpn_connection(Type, CustomerGatewayId, VpnGatewayId, DryRun=None, Op-
tions=None)
Creates a VPN connection between an existing virtual private gateway and a VPN customer gateway. The
only supported connection type is ipsec.1 .
The response includes information that you need to give to your network administrator to configure your
customer gateway.
Warning: We strongly recommend that you use HTTPS when calling this operation because the
response contains sensitive cryptographic information for configuring your customer gateway.
If you decide to shut down your VPN connection for any reason and later create a new VPN connection,
you must reconfigure your customer gateway with the new information returned from this call.
For more information about VPN connections, see Adding a Hardware Virtual Private Gateway to Your
VPC in the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
Type (string) The type of VPN connection (ipsec.1 ).
CustomerGatewayId (string) The ID of the customer gateway.
Options (dict) Indicates whether the VPN connection requires static routes. If you are
creating a VPN connection for a device that does not support BGP, you must specify true
.
Default: false
Return type dict
create_vpn_connection_route(VpnConnectionId, DestinationCidrBlock)
Creates a static route associated with a VPN connection between an existing virtual private gateway and a

VPN customer gateway. The static route allows traffic to be routed from the virtual private gateway to the
VPN customer gateway.
Parameters
VpnConnectionId (string) The ID of the VPN connection.
DestinationCidrBlock (string) The CIDR block associated with the local subnet of the
customer network.
Return type dict
create_vpn_gateway(Type, DryRun=None, AvailabilityZone=None)
Creates a virtual private gateway. A virtual private gateway is the endpoint on the VPC side of your VPN
connection. You can create a virtual private gateway before creating the VPC itself.
For more information about virtual private gateways, see Adding a Hardware Virtual Private Gateway to
Parameters
DryRun (boolean)
Type (string) The type of VPN connection this virtual private gateway supports.
AvailabilityZone (string) The Availability Zone for the virtual private gateway.
Return type dict
delete_customer_gateway(CustomerGatewayId, DryRun=None)
Deletes the specified customer gateway. You must delete the VPN connection before you can delete the
customer gateway.
Parameters
DryRun (boolean)
CustomerGatewayId (string) The ID of the customer gateway.
Return type dict
delete_dhcp_options(DhcpOptionsId, DryRun=None)
Deletes the specified set of DHCP options. You must disassociate the set of DHCP options before you can
delete it. You can disassociate the set of DHCP options by associating either a new set of options or the
default set of options with the VPC.
Parameters
DryRun (boolean)
DhcpOptionsId (string) The ID of the DHCP options set.
Return type dict
delete_internet_gateway(InternetGatewayId, DryRun=None)
Deletes the specified Internet gateway. You must detach the Internet gateway from the VPC before you
can delete it.
Parameters
DryRun (boolean)
2.1. Services 155

Return type dict

delete_key_pair(KeyName, DryRun=None)
Deletes the specified key pair, by removing the public key from Amazon EC2.
Parameters
DryRun (boolean)
KeyName (string) The name of the key pair.
Return type dict
delete_network_acl(NetworkAclId, DryRun=None)
Deletes the specified network ACL. You cant delete the ACL if its associated with any subnets. You cant
delete the default network ACL.
Parameters
DryRun (boolean)
Return type dict
delete_network_acl_entry(NetworkAclId, RuleNumber, Egress, DryRun=None)
Deletes the specified ingress or egress entry (rule) from the specified network ACL.
Parameters
DryRun (boolean)
RuleNumber (integer) The rule number of the entry to delete.
Egress (boolean) Indicates whether the rule is an egress rule.
Return type dict
delete_network_interface(NetworkInterfaceId, DryRun=None)
Deletes the specified network interface. You must detach the network interface before you can delete it.
Parameters
DryRun (boolean)
Return type dict
delete_placement_group(GroupName, DryRun=None)
Deletes the specified placement group. You must terminate all instances in the placement group before
you can delete the placement group. For more information about placement groups and cluster instances,
see Cluster Instances in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
GroupName (string) The name of the placement group.
Return type dict
delete_route(RouteTableId, DestinationCidrBlock, DryRun=None)
Deletes the specified route from the specified route table.
Parameters

DryRun (boolean)
DestinationCidrBlock (string) The CIDR range for the route. The value you specify
must match the CIDR for the route exactly.
Return type dict
delete_route_table(RouteTableId, DryRun=None)
Deletes the specified route table. You must disassociate the route table from any subnets before you can
delete it. You cant delete the main route table.
Parameters
DryRun (boolean)
Return type dict
delete_security_group(DryRun=None, GroupName=None, GroupId=None)
Deletes a security group.
If you attempt to delete a security group that is associated with an instance, or is referenced
by another security group, the operation fails with InvalidGroup.InUse in EC2-Classic or
DependencyViolation in EC2-VPC.
Parameters
DryRun (boolean)
GroupName (string) [EC2-Classic, default VPC] The name of the security group. You
can specify either the security group name or the security group ID.
GroupId (string) The ID of the security group. Required for a nondefault VPC.
Return type dict
delete_snapshot(SnapshotId, DryRun=None)
Deletes the specified snapshot.
When you make periodic snapshots of a volume, the snapshots are incremental, and only the blocks on
the device that have changed since your last snapshot are saved in the new snapshot. When you delete
a snapshot, only the data not needed for any other snapshot is removed. So regardless of which prior
snapshots have been deleted, all active snapshots will have access to all the information needed to restore
the volume.
You cannot delete a snapshot of the root device of an Amazon EBS volume used by a registered AMI. You
must first de-register the AMI before you can delete the snapshot.
For more information, see Deleting an Amazon EBS Snapshot in the Amazon Elastic Compute Cloud User
Guide .
Parameters
DryRun (boolean)
SnapshotId (string) The ID of the Amazon EBS snapshot.
Return type dict
delete_spot_datafeed_subscription(DryRun=None)
Deletes the datafeed for Spot Instances. For more information, see Spot Instances in the Amazon Elastic
2.1. Services 157


Return type dict
delete_subnet(SubnetId, DryRun=None)
Deletes the specified subnet. You must terminate all running instances in the subnet before you can delete
the subnet.
Parameters
DryRun (boolean)
Return type dict
delete_tags(Resources, DryRun=None, Tags=None)
Deletes the specified set of tags from the specified set of resources. This call is designed to follow a
DescribeTags request.
Guide .
Parameters
DryRun (boolean)
Resources (list) The ID of the resource. For example, ami-1a2b3c4d. You can specify
more than one resource ID.
Tags (list) One or more tags to delete. If you omit the value parameter, we delete the
tag regardless of its value. If you specify this parameter with an empty string as the value,
we delete the key only if its value is an empty string.
Return type dict
delete_volume(VolumeId, DryRun=None)
Deletes the specified Amazon EBS volume. The volume must be in the available state (not attached
to an instance).
Note: The volume may remain in the deleting state for several minutes.
For more information, see Deleting an Amazon EBS Volume in the Amazon Elastic Compute Cloud User
Guide .
Parameters
DryRun (boolean)
VolumeId (string) The ID of the volume.
Return type dict
delete_vpc(VpcId, DryRun=None)
Deletes the specified VPC. You must detach or delete all gateways and resources that are associated with
the VPC before you can delete it. For example, you must terminate all instances running in the VPC, delete
all security groups associated with the VPC (except the default one), delete all route tables associated with
the VPC (except the default one), and so on.
Parameters
DryRun (boolean)

Return type dict

delete_vpc_peering_connection(VpcPeeringConnectionId, DryRun=None)
Deletes a VPC peering connection. Either the owner of the requester VPC or the owner of the peer VPC
can delete the VPC peering connection if its in the active state. The owner of the requester VPC can
delete a VPC peering connection in the pending-acceptance state.
Parameters
DryRun (boolean)
Return type dict
delete_vpn_connection(VpnConnectionId, DryRun=None)
Deletes the specified VPN connection.
If youre deleting the VPC and its associated components, we recommend that you detach the virtual
private gateway from the VPC and delete the VPC before deleting the VPN connection. If you believe
that the tunnel credentials for your VPN connection have been compromised, you can delete the VPN
connection and create a new one that has new keys, without needing to delete the VPC or virtual private
gateway. If you create a new VPN connection, you must reconfigure the customer gateway using the new
configuration information returned with the new VPN connection ID.
Parameters
DryRun (boolean)
Return type dict
delete_vpn_connection_route(VpnConnectionId, DestinationCidrBlock)
Deletes the specified static route associated with a VPN connection between an existing virtual private
gateway and a VPN customer gateway. The static route allows traffic to be routed from the virtual private
gateway to the VPN customer gateway.
Parameters
DestinationCidrBlock (string) The CIDR block associated with the local subnet of the
customer network.
Return type dict
delete_vpn_gateway(VpnGatewayId, DryRun=None)
Deletes the specified virtual private gateway. We recommend that before you delete a virtual private
gateway, you detach it from the VPC and delete the VPN connection. Note that you dont need to delete
the virtual private gateway if you plan to delete and recreate the VPN connection between your VPC and
your network.
Parameters
DryRun (boolean)
Return type dict
deregister_image(ImageId, DryRun=None)
Deregisters the specified AMI. After you deregister an AMI, it cant be used to launch new instances.
This command does not delete the AMI.
2.1. Services 159

Parameters
DryRun (boolean)
ImageId (string) The ID of the AMI.
Return type dict
describe_account_attributes(DryRun=None, AttributeNames=None)
Describes the specified attribute of your AWS account.
Parameters
DryRun (boolean)
AttributeNames (list) One or more account attribute names.
Return type dict
describe_addresses(DryRun=None, PublicIps=None, Filters=None, AllocationIds=None)
Describes one or more of your Elastic IP addresses.
Parameters
DryRun (boolean)
PublicIps (list) [EC2-Classic] One or more Elastic IP addresses.
Default: Describes all your Elastic IP addresses.
Filters (list) One or more filters. Filter names and values are case-sensitive.
allocation-id - [EC2-VPC] The allocation ID for the address.
association-id - [EC2-VPC] The association ID for the address.
domain - Indicates whether the address is for use in EC2-Classic (standard ) or in
a VPC (vpc ).
instance-id - The ID of the instance the address is associated with, if any.
network-interface-id - [EC2-VPC] The ID of the network interface that the
address is associated with, if any.
network-interface-owner-id - The AWS account ID of the owner.
private-ip-address - [EC2-VPC] The private IP address associated with the
Elastic IP address.
public-ip - The Elastic IP address.
AllocationIds (list) [EC2-VPC] One or more allocation IDs.
Default: Describes all your Elastic IP addresses.
Return type dict
describe_availability_zones(DryRun=None, ZoneNames=None, Filters=None)
Describes one or more of the Availability Zones that are available to you. The results include zones only
for the region youre currently using. If there is an event impacting an Availability Zone, you can use this
request to view the state and any provided message for that Availability Zone.
For more information, see Regions and Availability Zones in the Amazon Elastic Compute Cloud User
Guide .

Parameters
DryRun (boolean)
ZoneNames (list) The names of one or more Availability Zones.
Filters (list) One or more filters.
message - Information about the Availability Zone.
region-name - The name of the region for the Availability Zone (for example,
us-east-1 ).
state - The state of the Availability Zone (available | impaired |
unavailable ).
zone-name - The name of the Availability Zone (for example, us-east-1a ).
Return type dict
describe_bundle_tasks(DryRun=None, BundleIds=None, Filters=None)
Describes one or more of your bundling tasks.
Note: Completed bundle tasks are listed for only a limited time. If your bundle task is no longer in the
list, you can still register an AMI from it. Just use RegisterImage with the Amazon S3 bucket name
and image manifest name you provided to the bundle task.
Parameters
DryRun (boolean)
BundleIds (list) One or more bundle task IDs.
Default: Describes all your bundle tasks.
bundle-id - The ID of the bundle task.
error-code - If the task failed, the error code returned.
error-message - If the task failed, the error message returned.
instance-id - The ID of the instance.
progress - The level of task completion, as a percentage (for example, 20%).
s3-bucket - The Amazon S3 bucket to store the AMI.
s3-prefix - The beginning of the AMI name.
start-time - The time the task started (for example, 2013-09-15T17:15:20.000Z).
state - The state of the task (pending | waiting-for-shutdown | bundling
| storing | cancelling | complete | failed ).
update-time - The time of the most recent update for the task.
Return type dict
describe_conversion_tasks(DryRun=None, Filters=None, ConversionTaskIds=None)

Describes one or more of your conversion tasks. For more information, see Using the Command Line
Tools to Import Your Virtual Machine to Amazon EC2 in the Amazon Elastic Compute Cloud User Guide
.
Parameters
2.1. Services 161

DryRun (boolean)
Filters (list)
ConversionTaskIds (list) One or more conversion task IDs.
Return type dict
describe_customer_gateways(DryRun=None, CustomerGatewayIds=None, Filters=None)
Describes one or more of your VPN customer gateways.
For more information about VPN customer gateways, see Adding a Hardware Virtual Private Gateway to
Parameters
DryRun (boolean)
CustomerGatewayIds (list) One or more customer gateway IDs.
Default: Describes all your customer gateways.
bgp-asn - The customer gateways Border Gateway Protocol (BGP) Autonomous
System Number (ASN).
customer-gateway-id - The ID of the customer gateway.
ip-address - The IP address of the customer gateways Internet-routable external
interface.
state - The state of the customer gateway (pending | available | deleting |
deleted ).
type - The type of customer gateway. Currently, the only supported type is ipsec.1
.
tag :key =*value* - The key/value combination of a tag assigned to the resource.
tag-key - The key of a tag assigned to the resource. This filter is independent of the
tag-value filter. For example, if you use both the filter tag-key=Purpose and the
filter tag-value=X, you get any resources assigned both the tag key Purpose (regard-
less of what the tags value is), and the tag value X (regardless of what the tags key is).
If you want to list only resources where Purpose is X, see the tag :key =*value* filter.
tag-value - The value of a tag assigned to the resource. This filter is independent of
the tag-key filter.
Return type dict
describe_dhcp_options(DryRun=None, DhcpOptionsIds=None, Filters=None)
Describes one or more of your DHCP options sets.
For more information about DHCP options sets, see DHCP Options Sets in the Amazon Virtual Private
Cloud User Guide .
Parameters
DryRun (boolean)
DhcpOptionsIds (list) The IDs of one or more DHCP options sets.
Default: Describes all your DHCP options sets.

dhcp-options-id - The ID of a set of DHCP options.

key - The key for one of the options (for example, domain-name ).
value - The value for one of the options.
the tag-key filter.
Return type dict
describe_export_tasks(ExportTaskIds=None)
Describes one or more of your export tasks.
Parameters ExportTaskIds (list) One or more export task IDs.
Return type dict
describe_image_attribute(ImageId, Attribute, DryRun=None)
Describes the specified attribute of the specified AMI. You can specify only one attribute at a time.
Parameters
DryRun (boolean)
Attribute (string) The AMI attribute.
Return type dict
describe_images(DryRun=None, ImageIds=None, Owners=None, ExecutableUsers=None, Fil-
ters=None)
Describes one or more of the images (AMIs, AKIs, and ARIs) available to you. Images available to you
include public images, private images that you own, and private images owned by other AWS accounts but
for which you have explicit launch permissions.
Note: Deregistered images are included in the returned results for an unspecified interval after deregistra-
tion.
Parameters
DryRun (boolean)
ImageIds (list) One or more image IDs.
Default: Describes all images available to you.
Owners (list) Filters the images by the owner. Specify an AWS account ID, amazon
(owner is Amazon), aws-marketplace (owner is AWS Marketplace), self (owner is
the sender of the request), or all (all owners).
ExecutableUsers (list) Scopes the images by users with explicit launch permissions.
Specify an AWS account ID, self (the sender of the request), or all (public AMIs).
2.1. Services 163

architecture - The image architecture (i386 | x86_64 ).

block-device-mapping.delete-on-termination - A Boolean value that
indicates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name for the Amazon
EBS volume (for example, /dev/sdh ).
block-device-mapping.snapshot-id - The ID of the snapshot used for the
Amazon EBS volume.
block-device-mapping.volume-size - The volume size of the Amazon EBS
volume, in GiB.
block-device-mapping.volume-type - The volume type of the Amazon EBS
volume (gp2 | standard | io1 ).
description - The description of the image (provided during image creation).
hypervisor - The hypervisor type (ovm | xen ).
image-id - The ID of the image.
image-type - The image type (machine | kernel | ramdisk ).
is-public - A Boolean that indicates whether the image is public.
kernel-id - The kernel ID.
manifest-location - The location of the image manifest.
name - The name of the AMI (provided during image creation).
owner-alias - The AWS account alias (for example, amazon ).
owner-id - The AWS account ID of the image owner.
platform - The platform. To only list Windows-based AMIs, use windows .
product-code - The product code.
product-code.type - The type of the product code (devpay | marketplace ).
ramdisk-id - The RAM disk ID.
root-device-name - The name of the root device volume (for example,
/dev/sda1 ).
root-device-type - The type of the root device volume (ebs |
instance-store ).
state - The state of the image (available | pending | failed ).
state-reason-code - The reason code for the state change.
state-reason-message - The message for the state change.
tag-value filter. For example, if you use both the filter tag-key=Purpose and the filter
tag-value=X, you get any resources assigned both the tag key Purpose (regardless of
what the tags value is), and the tag value X (regardless of what the tags key is). If you
want to list only resources where Purpose is X, see the tag :key =*value* filter.
the tag-key filter.

virtualization-type - The virtualization type (paravirtual | hvm ).

Return type dict
describe_instance_attribute(InstanceId, Attribute, DryRun=None)

Describes the specified attribute of the specified instance. You can specify only one attribute
at a time. Valid attribute values are: instanceType | kernel | ramdisk | userData |
disableApiTermination | instanceInitiatedShutdownBehavior | rootDeviceName
| blockDeviceMapping | productCodes | sourceDestCheck | groupSet | ebsOptimized
| sriovNetSupport
Parameters
DryRun (boolean)
Attribute (string) The instance attribute.
Return type dict
describe_instance_status(DryRun=None, InstanceIds=None, Filters=None, NextTo-
ken=None, MaxResults=None, IncludeAllInstances=None)
Describes the status of one or more instances, including any scheduled events.
Instance status has two main components:
System Status reports impaired functionality that stems from issues related to the systems that support
an instance, such as such as hardware failures and network connectivity problems. This call reports
such problems as impaired reachability.
Instance Status reports impaired functionality that arises from problems internal to the instance. This
call reports such problems as impaired reachability.
Instance status provides information about four types of scheduled events for an instance that may require
your attention:
Scheduled Reboot: When Amazon EC2 determines that an instance must be rebooted, the instances
status returns one of two event codes: system-reboot or instance-reboot . System reboot
commonly occurs if certain maintenance or upgrade operations require a reboot of the underlying host
that supports an instance. Instance reboot commonly occurs if the instance must be rebooted, rather
than the underlying host. Rebooting events include a scheduled start and end time.
System Maintenance: When Amazon EC2 determines that an instance requires maintenance that re-
quires power or network impact, the instance status is the event code system-maintenance .
System maintenance is either power maintenance or network maintenance. For power maintenance,
your instance will be unavailable for a brief period of time and then rebooted. For network mainte-
nance, your instance will experience a brief loss of network connectivity. System maintenance events
include a scheduled start and end time. You will also be notified by email if one of your instances
is set for system maintenance. The email message indicates when your instance is scheduled for
maintenance.
Scheduled Retirement: When Amazon EC2 determines that an instance must be shut down, the in-
stance status is the event code instance-retirement . Retirement commonly occurs when the
underlying host is degraded and must be replaced. Retirement events include a scheduled start and
end time. You will also be notified by email if one of your instances is set to retiring. The email
message indicates when your instance will be permanently retired.
Scheduled Stop: When Amazon EC2 determines that an instance must be shut down, the instances
status returns an event code called instance-stop . Stop events include a scheduled start and end
time. You will also be notified by email if one of your instances is set to stop. The email message
indicates when your instance will be stopped.
2.1. Services 165

When your instance is retired, it will either be terminated (if its root device type is the instance-store) or
stopped (if its root device type is an EBS volume). Instances stopped due to retirement will not be restarted,
but you can do so manually. You can also avoid retirement of EBS-backed instances by manually restarting
your instance when its event code is instance-retirement . This ensures that your instance is started
on a different underlying host.
For more information about failed status checks, see Troubleshooting Instances with Failed Status Checks
in the Amazon Elastic Compute Cloud User Guide . For more information about working with scheduled
events, see Working with an Instance That Has a Scheduled Event in the Amazon Elastic Compute Cloud
User Guide .
Parameters
DryRun (boolean)
Default: Describes all your instances.
Constraints: Maximum 100 explicitly specified instance IDs.
availability-zone - The Availability Zone of the instance.
event.code - The code identifying the type of event (instance-reboot
| system-reboot | system-maintenance | instance-retirement |
instance-stop ).
event.description - A description of the event.
event.not-after - The latest end time for the scheduled event, for example:
2010-09-15T17:15:20.000Z .
event.not-before - The earliest start time for the scheduled event, for example:
2010-09-15T17:15:20.000Z .
instance-state-code - A code representing the state of the instance, as a 16-bit
unsigned integer. The high byte is an opaque internal value and should be ignored. The
low byte is set based on the state represented. The valid values are 0 (pending), 16
(running), 32 (shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).
instance-state-name - The state of the instance (pending | running |
shutting-down | terminated | stopping | stopped ).
instance-status.reachability - Filters on instance status where the name is
reachability (passed | failed | initializing | insufficient-data
).
instance-status.status - The status of the instance (ok | impaired |
initializing | insufficient-data | not-applicable ).
system-status.reachability - Filters on system status where the name is
reachability (passed | failed | initializing | insufficient-data
).
system-status.status - The system status of the instance (ok | impaired |
initializing | insufficient-data | not-applicable ).
NextToken (string) The next paginated set of results to return. (You received this token
from a prior call.)

MaxResults (integer) The maximum number of paginated instance items per response.
The call also returns a token that you can specify in a subsequent call to get the next set of
results. If the value is greater than 1000, we return only 1000 items.
Default: 1000
IncludeAllInstances (boolean) When true , includes the health status for all instances.
When false , includes the health status for running instances only.
Default: false
Return type dict
describe_instances(DryRun=None, InstanceIds=None, Filters=None, NextToken=None, MaxRe-
sults=None)
Describes one or more of your instances.
If you specify one or more instance IDs, Amazon EC2 returns information for those instances. If you do
not specify instance IDs, Amazon EC2 returns information for all relevant instances. If you specify an
instance ID that is not valid, an error is returned. If you specify an instance that you do not own, it is not
included in the returned results.
Recently terminated instances might appear in the returned results. This interval is usually less than one
hour.
Parameters
DryRun (boolean)
Default: Describes all your instances.
architecture - The instance architecture (i386 | x86_64 ).
block-device-mapping.attach-time - The attach time for an Amazon EBS
volume mapped to the instance, for example, 2010-09-15T17:15:20.000Z .
block-device-mapping.delete-on-termination - A Boolean that indi-
cates whether the Amazon EBS volume is deleted on instance termination.
block-device-mapping.device-name - The device name for the Amazon
EBS volume (for example, /dev/sdh ).
block-device-mapping.status - The status for the Amazon EBS volume
(attaching | attached | detaching | detached ).
block-device-mapping.volume-id - The volume ID of the Amazon EBS vol-
ume.
client-token - The idempotency token you provided when you launched the in-
stance.
dns-name - The public DNS name of the instance.
group-id - The ID of the security group for the instance. If the instance is in EC2-
Classic or a default VPC, you can use group-name instead.
group-name - The name of the security group for the instance. If the instance is in a
nondefault VPC, you must use group-id instead.
2.1. Services 167

hypervisor - The hypervisor type of the instance (ovm | xen ).

iam-instance-profile.arn - The instance profile associated with the instance.
Specified as an ARN.
image-id - The ID of the image used to launch the instance.
instance-id - The ID of the instance.
instance-lifecycle - Indicates whether this is a Spot Instance (spot ).
instance-state-code - The state of the instance, as a 16-bit unsigned integer.
The high byte is an opaque internal value and should be ignored. The low byte is set
based on the state represented. The valid values are: 0 (pending), 16 (running), 32
(shutting-down), 48 (terminated), 64 (stopping), and 80 (stopped).
instance-state-name - The state of the instance (pending | running |
shutting-down | terminated | stopping | stopped ).
instance-type - The type of instance (for example, m1.small ).
instance.group-id - The ID of the security group for the instance. If the instance
is in EC2-Classic or a default VPC, you can use instance.group-name instead.
instance.group-name - The name of the security group for the instance. If the
instance is in a nondefault VPC, you must use instance.group-id instead.
ip-address - The public IP address of the instance.
kernel-id - The kernel ID.
key-name - The name of the key pair used when the instance was launched.
launch-index - When launching multiple instances, this is the index for the instance
in the launch group (for example, 0, 1, 2, and so on).
launch-time - The time when the instance was launched.
monitoring-state - Indicates whether monitoring is enabled for the instance
(disabled | enabled ).
owner-id - The AWS account ID of the instance owner.
placement-group-name - The name of the placement group for the instance.
platform - The platform. Use windows if you have Windows instances; otherwise,
leave blank.
private-dns-name - The private DNS name of the instance.
private-ip-address - The private IP address of the instance.
product-code - The product code associated with the AMI used to launch the in-
stance.
product-code.type - The type of product code (devpay | marketplace ).
ramdisk-id - The RAM disk ID.
reason - The reason for the current state of the instance (for example, shows User
Initiated [date] when you stop or terminate the instance). Similar to the state-reason-
code filter.
requester-id - The ID of the entity that launched the instance on your behalf (for
example, AWS Management Console, Auto Scaling, and so on).

reservation-id - The ID of the instances reservation. A reservation ID is created

any time you launch an instance. A reservation ID has a one-to-one relationship with
an instance launch request, but can be associated with more than one instance if you
launch multiple instances using the same launch request. For example, if you launch
one instance, youll get one reservation ID. If you launch ten instances using the same
launch request, youll also get one reservation ID.
root-device-name - The name of the root device for the instance (for example,
/dev/sda1 ).
root-device-type - The type of root device that the instance uses (ebs |
instance-store ).
source-dest-check - Indicates whether the instance performs source/destination
checking. A value of true means that checking is enabled, and false means check-
ing is disabled. The value must be false for the instance to perform network address
translation (NAT) in your VPC.
spot-instance-request-id - The ID of the Spot Instance request.
state-reason-code - The reason code for the state change.
state-reason-message - A message that describes the state change.
subnet-id - The ID of the subnet for the instance.
tag :key =*value* - The key/value combination of a tag assigned to the resource, where
tag :key is the tags key.
the tag-key filter.
tenancy - The tenancy of an instance (dedicated | default ).
virtualization-type - The virtualization type of the instance (paravirtual
| hvm ).
vpc-id - The ID of the VPC that the instance is running in.
network-interface.description - The description of the network interface.
network-interface.subnet-id - The ID of the subnet for the network inter-
face.
network-interface.vpc-id - The ID of the VPC for the network interface.
network-interface.network-interface.id - The ID of the network inter-
face.
network-interface.owner-id - The ID of the owner of the network interface.
network-interface.availability-zone - The Availability Zone for the
network interface.
network-interface.requester-id - The requester ID for the network inter-
face.
2.1. Services 169

network-interface.requester-managed - Indicates whether the network

interface is being managed by AWS.
network-interface.status - The status of the network interface (available
) | in-use ).
network-interface.mac-address - The MAC address of the network inter-
face.
network-interface-private-dns-name - The private DNS name of the net-
work interface.
network-interface.source-destination-check - Whether the network
interface performs source/destination checking. A value of true means checking is
enabled, and false means checking is disabled. The value must be false for the
network interface to perform network address translation (NAT) in your VPC.
network-interface.group-id - The ID of a security group associated with the
network interface.
network-interface.group-name - The name of a security group associated
with the network interface.
network-interface.attachment.attachment-id - The ID of the interface
attachment.
network-interface.attachment.instance-id - The ID of the instance to
which the network interface is attached.
network-interface.attachment.instance-owner-id - The owner ID of
the instance to which the network interface is attached.
network-interface.addresses.private-ip-address - The private IP
address associated with the network interface.
network-interface.attachment.device-index - The device index to
which the network interface is attached.
network-interface.attachment.status - The status of the attachment
(attaching | attached | detaching | detached ).
network-interface.attachment.attach-time - The time that the network
interface was attached to an instance.
network-interface.attachment.delete-on-termination - Specifies
whether the attachment is deleted when an instance is terminated.
network-interface.addresses.primary - Specifies whether the IP address
of the network interface is the primary private IP address.
network-interface.addresses.association.public-ip - The ID of
the association of an Elastic IP address with a network interface.
network-interface.addresses.association.ip-owner-id - The
owner ID of the private IP address associated with the network interface.
association.public-ip - The address of the Elastic IP address bound to the
network interface.
association.ip-owner-id - The owner of the Elastic IP address associated with
the network interface.
association.allocation-id - The allocation ID returned when you allocated
the Elastic IP address for your network interface.

association.association-id - The association ID returned when the network

interface was associated with an IP address.
token from a prior call.)
MaxResults (integer) The maximum number of items to return for this call. The call
also returns a token that you can specify in a subsequent call to get the next set of results.
If the value is greater than 1000, we return only 1000 items.
Return type dict
describe_internet_gateways(DryRun=None, InternetGatewayIds=None, Filters=None)
Describes one or more of your Internet gateways.
Parameters
DryRun (boolean)
InternetGatewayIds (list) One or more Internet gateway IDs.
Default: Describes all your Internet gateways.
attachment.state - The current state of the attachment between the gateway and
the VPC (available ). Present only if a VPC is attached.
attachment.vpc-id - The ID of an attached VPC.
internet-gateway-id - The ID of the Internet gateway.
the tag-key filter.
Return type dict
describe_key_pairs(DryRun=None, KeyNames=None, Filters=None)
Describes one or more of your key pairs.
Parameters
DryRun (boolean)
KeyNames (list) One or more key pair names.
Default: Describes all your key pairs.
fingerprint - The fingerprint of the key pair.
key-name - The name of the key pair.
Return type dict
2.1. Services 171

describe_network_acls(DryRun=None, NetworkAclIds=None, Filters=None)

Describes one or more of your network ACLs.
Guide .
Parameters
DryRun (boolean)
NetworkAclIds (list) One or more network ACL IDs.
Default: Describes all your network ACLs.
association.association-id - The ID of an association ID for the ACL.
association.network-acl-id - The ID of the network ACL involved in the
association.
association.subnet-id - The ID of the subnet involved in the association.
default - Indicates whether the ACL is the default network ACL for the VPC.
entry.cidr - The CIDR range specified in the entry.
entry.egress - Indicates whether the entry applies to egress traffic.
entry.icmp.code - The ICMP code specified in the entry, if any.
entry.icmp.type - The ICMP type specified in the entry, if any.
entry.port-range.from - The start of the port range specified in the entry.
entry.port-range.to - The end of the port range specified in the entry.
entry.protocol - The protocol specified in the entry (tcp | udp | icmp or a
protocol number).
entry.rule-action - Allows or denies the matching traffic (allow | deny ).
entry.rule-number - The number of an entry (in other words, rule) in the ACLs
set of entries.
network-acl-id - The ID of the network ACL.
the tag-key filter.
vpc-id - The ID of the VPC for the network ACL.
Return type dict
describe_network_interface_attribute(NetworkInterfaceId, DryRun=None, At-
tribute=None)
Describes a network interface attribute. You can specify only one attribute at a time.
Parameters

DryRun (boolean)
Attribute (string) The attribute of the network interface.
Return type dict
describe_network_interfaces(DryRun=None, NetworkInterfaceIds=None, Filters=None)
Describes one or more of your network interfaces.
Parameters
DryRun (boolean)
NetworkInterfaceIds (list) One or more network interface IDs.
Default: Describes all your network interfaces.
addresses.private-ip-address - The private IP addresses associated with the
network interface.
addresses.primary - Whether the private IP address is the primary IP address
associated with the network interface.
addresses.association.public-ip - The association ID returned when the
network interface was associated with the Elastic IP address.
addresses.association.owner-id - The owner ID of the addresses associ-
ated with the network interface.
association.association-id - The association ID returned when the network
interface was associated with an IP address.
association.allocation-id - The allocation ID returned when you allocated
the Elastic IP address for your network interface.
association.ip-owner-id - The owner of the Elastic IP address associated with
association.public-ip - The address of the Elastic IP address bound to the
network interface.
association.public-dns-name - The public DNS name for the network inter-
face.
attachment.attachment-id - The ID of the interface attachment.
attachment.instance-id - The ID of the instance to which the network interface
is attached.
attachment.instance-owner-id - The owner ID of the instance to which the
network interface is attached.
attachment.device-index - The device index to which the network interface is
attached.
attachment.status - The status of the attachment (attaching | attached |
detaching | detached ).
attachment.attach.time - The time that the network interface was attached to
an instance.
2.1. Services 173

attachment.delete-on-termination - Indicates whether the attachment is

deleted when an instance is terminated.
availability-zone - The Availability Zone of the network interface.
description - The description of the network interface.
group-id - The ID of a security group associated with the network interface.
group-name - The name of a security group associated with the network interface.
mac-address - The MAC address of the network interface.
network-interface-id - The ID of the network interface.
owner-id - The AWS account ID of the network interface owner.
private-ip-address - The private IP address or addresses of the network inter-
face.
private-dns-name - The private DNS name of the network interface.
requester-id - The ID of the entity that launched the instance on your behalf (for
example, AWS Management Console, Auto Scaling, and so on).
requester-managed - Indicates whether the network interface is being managed
by an AWS service (for example, AWS Management Console, Auto Scaling, and so
on).
source-desk-check - Indicates whether the network interface performs
source/destination checking. A value of true means checking is enabled, and false
means checking is disabled. The value must be false for the network interface to
perform Network Address Translation (NAT) in your VPC.
status - The status of the network interface. If the network interface is not attached to
an instance, the status is available ; if a network interface is attached to an instance
the status is in-use .
subnet-id - The ID of the subnet for the network interface.
the tag-key filter.
vpc-id - The ID of the VPC for the network interface.
Return type dict
describe_placement_groups(DryRun=None, GroupNames=None, Filters=None)
Describes one or more of your placement groups. For more information about placement groups and
cluster instances, see Cluster Instances in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
GroupNames (list) One or more placement group names.
Default: Describes all your placement groups, or only those otherwise specified.


group-name - The name of the placement group.
state - The state of the placement group (pending | available | deleting |
deleted ).
strategy - The strategy of the placement group (cluster ).
Return type dict
describe_regions(DryRun=None, RegionNames=None, Filters=None)
Describes one or more regions that are currently available to you.
For a list of the regions supported by Amazon EC2, see Regions and Endpoints .
Parameters
DryRun (boolean)
RegionNames (list) The names of one or more regions.
endpoint - The endpoint of the region (for example,
ec2.us-east-1.amazonaws.com ).
region-name - The name of the region (for example, us-east-1 ).
Return type dict
describe_reserved_instances(DryRun=None, ReservedInstancesIds=None, Filters=None,
OfferingType=None)
Describes one or more of the Reserved Instances that you purchased.
For more information about Reserved Instances, see Reserved Instances in the Amazon Elastic Compute
Cloud User Guide .
Parameters
DryRun (boolean)
ReservedInstancesIds (list) One or more Reserved Instance IDs.
Default: Describes all your Reserved Instances, or only those otherwise specified.
availability-zone - The Availability Zone where the Reserved Instance can be
used.
duration - The duration of the Reserved Instance (one year or three years), in seconds
(31536000 | 94608000 ).
end - The time when the Reserved Instance expires (for example, 2014-08-
07T11:54:42.000Z).
fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).
instance-type - The instance type on which the Reserved Instance can be used.
product-description - The product description of the Reserved In-
stance (Linux/UNIX | Linux/UNIX (Amazon VPC) | Windows | Windows
(Amazon VPC) ).
reserved-instances-id - The ID of the Reserved Instance.
2.1. Services 175

start - The time at which the Reserved Instance purchase request was placed (for
example, 2014-08-07T11:54:42.000Z).
state - The state of the Reserved Instance (pending-payment | active |
payment-failed | retired ).
the tag-key filter.
usage-price - The usage price of the Reserved Instance, per hour (for example,
0.84).
OfferingType (string) The Reserved Instance offering type. If you are using
tools that predate the 2011-11-01 API version, you only have access to the Medium
Utilization Reserved Instance offering type.
Return type dict
describe_reserved_instances_listings(ReservedInstancesId=None, ReservedInstances-
ListingId=None, Filters=None)
Describes your accounts Reserved Instance listings in the Reserved Instance Marketplace.
The Reserved Instance Marketplace matches sellers who want to resell Reserved Instance capacity that
they no longer need with buyers who want to purchase additional capacity. Reserved Instances bought and
sold through the Reserved Instance Marketplace work like any other Reserved Instances.
As a seller, you choose to list some or all of your Reserved Instances, and you specify the upfront price
to receive for them. Your Reserved Instances are then listed in the Reserved Instance Marketplace and are
available for purchase.
As a buyer, you specify the configuration of the Reserved Instance to purchase, and the Marketplace
matches what youre searching for with whats available. The Marketplace first sells the lowest priced
Reserved Instances to you, and continues to sell available Reserved Instance listings to you until your
demand is met. You are charged based on the total price of all of the listings that you purchase.
Guide .
Parameters
ReservedInstancesId (string) One or more Reserved Instance IDs.
ReservedInstancesListingId (string) One or more Reserved Instance Listing IDs.
reserved-instances-id - The ID of the Reserved Instances.
reserved-instances-listing-id - The ID of the Reserved Instances listing.
status - The status of the Reserved Instance listing (pending | active |
cancelled | closed ).
status-message - The reason for the status.
Return type dict

describe_reserved_instances_modifications(ReservedInstancesModificationIds=None,
NextToken=None, Filters=None)
Describes the modifications made to your Reserved Instances. If no parameter is specified, information
about all your Reserved Instances modification requests is returned. If a modification ID is specified, only
information about the specific modification is returned.
For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User
Guide.
Parameters
ReservedInstancesModificationIds (list) IDs for the submitted modification request.
NextToken (string) The token for the next page of data.
client-token - The idempotency token for the modification request.
create-date - The time when the modification request was created.
effective-date - The time when the modification becomes effective.
modification-result.reserved-instances-id - The ID for the Reserved
Instances created as part of the modification request. This ID is only available when the
status of the modification is fulfilled .
modification-result.target-configuration.availability-zone
- The Availability Zone for the new Reserved Instances.
modification-result.target-configuration.instance-count -
The number of new Reserved Instances.
modification-result.target-configuration.instance-type - The
instance type of the new Reserved Instances.
modification-result.target-configuration.platform - The net-
work platform of the new Reserved Instances (EC2-Classic | EC2-VPC ).
reserved-instances-id - The ID of the Reserved Instances modified.
reserved-instances-modification-id - The ID of the modification re-
quest.
status - The status of the Reserved Instances modification request (processing |
fulfilled | failed ).
status-message - The reason for the status.
update-date - The time when the modification request was last updated.
Return type dict
describe_reserved_instances_offerings(DryRun=None, ReservedInstancesOf-
feringIds=None, InstanceType=None, Avail-
abilityZone=None, ProductDescription=None,
Filters=None, InstanceTenancy=None, Offer-
ingType=None, NextToken=None, MaxRe-
sults=None, IncludeMarketplace=None,
MinDuration=None, MaxDuration=None,
MaxInstanceCount=None)
Describes Reserved Instance offerings that are available for purchase. With Reserved Instances, you pur-
chase the right to launch instances for a period of time. During that time period, you do not receive
2.1. Services 177

insufficient capacity errors, and you pay a lower usage rate than the rate charged for On-Demand instances
for the actual time used.
Guide .
Parameters
DryRun (boolean)
ReservedInstancesOfferingIds (list) One or more Reserved Instances offering IDs.
InstanceType (string) The instance type on which the Reserved Instance can be used.
For more information, see Instance Types in the Amazon Elastic Compute Cloud User
Guide .
AvailabilityZone (string) The Availability Zone in which the Reserved Instance can be
used.
ProductDescription (string) The Reserved Instance description. Instances that include
(Amazon VPC) in the description are for use with Amazon VPC.
availability-zone - The Availability Zone where the Reserved Instance can be
used.
duration - The duration of the Reserved Instance (for example, one year or three
years), in seconds (31536000 | 94608000 ).
fixed-price - The purchase price of the Reserved Instance (for example, 9800.0).
instance-type - The instance type on which the Reserved Instance can be used.
marketplace - Set to true to show only Reserved Instance Marketplace offerings.
When this filter is not used, which is the default behavior, all offerings from AWS and
Reserved Instance Marketplace are listed.
product-description - The description of the Reserved Instance (Linux/UNIX
| Linux/UNIX (Amazon VPC) | Windows | Windows (Amazon VPC) ).
reserved-instances-offering-id - The Reserved Instances offering ID.
usage-price - The usage price of the Reserved Instance, per hour (for example,
0.84).
InstanceTenancy (string) The tenancy of the Reserved Instance offering. A Reserved
Instance with dedicated tenancy runs on single-tenant hardware and can only be
launched within a VPC.
Default: default
OfferingType (string) The Reserved Instance offering type. If you are using
tools that predate the 2011-11-01 API version, you only have access to the Medium
Utilization Reserved Instance offering type.
NextToken (string) The token to use when requesting the next paginated set of offerings.
MaxResults (integer) The maximum number of offerings to return. The maximum is
100.
Default: 100
IncludeMarketplace (boolean) Include Marketplace offerings in the response.

MinDuration (integer) The minimum duration (in seconds) to filter when searching for
offerings.
Default: 2592000 (1 month)
MaxDuration (integer) The maximum duration (in seconds) to filter when searching for
offerings.
Default: 94608000 (3 years)
MaxInstanceCount (integer) The maximum number of instances to filter when search-
ing for offerings.
Default: 20
Return type dict
describe_route_tables(DryRun=None, RouteTableIds=None, Filters=None)
Describes one or more of your route tables.
.
Parameters
DryRun (boolean)
RouteTableIds (list) One or more route table IDs.
Default: Describes all your route tables.
association.route-table-association-id - The ID of an association ID
for the route table.
association.route-table-id - The ID of the route table involved in the asso-
ciation.
association.subnet-id - The ID of the subnet involved in the association.
association.main - Indicates whether the route table is the main route table for
the VPC.
route-table-id - The ID of the route table.
route.destination-cidr-block - The CIDR range specified in a route in the
table.
route.gateway-id - The ID of a gateway specified in a route in the table.
route.instance-id - The ID of an instance specified in a route in the table.
route.origin - Describes how the route was created. CreateRouteTable
indicates that the route was automatically created when the route table was cre-
ated; CreateRoute indicates that the route was manually added to the route table;
EnableVgwRoutePropagation indicates that the route was propagated by route
propagation.
route.state - The state of a route in the route table (active | blackhole ). The
blackhole state indicates that the routes target isnt available (for example, the specified
gateway isnt attached to the VPC, the specified NAT instance has been terminated, and
so on).
route.vpc-peering-connection-id - The ID of a VPC peering connection
specified in a route in the table.
2.1. Services 179

the tag-key filter.
vpc-id - The ID of the VPC for the route table.
Return type dict
describe_security_groups(DryRun=None, GroupNames=None, GroupIds=None, Fil-
ters=None)
Describes one or more of your security groups.
A security group is for use with instances either in the EC2-Classic platform or in a specific VPC. For
more information, see Amazon EC2 Security Groups in the Amazon Elastic Compute Cloud User Guide
and Security Groups for Your VPC in the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
GroupNames (list) [EC2-Classic, default VPC] One or more security group names. You
Default: Describes all your security groups.
GroupIds (list) One or more security group IDs. Required for nondefault VPCs.
Default: Describes all your security groups.
description - The description of the security group.
group-id - The ID of the security group.
group-name - The name of the security group.
ip-permission.cidr - A CIDR range that has been granted permission.
ip-permission.from-port - The start of port range for the TCP and UDP pro-
tocols, or an ICMP type number.
ip-permission.group-id - The ID of a security group that has been granted
permission.
ip-permission.group-name - The name of a security group that has been
granted permission.
ip-permission.protocol - The IP protocol for the permission (tcp | udp |
icmp or a protocol number).
ip-permission.to-port - The end of port range for the TCP and UDP protocols,
or an ICMP code.
ip-permission.user-id - The ID of an AWS account that has been granted per-
mission.
owner-id - The AWS account ID of the owner of the security group.
tag-key - The key of a tag assigned to the security group.

tag-value - The value of a tag assigned to the security group.

vpc-id - The ID of the VPC specified when the security group was created.
Return type dict
describe_snapshot_attribute(SnapshotId, Attribute, DryRun=None)
Describes the specified attribute of the specified snapshot. You can specify only one attribute at a time.
For more information about Amazon EBS snapshots, see Amazon EBS Snapshots in the Amazon Elastic
Parameters
DryRun (boolean)
SnapshotId (string) The ID of the Amazon EBS snapshot.
Attribute (string) The snapshot attribute you would like to view.
Return type dict
describe_snapshots(DryRun=None, SnapshotIds=None, OwnerIds=None, Restorable-
ByUserIds=None, Filters=None)
Describes one or more of the Amazon EBS snapshots available to you. Available snapshots include public
snapshots available for any AWS account to launch, private snapshots that you own, and private snapshots
owned by another AWS account but for which youve been given explicit create volume permissions.
The create volume permissions fall into the following categories:
public : The owner of the snapshot granted create volume permissions for the snapshot to the all
group. All AWS accounts have create volume permissions for these snapshots.
explicit : The owner of the snapshot granted create volume permissions to a specific AWS account.
implicit : An AWS account has implicit create volume permissions for all snapshots it owns.
The list of snapshots returned can be modified by specifying snapshot IDs, snapshot owners, or AWS
accounts with create volume permissions. If no options are specified, Amazon EC2 returns all snapshots
for which you have create volume permissions.
If you specify one or more snapshot IDs, only snapshots that have the specified IDs are returned. If you
specify an invalid snapshot ID, an error is returned. If you specify a snapshot ID for which you do not have
access, it is not included in the returned results.
If you specify one or more snapshot owners, only snapshots from the specified owners and for which you
have access are returned. The results can include the AWS account IDs of the specified owners, amazon
for snapshots owned by Amazon, or self for snapshots that you own.
If you specify a list of restorable users, only snapshots with create snapshot permissions for those users
are returned. You can specify AWS account IDs (if you own the snapshots), self for snapshots for which
you own or have explicit permissions, or all for public snapshots.
For more information about Amazon EBS snapshots, see Amazon EBS Snapshots in the Amazon Elastic
Parameters
DryRun (boolean)
SnapshotIds (list) One or more snapshot IDs.
Default: Describes snapshots for which you have launch permissions.
OwnerIds (list) Returns the snapshots owned by the specified owner. Multiple owners
can be specified.
2.1. Services 181

RestorableByUserIds (list) One or more AWS accounts IDs that can create volumes
from the snapshot.
description - A description of the snapshot.
owner-alias - The AWS account alias (for example, amazon ) that owns the snap-
shot.
owner-id - The ID of the AWS account that owns the snapshot.
progress - The progress of the snapshot, as a percentage (for example, 80%).
snapshot-id - The snapshot ID.
start-time - The time stamp when the snapshot was initiated.
status - The status of the snapshot (pending | completed | error ).
the tag-key filter.
volume-id - The ID of the volume the snapshot is for.
volume-size - The size of the volume, in GiB.
Return type dict
describe_spot_datafeed_subscription(DryRun=None)
Describes the datafeed for Spot Instances. For more information, see Spot Instances in the Amazon Elastic
Return type dict
describe_spot_instance_requests(DryRun=None, SpotInstanceRequestIds=None, Fil-
ters=None)
Describes the Spot Instance requests that belong to your account. Spot Instances are instances that Amazon
EC2 starts on your behalf when the maximum price that you specify exceeds the current Spot Price.
Amazon EC2 periodically sets the Spot Price based on available Spot Instance capacity and current Spot
Instance requests. For more information about Spot Instances, see Spot Instances in the Amazon Elastic
You can use DescribeSpotInstanceRequests to find a running Spot Instance by examining the
response. If the status of the Spot Instance is fulfilled , the instance ID appears in the response and
contains the identifier of the instance. Alternatively, you can use DescribeInstances with a filter to look for
instances where the instance lifecycle is spot .
Parameters
DryRun (boolean)
SpotInstanceRequestIds (list) One or more Spot Instance request IDs.

availability-zone-group - The Availability Zone group.

create-time - The time stamp when the Spot Instance request was created.
fault-code - The fault code related to the request.
fault-message - The fault message related to the request.
instance-id - The ID of the instance that fulfilled the request.
launch-group - The Spot Instance launch group.
launch.block-device-mapping.delete-on-termination - Indicates
whether the Amazon EBS volume is deleted on instance termination.
launch.block-device-mapping.device-name - The device name for the
Amazon EBS volume (for example, /dev/sdh ).
launch.block-device-mapping.snapshot-id - The ID of the snapshot
used for the Amazon EBS volume.
launch.block-device-mapping.volume-size - The size of the Amazon
EBS volume, in GiB.
launch.block-device-mapping.volume-type - The type of the Amazon
EBS volume (gp2 | standard | io1 ).
launch.group-id - The security group for the instance.
launch.image-id - The ID of the AMI.
launch.instance-type - The type of instance (for example, m1.small ).
launch.kernel-id - The kernel ID.
launch.key-name - The name of the key pair the instance launched with.
launch.monitoring-enabled - Whether monitoring is enabled for the Spot In-
stance.
launch.ramdisk-id - The RAM disk ID.
network-interface.network-interface-id - The ID of the network inter-
face.
network-interface.device-index - The index of the device for the network
interface attachment on the instance.
network-interface.subnet-id - The ID of the subnet for the instance.
network-interface.description - A description of the network interface.
network-interface.private-ip-address - The primary private IP address
of the network interface.
network-interface.delete-on-termination - Indicates whether the net-
work interface is deleted when the instance is terminated.
network-interface.group-id - The ID of the security group associated with
network-interface.group-name - The name of the security group associated
with the network interface.
network-interface.addresses.primary - Indicates whether the IP address
is the primary private IP address.
2.1. Services 183

product-description - The product description associated with the instance

(Linux/UNIX | Windows ).
spot-instance-request-id - The Spot Instance request ID.
spot-price - The maximum hourly price for any Spot Instance launched to fulfill
the request.
state - The state of the Spot Instance request (open | active | closed |
cancelled | failed ). Spot bid status information can help you track your Ama-
zon EC2 Spot Instance requests. For information, see Tracking Spot Requests with Bid
Status Codes in the Amazon Elastic Compute Cloud User Guide.
status-code - The short code describing the most recent evaluation of your Spot
Instance request.
status-message - The message explaining the status of the Spot Instance request.
the tag-key filter.
type - The type of Spot Instance request (one-time | persistent ).
launched-availability-zone - The Availability Zone in which the bid is
launched.
valid-from - The start date of the request.
valid-until - The end date of the request.
Return type dict
describe_spot_price_history(DryRun=None, StartTime=None, EndTime=None, Instance-
Types=None, ProductDescriptions=None, Filters=None, Avail-
abilityZone=None, MaxResults=None, NextToken=None)
Describes the Spot Price history. Spot Instances are instances that Amazon EC2 starts on your behalf
when the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets
the Spot Price based on available Spot Instance capacity and current Spot Instance requests. For more
information about Spot Instances, see Spot Instances in the Amazon Elastic Compute Cloud User Guide .
When you specify an Availability Zone, this operation describes the price history for the specified Avail-
ability Zone with the most recent set of prices listed first. If you dont specify an Availability Zone, you
get the prices across all Availability Zones, starting with the most recent set. However, if youre using
an API version earlier than 2011-05-15, you get the lowest price across the region for the specified time
period. The prices returned are listed in chronological order, from the oldest to the most recent.
When you specify the start and end time options, this operation returns two pieces of data: the prices of
the instance types within the time range that you specified and the time when the price changed. The price
is valid within the time period that you specified; the response merely indicates the last time that the price
changed.
Parameters
DryRun (boolean)

StartTime (datetime) The start date and time of the Spot Price history data.
EndTime (datetime) The end date and time of the Spot Price history data.
InstanceTypes (list) One or more instance types.
ProductDescriptions (list) One or more basic product descriptions.
availability-zone - The Availability Zone for which prices should be returned.
instance-type - The type of instance (for example, m1.small ).
product-description - The product description for the Spot Price
(Linux/UNIX | SUSE Linux | Windows | Linux/UNIX (Amazon VPC)
| SUSE Linux (Amazon VPC) | Windows (Amazon VPC) ).
spot-price - The Spot Price. The value must match exactly (or use wildcards;
greater than or less than comparison is not supported).
timestamp - The timestamp of the Spot Price history (for example, 2010-08-
16T05:06:11.000Z). You can use wildcards (* and ?). Greater than or less than compar-
ison is not supported.
AvailabilityZone (string) The Availability Zone.
MaxResults (integer) The number of rows to return.
NextToken (string) The next set of rows to return.
Return type dict
describe_subnets(DryRun=None, SubnetIds=None, Filters=None)
Describes one or more of your subnets.
For more information about subnets, see Your VPC and Subnets in the Amazon Virtual Private Cloud User
Guide .
Parameters
DryRun (boolean)
SubnetIds (list) One or more subnet IDs.
Default: Describes all your subnets.
availabilityZone - The Availability Zone for the subnet. You can also use
availability-zone as the filter name.
available-ip-address-count - The number of IP addresses in the subnet that
are available.
cidrBlock - The CIDR block of the subnet. The CIDR block you specify must
exactly match the subnets CIDR block for information to be returned for the subnet.
You can also use cidr or cidr-block as the filter names.
defaultForAz - Indicates whether this is the default subnet for the Availability Zone.
You can also use default-for-az as the filter name.
state - The state of the subnet (pending | available ).
subnet-id - The ID of the subnet.
2.1. Services 185

the tag-key filter.
vpc-id - The ID of the VPC for the subnet.
Return type dict
describe_tags(DryRun=None, Filters=None, MaxResults=None, NextToken=None)
Describes one or more of the tags for your EC2 resources.
Guide .
Parameters
DryRun (boolean)
key - The tag key.
resource-id - The resource ID.
resource-type - The resource type (customer-gateway | dhcp-options
| image | instance | internet-gateway | network-acl |
network-interface | reserved-instances | route-table |
security-group | snapshot | spot-instances-request | subnet |
volume | vpc | vpn-connection | vpn-gateway ).
value - The tag value.
MaxResults (integer) The maximum number of items to return for this call. The call
also returns a token that you can specify in a subsequent call to get the next set of results.
If the value is greater than 1000, we return only 1000 items.
token from a prior call.)
Return type dict
describe_volume_attribute(VolumeId, DryRun=None, Attribute=None)
Describes the specified attribute of the specified volume. You can specify only one attribute at a time.
For more information about Amazon EBS volumes, see Amazon EBS Volumes in the Amazon Elastic
Parameters
DryRun (boolean)
Return type dict

describe_volume_status(DryRun=None, VolumeIds=None, Filters=None, NextToken=None,

MaxResults=None)
Describes the status of the specified volumes. Volume status provides the result of the checks performed on
your volumes to determine events that can impair the performance of your volumes. The performance of a
volume can be affected if an issue occurs on the volumes underlying host. If the volumes underlying host
experiences a power outage or system issue, after the system is restored, there could be data inconsistencies
on the volume. Volume events notify you if this occurs. Volume actions notify you if any action needs to
be taken in response to the event.
The DescribeVolumeStatus operation provides the following information about the specified vol-
umes:
Status : Reflects the current status of the volume. The possible values are ok , impaired , warning ,
or insufficient-data . If all checks pass, the overall status of the volume is ok . If the check fails,
the overall status is impaired . If the status is insufficient-data , then the checks may still be
taking place on your volume at the time. We recommend that you retry the request. For more information
on volume status, see Monitoring the Status of Your Volumes .
Events : Reflect the cause of a volume status and may require you to take action. For
example, if your volume returns an impaired status, then the volume event might be
potential-data-inconsistency . This means that your volume has been affected by an issue
with the underlying host, has all I/O operations disabled, and may have inconsistent data.
Actions : Reflect the actions you may have to take in response to an event. For example, if the status of the
volume is impaired and the volume event shows potential-data-inconsistency , then the
action shows enable-volume-io . This means that you may want to enable the I/O operations for the
volume by calling the EnableVolumeIO action and then check the volume for data consistency.
Note: Volume status is based on the volume status checks, and does not reflect the volume state. There-
fore, volume status does not indicate volumes in the error state (for example, when a volume is incapable
of accepting I/O.)

Parameters
DryRun (boolean)
VolumeIds (list) One or more volume IDs.
Default: Describes all your volumes.
action.code - The action code for the event (for example, enable-volume-io
).
action.description - A description of the action.
action.event-id - The event ID associated with the action.
event.event-id - The event ID.
event.event-type - The event type (for io-enabled : passed |
failed ; for io-performance : io-performance:degraded |
io-performance:severely-degraded | io-performance:stalled
).
event.not-after - The latest end time for the event.
2.1. Services 187

event.not-before - The earliest start time for the event.

volume-status.details-name - The cause for volume-status.status
(io-enabled | io-performance ).
volume-status.details-status - The status of
volume-status.details-name (for io-enabled : passed | failed
; for io-performance : normal | degraded | severely-degraded |
stalled ).
volume-status.status - The status of the volume (ok | impaired | warning
| insufficient-data ).
NextToken (string) The next paginated set of results to return using the pagination token
returned by a previous call.
MaxResults (integer) The maximum number of paginated volume items per response.
Return type dict
describe_volumes(DryRun=None, VolumeIds=None, Filters=None, NextToken=None, MaxRe-
sults=None)
Describes the specified Amazon EBS volumes.
If you are describing a long list of volumes, you can paginate the output to make the list more manage-
able. The MaxResults parameter sets the maximum number of results returned in a single page. If
the list of results exceeds your MaxResults value, then that number of results is returned along with
a NextToken value that can be passed to a subsequent DescribeVolumes request to retrieve the
remaining results.
For more information about Amazon EBS volumes, see Amazon EBS Volumes in the Amazon Elastic
Parameters
DryRun (boolean)
attachment.attach-time - The time stamp when the attachment initiated.
attachment.delete-on-termination - Whether the volume is deleted on in-
stance termination.
attachment.device - The device name that is exposed to the instance (for exam-
ple, /dev/sda1 ).
attachment.instance-id - The ID of the instance the volume is attached to.
attachment.status - The attachment state (attaching | attached |
detaching | detached ).
availability-zone - The Availability Zone in which the volume was created.
create-time - The time stamp when the volume was created.
encrypted - The encryption status of the volume.
size - The size of the volume, in GiB.
snapshot-id - The snapshot from which the volume was created.
status - The status of the volume (creating | available | in-use | deleting
| deleted | error ).

the tag-key filter.
volume-id - The volume ID.
volume-type - The Amazon EBS volume type. This can be gp2 for General Purpose
(SSD) volumes, io1 for Provisioned IOPS (SSD) volumes, or standard for Magnetic
volumes.
NextToken (string) The NextToken value returned from a previous paginated
DescribeVolumes request where MaxResults was used and the results exceeded
the value of that parameter. Pagination continues from the end of the previous results that
returned the NextToken value. This value is null when there are no more results to
return.
MaxResults (integer) The maximum number of volume results returned
by DescribeVolumes in paginated output. When this parameter is used,
DescribeVolumes only returns MaxResults results in a single page along
with a NextToken response element. The remaining results of the initial request can be
seen by sending another DescribeVolumes request with the returned NextToken
value. This value can be between 5 and 1000; if MaxResults is given a value
larger than 1000, only 1000 results are returned. If this parameter is not used, then
DescribeVolumes returns all results.
Return type dict
describe_vpc_attribute(VpcId, DryRun=None, Attribute=None)
Describes the specified attribute of the specified VPC. You can specify only one attribute at a time.
Parameters
DryRun (boolean)
Attribute (string) The VPC attribute.
Return type dict
describe_vpc_peering_connections(DryRun=None, VpcPeeringConnectionIds=None, Fil-
ters=None)
Describes one or more of your VPC peering connections.
Parameters
DryRun (boolean)
VpcPeeringConnectionIds (list) One or more VPC peering connection IDs.
Default: Describes all your VPC peering connections.
accepter-vpc-info.cidr-block - The CIDR block of the peer VPC.
accepter-vpc-info.owner-id - The AWS account ID of the owner of the peer
VPC.
2.1. Services 189

accepter-vpc-info.vpc-id - The ID of the peer VPC.

expiration-time - The expiration date and time for the VPC peering connection.
requester-vpc-info.cidr-block - The CIDR block of the requesters VPC.
requester-vpc-info.owner-id - The AWS account ID of the owner of the
requester VPC.
requester-vpc-info.vpc-id - The ID of the requester VPC.
status-code - The status of the VPC peering connection
(pending-acceptance | failed | expired | provisioning | active
| deleted | rejected ).
status-message - A message that provides more information about the status of
the VPC peering connection, if applicable.
the tag-key filter.
vpc-peering-connection-id - The ID of the VPC peering connection.
Return type dict
describe_vpcs(DryRun=None, VpcIds=None, Filters=None)
Describes one or more of your VPCs.
Parameters
DryRun (boolean)
VpcIds (list) One or more VPC IDs.
Default: Describes all your VPCs.
cidr - The CIDR block of the VPC. The CIDR block you specify must exactly match
the VPCs CIDR block for information to be returned for the VPC. Must contain the
slash followed by one or two digits (for example, /28 ).
dhcp-options-id - The ID of a set of DHCP options.
isDefault - Indicates whether the VPC is the default VPC.
state - The state of the VPC (pending | available ).
the tag-key filter.

vpc-id - The ID of the VPC.

Return type dict
describe_vpn_connections(DryRun=None, VpnConnectionIds=None, Filters=None)
Describes one or more of your VPN connections.
Parameters
DryRun (boolean)
VpnConnectionIds (list) One or more VPN connection IDs.
Default: Describes your VPN connections.
customer-gateway-configuration - The configuration information for the
customer gateway.
customer-gateway-id - The ID of a customer gateway associated with the VPN
connection.
state - The state of the VPN connection (pending | available | deleting |
deleted ).
option.static-routes-only - Indicates whether the connection has static
routes only. Used for devices that do not support Border Gateway Protocol (BGP).
route.destination-cidr-block - The destination CIDR block. This corre-
sponds to the subnet used in a customer data center.
bgp-asn - The BGP Autonomous System Number (ASN) associated with a BGP de-
vice.
the tag-key filter.
type - The type of VPN connection. Currently the only supported type is ipsec.1 .
vpn-connection-id - The ID of the VPN connection.
vpn-gateway-id - The ID of a virtual private gateway associated with the VPN
connection.
Return type dict
describe_vpn_gateways(DryRun=None, VpnGatewayIds=None, Filters=None)
Describes one or more of your virtual private gateways.
For more information about virtual private gateways, see Adding an IPsec Hardware VPN to Your VPC in
the Amazon Virtual Private Cloud User Guide .
Parameters
2.1. Services 191

DryRun (boolean)
VpnGatewayIds (list) One or more virtual private gateway IDs.
Default: Describes all your virtual private gateways.
attachment.state - The current state of the attachment between the gateway and
the VPC (attaching | attached | detaching | detached ).
attachment.vpc-id - The ID of an attached VPC.
availability-zone - The Availability Zone for the virtual private gateway.
state - The state of the virtual private gateway (pending | available |
deleting | deleted ).
the tag-key filter.
type - The type of virtual private gateway. Currently the only supported type is
ipsec.1 .
vpn-gateway-id - The ID of the virtual private gateway.
Return type dict
detach_internet_gateway(InternetGatewayId, VpcId, DryRun=None)
Detaches an Internet gateway from a VPC, disabling connectivity between the Internet and the VPC. The
VPC must not contain any running instances with Elastic IP addresses.
Parameters
DryRun (boolean)
Return type dict
detach_network_interface(AttachmentId, DryRun=None, Force=None)
Detaches a network interface from an instance.
Parameters
DryRun (boolean)
AttachmentId (string) The ID of the attachment.
Force (boolean) Specifies whether to force a detachment.
Return type dict
detach_volume(VolumeId, DryRun=None, InstanceId=None, Device=None, Force=None)
Detaches an Amazon EBS volume from an instance. Make sure to unmount any file systems on the device
within your operating system before detaching the volume. Failure to do so results in the volume being
stuck in a busy state while detaching.

If an Amazon EBS volume is the root device of an instance, it cant be detached while the instance is
running. To detach the root volume, stop the instance first.
If the root volume is detached from an instance with an AWS Marketplace product code, then the AWS
Marketplace product codes from that volume are no longer associated with the instance.
For more information, see Detaching an Amazon EBS Volume in the Amazon Elastic Compute Cloud User
Guide .
Parameters
DryRun (boolean)
Device (string) The device name.
Force (boolean) Forces detachment if the previous detachment attempt did not occur
cleanly (for example, logging into an instance, unmounting the volume, and detaching
normally). This option can lead to data loss or a corrupted file system. Use this option
only as a last resort to detach a volume from a failed instance. The instance wont have an
opportunity to flush file system caches or file system metadata. If you use this option, you
must perform file system check and repair procedures.
Return type dict
detach_vpn_gateway(VpnGatewayId, VpcId, DryRun=None)
Detaches a virtual private gateway from a VPC. You do this if youre planning to turn off the VPC and not
use it anymore. You can confirm a virtual private gateway has been completely detached from a VPC by
describing the virtual private gateway (any attachments to the virtual private gateway are also described).
You must wait for the attachments state to switch to detached before you can delete the VPC or attach
a different VPC to the virtual private gateway.
Parameters
DryRun (boolean)
Return type dict
disable_vgw_route_propagation(RouteTableId, GatewayId)
Disables a virtual private gateway (VGW) from propagating routes to a specified route table of a VPC.
Parameters
GatewayId (string) The ID of the virtual private gateway.
Return type dict
disassociate_address(DryRun=None, PublicIp=None, AssociationId=None)
Disassociates an Elastic IP address from the instance or network interface its associated with.
This is an idempotent operation. If you perform the operation more than once, Amazon EC2 doesnt return
an error.
2.1. Services 193

Parameters
DryRun (boolean)
PublicIp (string) [EC2-Classic] The Elastic IP address. Required for EC2-Classic.
AssociationId (string) [EC2-VPC] The association ID. Required for EC2-VPC.
Return type dict
disassociate_route_table(AssociationId, DryRun=None)
Disassociates a subnet from a route table.
After you perform this action, the subnet no longer uses the routes in the route table. Instead, it uses the
routes in the VPCs main route table. For more information about route tables, see Route Tables in the
Parameters
DryRun (boolean)
AssociationId (string) The association ID representing the current association between
the route table and subnet.
Return type dict
enable_vgw_route_propagation(RouteTableId, GatewayId)
Enables a virtual private gateway (VGW) to propagate routes to the specified route table of a VPC.
Parameters
GatewayId (string) The ID of the virtual private gateway.
Return type dict
enable_volume_io(VolumeId, DryRun=None)
Enables I/O operations for a volume that had I/O operations disabled because the data on the volume was
potentially inconsistent.
Parameters
DryRun (boolean)
Return type dict
get_console_output(InstanceId, DryRun=None)
Gets the console output for the specified instance.
Instances do not have a physical monitor through which you can view their console output. They also
lack physical controls that allow you to power up, reboot, or shut them down. To allow these actions, we
provide them through the Amazon EC2 API and command line interface.
Instance console output is buffered and posted shortly after instance boot, reboot, and termination. Amazon
EC2 preserves the most recent 64 KB output which is available for at least one hour after the most recent
post.
For Linux/Unix instances, the instance console output displays the exact console output that would nor-
mally be displayed on a physical monitor attached to a machine. This output is buffered because the
instance produces it and then posts it to a store where the instances owner can retrieve it.
For Windows instances, the instance console output displays the last three system event log errors.
Parameters

DryRun (boolean)
Return type dict
get_password_data(InstanceId, DryRun=None)
Retrieves the encrypted administrator password for an instance running Windows.
The Windows password is generated at boot if the EC2Config service plugin, Ec2SetPassword , is
enabled. This usually only happens the first time an AMI is launched, and then Ec2SetPassword is
automatically disabled. The password is not generated for rebundled AMIs unless Ec2SetPassword is
enabled before bundling.
The password is encrypted using the key pair that you specified when you launched the instance. You must
provide the corresponding key pair file.
Password generation and encryption takes a few moments. We recommend that you wait up to 15 minutes
after launching an instance before trying to retrieve the generated password.
Parameters
DryRun (boolean)
InstanceId (string) The ID of the Windows instance.
Return type dict
get_waiter(name)
bundle_task_complete
conversion_task_cancelled
conversion_task_completed
conversion_task_deleted
customer_gateway_available
export_task_cancelled
export_task_completed
instance_running
instance_stopped
instance_terminated
snapshot_completed
subnet_available
volume_available
volume_deleted
volume_in_use
vpc_available
vpn_connection_available
vpn_connection_deleted
2.1. Services 195

import_instance(Platform, DryRun=None, Description=None, LaunchSpecification=None,

DiskImages=None)
Creates an import instance task using metadata from the specified disk image. After importing the image,
you then upload it using the ec2-import-volumecommand in the EC2 command line tools. For more
information, see Using the Command Line Tools to Import Your Virtual Machine to Amazon EC2in the
Amazon Elastic Compute Cloud User Guide.
Parameters
DryRun (boolean)
Description (string) A description for the instance being imported.
LaunchSpecification (dict)
DiskImages (list)
Platform (string) The instance operating system.
Return type dict
import_key_pair(KeyName, PublicKeyMaterial, DryRun=None)
Imports the public key from an RSA key pair that you created with a third-party tool. Compare this with
CreateKeyPair , in which AWS creates the key pair and gives the keys to you (AWS keeps a copy of the
public key). With ImportKeyPair, you create the key pair and give AWS just the public key. The private
key is never transferred between you and AWS.
Parameters
DryRun (boolean)
PublicKeyMaterial (blob) The public key. You must base64 encode the public key
material before sending it to AWS.
Return type dict
import_volume(AvailabilityZone, Image, Volume, DryRun=None, Description=None)
Creates an import volume task using metadata from the specified disk image. After importing the image,
you then upload it using the ec2-import-volumecommand in the Amazon EC2 command-line interface
(CLI) tools. For more information, see Using the Command Line Tools to Import Your Virtual Machine to
Amazon EC2 in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
AvailabilityZone (string) The Availability Zone for the resulting Amazon EBS volume.
Image (dict)
Description (string) An optional description for the volume being imported.
Volume (dict) Describes an Amazon EBS volume.
Return type dict
modify_image_attribute(ImageId, DryRun=None, Attribute=None, OperationType=None,
UserIds=None, UserGroups=None, ProductCodes=None,
Value=None, LaunchPermission=None, Description=None)
Modifies the specified attribute of the specified AMI. You can specify only one attribute at a time.
Note: AWS Marketplace product codes cannot be modified. Images with an AWS Marketplace product

code cannot be made public.
Parameters
DryRun (boolean)
Attribute (string) The name of the attribute to modify.
OperationType (string) The operation type.
UserIds (list) One or more AWS account IDs. This is only valid when modifying the
launchPermission attribute.
UserGroups (list) One or more user groups. This is only valid when modifying the
ProductCodes (list) One or more product codes. After you add a product code to an
AMI, it cant be removed. This is only valid when modifying the productCodes at-
tribute.
Value (string) The value of the attribute being modified. This is only valid when modi-
fying the description attribute.
LaunchPermission (dict)
Description (dict) A description for the AMI.
Return type dict
modify_instance_attribute(InstanceId, DryRun=None, Attribute=None, Value=None,

BlockDeviceMappings=None, SourceDestCheck=None, Dis-
ableApiTermination=None, InstanceType=None, Kernel=None,
Ramdisk=None, UserData=None, InstanceInitiatedShutdownBe-
havior=None, Groups=None, EbsOptimized=None, SriovNetSup-
port=None)
Modifies the specified attribute of the specified instance. You can specify only one attribute at a time.
To modify some attributes, the instance must be stopped. For more information, see Modifying Attributes
of a Stopped Instance in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
Attribute (string) The name of the attribute.
Value (string) A new value for the attribute. Use only with the
kernel , ramdisk , userData , disableApiTermination , or
intanceInitiateShutdownBehavior attribute.
BlockDeviceMappings (list) Modifies the DeleteOnTermination attribute for vol-
umes that are currently attached. The volume must be owned by the caller. If no value is
specified for DeleteOnTermination , the default is true and the volume is deleted
when the instance is terminated.
To add instance store volumes to an Amazon EBS-backed instance, you must add them
when you launch the instance. For more information, see Updating the Block Device
Mapping when Launching an Instance in the Amazon Elastic Compute Cloud User Guide
.
2.1. Services 197

SourceDestCheck (dict) Specifies whether source/destination checking is enabled. A

value of true means that checking is enabled, and false means checking is disabled.
This value must be false for a NAT instance to perform NAT.
DisableApiTermination (dict) If the value is true , you cant terminate the instance
using the Amazon EC2 console, CLI, or API; otherwise, you can.
InstanceType (dict) Changes the instance type to the specified value. For more in-
formation, see Instance Types . If the instance type is not valid, the error returned is
InvalidInstanceAttributeValue .
Kernel (dict) Changes the instances kernel to the specified value. We recommend that
you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-
GRUB_ .
Ramdisk (dict) Changes the instances RAM disk to the specified value. We recommend
that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-
GRUB_ .
UserData (dict) Changes the instances user data to the specified value.
InstanceInitiatedShutdownBehavior (dict) Specifies whether an instance stops or ter-
minates when you initiate shutdown from the instance (using the operating system com-
mand for system shutdown).
Groups (list) [EC2-VPC] Changes the security groups of the instance. You must specify
at least one security group, even if its just the default security group for the VPC. You must
specify the security group ID, not the security group name.
For example, if you want the instance to be in sg-1a1a1a1a and sg-9b9b9b9b, specify
GroupId.1=sg-1a1a1a1a and GroupId.2=sg-9b9b9b9b .
EbsOptimized (dict) Specifies whether the instance is optimized for EBS I/O. This op-
timization provides dedicated throughput to Amazon EBS and an optimized configuration
stack to provide optimal EBS I/O performance. This optimization isnt available with all
instance types. Additional usage charges apply when using an EBS Optimized instance.
SriovNetSupport (dict) Set to simple to enable enhanced networking for the instance.
There is no way to disable enhanced networking at this time.
This option is supported only for HVM instances. Specifying this option with a PV in-
stance can make it unreachable.
Return type dict
modify_network_interface_attribute(NetworkInterfaceId, DryRun=None, Descrip-
tion=None, SourceDestCheck=None, Groups=None,
Attachment=None)
Modifies the specified network interface attribute. You can specify only one attribute at a time.
Parameters
DryRun (boolean)
Description (dict) A description for the network interface.
SourceDestCheck (dict) Indicates whether source/destination checking is enabled. A
value of true means checking is enabled, and false means checking is disabled. This
value must be false for a NAT instance to perform NAT. For more information, see NAT
Instances in the Amazon Virtual Private Cloud User Guide .

Groups (list) Changes the security groups for the network interface. The new set of
groups you specify replaces the current set. You must specify at least one group, even if
its just the default security group in the VPC. You must specify the ID of the security
group, not the name.
Attachment (dict) Information about the interface attachment. If modifying the delete
on termination attribute, you must specify the ID of the interface attachment.
Return type dict
modify_reserved_instances(ReservedInstancesIds, TargetConfigurations, ClientToken=None)
Modifies the Availability Zone, instance count, instance type, or network platform (EC2-Classic or EC2-
VPC) of your Reserved Instances. The Reserved Instances to be modified must be identical, except for
Availability Zone, network platform, and instance type.
For more information, see Modifying Reserved Instances in the Amazon Elastic Compute Cloud User
Guide.
Parameters
ClientToken (string) A unique, case-sensitive token you provide to ensure idempotency
of your modification request.
ReservedInstancesIds (list) The IDs of the Reserved Instances to modify.
TargetConfigurations (list) The configuration settings for the Reserved Instances to
modify.
Return type dict
modify_snapshot_attribute(SnapshotId, DryRun=None, Attribute=None, Opera-
tionType=None, UserIds=None, GroupNames=None, Creat-
eVolumePermission=None)
Adds or removes permission settings for the specified snapshot. You may add or remove specified AWS
account IDs from a snapshots list of create volume permissions, but you cannot do both in a single API
call. If you need to both add and remove account IDs for a snapshot, you must use multiple API calls.
For more information on modifying snapshot permissions, see Sharing Snapshots in the Amazon Elastic
Note: Snapshots with AWS Marketplace product codes cannot be made public.
Parameters
DryRun (boolean)
SnapshotId (string) The ID of the snapshot.
Attribute (string) The snapshot attribute to modify.
OperationType (string) The type of operation to perform to the attribute.
UserIds (list) The account ID to modify for the snapshot.
GroupNames (list) The group to modify for the snapshot.
CreateVolumePermission (dict) A JSON representation of the snapshot attribute mod-
ification.
Return type dict
modify_subnet_attribute(SubnetId, MapPublicIpOnLaunch=None)
Modifies a subnet attribute.
2.1. Services 199

Parameters
MapPublicIpOnLaunch (dict) The value to use when a resource attribute accepts a
Boolean value.
Return type dict
modify_volume_attribute(VolumeId, DryRun=None, AutoEnableIO=None)
Modifies a volume attribute.
By default, all I/O operations for the volume are suspended when the data on the volume is determined to
be potentially inconsistent, to prevent undetectable, latent data corruption. The I/O access to the volume
can be resumed by first enabling I/O access and then checking the data consistency on your volume.
You can change the default behavior to resume I/O operations. We recommend that you change this only
for boot volumes or for volumes that are stateless or disposable.
Parameters
DryRun (boolean)
AutoEnableIO (dict) Indicates whether the volume should be auto-enabled for I/O op-
erations.
Return type dict
modify_vpc_attribute(VpcId, EnableDnsSupport=None, EnableDnsHostnames=None)
Modifies the specified attribute of the specified VPC.
Parameters
EnableDnsSupport (dict) Indicates whether the DNS resolution is supported for the
VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP
address, or the reserved IP address at the base of the VPC network range plus two will
succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public
DNS hostnames to IP addresses is not enabled.
EnableDnsHostnames (dict) Indicates whether the instances launched in the VPC get
DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do
not.
You can only enable DNS hostnames if you also enable DNS support.
Return type dict
monitor_instances(InstanceIds, DryRun=None)
Enables monitoring for a running instance. For more information about monitoring instances, see Moni-
toring Your Instances and Volumes in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
Return type dict
purchase_reserved_instances_offering(ReservedInstancesOfferingId, InstanceCount,
DryRun=None, LimitPrice=None)
Purchases a Reserved Instance for use with your account. With Amazon EC2 Reserved Instances, you

obtain a capacity reservation for a certain instance configuration over a specified period of time. You pay a
lower usage rate than with On-Demand instances for the time that you actually use the capacity reservation.
Use DescribeReservedInstancesOfferings to get a list of Reserved Instance offerings that match your spec-
ifications. After youve purchased a Reserved Instance, you can check for your new Reserved Instance
with DescribeReservedInstances .
For more information, see Reserved Instances and Reserved Instance Marketplace in the Amazon Elastic
Parameters
DryRun (boolean)
ReservedInstancesOfferingId (string) The ID of the Reserved Instance offering to pur-
chase.
InstanceCount (integer) The number of Reserved Instances to purchase.
LimitPrice (dict) Specified for Reserved Instance Marketplace offerings to limit the
total order and ensure that the Reserved Instances are not purchased at unexpected prices.
Return type dict
reboot_instances(InstanceIds, DryRun=None)
Requests a reboot of one or more instances. This operation is asynchronous; it only queues a request
to reboot the specified instances. The operation succeeds if the instances are valid and belong to you.
Requests to reboot terminated instances are ignored.
If a Linux/Unix instance does not cleanly shut down within four minutes, Amazon EC2 performs a hard
reboot.
For more information about troubleshooting, see Getting Console Output and Rebooting Instances in the
Parameters
DryRun (boolean)
Return type dict
register_image(Name, DryRun=None, ImageLocation=None, Description=None, Architec-
ture=None, KernelId=None, RamdiskId=None, RootDeviceName=None, BlockDe-
viceMappings=None, VirtualizationType=None, SriovNetSupport=None)
Registers an AMI. When youre creating an AMI, this is the final step you must complete before you can
launch an instance from the AMI. For more information about creating AMIs, see Creating Your Own
AMIs in the Amazon Elastic Compute Cloud User Guide .
Note: For Amazon EBS-backed instances, CreateImage creates and registers the AMI in a single request,
so you dont have to register the AMI yourself.
You can also use RegisterImage to create an Amazon EBS-backed AMI from a snapshot of a root
device volume. For more information, see Launching an Instance from a Snapshot in the Amazon Elastic
If needed, you can deregister an AMI at any time. Any modifications you make to an AMI backed by an
instance store volume invalidates its registration. If you make changes to an image, deregister the previous
image and register the new image.
Note: You cant register an image where a secondary (non-root) snapshot has AWS Marketplace product
codes.
2.1. Services 201

Parameters
DryRun (boolean)
ImageLocation (string) The full path to your AMI manifest in Amazon S3 storage.
Name (string) A name for your AMI.
Description (string) A description for your AMI.
Architecture (string) The architecture of the AMI.
Default: For Amazon EBS-backed AMIs, i386 . For instance store-backed AMIs, the
architecture specified in the manifest file.
KernelId (string) The ID of the kernel.
RamdiskId (string) The ID of the RAM disk.
RootDeviceName (string) The name of the root device (for example, /dev/sda1 , or
xvda ).
BlockDeviceMappings (list) One or more block device mapping entries.
VirtualizationType (string) The type of virtualization.
Default: paravirtual
SriovNetSupport (string) Set to simple to enable enhanced networking for the AMI
and any instances that you launch from the AMI.
This option is supported only for HVM AMIs. Specifying this option with a PV AMI can
make instances launched from the AMI unreachable.
Return type dict
reject_vpc_peering_connection(VpcPeeringConnectionId, DryRun=None)
Rejects a VPC peering connection request. The VPC peering connection must be in the
pending-acceptance state. Use the DescribeVpcPeeringConnections request to view your outstand-
ing VPC peering connection requests. To delete an active VPC peering connection, or to delete a VPC
peering connection request that you initiated, use DeleteVpcPeeringConnection .
Parameters
DryRun (boolean)
Return type dict
release_address(DryRun=None, PublicIp=None, AllocationId=None)
Releases the specified Elastic IP address.
After releasing an Elastic IP address, it is released to the IP address pool and might be unavailable to you.
Be sure to update your DNS records and any servers or devices that communicate with the address. If you
attempt to release an Elastic IP address that you already released, youll get an AuthFailure error if
the address is already allocated to another AWS account.

[EC2-Classic, default VPC] Releasing an Elastic IP address automatically disassociates it from any in-
stance that its associated with. To disassociate an Elastic IP address without releasing it, use Disassoci-
ateAddress .
[Nondefault VPC] You must use DisassociateAddress to disassociate the Elastic IP address before you try
to release it. Otherwise, Amazon EC2 returns an error (InvalidIPAddress.InUse ).
Parameters
DryRun (boolean)
PublicIp (string) [EC2-Classic] The Elastic IP address. Required for EC2-Classic.
AllocationId (string) [EC2-VPC] The allocation ID. Required for EC2-VPC.
Return type dict
replace_network_acl_association(AssociationId, NetworkAclId, DryRun=None)
Changes which network ACL a subnet is associated with. By default when you create a subnet, its
automatically associated with the default network ACL. For more information about network ACLs, see
Network ACLs in the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
AssociationId (string) The ID of the current association between the original network
ACL and the subnet.
NetworkAclId (string) The ID of the new network ACL to associate with the subnet.
Return type dict
replace_network_acl_entry(NetworkAclId, RuleNumber, Protocol, RuleAction, Egress, Cidr-
Block, DryRun=None, IcmpTypeCode=None, PortRange=None)
Replaces an entry (rule) in a network ACL. For more information about network ACLs, see Network ACLs
in the Amazon Virtual Private Cloud User Guide .
Parameters
DryRun (boolean)
NetworkAclId (string) The ID of the ACL.
RuleNumber (integer) The rule number of the entry to replace.
Protocol (string) The IP protocol. You can specify all or -1 to mean all protocols.
Egress (boolean) Indicates whether to replace the egress rule.
Default: If no value is specified, we replace the ingress rule.
CidrBlock (string) The network range to allow or deny, in CIDR notation.
1 (ICMP) for the protocol.
PortRange (dict) TCP or UDP protocols: The range of ports the rule applies to. Re-
quired if specifying 6 (TCP) or 17 (UDP) for the protocol.
Return type dict
2.1. Services 203

replace_route(RouteTableId, DestinationCidrBlock, DryRun=None, GatewayId=None, Instan-

ceId=None, NetworkInterfaceId=None, VpcPeeringConnectionId=None)
Replaces an existing route within a route table in a VPC. You must provide only one of the following:
Internet gateway or virtual private gateway, NAT instance, VPC peering connection, or network interface.
.
Parameters
DryRun (boolean)
The value you provide must match the CIDR of an existing route in the table.
GatewayId (string) The ID of an Internet gateway or virtual private gateway.
InstanceId (string) The ID of a NAT instance in your VPC.
Return type dict
replace_route_table_association(AssociationId, RouteTableId, DryRun=None)
Changes the route table associated with a given subnet in a VPC. After the operation completes, the subnet
uses the routes in the new route table its associated with. For more information about route tables, see
Route Tables in the Amazon Virtual Private Cloud User Guide .
You can also use ReplaceRouteTableAssociation to change which table is the main route table in the VPC.
You just specify the main route tables association ID and the route table to be the new main route table.
Parameters
DryRun (boolean)
AssociationId (string) The association ID.
RouteTableId (string) The ID of the new route table to associate with the subnet.
Return type dict
report_instance_status(Instances, Status, ReasonCodes, DryRun=None, StartTime=None,
EndTime=None, Description=None)
Submits feedback about the status of an instance. The instance must be in the running state. If your
experience with the instance differs from the instance status returned by DescribeInstanceStatus , use
ReportInstanceStatus to report your experience with the instance. Amazon EC2 collects this information
to improve the accuracy of status checks.
Use of this action does not change the value returned by DescribeInstanceStatus .
Parameters
DryRun (boolean)
Instances (list) One or more instances.
Status (string) The status of all instances listed.
StartTime (datetime) The time at which the reported instance health state began.
EndTime (datetime) The time at which the reported instance health state ended.

ReasonCodes (list) One or more reason codes that describes the health state of your
instance.
instance-stuck-in-state : My instance is stuck in a state.
unresponsive : My instance is unresponsive.
not-accepting-credentials : My instance is not accepting my credentials.
password-not-available : A password is not available for my instance.
performance-network : My instance is experiencing performance problems
which I believe are network related.
performance-instance-store : My instance is experiencing performance
problems which I believe are related to the instance stores.
performance-ebs-volume : My instance is experiencing performance problems
which I believe are related to an EBS volume.
performance-other : My instance is experiencing performance problems.
other : [explain using the description parameter]
Description (string) Descriptive text about the health state of your instance.
Return type dict
request_spot_instances(SpotPrice, DryRun=None, InstanceCount=None, Type=None, Valid-
From=None, ValidUntil=None, LaunchGroup=None, AvailabilityZone-
Group=None, LaunchSpecification=None)
Creates a Spot Instance request. Spot Instances are instances that Amazon EC2 starts on your behalf when
the maximum price that you specify exceeds the current Spot Price. Amazon EC2 periodically sets the Spot
Price based on available Spot Instance capacity and current Spot Instance requests. For more information
about Spot Instances, see Spot Instances in the Amazon Elastic Compute Cloud User Guide .
Users must be subscribed to the required product to run an instance with AWS Marketplace product codes.
Parameters
DryRun (boolean)
SpotPrice (string) The maximum hourly price for any Spot Instance launched to fulfill
the request.
InstanceCount (integer) The maximum number of Spot Instances to launch.
Default: 1
Type (string) The Spot Instance request type.
Default: one-time
ValidFrom (datetime) The start date of the request. If this is a one-time request, the
request becomes active at this date and time and remains active until all instances launch,
the request expires, or the request is canceled. If the request is persistent, the request
becomes active at this date and time and remains active until it expires or is canceled.
Default: The request is effective indefinitely.
ValidUntil (datetime) The end date of the request. If this is a one-time request, the
request remains active until all instances launch, the request is canceled, or this date is
reached. If the request is persistent, it remains active until it is canceled or this date and
time is reached.
Default: The request is effective indefinitely.
2.1. Services 205

LaunchGroup (string) The instance launch group. Launch groups are Spot Instances
that launch together and terminate together.
Default: Instances are launched and terminated individually
AvailabilityZoneGroup (string) The user-specified name for a logical grouping of bids.
When you specify an Availability Zone group in a Spot Instance request, all Spot Instances
in the request are launched in the same Availability Zone. Instance proximity is maintained
with this parameter, but the choice of Availability Zone is not. The group applies only to
bids for Spot Instances of the same instance type. Any additional Spot Instance requests
that are specified with the same Availability Zone group name are launched in that same
Availability Zone, as long as at least one instance from the group is still active.
If there is no active instance running in the Availability Zone group that you specify for a
new Spot Instance request (all instances are terminated, the bid is expired, or the bid falls
below current market), then Amazon EC2 launches the instance in any Availability Zone
where the constraint can be met. Consequently, the subsequent set of Spot Instances could
be placed in a different zone from the original request, even if you specified the same
Availability Zone group.
Default: Instances are launched in any available Availability Zone.
LaunchSpecification (dict) Describes the launch specification of a Spot Instance.
Return type dict
reset_image_attribute(ImageId, Attribute, DryRun=None)
Resets an attribute of an AMI to its default value.
Parameters
DryRun (boolean)
Attribute (string) The attribute to reset (currently you can only reset the launch permis-
sion attribute).
Return type dict
reset_instance_attribute(InstanceId, Attribute, DryRun=None)
Resets an attribute of an instance to its default value. To reset the kernel or ramdisk , the instance must
be in a stopped state. To reset the SourceDestCheck , the instance can be either running or stopped.
The SourceDestCheck attribute controls whether source/destination checking is enabled. The default
value is true , which means checking is enabled. This value must be false for a NAT instance to
perform NAT. For more information, see NAT Instances in the Amazon Virtual Private Cloud User Guide
.
Parameters
DryRun (boolean)
Attribute (string) The attribute to reset.
Return type dict
reset_network_interface_attribute(NetworkInterfaceId, DryRun=None,
SourceDestCheck=None)
Resets a network interface attribute. You can specify only one attribute at a time.
Parameters

DryRun (boolean)
SourceDestCheck (string) The source/destination checking attribute. Resets the value
to true .
Return type dict
reset_snapshot_attribute(SnapshotId, Attribute, DryRun=None)
Resets permission settings for the specified snapshot.
For more information on modifying snapshot permissions, see Sharing Snapshots in the Amazon Elastic
Parameters
DryRun (boolean)
SnapshotId (string) The ID of the snapshot.
Attribute (string) The attribute to reset (currently only the attribute for permission to
create volumes can be reset).
Return type dict
revoke_security_group_egress(GroupId, DryRun=None, SourceSecurityGroupName=None,
SourceSecurityGroupOwnerId=None, IpProtocol=None,
FromPort=None, ToPort=None, CidrIp=None, IpPermis-
sions=None)
Removes one or more egress rules from a security group for EC2-VPC. The values that you specify in the
revoke request (for example, ports) must match the existing rules values for the rule to be revoked.
Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP
protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must
also specify the ICMP type and code.
Parameters
DryRun (boolean)
address range.
type.
2.1. Services 207


Return type dict
revoke_security_group_ingress(DryRun=None, GroupName=None, GroupId=None,
SourceSecurityGroupName=None, SourceSecurity-
GroupOwnerId=None, IpProtocol=None, FromPort=None,
ToPort=None, CidrIp=None, IpPermissions=None)
Removes one or more ingress rules from a security group. The values that you specify in the revoke request
(for example, ports) must match the existing rules values for the rule to be removed.
Each rule consists of the protocol and the CIDR range or source security group. For the TCP and UDP
protocols, you must also specify the destination port or range of ports. For the ICMP protocol, you must
also specify the ICMP type and code.
Parameters
DryRun (boolean)
range.
type.
Return type dict
run_instances(ImageId, MinCount, MaxCount, DryRun=None, KeyName=None, Security-
Groups=None, SecurityGroupIds=None, UserData=None, InstanceType=None,
Placement=None, KernelId=None, RamdiskId=None, BlockDeviceMappings=None,
Monitoring=None, SubnetId=None, DisableApiTermination=None, InstanceIniti-
atedShutdownBehavior=None, PrivateIpAddress=None, ClientToken=None, Addi-
tionalInfo=None, NetworkInterfaces=None, IamInstanceProfile=None, EbsOpti-
mized=None)
Launches the specified number of instances using an AMI for which you have permissions.
When you launch an instance, it enters the pending state. After the instance is ready for you, it enters
the running state. To check the state of your instance, call DescribeInstances .

If you dont specify a security group when launching an instance, Amazon EC2 uses the default security
group. For more information, see Security Groups in the Amazon Elastic Compute Cloud User Guide .
Linux instances have access to the public key of the key pair at boot. You can use this key to provide
secure access to the instance. Amazon EC2 public images use this feature to provide secure access without
passwords. For more information, see Key Pairs in the Amazon Elastic Compute Cloud User Guide .
You can provide optional user data when launching an instance. For more information, see Instance Meta-
data in the Amazon Elastic Compute Cloud User Guide .
If any of the AMIs have a product code attached for which the user has not subscribed, RunInstances
fails.
T2 instance types can only be launched into a VPC. If you do not have a default VPC, or if you do not
specify a subnet ID in the request, RunInstances fails.
For more information about troubleshooting, see What To Do If An Instance Immediately Terminates , and
Troubleshooting Connecting to Your Instance in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
ImageId (string) The ID of the AMI, which you can get by calling DescribeImages .
MinCount (integer) The minimum number of instances to launch. If you specify a
minimum that is more instances than Amazon EC2 can launch in the target Availability
Zone, Amazon EC2 launches no instances.
Constraints: Between 1 and the maximum number youre allowed for the specified in-
stance type. For more information about the default limits, and how to request an increase,
see How many instances can I run in Amazon EC2 in the Amazon EC2 General FAQ.
MaxCount (integer) The maximum number of instances to launch. If you specify more
instances than Amazon EC2 can launch in the target Availability Zone, Amazon EC2
launches the largest possible number of instances above MinCount .
KeyName (string) The name of the key pair. You can create a key pair using CreateKey-
Pair or ImportKeyPair .
Warning: If you launch an instance without specifying a key pair, you cant connect
to the instance.
SecurityGroups (list) [EC2-Classic, default VPC] One or more security group names.
For a nondefault VPC, you must use security group IDs instead.
Default: Amazon EC2 uses the default security group.
SecurityGroupIds (list) One or more security group IDs. You can create a security
group using CreateSecurityGroup .
UserData (string) The Base64-encoded MIME user data for the instances.
InstanceType (string) The instance type. For more information, see Instance Types in
the Amazon Elastic Compute Cloud User Guide .
Default: m1.small
2.1. Services 209

Placement (dict) The placement for the instance.

Warning: We recommend that you use PV-GRUB instead of kernels and RAM disks.
For more information, see PV-GRUB_ in the Amazon Elastic Compute Cloud User
Guide .
Guide .
BlockDeviceMappings (list) The block device mapping.

Monitoring (dict) The monitoring for the instance.
SubnetId (string) [EC2-VPC] The ID of the subnet to launch the instance into.
DisableApiTermination (boolean) If you set this parameter to true , you cant
terminate the instance using the Amazon EC2 console, CLI, or API; otherwise, you
can. If you set this parameter to true and then later want to be able to termi-
nate the instance, you must first change the value of the disableApiTermination
attribute to false using ModifyInstanceAttribute . Alternatively, if you set
InstanceInitiatedShutdownBehavior to terminate , you can terminate the
instance by running the shutdown command from the instance.
Default: false
InstanceInitiatedShutdownBehavior (string) Indicates whether an instance stops or
terminates when you initiate shutdown from the instance (using the operating system com-
Default: stop
PrivateIpAddress (string) [EC2-VPC] The primary IP address. You must specify a
value from the IP address range of the subnet.
Only one private IP address can be designated as primary. Therefore, you cant
specify this parameter if PrivateIpAddresses.n.Primary is set to true and
PrivateIpAddresses.n.PrivateIpAddress is set to an IP address.
Default: We select an IP address from the IP address range of the subnet.
ClientToken (string) Unique, case-sensitive identifier you provide to ensure the idem-
potency of the request. For more information, see How to Ensure Idempotency in the
Constraints: Maximum 64 ASCII characters
AdditionalInfo (string) Reserved.
NetworkInterfaces (list) One or more network interfaces.
IamInstanceProfile (dict) The IAM instance profile.
EbsOptimized (boolean) Indicates whether the instance is optimized for EBS I/O. This
optimization provides dedicated throughput to Amazon EBS and an optimized configu-
ration stack to provide optimal Amazon EBS I/O performance. This optimization isnt
available with all instance types. Additional usage charges apply when using an EBS-
optimized instance.

Default: false
Return type dict
start_instances(InstanceIds, AdditionalInfo=None, DryRun=None)
Starts an Amazon EBS-backed AMI that youve previously stopped.
Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When
an instance is stopped, the compute resources are released and you are not billed for hourly instance
usage. However, your root partition Amazon EBS volume remains, continues to persist your data, and you
are charged for Amazon EBS volume usage. You can restart your instance at any time. Each time you
transition an instance from stopped to started, Amazon EC2 charges a full instance hour, even if transitions
happen multiple times within a single hour.
Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance
does not preserve data stored in RAM.
Performing this operation on an instance that uses an instance store as its root device returns an error.
For more information, see Stopping Instances in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
Return type dict
stop_instances(InstanceIds, DryRun=None, Force=None)
Stops an Amazon EBS-backed instance. Each time you transition an instance from stopped to started,
Amazon EC2 charges a full instance hour, even if transitions happen multiple times within a single hour.
You cant start or stop Spot Instances.
Instances that use Amazon EBS volumes as their root devices can be quickly stopped and started. When
an instance is stopped, the compute resources are released and you are not billed for hourly instance usage.
However, your root partition Amazon EBS volume remains, continues to persist your data, and you are
charged for Amazon EBS volume usage. You can restart your instance at any time.
Before stopping an instance, make sure it is in a state from which it can be restarted. Stopping an instance
does not preserve data stored in RAM.
Performing this operation on an instance that uses an instance store as its root device returns an error.
You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed
instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop
an instance, the root device and any other devices attached to the instance persist. When you terminate
an instance, the root device and any other devices attached during the instance launch are automatically
deleted. For more information about the differences between stopping and terminating instances, see
Instance Lifecycle in the Amazon Elastic Compute Cloud User Guide .
For more information about troubleshooting, see Troubleshooting Stopping Your Instance in the Amazon
Parameters
DryRun (boolean)
Force (boolean) Forces the instances to stop. The instances do not have an opportunity to
flush file system caches or file system metadata. If you use this option, you must perform
2.1. Services 211

file system check and repair procedures. This option is not recommended for Windows
instances.
Default: false
Return type dict
terminate_instances(InstanceIds, DryRun=None)
Shuts down one or more instances. This operation is idempotent; if you terminate an instance more than
once, each call succeeds.
Terminated instances remain visible after termination (for approximately one hour).
By default, Amazon EC2 deletes all Amazon EBS volumes that were attached when the instance launched.
Volumes attached after instance launch continue running.
You can stop, start, and terminate EBS-backed instances. You can only terminate instance store-backed
instances. What happens to an instance differs if you stop it or terminate it. For example, when you stop
an instance, the root device and any other devices attached to the instance persist. When you terminate
an instance, the root device and any other devices attached during the instance launch are automatically
deleted. For more information about the differences between stopping and terminating instances, see
Instance Lifecycle in the Amazon Elastic Compute Cloud User Guide .
For more information about troubleshooting, see Troubleshooting Terminating Your Instance in the Ama-
zon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
Return type dict
unassign_private_ip_addresses(NetworkInterfaceId, PrivateIpAddresses)
Unassigns one or more secondary private IP addresses from a network interface.
Parameters
PrivateIpAddresses (list) The secondary private IP addresses to unassign from the net-
work interface. You can specify this option multiple times to unassign more than one IP
address.
Return type dict
unmonitor_instances(InstanceIds, DryRun=None)
Disables monitoring for a running instance. For more information about monitoring instances, see Moni-
toring Your Instances and Volumes in the Amazon Elastic Compute Cloud User Guide .
Parameters
DryRun (boolean)
Return type dict
Service Resource
class ec2.Service
A resource representing Amazon Elastic Compute Cloud:

import boto3
Actions
some attributes.
create_dhcp_options(DhcpConfigurations, DryRun=None)
This method calls ec2.Client.create_dhcp_options().
Parameters
DryRun (boolean)
DhcpConfigurations (list) A DHCP configuration option.
Return type ec2.DhcpOptions
create_instances(ImageId, MinCount, MaxCount, DryRun=None, KeyName=None, Secu-
rityGroups=None, SecurityGroupIds=None, UserData=None, Instance-
Type=None, Placement=None, KernelId=None, RamdiskId=None, Block-
DeviceMappings=None, Monitoring=None, SubnetId=None, DisableApiTer-
mination=None, InstanceInitiatedShutdownBehavior=None, PrivateIpAd-
dress=None, ClientToken=None, AdditionalInfo=None, NetworkInter-
faces=None, IamInstanceProfile=None, EbsOptimized=None)
This method calls ec2.Client.run_instances().
Parameters
DryRun (boolean)
to the instance.
2.1. Services 213

Default: m1.small
Guide .
Guide .

SubnetId (string) [EC2-VPC] The ID of the subnet to launch the instance into.
Default: false
Default: stop


optimized instance.
Default: false
Return type ec2.Instance
create_internet_gateway(DryRun=None)
This method calls ec2.Client.create_internet_gateway().
Return type ec2.InternetGateway
create_key_pair(KeyName, DryRun=None)
This method calls ec2.Client.create_key_pair().
Parameters
DryRun (boolean)
Return type ec2.KeyPair
create_network_acl(VpcId, DryRun=None)
This method calls ec2.Client.create_network_acl().
Parameters
DryRun (boolean)
Return type ec2.NetworkAcl
create_network_interface(SubnetId, Description=None, PrivateIpAddress=None,
Groups=None, PrivateIpAddresses=None, SecondaryPrivateIpAd-
dressCount=None, DryRun=None)
This method calls ec2.Client.create_network_interface().
Parameters
SubnetId (string) The ID of the subnet to associate with the network interface.
2.1. Services 215


.
DryRun (boolean)
Return type ec2.NetworkInterface
create_placement_group(GroupName, Strategy, DryRun=None)
This method calls ec2.Client.create_placement_group().
Parameters
DryRun (boolean)
GroupName (string) A name for the placement group.
Strategy (string) The placement strategy.
Return type ec2.PlacementGroup
create_route_table(VpcId, DryRun=None)
This method calls ec2.Client.create_route_table().
Parameters
DryRun (boolean)
Return type ec2.RouteTable
create_security_group(GroupName, Description, DryRun=None, VpcId=None)
This method calls ec2.Client.create_security_group().
Parameters
DryRun (boolean)
VpcId (string) [EC2-VPC] The ID of the VPC. Required for EC2-VPC.
Return type ec2.SecurityGroup

create_snapshot(VolumeId, DryRun=None, Description=None)

This method calls ec2.Client.create_snapshot().
Parameters
DryRun (boolean)
VolumeId (string) The ID of the Amazon EBS volume.
Return type ec2.Snapshot
create_subnet(VpcId, CidrBlock, DryRun=None, AvailabilityZone=None)
This method calls ec2.Client.create_subnet().
Parameters
DryRun (boolean)
10.0.0.0/24 .
Return type ec2.Subnet
This method calls ec2.Client.create_tags().
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
create_volume(AvailabilityZone, DryRun=None, Size=None, SnapshotId=None, Volume-
Type=None, Iops=None, Encrypted=None, KmsKeyId=None)
This method calls ec2.Client.create_volume().
Parameters
DryRun (boolean)
Size (integer) The size of the volume, in GiBs.
Constraints: If the volume type is io1 , the minimum size of the volume is 4 GiB.
Default: If youre creating the volume from a snapshot and dont specify a volume size,
the default is the snapshot size.
SnapshotId (string) The snapshot from which to create the volume.
AvailabilityZone (string) The Availability Zone in which to create the volume. Use
DescribeAvailabilityZones to list the Availability Zones that are currently available to you.
2.1. Services 217

VolumeType (string) The volume type. This can be gp2 for General Purpose (SSD) vol-
umes, io1 for Provisioned IOPS (SSD) volumes, or standard for Magnetic volumes.
Default: standard
Iops (integer) Only valid for Provisioned IOPS (SSD) volumes. The number of I/O
operations per second (IOPS) to provision for the volume.
Encrypted (boolean) Specifies whether the volume should be encrypted.
KmsKeyId (string) The full ARN of the AWS Key Management Service (KMS) Cus-
tomer Master Key (CMK) to use when creating the encrypted volume. This parameter is
only required if you want to use a non-default CMK; if this parameter is not specified, the
default CMK is used. The ARN contains the arn:aws:kms namespace, followed by the
region of the CMK, the AWS account ID of the CMK owner, the key namespace, and then
the CMK ID. For example, arn:aws:kms:us-east-1 :012345678910 :key/abcd1234-a123-
456a-a12b-a123b4cd56ef .
Return type ec2.Image
create_vpc(CidrBlock, DryRun=None, InstanceTenancy=None)
This method calls ec2.Client.create_vpc().
Parameters
DryRun (boolean)
CidrBlock (string) The network range for the VPC, in CIDR notation. For example,
10.0.0.0/16 .
InstanceTenancy (string) The supported tenancy options for instances launched into the
VPC. A value of default means that instances can be launched with any tenancy; a value
of dedicated means all instances launched into the VPC are launched as dedicated
tenancy instances regardless of the tenancy assigned to the instance at launch. Dedicated
tenancy instances run on single-tenant hardware.
Default: default
Return type ec2.Vpc
create_vpc_peering_connection(DryRun=None, VpcId=None, PeerVpcId=None,
PeerOwnerId=None)
This method calls ec2.Client.create_vpc_peering_connection().
Parameters
DryRun (boolean)
VpcId (string) The ID of the requester VPC.
connection.
Return type ec2.VpcPeeringConnection
disassociate_route_table(AssociationId, DryRun=None)
This method calls ec2.Client.disassociate_route_table().
Parameters
DryRun (boolean)

AssociationId (string) The association ID representing the current association between

the route table and subnet.
Return type dict
import_key_pair(KeyName, PublicKeyMaterial, DryRun=None)
This method calls ec2.Client.import_key_pair().
Parameters
DryRun (boolean)
PublicKeyMaterial (blob) The public key. You must base64 encode the public key
material before sending it to AWS.
Return type ec2.KeyPair
register_image(Name, DryRun=None, ImageLocation=None, Description=None, Architec-
ture=None, KernelId=None, RamdiskId=None, RootDeviceName=None, BlockDe-
viceMappings=None, VirtualizationType=None, SriovNetSupport=None)
This method calls ec2.Client.register_image().
Parameters
DryRun (boolean)
ImageLocation (string) The full path to your AMI manifest in Amazon S3 storage.
Name (string) A name for your AMI.
Description (string) A description for your AMI.
Architecture (string) The architecture of the AMI.
Default: For Amazon EBS-backed AMIs, i386 . For instance store-backed AMIs, the
architecture specified in the manifest file.
RootDeviceName (string) The name of the root device (for example, /dev/sda1 , or
xvda ).
BlockDeviceMappings (list) One or more block device mapping entries.
VirtualizationType (string) The type of virtualization.
Default: paravirtual
SriovNetSupport (string) Set to simple to enable enhanced networking for the AMI
and any instances that you launch from the AMI.
This option is supported only for HVM AMIs. Specifying this option with a PV AMI can
make instances launched from the AMI unreachable.
2.1. Services 219

Sub-resources
along to the child.
DhcpOptions(id)
Create a ec2.DhcpOptions instance.
Image(id)
Create a ec2.Image instance.
Instance(id)
Create a ec2.Instance instance.
InternetGateway(id)
Create a ec2.InternetGateway instance.
KeyPair(name)
Create a ec2.KeyPair instance.
NetworkAcl(id)
Create a ec2.NetworkAcl instance.
NetworkInterface(id)
Create a ec2.NetworkInterface instance.
PlacementGroup(name)
Create a ec2.PlacementGroup instance.
RouteTable(id)
Create a ec2.RouteTable instance.
RouteTableAssociation(id)
Create a ec2.RouteTableAssociation instance.
SecurityGroup(id)
Create a ec2.SecurityGroup instance.
Snapshot(id)
Create a ec2.Snapshot instance.
Subnet(id)
Create a ec2.Subnet instance.
Tag(resource_id, key, value)
Create a ec2.Tag instance.
Volume(id)
Create a ec2.Volume instance.
Vpc(id)
Create a ec2.Vpc instance.
VpcPeeringConnection(id)
Create a ec2.VpcPeeringConnection instance.
Collections
dhcp_options_sets
(CollectionManager) A collection of ec2.DhcpOptions instances. This collection uses the
ec2.Client.describe_dhcp_options() operation to get items.

images
(CollectionManager) A collection of ec2.Image instances. This collection uses the
ec2.Client.describe_images() operation to get items.
instances
(CollectionManager) A collection of ec2.Instance instances. This collection uses the
ec2.Client.describe_instances() operation to get items.
internet_gateways
(CollectionManager) A collection of ec2.InternetGateway instances. This collection uses
the ec2.Client.describe_internet_gateways() operation to get items.
key_pairs
(CollectionManager) A collection of ec2.KeyPair instances. This collection uses the
ec2.Client.describe_key_pairs() operation to get items.
network_acls
(CollectionManager) A collection of ec2.NetworkAcl instances. This collection uses the
ec2.Client.describe_network_acls() operation to get items.
network_interfaces
(CollectionManager) A collection of ec2.NetworkInterface instances. This collection uses
the ec2.Client.describe_network_interfaces() operation to get items.
placement_groups
(CollectionManager) A collection of ec2.PlacementGroup instances. This collection uses the
ec2.Client.describe_placement_groups() operation to get items.
route_tables
(CollectionManager) A collection of ec2.RouteTable instances. This collection uses the
ec2.Client.describe_route_tables() operation to get items.
security_groups
(CollectionManager) A collection of ec2.SecurityGroup instances. This collection uses the
ec2.Client.describe_security_groups() operation to get items.
snapshots
(CollectionManager) A collection of ec2.Snapshot instances. This collection uses the
ec2.Client.describe_snapshots() operation to get items.
subnets
(CollectionManager) A collection of ec2.Subnet instances. This collection uses the
ec2.Client.describe_subnets() operation to get items.
volumes
(CollectionManager) A collection of ec2.Volume instances. This collection uses the
ec2.Client.describe_volumes() operation to get items.
vpc_peering_connections
(CollectionManager) A collection of ec2.VpcPeeringConnection instances. This collection
uses the ec2.Client.describe_vpc_peering_connections() operation to get items.
vpcs
(CollectionManager) A collection of ec2.Vpc instances. This collection uses the
ec2.Client.describe_vpcs() operation to get items.
DhcpOptions
class ec2.DhcpOptions(id)
A resource representing an Amazon Elastic Compute Cloud DhcpOptions:
2.1. Services 221

import boto3
dhcp_options = ec2.DhcpOptions(id)
Identifiers:
id
(string, identifier) The DhcpOptionss Id identifier. This attribute must be set for the actions below to
work.
Attributes:
dhcp_configurations
(list) One or more DHCP options in the set.
dhcp_options_id
(string) The ID of the set of DHCP options.
tags
(list) Any tags assigned to the DHCP options set.
Actions
some attributes.
associate_with_vpc(VpcId, DryRun=None)
This method calls ec2.Client.associate_dhcp_options().
Parameters
DryRun (boolean)
Return type dict
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None)
This method calls ec2.Client.delete_dhcp_options().
Return type dict

Image
class ec2.Image(id)
A resource representing an Amazon Elastic Compute Cloud Image:
import boto3
image = ec2.Image(id)
Identifiers:
id
(string, identifier) The Images Id identifier. This attribute must be set for the actions below to work.
Attributes:
architecture
(string) The architecture of the image.
block_device_mappings
(list) Any block device mapping entries.
description
(string) The description of the AMI that was provided during image creation.
hypervisor
(string) The hypervisor type of the image.
image_id
(string) The ID of the AMI.
image_location
(string) The location of the AMI.
image_owner_alias
(string) The AWS account alias (for example, amazon , self ) or the AWS account ID of the AMI
owner.
image_type
(string) The type of image.
kernel_id
(string) The kernel associated with the image, if any. Only applicable for machine images.
name
(string) The name of the AMI that was provided during image creation.
owner_id
(string) The AWS account ID of the image owner.
platform
(string) The value is Windows for Windows AMIs; otherwise blank.
product_codes
(list) Any product codes associated with the AMI.
2.1. Services 223

public
(boolean) Indicates whether the image has public launch permissions. The value is true if this image
has public launch permissions or false if it has only implicit and explicit launch permissions.
ramdisk_id
(string) The RAM disk associated with the image, if any. Only applicable for machine images.
root_device_name
(string) The device name of the root device (for example, /dev/sda1or xvda).
root_device_type
(string) The type of root device used by the AMI. The AMI can use an Amazon EBS volume or an
instance store volume.
sriov_net_support
(string) Specifies whether enhanced networking is enabled.
state
(string) The current state of the AMI. If the state is available , the image is successfully registered
and can be used to launch an instance.
state_reason
(dict) The reason for the state change.
tags
(list) Any tags assigned to the image.
virtualization_type
(string) The type of virtualization of the AMI.
Actions
some attributes.
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
deregister(DryRun=None)
This method calls ec2.Client.deregister_image().
Return type dict
describe_attribute(Attribute, DryRun=None)
This method calls ec2.Client.describe_image_attribute().
Parameters
DryRun (boolean)
Attribute (string) The AMI attribute.

Return type dict

modify_attribute(DryRun=None, Attribute=None, OperationType=None, UserIds=None, User-
Groups=None, ProductCodes=None, Value=None, LaunchPermission=None,
Description=None)
This method calls ec2.Client.modify_image_attribute().
Parameters
DryRun (boolean)
Attribute (string) The name of the attribute to modify.
OperationType (string) The operation type.
UserIds (list) One or more AWS account IDs. This is only valid when modifying the
UserGroups (list) One or more user groups. This is only valid when modifying the
ProductCodes (list) One or more product codes. After you add a product code to an
AMI, it cant be removed. This is only valid when modifying the productCodes at-
tribute.
Value (string) The value of the attribute being modified. This is only valid when modi-
fying the description attribute.
LaunchPermission (dict)
Description (dict) A description for the AMI.
Return type dict
reset_attribute(Attribute, DryRun=None)
This method calls ec2.Client.reset_image_attribute().
Parameters
DryRun (boolean)
Attribute (string) The attribute to reset (currently you can only reset the launch permis-
sion attribute).
Return type dict
Instance
class ec2.Instance(id)
A resource representing an Amazon Elastic Compute Cloud Instance:
import boto3
instance = ec2.Instance(id)
Identifiers:
2.1. Services 225

id
(string, identifier) The Instances Id identifier. This attribute must be set for the actions below to work.
Attributes:
ami_launch_index
(integer) The AMI launch index, which can be used to find this instance in the launch group.
architecture
(string) The architecture of the image.
block_device_mappings
(list) Any block device mapping entries for the instance.
client_token
(string) The idempotency token you provided when you launched the instance.
ebs_optimized
(boolean) Indicates whether the instance is optimized for EBS I/O. This optimization provides dedicated
throughput to Amazon EBS and an optimized configuration stack to provide optimal I/O performance. This
optimization isnt available with all instance types. Additional usage charges apply when using an EBS
Optimized instance.
hypervisor
(string) The hypervisor type of the instance.
iam_instance_profile
(dict) The IAM instance profile associated with the instance.
image_id
(string) The ID of the AMI used to launch the instance.
instance_id
(string) The ID of the instance.
instance_lifecycle
(string) Indicates whether this is a Spot Instance.
instance_type
(string) The instance type.
kernel_id
(string) The kernel associated with this instance.
key_name
(string) The name of the key pair, if this instance was launched with an associated key pair.
launch_time
(datetime) The time the instance was launched.
monitoring
(dict) The monitoring information for the instance.
network_interfaces
(list) [EC2-VPC] One or more network interfaces for the instance.
placement
(dict) The location where the instance launched.
platform
(string) The value is Windows for Windows instances; otherwise blank.

private_dns_name
(string) The private DNS name assigned to the instance. This DNS name can only be used inside the
Amazon EC2 network. This name is not available until the instance enters the running state.
private_ip_address
(string) The private IP address assigned to the instance.
product_codes
(list) The product codes attached to this instance.
public_dns_name
(string) The public DNS name assigned to the instance. This name is not available until the instance
enters the running state.
public_ip_address
(string) The public IP address assigned to the instance.
ramdisk_id
(string) The RAM disk associated with this instance.
root_device_name
(string) The root device name (for example, /dev/sda1 ).
root_device_type
(string) The root device type used by the AMI. The AMI can use an Amazon EBS volume or an instance
store volume.
security_groups
(list) One or more security groups for the instance.
source_dest_check
(boolean) Specifies whether to enable an instance launched in a VPC to perform NAT. This controls
whether source/destination checking is enabled on the instance. A value of true means checking is
enabled, and false means checking is disabled. The value must be false for the instance to perform
NAT. For more information, see NAT Instances in the Amazon Virtual Private Cloud User Guide .
spot_instance_request_id
(string) The ID of the Spot Instance request.
sriov_net_support
(string) Specifies whether enhanced networking is enabled.
state
(dict) The current state of the instance.
state_reason
(dict) The reason for the most recent state transition.
state_transition_reason
(string) The reason for the most recent state transition. This might be an empty string.
subnet_id
(string) The ID of the subnet in which the instance is running.
tags
(list) Any tags assigned to the instance.
virtualization_type
(string) The virtualization type of the instance.
vpc_id
(string) The ID of the VPC in which the instance is running.
2.1. Services 227

Actions
some attributes.
attach_volume(VolumeId, Device, DryRun=None)
This method calls ec2.Client.attach_volume().
Parameters
DryRun (boolean)
VolumeId (string) The ID of the Amazon EBS volume. The volume and instance must
be within the same Availability Zone.
xvdh ).
Return type dict
console_output(DryRun=None)
This method calls ec2.Client.get_console_output().
Return type dict
create_image(Name, DryRun=None, Description=None, NoReboot=None, BlockDeviceMap-
pings=None)
This method calls ec2.Client.create_image().
Parameters
DryRun (boolean)
Name (string) A name for the new image.
Description (string) A description for the new image.
NoReboot (boolean) By default, this parameter is set to false , which means Amazon
EC2 attempts to shut down the instance cleanly before image creation and then reboots
the instance. When the parameter is set to true , Amazon EC2 doesnt shut down the
instance before creating the image. When this option is used, file system integrity on the
created image cant be guaranteed.
BlockDeviceMappings (list) Information about one or more block device mappings.
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag

This method calls ec2.Client.describe_instance_attribute().
Parameters
DryRun (boolean)
Return type dict
detach_volume(VolumeId, DryRun=None, Device=None, Force=None)
This method calls ec2.Client.detach_volume().
Parameters
DryRun (boolean)
Return type dict
modify_attribute(DryRun=None, Attribute=None, Value=None, BlockDeviceMappings=None,
SourceDestCheck=None, DisableApiTermination=None, InstanceType=None,
Kernel=None, Ramdisk=None, UserData=None, InstanceInitiatedShutdownBe-
havior=None, Groups=None, EbsOptimized=None, SriovNetSupport=None)
This method calls ec2.Client.modify_instance_attribute().
Parameters
DryRun (boolean)
Attribute (string) The name of the attribute.
Value (string) A new value for the attribute. Use only with the
kernel , ramdisk , userData , disableApiTermination , or
intanceInitiateShutdownBehavior attribute.
BlockDeviceMappings (list) Modifies the DeleteOnTermination attribute for vol-
umes that are currently attached. The volume must be owned by the caller. If no value is
specified for DeleteOnTermination , the default is true and the volume is deleted
when the instance is terminated.
To add instance store volumes to an Amazon EBS-backed instance, you must add them
when you launch the instance. For more information, see Updating the Block Device
Mapping when Launching an Instance in the Amazon Elastic Compute Cloud User Guide
.
SourceDestCheck (dict) Specifies whether source/destination checking is enabled. A
value of true means that checking is enabled, and false means checking is disabled.
This value must be false for a NAT instance to perform NAT.
DisableApiTermination (dict) If the value is true , you cant terminate the instance
using the Amazon EC2 console, CLI, or API; otherwise, you can.
2.1. Services 229

InstanceType (dict) Changes the instance type to the specified value. For more in-
formation, see Instance Types . If the instance type is not valid, the error returned is
InvalidInstanceAttributeValue .
Kernel (dict) Changes the instances kernel to the specified value. We recommend that
you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-
GRUB_ .
Ramdisk (dict) Changes the instances RAM disk to the specified value. We recommend
that you use PV-GRUB instead of kernels and RAM disks. For more information, see PV-
GRUB_ .
UserData (dict) Changes the instances user data to the specified value.
InstanceInitiatedShutdownBehavior (dict) Specifies whether an instance stops or ter-
minates when you initiate shutdown from the instance (using the operating system com-
Groups (list) [EC2-VPC] Changes the security groups of the instance. You must specify
at least one security group, even if its just the default security group for the VPC. You must
specify the security group ID, not the security group name.
For example, if you want the instance to be in sg-1a1a1a1a and sg-9b9b9b9b, specify
GroupId.1=sg-1a1a1a1a and GroupId.2=sg-9b9b9b9b .
EbsOptimized (dict) Specifies whether the instance is optimized for EBS I/O. This op-
timization provides dedicated throughput to Amazon EBS and an optimized configuration
stack to provide optimal EBS I/O performance. This optimization isnt available with all
instance types. Additional usage charges apply when using an EBS Optimized instance.
SriovNetSupport (dict) Set to simple to enable enhanced networking for the instance.
This option is supported only for HVM instances. Specifying this option with a PV in-
stance can make it unreachable.
Return type dict
monitor(InstanceIds, DryRun=None)
This method calls ec2.Client.monitor_instances().
Parameters
DryRun (boolean)
Return type dict
password_data(DryRun=None)
This method calls ec2.Client.get_password_data().
Return type dict
reboot(InstanceIds, DryRun=None)
This method calls ec2.Client.reboot_instances().
Parameters
DryRun (boolean)

Return type dict

report_status(Instances, Status, ReasonCodes, DryRun=None, StartTime=None, EndTime=None,
Description=None)
This method calls ec2.Client.report_instance_status().
Parameters
DryRun (boolean)
Instances (list) One or more instances.
Status (string) The status of all instances listed.
StartTime (datetime) The time at which the reported instance health state began.
EndTime (datetime) The time at which the reported instance health state ended.
ReasonCodes (list) One or more reason codes that describes the health state of your
instance.
instance-stuck-in-state : My instance is stuck in a state.
unresponsive : My instance is unresponsive.
not-accepting-credentials : My instance is not accepting my credentials.
password-not-available : A password is not available for my instance.
performance-network : My instance is experiencing performance problems
which I believe are network related.
performance-instance-store : My instance is experiencing performance
problems which I believe are related to the instance stores.
performance-ebs-volume : My instance is experiencing performance problems
which I believe are related to an EBS volume.
performance-other : My instance is experiencing performance problems.
other : [explain using the description parameter]
Description (string) Descriptive text about the health state of your instance.
Return type dict
This method calls ec2.Client.reset_instance_attribute().
Parameters
DryRun (boolean)
Attribute (string) The attribute to reset.
Return type dict
reset_kernel(DryRun=None)
Return type dict
reset_ramdisk(DryRun=None)
2.1. Services 231

Return type dict

reset_source_dest_check(DryRun=None)
Return type dict
start(InstanceIds, AdditionalInfo=None, DryRun=None)
This method calls ec2.Client.start_instances().
Parameters
DryRun (boolean)
Return type dict
stop(InstanceIds, DryRun=None, Force=None)
This method calls ec2.Client.stop_instances().
Parameters
DryRun (boolean)
Force (boolean) Forces the instances to stop. The instances do not have an opportunity to
flush file system caches or file system metadata. If you use this option, you must perform
file system check and repair procedures. This option is not recommended for Windows
instances.
Default: false
Return type dict
terminate(InstanceIds, DryRun=None)
This method calls ec2.Client.terminate_instances().
Parameters
DryRun (boolean)
Return type dict
unmonitor(InstanceIds, DryRun=None)
This method calls ec2.Client.unmonitor_instances().
Parameters
DryRun (boolean)
Return type dict
References
subnet
(ec2.Subnet) The related Subnet if set, otherwise None.

image
(ec2.Image) The related Image if set, otherwise None.
placement_group
(ec2.PlacementGroup) The related PlacementGroup if set, otherwise None.
key_pair
(ec2.KeyPair) The related KeyPair if set, otherwise None.
vpc
(ec2.Vpc) The related Vpc if set, otherwise None.
Collections
volumes
(CollectionManager) A collection of ec2.Volume instances. This collection uses the
ec2.Client.describe_volumes() operation to get items.
InternetGateway
class ec2.InternetGateway(id)
A resource representing an Amazon Elastic Compute Cloud InternetGateway:
import boto3
internet_gateway = ec2.InternetGateway(id)
Identifiers:
id
(string, identifier) The InternetGateways Id identifier. This attribute must be set for the actions below
to work.
Attributes:
attachments
(list) Any VPCs attached to the Internet gateway.
internet_gateway_id
(string) The ID of the Internet gateway.
tags
(list) Any tags assigned to the Internet gateway.
Actions
some attributes.
attach_to_vpc(VpcId, DryRun=None)
This method calls ec2.Client.attach_internet_gateway().
Parameters
DryRun (boolean)
2.1. Services 233


Return type dict
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None)
This method calls ec2.Client.delete_internet_gateway().
Return type dict
detach_from_vpc(VpcId, DryRun=None)
This method calls ec2.Client.detach_internet_gateway().
Parameters
DryRun (boolean)
Return type dict
KeyPair
class ec2.KeyPair(name)
A resource representing an Amazon Elastic Compute Cloud KeyPair:
import boto3
key_pair = ec2.KeyPair(name)
Identifiers:
name
(string, identifier) The KeyPairs Name identifier. This attribute must be set for the actions below to
work.
Attributes:
key_fingerprint
(string) If you used CreateKeyPair to create the key pair, this is the SHA-1 digest of the DER en-
coded private key. If you used ImportKeyPair to provide AWS the public key, this is the MD5 public key
fingerprint as specified in section 4 of RFC4716.

key_name
(string) The name of the key pair.
Actions
some attributes.
delete(DryRun=None)
This method calls ec2.Client.delete_key_pair().
Return type dict
NetworkAcl
class ec2.NetworkAcl(id)
A resource representing an Amazon Elastic Compute Cloud NetworkAcl:
import boto3
network_acl = ec2.NetworkAcl(id)
Identifiers:
id
(string, identifier) The NetworkAcls Id identifier. This attribute must be set for the actions below to
work.
Attributes:
associations
(list) Any associations between the network ACL and one or more subnets
entries
(list) One or more entries (rules) in the network ACL.
is_default
(boolean) Indicates whether this is the default network ACL for the VPC.
network_acl_id
(string) The ID of the network ACL.
tags
(list) Any tags assigned to the network ACL.
vpc_id
(string) The ID of the VPC for the network ACL.
Actions
some attributes.
2.1. Services 235

create_entry(RuleNumber, Protocol, RuleAction, Egress, CidrBlock, DryRun=None, IcmpType-

Code=None, PortRange=None)
This method calls ec2.Client.create_network_acl_entry().
Parameters
DryRun (boolean)
RuleNumber (integer) The rule number for the entry (for example, 100). ACL entries
are processed in ascending order by rule number.
Constraints: Positive integer from 1 to 32766
Protocol (string) The protocol. A value of -1 means all protocols.
Egress (boolean) Indicates whether this is an egress rule (rule is applied to traffic leaving
the subnet).
CidrBlock (string) The network range to allow or deny, in CIDR notation (for example
172.16.0.0/24 ).
ICMP for the protocol.
PortRange (dict) TCP or UDP protocols: The range of ports the rule applies to.
Return type dict
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None)
This method calls ec2.Client.delete_network_acl().
Return type dict
delete_entry(RuleNumber, Egress, DryRun=None)
This method calls ec2.Client.delete_network_acl_entry().
Parameters
DryRun (boolean)
RuleNumber (integer) The rule number of the entry to delete.
Egress (boolean) Indicates whether the rule is an egress rule.
Return type dict
replace_association(AssociationId, DryRun=None)
This method calls ec2.Client.replace_network_acl_association().

Parameters
DryRun (boolean)
AssociationId (string) The ID of the current association between the original network
ACL and the subnet.
Return type dict
replace_entry(RuleNumber, Protocol, RuleAction, Egress, CidrBlock, DryRun=None, IcmpType-
Code=None, PortRange=None)
This method calls ec2.Client.replace_network_acl_entry().
Parameters
DryRun (boolean)
RuleNumber (integer) The rule number of the entry to replace.
Protocol (string) The IP protocol. You can specify all or -1 to mean all protocols.
Egress (boolean) Indicates whether to replace the egress rule.
Default: If no value is specified, we replace the ingress rule.
CidrBlock (string) The network range to allow or deny, in CIDR notation.
1 (ICMP) for the protocol.
PortRange (dict) TCP or UDP protocols: The range of ports the rule applies to. Re-
quired if specifying 6 (TCP) or 17 (UDP) for the protocol.
Return type dict
References
vpc
NetworkInterface
class ec2.NetworkInterface(id)
A resource representing an Amazon Elastic Compute Cloud NetworkInterface:
import boto3
network_interface = ec2.NetworkInterface(id)
Identifiers:
id
(string, identifier) The NetworkInterfaces Id identifier. This attribute must be set for the actions below
to work.
2.1. Services 237

Attributes:
association
(dict) The association information for an Elastic IP associated with the network interface.
attachment
(dict) The network interface attachment.
availability_zone
(string) The Availability Zone.
description
(string) A description.
groups
(list) Any security groups for the network interface.
mac_address
(string) The MAC address.
network_interface_id
(string) The ID of the network interface.
owner_id
(string) The AWS account ID of the owner of the network interface.
private_dns_name
(string) The private DNS name.
private_ip_address
(string) The IP address of the network interface within the subnet.
private_ip_addresses
(list) The private IP addresses associated with the network interface.
requester_id
(string) The ID of the entity that launched the instance on your behalf (for example, AWS Management
Console or Auto Scaling).
requester_managed
(boolean) Indicates whether the network interface is being managed by AWS.
source_dest_check
(boolean) Indicates whether traffic to or from the instance is validated.
status
(string) The status of the network interface.
subnet_id
(string) The ID of the subnet.
tag_set
(list) Any tags assigned to the network interface.
vpc_id
(string) The ID of the VPC.
Actions
some attributes.
assign_private_ip_addresses(PrivateIpAddresses=None, SecondaryPrivateIpAddress-
Count=None, AllowReassignment=None)
This method calls ec2.Client.assign_private_ip_addresses().

Parameters
PrivateIpAddresses (list) One or more IP addresses to be assigned as a secondary pri-
vate IP address to the network interface. You cant specify this parameter when also spec-
ifying a number of secondary IP addresses.
If you dont specify an IP address, Amazon EC2 automatically selects an IP address within
the subnet range.
SecondaryPrivateIpAddressCount (integer) The number of secondary IP addresses to
assign to the network interface. You cant specify this parameter when also specifying
private IP addresses.
AllowReassignment (boolean) Indicates whether to allow an IP address that is already
assigned to another network interface or instance to be reassigned to the specified network
interface.
Return type dict
attach(InstanceId, DeviceIndex, DryRun=None)
This method calls ec2.Client.attach_network_interface().
Parameters
DryRun (boolean)
DeviceIndex (integer) The index of the device for the network interface attachment.
Return type dict
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None)
This method calls ec2.Client.delete_network_interface().
Return type dict
describe_attribute(DryRun=None, Attribute=None)
This method calls ec2.Client.describe_network_interface_attribute().
Parameters
DryRun (boolean)
Attribute (string) The attribute of the network interface.
Return type dict
detach(DryRun=None, Force=None)
This method calls ec2.Client.detach_network_interface().
2.1. Services 239

Parameters
DryRun (boolean)
Force (boolean) Specifies whether to force a detachment.
Return type dict
modify_attribute(DryRun=None, Description=None, SourceDestCheck=None, Groups=None, At-
tachment=None)
This method calls ec2.Client.modify_network_interface_attribute().
Parameters
DryRun (boolean)
Description (dict) A description for the network interface.
SourceDestCheck (dict) Indicates whether source/destination checking is enabled. A
value of true means checking is enabled, and false means checking is disabled. This
value must be false for a NAT instance to perform NAT. For more information, see NAT
Instances in the Amazon Virtual Private Cloud User Guide .
Groups (list) Changes the security groups for the network interface. The new set of
groups you specify replaces the current set. You must specify at least one group, even if
its just the default security group in the VPC. You must specify the ID of the security
group, not the name.
Attachment (dict) Information about the interface attachment. If modifying the delete
on termination attribute, you must specify the ID of the interface attachment.
Return type dict
reset_attribute(DryRun=None, SourceDestCheck=None)
This method calls ec2.Client.reset_network_interface_attribute().
Parameters
DryRun (boolean)
SourceDestCheck (string) The source/destination checking attribute. Resets the value
to true .
Return type dict
unassign_private_ip_addresses(PrivateIpAddresses)
This method calls ec2.Client.unassign_private_ip_addresses().
Parameters PrivateIpAddresses (list) The secondary private IP addresses to unassign from
the network interface. You can specify this option multiple times to unassign more than one
IP address.
Return type dict
References
subnet
vpc

PlacementGroup
class ec2.PlacementGroup(name)
A resource representing an Amazon Elastic Compute Cloud PlacementGroup:
import boto3
placement_group = ec2.PlacementGroup(name)
Identifiers:
name
(string, identifier) The PlacementGroups Name identifier. This attribute must be set for the actions
below to work.
Attributes:
group_name
(string) The name of the placement group.
state
(string) The state of the placement group.
strategy
(string) The placement strategy.
Actions
some attributes.
delete(DryRun=None)
This method calls ec2.Client.delete_placement_group().
Return type dict
Collections
instances
RouteTable
class ec2.RouteTable(id)
A resource representing an Amazon Elastic Compute Cloud RouteTable:
import boto3
route_table = ec2.RouteTable(id)
2.1. Services 241

Identifiers:
id
(string, identifier) The RouteTables Id identifier. This attribute must be set for the actions below to
work.
Attributes:
associations
(list) The associations between the route table and one or more subnets.
propagating_vgws
(list) Any virtual private gateway (VGW) propagating routes.
route_table_id
(string) The ID of the route table.
routes
(list) The routes in the route table.
tags
(list) Any tags assigned to the route table.
vpc_id
Actions
some attributes.
associate_with_subnet(SubnetId, DryRun=None)
This method calls ec2.Client.associate_route_table().
Parameters
DryRun (boolean)
Return type ec2.RouteTableAssociation
create_route(DestinationCidrBlock, DryRun=None, GatewayId=None, InstanceId=None, Network-
InterfaceId=None, VpcPeeringConnectionId=None)
This method calls ec2.Client.create_route().
Parameters
DryRun (boolean)
Routing decisions are based on the most specific match.
GatewayId (string) The ID of an Internet gateway or virtual private gateway attached to
your VPC.
InstanceId (string) The ID of a NAT instance in your VPC. The operation fails if you
specify an instance ID unless exactly one network interface is attached.

Return type dict

Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
References
vpc
Collections
associations
(CollectionManager) A collection of ec2.RouteTableAssociation instances. This collec-
tion uses the ec2.Client.describe_route_tables() operation to get items.
RouteTableAssociation
class ec2.RouteTableAssociation(id)
A resource representing an Amazon Elastic Compute Cloud RouteTableAssociation:
import boto3
route_table_association = ec2.RouteTableAssociation(id)
Identifiers:
id
(string, identifier) The RouteTableAssociations Id identifier. This attribute must be set for the actions
below to work.
Attributes:
main
(boolean) Indicates whether this is the main route table.
route_table_association_id
(string) The ID of the association between a route table and a subnet.
route_table_id
(string) The ID of the route table.
2.1. Services 243

subnet_id
Actions
some attributes.
delete(DryRun=None)
This method calls ec2.Client.disassociate_route_table().
Return type dict
replace_subnet(RouteTableId, DryRun=None)
This method calls ec2.Client.replace_route_table_association().
Parameters
DryRun (boolean)
RouteTableId (string) The ID of the new route table to associate with the subnet.
Return type ec2.RouteTableAssociation
References
subnet
route_table
(ec2.RouteTable) The related RouteTable if set, otherwise None.
SecurityGroup
class ec2.SecurityGroup(id)
A resource representing an Amazon Elastic Compute Cloud SecurityGroup:
import boto3
security_group = ec2.SecurityGroup(id)
Identifiers:
id
(string, identifier) The SecurityGroups Id identifier. This attribute must be set for the actions below
to work.
Attributes:
description
(string) A description of the security group.
group_id
(string) The ID of the security group.

group_name
(string) The name of the security group.
ip_permissions
(list) One or more inbound rules associated with the security group.
ip_permissions_egress
(list) [EC2-VPC] One or more outbound rules associated with the security group.
owner_id
(string) The AWS account ID of the owner of the security group.
tags
(list) Any tags assigned to the security group.
vpc_id
(string) [EC2-VPC] The ID of the VPC for the security group.
Actions
some attributes.
authorize_egress(DryRun=None, SourceSecurityGroupName=None, SourceSecurity-
GroupOwnerId=None, IpProtocol=None, FromPort=None, ToPort=None,
This method calls ec2.Client.authorize_security_group_egress().
Parameters
DryRun (boolean)
address range.
type.
Return type dict
authorize_ingress(DryRun=None, GroupName=None, SourceSecurityGroupName=None,
SourceSecurityGroupOwnerId=None, IpProtocol=None, FromPort=None,
ToPort=None, CidrIp=None, IpPermissions=None)
This method calls ec2.Client.authorize_security_group_ingress().
Parameters
DryRun (boolean)
2.1. Services 245

range.
type.
Return type dict
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None, GroupName=None)
This method calls ec2.Client.delete_security_group().
Parameters
DryRun (boolean)
GroupName (string) [EC2-Classic, default VPC] The name of the security group. You
Return type dict
revoke_egress(DryRun=None, SourceSecurityGroupName=None, SourceSecurity-
GroupOwnerId=None, IpProtocol=None, FromPort=None, ToPort=None,
This method calls ec2.Client.revoke_security_group_egress().
Parameters
DryRun (boolean)
address range.


type.
Return type dict
revoke_ingress(DryRun=None, GroupName=None, SourceSecurityGroupName=None, SourceSe-
curityGroupOwnerId=None, IpProtocol=None, FromPort=None, ToPort=None,
This method calls ec2.Client.revoke_security_group_ingress().
Parameters
DryRun (boolean)
range.
type.
Return type dict
Snapshot
class ec2.Snapshot(id)
A resource representing an Amazon Elastic Compute Cloud Snapshot:
2.1. Services 247

import boto3
snapshot = ec2.Snapshot(id)
Identifiers:
id
(string, identifier) The Snapshots Id identifier. This attribute must be set for the actions below to
work.
Attributes:
description
(string) The description for the snapshot.
encrypted
(boolean) Indicates whether the snapshot is encrypted.
kms_key_id
(string) The full ARN of the AWS Key Management Service (KMS) Customer Master Key (CMK) that
was used to protect the volume encryption key for the parent volume.
owner_alias
(string) The AWS account alias (for example, amazon , self ) or AWS account ID that owns the
snapshot.
owner_id
(string) The AWS account ID of the Amazon EBS snapshot owner.
progress
(string) The progress of the snapshot, as a percentage.
snapshot_id
(string) The ID of the snapshot.
start_time
(datetime) The time stamp when the snapshot was initiated.
state
(string) The snapshot state.
tags
(list) Any tags assigned to the snapshot.
volume_id
(string) The ID of the volume.
volume_size
(integer) The size of the volume, in GiB.
Actions
some attributes.
copy(SourceRegion, DryRun=None, Description=None, DestinationRegion=None, Presigne-
dUrl=None)
This method calls ec2.Client.copy_snapshot().

Parameters
DryRun (boolean)
SourceRegion (string) The ID of the region that contains the snapshot to be copied.
Description (string) A description for the new Amazon EBS snapshot.
DestinationRegion (string) The destination region of the snapshot copy operation. This
parameter is required in the PresignedUrl .
PresignedUrl (string) The pre-signed URL that facilitates copying an encrypted
snapshot. This parameter is only required when copying an encrypted snapshot
with the Amazon EC2 Query API; it is available as an optional parameter in all
other cases. The PresignedUrl should use the snapshot source endpoint, the
CopySnapshot action, and include the SourceRegion , SourceSnapshotId ,
and DestinationRegion parameters. The PresignedUrl must be signed using
AWS Signature Version 4. Because Amazon EBS snapshots are stored in Amazon S3, the
signing algorithm for this parameter uses the same logic that is described in Authenticating
Requests by Using Query Parameters (AWS Signature Version 4) in the Amazon Simple
Storage Service API Reference . An invalid or improperly signed PresignedUrl will
cause the copy operation to fail asynchronously, and the snapshot will move to an error
state.
Return type dict
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None)
This method calls ec2.Client.delete_snapshot().
Return type dict
This method calls ec2.Client.describe_snapshot_attribute().
Parameters
DryRun (boolean)
Attribute (string) The snapshot attribute you would like to view.
Return type dict
modify_attribute(DryRun=None, Attribute=None, OperationType=None, UserIds=None, Group-
Names=None, CreateVolumePermission=None)
This method calls ec2.Client.modify_snapshot_attribute().
Parameters
DryRun (boolean)
2.1. Services 249

Attribute (string) The snapshot attribute to modify.

OperationType (string) The type of operation to perform to the attribute.
UserIds (list) The account ID to modify for the snapshot.
GroupNames (list) The group to modify for the snapshot.
CreateVolumePermission (dict) A JSON representation of the snapshot attribute mod-
ification.
Return type dict
This method calls ec2.Client.reset_snapshot_attribute().
Parameters
DryRun (boolean)
Attribute (string) The attribute to reset (currently only the attribute for permission to
create volumes can be reset).
Return type dict
References
volume
(ec2.Volume) The related Volume if set, otherwise None.
Subnet
class ec2.Subnet(id)
A resource representing an Amazon Elastic Compute Cloud Subnet:
import boto3
subnet = ec2.Subnet(id)
Identifiers:
id
(string, identifier) The Subnets Id identifier. This attribute must be set for the actions below to work.
Attributes:
availability_zone
(string) The Availability Zone of the subnet.
available_ip_address_count
(integer) The number of unused IP addresses in the subnet. Note that the IP addresses for any stopped
instances are considered unavailable.
cidr_block
(string) The CIDR block assigned to the subnet.

default_for_az
(boolean) Indicates whether this is the default subnet for the Availability Zone.
map_public_ip_on_launch
(boolean) Indicates whether instances launched in this subnet receive a public IP address.
state
(string) The current state of the subnet.
subnet_id
tags
(list) Any tags assigned to the subnet.
vpc_id
(string) The ID of the VPC the subnet is in.
Actions
some attributes.
create_instances(ImageId, MinCount, MaxCount, DryRun=None, KeyName=None, Security-
Groups=None, SecurityGroupIds=None, UserData=None, InstanceType=None,
Placement=None, KernelId=None, RamdiskId=None, BlockDeviceMap-
pings=None, Monitoring=None, DisableApiTermination=None, InstanceIni-
tiatedShutdownBehavior=None, PrivateIpAddress=None, ClientToken=None,
AdditionalInfo=None, NetworkInterfaces=None, IamInstanceProfile=None,
EbsOptimized=None)
This method calls ec2.Client.run_instances().
Parameters
DryRun (boolean)
to the instance.
2.1. Services 251


Default: m1.small
Guide .
Guide .

Default: false
Default: stop


optimized instance.
Default: false
Return type ec2.Instance
create_network_interface(Description=None, PrivateIpAddress=None, Groups=None, Pri-
vateIpAddresses=None, SecondaryPrivateIpAddressCount=None,
DryRun=None)
This method calls ec2.Client.create_network_interface().
Parameters
.
DryRun (boolean)
Return type ec2.NetworkInterface
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None)
This method calls ec2.Client.delete_subnet().
2.1. Services 253


Return type dict
References
vpc
Collections
instances
network_interfaces
Tag
class ec2.Tag(resource_id, key, value)

A resource representing an Amazon Elastic Compute Cloud Tag:
import boto3
tag = ec2.Tag(resource_id, key, value)
Identifiers:
key
(string, identifier) The Tags Key identifier. This attribute must be set for the actions below to work.
resource_id
(string, identifier) The Tags ResourceId identifier. This attribute must be set for the actions below to
work.
value
(string, identifier) The Tags Value identifier. This attribute must be set for the actions below to work.
Attributes:
key
(string) The key of the tag.
resource_id
(string) The ID of the resource. For example, ami-1a2b3c4d .
resource_type
(string) The type of resource.
value
(string) The value of the tag.

Actions
some attributes.
delete(Resources, DryRun=None, Tags=None)
This method calls ec2.Client.delete_tags().
Parameters
DryRun (boolean)
Resources (list) The ID of the resource. For example, ami-1a2b3c4d. You can specify
more than one resource ID.
Tags (list) One or more tags to delete. If you omit the value parameter, we delete the
tag regardless of its value. If you specify this parameter with an empty string as the value,
we delete the key only if its value is an empty string.
Return type dict
Volume
class ec2.Volume(id)
A resource representing an Amazon Elastic Compute Cloud Volume:
import boto3
volume = ec2.Volume(id)
Identifiers:
id
(string, identifier) The Volumes Id identifier. This attribute must be set for the actions below to work.
Attributes:
attachments
(list)
availability_zone
(string) The Availability Zone for the volume.
create_time
(datetime) The time stamp when volume creation was initiated.
encrypted
(boolean) Indicates whether the volume is encrypted.
iops
(integer) The number of I/O operations per second (IOPS) that the volume supports. For Provisioned
IOPS (SSD) volumes, this represents the number of IOPS that are provisioned for the volume. For General
Purpose (SSD) volumes, this represents the baseline performance of the volume and the rate at which the
volume accumulates I/O credits for bursting. For more information on General Purpose (SSD) baseline
performance, I/O credits, and bursting, see Amazon EBS Volume Types in the Amazon Elastic Compute
Cloud User Guide .
2.1. Services 255

Constraint: Range is 100 to 4000 for Provisioned IOPS (SSD) volumes and 3 to 3072 for General Purpose
(SSD) volumes.
Condition: This parameter is required for requests to create io1 volumes; it is not used in requests to
create standard or gp2 volumes.
kms_key_id
(string) The full ARN of the AWS Key Management Service (KMS) Customer Master Key (CMK) that
was used to protect the volume encryption key for the volume.
size
(integer) The size of the volume, in GiBs.
snapshot_id
(string) The snapshot from which the volume was created, if applicable.
state
(string) The volume state.
tags
(list) Any tags assigned to the volume.
volume_id
(string) The ID of the volume.
volume_type
(string) The volume type. This can be gp2 for General Purpose (SSD) volumes, io1 for Provisioned
IOPS (SSD) volumes, or standard for Magnetic volumes.
Actions
some attributes.
attach_to_instance(InstanceId, Device, DryRun=None)
This method calls ec2.Client.attach_volume().
Parameters
DryRun (boolean)
xvdh ).
Return type dict
create_snapshot(DryRun=None, Description=None)
This method calls ec2.Client.create_snapshot().
Parameters
DryRun (boolean)
Return type ec2.Snapshot
Parameters
DryRun (boolean)

empty string.
Return type ec2.Tag
This method calls ec2.Client.describe_volume_attribute().
Parameters
DryRun (boolean)
Return type dict
describe_status(DryRun=None, VolumeIds=None, Filters=None, NextToken=None, MaxRe-
sults=None)
This method calls ec2.Client.describe_volume_status().
Parameters
DryRun (boolean)
Default: Describes all your volumes.
action.code - The action code for the event (for example, enable-volume-io
).
action.description - A description of the action.
action.event-id - The event ID associated with the action.
event.event-id - The event ID.
event.event-type - The event type (for io-enabled : passed |
failed ; for io-performance : io-performance:degraded |
io-performance:severely-degraded | io-performance:stalled
).
event.not-after - The latest end time for the event.
event.not-before - The earliest start time for the event.
volume-status.details-name - The cause for volume-status.status
(io-enabled | io-performance ).
volume-status.details-status - The status of
volume-status.details-name (for io-enabled : passed | failed
; for io-performance : normal | degraded | severely-degraded |
stalled ).
volume-status.status - The status of the volume (ok | impaired | warning
| insufficient-data ).
2.1. Services 257

NextToken (string) The next paginated set of results to return using the pagination token
returned by a previous call.
MaxResults (integer) The maximum number of paginated volume items per response.
Return type dict
detach_from_instance(DryRun=None, InstanceId=None, Device=None, Force=None)
This method calls ec2.Client.detach_volume().
Parameters
DryRun (boolean)
Return type dict
enable_io(DryRun=None)
This method calls ec2.Client.enable_volume_io().
Return type dict
modify_attribute(DryRun=None, AutoEnableIO=None)
This method calls ec2.Client.modify_volume_attribute().
Parameters
DryRun (boolean)
AutoEnableIO (dict) Indicates whether the volume should be auto-enabled for I/O op-
erations.
Return type dict
Collections
snapshots
(CollectionManager) A collection of ec2.Snapshot instances. This collection uses the
ec2.Client.describe_snapshots() operation to get items.
Vpc
class ec2.Vpc(id)
A resource representing an Amazon Elastic Compute Cloud Vpc:
import boto3
vpc = ec2.Vpc(id)

Identifiers:
id
(string, identifier) The Vpcs Id identifier. This attribute must be set for the actions below to work.
Attributes:
cidr_block
(string) The CIDR block for the VPC.
dhcp_options_id
(string) The ID of the set of DHCP options youve associated with the VPC (or default if the default
options are associated with the VPC).
instance_tenancy
(string) The allowed tenancy of instances launched into the VPC.
is_default
(boolean) Indicates whether the VPC is the default VPC.
state
(string) The current state of the VPC.
tags
(list) Any tags assigned to the VPC.
vpc_id
Actions
some attributes.
associate_dhcp_options(DhcpOptionsId, DryRun=None)
This method calls ec2.Client.associate_dhcp_options().
Parameters
DryRun (boolean)
DhcpOptionsId (string) The ID of the DHCP options set, or default to associate no
DHCP options with the VPC.
Return type dict
attach_internet_gateway(InternetGatewayId, DryRun=None)
This method calls ec2.Client.attach_internet_gateway().
Parameters
DryRun (boolean)
Return type dict
create_network_acl(DryRun=None)
This method calls ec2.Client.create_network_acl().
2.1. Services 259

Return type ec2.NetworkAcl

create_route_table(DryRun=None)
This method calls ec2.Client.create_route_table().
Return type ec2.RouteTable
create_security_group(GroupName, Description, DryRun=None)
This method calls ec2.Client.create_security_group().
Parameters
DryRun (boolean)
Return type ec2.SecurityGroup
create_subnet(CidrBlock, DryRun=None, AvailabilityZone=None)
This method calls ec2.Client.create_subnet().
Parameters
DryRun (boolean)
10.0.0.0/24 .
Return type ec2.Subnet
Parameters
DryRun (boolean)
empty string.
Return type ec2.Tag
delete(DryRun=None)
This method calls ec2.Client.delete_vpc().

Return type dict

This method calls ec2.Client.describe_vpc_attribute().
Parameters
DryRun (boolean)
Attribute (string) The VPC attribute.
Return type dict
detach_internet_gateway(InternetGatewayId, DryRun=None)
This method calls ec2.Client.detach_internet_gateway().
Parameters
DryRun (boolean)
Return type dict
modify_attribute(EnableDnsSupport=None, EnableDnsHostnames=None)
This method calls ec2.Client.modify_vpc_attribute().
Parameters
EnableDnsSupport (dict) Indicates whether the DNS resolution is supported for the
VPC. If enabled, queries to the Amazon provided DNS server at the 169.254.169.253 IP
address, or the reserved IP address at the base of the VPC network range plus two will
succeed. If disabled, the Amazon provided DNS service in the VPC that resolves public
DNS hostnames to IP addresses is not enabled.
EnableDnsHostnames (dict) Indicates whether the instances launched in the VPC get
DNS hostnames. If enabled, instances in the VPC get DNS hostnames; otherwise, they do
not.
You can only enable DNS hostnames if you also enable DNS support.
Return type dict
request_vpc_peering_connection(DryRun=None, PeerVpcId=None, PeerOwnerId=None)
This method calls ec2.Client.create_vpc_peering_connection().
Parameters
DryRun (boolean)
connection.
Return type ec2.VpcPeeringConnection
References
dhcp_options
(ec2.DhcpOptions) The related DhcpOptions if set, otherwise None.
2.1. Services 261

Collections
accepted_vpc_peering_connections
instances
internet_gateways
(CollectionManager) A collection of ec2.InternetGateway instances. This collection uses
the ec2.Client.describe_internet_gateways() operation to get items.
network_acls
(CollectionManager) A collection of ec2.NetworkAcl instances. This collection uses the
ec2.Client.describe_network_acls() operation to get items.
network_interfaces
requested_vpc_peering_connections
route_tables
(CollectionManager) A collection of ec2.RouteTable instances. This collection uses the
ec2.Client.describe_route_tables() operation to get items.
security_groups
(CollectionManager) A collection of ec2.SecurityGroup instances. This collection uses the
ec2.Client.describe_security_groups() operation to get items.
subnets
(CollectionManager) A collection of ec2.Subnet instances. This collection uses the
ec2.Client.describe_subnets() operation to get items.
VpcPeeringConnection
class ec2.VpcPeeringConnection(id)
A resource representing an Amazon Elastic Compute Cloud VpcPeeringConnection:
import boto3
vpc_peering_connection = ec2.VpcPeeringConnection(id)
Identifiers:
id
(string, identifier) The VpcPeeringConnections Id identifier. This attribute must be set for the actions
below to work.

Attributes:
accepter_vpc_info
(dict) The information of the peer VPC.
expiration_time
(datetime) The time that an unaccepted VPC peering connection will expire.
requester_vpc_info
(dict) The information of the requester VPC.
status
(dict) The status of the VPC peering connection.
tags
(list) Any tags assigned to the resource.
vpc_peering_connection_id
(string) The ID of the VPC peering connection.
Actions
some attributes.
accept(DryRun=None)
This method calls ec2.Client.accept_vpc_peering_connection().
Return type dict
delete(DryRun=None)
This method calls ec2.Client.delete_vpc_peering_connection().
Return type dict
reject(DryRun=None)
This method calls ec2.Client.reject_vpc_peering_connection().
Return type dict
References
accepter_vpc
requester_vpc
2.1.16 Amazon ElastiCache
Table of Contents
Amazon ElastiCache
Client
2.1. Services 263

Client
class elasticache.Client
A low-level client representing Amazon ElastiCache:
import boto3
elasticache = boto3.client(elasticache)
authorize_cache_security_group_ingress(CacheSecurityGroupName,
EC2SecurityGroupName,
EC2SecurityGroupOwnerId)
The AuthorizeCacheSecurityGroupIngress operation allows network ingress to a cache security group.
Applications using ElastiCache must be running on Amazon EC2, and Amazon EC2 security groups are
used as the authorization mechanism.
Parameters
CacheSecurityGroupName (string) The cache security group which will allow network
ingress.
EC2SecurityGroupName (string) The Amazon EC2 security group to be authorized
for ingress to the cache security group.
EC2SecurityGroupOwnerId (string) The AWS account number of the Amazon EC2
security group owner. Note that this is not the same thing as an AWS access key ID - you
must provide a valid AWS account number for this parameter.
Return type dict
copy_snapshot(SourceSnapshotName, TargetSnapshotName)
The CopySnapshot operation makes a copy of an existing snapshot.
Parameters
SourceSnapshotName (string) The name of an existing snapshot from which to copy.
TargetSnapshotName (string) A name for the copied snapshot.
Return type dict
create_cache_cluster(CacheClusterId, ReplicationGroupId=None, AZMode=None, Pre-
ferredAvailabilityZone=None, PreferredAvailabilityZones=None,
NumCacheNodes=None, CacheNodeType=None, Engine=None, En-
gineVersion=None, CacheParameterGroupName=None, CacheSub-
netGroupName=None, CacheSecurityGroupNames=None, Security-
GroupIds=None, SnapshotArns=None, SnapshotName=None, Preferred-
MaintenanceWindow=None, Port=None, NotificationTopicArn=None,
AutoMinorVersionUpgrade=None, SnapshotRetentionLimit=None,
SnapshotWindow=None)
The CreateCacheCluster operation creates a cache cluster. All nodes in the cache cluster run the same
protocol-compliant cache engine software, either Memcached or Redis.
Parameters
CacheClusterId (string) The node group identifier. This parameter is stored as a lower-
case string.
Constraints:
A name must contain from 1 to 20 alphanumeric characters or hyphens.
The first character must be a letter.

A name cannot end with a hyphen or contain two consecutive hyphens.

ReplicationGroupId (string) The ID of the replication group to which this cache cluster
should belong. If this parameter is specified, the cache cluster will be added to the spec-
ified replication group as a read replica; otherwise, the cache cluster will be a standalone
primary that is not part of any replication group.
If the specified replication group is Automatic Failover enabled and the availability zone
is not specified, the cache cluster will be created in availability zones that provide the best
spread of read replicas across availability zones.
Note: This parameter is only valid if the Engine parameter is redis .
AZMode (string) Specifies whether the nodes in this Memcached node group are created
in a single Availability Zone or created across multiple Availability Zones in the clusters
region.
This parameter is only supported for Memcached cache clusters.
If the AZMode and PreferredAvailabilityZones are not specified, ElastiCache
assumes single-az mode.
PreferredAvailabilityZone (string) The EC2 Availability Zone in which the cache clus-
ter will be created.
All nodes belonging to this Memcached cache cluster are placed in the preferred Avail-
ability Zone. If you want to create your nodes across multiple Availability Zones, use
PreferredAvailabilityZones .
Default: System chosen Availability Zone.
PreferredAvailabilityZones (list) A list of the Availability Zones in which cache nodes
will be created. The order of the zones in the list is not important.
This option is only supported on Memcached.
If you want all the nodes in the same Availability Zone, use
PreferredAvailabilityZone instead, or repeat the Availability Zone multi-
ple times in the list.
Default: System chosen Availability Zones.
Example: One Memcached node in each of three different Availability Zones:
PreferredAvailabilityZones.member.1=us-east-1aPreferredAvailabilityZones.me
Example: All three Memcached nodes in one Availability Zone:
PreferredAvailabilityZones.member.1=us-east-1aPreferredAvailabilityZones.me
NumCacheNodes (integer) The initial number of cache nodes that the cache cluster will
have.
For Memcached, valid values are between 1 and 20. If you need to exceed this limit, please
fill out the ElastiCache Limit Increase Request form at http://aws.amazon.com/contact-
us/elasticache-node-limit-request/ .
For Redis, only single-node cache cluster are supported at this time, so the value for this
parameter must be 1.
CacheNodeType (string) The compute and memory capacity of the nodes in the node
group.
Valid node types are as follows:
2.1. Services 265

General purpose: * Current generation: cache.t2.micro , cache.t2.small

, cache.t2.medium , cache.m3.medium , cache.m3.large ,
cache.m3.xlarge , cache.m3.2xlarge
Previous generation: cache.t1.micro , cache.m1.small ,
cache.m1.medium , cache.m1.large , cache.m1.xlarge
Compute optimized: cache.c1.xlarge
Memory optimized * Current generation: cache.r3.large , cache.r3.xlarge
, cache.r3.2xlarge , cache.r3.4xlarge , cache.r3.8xlarge
Previous generation: cache.m2.xlarge , cache.m2.2xlarge ,
cache.m2.4xlarge
Notes:
All t2 instances are created in an Amazon Virtual Private Cloud (VPC).
Redis backup/restore is not supported for t2 instances.
Redis Append-only files (AOF) functionality is not supported for t1 or t2 instances.
For a complete listing of cache node types and specifications, see Amazon ElastiCache
Product Features and Details and Cache Node Type-Specific Parameters for Memcached
or Cache Node Type-Specific Parameters for Redis .
Engine (string) The name of the cache engine to be used for this cache cluster.
Valid values for this parameter are:
memcached | redis
EngineVersion (string) The version number of the cache engine to be used for this cache
cluster. To view the supported cache engine versions, use the DescribeCacheEngineVer-
sions operation.
CacheParameterGroupName (string) The name of the parameter group to associate
with this cache cluster. If this argument is omitted, the default parameter group for the
specified engine is used.
CacheSubnetGroupName (string) The name of the subnet group to be used for the
cache cluster.
Use this parameter only when you are creating a cache cluster in an Amazon Virtual Private
Cloud (VPC).
CacheSecurityGroupNames (list) A list of security group names to associate with this
cache cluster.
Use this parameter only when you are creating a cache cluster outside of an Amazon
Virtual Private Cloud (VPC).
SecurityGroupIds (list) One or more VPC security groups associated with the cache
cluster.
Use this parameter only when you are creating a cache cluster in an Amazon Virtual Private
Cloud (VPC).
SnapshotArns (list) A single-element string list containing an Amazon Resource Name
(ARN) that uniquely identifies a Redis RDB snapshot file stored in Amazon S3. The
snapshot file will be used to populate the node group. The Amazon S3 object name in the
ARN cannot contain any commas.

Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb

SnapshotName (string) The name of a snapshot from which to restore data into the new
node group. The snapshot status changes to restoring while the new node group is
being created.
PreferredMaintenanceWindow (string) The weekly time range (in UTC) during which
system maintenance can occur.
Example: sun:05:00-sun:09:00
Port (integer) The port number on which each of the cache nodes will accept connec-
tions.
NotificationTopicArn (string) The Amazon Resource Name (ARN) of the Amazon
Simple Notification Service (SNS) topic to which notifications will be sent.
AutoMinorVersionUpgrade (boolean) Determines whether minor engine upgrades will
be applied automatically to the node group during the maintenance window. A value of
true allows these upgrades to occur; false disables automatic upgrades.
Default: true
SnapshotRetentionLimit (integer) The number of days for which ElastiCache
will retain automatic snapshots before deleting them. For example, if you set
SnapshotRetentionLimit to 5, then a snapshot that was taken today will be re-
tained for 5 days before being deleted.
Default: 0 (i.e., automatic backups are disabled for this cache cluster).
SnapshotWindow (string) The daily time range (in UTC) during which ElastiCache
will begin taking a daily snapshot of your node group.
Example: 05:00-09:00
If you do not specify this parameter, then ElastiCache will automatically choose an appro-
priate time range.
Return type dict
create_cache_parameter_group(CacheParameterGroupName, CacheParameterGroupFamily,
Description)
The CreateCacheParameterGroup operation creates a new cache parameter group. A cache parameter
group is a collection of parameters that you apply to all of the nodes in a cache cluster.
Parameters
CacheParameterGroupName (string) A user-specified name for the cache parameter
group.
CacheParameterGroupFamily (string) The name of the cache parameter group family
the cache parameter group can be used with.
Valid values are: memcached1.4 | redis2.6 | redis2.8
Description (string) A user-specified description for the cache parameter group.
Return type dict
2.1. Services 267

create_cache_security_group(CacheSecurityGroupName, Description)
The CreateCacheSecurityGroup operation creates a new cache security group. Use a cache security group
to control access to one or more cache clusters.
Cache security groups are only used when you are creating a cache cluster outside of an Amazon Virtual
Private Cloud (VPC). If you are creating a cache cluster inside of a VPC, use a cache subnet group instead.
For more information, see CreateCacheSubnetGroup .
Parameters
CacheSecurityGroupName (string) A name for the cache security group. This value is
stored as a lowercase string.
Constraints: Must contain no more than 255 alphanumeric characters. Cannot be the word
Default.
Example: mysecuritygroup
Description (string) A description for the cache security group.
Return type dict
create_cache_subnet_group(CacheSubnetGroupName, CacheSubnetGroupDescription, Sub-
netIds)
The CreateCacheSubnetGroup operation creates a new cache subnet group.
Use this parameter only when you are creating a cluster in an Amazon Virtual Private Cloud (VPC).
Parameters
CacheSubnetGroupName (string) A name for the cache subnet group. This value is
Constraints: Must contain no more than 255 alphanumeric characters or hyphens.
Example: mysubnetgroup
CacheSubnetGroupDescription (string) A description for the cache subnet group.
SubnetIds (list) A list of VPC subnet IDs for the cache subnet group.
Return type dict
create_replication_group(ReplicationGroupId, ReplicationGroupDescription, PrimaryClus-
terId=None, AutomaticFailoverEnabled=None, NumCacheClus-
ters=None, PreferredCacheClusterAZs=None, CacheNode-
Type=None, Engine=None, EngineVersion=None, CachePa-
rameterGroupName=None, CacheSubnetGroupName=None,
CacheSecurityGroupNames=None, SecurityGroupIds=None,
SnapshotArns=None, SnapshotName=None, PreferredMainte-
nanceWindow=None, Port=None, NotificationTopicArn=None,
AutoMinorVersionUpgrade=None, SnapshotRetentionLimit=None,
SnapshotWindow=None)
The CreateReplicationGroup operation creates a replication group. A replication group is a collection of
cache clusters, where one of the cache clusters is a read/write primary and the others are read-only replicas.
Writes to the primary are automatically propagated to the replicas.
When you create a replication group, you must specify an existing cache cluster that is in the primary role.
When the replication group has been successfully created, you can add one or more read replica replicas
to it, up to a total of five read replicas.
Note: This action is valid only for Redis.
Parameters

ReplicationGroupId (string) The replication group identifier. This parameter is stored

as a lowercase string.
Constraints:
A name must contain from 1 to 20 alphanumeric characters or hyphens.
The first character must be a letter.
A name cannot end with a hyphen or contain two consecutive hyphens.
ReplicationGroupDescription (string) A user-created description for the replication
group.
PrimaryClusterId (string) The identifier of the cache cluster that will serve as the pri-
mary for this replication group. This cache cluster must already exist and have a status of
available .
This parameter is not required if NumCacheClusters is specified.
AutomaticFailoverEnabled (boolean) Specifies whether a read-only replica will be
automatically promoted to read/write primary if the existing primary fails.
If true , automatic failover is enabled for this replication group. If false , automatic
failover is disabled for this replication group.
Default: false
NumCacheClusters (integer) The number of cache clusters this replication group will
initially have.
If AutomaticFailover is enabled , the value of this parameter must be at least 2.
The maximum permitted value for NumCacheClusters is 6 (primary plus 5 replicas). If
you need to exceed this limit, please fill out the ElastiCache Limit Increase Request forrm
at http://aws.amazon.com/contact-us/elasticache-node-limit-request .
PreferredCacheClusterAZs (list) A list of EC2 availability zones in which the replica-
tion groups cache clusters will be created. The order of the availability zones in the list is
not important.
Default: system chosen availability zones.
Example: One Redis cache cluster in each of three
availability zones. PreferredAvailabilityZones.member.1=us-
east-1a PreferredAvailabilityZones.member.2=us-east-1c
PreferredAvailabilityZones.member.3=us-east-1d
CacheNodeType (string) The compute and memory capacity of the nodes in the node
group.
Valid node types are as follows:
General purpose: * Current generation: cache.t2.micro , cache.t2.small
, cache.t2.medium , cache.m3.medium , cache.m3.large ,
cache.m3.xlarge , cache.m3.2xlarge
Previous generation: cache.t1.micro , cache.m1.small ,
cache.m1.medium , cache.m1.large , cache.m1.xlarge
Compute optimized: cache.c1.xlarge
Memory optimized * Current generation: cache.r3.large , cache.r3.xlarge
, cache.r3.2xlarge , cache.r3.4xlarge , cache.r3.8xlarge
2.1. Services 269

Previous generation: cache.m2.xlarge , cache.m2.2xlarge ,

cache.m2.4xlarge
Notes:
All t2 instances are created in an Amazon Virtual Private Cloud (VPC).
Redis backup/restore is not supported for t2 instances.
Redis Append-only files (AOF) functionality is not supported for t1 or t2 instances.
For a complete listing of cache node types and specifications, see Amazon ElastiCache
Product Features and Details and Cache Node Type-Specific Parameters for Memcached
or Cache Node Type-Specific Parameters for Redis .
Engine (string) The name of the cache engine to be used for the cache clusters in this
replication group.
Default: redis
EngineVersion (string) The version number of the cach engine to be used for the cache
clusters in this replication group. To view the supported cache engine versions, use the
DescribeCacheEngineVersions operation.
CacheParameterGroupName (string) The name of the parameter group to associate
with this replication group. If this argument is omitted, the default cache parameter group
for the specified engine is used.
CacheSubnetGroupName (string) The name of the cache subnet group to be used for
the replication group.
CacheSecurityGroupNames (list) A list of cache security group names to associate
with this replication group.
SecurityGroupIds (list) One or more Amazon VPC security groups associated with this
replication group.
Use this parameter only when you are creating a replication group in an Amazon Virtual
Private Cloud (VPC).
SnapshotArns (list) A single-element string list containing an Amazon Resource Name
(ARN) that uniquely identifies a Redis RDB snapshot file stored in Amazon S3. The
snapshot file will be used to populate the node group. The Amazon S3 object name in the
ARN cannot contain any commas.
Example of an Amazon S3 ARN: arn:aws:s3:::my_bucket/snapshot1.rdb
SnapshotName (string) The name of a snapshot from which to restore data into the new
node group. The snapshot status changes to restoring while the new node group is
being created.
Example: sun:05:00-sun:09:00
Port (integer) The port number on which each member of the replication group will
accept connections.
NotificationTopicArn (string) The Amazon Resource Name (ARN) of the Amazon
Simple Notification Service (SNS) topic to which notifications will be sent.


be applied automatically to the node group during the maintenance window. A value of
true allows these upgrades to occur; false disables automatic upgrades.
Default: true
SnapshotRetentionLimit (integer) The number of days for which ElastiCache
will retain automatic snapshots before deleting them. For example, if you set
SnapshotRetentionLimit to 5, then a snapshot that was taken today will be re-
tained for 5 days before being deleted.
Default: 0 (i.e., automatic backups are disabled for this cache cluster).
will begin taking a daily snapshot of your node group.
Example: 05:00-09:00
priate time range.
Return type dict
create_snapshot(CacheClusterId, SnapshotName)
The CreateSnapshot operation creates a copy of an entire cache cluster at a specific moment in time.
Parameters
CacheClusterId (string) The identifier of an existing cache cluster. The snapshot will
be created from this cache cluster.
SnapshotName (string) A name for the snapshot being created.
Return type dict
delete_cache_cluster(CacheClusterId, FinalSnapshotIdentifier=None)
The DeleteCacheCluster operation deletes a previously provisioned cache cluster. DeleteCacheCluster
deletes all associated cache nodes, node endpoints and the cache cluster itself. When you receive a suc-
cessful response from this operation, Amazon ElastiCache immediately begins deleting the cache cluster;
you cannot cancel or revert this operation.
This API cannot be used to delete a cache cluster that is the last read replica of a replication group that has
automatic failover mode enabled.
Parameters
CacheClusterId (string) The cache cluster identifier for the cluster to be deleted. This
parameter is not case sensitive.
FinalSnapshotIdentifier (string) The user-supplied name of a final cache cluster snap-
shot. This is the unique name that identifies the snapshot. ElastiCache creates the snapshot,
and then deletes the cache cluster immediately afterward.
Return type dict
delete_cache_parameter_group(CacheParameterGroupName)
The DeleteCacheParameterGroup operation deletes the specified cache parameter group. You cannot
delete a cache parameter group if it is associated with any cache clusters.
Parameters CacheParameterGroupName (string) The name of the cache parameter group
to delete.
2.1. Services 271

Return type dict

delete_cache_security_group(CacheSecurityGroupName)
The DeleteCacheSecurityGroup operation deletes a cache security group.
Parameters CacheSecurityGroupName (string) The name of the cache security group to
delete.
Return type dict
delete_cache_subnet_group(CacheSubnetGroupName)
The DeleteCacheSubnetGroup operation deletes a cache subnet group.
Parameters CacheSubnetGroupName (string) The name of the cache subnet group to delete.
Return type dict
delete_replication_group(ReplicationGroupId, RetainPrimaryCluster=None, FinalSnapshotI-
dentifier=None)
The DeleteReplicationGroup operation deletes an existing cluster. By default, this operation deletes the
entire cluster, including the primary node group and all of the read replicas. You can optionally delete only
the read replicas, while retaining the primary node group.
When you receive a successful response from this operation, Amazon ElastiCache immediately begins
deleting the selected resources; you cannot cancel or revert this operation.
Parameters
ReplicationGroupId (string) The identifier for the cluster to be deleted. This parameter
is not case sensitive.
RetainPrimaryCluster (boolean) If set to true , all of the read replicas will be deleted,
but the primary node will be retained.
FinalSnapshotIdentifier (string) The name of a final node group snapshot. ElastiCache
creates the snapshot from the primary node in the cluster, rather than one of the replicas;
this is to ensure that it captures the freshest data. After the final snapshot is taken, the
cluster is immediately deleted.
Return type dict
delete_snapshot(SnapshotName)
The DeleteSnapshot operation deletes an existing snapshot. When you receive a successful response from
this operation, ElastiCache immediately begins deleting the snapshot; you cannot cancel or revert this
operation.
Parameters SnapshotName (string) The name of the snapshot to be deleted.
Return type dict
describe_cache_clusters(CacheClusterId=None, MaxRecords=None, Marker=None, Show-
CacheNodeInfo=None)
The DescribeCacheClusters operation returns information about all provisioned cache clusters if no cache
cluster identifier is specified, or about a specific cache cluster if a cache cluster identifier is supplied.
By default, abbreviated information about the cache clusters(s) will be returned. You can use the optional
ShowDetails flag to retrieve detailed information about the cache nodes associated with the cache clusters.
These details include the DNS address and port for the cache node endpoint.
If the cluster is in the CREATING state, only cluster level information will be displayed until all of the
nodes are successfully provisioned.
If the cluster is in the DELETING state, only cluster level information will be displayed.

If cache nodes are currently being added to the cache cluster, node endpoint information and creation
time for the additional nodes will not be displayed until they are completely provisioned. When the cache
cluster state is available , the cluster is ready for use.
If cache nodes are currently being removed from the cache cluster, no endpoint information for the removed
nodes is displayed.
Parameters
CacheClusterId (string) The user-supplied cluster identifier. If this parameter is spec-
ified, only information about that specific cache cluster is returned. This parameter isnt
case sensitive.
MaxRecords (integer) The maximum number of records to include in the response. If
more records exist than the specified MaxRecords value, a marker is included in the
response so that the remaining results can be retrieved.
Default: 100
Constraints: minimum 20; maximum 100.
Marker (string) An optional marker returned from a prior request. Use this marker
for pagination of results from this operation. If this parameter is specified, the response
includes only records beyond the marker, up to the value specified by MaxRecords .
ShowCacheNodeInfo (boolean) An optional flag that can be included in the De-
scribeCacheCluster request to retrieve information about the individual cache nodes.
Return type dict
describe_cache_engine_versions(Engine=None, EngineVersion=None, CacheParameter-
GroupFamily=None, MaxRecords=None, Marker=None,
DefaultOnly=None)
The DescribeCacheEngineVersions operation returns a list of the available cache engines and their ver-
sions.
Parameters
Engine (string) The cache engine to return. Valid values: memcached | redis
EngineVersion (string) The cache engine version to return.
Example: 1.4.14
CacheParameterGroupFamily (string) The name of a specific cache parameter group
family to return details for.
Constraints:
Must be 1 to 255 alphanumeric characters
First character must be a letter
Cannot end with a hyphen or contain two consecutive hyphens
Default: 100
2.1. Services 273

DefaultOnly (boolean) If true , specifies that only the default version of the specified
engine or engine and major version combination is to be returned.
Return type dict
describe_cache_parameter_groups(CacheParameterGroupName=None, MaxRecords=None,
Marker=None)
The DescribeCacheParameterGroups operation returns a list of cache parameter group descriptions. If a
cache parameter group name is specified, the list will contain only the descriptions for that group.
Parameters
CacheParameterGroupName (string) The name of a specific cache parameter group
to return details for.
Default: 100
Return type dict
describe_cache_parameters(CacheParameterGroupName, Source=None, MaxRecords=None,
Marker=None)
The DescribeCacheParameters operation returns the detailed parameter list for a particular cache param-
eter group.
Parameters
CacheParameterGroupName (string) The name of a specific cache parameter group
Source (string) The parameter types to return.
Valid values: user | system | engine-default
Default: 100
Return type dict

describe_cache_security_groups(CacheSecurityGroupName=None, MaxRecords=None,
Marker=None)
The DescribeCacheSecurityGroups operation returns a list of cache security group descriptions. If a cache
security group name is specified, the list will contain only the description of that group.
Parameters
CacheSecurityGroupName (string) The name of the cache security group to return
details for.
Default: 100
Return type dict
describe_cache_subnet_groups(CacheSubnetGroupName=None, MaxRecords=None,
Marker=None)
The DescribeCacheSubnetGroups operation returns a list of cache subnet group descriptions. If a subnet
group name is specified, the list will contain only the description of that group.
Parameters
CacheSubnetGroupName (string) The name of the cache subnet group to return details
for.
Default: 100
Return type dict
describe_engine_default_parameters(CacheParameterGroupFamily, MaxRecords=None,
Marker=None)
The DescribeEngineDefaultParameters operation returns the default engine and system parameter infor-
mation for the specified cache engine.
Parameters
CacheParameterGroupFamily (string) The name of the cache parameter group family.
Valid values are: memcached1.4 | redis2.6 | redis2.8
2.1. Services 275


Default: 100
Return type dict
describe_events(SourceIdentifier=None, SourceType=None, StartTime=None, EndTime=None,
Duration=None, MaxRecords=None, Marker=None)
The DescribeEvents operation returns events related to cache clusters, cache security groups, and cache
parameter groups. You can obtain events specific to a particular cache cluster, cache security group, or
cache parameter group by providing the name as a parameter.
By default, only the events occurring within the last hour are returned; however, you can retrieve up to 14
days worth of events if necessary.
Parameters
SourceIdentifier (string) The identifier of the event source for which events will be
returned. If not specified, then all sources are included in the response.
SourceType (string) The event source to retrieve events for. If no value is specified, all
events are returned.
Valid values are: cache-cluster | cache-parameter-group |
cache-security-group | cache-subnet-group
StartTime (datetime) The beginning of the time interval to retrieve events for, specified
in ISO 8601 format.
EndTime (datetime) The end of the time interval for which to retrieve events, specified
in ISO 8601 format.
Duration (integer) The number of minutes worth of events to retrieve.
Default: 100
Return type dict
describe_replication_groups(ReplicationGroupId=None, MaxRecords=None,
Marker=None)
The DescribeReplicationGroups operation returns information about a particular replication group. If no
identifier is specified, DescribeReplicationGroups returns information about all replication groups.

Parameters
ReplicationGroupId (string) The identifier for the replication group to be described.
This parameter is not case sensitive.
If you do not specify this parameter, information about all replication groups is returned.
Default: 100
Return type dict
describe_reserved_cache_nodes(ReservedCacheNodeId=None, ReservedCacheNodes-
OfferingId=None, CacheNodeType=None, Dura-
tion=None, ProductDescription=None, OfferingType=None,
MaxRecords=None, Marker=None)
The DescribeReservedCacheNodes operation returns information about reserved cache nodes for this ac-
count, or about a specified reserved cache node.
Parameters
ReservedCacheNodeId (string) The reserved cache node identifier filter value. Use this
parameter to show only the reservation that matches the specified reservation ID.
ReservedCacheNodesOfferingId (string) The offering identifier filter value. Use this
parameter to show only purchased reservations matching the specified offering identifier.
CacheNodeType (string) The cache node type filter value. Use this parameter to show
only those reservations matching the specified cache node type.
Duration (string) The duration filter value, specified in years or seconds. Use this
parameter to show only reservations for this duration.
Valid Values: 1 | 3 | 31536000 | 94608000
ProductDescription (string) The product description filter value. Use this parameter to
show only those reservations matching the specified product description.
OfferingType (string) The offering type filter value. Use this parameter to show only
the available offerings matching the specified offering type.
Valid values: "Light Utilization" | "Medium Utilization" |
"Heavy Utilization"
Default: 100
2.1. Services 277

Return type dict
describe_reserved_cache_nodes_offerings(ReservedCacheNodesOfferingId=None,
CacheNodeType=None, Duration=None,
ProductDescription=None, Offer-
ingType=None, MaxRecords=None,
Marker=None)
The DescribeReservedCacheNodesOfferings operation lists available reserved cache node offerings.
Parameters
ReservedCacheNodesOfferingId (string) The offering identifier filter value. Use this
parameter to show only the available offering that matches the specified reservation iden-
tifier.
Example: 438012d3-4052-4cc7-b2e3-8d3372e0e706
CacheNodeType (string) The cache node type filter value. Use this parameter to show
only the available offerings matching the specified cache node type.
Duration (string) Duration filter value, specified in years or seconds. Use this parameter
to show only reservations for a given duration.
Valid Values: 1 | 3 | 31536000 | 94608000
ProductDescription (string) The product description filter value. Use this parameter to
show only the available offerings matching the specified product description.
OfferingType (string) The offering type filter value. Use this parameter to show only
the available offerings matching the specified offering type.
Valid Values: "Light Utilization" | "Medium Utilization" |
"Heavy Utilization"
Default: 100
Return type dict
describe_snapshots(CacheClusterId=None, SnapshotName=None, SnapshotSource=None,
Marker=None, MaxRecords=None)
The DescribeSnapshots operation returns information about cache cluster snapshots. By default, De-
scribeSnapshots lists all of your snapshots; it can optionally describe a single snapshot, or just the snap-
shots associated with a particular cache cluster.
Parameters

CacheClusterId (string) A user-supplied cluster identifier. If this parameter is specified,

only snapshots associated with that specific cache cluster will be described.
SnapshotName (string) A user-supplied name of the snapshot. If this parameter is
specified, only this snapshot will be described.
SnapshotSource (string) If set to system , the output shows snapshots that were au-
tomatically created by ElastiCache. If set to user the output shows snapshots that were
manually created. If omitted, the output shows both automatically and manually created
snapshots.
Default: 50
Return type dict
modify_cache_cluster(CacheClusterId, NumCacheNodes=None, CacheNodeIdsToRe-
move=None, AZMode=None, NewAvailabilityZones=None, CacheSe-
curityGroupNames=None, SecurityGroupIds=None, PreferredMain-
tenanceWindow=None, NotificationTopicArn=None, CacheParame-
terGroupName=None, NotificationTopicStatus=None, ApplyImmedi-
ately=None, EngineVersion=None, AutoMinorVersionUpgrade=None,
SnapshotRetentionLimit=None, SnapshotWindow=None)
The ModifyCacheCluster operation modifies the settings for a cache cluster. You can use this operation to
change one or more cluster configuration parameters by specifying the parameters and the new values.
Parameters
CacheClusterId (string) The cache cluster identifier. This value is stored as a lowercase
string.
NumCacheNodes (integer) The number of cache nodes that the cache cluster should
have. If the value for NumCacheNodes is greater than the sum of the number of current
cache nodes and the number of cache nodes pending creation (which may be zero), then
more nodes will be added. If the value is less than the number of existing cache nodes,
then nodes will be removed. If the value is equal to the number of current cache nodes,
then any pending add or remove requests are canceled.
If you are removing cache nodes, you must use the CacheNodeIdsToRemove param-
eter to provide the IDs of the specific cache nodes to remove.
For cache clusters running Redis, the value of NumCacheNodes must be 1.
Note: Adding or removing Memcached cache nodes can be applied immediately or as a
pending action. See ApplyImmediately .A pending action to modify the number of
cache nodes in a cluster during its maintenance window, whether by adding or removing
nodes in accordance with the scale out architecture, is not queued. The customers latest
request to add or remove nodes to the cluster overrides any previous pending actions to
modify the number of cache nodes in the cluster. For example, a request to remove 2
nodes would override a previous pending action to remove 3 nodes. Similarly, a request to
add 2 nodes would override a previous pending action to remove 3 nodes and vice versa.
As Memcached cache nodes may now be provisioned in different Availability Zones with
2.1. Services 279

flexible cache node placement, a request to add nodes does not automatically override a
previous pending action to add nodes. The customer can modify the previous pending
action to add more nodes or explicitly cancel the pending request and retry the new re-
quest. To cancel pending actions to modify the number of cache nodes in a cluster, use
the ModifyCacheCluster request and set NumCacheNodes equal to the number of
cache nodes currently in the cache cluster.
CacheNodeIdsToRemove (list) A list of cache node IDs to be removed. A node ID is a
numeric identifier (0001, 0002, etc.). This parameter is only valid when NumCacheNodes
is less than the existing number of cache nodes. The number of cache node IDs supplied in
this parameter must match the difference between the existing number of cache nodes in
the cluster or pending cache nodes, whichever is greater, and the value of NumCacheNodes
in the request.
For example: If you have 3 active cache nodes, 7 pending cache nodes, and the number of
cache nodes in this ModifyCacheCluser call is 5, you must list 2 (7 - 5) cache node
IDs to remove.
AZMode (string) Specifies whether the new nodes in this Memcached cache cluster are
all created in a single Availability Zone or created across multiple Availability Zones.
Valid values: single-az | cross-az .
This option is only supported for Memcached cache clusters.
NewAvailabilityZones (list) The list of Availability Zones where the new Memcached
cache nodes will be created.
This parameter is only valid when NumCacheNodes in the request is greater than the
sum of the number of active cache nodes and the number of cache nodes pending creation
(which may be zero). The number of Availability Zones supplied in this list must match
the cache nodes being added in this request.
This option is only supported on Memcached clusters.
Scenarios:
Scenario 1: You have 3 active nodes and wish to add 2 nodes.Specify
NumCacheNodes=5 (3 + 2) and optionally specify two Availability Zones for the
two new nodes.
Scenario 2: You have 3 active nodes and 2 nodes pending creation (from the scenario
1 call) and want to add 1 more node.Specify NumCacheNodes=6 ((3 + 2) + 1)
and optionally specify an Availability Zone for the new node. * Scenario 3: You want to
cancel all pending actions.Specify NumCacheNodes=3 to cancel all pending actions.
The Availability Zone placement of nodes pending creation cannot be modified. If you
wish to cancel any nodes pending creation, add 0 nodes by setting NumCacheNodes to
the number of current nodes.
If cross-az is specified, existing Memcached nodes remain in their current Availability
Zone. Only newly created nodes can be located in different Availability Zones. For guid-
ance on how to move existing Memcached nodes to different Availability Zones, see the
Availability Zone Considerations section of Cache Node Considerations for Memcached
.
Impact of new add/remove requests upon pending requests
Scenarios Pending Operation New Request Results Scenario-1 Delete Delete The
new delete, pending or immediate, replaces the pending delete. Scenario-2 Delete

Create The new create, pending or immediate, replaces the pending delete. Scenario-
3 Create Delete The new delete, pending or immediate, replaces the pending create.
Scenario-4 Create Create The new create is added to the pending create. Important:
If the new create request is Apply Immediately - Yes , all creates are performed
immediately. If the new create request is Apply Immediately - No , all creates are
pending.
Example: NewAvailabilityZones.member.1=us-east-1aNewAvailabilityZones.member.2
CacheSecurityGroupNames (list) A list of cache security group names to authorize on
this cache cluster. This change is asynchronously applied as soon as possible.
This parameter can be used only with clusters that are created outside of an Amazon Vir-
tual Private Cloud (VPC).
Constraints: Must contain no more than 255 alphanumeric characters. Must not be De-
fault.
SecurityGroupIds (list) Specifies the VPC Security Groups associated with the cache
cluster.
This parameter can be used only with clusters that are created in an Amazon Virtual Private
Cloud (VPC).
system maintenance can occur. Note that system maintenance may result in an outage.
This change is made immediately. If you are moving this window to the current time,
there must be at least 120 minutes between the current time and end of the window to
ensure that pending changes are applied.
NotificationTopicArn (string) The Amazon Resource Name (ARN) of the Amazon SNS
topic to which notifications will be sent.
CacheParameterGroupName (string) The name of the cache parameter group to ap-
ply to this cache cluster. This change is asynchronously applied as soon as possible for
parameters when the ApplyImmediately parameter is specified as true for this request.
NotificationTopicStatus (string) The status of the Amazon SNS notification topic. No-
tifications are sent only if the status is active .
Valid values: active | inactive
ApplyImmediately (boolean) If true , this parameter causes the modifications in this
request and any pending modifications to be applied, asynchronously and as soon as pos-
sible, regardless of the PreferredMaintenanceWindow setting for the cache cluster.
If false , then changes to the cache cluster are applied on the next maintenance reboot,
or the next failure reboot, whichever occurs first.
Warning: If you perform a ModifyCacheCluster before a pending modification

is applied, the pending modification is replaced by the newer modification.
Valid values: true | false

Default: false
EngineVersion (string) The upgraded version of the cache engine to be run on the cache
nodes.
AutoMinorVersionUpgrade (boolean) If true , then minor engine upgrades will be
applied automatically to the cache cluster during the maintenance window.
2.1. Services 281


Default: true
SnapshotRetentionLimit (integer) The number of days for which ElastiCache will re-
tain automatic cache cluster snapshots before deleting them. For example, if you set Snap-
shotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days
before being deleted.
Important If the value of SnapshotRetentionLimit is set to zero (0), backups are turned
off.
will begin taking a daily snapshot of your cache cluster.
Return type dict
modify_cache_parameter_group(CacheParameterGroupName, ParameterNameValues)
The ModifyCacheParameterGroup operation modifies the parameters of a cache parameter group. You can
modify up to 20 parameters in a single request by submitting a list parameter name and value pairs.
Parameters
CacheParameterGroupName (string) The name of the cache parameter group to mod-
ify.
ParameterNameValues (list) An array of parameter names and values for the parameter
update. You must supply at least one parameter name and value; subsequent arguments
are optional. A maximum of 20 parameters may be modified per request.
Return type dict
modify_cache_subnet_group(CacheSubnetGroupName, CacheSubnetGroupDescription=None,
SubnetIds=None)
The ModifyCacheSubnetGroup operation modifies an existing cache subnet group.
Parameters
CacheSubnetGroupName (string) The name for the cache subnet group. This value is
Example: mysubnetgroup
CacheSubnetGroupDescription (string) A description for the cache subnet group.
SubnetIds (list) The EC2 subnet IDs for the cache subnet group.
Return type dict
modify_replication_group(ReplicationGroupId, ReplicationGroupDescription=None, Pri-
maryClusterId=None, SnapshottingClusterId=None, Automat-
icFailoverEnabled=None, CacheSecurityGroupNames=None,
SecurityGroupIds=None, PreferredMaintenanceWindow=None,
NotificationTopicArn=None, CacheParameterGroupName=None,
NotificationTopicStatus=None, ApplyImmediately=None, EngineV-
ersion=None, AutoMinorVersionUpgrade=None, SnapshotReten-
tionLimit=None, SnapshotWindow=None)
The ModifyReplicationGroup operation modifies the settings for a replication group.
Parameters
ReplicationGroupId (string) The identifier of the replication group to modify.

ReplicationGroupDescription (string) A description for the replication group. Maxi-

mum length is 255 characters.
PrimaryClusterId (string) If this parameter is specified, ElastiCache will promote each
of the cache clusters in the specified replication group to the primary role. The nodes of
all other cache clusters in the replication group will be read replicas.
SnapshottingClusterId (string) The cache cluster ID that will be used as the daily
snapshot source for the replication group.
AutomaticFailoverEnabled (boolean) Whether a read replica will be automatically pro-
moted to read/write primary if the existing primary encounters a failure.
CacheSecurityGroupNames (list) A list of cache security group names to authorize for
the clusters in this replication group. This change is asynchronously applied as soon as
possible.
This parameter can be used only with replication group containing cache clusters running
outside of an Amazon Virtual Private Cloud (VPC).
Constraints: Must contain no more than 255 alphanumeric characters. Must not be De-
fault.
SecurityGroupIds (list) Specifies the VPC Security Groups associated with the cache
clusters in the replication group.
This parameter can be used only with replication group containing cache clusters running
in an Amazon Virtual Private Cloud (VPC).
replication group system maintenance can occur. Note that system maintenance may result
in an outage. This change is made immediately. If you are moving this window to the
current time, there must be at least 120 minutes between the current time and end of the
window to ensure that pending changes are applied.
NotificationTopicArn (string) The Amazon Resource Name (ARN) of the Amazon SNS
topic to which notifications will be sent.
CacheParameterGroupName (string) The name of the cache parameter group to apply
to all of the clusters in this replication group. This change is asynchronously applied as
soon as possible for parameters when the ApplyImmediately parameter is specified as true
for this request.
NotificationTopicStatus (string) The status of the Amazon SNS notification topic for
the replication group. Notifications are sent only if the status is active .
Valid values: active | inactive
ApplyImmediately (boolean) If true , this parameter causes the modifications in this
request and any pending modifications to be applied, asynchronously and as soon as pos-
sible, regardless of the PreferredMaintenanceWindow setting for the replication group.
If false , then changes to the nodes in the replication group are applied on the next
maintenance reboot, or the next failure reboot, whichever occurs first.
Default: false
EngineVersion (string) The upgraded version of the cache engine to be run on the cache
clusters in the replication group.
2.1. Services 283


be applied automatically to all of the clusters in the replication group during the mainte-
nance window. A value of true allows these upgrades to occur; false disables auto-
matic upgrades.
SnapshotRetentionLimit (integer) The number of days for which ElastiCache will re-
tain automatic node group snapshots before deleting them. For example, if you set Snap-
shotRetentionLimit to 5, then a snapshot that was taken today will be retained for 5 days
before being deleted.
Important If the value of SnapshotRetentionLimit is set to zero (0), backups are turned
off.
will begin taking a daily snapshot of the node group specified by SnapshottingClusterId .
Example: 05:00-09:00
priate time range.
Return type dict
purchase_reserved_cache_nodes_offering(ReservedCacheNodesOfferingId, Re-
servedCacheNodeId=None, CacheNode-
Count=None)
The PurchaseReservedCacheNodesOffering operation allows you to purchase a reserved cache node offer-
ing.
Parameters
ReservedCacheNodesOfferingId (string) The ID of the reserved cache node offering
to purchase.
ReservedCacheNodeId (string) A customer-specified identifier to track this reservation.
Example: myreservationID
CacheNodeCount (integer) The number of cache node instances to reserve.
Default: 1
Return type dict
reboot_cache_cluster(CacheClusterId, CacheNodeIdsToReboot)
The RebootCacheCluster operation reboots some, or all, of the cache nodes within a provisioned cache
cluster. This API will apply any modified cache parameter groups to the cache cluster. The reboot action
takes place as soon as possible, and results in a momentary outage to the cache cluster. During the reboot,
the cache cluster status is set to REBOOTING.
The reboot causes the contents of the cache (for each cache node being rebooted) to be lost.
When the reboot is complete, a cache cluster event is created.
Parameters
CacheClusterId (string) The cache cluster identifier. This parameter is stored as a
lowercase string.
CacheNodeIdsToReboot (list) A list of cache node IDs to reboot. A node ID is a
numeric identifier (0001, 0002, etc.). To reboot an entire cache cluster, specify all of the
cache node IDs.

Return type dict

reset_cache_parameter_group(CacheParameterGroupName, ParameterNameValues, ResetAll-
Parameters=None)
The ResetCacheParameterGroup operation modifies the parameters of a cache parameter group to the en-
gine or system default value. You can reset specific parameters by submitting a list of parameter names. To
reset the entire cache parameter group, specify the ResetAllParameters and CacheParameterGroupName
parameters.
Parameters
CacheParameterGroupName (string) The name of the cache parameter group to reset.
ResetAllParameters (boolean) If true , all parameters in the cache parameter group will
be reset to default values. If false , no such action occurs.
ParameterNameValues (list) An array of parameter names to be reset. If you are not
resetting the entire cache parameter group, you must specify at least one parameter name.
Return type dict
revoke_cache_security_group_ingress(CacheSecurityGroupName,
EC2SecurityGroupName,
EC2SecurityGroupOwnerId)
The RevokeCacheSecurityGroupIngress operation revokes ingress from a cache security group. Use this
operation to disallow access from an Amazon EC2 security group that had been previously authorized.
Parameters
CacheSecurityGroupName (string) The name of the cache security group to revoke
ingress from.
EC2SecurityGroupName (string) The name of the Amazon EC2 security group to
revoke access from.
EC2SecurityGroupOwnerId (string) The AWS account number of the Amazon EC2
security group owner. Note that this is not the same thing as an AWS access key ID - you
must provide a valid AWS account number for this parameter.
Return type dict
2.1.17 AWS Elastic Beanstalk
Table of Contents
AWS Elastic Beanstalk
Client
Client
class elasticbeanstalk.Client
A low-level client representing AWS Elastic Beanstalk:
import boto3
elasticbeanstalk = boto3.client(elasticbeanstalk)
2.1. Services 285

check_dns_availability(CNAMEPrefix)
Checks if the specified CNAME is available.
Parameters CNAMEPrefix (string) The prefix used when this CNAME is reserved.
Return type dict
create_application(ApplicationName, Description=None)
Creates an application that has one configuration template named default and no application versions.
Parameters
ApplicationName (string) The name of the application.
Constraint: This name must be unique within your account. If the specified name already
exists, the action returns an InvalidParameterValue error.
Description (string) Describes the application.
Return type dict
create_application_version(ApplicationName, VersionLabel, Description=None, SourceBun-
dle=None, AutoCreateApplication=None)
Creates an application version for the specified application.
Parameters
ApplicationName (string) The name of the application. If no application is
found with this name, and AutoCreateApplication is false , returns an
InvalidParameterValue error.
VersionLabel (string) A label identifying this version.
Constraint: Must be unique per application. If an application version already ex-
ists with this label for the specified application, AWS Elastic Beanstalk returns an
Description (string) Describes this version.
SourceBundle (dict) The Amazon S3 bucket and key that identify the location of the
source bundle for this version.
If data found at the Amazon S3 location exceeds the maximum allowed source bundle size,
AWS Elastic Beanstalk returns an InvalidParameterValue error. The maximum
size allowed is 512 MB.
Default: If not specified, AWS Elastic Beanstalk uses a sample application. If
only partially specified (for example, a bucket is provided but not the key) or if
no data is found at the Amazon S3 location, AWS Elastic Beanstalk returns an
InvalidParameterCombination error.
AutoCreateApplication (boolean) Determines how the system behaves if the specified
application for this version does not already exist:
true : Automatically creates the specified application for this version if it does not
already exist.
false : Returns an InvalidParameterValue if the specified application for
this version does not already exist.
true : Automatically creates the specified application for this release if it does not
already exist.
false : Throws an InvalidParameterValue if the specified application for this
release does not already exist.

Default: false
Valid Values: true | false
Return type dict
create_configuration_template(ApplicationName, TemplateName, SolutionStack-
Name=None, SourceConfiguration=None, Environmen-
tId=None, Description=None, OptionSettings=None)
Creates a configuration template. Templates are associated with a specific application and are used to
deploy different versions of the application with the same configuration settings.
Related Topics
DescribeConfigurationOptions
DescribeConfigurationSettings
ListAvailableSolutionStacks
Parameters
ApplicationName (string) The name of the application to associate with this configura-
tion template. If no application is found with this name, AWS Elastic Beanstalk returns an
TemplateName (string) The name of the configuration template.
Constraint: This name must be unique per application.
Default: If a configuration template already exists with this name, AWS Elastic Beanstalk
returns an InvalidParameterValue error.
SolutionStackName (string) The name of the solution stack used by this configuration.
The solution stack specifies the operating system, architecture, and application server for
a configuration template. It determines the set of configuration options as well as the
possible and default values.
Use ListAvailableSolutionStacks to obtain a list of available solution stacks.
A solution stack name or a source configuration parameter must be specified, otherwise
AWS Elastic Beanstalk returns an InvalidParameterValue error.
If a solution stack name is not specified and the source configuration parameter is specified,
AWS Elastic Beanstalk uses the same solution stack as the source configuration template.
SourceConfiguration (dict) If specified, AWS Elastic Beanstalk uses the configuration
values from the specified configuration template to create a new configuration.
Values specified in the OptionSettings parameter of this call overrides any values
obtained from the SourceConfiguration .
If no configuration template is found, returns an InvalidParameterValue error.
Constraint: If both the solution stack name parameter and the source configuration pa-
rameters are specified, the solution stack of the source configuration template must
match the specified solution stack name or else AWS Elastic Beanstalk returns an
InvalidParameterCombination error.
EnvironmentId (string) The ID of the environment used with this configuration tem-
plate.
Description (string) Describes this configuration.
2.1. Services 287

OptionSettings (list) If specified, AWS Elastic Beanstalk sets the specified configuration
option to the requested value. The new value overrides the value obtained from the solution
stack or the source configuration template.
Return type dict
create_environment(ApplicationName, EnvironmentName, Description=None, CNAMEPre-

fix=None, Tier=None, Tags=None, VersionLabel=None, Template-
Name=None, SolutionStackName=None, OptionSettings=None, Option-
sToRemove=None)
Launches an environment for the specified application using the specified configuration.
Parameters
ApplicationName (string) The name of the application that contains the version to be
deployed.
If no application is found with this name, CreateEnvironment returns an
EnvironmentName (string) A unique name for the deployment environment. Used in
the application URL.
Constraint: Must be from 4 to 23 characters in length. The name can contain only letters,
numbers, and hyphens. It cannot start or end with a hyphen. This name must be unique
in your account. If the specified name already exists, AWS Elastic Beanstalk returns an
Default: If the CNAME parameter is not specified, the environment name becomes part of
the CNAME, and therefore part of the visible URL for your application.
Description (string) Describes this environment.
CNAMEPrefix (string) If specified, the environment attempts to use this value as the
prefix for the CNAME. If not specified, the CNAME is generated automatically by ap-
pending a random alphanumeric string to the environment name.
Tier (dict) This specifies the tier to use for creating this environment.
Tags (list) This specifies the tags applied to resources in the environment.
VersionLabel (string) The name of the application version to deploy.
If the specified application has no associated application versions, AWS Elastic Beanstalk
UpdateEnvironment returns an InvalidParameterValue error.
Default: If not specified, AWS Elastic Beanstalk attempts to launch the sample application
in the container.
TemplateName (string) The name of the configuration template to use in deployment.
If no configuration template is found with this name, AWS Elastic Beanstalk returns an
Condition: You must specify either this parameter or a SolutionStackName
, but not both. If you specify both, AWS Elastic Beanstalk returns an
InvalidParameterCombination error. If you do not specify either, AWS Elas-
tic Beanstalk returns a MissingRequiredParameter error.
SolutionStackName (string) This is an alternative to specifying a configuration name.
If specified, AWS Elastic Beanstalk sets the configuration values to the default values
associated with the specified solution stack.

Condition: You must specify either this or a TemplateName , but not both. If you spec-
ify both, AWS Elastic Beanstalk returns an InvalidParameterCombination
error. If you do not specify either, AWS Elastic Beanstalk returns a
MissingRequiredParameter error.
OptionSettings (list) If specified, AWS Elastic Beanstalk sets the specified configuration
options to the requested value in the configuration set for the new environment. These
override the values obtained from the solution stack or the configuration template.
OptionsToRemove (list) A list of custom user-defined configuration options to remove
from the configuration set for this new environment.
Return type dict
create_storage_location()
Creates the Amazon S3 storage location for the account.
This location is used to store user log files.
Return type dict
delete_application(ApplicationName, TerminateEnvByForce=None)
Deletes the specified application along with all associated versions and configurations. The application
versions will not be deleted from your Amazon S3 bucket.
Parameters
ApplicationName (string) The name of the application to delete.
TerminateEnvByForce (boolean) When set to true, running environments will be ter-
minated before deleting the application.
Return type dict
delete_application_version(ApplicationName, VersionLabel, DeleteSourceBundle=None)
Deletes the specified version from the specified application.
Parameters
ApplicationName (string) The name of the application to delete releases from.
VersionLabel (string) The label of the version to delete.
DeleteSourceBundle (boolean) Indicates whether to delete the associated source bundle
from Amazon S3:
true : An attempt is made to delete the associated Amazon S3 source bundle specified
at time of creation.
false : No action is taken on the Amazon S3 source bundle specified at time of
creation.
Return type dict
delete_configuration_template(ApplicationName, TemplateName)
Deletes the specified configuration template.
Parameters
ApplicationName (string) The name of the application to delete the configuration tem-
plate from.
TemplateName (string) The name of the configuration template to delete.
2.1. Services 289

Return type dict

delete_environment_configuration(ApplicationName, EnvironmentName)
Deletes the draft configuration associated with the running environment.
Updating a running environment with any configuration changes creates a draft configuration set. You can
get the draft configuration using DescribeConfigurationSettings while the update is in progress or if the
update fails. The DeploymentStatus for the draft configuration indicates whether the deployment is
in process or has failed. The draft configuration remains in existence until it is deleted with this action.
Parameters
ApplicationName (string) The name of the application the environment is associated
with.
EnvironmentName (string) The name of the environment to delete the draft configura-
tion from.
Return type dict
describe_application_versions(ApplicationName=None, VersionLabels=None)
Returns descriptions for existing application versions.
Parameters
ApplicationName (string) If specified, AWS Elastic Beanstalk restricts the returned
descriptions to only include ones that are associated with the specified application.
VersionLabels (list) If specified, restricts the returned descriptions to only include ones
that have the specified version labels.
Return type dict
describe_applications(ApplicationNames=None)
Returns the descriptions of existing applications.
Parameters ApplicationNames (list) If specified, AWS Elastic Beanstalk restricts the re-
turned descriptions to only include those with the specified names.
Return type dict
describe_configuration_options(ApplicationName=None, TemplateName=None, Envi-
ronmentName=None, SolutionStackName=None, Op-
tions=None)
Describes the configuration options that are used in a particular configuration template or environment, or
that a specified solution stack defines. The description includes the values the options, their default values,
and an indication of the required action on a running environment if an option value is changed.
Parameters
ApplicationName (string) The name of the application associated with the configuration
template or environment. Only needed if you want to describe the configuration options
associated with either the configuration template or environment.
TemplateName (string) The name of the configuration template whose configuration
options you want to describe.
EnvironmentName (string) The name of the environment whose configuration options
you want to describe.
SolutionStackName (string) The name of the solution stack whose configuration op-
tions you want to describe.
Options (list) If specified, restricts the descriptions to only the specified options.

Return type dict

describe_configuration_settings(ApplicationName, TemplateName=None, Environment-
Name=None)
Returns a description of the settings for the specified configuration set, that is, either a configuration
template or the configuration set associated with a running environment.
When describing the settings for the configuration set associated with a running environment, it is possible
to receive two sets of setting descriptions. One is the deployed configuration set, and the other is a draft
configuration of an environment that is either in the process of deployment or that failed to deploy.
Related Topics
DeleteEnvironmentConfiguration
Parameters
ApplicationName (string) The application for the environment or configuration tem-
plate.
TemplateName (string) The name of the configuration template to describe.
Conditional: You must specify either this parameter or an Environment-
Name, but not both. If you specify both, AWS Elastic Beanstalk returns an
InvalidParameterCombination error. If you do not specify either, AWS
Elastic Beanstalk returns a MissingRequiredParameter error.
EnvironmentName (string) The name of the environment to describe.
Condition: You must specify either this or a TemplateName, but not both. If you spec-
ify both, AWS Elastic Beanstalk returns an InvalidParameterCombination
error. If you do not specify either, AWS Elastic Beanstalk returns
MissingRequiredParameter error.
Return type dict
describe_environment_resources(EnvironmentId=None, EnvironmentName=None)
Returns AWS resources for this environment.
Parameters
EnvironmentId (string) The ID of the environment to retrieve AWS resource usage data.
Condition: You must specify either this or an EnvironmentName, or both. If you do not
specify either, AWS Elastic Beanstalk returns MissingRequiredParameter error.
EnvironmentName (string) The name of the environment to retrieve AWS resource
usage data.
Condition: You must specify either this or an EnvironmentId, or both. If you do not specify
either, AWS Elastic Beanstalk returns MissingRequiredParameter error.
Return type dict
describe_environments(ApplicationName=None, VersionLabel=None, EnvironmentIds=None,
EnvironmentNames=None, IncludeDeleted=None, IncludedDeleted-
BackTo=None)
Returns descriptions for existing environments.
Parameters
descriptions to include only those that are associated with this application.
2.1. Services 291

VersionLabel (string) If specified, AWS Elastic Beanstalk restricts the returned descrip-
tions to include only those that are associated with this application version.
EnvironmentIds (list) If specified, AWS Elastic Beanstalk restricts the returned descrip-
tions to include only those that have the specified IDs.
EnvironmentNames (list) If specified, AWS Elastic Beanstalk restricts the returned
descriptions to include only those that have the specified names.
IncludeDeleted (boolean) Indicates whether to include deleted environments:
true : Environments that have been deleted after IncludedDeletedBackTo are
displayed.
false : Do not include deleted environments.
IncludedDeletedBackTo (datetime) If specified when IncludeDeleted is set to
true , then environments deleted after this date are displayed.
Return type dict
describe_events(ApplicationName=None, VersionLabel=None, TemplateName=None, Environ-
mentId=None, EnvironmentName=None, RequestId=None, Severity=None, Start-
Time=None, EndTime=None, MaxRecords=None, NextToken=None)
Returns list of event descriptions matching criteria up to the last 6 weeks.
Parameters
descriptions to include only those associated with this application.
VersionLabel (string) If specified, AWS Elastic Beanstalk restricts the returned descrip-
tions to those associated with this application version.
TemplateName (string) If specified, AWS Elastic Beanstalk restricts the returned de-
scriptions to those that are associated with this environment configuration.
EnvironmentId (string) If specified, AWS Elastic Beanstalk restricts the returned de-
scriptions to those associated with this environment.
EnvironmentName (string) If specified, AWS Elastic Beanstalk restricts the returned
descriptions to those associated with this environment.
RequestId (string) If specified, AWS Elastic Beanstalk restricts the described events to
include only those associated with this request ID.
Severity (string) If specified, limits the events returned from this call to include only
those with the specified severity or higher.
StartTime (datetime) If specified, AWS Elastic Beanstalk restricts the returned descrip-
tions to those that occur on or after this time.
EndTime (datetime) If specified, AWS Elastic Beanstalk restricts the returned descrip-
tions to those that occur up to, but not including, the EndTime .
MaxRecords (integer) Specifies the maximum number of events that can be returned,
beginning with the most recent event.
NextToken (string) Pagination token. If specified, the events return the next batch of
results.
Return type dict

list_available_solution_stacks()
Returns a list of the available solution stack names.
Return type dict
rebuild_environment(EnvironmentId=None, EnvironmentName=None)
Deletes and recreates all of the AWS resources (for example: the Auto Scaling group, load balancer, etc.)
for a specified environment and forces a restart.
Parameters
EnvironmentId (string) The ID of the environment to rebuild.
EnvironmentName (string) The name of the environment to rebuild.
Return type dict
request_environment_info(InfoType, EnvironmentId=None, EnvironmentName=None)
Initiates a request to compile the specified type of information of the deployed environment.
Setting the InfoType to tail compiles the last lines from the application server log files of every Ama-
zon EC2 instance in your environment. Use RetrieveEnvironmentInfo to access the compiled information.
Related Topics
RetrieveEnvironmentInfo
Parameters
EnvironmentId (string) The ID of the environment of the requested data.
If no such environment is found, RequestEnvironmentInfo returns an
EnvironmentName (string) The name of the environment of the requested data.
If no such environment is found, RequestEnvironmentInfo returns an
InfoType (string) The type of information to request.
Return type dict
restart_app_server(EnvironmentId=None, EnvironmentName=None)
Causes the environment to restart the application container server running on each Amazon EC2 instance.
Parameters
EnvironmentId (string) The ID of the environment to restart the server for.
2.1. Services 293

EnvironmentName (string) The name of the environment to restart the server for.
Return type dict
retrieve_environment_info(InfoType, EnvironmentId=None, EnvironmentName=None)
Retrieves the compiled information from a RequestEnvironmentInfo request.
Related Topics
RequestEnvironmentInfo
Parameters
EnvironmentId (string) The ID of the datas environment.
If no such environment is found, returns an InvalidParameterValue error.
EnvironmentName (string) The name of the datas environment.
If no such environment is found, returns an InvalidParameterValue error.
InfoType (string) The type of information to retrieve.
Return type dict
swap_environment_cnames(SourceEnvironmentId=None, SourceEnvironmentName=None, Desti-

nationEnvironmentId=None, DestinationEnvironmentName=None)
Swaps the CNAMEs of two environments.
Parameters
SourceEnvironmentId (string) The ID of the source environment.
Condition: You must specify at least the SourceEnvironmentID or the
SourceEnvironmentName . You may also specify both. If you specify the
SourceEnvironmentId , you must specify the DestinationEnvironmentId
.
SourceEnvironmentName (string) The name of the source environment.
Condition: You must specify at least the SourceEnvironmentID or
the SourceEnvironmentName . You may also specify both. If
you specify the SourceEnvironmentName , you must specify the
DestinationEnvironmentName .
DestinationEnvironmentId (string) The ID of the destination environment.
Condition: You must specify at least the DestinationEnvironmentID or the
DestinationEnvironmentName . You may also specify both. You must specify
the SourceEnvironmentId with the DestinationEnvironmentId .
DestinationEnvironmentName (string) The name of the destination environment.
Condition: You must specify at least the DestinationEnvironmentID or the
DestinationEnvironmentName . You may also specify both. You must specify
the SourceEnvironmentName with the DestinationEnvironmentName .

Return type dict

terminate_environment(EnvironmentId=None, EnvironmentName=None, TerminateRe-
sources=None)
Terminates the specified environment.
Parameters
EnvironmentId (string) The ID of the environment to terminate.
EnvironmentName (string) The name of the environment to terminate.
TerminateResources (boolean) Indicates whether the associated AWS resources should
shut down when the environment is terminated:
true : (default) The user AWS resources (for example, the Auto Scaling group,
LoadBalancer, etc.) are terminated along with the environment.
false : The environment is removed from the AWS Elastic Beanstalk but the AWS
resources continue to operate.
true : The specified environment as well as the associated AWS resources, such as
Auto Scaling group and LoadBalancer, are terminated.
false : AWS Elastic Beanstalk resource management is removed from the environ-
ment, but the AWS resources continue to operate.
For more information, see the AWS Elastic Beanstalk User Guide.
Default: true
Return type dict
update_application(ApplicationName, Description=None)
Updates the specified application to have the specified properties.
Parameters
ApplicationName (string) The name of the application to update. If no such application
is found, UpdateApplication returns an InvalidParameterValue error.
Description (string) A new description for the application.
Default: If not specified, AWS Elastic Beanstalk does not update the description.
Return type dict
update_application_version(ApplicationName, VersionLabel, Description=None)
Updates the specified application version to have the specified properties.
Parameters
ApplicationName (string) The name of the application associated with this version.
If no application is found with this name, UpdateApplication returns an
2.1. Services 295

VersionLabel (string) The name of the version to update.

If no application version is found with this label, UpdateApplication returns an
Description (string) A new description for this release.
Return type dict
update_configuration_template(ApplicationName, TemplateName, Description=None, Op-
tionSettings=None, OptionsToRemove=None)
Updates the specified configuration template to have the specified properties or configuration option values.
Related Topics
DescribeConfigurationOptions
Parameters
ApplicationName (string) The name of the application associated with the configuration
template to update.
If no application is found with this name, UpdateConfigurationTemplate returns
an InvalidParameterValue error.
TemplateName (string) The name of the configuration template to update.
If no configuration template is found with this name,
UpdateConfigurationTemplate returns an InvalidParameterValue
error.
Description (string) A new description for the configuration.
OptionSettings (list) A list of configuration option settings to update with the new spec-
ified option value.
OptionsToRemove (list) A list of configuration options to remove from the configura-
tion set.
Constraint: You can remove only UserDefined configuration options.
Return type dict
update_environment(EnvironmentId=None, EnvironmentName=None, Description=None,

Tier=None, VersionLabel=None, TemplateName=None, OptionSet-
tings=None, OptionsToRemove=None)
Updates the environment description, deploys a new application version, updates the configuration settings
to an entirely new configuration template, or updates select configuration option values in the running
environment.
Attempting to update both the release and configuration is not allowed and AWS Elastic Beanstalk returns
an InvalidParameterCombination error.
When updating the configuration settings to a new template or individual settings, a draft configuration
is created and DescribeConfigurationSettings for this environment returns two setting descriptions with
different DeploymentStatus values.
Parameters
EnvironmentId (string) The ID of the environment to update.
If no environment with this ID exists, AWS Elastic Beanstalk returns an

EnvironmentName (string) The name of the environment to update. If no environment
with this name exists, AWS Elastic Beanstalk returns an InvalidParameterValue
error.
Description (string) If this parameter is specified, AWS Elastic Beanstalk updates the
description of this environment.
Tier (dict) This specifies the tier to use to update the environment.
Condition: You can only update the tier version for an environment. If you change the
name of the type, AWS Elastic Beanstalk returns InvalidParameterValue error.
VersionLabel (string) If this parameter is specified, AWS Elastic Beanstalk deploys the
named application version to the environment. If no such application version is found,
returns an InvalidParameterValue error.
TemplateName (string) If this parameter is specified, AWS Elastic Beanstalk deploys
this configuration template to the environment. If no such configuration template is found,
AWS Elastic Beanstalk returns an InvalidParameterValue error.
OptionSettings (list) If specified, AWS Elastic Beanstalk updates the configuration set
associated with the running environment and sets the specified configuration options to the
requested value.
OptionsToRemove (list) A list of custom user-defined configuration options to remove
from the configuration set for this environment.
Return type dict
validate_configuration_settings(ApplicationName, OptionSettings, TemplateName=None,
EnvironmentName=None)
Takes a set of configuration settings and either a configuration template or environment, and determines
whether those values are valid.
This action returns a list of messages indicating any errors or warnings associated with the selection of
option values.
Parameters
ApplicationName (string) The name of the application that the configuration template
or environment belongs to.
TemplateName (string) The name of the configuration template to validate the settings
against.
Condition: You cannot specify both this and an environment name.
EnvironmentName (string) The name of the environment to validate the settings
against.
Condition: You cannot specify both this and a configuration template name.
OptionSettings (list) A list of the options and desired values to evaluate.
Return type dict
2.1. Services 297

2.1.18 Amazon Elastic Transcoder
Table of Contents
Amazon Elastic Transcoder
Client
Client
class elastictranscoder.Client
A low-level client representing Amazon Elastic Transcoder:
import boto3
elastictranscoder = boto3.client(elastictranscoder)
cancel_job(Id)
The CancelJob operation cancels an unfinished job.
Note: You can only cancel a job that has a status of Submitted . To prevent a pipeline from starting
to process a job while youre getting the job identifier, use UpdatePipelineStatus to temporarily pause the
pipeline.
Parameters Id (string) The identifier of the job that you want to cancel.
To get a list of the jobs (including their jobId ) that have a status of Submitted , use the
ListJobsByStatus API action.
Return type dict
create_job(PipelineId, Input, Output=None, Outputs=None, OutputKeyPrefix=None,

Playlists=None)
When you create a job, Elastic Transcoder returns JSON data that includes the values that you specified
plus information about the job that is created.
If you have specified more than one output for your jobs (for example, one output for the Kindle Fire and
another output for the Apple iPhone 4s), you currently must use the Elastic Transcoder API to list the jobs
(as opposed to the AWS Console).
Parameters
PipelineId (string) The Id of the pipeline that you want Elastic Transcoder to use for
transcoding. The pipeline determines several settings, including the Amazon S3 bucket
from which Elastic Transcoder gets the files to transcode and the bucket into which Elastic
Transcoder puts the transcoded files.
Input (dict) A section of the request body that provides information about the file that is
being transcoded.
Output (dict) The CreateJobOutput structure.
Outputs (list) A section of the request body that provides information about the
transcoded (target) files. We recommend that you use the Outputs syntax instead of
the Output syntax.

OutputKeyPrefix (string) The value, if any, that you want Elastic Transcoder to prepend
to the names of all files that this job creates, including output files, thumbnails, and
playlists.
Playlists (list) If you specify a preset in PresetId for which the value of Container
is fmp4 (Fragmented MP4) or ts (MPEG-TS), Playlists contains information about the
master playlists that you want Elastic Transcoder to create.
The maximum number of master playlists in a job is 30.
Return type dict
create_pipeline(Name, InputBucket, Role, OutputBucket=None, AwsKmsKeyArn=None, Notifica-
tions=None, ContentConfig=None, ThumbnailConfig=None)
The CreatePipeline operation creates a pipeline with settings that you specify.
Parameters
Name (string) The name of the pipeline. We recommend that the name be unique within
the AWS account, but uniqueness is not enforced.
Constraints: Maximum 40 characters.
InputBucket (string) The Amazon S3 bucket in which you saved the media files that
you want to transcode.
OutputBucket (string) The Amazon S3 bucket in which you want Elastic Transcoder
to save the transcoded files. (Use this, or use ContentConfig:Bucket plus ThumbnailCon-
fig:Bucket.)
Specify this value when all of the following are true:
You want to save transcoded files, thumbnails (if any), and playlists (if any) together in
one bucket.
You do not want to specify the users or groups who have access to the transcoded files,
thumbnails, and playlists.
You do not want to specify the permissions that Elastic Transcoder grants to the files. ..
warning::When Elastic Transcoder saves files in OutputBucket , it grants full control
over the files only to the AWS account that owns the role that is specified by Role .
You want to associate the transcoded files and thumbnails with the Amazon S3 Standard
storage class.
If you want to save transcoded files and playlists in one bucket and thumbnails in another
bucket, specify which users can access the transcoded files or the permissions the users
have, or change the Amazon S3 storage class, omit OutputBucket and specify values
for ContentConfig and ThumbnailConfig instead.
Role (string) The IAM Amazon Resource Name (ARN) for the role that you want Elastic
Transcoder to use to create the pipeline.
AwsKmsKeyArn (string) The AWS Key Management Service (AWS KMS) key that
you want to use with this pipeline.
If you use either S3 or S3-AWS-KMS as your Encryption:Mode , you dont need to
provide a key with your job because a default key, known as an AWS-KMS key, is created
for you automatically. You need to provide an AWS-KMS key only if you want to use a
non-default AWS-KMS key, or if you are using an Encryption:Mode of AES-PKCS7
, AES-CTR , or AES-GCM .
Notifications (dict) The Amazon Simple Notification Service (Amazon SNS) topic that
you want to notify to report job status.
2.1. Services 299

Warning: To receive notifications, you must also subscribe to the new topic in the
Amazon SNS console.
Progressing : The topic ARN for the Amazon Simple Notification Service (Amazon
SNS) topic that you want to notify when Elastic Transcoder has started to process a job
in this pipeline. This is the ARN that Amazon SNS returned when you created the topic.
For more information, see Create a Topic in the Amazon Simple Notification Service
Developer Guide.
Completed : The topic ARN for the Amazon SNS topic that you want to notify when
Elastic Transcoder has finished processing a job in this pipeline. This is the ARN that
Amazon SNS returned when you created the topic.
Warning : The topic ARN for the Amazon SNS topic that you want to notify when Elas-
tic Transcoder encounters a warning condition while processing a job in this pipeline.
This is the ARN that Amazon SNS returned when you created the topic.
Error : The topic ARN for the Amazon SNS topic that you want to notify when Elastic
Transcoder encounters an error condition while processing a job in this pipeline. This
is the ARN that Amazon SNS returned when you created the topic.
ContentConfig (dict) The optional ContentConfig object specifies information
about the Amazon S3 bucket in which you want Elastic Transcoder to save transcoded
files and playlists: which bucket to use, which users you want to have access to the files,
the type of access you want users to have, and the storage class that you want to assign to
the files.
If you specify values for ContentConfig , you must also specify values for
ThumbnailConfig .
If you specify values for ContentConfig and ThumbnailConfig , omit the
OutputBucket object.
Bucket : The Amazon S3 bucket in which you want Elastic Transcoder to save
transcoded files and playlists.
Permissions (Optional): The Permissions object specifies which users you want to have
access to transcoded files and the type of access you want them to have. You can grant
permissions to a maximum of 30 users and/or predefined Amazon S3 groups.
Grantee Type : Specify the type of value that appears in the Grantee object: *
Canonical : The value in the Grantee object is either the canonical user ID for an
AWS account or an origin access identity for an Amazon CloudFront distribution. For
more information about canonical user IDs, see Access Control List (ACL) Overview
in the Amazon Simple Storage Service Developer Guide. For more information about
using CloudFront origin access identities to require that users use CloudFront URLs
instead of Amazon S3 URLs, see Using an Origin Access Identity to Restrict Access to
Your Amazon S3 Content. .. warning::A canonical user ID is not the same as an AWS
account number.
Email : The value in the Grantee object is the registered email address of an AWS
account.
Group : The value in the Grantee object is one of the following predefined Amazon
S3 groups: AllUsers , AuthenticatedUsers , or LogDelivery .
Grantee : The AWS user or group that you want to have access to transcoded files
and playlists. To identify the user or group, you can specify the canonical user ID for
an AWS account, an origin access identity for a CloudFront distribution, the registered
email address of an AWS account, or a predefined Amazon S3 group

Access : The permission that you want to give to the AWS user that you specified in
Grantee . Permissions are granted on the files that Elastic Transcoder adds to the
bucket, including playlists and video files. Valid values include: * READ : The grantee
can read the objects and metadata for objects that Elastic Transcoder adds to the Amazon
S3 bucket.
READ_ACP : The grantee can read the object ACL for objects that Elastic Transcoder
adds to the Amazon S3 bucket.
WRITE_ACP : The grantee can write the ACL for the objects that Elastic Transcoder
FULL_CONTROL : The grantee has READ , READ_ACP , and WRITE_ACP permissions
for the objects that Elastic Transcoder adds to the Amazon S3 bucket.
StorageClass : The Amazon S3 storage class, Standard or ReducedRedundancy
, that you want Elastic Transcoder to assign to the video files and playlists that it stores
in your Amazon S3 bucket.
ThumbnailConfig (dict) The ThumbnailConfig object specifies several values, in-
cluding the Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail
files, which users you want to have access to the files, the type of access you want users to
have, and the storage class that you want to assign to the files.
ThumbnailConfig even if you dont want to create thumbnails.
Bucket : The Amazon S3 bucket in which you want Elastic Transcoder to save thumb-
nail files.
Permissions (Optional): The Permissions object specifies which users and/or pre-
defined Amazon S3 groups you want to have access to thumbnail files, and the type of
access you want them to have. You can grant permissions to a maximum of 30 users
and/or predefined Amazon S3 groups.
GranteeType : Specify the type of value that appears in the Grantee object: * Canon-
ical : The value in the Grantee object is either the canonical user ID for an AWS
account or an origin access identity for an Amazon CloudFront distribution. .. warn-
ing::A canonical user ID is not the same as an AWS account number.
account.
Grantee : The AWS user or group that you want to have access to thumbnail files. To
identify the user or group, you can specify the canonical user ID for an AWS account,
an origin access identity for a CloudFront distribution, the registered email address of
an AWS account, or a predefined Amazon S3 group.
Grantee . Permissions are granted on the thumbnail files that Elastic Transcoder adds
to the bucket. Valid values include: * READ : The grantee can read the thumbnails and
metadata for objects that Elastic Transcoder adds to the Amazon S3 bucket.
READ_ACP : The grantee can read the object ACL for thumbnails that Elastic
Transcoder adds to the Amazon S3 bucket.
2.1. Services 301

WRITE_ACP : The grantee can write the ACL for the thumbnails that Elastic Transcoder
for the thumbnails that Elastic Transcoder adds to the Amazon S3 bucket.
, that you want Elastic Transcoder to assign to the thumbnails that it stores in your
Amazon S3 bucket.
Return type dict
create_preset(Name, Container, Description=None, Video=None, Audio=None, Thumb-
nails=None)
The CreatePreset operation creates a preset with settings that you specify.
Warning: Elastic Transcoder checks the CreatePreset settings to ensure that they meet Elas-
tic Transcoder requirements and to determine whether they comply with H.264 standards. If your
settings are not valid for Elastic Transcoder, Elastic Transcoder returns an HTTP 400 response
(ValidationException ) and does not create the preset. If the settings are valid for Elastic
Transcoder but arent strictly compliant with the H.264 standard, Elastic Transcoder creates the preset
and returns a warning message in the response. This helps you determine whether your settings com-
ply with the H.264 standard while giving you greater flexibility with respect to the video that Elastic
Transcoder produces.
Elastic Transcoder uses the H.264 video-compression format. For more information, see the International
Telecommunication Union publication Recommendation ITU-T H.264: Advanced video coding for generic
audiovisual services .
Parameters
Name (string) The name of the preset. We recommend that the name be unique within
Description (string) A description of the preset.
Container (string) The container type for the output file. Valid values include fmp4 ,
mp3 , mp4 , ogg , ts , and webm .
Video (dict) A section of the request body that specifies the video parameters.
Audio (dict) A section of the request body that specifies the audio parameters.
Thumbnails (dict) A section of the request body that specifies the thumbnail parameters,
if any.
Return type dict
delete_pipeline(Id)
The DeletePipeline operation removes a pipeline.
You can only delete a pipeline that has never been used or that is not currently in use (doesnt contain any
active jobs). If the pipeline is currently in use, DeletePipeline returns an error.
Parameters Id (string) The identifier of the pipeline that you want to delete.
Return type dict
delete_preset(Id)
The DeletePreset operation removes a preset that youve added in an AWS region.
Note: You cant delete the default presets that are included with Elastic Transcoder.

Parameters Id (string) The identifier of the preset for which you want to get detailed infor-
mation.
Return type dict
get_waiter(name)
job_complete
list_jobs_by_pipeline(PipelineId, Ascending=None, PageToken=None)
The ListJobsByPipeline operation gets a list of the jobs currently in a pipeline.
Elastic Transcoder returns all of the jobs currently in the specified pipeline. The response body contains
one element for each job that satisfies the search criteria.
Parameters
PipelineId (string) The ID of the pipeline for which you want to get job information.
Ascending (string) To list jobs in chronological order by the date and time that they
were submitted, enter true . To list jobs in reverse chronological order, enter false .
PageToken (string) When Elastic Transcoder returns more than one page of results, use
pageToken in subsequent GET requests to get each successive page of results.
Return type dict
list_jobs_by_status(Status, Ascending=None, PageToken=None)
The ListJobsByStatus operation gets a list of jobs that have a specified status. The response body contains
one element for each job that satisfies the search criteria.
Parameters
Status (string) To get information about all of the jobs associated with the current
AWS account that have a given status, specify the following status: Submitted ,
Progressing , Complete , Canceled , or Error .
Ascending (string) To list jobs in chronological order by the date and time that they
were submitted, enter true . To list jobs in reverse chronological order, enter false .
Return type dict
list_pipelines(Ascending=None, PageToken=None)
The ListPipelines operation gets a list of the pipelines associated with the current AWS account.
Parameters
Ascending (string) To list pipelines in chronological order by the date and time that they
were created, enter true . To list pipelines in reverse chronological order, enter false .
Return type dict
2.1. Services 303

list_presets(Ascending=None, PageToken=None)
The ListPresets operation gets a list of the default presets included with Elastic Transcoder and the presets
that youve added in an AWS region.
Parameters
Ascending (string) To list presets in chronological order by the date and time that they
were created, enter true . To list presets in reverse chronological order, enter false .
Return type dict
read_job(Id)
The ReadJob operation returns detailed information about a job.
Parameters Id (string) The identifier of the job for which you want to get detailed information.
Return type dict
read_pipeline(Id)
The ReadPipeline operation gets detailed information about a pipeline.
Parameters Id (string) The identifier of the pipeline to read.
Return type dict
read_preset(Id)
The ReadPreset operation gets detailed information about a preset.
Parameters Id (string) The identifier of the preset for which you want to get detailed infor-
mation.
Return type dict
test_role(Role, InputBucket, OutputBucket, Topics)
The TestRole operation tests the IAM role used to create the pipeline.
The TestRole action lets you determine whether the IAM role you are using has sufficient permissions
to let Elastic Transcoder perform tasks associated with the transcoding process. The action attempts to
assume the specified IAM role, checks read access to the input and output buckets, and tries to send a test
notification to Amazon SNS topics that you specify.
Parameters
Transcoder to test.
InputBucket (string) The Amazon S3 bucket that contains media files to be transcoded.
The action attempts to read from this bucket.
OutputBucket (string) The Amazon S3 bucket that Elastic Transcoder will write
transcoded media files to. The action attempts to read from this bucket.
Topics (list) The ARNs of one or more Amazon Simple Notification Service (Amazon
SNS) topics that you want the action to send a test notification to.
Return type dict
update_pipeline(Id, Name=None, InputBucket=None, Role=None, AwsKmsKeyArn=None, Notifi-
cations=None, ContentConfig=None, ThumbnailConfig=None)
Use the UpdatePipeline operation to update settings for a pipeline.

Warning: When you change pipeline settings, your changes take effect immediately. Jobs that you
have already submitted and that Elastic Transcoder has not started to process are affected in addition to
jobs that you submit after you change settings.
Parameters
Id (string) The ID of the pipeline that you want to update.
Name (string) The name of the pipeline. We recommend that the name be unique within
Constraints: Maximum 40 characters
InputBucket (string) The Amazon S3 bucket in which you saved the media files that
you want to transcode and the graphics that you want to use as watermarks.
Transcoder to use to transcode jobs for this pipeline.
AwsKmsKeyArn (string) The AWS Key Management Service (AWS KMS) key that
you want to use with this pipeline.
If you use either S3 or S3-AWS-KMS as your Encryption:Mode , you dont need to
provide a key with your job because a default key, known as an AWS-KMS key, is created
for you automatically. You need to provide an AWS-KMS key only if you want to use a
non-default AWS-KMS key, or if you are using an Encryption:Mode of AES-PKCS7
, AES-CTR , or AES-GCM .
Notifications (dict) The Amazon Simple Notification Service (Amazon SNS) topic or
topics to notify in order to report job status.
Amazon SNS console.
ContentConfig (dict) The optional ContentConfig object specifies information

about the Amazon S3 bucket in which you want Elastic Transcoder to save transcoded
files and playlists: which bucket to use, which users you want to have access to the files,
the type of access you want users to have, and the storage class that you want to assign to
the files.
ThumbnailConfig .
Bucket : The Amazon S3 bucket in which you want Elastic Transcoder to save
transcoded files and playlists.
Permissions (Optional): The Permissions object specifies which users you want to have
access to transcoded files and the type of access you want them to have. You can grant
permissions to a maximum of 30 users and/or predefined Amazon S3 groups.
Grantee Type : Specify the type of value that appears in the Grantee object: *
Canonical : The value in the Grantee object is either the canonical user ID for an
AWS account or an origin access identity for an Amazon CloudFront distribution. For
more information about canonical user IDs, see Access Control List (ACL) Overview
in the Amazon Simple Storage Service Developer Guide. For more information about
using CloudFront origin access identities to require that users use CloudFront URLs
instead of Amazon S3 URLs, see Using an Origin Access Identity to Restrict Access to
2.1. Services 305

Your Amazon S3 Content. .. warning::A canonical user ID is not the same as an AWS
account number.
account.
Grantee : The AWS user or group that you want to have access to transcoded files
and playlists. To identify the user or group, you can specify the canonical user ID for
an AWS account, an origin access identity for a CloudFront distribution, the registered
email address of an AWS account, or a predefined Amazon S3 group
Grantee . Permissions are granted on the files that Elastic Transcoder adds to the
bucket, including playlists and video files. Valid values include: * READ : The grantee
can read the objects and metadata for objects that Elastic Transcoder adds to the Amazon
S3 bucket.
READ_ACP : The grantee can read the object ACL for objects that Elastic Transcoder
WRITE_ACP : The grantee can write the ACL for the objects that Elastic Transcoder
for the objects that Elastic Transcoder adds to the Amazon S3 bucket.
, that you want Elastic Transcoder to assign to the video files and playlists that it stores
in your Amazon S3 bucket.
ThumbnailConfig (dict) The ThumbnailConfig object specifies several values, in-
cluding the Amazon S3 bucket in which you want Elastic Transcoder to save thumbnail
files, which users you want to have access to the files, the type of access you want users to
have, and the storage class that you want to assign to the files.
ThumbnailConfig even if you dont want to create thumbnails.
Bucket : The Amazon S3 bucket in which you want Elastic Transcoder to save thumb-
nail files.
Permissions (Optional): The Permissions object specifies which users and/or pre-
defined Amazon S3 groups you want to have access to thumbnail files, and the type of
access you want them to have. You can grant permissions to a maximum of 30 users
and/or predefined Amazon S3 groups.
GranteeType : Specify the type of value that appears in the Grantee object: * Canon-
ical : The value in the Grantee object is either the canonical user ID for an AWS
account or an origin access identity for an Amazon CloudFront distribution. .. warn-
ing::A canonical user ID is not the same as an AWS account number.
account.

Grantee : The AWS user or group that you want to have access to thumbnail files. To
identify the user or group, you can specify the canonical user ID for an AWS account,
an origin access identity for a CloudFront distribution, the registered email address of
an AWS account, or a predefined Amazon S3 group.
Grantee . Permissions are granted on the thumbnail files that Elastic Transcoder adds
to the bucket. Valid values include: * READ : The grantee can read the thumbnails and
metadata for objects that Elastic Transcoder adds to the Amazon S3 bucket.
READ_ACP : The grantee can read the object ACL for thumbnails that Elastic
Transcoder adds to the Amazon S3 bucket.
WRITE_ACP : The grantee can write the ACL for the thumbnails that Elastic Transcoder
for the thumbnails that Elastic Transcoder adds to the Amazon S3 bucket.
, that you want Elastic Transcoder to assign to the thumbnails that it stores in your
Amazon S3 bucket.
Return type dict
update_pipeline_notifications(Id, Notifications)
With the UpdatePipelineNotifications operation, you can update Amazon Simple Notification Service
(Amazon SNS) notifications for a pipeline.
When you update notifications for a pipeline, Elastic Transcoder returns the values that you specified in
the request.
Parameters
Id (string) The identifier of the pipeline for which you want to change notification set-
tings.
Notifications (dict) The topic ARN for the Amazon Simple Notification Service (Ama-
zon SNS) topic that you want to notify to report job status.
Amazon SNS console.
Progressing : The topic ARN for the Amazon Simple Notification Service (Amazon
SNS) topic that you want to notify when Elastic Transcoder has started to process jobs
that are added to this pipeline. This is the ARN that Amazon SNS returned when you
created the topic.
Completed : The topic ARN for the Amazon SNS topic that you want to notify when
Elastic Transcoder has finished processing a job. This is the ARN that Amazon SNS
returned when you created the topic.
Warning : The topic ARN for the Amazon SNS topic that you want to notify when
Elastic Transcoder encounters a warning condition. This is the ARN that Amazon SNS
returned when you created the topic.
Error : The topic ARN for the Amazon SNS topic that you want to notify when Elastic
Transcoder encounters an error condition. This is the ARN that Amazon SNS returned
when you created the topic.
Return type dict
2.1. Services 307

update_pipeline_status(Id, Status)
The UpdatePipelineStatus operation pauses or reactivates a pipeline, so that the pipeline stops or restarts
the processing of jobs.
Changing the pipeline status is useful if you want to cancel one or more jobs. You cant cancel jobs after
Elastic Transcoder has started processing them; if you pause the pipeline to which you submitted the jobs,
you have more time to get the job IDs for the jobs that you want to cancel, and to send a CancelJob request.
Parameters
Id (string) The identifier of the pipeline to update.
Status (string) The desired status of the pipeline:
Active : The pipeline is processing jobs.
Paused : The pipeline is not currently processing jobs.
Return type dict
2.1.19 Elastic Load Balancing
Table of Contents
Elastic Load Balancing
Client
Client
class elb.Client
A low-level client representing Elastic Load Balancing:
import boto3
elb = boto3.client(elb)
add_tags(LoadBalancerNames, Tags)
Adds one or more tags for the specified load balancer. Each load balancer can have a maximum of 10 tags.
Each tag consists of a key and an optional value.
Tag keys must be unique for each load balancer. If a tag with the same key is already associated with the
load balancer, this action will update the value of the key.
For more information, see Tagging in the Elastic Load Balancing Developer Guide .
Parameters
LoadBalancerNames (list) The name of the load balancer to tag. You can specify a
maximum of one load balancer name.
Tags (list) A list of tags for each load balancer.
Return type dict
apply_security_groups_to_load_balancer(LoadBalancerName, SecurityGroups)
Associates one or more security groups with your load balancer in Amazon Virtual Private Cloud (Amazon
VPC). The provided security group IDs will override any currently applied security groups.

For more information, see Manage Security Groups in Amazon VPC in the Elastic Load Balancing De-
veloper Guide .
Parameters
LoadBalancerName (string) The name associated with the load balancer. The name
must be unique within the set of load balancers associated with your AWS account.
SecurityGroups (list) A list of security group IDs to associate with your load balancer
in VPC. The security group IDs must be provided as the ID and not the security group
name (For example, sg-1234).
Return type dict
attach_load_balancer_to_subnets(LoadBalancerName, Subnets)
Adds one or more subnets to the set of configured subnets in the Amazon Virtual Private Cloud (Amazon
VPC) for the load balancer.
The load balancers evenly distribute requests across all of the registered subnets. For more information,
see Deploy Elastic Load Balancing in Amazon VPC in the Elastic Load Balancing Developer Guide .
Parameters
must be unique within the set of load balancers associated with your AWS account.
Subnets (list) A list of subnet IDs to add for the load balancer. You can add only one
subnet per Availability Zone.
Return type dict
configure_health_check(LoadBalancerName, HealthCheck)
Specifies the health check settings to use for evaluating the health state of your back-end instances.
For more information, see Health Check in the Elastic Load Balancing Developer Guide .
Parameters
LoadBalancerName (string) The mnemonic name associated with the load balancer.
The name must be unique within the set of load balancers associated with your AWS
account.
HealthCheck (dict) A structure containing the configuration information for the new
healthcheck.
Return type dict
create_app_cookie_stickiness_policy(LoadBalancerName, PolicyName, CookieName)
Generates a stickiness policy with sticky session lifetimes that follow that of an application-generated
cookie. This policy can be associated only with HTTP/HTTPS listeners.
This policy is similar to the policy created by CreateLBCookieStickinessPolicy , except that the lifetime of
the special Elastic Load Balancing cookie follows the lifetime of the application-generated cookie specified
in the policy configuration. The load balancer only inserts a new stickiness cookie when the application
response includes a new application cookie.
If the application cookie is explicitly removed or expires, the session stops being sticky until a new appli-
cation cookie is issued.
Note: An application client must receive and send two cookies: the application-generated cookie and the
special Elastic Load Balancing cookie named AWSELB . This is the default behavior for many common
web browsers.
2.1. Services 309

For more information, see Enabling Application-Controlled Session Stickiness in the Elastic Load Bal-
ancing Developer Guide .
Parameters
LoadBalancerName (string) The name of the load balancer.
PolicyName (string) The name of the policy being created. The name must be unique
within the set of policies for this load balancer.
CookieName (string) Name of the application cookie used for stickiness.
Return type dict
create_lb_cookie_stickiness_policy(LoadBalancerName, PolicyName, CookieExpira-
tionPeriod=None)
Generates a stickiness policy with sticky session lifetimes controlled by the lifetime of the browser (user-
agent) or a specified expiration period. This policy can be associated only with HTTP/HTTPS listeners.
When a load balancer implements this policy, the load balancer uses a special cookie to track the backend
server instance for each request. When the load balancer receives a request, it first checks to see if this
cookie is present in the request. If so, the load balancer sends the request to the application server specified
in the cookie. If not, the load balancer sends the request to a server that is chosen based on the existing
load balancing algorithm.
A cookie is inserted into the response for binding subsequent requests from the same user to that server.
The validity of the cookie is based on the cookie expiration time, which is specified in the policy configu-
ration.
For more information, see Enabling Duration-Based Session Stickiness in the Elastic Load Balancing
Developer Guide .
Parameters
LoadBalancerName (string) The name associated with the load balancer.
PolicyName (string) The name of the policy being created. The name must be unique
within the set of policies for this load balancer.
CookieExpirationPeriod (integer) The time period in seconds after which the cookie
should be considered stale. Not specifying this parameter indicates that the sticky session
will last for the duration of the browser session.
Return type dict
create_load_balancer(LoadBalancerName, Listeners, AvailabilityZones=None, Subnets=None,
SecurityGroups=None, Scheme=None, Tags=None)
Creates a new load balancer.
After the call has completed successfully, a new load balancer is created with a unique Domain Name
Service (DNS) name. The DNS name includes the name of the AWS region in which the load balance was
created. For example, if your load balancer was created in the United States, the DNS name might end
with either of the following:
us-east-1.elb.amazonaws.com (for the Northern Virginia region)
us-west-1.elb.amazonaws.com (for the Northern California region)
For information about the AWS regions supported by Elastic Load Balancing, see Regions and Endpoints
.
You can create up to 20 load balancers per region per account.
Elastic Load Balancing supports load balancing your Amazon EC2 instances launched within any one of
the following platforms:

EC2-Classic For information on creating and managing your load balancers in EC2-Classic, see De-
ploy Elastic Load Balancing in Amazon EC2-Classic .
EC2-VPC For information on creating and managing your load balancers in EC2-VPC, see Deploy
Elastic Load Balancing in Amazon VPC .
Parameters
must be unique within your set of load balancers, must have a maximum of 32 characters,
and must only contain alphanumeric characters or hyphens.
Listeners (list) A list of the following tuples: Protocol, LoadBalancerPort, InstancePro-
tocol, InstancePort, and SSLCertificateId.
AvailabilityZones (list) A list of Availability Zones.
At least one Availability Zone must be specified. Specified Availability Zones must be in
the same EC2 Region as the load balancer. Traffic will be equally distributed across all
zones.
You can later add more Availability Zones after the creation of the load balancer by calling
EnableAvailabilityZonesForLoadBalancer action.
Subnets (list) A list of subnet IDs in your VPC to attach to your load balancer. Specify
one subnet per Availability Zone.
SecurityGroups (list) The security groups to assign to your load balancer within your
VPC.
Scheme (string) The type of a load balancer.
By default, Elastic Load Balancing creates an Internet-facing load balancer with a pub-
licly resolvable DNS name, which resolves to public IP addresses. For more information
about Internet-facing and Internal load balancers, see Internet-facing and Internal Load
Balancers .
Specify the value internal for this option to create an internal load balancer with a
DNS name that resolves to private IP addresses.
Note: This option is only available for load balancers created within EC2-VPC.
Tags (list) A list of tags to assign to the load balancer.

For more information about setting tags for your load balancer, see Tagging .
Return type dict
create_load_balancer_listeners(LoadBalancerName, Listeners)
Creates one or more listeners on a load balancer for the specified port. If a listener with the given port does
not already exist, it will be created; otherwise, the properties of the new listener must match the properties
of the existing listener.
For more information, see Add a Listener to Your Load Balancer in the Elastic Load Balancing Developer
Guide .
Parameters
Listeners (list) A list of LoadBalancerPort , InstancePort , Protocol ,
InstanceProtocol , and SSLCertificateId items.
2.1. Services 311

Return type dict

create_load_balancer_policy(LoadBalancerName, PolicyName, PolicyTypeName, PolicyAt-
tributes=None)
Creates a new policy that contains the necessary attributes depending on the policy type. Policies are
settings that are saved for your load balancer and that can be applied to the front-end listener, or the
back-end application server, depending on your policy type.
Parameters
LoadBalancerName (string) The name associated with the LoadBalancer for which the
policy is being created.
PolicyName (string) The name of the load balancer policy being created. The name
must be unique within the set of policies for this load balancer.
PolicyTypeName (string) The name of the base policy type being used to create this
policy. To get the list of policy types, use the DescribeLoadBalancerPolicyTypes action.
PolicyAttributes (list) A list of attributes associated with the policy being created.
Return type dict
delete_load_balancer(LoadBalancerName)
Deletes the specified load balancer.
If attempting to recreate the load balancer, you must reconfigure all the settings. The DNS name associated
with a deleted load balancer will no longer be usable. Once deleted, the name and associated DNS record
of the load balancer no longer exist and traffic sent to any of its IP addresses will no longer be delivered to
back-end instances.
To successfully call this API, you must provide the same account credentials as were used to create the
load balancer.
Note: By design, if the load balancer does not exist or has already been deleted, a call to
DeleteLoadBalancer action still succeeds.
Parameters LoadBalancerName (string) The name associated with the load balancer.
Return type dict
delete_load_balancer_listeners(LoadBalancerName, LoadBalancerPorts)
Deletes listeners from the load balancer for the specified port.
Parameters
LoadBalancerPorts (list) The client port number(s) of the load balancer listener(s) to
be removed.
Return type dict
delete_load_balancer_policy(LoadBalancerName, PolicyName)
Deletes a policy from the load balancer. The specified policy must not be enabled for any listeners.
Parameters
PolicyName (string) The mnemonic name for the policy being deleted.
Return type dict

deregister_instances_from_load_balancer(LoadBalancerName, Instances)
Deregisters instances from the load balancer. Once the instance is deregistered, it will stop receiving traffic
from the load balancer.
In order to successfully call this API, the same account credentials as those used to create the load balancer
must be provided.
For more information, see De-register and Register Amazon EC2 Instances in the Elastic Load Balancing
Developer Guide .
You can use DescribeLoadBalancers to verify if the instance is deregistered from the load balancer.
Parameters
Instances (list) A list of EC2 instance IDs consisting of all instances to be deregistered.
Return type dict
describe_instance_health(LoadBalancerName, Instances=None)
Returns the current state of the specified instances registered with the specified load balancer. If no in-
stances are specified, the state of all the instances registered with the load balancer is returned.
Note: You must provide the same account credentials as those that were used to create the load balancer.
Parameters
Instances (list) A list of instance IDs whose states are being queried.
Return type dict
describe_load_balancer_attributes(LoadBalancerName)
Returns detailed information about all of the attributes associated with the specified load balancer.
Parameters LoadBalancerName (string) The name of the load balancer.
Return type dict
describe_load_balancer_policies(LoadBalancerName=None, PolicyNames=None)
Returns detailed descriptions of the policies. If you specify a load balancer name, the action returns the
descriptions of all the policies created for the load balancer. If you specify a policy name associated with
your load balancer, the action returns the description of that policy. If you dont specify a load balancer
name, the action returns descriptions of the specified sample policies, or descriptions of all the sample
policies. The names of the sample policies have the ELBSample- prefix.
Parameters
LoadBalancerName (string) The mnemonic name associated with the load balancer. If
no name is specified, the operation returns the attributes of either all the sample policies
pre-defined by Elastic Load Balancing or the specified sample polices.
PolicyNames (list) The names of load balancer policies youve created or Elastic Load
Balancing sample policy names.
Return type dict
describe_load_balancer_policy_types(PolicyTypeNames=None)
Returns meta-information on the specified load balancer policies defined by the Elastic Load Balancing
service. The policy types that are returned from this action can be used in a CreateLoadBalancerPolicy
action to instantiate specific policy configurations that will be applied to a load balancer.
2.1. Services 313

Parameters PolicyTypeNames (list) Specifies the name of the policy types. If no names are
specified, returns the description of all the policy types defined by Elastic Load Balancing
service.
Return type dict
describe_load_balancers(LoadBalancerNames=None, Marker=None, PageSize=None)
Returns detailed configuration information for all the load balancers created for the account. If you specify
load balancer names, the action returns configuration information of the specified load balancers.
Note: In order to retrieve this information, you must provide the same account credentials that was used
to create the load balancer.

Parameters
LoadBalancerNames (list) A list of load balancer names associated with the account.
Marker (string) An optional parameter used for pagination of results from this call. If
specified, the response includes only records beyond the marker.
PageSize (integer) The number of results returned in each page. The default is 400. You
cannot specify a page size greater than 400 or less than 1.
Return type dict
describe_tags(LoadBalancerNames)
Describes the tags associated with one or more load balancers.
Parameters LoadBalancerNames (list) The names of the load balancers.
Return type dict
detach_load_balancer_from_subnets(LoadBalancerName, Subnets)
Removes subnets from the set of configured subnets in the Amazon Virtual Private Cloud (Amazon VPC)
for the load balancer.
After a subnet is removed all of the EC2 instances registered with the load balancer that are in the removed
subnet will go into the OutOfService state. When a subnet is removed, the load balancer will balance the
traffic among the remaining routable subnets for the load balancer.
Parameters
LoadBalancerName (string) The name associated with the load balancer to be detached.
Subnets (list) A list of subnet IDs to remove from the set of configured subnets for the
load balancer.
Return type dict
disable_availability_zones_for_load_balancer(LoadBalancerName, Availability-
Zones)
Removes the specified EC2 Availability Zones from the set of configured Availability Zones for the load
balancer.
There must be at least one Availability Zone registered with a load balancer at all times. Once an Availabil-
ity Zone is removed, all the instances registered with the load balancer that are in the removed Availability
Zone go into the OutOfService state. Upon Availability Zone removal, the load balancer attempts to equally
balance the traffic among its remaining usable Availability Zones. Trying to remove an Availability Zone
that was not associated with the load balancer does nothing.
For more information, see Disable an Availability Zone from a Load-Balanced Application in the Elastic
Load Balancing Developer Guide .

Parameters
AvailabilityZones (list) A list of Availability Zones to be removed from the load bal-
ancer.
Note: There must be at least one Availability Zone registered with a load balancer at all
times. Specified Availability Zones must be in the same region.
Return type dict

enable_availability_zones_for_load_balancer(LoadBalancerName, Availability-
Zones)
Adds one or more EC2 Availability Zones to the load balancer.
The load balancer evenly distributes requests across all its registered Availability Zones that contain in-
stances.
Note: The new EC2 Availability Zones to be added must be in the same EC2 Region as the Availability
Zones for which the load balancer was created.
For more information, see Expand a Load Balanced Application to an Additional Availability Zone in the
Elastic Load Balancing Developer Guide .
Parameters
AvailabilityZones (list) A list of new Availability Zones for the load balancer. Each
Availability Zone must be in the same region as the load balancer.
Return type dict
modify_load_balancer_attributes(LoadBalancerName, LoadBalancerAttributes)
Modifies the attributes of a specified load balancer.
You can modify the load balancer attributes, such as AccessLogs , ConnectionDraining , and
CrossZoneLoadBalancing by either enabling or disabling them. Or, you can modify the load bal-
ancer attribute ConnectionSettings by specifying an idle connection timeout value for your load
balancer.
For more information, see the following:
Cross-Zone Load Balancing
Connection Draining
Access Logs
Idle Connection Timeout
Parameters
LoadBalancerAttributes (dict) Attributes of the load balancer.
Return type dict
register_instances_with_load_balancer(LoadBalancerName, Instances)
Adds new instances to the load balancer.
2.1. Services 315

Once the instance is registered, it starts receiving traffic and requests from the load balancer. Any in-
stance that is not in any of the Availability Zones registered for the load balancer will be moved to the
OutOfService state. It will move to the InService state when the Availability Zone is added to the load
balancer.
When an instance registered with a load balancer is stopped and then restarted, the IP addresses associated
with the instance changes. Elastic Load Balancing cannot recognize the new IP address, which prevents it
from routing traffic to the instances. We recommend that you de-register your Amazon EC2 instances from
your load balancer after you stop your instance, and then register the load balancer with your instance after
youve restarted. To de-register your instances from load balancer, use DeregisterInstancesFromLoadBal-
ancer action.
For more information, see De-register and Register Amazon EC2 Instances in the Elastic Load Balancing
Developer Guide .
Note: In order for this call to be successful, you must provide the same account credentials as those that
were used to create the load balancer.
Note: Completion of this API does not guarantee that operation has completed. Rather, it means that the
request has been registered and the changes will happen shortly.
You can use DescribeLoadBalancers or DescribeInstanceHealth action to check the state of the newly
registered instances.
Parameters
must be unique within your set of load balancers.
Instances (list) A list of instance IDs that should be registered with the load balancer.
Return type dict
remove_tags(LoadBalancerNames, Tags)
Removes one or more tags from the specified load balancer.
Parameters
LoadBalancerNames (list) The name of the load balancer. You can specify a maximum
of one load balancer name.
Tags (list) A list of tag keys to remove.
Return type dict
set_load_balancer_listener_ssl_certificate(LoadBalancerName, LoadBalancerPort,
SSLCertificateId)
Sets the certificate that terminates the specified listeners SSL connections. The specified certificate re-
places any prior certificate that was used on the same load balancer and port.
For more information on updating your SSL certificate, see Updating an SSL Certificate for a Load Bal-
ancer in the Elastic Load Balancing Developer Guide .
Parameters
LoadBalancerPort (integer) The port that uses the specified SSL certificate.
SSLCertificateId (string) The Amazon Resource Number (ARN) of the SSL certificate
chain to use. For more information on SSL certificates, see Managing Server Certificates
in the AWS Identity and Access Management User Guide .

Return type dict

set_load_balancer_policies_for_backend_server(LoadBalancerName, InstancePort,
PolicyNames)
Replaces the current set of policies associated with a port on which the back-end server is listening with
a new set of policies. After the policies have been created using CreateLoadBalancerPolicy , they can be
applied here as a list. At this time, only the back-end server authentication policy type can be applied to
the back-end ports; this policy type is composed of multiple public key policies.
Note: The SetLoadBalancerPoliciesForBackendServer replaces the current set of policies associated with
the specified instance port. Every time you use this action to enable the policies, use the PolicyNames
parameter to list all the policies you want to enable.
You can use DescribeLoadBalancers or DescribeLoadBalancerPolicies action to verify that the policy has
been associated with the back-end server.
Parameters
This name must be unique within the set of your load balancers.
InstancePort (integer) The port number associated with the back-end server.
PolicyNames (list) List of policy names to be set. If the list is empty, then all current
polices are removed from the back-end server.
Return type dict
set_load_balancer_policies_of_listener(LoadBalancerName, LoadBalancerPort, Poli-
cyNames)
Associates, updates, or disables a policy with a listener on the load balancer. You can associate multiple
policies with a listener.
Parameters
LoadBalancerPort (integer) The external port of the load balancer to associate the
policy.
PolicyNames (list) List of policies to be associated with the listener. If the list is empty,
the current policy is removed from the listener.
Return type dict
2.1.20 Amazon Elastic MapReduce
Table of Contents
Amazon Elastic MapReduce
Client
Client
class emr.Client
A low-level client representing Amazon Elastic MapReduce:
2.1. Services 317

import boto3
emr = boto3.client(emr)
add_instance_groups(InstanceGroups, JobFlowId)
AddInstanceGroups adds an instance group to a running cluster.
Parameters
InstanceGroups (list) Instance Groups to add.
JobFlowId (string) Job flow in which to add the instance groups.
Return type dict
add_job_flow_steps(JobFlowId, Steps)
AddJobFlowSteps adds new steps to a running job flow. A maximum of 256 steps are allowed in each job
flow.
If your job flow is long-running (such as a Hive data warehouse) or complex, you may require more than
256 steps to process your data. You can bypass the 256-step limitation in various ways, including using
the SSH shell to connect to the master node and submitting queries directly to the software running on the
master node, such as Hive and Hadoop. For more information on how to do this, go to Add More than 256
Steps to a Job Flow in the Amazon Elastic MapReduce Developers Guide .
A step specifies the location of a JAR file stored either on the master node of the job flow or in Amazon
S3. Each step is performed by the main function of the main class of the JAR file. The main class can be
specified either in the manifest of the JAR or by using the MainFunction parameter of the step.
Elastic MapReduce executes each step in the order listed. For a step to be considered complete, the main
function must exit with a zero exit code and all Hadoop jobs started while the step was running must have
completed and run successfully.
You can only add steps to a job flow that is in one of the following states: STARTING, BOOTSTRAPPING,
RUNNING, or WAITING.
Parameters
JobFlowId (string) A string that uniquely identifies the job flow. This identifier is re-
turned by RunJobFlow and can also be obtained from ListClusters .
Steps (list) A list of StepConfig to be executed by the job flow.
Return type dict
add_tags(ResourceId, Tags)
Adds tags to an Amazon EMR resource. Tags make it easier to associate clusters in various ways, such
as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see
Tagging Amazon EMR Resources .
Parameters
ResourceId (string) The Amazon EMR resource identifier to which tags will be added.
This value must be a cluster identifier.
Tags (list) A list of tags to associate with a cluster and propagate to Amazon EC2 in-
stances. Tags are user-defined key/value pairs that consist of a required key string with a
maximum of 128 characters, and an optional value string with a maximum of 256 charac-
ters.
Return type dict

describe_cluster(ClusterId)
Provides cluster-level details including status, hardware and software configuration, VPC settings, and so
on. For information about the cluster steps, see ListSteps .
Parameters ClusterId (string) The identifier of the cluster to describe.
Return type dict
describe_job_flows(CreatedAfter=None, CreatedBefore=None, JobFlowIds=None, JobFlow-
States=None)
This API is deprecated and will eventually be removed. We recommend you use ListClusters , De-
scribeCluster , ListSteps , ListInstanceGroups and ListBootstrapActions instead.
DescribeJobFlows returns a list of job flows that match all of the supplied parameters. The parameters can
include a list of job flow IDs, job flow states, and restrictions on job flow creation date and time.
Regardless of supplied parameters, only job flows created within the last two months are returned.
If no parameters are supplied, then job flows matching either of the following criteria are returned:
Job flows created and completed in the last two weeks
Job flows created within the last two months that are in one of the following states: RUNNING ,
WAITING , SHUTTING_DOWN , STARTING
Amazon Elastic MapReduce can return a maximum of 512 job flow descriptions.
Parameters
CreatedAfter (datetime) Return only job flows created after this date and time.
CreatedBefore (datetime) Return only job flows created before this date and time.
JobFlowIds (list) Return only job flows whose job flow ID is contained in this list.
JobFlowStates (list) Return only job flows whose state is contained in this list.
Return type dict
describe_step(ClusterId, StepId)
Provides more detail about the cluster step.
Parameters
ClusterId (string) The identifier of the cluster with steps to describe.
StepId (string) The identifier of the step to describe.
Return type dict
get_waiter(name)
cluster_running
list_bootstrap_actions(ClusterId, Marker=None)
Provides information about the bootstrap actions associated with a cluster.
Parameters
ClusterId (string) The cluster identifier for the bootstrap actions to list .
Marker (string) The pagination token that indicates the next set of results to retrieve .
Return type dict
2.1. Services 319

list_clusters(CreatedAfter=None, CreatedBefore=None, ClusterStates=None, Marker=None)

Provides the status of all clusters visible to this AWS account. Allows you to filter the list of clusters based
on certain criteria; for example, filtering by cluster creation date and time or by status. This call returns a
maximum of 50 clusters per call, but returns a marker to track the paging of the cluster list across multiple
ListClusters calls.
Parameters
CreatedAfter (datetime) The creation date and time beginning value filter for listing
clusters .
CreatedBefore (datetime) The creation date and time end value filter for listing clusters
.
ClusterStates (list) The cluster state filters to apply when listing clusters.
Marker (string) The pagination token that indicates the next set of results to retrieve.
Return type dict
list_instance_groups(ClusterId, Marker=None)
Provides all available details about the instance groups in a cluster.
Parameters
ClusterId (string) The identifier of the cluster for which to list the instance groups.
Return type dict
list_instances(ClusterId, InstanceGroupId=None, InstanceGroupTypes=None, Marker=None)
Provides information about the cluster instances that Amazon EMR provisions on behalf of a user when
it creates the cluster. For example, this operation indicates when the EC2 instances reach the Ready
state, when instances become available to Amazon EMR to use for jobs, and the IP addresses for cluster
instances, etc.
Parameters
ClusterId (string) The identifier of the cluster for which to list the instances.
InstanceGroupId (string) The identifier of the instance group for which to list the in-
stances.
InstanceGroupTypes (list) The type of instance group for which to list the instances.
Return type dict
list_steps(ClusterId, StepStates=None, Marker=None)
Provides a list of steps for the cluster.
Parameters
ClusterId (string) The identifier of the cluster for which to list the steps.
StepStates (list) The filter to limit the step list based on certain states.

Return type dict
modify_instance_groups(InstanceGroups=None)
ModifyInstanceGroups modifies the number of nodes and configuration settings of an instance group. The
input parameters include the new target instance count for the group and the instance group ID. The call
will either succeed or fail atomically.
Parameters InstanceGroups (list) Instance groups to change.
Return type dict
remove_tags(ResourceId, TagKeys)
Removes tags from an Amazon EMR resource. Tags make it easier to associate clusters in various ways,
such as grouping clusters to track your Amazon EMR resource allocation costs. For more information, see
Tagging Amazon EMR Resources .
The following example removes the stack tag with value Prod from a cluster:
Parameters
ResourceId (string) The Amazon EMR resource identifier from which tags will be re-
moved. This value must be a cluster identifier.
TagKeys (list) A list of tag keys to remove from a resource.
Return type dict
run_job_flow(Name, Instances, LogUri=None, AdditionalInfo=None, AmiVersion=None,
Steps=None, BootstrapActions=None, SupportedProducts=None, NewSupported-
Products=None, VisibleToAllUsers=None, JobFlowRole=None, ServiceRole=None,
Tags=None)
RunJobFlow creates and starts running a new job flow. The job flow will run the steps specified. Once
the job flow completes, the cluster is stopped and the HDFS partition is lost. To prevent loss of data,
configure the last step of the job flow to store results in Amazon S3. If the JobFlowInstancesConfig
KeepJobFlowAliveWhenNoSteps parameter is set to TRUE , the job flow will transition to the
WAITING state rather than shutting down once the steps have completed.
For additional protection, you can set the JobFlowInstancesConfig TerminationProtected parame-
ter to TRUE to lock the job flow and prevent it from being terminated by API call, user intervention, or in
the event of a job flow error.
A maximum of 256 steps are allowed in each job flow.
If your job flow is long-running (such as a Hive data warehouse) or complex, you may require more than
256 steps to process your data. You can bypass the 256-step limitation in various ways, including using
the SSH shell to connect to the master node and submitting queries directly to the software running on the
master node, such as Hive and Hadoop. For more information on how to do this, go to Add More than 256
Steps to a Job Flow in the Amazon Elastic MapReduce Developers Guide .
For long running job flows, we recommend that you periodically store your results.
Parameters
Name (string) The name of the job flow.
LogUri (string) The location in Amazon S3 to write the log files of the job flow. If a
value is not provided, logs are not created.
AdditionalInfo (string) A JSON string for selecting additional features.
AmiVersion (string) The version of the Amazon Machine Image (AMI) to use when
launching Amazon EC2 instances in the job flow. The following values are valid:
2.1. Services 321

latest (uses the latest AMI)

The version number of the AMI to use, for example, 2.0
If the AMI supports multiple versions of Hadoop (for example, AMI 1.0 supports both
Hadoop 0.18 and 0.20) you can use the JobFlowInstancesConfig HadoopVersion pa-
rameter to modify the version of Hadoop from the defaults shown above.
For details about the AMI versions currently supported by Amazon Elastic MapReduce,
go to AMI Versions Supported in Elastic MapReduce in the Amazon Elastic MapReduce
Developers Guide.
Instances (dict) A specification of the number and type of Amazon EC2 instances on
which to run the job flow.
Steps (list) A list of steps to be executed by the job flow.
BootstrapActions (list) A list of bootstrap actions that will be run before Hadoop is
started on the cluster nodes.
SupportedProducts (list) A list of strings that indicates third-party software to use with
the job flow. For more information, go to Use Third Party Applications with Amazon
EMR . Currently supported values are:
mapr-m3 - launch the job flow using MapR M3 Edition.
NewSupportedProducts (list) A list of strings that indicates third-party software to use
with the job flow that accepts a user argument list. EMR accepts and forwards the argu-
ment list to the corresponding installation script as bootstrap action arguments. For more
information, see Launch a Job Flow on the MapR Distribution for Hadoop . Currently
supported values are:
mapr with the user arguments specifying edition,m3 or edition,m5 - launch the
job flow using MapR M3 or M5 Edition respectively.
VisibleToAllUsers (boolean) Whether the job flow is visible to all IAM users of the
AWS account associated with the job flow. If this value is set to true , all IAM users of
that AWS account can view and (if they have the proper policy permissions set) manage
the job flow. If it is set to false , only the IAM user that created the job flow can view
and manage it.
JobFlowRole (string) An IAM role for the job flow. The EC2 instances of the job flow
assume this role. The default role is EMRJobflowDefault . In order to use the default
role, you must have already created it using the CLI.
ServiceRole (string) The IAM role that will be assumed by the Amazon EMR service
to access AWS resources on your behalf.
Tags (list) A list of tags to associate with a cluster and propagate to Amazon EC2 in-
stances.
Return type dict
set_termination_protection(JobFlowIds, TerminationProtected)
SetTerminationProtection locks a job flow so the Amazon EC2 instances in the cluster cannot be terminated
by user intervention, an API call, or in the event of a job-flow error. The cluster still terminates upon

successful completion of the job flow. Calling SetTerminationProtection on a job flow is analogous to
calling the Amazon EC2 DisableAPITermination API on all of the EC2 instances in a cluster.
SetTerminationProtection is used to prevent accidental termination of a job flow and to ensure that in the
event of an error, the instances will persist so you can recover any data stored in their ephemeral instance
storage.
To terminate a job flow that has been locked by setting SetTerminationProtection to true , you must first
unlock the job flow by a subsequent call to SetTerminationProtection in which you set the value to false
.
For more information, go to Protecting a Job Flow from Termination in the Amazon Elastic MapReduce
Developers Guide.
Parameters
JobFlowIds (list) A list of strings that uniquely identify the job flows to protect. This
identifier is returned by RunJobFlow and can also be obtained from DescribeJobFlows .
TerminationProtected (boolean) A Boolean that indicates whether to protect the job
flow and prevent the Amazon EC2 instances in the cluster from shutting down due to API
calls, user intervention, or job-flow error.
Return type dict
set_visible_to_all_users(JobFlowIds, VisibleToAllUsers)
Sets whether all AWS Identity and Access Management (IAM) users under your account can access the
specified job flows. This action works on running job flows. You can also set the visibility of a job flow
when you launch it using the VisibleToAllUsers parameter of RunJobFlow . The SetVisibleToAl-
lUsers action can be called only by an IAM user who created the job flow or the AWS account that owns
the job flow.
Parameters
JobFlowIds (list) Identifiers of the job flows to receive the new visibility setting.
VisibleToAllUsers (boolean) Whether the specified job flows are visible to all IAM
users of the AWS account associated with the job flow. If this value is set to True, all IAM
users of that AWS account can view and, if they have the proper IAM policy permissions
set, manage the job flows. If it is set to False, only the IAM user that created a job flow
can view and manage it.
Return type dict
terminate_job_flows(JobFlowIds)
TerminateJobFlows shuts a list of job flows down. When a job flow is shut down, any step not yet com-
pleted is canceled and the EC2 instances on which the job flow is running are stopped. Any log files not
already saved are uploaded to Amazon S3 if a LogUri was specified when the job flow was created.
The call to TerminateJobFlows is asynchronous. Depending on the configuration of the job flow, it may
take up to 5-20 minutes for the job flow to completely terminate and release allocated resources, such as
Amazon EC2 instances.
Parameters JobFlowIds (list) A list of job flows to be shutdown.
Return type dict
2.1.21 AWS Identity and Access Management
2.1. Services 323

Table of Contents
AWS Identity and Access Management
Client
Service Resource
AccessKey
AccountAlias
AccountPasswordPolicy
AccountSummary
Group
GroupPolicy
InstanceProfile
LoginProfile
MfaDevice
Role
RolePolicy
SamlProvider
ServerCertificate
SigningCertificate
User
UserPolicy
VirtualMfaDevice
Client
class iam.Client
A low-level client representing AWS Identity and Access Management:
import boto3
iam = boto3.client(iam)
add_client_id_to_open_id_connect_provider(OpenIDConnectProviderArn, ClientID)
Adds a new client ID (also known as audience) to the list of client IDs already registered for the specified
IAM OpenID Connect provider.
This action is idempotent; it does not fail or return an error if you add an existing client ID to the provider.
Parameters
OpenIDConnectProviderArn (string) The Amazon Resource Name (ARN) of the IAM
OpenID Connect (OIDC) provider to add the client ID to. You can get a list of OIDC
provider ARNs by using the ListOpenIDConnectProviders action.
ClientID (string) The client ID (also known as audience) to add to the IAM OpenID
Connect provider.
Return type dict
add_role_to_instance_profile(InstanceProfileName, RoleName)
Adds the specified role to the specified instance profile. For more information about roles, go to Working
with Roles . For more information about instance profiles, go to About Instance Profiles .
Parameters
InstanceProfileName (string) The name of the instance profile to update.

RoleName (string) The name of the role to add.

Return type dict
add_user_to_group(GroupName, UserName)
Adds the specified user to the specified group.
Parameters
GroupName (string) The name of the group to update.
UserName (string) The name of the user to add.
Return type dict
change_password(OldPassword, NewPassword)
Changes the password of the IAM user who is calling this action. The root account password is not affected
by this action.
To change the password for a different user, see UpdateLoginProfile . For more information about modi-
fying passwords, see Managing Passwords in the Using IAM guide.
Parameters
OldPassword (string) The IAM users current password.
NewPassword (string) The new password. The new password must conform to the AWS
accounts password policy, if one exists.
Return type dict
create_access_key(UserName=None)
Creates a new AWS secret access key and corresponding AWS access key ID for the specified user. The
default status for new keys is Active .
If you do not specify a user name, IAM determines the user name implicitly based on the AWS access key
ID signing the request. Because this action works for access keys under the AWS account, you can use
this action to manage root credentials even if the AWS account has no associated users.
For information about limits on the number of keys you can create, see Limitations on IAM Entities in the
Using IAM guide.
Warning: To ensure the security of your AWS account, the secret access key is accessible only during
key and user creation. You must save the key (for example, in a text file) if you want to be able to
access it again. If a secret key is lost, you can delete the access keys for the associated user and then
create new keys.
Parameters UserName (string) The user name that the new key will belong to.
Return type dict
create_account_alias(AccountAlias)
Creates an alias for your AWS account. For information about using an AWS account alias, see Using an
Alias for Your AWS Account ID in the Using IAM guide.
Parameters AccountAlias (string) The name of the account alias to create.
Return type dict
create_group(GroupName, Path=None)
Creates a new group.
For information about the number of groups you can create, see Limitations on IAM Entities in the Using
IAM guide.
2.1. Services 325

Parameters
Path (string) The path to the group. For more information about paths, see IAM Identi-
fiers in the Using IAM guide.
This parameter is optional. If it is not included, it defaults to a slash (/).
GroupName (string) The name of the group to create. Do not include the path in this
value.
Return type dict
create_instance_profile(InstanceProfileName, Path=None)
Creates a new instance profile. For information about instance profiles, go to About Instance Profiles .
For information about the number of instance profiles you can create, see Limitations on IAM Entities in
the Using IAM guide.
Parameters
InstanceProfileName (string) The name of the instance profile to create.
Path (string) The path to the instance profile. For more information about paths, see
IAM Identifiers in the Using IAM guide.
Return type dict
create_login_profile(UserName, Password, PasswordResetRequired=None)
Creates a password for the specified user, giving the user the ability to access AWS services through the
AWS Management Console. For more information about managing passwords, see Managing Passwords
in the Using IAM guide.
Parameters
UserName (string) The name of the user to create a password for.
Password (string) The new password for the user.
PasswordResetRequired (boolean) Specifies whether the user is required to set a new
password on next sign-in.
Return type dict
create_open_id_connect_provider(Url, ThumbprintList, ClientIDList=None)
Creates an IAM entity to describe an identity provider (IdP) that supports OpenID Connect (OIDC) .
The OIDC provider that you create with this operation can be used as a principal in a roles trust policy to
establish a trust relationship between AWS and the OIDC provider.
When you create the IAM OIDC provider, you specify the URL of the OIDC identity provider (IdP) to
trust, a list of client IDs (also known as audiences) that identify the application or applications that are
allowed to authenticate using the OIDC provider, and a list of thumbprints of the server certificate(s) that
the IdP uses. You get all of this information from the OIDC IdP that you want to use for access to AWS.
Note: Because trust for the OIDC provider is ultimately derived from the IAM provider that this action
creates, it is a best practice to limit access to the CreateOpenIDConnectProvider action to highly-privileged
users.
Parameters

Url (string) The URL of the identity provider. The URL must begin with https://
and should correspond to the iss claim in the providers OpenID Connect ID tokens.
Per the OIDC standard, path components are allowed but query parameters are not.
Typically the URL consists of only a host name, like https://server.example.org or
https://example.com.
You cannot register the same provider multiple times in a single AWS account. If you try
to submit a URL that has already been used for an OpenID Connect provider in the AWS
account, you will get an error.
ClientIDList (list) A list of client IDs (also known as audiences). When a mobile or
web app registers with an OpenID Connect provider, they establish a value that identifies
the application. (This is the value thats sent as the client_id parameter on OAuth
requests.)
You can register multiple client IDs with the same provider. For example, you might have
multiple applications that use the same OIDC provider. You cannot register more than 100
client IDs with a single IAM OIDC provider.
There is no defined format for a client ID. The
CreateOpenIDConnectProviderRequest action accepts client IDs up to
255 characters long.
ThumbprintList (list) A list of server certificate thumbprints for the OpenID Connect
(OIDC) identity providers server certificate(s). Typically this list includes only one entry.
However, IAM lets you have up to five thumbprints for an OIDC provider. This lets you
maintain multiple thumbprints if the identity provider is rotating certificates.
The server certificate thumbprint is the hex-encoded SHA-1 hash value of the X.509 cer-
tificate used by the domain where the OpenID Connect provider makes its keys available.
It is always a 40-character string.
You must provide at least one thumbprint when creating an IAM OIDC provider. For ex-
ample, if the OIDC provider is server.example.com and the provider stores its keys
at https://keys.server.example.com/openid-connect, the thumbprint string would be the
hex-encoded SHA-1 hash value of the certificate used by https://keys.server.example.com.
Return type dict
create_role(RoleName, AssumeRolePolicyDocument, Path=None)

Creates a new role for your AWS account. For more information about roles, go to Working with Roles .
For information about limitations on role names and the number of roles you can create, go to Limitations
on IAM Entities in the Using IAM guide.
The example policy grants permission to an EC2 instance to assume the role. The pol-
icy is URL-encoded according to RFC 3986. For more information about RFC 3986, go to
http://www.faqs.org/rfcs/rfc3986.html .
Parameters
Path (string) The path to the role. For more information about paths, see IAM Identifiers
RoleName (string) The name of the role to create.
AssumeRolePolicyDocument (string) The policy that grants an entity permission to
assume the role.
Return type dict
2.1. Services 327

create_saml_provider(SAMLMetadataDocument, Name)
Creates an IAM entity to describe an identity provider (IdP) that supports SAML 2.0.
The SAML provider that you create with this operation can be used as a principal in a roles trust policy
to establish a trust relationship between AWS and a SAML identity provider. You can create an IAM role
that supports Web-based single sign-on (SSO) to the AWS Management Console or one that supports API
access to AWS.
When you create the SAML provider, you upload an a SAML metadata document that you get from your
IdP and that includes the issuers name, expiration information, and keys that can be used to validate the
SAML authentication response (assertions) that are received from the IdP. You must generate the metadata
document using the identity management software that is used as your organizations IdP.
Note: This operation requires Signature Version 4 .
For more information, see Giving Console Access Using SAML and Creating Temporary Security Cre-
dentials for SAML Federation in the Using Temporary Credentials guide.
Parameters
SAMLMetadataDocument (string) An XML document generated by an identity
provider (IdP) that supports SAML 2.0. The document includes the issuers name, expira-
tion information, and keys that can be used to validate the SAML authentication response
(assertions) that are received from the IdP. You must generate the metadata document using
the identity management software that is used as your organizations IdP.
For more information, see Creating Temporary Security Credentials for SAML Federation
in the Using Temporary Security Credentials guide.
Name (string) The name of the provider to create.
Return type dict
create_user(UserName, Path=None)
Creates a new user for your AWS account.
For information about limitations on the number of users you can create, see Limitations on IAM Entities
Parameters
Path (string) The path for the user name. For more information about paths, see IAM
Identifiers in the Using IAM guide.
UserName (string) The name of the user to create.
Return type dict
create_virtual_mfa_device(VirtualMFADeviceName, Path=None)
Creates a new virtual MFA device for the AWS account. After creating the virtual MFA, use EnableM-
FADevice to attach the MFA device to an IAM user. For more information about creating and working
with virtual MFA devices, go to Using a Virtual MFA Device in the Using IAM guide.
For information about limits on the number of MFA devices you can create, see Limitations on Entities in
the Using IAM guide.

Warning: The seed information contained in the QR code and the Base32 string should be treated
like any other secret access information, such as your AWS access keys or your passwords. After you
provision your virtual device, you should ensure that the information is destroyed following secure
procedures.
Parameters
Path (string) The path for the virtual MFA device. For more information about paths,
see IAM Identifiers in the Using IAM guide.
VirtualMFADeviceName (string) The name of the virtual MFA device. Use with path
to uniquely identify a virtual MFA device.
Return type dict
deactivate_mfa_device(UserName, SerialNumber)
Deactivates the specified MFA device and removes it from association with the user name for which it was
originally enabled.
For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA
Device in the Using IAM guide.
Parameters
UserName (string) The name of the user whose MFA device you want to deactivate.
SerialNumber (string) The serial number that uniquely identifies the MFA device. For
virtual MFA devices, the serial number is the device ARN.
Return type dict
delete_access_key(AccessKeyId, UserName=None)
Deletes the access key associated with the specified user.
Parameters
UserName (string) The name of the user whose key you want to delete.
AccessKeyId (string) The access key ID for the access key ID and secret access key you
want to delete.
Return type dict
delete_account_alias(AccountAlias)
Deletes the specified AWS account alias. For information about using an AWS account alias, see Using an
Alias for Your AWS Account ID in the Using IAM guide.
Parameters AccountAlias (string) The name of the account alias to delete.
Return type dict
delete_account_password_policy()
Deletes the password policy for the AWS account.
Return type dict
delete_group(GroupName)
Deletes the specified group. The group must not contain any users or have any attached policies.
2.1. Services 329

Parameters GroupName (string) The name of the group to delete.

Return type dict
delete_group_policy(GroupName, PolicyName)
Deletes the specified policy that is associated with the specified group.
Parameters
GroupName (string) The name of the group the policy is associated with.
PolicyName (string) The name of the policy document to delete.
Return type dict
delete_instance_profile(InstanceProfileName)
Deletes the specified instance profile. The instance profile must not have an associated role.
Warning: Make sure you do not have any Amazon EC2 instances running with the instance profile
you are about to delete. Deleting a role or instance profile that is associated with a running instance
will break any applications running on the instance.
For more information about instance profiles, go to About Instance Profiles .

Parameters InstanceProfileName (string) The name of the instance profile to delete.
Return type dict
delete_login_profile(UserName)
Deletes the password for the specified user, which terminates the users ability to access AWS services
through the AWS Management Console.
Warning: Deleting a users password does not prevent a user from accessing IAM through the com-
mand line interface or the API. To prevent all user access you must also either make the access key
inactive or delete it. For more information about making keys inactive or deleting them, see UpdateAc-
cessKey and DeleteAccessKey .
Parameters UserName (string) The name of the user whose password you want to delete.
Return type dict
delete_open_id_connect_provider(OpenIDConnectProviderArn)
Deletes an IAM OpenID Connect identity provider.
Deleting an OIDC provider does not update any roles that reference the provider as a principal in their
trust policies. Any attempt to assume a role that references a provider that has been deleted will fail.
This action is idempotent; it does not fail or return an error if you call the action for a provider that was
already deleted.
Parameters OpenIDConnectProviderArn (string) The Amazon Resource Name (ARN) of
the IAM OpenID Connect provider to delete. You can get a list of OpenID Connect provider
ARNs by using the ListOpenIDConnectProviders action.
Return type dict
delete_role(RoleName)
Deletes the specified role. The role must not have any policies attached. For more information about roles,
go to Working with Roles .

Warning: Make sure you do not have any Amazon EC2 instances running with the role you are about
to delete. Deleting a role or instance profile that is associated with a running instance will break any
applications running on the instance.
Parameters RoleName (string) The name of the role to delete.

Return type dict
delete_role_policy(RoleName, PolicyName)
Deletes the specified policy associated with the specified role.
Parameters
RoleName (string) The name of the role the associated with the policy.
Return type dict
delete_saml_provider(SAMLProviderArn)
Deletes a SAML provider.
Deleting the provider does not update any roles that reference the SAML provider as a principal in their
trust policies. Any attempt to assume a role that references a SAML provider that has been deleted will
fail.
Parameters SAMLProviderArn (string) The Amazon Resource Name (ARN) of the SAML
provider to delete.
Return type dict
delete_server_certificate(ServerCertificateName)
Deletes the specified server certificate.
Warning: If you are using a server certificate with Elastic Load Balancing, deleting the certificate
could have implications for your application. If Elastic Load Balancing doesnt detect the deletion of
bound certificates, it may continue to use the certificates. This could cause Elastic Load Balancing
to stop accepting traffic. We recommend that you remove the reference to the certificate from Elastic
Load Balancing before using this command to delete the certificate. For more information, go to
DeleteLoadBalancerListeners in the Elastic Load Balancing API Reference .
Parameters ServerCertificateName (string) The name of the server certificate you want to
delete.
Return type dict
delete_signing_certificate(CertificateId, UserName=None)
Deletes the specified signing certificate associated with the specified user.
Parameters
UserName (string) The name of the user the signing certificate belongs to.
CertificateId (string) The ID of the signing certificate to delete.
2.1. Services 331

Return type dict

delete_user(UserName)
Deletes the specified user. The user must not belong to any groups, have any keys or signing certificates,
or have any attached policies.
Parameters UserName (string) The name of the user to delete.
Return type dict
delete_user_policy(UserName, PolicyName)
Deletes the specified policy associated with the specified user.
Parameters
UserName (string) The name of the user the policy is associated with.
Return type dict
delete_virtual_mfa_device(SerialNumber)
Deletes a virtual MFA device.
Note: You must deactivate a users virtual MFA device before you can delete it. For information about
deactivating MFA devices, see DeactivateMFADevice .
Parameters SerialNumber (string) The serial number that uniquely identifies the MFA de-
vice. For virtual MFA devices, the serial number is the same as the ARN.
Return type dict
enable_mfa_device(UserName, SerialNumber, AuthenticationCode1, AuthenticationCode2)

Enables the specified MFA device and associates it with the specified user name. When enabled, the MFA
device is required for every subsequent login by the user name associated with the device.
Parameters
UserName (string) The name of the user for whom you want to enable the MFA device.
AuthenticationCode1 (string) An authentication code emitted by the device.
AuthenticationCode2 (string) A subsequent authentication code emitted by the device.
Return type dict
generate_credential_report()
Generates a credential report for the AWS account. For more information about the credential report, see
Getting Credential Reports in the Using IAM guide.
Return type dict
get_account_authorization_details(Filter=None, MaxItems=None, Marker=None)
Retrieves information about all IAM users, groups, and roles in your account, including their relationships
to one another and their attached policies. Use this API to obtain a snapshot of the configuration of IAM
permissions (users, groups, roles, and policies) in your account.
You can optionally filter the results using the Filter parameter. You can paginate the results using the
MaxItems and Marker parameters.
Parameters

Filter (list) A list of entity types (user, group, or role) for filtering the results.
MaxItems (integer) Use this only when paginating results to indicate the maximum
number of items you want in the response. If there are additional items beyond the max-
imum you specify, the IsTruncated response element is true . This parameter is
optional. If you do not include it, it defaults to 100.
Marker (string) Use this only when paginating results, and only in a subsequent request
after youve received a response where the results are truncated. Set it to the value of the
Marker element in the response you just received.
Return type dict
get_account_password_policy()
Retrieves the password policy for the AWS account. For more information about using a password policy,
go to Managing an IAM Password Policy .
Return type dict
get_account_summary()
Retrieves account level information about account entity usage and IAM quotas.
For information about limitations on IAM entities, see Limitations on IAM Entities in the Using IAM
guide.
Return type dict
get_credential_report()
Retrieves a credential report for the AWS account. For more information about the credential report, see
Getting Credential Reports in the Using IAM guide.
Return type dict
get_group(GroupName, Marker=None, MaxItems=None)
Returns a list of users that are in the specified group. You can paginate the results using the MaxItems
and Marker parameters.
Parameters
GroupName (string) The name of the group.
number of groups you want in the response. If there are additional groups beyond the
maximum you specify, the IsTruncated response element is true . This parameter is
Return type dict
get_group_policy(GroupName, PolicyName)
Retrieves the specified policy document for the specified group. The returned policy is URL-encoded ac-
cording to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html
.
Parameters
GroupName (string) The name of the group the policy is associated with.
PolicyName (string) The name of the policy document to get.
2.1. Services 333

Return type dict

get_instance_profile(InstanceProfileName)
Retrieves information about the specified instance profile, including the instance profiles path, GUID,
ARN, and role. For more information about instance profiles, go to About Instance Profiles . For more
information about ARNs, go to ARNs .
Parameters InstanceProfileName (string) The name of the instance profile to get information
about.
Return type dict
get_login_profile(UserName)
Retrieves the user name and password-creation date for the specified user. If the user has not been assigned
a password, the action returns a 404 (NoSuchEntity ) error.
Parameters UserName (string) The name of the user whose login profile you want to retrieve.
Return type dict
get_open_id_connect_provider(OpenIDConnectProviderArn)
Returns information about the specified OpenID Connect provider.
Parameters OpenIDConnectProviderArn (string) The Amazon Resource Name (ARN) of
the IAM OpenID Connect (OIDC) provider to get information for. You can get a list of OIDC
Return type dict
get_role(RoleName)
Retrieves information about the specified role, including the roles path, GUID, ARN, and the policy
granting permission to assume the role. For more information about ARNs, go to ARNs . For more
information about roles, go to Working with Roles .
The returned policy is URL-encoded according to RFC 3986. For more information about RFC 3986, go
to http://www.faqs.org/rfcs/rfc3986.html .
Parameters RoleName (string) The name of the role to get information about.
Return type dict
get_role_policy(RoleName, PolicyName)
Retrieves the specified policy document for the specified role. For more information about roles, go to
Working with Roles .
Parameters
RoleName (string) The name of the role associated with the policy.
Return type dict
get_saml_provider(SAMLProviderArn)
Returns the SAML provider metadocument that was uploaded when the provider was created or updated.
Parameters SAMLProviderArn (string) The Amazon Resource Name (ARN) of the SAML
provider to get information about.

Return type dict
get_server_certificate(ServerCertificateName)
Retrieves information about the specified server certificate.
Parameters ServerCertificateName (string) The name of the server certificate you want to
retrieve information about.
Return type dict
get_user(UserName=None)
Retrieves information about the specified user, including the users creation date, path, unique ID, and
ARN.
ID used to sign the request.
Parameters UserName (string) The name of the user to get information about.
This parameter is optional. If it is not included, it defaults to the user making the request.
Return type dict
get_user_policy(UserName, PolicyName)
Retrieves the specified policy document for the specified user. The returned policy is URL-encoded ac-
cording to RFC 3986. For more information about RFC 3986, go to http://www.faqs.org/rfcs/rfc3986.html
.
Parameters
UserName (string) The name of the user who the policy is associated with.
Return type dict
list_access_keys(UserName=None, Marker=None, MaxItems=None)
Returns information about the access key IDs associated with the specified user. If there are none, the
action returns an empty list.
Although each user is limited to a small number of keys, you can still paginate the results using the
MaxItems and Marker parameters.
If the UserName field is not specified, the UserName is determined implicitly based on the AWS access
key ID used to sign the request. Because this action works for access keys under the AWS account, you
can use this action to manage root credentials even if the AWS account has no associated users.
Note: To ensure the security of your AWS account, the secret access key is accessible only during key
and user creation.

Parameters
UserName (string) The name of the user.
Marker (string) Use this parameter only when paginating results, and only in a subse-
quent request after youve received a response where the results are truncated. Set it to the
value of the Marker element in the response you just received.
MaxItems (integer) Use this parameter only when paginating results to indicate the
maximum number of keys you want in the response. If there are additional keys beyond
2.1. Services 335

the maximum you specify, the IsTruncated response element is true . This parameter
is optional. If you do not include it, it defaults to 100.
Return type dict
list_account_aliases(Marker=None, MaxItems=None)
Lists the account aliases associated with the account. For information about using an AWS account alias,
see Using an Alias for Your AWS Account ID in the Using IAM guide.
You can paginate the results using the MaxItems and Marker parameters.
Parameters
number of account aliases you want in the response. If there are additional account aliases
beyond the maximum you specify, the IsTruncated response element is true . This
parameter is optional. If you do not include it, it defaults to 100.
Return type dict
list_group_policies(GroupName, Marker=None, MaxItems=None)
Lists the names of the policies associated with the specified group. If there are none, the action returns an
empty list.
Parameters
GroupName (string) The name of the group to list policies for.
number of policy names you want in the response. If there are additional policy names
Return type dict
list_groups(PathPrefix=None, Marker=None, MaxItems=None)
Lists the groups that have the specified path prefix.
Parameters
PathPrefix (string) The path prefix for filtering the results. For example, the pre-
fix /division_abc/subdivision_xyz/ gets all groups whose path starts with
/division_abc/subdivision_xyz/ .
This parameter is optional. If it is not included, it defaults to a slash (/), listing all groups.

Return type dict
list_groups_for_user(UserName, Marker=None, MaxItems=None)
Lists the groups the specified user belongs to.
Parameters
UserName (string) The name of the user to list groups for.
Return type dict
list_instance_profiles(PathPrefix=None, Marker=None, MaxItems=None)
Lists the instance profiles that have the specified path prefix. If there are none, the action returns an empty
list. For more information about instance profiles, go to About Instance Profiles .
Parameters
PathPrefix (string) The path prefix for filtering the results. For example, the prefix
/application_abc/component_xyz/ gets all instance profiles whose path starts
with /application_abc/component_xyz/ .
This parameter is optional. If it is not included, it defaults to a slash (/), listing all instance
profiles.
maximum number of instance profiles you want in the response. If there are additional
instance profiles beyond the maximum you specify, the IsTruncated response element
is true . This parameter is optional. If you do not include it, it defaults to 100.
Return type dict
list_instance_profiles_for_role(RoleName, Marker=None, MaxItems=None)
Lists the instance profiles that have the specified associated role. If there are none, the action returns an
empty list. For more information about instance profiles, go to About Instance Profiles .
2.1. Services 337

Parameters
RoleName (string) The name of the role to list instance profiles for.
maximum number of instance profiles you want in the response. If there are additional
instance profiles beyond the maximum you specify, the IsTruncated response element
is true . This parameter is optional. If you do not include it, it defaults to 100.
Return type dict
list_mfa_devices(UserName=None, Marker=None, MaxItems=None)
Lists the MFA devices. If the request includes the user name, then this action lists all the MFA devices
associated with the specified user name. If you do not specify a user name, IAM determines the user name
implicitly based on the AWS access key ID signing the request.
Parameters
UserName (string) The name of the user whose MFA devices you want to list.
number of MFA devices you want in the response. If there are additional MFA devices
Return type dict
list_open_id_connect_providers()
Lists information about the OpenID Connect providers in the AWS account.
Return type dict
list_role_policies(RoleName, Marker=None, MaxItems=None)
Lists the names of the policies associated with the specified role. If there are none, the action returns an
empty list.
Parameters
RoleName (string) The name of the role to list policies for.

maximum number of role policies you want in the response. If there are additional role
policies beyond the maximum you specify, the IsTruncated response element is true
. This parameter is optional. If you do not include it, it defaults to 100.
Return type dict
list_roles(PathPrefix=None, Marker=None, MaxItems=None)
Lists the roles that have the specified path prefix. If there are none, the action returns an empty list. For
more information about roles, go to Working with Roles .
Parameters
PathPrefix (string) The path prefix for filtering the results. For example, the pre-
fix /application_abc/component_xyz/ gets all roles whose path starts with
/application_abc/component_xyz/ .
This parameter is optional. If it is not included, it defaults to a slash (/), listing all roles.
maximum number of roles you want in the response. If there are additional roles beyond
the maximum you specify, the IsTruncated response element is true . This parameter
is optional. If you do not include it, it defaults to 100.
Return type dict
list_saml_providers()
Lists the SAML providers in the account.
Return type dict
list_server_certificates(PathPrefix=None, Marker=None, MaxItems=None)

Lists the server certificates that have the specified path prefix. If none exist, the action returns an empty
list.
Parameters
PathPrefix (string) The path prefix for filtering the results. For example:
/company/servercerts would get all server certificates for which the path starts
with /company/servercerts .
This parameter is optional. If it is not included, it defaults to a slash (/), listing all server
certificates.
2.1. Services 339

number of server certificates you want in the response. If there are additional server cer-
tificates beyond the maximum you specify, the IsTruncated response element will be
set to true . This parameter is optional. If you do not include it, it defaults to 100.
Return type dict
list_signing_certificates(UserName=None, Marker=None, MaxItems=None)
Returns information about the signing certificates associated with the specified user. If there are none, the
action returns an empty list.
Although each user is limited to a small number of signing certificates, you can still paginate the results
using the MaxItems and Marker parameters.
If the UserName field is not specified, the user name is determined implicitly based on the AWS access
Parameters
UserName (string) The name of the user.
number of certificate IDs you want in the response. If there are additional certificate IDs
Return type dict
list_user_policies(UserName, Marker=None, MaxItems=None)
Lists the names of the policies associated with the specified user. If there are none, the action returns an
empty list.
Parameters
UserName (string) The name of the user to list policies for.
number of policy names you want in the response. If there are additional policy names
Return type dict

list_users(PathPrefix=None, Marker=None, MaxItems=None)

Lists the IAM users that have the specified path prefix. If no path prefix is specified, the action returns all
users in the AWS account. If there are none, the action returns an empty list.
Parameters
PathPrefix (string) The path prefix for filtering the results. For example:
/division_abc/subdivision_xyz/ , which would get all user names whose path
starts with /division_abc/subdivision_xyz/ .
This parameter is optional. If it is not included, it defaults to a slash (/), listing all user
names.
maximum number of user names you want in the response. If there are additional user
names beyond the maximum you specify, the IsTruncated response element is true
Return type dict
list_virtual_mfa_devices(AssignmentStatus=None, Marker=None, MaxItems=None)
Lists the virtual MFA devices under the AWS account by assignment status. If you do not specify an
assignment status, the action returns a list of all virtual MFA devices. Assignment status can be Assigned
, Unassigned , or Any .
Parameters
AssignmentStatus (string) The status (unassigned or assigned) of the devices to list. If
you do not specify an AssignmentStatus , the action defaults to Any which lists both
assigned and unassigned virtual MFA devices.
maximum number of MFA devices you want in the response. If there are additional MFA
devices beyond the maximum you specify, the IsTruncated response element is true
Return type dict
put_group_policy(GroupName, PolicyName, PolicyDocument)
Adds (or updates) a policy document associated with the specified group. For information about policies,
refer to Overview of Policies in the Using IAM guide.
For information about limits on the number of policies you can associate with a group, see Limitations on
IAM Entities in the Using IAM guide.
Note: Because policy documents can be large, you should use POST rather than GET when calling
PutGroupPolicy . For information about setting up signatures and authorization through the API, go
2.1. Services 341

to Signing AWS API Requests in the AWS General Reference . For general information about using the
Query API with IAM, go to Making Query Requests in the Using IAM guide.
Parameters
GroupName (string) The name of the group to associate the policy with.
PolicyName (string) The name of the policy document.
PolicyDocument (string) The policy document.
Return type dict
put_role_policy(RoleName, PolicyName, PolicyDocument)

Adds (or updates) a policy document associated with the specified role. For information about policies, go
to Overview of Policies in the Using IAM guide.
For information about limits on the policies you can associate with a role, see Limitations on IAM Entities
PutRolePolicy . For information about setting up signatures and authorization through the API, go
Parameters
RoleName (string) The name of the role to associate the policy with.
Return type dict
put_user_policy(UserName, PolicyName, PolicyDocument)

Adds (or updates) a policy document associated with the specified user. For information about policies,
refer to Overview of Policies in the Using IAM guide.
For information about limits on the number of policies you can associate with a user, see Limitations on
IAM Entities in the Using IAM guide.
PutUserPolicy . For information about setting up signatures and authorization through the API, go
Parameters
UserName (string) The name of the user to associate the policy with.
Return type dict

remove_client_id_from_open_id_connect_provider(OpenIDConnectProviderArn, Cli-
entID)
Removes the specified client ID (also known as audience) from the list of client IDs registered for the
specified IAM OpenID Connect provider.
This action is idempotent; it does not fail or return an error if you try to remove a client ID that was
removed previously.
Parameters
OpenID Connect (OIDC) provider to remove the client ID from. You can get a list of OIDC
ClientID (string) The client ID (also known as audience) to remove from the IAM
OpenID Connect provider. For more information about client IDs, see CreateOpenIDCon-
nectProvider .
Return type dict
remove_role_from_instance_profile(InstanceProfileName, RoleName)
Removes the specified role from the specified instance profile.
Warning: Make sure you do not have any Amazon EC2 instances running with the role you are about
to remove from the instance profile. Removing a role from an instance profile that is associated with a
running instance will break any applications running on the instance.
For more information about roles, go to Working with Roles . For more information about instance profiles,
go to About Instance Profiles .
Parameters
InstanceProfileName (string) The name of the instance profile to update.
RoleName (string) The name of the role to remove.
Return type dict
remove_user_from_group(GroupName, UserName)
Removes the specified user from the specified group.
Parameters
GroupName (string) The name of the group to update.
UserName (string) The name of the user to remove.
Return type dict
resync_mfa_device(UserName, SerialNumber, AuthenticationCode1, AuthenticationCode2)
Synchronizes the specified MFA device with AWS servers.
For more information about creating and working with virtual MFA devices, go to Using a Virtual MFA
Device in the Using IAM guide.
Parameters
UserName (string) The name of the user whose MFA device you want to resynchronize.
SerialNumber (string) Serial number that uniquely identifies the MFA device.
2.1. Services 343

Return type dict

update_access_key(AccessKeyId, Status, UserName=None)
Changes the status of the specified access key from Active to Inactive, or vice versa. This action can be
used to disable a users key as part of a key rotation work flow.
For information about rotating keys, see Managing Keys and Certificates in the Using IAM guide.
Parameters
UserName (string) The name of the user whose key you want to update.
AccessKeyId (string) The access key ID of the secret access key you want to update.
Status (string) The status you want to assign to the secret access key. Active means
the key can be used for API calls to AWS, while Inactive means the key cannot be
used.
Return type dict
update_account_password_policy(MinimumPasswordLength=None, RequireSymbols=None,
RequireNumbers=None, RequireUppercaseCharac-
ters=None, RequireLowercaseCharacters=None,
AllowUsersToChangePassword=None, MaxPass-
wordAge=None, PasswordReusePrevention=None,
HardExpiry=None)
Updates the password policy settings for the AWS account.
Note: This action does not support partial updates. No parameters are required, but if you do not specify
a parameter, that parameters value reverts to its default value. See the Request Parameters section for
each parameters default value.
For more information about using a password policy, see Managing an IAM Password Policy in the Using
IAM guide.
Parameters
MinimumPasswordLength (integer) The minimum number of characters allowed in an
IAM user password.
Default value: 6
RequireSymbols (boolean) Specifies whether IAM user passwords must contain at least
one of the following non-alphanumeric characters:
! @ # $ % ^ amp; * ( ) _ + - = [ ] { } |
Default value: false
RequireNumbers (boolean) Specifies whether IAM user passwords must contain at
least one numeric character (0 to 9).
RequireUppercaseCharacters (boolean) Specifies whether IAM user passwords must
contain at least one uppercase character from the ISO basic Latin alphabet (A to Z).

RequireLowercaseCharacters (boolean) Specifies whether IAM user passwords must

contain at least one lowercase character from the ISO basic Latin alphabet (a to z).
AllowUsersToChangePassword (boolean) Allows all IAM users in your account to use
the AWS Management Console to change their own passwords. For more information, see
Letting IAM Users Change Their Own Passwords in the Using IAM guide.
MaxPasswordAge (integer) The number of days that an IAM user password is valid.
The default value of 0 means IAM user passwords never expire.
Default value: 0
PasswordReusePrevention (integer) Specifies the number of previous passwords that
IAM users are prevented from reusing. The default value of 0 means IAM users are not
prevented from reusing previous passwords.
Default value: 0
HardExpiry (boolean) Prevents IAM users from setting a new password after their
password has expired.
Return type dict
update_assume_role_policy(RoleName, PolicyDocument)
Updates the policy that grants an entity permission to assume a role. For more information about roles, go
to Working with Roles .
Parameters
RoleName (string) The name of the role to update.
PolicyDocument (string) The policy that grants an entity permission to assume the role.
Return type dict
update_group(GroupName, NewPath=None, NewGroupName=None)
Updates the name and/or the path of the specified group.
Warning: You should understand the implications of changing a groups path or name. For more
information, see Renaming Users and Groups in the Using IAM guide.
Note: To change a group name the requester must have appropriate permissions on both the source object
and the target object. For example, to change Managers to MGRs, the entity making the request must
have permission on Managers and MGRs, or must have permission on all (*). For more information about
permissions, see Permissions and Policies .
Parameters
GroupName (string) Name of the group to update. If youre changing the name of the
group, this is the original name.
NewPath (string) New path for the group. Only include this if changing the groups
path.
NewGroupName (string) New name for the group. Only include this if changing the
groups name.
2.1. Services 345

Return type dict
update_login_profile(UserName, Password=None, PasswordResetRequired=None)

Changes the password for the specified user.
Users can change their own passwords by calling ChangePassword . For more information about modify-
ing passwords, see Managing Passwords in the Using IAM guide.
Parameters
UserName (string) The name of the user whose password you want to update.
Password (string) The new password for the specified user.
PasswordResetRequired (boolean) Require the specified user to set a new password on
next sign-in.
Return type dict
update_open_id_connect_provider_thumbprint(OpenIDConnectProviderArn,
ThumbprintList)
Replaces the existing list of server certificate thumbprints with a new list.
The list that you pass with this action completely replaces the existing list of thumbprints. (The lists are
not merged.)
Typically, you need to update a thumbprint only when the identity providers certificate changes, which
occurs rarely. However, if the providers certificate does change, any attempt to assume an IAM role that
specifies the IAM provider as a principal will fail until the certificate thumbprint is updated.
Note: Because trust for the OpenID Connect provider is ultimately derived from the providers
certificate and is validated by the thumbprint, it is a best practice to limit access to the
UpdateOpenIDConnectProviderThumbprint action to highly-privileged users.
Parameters
OpenID Connect (OIDC) provider to update the thumbprint for. You can get a list of OIDC
ThumbprintList (list) A list of certificate thumbprints that are associated with the spec-
ified IAM OpenID Connect provider. For more information, see CreateOpenIDConnect-
Provider .
Return type dict
update_saml_provider(SAMLMetadataDocument, SAMLProviderArn)
Updates the metadata document for an existing SAML provider.
Parameters

SAMLProviderArn (string) The Amazon Resource Name (ARN) of the SAML

provider to update.
Return type dict
update_server_certificate(ServerCertificateName, NewPath=None, NewServerCertificate-

Name=None)
Updates the name and/or the path of the specified server certificate.
Warning: You should understand the implications of changing a server certificates path or name. For
more information, see Managing Server Certificates in the Using IAM guide.
Note: To change a server certificate name the requester must have appropriate permissions on both the
source object and the target object. For example, to change the name from ProductionCert to ProdCert, the
entity making the request must have permission on ProductionCert and ProdCert, or must have permission
on all (*). For more information about permissions, see Permissions and Policies .
Parameters
ServerCertificateName (string) The name of the server certificate that you want to
update.
NewPath (string) The new path for the server certificate. Include this only if you are
updating the server certificates path.
NewServerCertificateName (string) The new name for the server certificate. Include
this only if you are updating the server certificates name.
Return type dict
update_signing_certificate(CertificateId, Status, UserName=None)

Changes the status of the specified signing certificate from active to disabled, or vice versa. This action
can be used to disable a users signing certificate as part of a certificate rotation work flow.
For information about rotating certificates, see Managing Keys and Certificates in the Using IAM guide.
Parameters
UserName (string) The name of the user the signing certificate belongs to.
CertificateId (string) The ID of the signing certificate you want to update.
Status (string) The status you want to assign to the certificate. Active means the cer-
tificate can be used for API calls to AWS, while Inactive means the certificate cannot
be used.
Return type dict
update_user(UserName, NewPath=None, NewUserName=None)
Updates the name and/or the path of the specified user.
Warning: You should understand the implications of changing a users path or name. For more
information, see Renaming Users and Groups in the Using IAM guide.
2.1. Services 347

Note: To change a user name the requester must have appropriate permissions on both the source object
and the target object. For example, to change Bob to Robert, the entity making the request must have per-
mission on Bob and Robert, or must have permission on all (*). For more information about permissions,
see Permissions and Policies .
Parameters
UserName (string) Name of the user to update. If youre changing the name of the user,
this is the original user name.
NewPath (string) New path for the user. Include this parameter only if youre changing
the users path.
NewUserName (string) New name for the user. Include this parameter only if youre
changing the users name.
Return type dict
upload_server_certificate(ServerCertificateName, CertificateBody, PrivateKey, Path=None,

CertificateChain=None)
Uploads a server certificate entity for the AWS account. The server certificate entity includes a public key
certificate, a private key, and an optional certificate chain, which should all be PEM-encoded.
For information about the number of server certificates you can upload, see Limitations on IAM Entities
Note: Because the body of the public key certificate, private key, and the certificate chain can be large,
you should use POST rather than GET when calling UploadServerCertificate . For information
about setting up signatures and authorization through the API, go to Signing AWS API Requests in the
AWS General Reference . For general information about using the Query API with IAM, go to Making
Query Requests in the Using IAM guide.
Parameters
Path (string) The path for the server certificate. For more information about paths, see
Note: If you are uploading a server certificate specifically for use with Amazon
CloudFront distributions, you must specify a path using the --path option. The
path must begin with /cloudfront and must include a trailing slash (for example,
/cloudfront/test/ ).
ServerCertificateName (string) The name for the server certificate. Do not include the
path in this value.
CertificateBody (string) The contents of the public key certificate in PEM-encoded
format.
PrivateKey (string) The contents of the private key in PEM-encoded format.
CertificateChain (string) The contents of the certificate chain. This is typically a con-
catenation of the PEM-encoded public key certificates of the chain.
Return type dict

upload_signing_certificate(CertificateBody, UserName=None)
Uploads an X.509 signing certificate and associates it with the specified user. Some AWS services use
X.509 signing certificates to validate requests that are signed with a corresponding private key. When you
upload the certificate, its default status is Active .
If the UserName field is not specified, the user name is determined implicitly based on the AWS access
Note: Because the body of a X.509 certificate can be large, you should use POST rather than GET when
calling UploadSigningCertificate . For information about setting up signatures and authorization
through the API, go to Signing AWS API Requests in the AWS General Reference . For general information
about using the Query API with IAM, go to Making Query Requests in the Using IAM guide.
Parameters
UserName (string) The name of the user the signing certificate is for.
CertificateBody (string) The contents of the signing certificate.
Return type dict
Service Resource
class iam.Service
A resource representing AWS Identity and Access Management:
import boto3
iam = boto3.resource(iam)
Actions
some attributes.
change_password(OldPassword, NewPassword)
This method calls iam.Client.change_password().
Parameters
OldPassword (string) The IAM users current password.
NewPassword (string) The new password. The new password must conform to the AWS
accounts password policy, if one exists.
Return type dict
create_account_alias(AccountAlias)
This method calls iam.Client.create_account_alias().
Parameters AccountAlias (string) The name of the account alias to create.
Return type iam.AccountAlias
create_account_password_policy(MinimumPasswordLength=None, RequireSymbols=None,
RequireNumbers=None, RequireUppercaseCharac-
ters=None, RequireLowercaseCharacters=None,
AllowUsersToChangePassword=None, MaxPass-
wordAge=None, PasswordReusePrevention=None,
HardExpiry=None)
2.1. Services 349

This method calls iam.Client.update_account_password_policy().

Parameters
IAM user password.
Default value: 6
! @ # $ % ^ amp; * ( ) _ + - = [ ] { } |
Default value: 0
Default value: 0
Return type iam.AccountPasswordPolicy
create_group(GroupName, Path=None)
This method calls iam.Client.create_group().
Parameters
Path (string) The path to the group. For more information about paths, see IAM Identi-
fiers in the Using IAM guide.
GroupName (string) The name of the group to create. Do not include the path in this
value.

Return type iam.Group

create_instance_profile(InstanceProfileName, Path=None)
This method calls iam.Client.create_instance_profile().
Parameters
InstanceProfileName (string) The name of the instance profile to create.
Path (string) The path to the instance profile. For more information about paths, see
Return type iam.InstanceProfile
create_role(RoleName, AssumeRolePolicyDocument, Path=None)
This method calls iam.Client.create_role().
Parameters
Path (string) The path to the role. For more information about paths, see IAM Identifiers
RoleName (string) The name of the role to create.
AssumeRolePolicyDocument (string) The policy that grants an entity permission to
assume the role.
Return type iam.Role
create_saml_provider(SAMLMetadataDocument, Name)
This method calls iam.Client.create_saml_provider().
Parameters
For more information, see Creating Temporary Security Credentials for SAML Federation
in the Using Temporary Security Credentials guide.
Name (string) The name of the provider to create.
Return type iam.SamlProvider
create_server_certificate(ServerCertificateName, CertificateBody, PrivateKey, Path=None,
CertificateChain=None)
This method calls iam.Client.upload_server_certificate().
Parameters
Path (string) The path for the server certificate. For more information about paths, see
Note: If you are uploading a server certificate specifically for use with Amazon
CloudFront distributions, you must specify a path using the --path option. The
path must begin with /cloudfront and must include a trailing slash (for example,
/cloudfront/test/ ).
2.1. Services 351

ServerCertificateName (string) The name for the server certificate. Do not include the
path in this value.
CertificateBody (string) The contents of the public key certificate in PEM-encoded
format.
PrivateKey (string) The contents of the private key in PEM-encoded format.
CertificateChain (string) The contents of the certificate chain. This is typically a con-
catenation of the PEM-encoded public key certificates of the chain.
Return type iam.ServerCertificate
create_signing_certificate(CertificateBody, UserName=None)
This method calls iam.Client.upload_signing_certificate().
Parameters
UserName (string) The name of the user the signing certificate is for.
CertificateBody (string) The contents of the signing certificate.
Return type iam.SigningCertificate
create_user(UserName, Path=None)
This method calls iam.Client.create_user().
Parameters
Path (string) The path for the user name. For more information about paths, see IAM
UserName (string) The name of the user to create.
Return type iam.User
create_virtual_mfa_device(VirtualMFADeviceName, Path=None)
This method calls iam.Client.create_virtual_mfa_device().
Parameters
Path (string) The path for the virtual MFA device. For more information about paths,
VirtualMFADeviceName (string) The name of the virtual MFA device. Use with path
to uniquely identify a virtual MFA device.
Return type iam.VirtualMfaDevice
Sub-resources
along to the child.
AccessKey(user_name, id)
Create a iam.AccessKey instance.
AccountAlias(name)
Create a iam.AccountAlias instance.
AccountPasswordPolicy()
Create a iam.AccountPasswordPolicy instance.

AccountSummary()
Create a iam.AccountSummary instance.
Group(name)
Create a iam.Group instance.
GroupPolicy(group_name, name)
Create a iam.GroupPolicy instance.
InstanceProfile(name)
Create a iam.InstanceProfile instance.
LoginProfile(user_name)
Create a iam.LoginProfile instance.
MfaDevice(user_name, serial_number)
Create a iam.MfaDevice instance.
Role(name)
Create a iam.Role instance.
RolePolicy(role_name, name)
Create a iam.RolePolicy instance.
SamlProvider(arn)
Create a iam.SamlProvider instance.
ServerCertificate(name)
Create a iam.ServerCertificate instance.
SigningCertificate(id)
Create a iam.SigningCertificate instance.
User(name)
Create a iam.User instance.
UserPolicy(user_name, name)
Create a iam.UserPolicy instance.
VirtualMfaDevice(serial_number)
Create a iam.VirtualMfaDevice instance.
Collections
account_aliases
(CollectionManager) A collection of iam.AccountAlias instances. This collection uses the
iam.Client.list_account_aliases() operation to get items.
groups
(CollectionManager) A collection of iam.Group instances. This collection uses the
iam.Client.list_groups() operation to get items.
instance_profiles
(CollectionManager) A collection of iam.InstanceProfile instances. This collection uses
the iam.Client.list_instance_profiles() operation to get items.
roles
(CollectionManager) A collection of iam.Role instances. This collection uses the
iam.Client.list_roles() operation to get items.
2.1. Services 353

saml_providers
(CollectionManager) A collection of iam.SamlProvider instances. This collection uses the
iam.Client.list_saml_providers() operation to get items.
server_certificates
(CollectionManager) A collection of iam.ServerCertificate instances. This collection uses
the iam.Client.list_server_certificates() operation to get items.
signing_certificates
(CollectionManager) A collection of iam.SigningCertificate instances. This collection
uses the iam.Client.list_signing_certificates() operation to get items.
users
(CollectionManager) A collection of iam.User instances. This collection uses the
iam.Client.list_users() operation to get items.
virtual_mfa_devices
(CollectionManager) A collection of iam.VirtualMfaDevice instances. This collection uses
the iam.Client.list_virtual_mfa_devices() operation to get items.
AccessKey
class iam.AccessKey(user_name, id)

A resource representing an AWS Identity and Access Management AccessKey:
import boto3
access_key = iam.AccessKey(user_name, id)
Identifiers:
id
(string, identifier) The AccessKeys Id identifier. This attribute must be set for the actions below to
work.
user_name
(string, identifier) The AccessKeys UserName identifier. This attribute must be set for the actions
below to work.
Attributes:
access_key_id
(string) The ID for this access key.
create_date
(datetime) The date when the access key was created.
secret_access_key
(string) The secret key used to sign requests.
status
(string) The status of the access key. Active means the key is valid for API calls, while Inactive
means it is not.

user_name
(string) The name of the IAM user that the access key is associated with.
Actions
some attributes.
activate()
This method calls iam.Client.update_access_key().
Return type dict
deactivate()
This method calls iam.Client.update_access_key().
Return type dict
delete()
This method calls iam.Client.delete_access_key().
Return type dict
References
user
(iam.User) The related User if set, otherwise None.
AccountAlias
class iam.AccountAlias(name)
A resource representing an AWS Identity and Access Management AccountAlias:
import boto3
account_alias = iam.AccountAlias(name)
Identifiers:
name
(string, identifier) The AccountAliass Name identifier. This attribute must be set for the actions below
to work.
Actions
some attributes.
delete()
This method calls iam.Client.delete_account_alias().
Return type dict
2.1. Services 355

AccountPasswordPolicy
class iam.AccountPasswordPolicy
A resource representing an AWS Identity and Access Management AccountPasswordPolicy:
import boto3
account_password_policy = iam.AccountPasswordPolicy()
Identifiers:
Attributes:
allow_users_to_change_password
(boolean) Specifies whether IAM users are allowed to change their own password.
expire_passwords
(boolean) Specifies whether IAM users are required to change their password after a specified number
of days.
hard_expiry
(boolean) Specifies whether IAM users are prevented from setting a new password after their password
has expired.
max_password_age
(integer) The number of days that an IAM user password is valid.
minimum_password_length
(integer) Minimum length to require for IAM user passwords.
password_reuse_prevention
(integer) Specifies the number of previous passwords that IAM users are prevented from reusing.
require_lowercase_characters
(boolean) Specifies whether to require lowercase characters for IAM user passwords.
require_numbers
(boolean) Specifies whether to require numbers for IAM user passwords.
require_symbols
(boolean) Specifies whether to require symbols for IAM user passwords.
require_uppercase_characters
(boolean) Specifies whether to require uppercase characters for IAM user passwords.
Actions
some attributes.
delete()
This method calls iam.Client.delete_account_password_policy().
Return type dict

update(MinimumPasswordLength=None, RequireSymbols=None, RequireNumbers=None, Require-

UppercaseCharacters=None, RequireLowercaseCharacters=None, AllowUsersToChangePass-
word=None, MaxPasswordAge=None, PasswordReusePrevention=None, HardExpiry=None)
This method calls iam.Client.update_account_password_policy().
Parameters
IAM user password.
Default value: 6
! @ # $ % ^ amp; * ( ) _ + - = [ ] { } |
Default value: 0
Default value: 0
Return type dict
AccountSummary
class iam.AccountSummary
A resource representing an AWS Identity and Access Management AccountSummary:
2.1. Services 357

import boto3
account_summary = iam.AccountSummary()
Identifiers:
Attributes:
summary_map
(dict) A set of key value pairs containing account-level information.
SummaryMap contains the following keys:
AccessKeysPerUserQuota - Maximum number of access keys that can be created per user
AccountMFAEnabled - 1 if the root account has an MFA device assigned to it, 0 otherwise
AssumeRolePolicySizeQuota - Maximum allowed size for assume role policy documents (in
kilobytes)
GroupPolicySizeQuota - Maximum allowed size for Group policy documents (in kilobytes)
Groups - Number of Groups for the AWS account
GroupsPerUserQuota - Maximum number of groups an IAM user can belong to
GroupsQuota - Maximum groups allowed for the AWS account
InstanceProfiles - Number of instance profiles for the AWS account
InstanceProfilesQuota - Maximum instance profiles allowed for the AWS account
MFADevices - Number of MFA devices, either assigned or unassigned
MFADevicesInUse - Number of MFA devices that have been assigned to an IAM user or to the
root account
RolePolicySizeQuota - Maximum allowed size for role policy documents (in kilobytes)
Roles - Number of roles for the AWS account
RolesQuota - Maximum roles allowed for the AWS account
ServerCertificates - Number of server certificates for the AWS account
ServerCertificatesQuota - Maximum server certificates allowed for the AWS account
SigningCertificatesPerUserQuota - Maximum number of X509 certificates allowed for a
user
UserPolicySizeQuota - Maximum allowed size for user policy documents (in kilobytes)
Users - Number of users for the AWS account
UsersQuota - Maximum users allowed for the AWS account
Actions
some attributes.

Group
class iam.Group(name)
A resource representing an AWS Identity and Access Management Group:
import boto3
group = iam.Group(name)
Identifiers:
name
(string, identifier) The Groups Name identifier. This attribute must be set for the actions below to
work.
Attributes:
arn
(string) The Amazon Resource Name (ARN) specifying the group. For more information about ARNs
and how to use them in policies, see IAM Identifiers in the Using IAM guide.
create_date
(datetime) The date and time, in ISO 8601 date-time format , when the group was created.
group_id
(string) The stable and unique string identifying the group. For more information about IDs, see IAM
group_name
(string) The friendly name that identifies the group.
path
(string) The path to the group. For more information about paths, see IAM Identifiers in the Using IAM
guide.
Actions
some attributes.
add_user(UserName)
This method calls iam.Client.add_user_to_group().
Parameters UserName (string) The name of the user to add.
Return type dict
create(Path=None)
This method calls iam.Client.create_group().
Parameters Path (string) The path to the group. For more information about paths, see IAM
Return type dict
2.1. Services 359

create_policy(PolicyName, PolicyDocument)
This method calls iam.Client.put_group_policy().
Parameters
Return type iam.GroupPolicy
delete()
This method calls iam.Client.delete_group().
Return type dict
remove_user(UserName)
This method calls iam.Client.remove_user_from_group().
Parameters UserName (string) The name of the user to remove.
Return type dict
update(NewPath=None, NewGroupName=None)
This method calls iam.Client.update_group().
Parameters
NewPath (string) New path for the group. Only include this if changing the groups
path.
NewGroupName (string) New name for the group. Only include this if changing the
groups name.
Return type iam.Group
Sub-resources
along to the child.
GroupPolicy(name)
Create a iam.GroupPolicy instance.
Collections
policies
(CollectionManager) A collection of iam.GroupPolicy instances. This collection uses the
iam.Client.list_group_policies() operation to get items.
users
(CollectionManager) A collection of iam.User instances. This collection uses the
iam.Client.get_group() operation to get items.
GroupPolicy
class iam.GroupPolicy(group_name, name)

A resource representing an AWS Identity and Access Management GroupPolicy:

import boto3
group_policy = iam.GroupPolicy(group_name, name)
Identifiers:
group_name
(string, identifier) The GroupPolicys GroupName identifier. This attribute must be set for the actions
below to work.
name
(string, identifier) The GroupPolicys Name identifier. This attribute must be set for the actions below
to work.
Attributes:
group_name
(string) The group the policy is associated with.
policy_document
(string) The policy document.
policy_name
(string) The name of the policy.
Actions
some attributes.
delete()
This method calls iam.Client.delete_group_policy().
Return type dict
put(PolicyDocument)
This method calls iam.Client.put_group_policy().
Parameters PolicyDocument (string) The policy document.
Return type dict
References
group
(iam.Group) The related Group if set, otherwise None.
InstanceProfile
class iam.InstanceProfile(name)
A resource representing an AWS Identity and Access Management InstanceProfile:
2.1. Services 361

import boto3
instance_profile = iam.InstanceProfile(name)
Identifiers:
name
(string, identifier) The InstanceProfiles Name identifier. This attribute must be set for the actions
below to work.
Attributes:
arn
(string) The Amazon Resource Name (ARN) specifying the instance profile. For more information
about ARNs and how to use them in policies, see IAM Identifiers in the Using IAM guide.
create_date
(datetime) The date when the instance profile was created.
instance_profile_id
(string) The stable and unique string identifying the instance profile. For more information about IDs,
instance_profile_name
(string) The name identifying the instance profile.
path
(string) The path to the instance profile. For more information about paths, see IAM Identifiers in the
Using IAM guide.
roles
(list) The role associated with the instance profile.
Actions
some attributes.
add_role(RoleName)
This method calls iam.Client.add_role_to_instance_profile().
Parameters RoleName (string) The name of the role to add.
Return type dict
delete()
This method calls iam.Client.delete_instance_profile().
Return type dict
remove_role(RoleName)
This method calls iam.Client.remove_role_from_instance_profile().
Parameters RoleName (string) The name of the role to remove.
Return type dict

References
roles
(iam.Role) The related Role if set, otherwise None.
LoginProfile
class iam.LoginProfile(user_name)
A resource representing an AWS Identity and Access Management LoginProfile:
import boto3
login_profile = iam.LoginProfile(user_name)
Identifiers:
user_name
(string, identifier) The LoginProfiles UserName identifier. This attribute must be set for the actions
below to work.
Attributes:
create_date
(datetime) The date when the password for the user was created.
password_reset_required
(boolean) Specifies whether the user is required to set a new password on next sign-in.
user_name
(string) The name of the user, which can be used for signing in to the AWS Management Console.
Actions
some attributes.
create(Password, PasswordResetRequired=None)
This method calls iam.Client.create_login_profile().
Parameters
Password (string) The new password for the user.
PasswordResetRequired (boolean) Specifies whether the user is required to set a new
password on next sign-in.
Return type dict
delete()
This method calls iam.Client.delete_login_profile().
Return type dict
update(Password=None, PasswordResetRequired=None)
This method calls iam.Client.update_login_profile().
2.1. Services 363

Parameters
Password (string) The new password for the specified user.
PasswordResetRequired (boolean) Require the specified user to set a new password on
next sign-in.
Return type dict
References
user
MfaDevice
class iam.MfaDevice(user_name, serial_number)

A resource representing an AWS Identity and Access Management MfaDevice:
import boto3
mfa_device = iam.MfaDevice(user_name, serial_number)
Identifiers:
serial_number
(string, identifier) The MfaDevices SerialNumber identifier. This attribute must be set for the actions
below to work.
user_name
(string, identifier) The MfaDevices UserName identifier. This attribute must be set for the actions
below to work.
Attributes:
enable_date
(datetime) The date when the MFA device was enabled for the user.
serial_number
(string) The serial number that uniquely identifies the MFA device. For virtual MFA devices, the serial
number is the device ARN.
user_name
(string) The user with whom the MFA device is associated.
Actions
some attributes.
deactivate()
This method calls iam.Client.deactivate_mfa_device().
Return type dict

enable(AuthenticationCode1, AuthenticationCode2)
This method calls iam.Client.enable_mfa_device().
Parameters
Return type dict
resync(AuthenticationCode1, AuthenticationCode2)
This method calls iam.Client.resync_mfa_device().
Parameters
Return type dict
References
user
Role
class iam.Role(name)
A resource representing an AWS Identity and Access Management Role:
import boto3
role = iam.Role(name)
Identifiers:
name
(string, identifier) The Roles Name identifier. This attribute must be set for the actions below to work.
Attributes:
arn
(string) The Amazon Resource Name (ARN) specifying the role. For more information about ARNs
and how to use them in policies, see IAM Identifiers in the Using IAM guide.
assume_role_policy_document
(string) The policy that grants an entity permission to assume the role.
The returned policy is URL-encoded according to RFC 3986 .
create_date
(datetime) The date and time, in ISO 8601 date-time format , when the role was created.
2.1. Services 365

path
(string) The path to the role. For more information about paths, see IAM Identifiers in the Using IAM
guide.
role_id
(string) The stable and unique string identifying the role. For more information about IDs, see IAM
role_name
(string) The friendly name that identifies the role.
Actions
some attributes.
delete()
This method calls iam.Client.delete_role().
Return type dict
update_assume_role_policy(PolicyDocument)
This method calls iam.Client.update_assume_role_policy().
Parameters PolicyDocument (string) The policy that grants an entity permission to assume
the role.
Return type dict
Sub-resources
along to the child.
RolePolicy(name)
Create a iam.RolePolicy instance.
Collections
instance_profiles
(CollectionManager) A collection of iam.InstanceProfile instances. This collection uses
the iam.Client.list_instance_profiles_for_role() operation to get items.
policies
(CollectionManager) A collection of iam.RolePolicy instances. This collection uses the
iam.Client.list_role_policies() operation to get items.
RolePolicy
class iam.RolePolicy(role_name, name)

A resource representing an AWS Identity and Access Management RolePolicy:
import boto3
role_policy = iam.RolePolicy(role_name, name)

Identifiers:
name
(string, identifier) The RolePolicys Name identifier. This attribute must be set for the actions below
to work.
role_name
(string, identifier) The RolePolicys RoleName identifier. This attribute must be set for the actions
below to work.
Attributes:
policy_document
policy_name
role_name
(string) The role the policy is associated with.
Actions
some attributes.
delete()
This method calls iam.Client.delete_role_policy().
Return type dict
put(PolicyDocument)
This method calls iam.Client.put_role_policy().
Return type dict
References
role
(iam.Role) The related Role if set, otherwise None.
SamlProvider
class iam.SamlProvider(arn)
A resource representing an AWS Identity and Access Management SamlProvider:
import boto3
saml_provider = iam.SamlProvider(arn)
Identifiers:
2.1. Services 367

arn
(string, identifier) The SamlProviders Arn identifier. This attribute must be set for the actions below
to work.
Attributes:
create_date
(datetime) The date and time when the SAML provider was created.
saml_metadata_document
(string) The XML metadata document that includes information about an identity provider.
valid_until
(datetime) The expiration date and time for the SAML provider.
Actions
some attributes.
delete()
This method calls iam.Client.delete_saml_provider().
Return type dict
update(SAMLMetadataDocument)
This method calls iam.Client.update_saml_provider().
Parameters SAMLMetadataDocument (string) An XML document generated by an identity
Return type dict
ServerCertificate
class iam.ServerCertificate(name)
A resource representing an AWS Identity and Access Management ServerCertificate:
import boto3
server_certificate = iam.ServerCertificate(name)
Identifiers:
name
(string, identifier) The ServerCertificates Name identifier. This attribute must be set for the actions
below to work.
Attributes:
certificate_body
(string) The contents of the public key certificate.

certificate_chain
(string) The contents of the public key certificate chain.
server_certificate_metadata
(dict) The meta information of the server certificate, such as its name, path, ID, and ARN.
Actions
some attributes.
delete()
This method calls iam.Client.delete_server_certificate().
Return type dict
update(NewPath=None, NewServerCertificateName=None)
This method calls iam.Client.update_server_certificate().
Parameters
NewPath (string) The new path for the server certificate. Include this only if you are
updating the server certificates path.
NewServerCertificateName (string) The new name for the server certificate. Include
this only if you are updating the server certificates name.
Return type iam.ServerCertificate
SigningCertificate
class iam.SigningCertificate(id)
A resource representing an AWS Identity and Access Management SigningCertificate:
import boto3
signing_certificate = iam.SigningCertificate(id)
Identifiers:
id
(string, identifier) The SigningCertificates Id identifier. This attribute must be set for the actions
below to work.
Attributes:
certificate_body
(string) The contents of the signing certificate.
certificate_id
(string) The ID for the signing certificate.
status
(string) The status of the signing certificate. Active means the key is valid for API calls, while
Inactive means it is not.
2.1. Services 369

upload_date
(datetime) The date when the signing certificate was uploaded.
user_name
(string) The name of the user the signing certificate is associated with.
Actions
some attributes.
activate(UserName=None)
This method calls iam.Client.update_signing_certificate().
Parameters UserName (string) The name of the user the signing certificate belongs to.
Return type dict
deactivate(UserName=None)
This method calls iam.Client.update_signing_certificate().
Return type dict
delete(UserName=None)
This method calls iam.Client.delete_signing_certificate().
Return type dict
User
class iam.User(name)
A resource representing an AWS Identity and Access Management User:
import boto3
user = iam.User(name)
Identifiers:
name
(string, identifier) The Users Name identifier. This attribute must be set for the actions below to work.
Attributes:
arn
(string) The Amazon Resource Name (ARN) that identifies the user. For more information about ARNs
and how to use ARNs in policies, see IAM Identifiers in the Using IAM guide.
create_date
(datetime) The date and time, in ISO 8601 date-time format , when the user was created.
password_last_used
(datetime) The date and time, in ISO 8601 date-time format , when the users password was last used
to sign in to an AWS website. For a list of AWS websites that capture a users last sign-in time, see the

Credential Reports topic in the Using IAM guide. If a password is used more than once in a five-minute
span, only the first use is returned in this field. When the user does not have a password, this field is null
(not present). When a users password exists but has never been used, or when there is no sign-in data
associated with the user, this field is null (not present).
This value is returned only in the GetUser and ListUsers actions.
path
(string) The path to the user. For more information about paths, see IAM Identifiers in the Using IAM
guide.
user_id
(string) The stable and unique string identifying the user. For more information about IDs, see IAM
user_name
(string) The friendly name identifying the user.
Actions
some attributes.
add_group(GroupName)
This method calls iam.Client.add_user_to_group().
Parameters GroupName (string) The name of the group to update.
Return type dict
create_access_key()
This method calls iam.Client.create_access_key().
Return type iam.AccessKey
create_policy(PolicyName, PolicyDocument)
This method calls iam.Client.put_user_policy().
Parameters
Return type iam.UserPolicy
delete()
This method calls iam.Client.delete_user().
Return type dict
enable_mfa(SerialNumber, AuthenticationCode1, AuthenticationCode2)
This method calls iam.Client.enable_mfa_device().
Parameters
Return type iam.MfaDevice
2.1. Services 371

remove_group(GroupName)
This method calls iam.Client.remove_user_from_group().
Parameters GroupName (string) The name of the group to update.
Return type dict
update(NewPath=None, NewUserName=None)
This method calls iam.Client.update_user().
Parameters
NewPath (string) New path for the user. Include this parameter only if youre changing
the users path.
NewUserName (string) New name for the user. Include this parameter only if youre
changing the users name.
Return type iam.User
Sub-resources
along to the child.
AccessKey(id)
Create a iam.AccessKey instance.
LoginProfile()
Create a iam.LoginProfile instance.
MfaDevice(serial_number)
Create a iam.MfaDevice instance.
UserPolicy(name)
Create a iam.UserPolicy instance.
Collections
access_keys
(CollectionManager) A collection of iam.AccessKey instances. This collection uses the
iam.Client.list_access_keys() operation to get items.
groups
(CollectionManager) A collection of iam.Group instances. This collection uses the
iam.Client.list_groups_for_user() operation to get items.
mfa_devices
(CollectionManager) A collection of iam.MfaDevice instances. This collection uses the
iam.Client.list_mfa_devices() operation to get items.
policies
(CollectionManager) A collection of iam.UserPolicy instances. This collection uses the
iam.Client.list_user_policies() operation to get items.
UserPolicy
class iam.UserPolicy(user_name, name)

A resource representing an AWS Identity and Access Management UserPolicy:

import boto3
user_policy = iam.UserPolicy(user_name, name)
Identifiers:
name
(string, identifier) The UserPolicys Name identifier. This attribute must be set for the actions below
to work.
user_name
(string, identifier) The UserPolicys UserName identifier. This attribute must be set for the actions
below to work.
Attributes:
policy_document
policy_name
user_name
(string) The user the policy is associated with.
Actions
some attributes.
delete()
This method calls iam.Client.delete_user_policy().
Return type dict
put(PolicyDocument)
This method calls iam.Client.put_user_policy().
Return type dict
References
user
VirtualMfaDevice
class iam.VirtualMfaDevice(serial_number)
A resource representing an AWS Identity and Access Management VirtualMfaDevice:
2.1. Services 373

import boto3
virtual_mfa_device = iam.VirtualMfaDevice(serial_number)
Identifiers:
serial_number
(string, identifier) The VirtualMfaDevices SerialNumber identifier. This attribute must be set for the
actions below to work.
Attributes:
base_32_string_seed
(blob) The Base32 seed defined as specified in RFC3548 . The Base32StringSeed is Base64-
encoded.
enable_date
(datetime) The date and time on which the virtual MFA device was enabled.
qr_code_png
(blob) A QR code PNG image that encodes otpauth://totp/$virtualMFADeviceName@$AccountName?sec
where $virtualMFADeviceName is one of the create call arguments, AccountName is the user
name if set (otherwise, the account ID otherwise), and Base32String is the seed in Base32 format.
The Base32String value is Base64-encoded.
serial_number
(string) The serial number associated with VirtualMFADevice .
user
(dict) Contains information about an IAM user entity.
This data type is used as a response element in the following actions:
CreateUser
GetUser
ListUsers
Actions
some attributes.
delete()
This method calls iam.Client.delete_virtual_mfa_device().
Return type dict
References
user

2.1.22 AWS Import/Export
Table of Contents
AWS Import/Export
Client
Client
class importexport.Client
A low-level client representing AWS Import/Export:
import boto3
importexport = boto3.client(importexport)
cancel_job(JobId)
This operation cancels a specified job. Only the job owner can cancel it. The operation fails if the job has
already started or is complete.
Parameters JobId (string) A unique identifier which refers to a particular job.
Return type dict
create_job(JobType, Manifest, ValidateOnly, ManifestAddendum=None)
This operation initiates the process of scheduling an upload or download of your data. You include in the
request a manifest that describes the data transfer specifics. The response to the request includes a job ID,
which you can use in other operations, a signature that you use to identify your storage device, and the
address where you should ship your storage device.
Parameters
JobType (string) Specifies whether the job to initiate is an import or export job.
Manifest (string) The UTF-8 encoded text of the manifest file.
ManifestAddendum (string) For internal use only.
ValidateOnly (boolean) Validate the manifest and parameter values in the request but
do not actually create a job.
Return type dict
get_status(JobId)
This operation returns information about a job, including where the job is in the processing pipeline, the
status of the results, and the signature value associated with the job. You can only return information about
jobs you own.
Parameters JobId (string) A unique identifier which refers to a particular job.
Return type dict
list_jobs(MaxJobs=None, Marker=None)
This operation returns the jobs associated with the requester. AWS Import/Export lists the jobs in reverse
chronological order based on the date of creation. For example if Job Test1 was created 2009Dec30 and
Test2 was created 2010Feb05, the ListJobs operation would return Test2 followed by Test1.
Parameters
2.1. Services 375

MaxJobs (integer) Sets the maximum number of jobs returned in the response. If there
are additional jobs that were not returned because MaxJobs was exceeded, the response
contains IsTruncatedtrue/IsTruncated. To return the additional jobs, see Marker.
Marker (string) Specifies the JOBID to start after when listing the jobs created with your
account. AWS Import/Export lists your jobs in reverse chronological order. See MaxJobs.
Return type dict
update_job(JobId, Manifest, JobType, ValidateOnly)
You use this operation to change the parameters specified in the original manifest file by supplying a new
manifest file. The manifest file attached to this request replaces the original manifest file. You can only
use the operation after a CreateJob request but before the data transfer starts and you can only use it on
jobs you own.
Parameters
JobId (string) A unique identifier which refers to a particular job.
Manifest (string) The UTF-8 encoded text of the manifest file.
JobType (string) Specifies whether the job to initiate is an import or export job.
ValidateOnly (boolean) Validate the manifest and parameter values in the request but
do not actually create a job.
Return type dict
2.1.23 Amazon Kinesis
Table of Contents
Amazon Kinesis
Client
Client
class kinesis.Client
A low-level client representing Amazon Kinesis:
import boto3
kinesis = boto3.client(kinesis)
add_tags_to_stream(StreamName, Tags)
Adds or updates tags for the specified Amazon Kinesis stream. Each stream can have up to 10 tags.
If tags have already been assigned to the stream, AddTagsToStream overwrites any existing tags that
correspond to the specified tag keys.
Parameters
StreamName (string) The name of the stream.
Tags (dict) The set of key-value pairs to use to create the tags.
Return type dict

create_stream(StreamName, ShardCount)
Creates a Amazon Kinesis stream. A stream captures and transports data records that are continuously
emitted from different data sources or producers . Scale-out within an Amazon Kinesis stream is explicitly
supported by means of shards, which are uniquely identified groups of data records in an Amazon Kinesis
stream.
You specify and control the number of shards that a stream is composed of. Each open shard can support
up to 5 read transactions per second, up to a maximum total of 2 MB of data read per second. Each
shard can support up to 1000 records written per second, up to a maximum total of 1 MB data written per
second. You can add shards to a stream if the amount of data input increases and you can remove shards if
the amount of data input decreases.
The stream name identifies the stream. The name is scoped to the AWS account used by the application. It
is also scoped by region. That is, two streams in two different accounts can have the same name, and two
streams in the same account, but in two different regions, can have the same name.
CreateStream is an asynchronous operation. Upon receiving a CreateStream request, Amazon
Kinesis immediately returns and sets the stream status to CREATING . After the stream is created, Amazon
Kinesis sets the stream status to ACTIVE . You should perform read and write operations only on an
ACTIVE stream.
You receive a LimitExceededException when making a CreateStream request if you try to do
one of the following:
Have more than five streams in the CREATING state at any point in time.
Create more shards than are authorized for your account.
The default limit for an AWS account is 10 shards per stream. If you need to create a stream with more
than 10 shards, contact AWS Support to increase the limit on your account.
You can use DescribeStream to check the stream status, which is returned in StreamStatus .
CreateStream has a limit of 5 transactions per second per account.
Parameters
StreamName (string) A name to identify the stream. The stream name is scoped to the
AWS account used by the application that creates the stream. It is also scoped by region.
That is, two streams in two different AWS accounts can have the same name, and two
streams in the same AWS account, but in two different regions, can have the same name.
ShardCount (integer) The number of shards that the stream will use. The throughput
of the stream is a function of the number of shards; more shards are required for greater
provisioned throughput.
Note: The default limit for an AWS account is 10 shards per stream. If you need to create
a stream with more than 10 shards, contact AWS Support to increase the limit on your
account.
Return type dict
delete_stream(StreamName)
Deletes a stream and all its shards and data. You must shut down any applications that are operating on
the stream before you delete the stream. If an application attempts to operate on a deleted stream, it will
receive the exception ResourceNotFoundException .
If the stream is in the ACTIVE state, you can delete it. After a DeleteStream request, the specified
stream is in the DELETING state until Amazon Kinesis completes the deletion.
Note: Amazon Kinesis might continue to accept data read and write operations, such as PutRecord ,
PutRecords , and GetRecords , on a stream in the DELETING state until the stream deletion is complete.
2.1. Services 377

When you delete a stream, any shards in that stream are also deleted, and any tags are dissociated from the
stream.
You can use the DescribeStream operation to check the state of the stream, which is returned in
StreamStatus .
DeleteStream has a limit of 5 transactions per second per account.
Parameters StreamName (string) The name of the stream to delete.
Return type dict
describe_stream(StreamName, Limit=None, ExclusiveStartShardId=None)
Describes the specified stream.
The information about the stream includes its current status, its Amazon Resource Name (ARN), and an
array of shard objects. For each shard object, there is information about the hash key and sequence number
ranges that the shard spans, and the IDs of any earlier shards that played in a role in creating the shard.
A sequence number is the identifier associated with every record ingested in the Amazon Kinesis stream.
The sequence number is assigned when a record is put into the stream.
You can limit the number of returned shards using the Limit parameter. The number of shards in a stream
may be too large to return from a single call to DescribeStream . You can detect this by using the
HasMoreShards flag in the returned output. HasMoreShards is set to true when there is more data
available.
DescribeStream is a paginated operation. If there are more shards available, you can request them us-
ing the shard ID of the last shard returned. Specify this ID in the ExclusiveStartShardId parameter
in a subsequent request to DescribeStream .
DescribeStream has a limit of 10 transactions per second per account.
Parameters
StreamName (string) The name of the stream to describe.
Limit (integer) The maximum number of shards to return.
ExclusiveStartShardId (string) The shard ID of the shard to start with.
Return type dict
get_records(ShardIterator, Limit=None)
Gets data records from a shard.
Specify a shard iterator using the ShardIterator parameter. The shard iterator specifies the position in
the shard from which you want to start reading data records sequentially. If there are no records available
in the portion of the shard that the iterator points to, GetRecords returns an empty list. Note that it
might take multiple calls to get to a portion of the shard that contains records.
You can scale by provisioning multiple shards. Your application should have one thread per shard, each
reading continuously from its stream. To read from a stream continually, call GetRecords in a loop.
Use GetShardIterator to get the shard iterator to specify in the first GetRecords call. GetRecords
returns a new shard iterator in NextShardIterator . Specify the shard iterator returned in
NextShardIterator in subsequent calls to GetRecords . Note that if the shard has been closed,
the shard iterator cant return more data and GetRecords returns null in NextShardIterator .
You can terminate the loop when the shard is closed, or when the shard iterator reaches the record with the
sequence number or other attribute that marks it as the last record to process.
Each data record can be up to 50 KB in size, and each shard can read up to 2 MB per second. You can ensure
that your calls dont exceed the maximum supported size or throughput by using the Limit parameter

to specify the maximum number of records that GetRecords can return. Consider your average record
size when determining this limit. For example, if your average record size is 40 KB, you can limit the data
returned to about 1 MB per call by specifying 25 as the limit.
The size of the data returned by GetRecords will vary depending on the utilization of the shard. The
maximum size of data that GetRecords can return is 10 MB. If a call returns 10 MB of data, subsequent
calls made within the next 5 seconds throw ProvisionedThroughputExceededException . If
there is insufficient provisioned throughput on the shard, subsequent calls made within the next 1 second
throw ProvisionedThroughputExceededException . Note that GetRecords wont return
any data when it throws an exception. For this reason, we recommend that you wait one second between
calls to GetRecords ; however, its possible that the application will get exceptions for longer than 1
second.
To detect whether the application is falling behind in processing, add a timestamp to your records and
note how long it takes to process them. You can also monitor how much data is in a stream using the
CloudWatch metrics for write operations (PutRecord and PutRecords ). For more information, see
Monitoring Amazon Kinesis with Amazon CloudWatch in the Amazon Kinesis Developer Guide .
Parameters
ShardIterator (string) The position in the shard from which you want to start sequen-
tially reading data records. A shard iterator specifies this position using the sequence
number of a data record in the shard.
Limit (integer) The maximum number of records to return. Specify a value of up
to 10,000. If you specify a value that is greater than 10,000, GetRecords throws
InvalidArgumentException .
Return type dict
get_shard_iterator(StreamName, ShardId, ShardIteratorType, StartingSequenceNumber=None)
Gets a shard iterator. A shard iterator expires five minutes after it is returned to the requester.
A shard iterator specifies the position in the shard from which to start reading data records sequentially.
A shard iterator specifies this position using the sequence number of a data record in a shard. A sequence
number is the identifier associated with every record ingested in the Amazon Kinesis stream. The sequence
number is assigned when a record is put into the stream.
You must specify the shard iterator type. For example, you can set the ShardIteratorType
parameter to read exactly from the position denoted by a specific sequence number by using the
AT_SEQUENCE_NUMBER shard iterator type, or right after the sequence number by using the
AFTER_SEQUENCE_NUMBER shard iterator type, using sequence numbers returned by earlier calls to
PutRecord , PutRecords , GetRecords , or DescribeStream . You can specify the shard iterator type
TRIM_HORIZON in the request to cause ShardIterator to point to the last untrimmed record in
the shard in the system, which is the oldest data record in the shard. Or you can point to just after the most
recent record in the shard, by using the shard iterator type LATEST , so that you always read the most
recent data in the shard.
When you repeatedly read from an Amazon Kinesis stream use a GetShardIterator request to get the first
shard iterator to to use in your first GetRecords request and then use the shard iterator returned by the
GetRecords request in NextShardIterator for subsequent reads. A new shard iterator is returned
by every GetRecords request in NextShardIterator , which you use in the ShardIterator
parameter of the next GetRecords request.
If a GetShardIterator request is made too often, you receive a
ProvisionedThroughputExceededException . For more information about throughput
limits, see GetRecords .
If the shard is closed, the iterator cant return more data, and GetShardIterator returns null for its
ShardIterator . A shard can be closed using SplitShard or MergeShards .
2.1. Services 379

GetShardIterator has a limit of 5 transactions per second per account per open shard.
Parameters
ShardId (string) The shard ID of the shard to get the iterator for.
ShardIteratorType (string) Determines how the shard iterator is used to start reading
data records from the shard.
The following are the valid shard iterator types:
AT_SEQUENCE_NUMBER - Start reading exactly from the position denoted by a spe-
cific sequence number.
AFTER_SEQUENCE_NUMBER - Start reading right after the position denoted by a
specific sequence number.
TRIM_HORIZON - Start reading at the last untrimmed record in the shard in the sys-
tem, which is the oldest data record in the shard.
LATEST - Start reading just after the most recent record in the shard, so that you always
read the most recent data in the shard.
StartingSequenceNumber (string) The sequence number of the data record in the shard
from which to start reading from.
Return type dict
get_waiter(name)
stream_exists
list_streams(Limit=None, ExclusiveStartStreamName=None)
Lists your streams.
The number of streams may be too large to return from a single call to ListStreams . You can limit
the number of returned streams using the Limit parameter. If you do not specify a value for the Limit
parameter, Amazon Kinesis uses the default limit, which is currently 10.
You can detect if there are more streams available to list by using the HasMoreStreams flag from the
returned output. If there are more streams available, you can request more streams by using the name of the
last stream returned by the ListStreams request in the ExclusiveStartStreamName parameter
in a subsequent request to ListStreams . The group of stream names returned by the subsequent request
is then added to the list. You can continue this process until all the stream names have been collected in
the list.
ListStreams has a limit of 5 transactions per second per account.
Parameters
Limit (integer) The maximum number of streams to list.
ExclusiveStartStreamName (string) The name of the stream to start the list with.
Return type dict
list_tags_for_stream(StreamName, ExclusiveStartTagKey=None, Limit=None)
Lists the tags for the specified Amazon Kinesis stream.
Parameters


ExclusiveStartTagKey (string) The key to use as the starting point for the list of
tags. If this parameter is set, ListTagsForStream gets all tags that occur after
ExclusiveStartTagKey .
Limit (integer) The number of tags to return. If this number is less than the total number
of tags associated with the stream, HasMoreTags is set to true . To list additional tags,
set ExclusiveStartTagKey to the last key in the response.
Return type dict
merge_shards(StreamName, ShardToMerge, AdjacentShardToMerge)
Merges two adjacent shards in a stream and combines them into a single shard to reduce the streams
capacity to ingest and transport data. Two shards are considered adjacent if the union of the hash key
ranges for the two shards form a contiguous set with no gaps. For example, if you have two shards, one
with a hash key range of 276...381 and the other with a hash key range of 382...454, then you could merge
these two shards into a single shard that would have a hash key range of 276...454. After the merge, the
single child shard receives data for all hash key values covered by the two parent shards.
MergeShards is called when there is a need to reduce the overall capacity of a stream because of
excess capacity that is not being used. You must specify the shard to be merged and the adjacent shard
for a stream. For more information about merging shards, see Merge Two Shards in the Amazon Kinesis
Developer Guide .
If the stream is in the ACTIVE state, you can call MergeShards . If a stream is in the CREATING
, UPDATING , or DELETING state, MergeShards returns a ResourceInUseException . If the
specified stream does not exist, MergeShards returns a ResourceNotFoundException .
You can use DescribeStream to check the state of the stream, which is returned in StreamStatus .
MergeShards is an asynchronous operation. Upon receiving a MergeShards request, Amazon Kine-
sis immediately returns a response and sets the StreamStatus to UPDATING . After the operation is
completed, Amazon Kinesis sets the StreamStatus to ACTIVE . Read and write operations continue
to work while the stream is in the UPDATING state.
You use DescribeStream to determine the shard IDs that are specified in the MergeShards request.
If you try to operate on too many streams in parallel using CreateStream , DeleteStream , MergeShards
or SplitShard , you will receive a LimitExceededException .
MergeShards has limit of 5 transactions per second per account.
Parameters
StreamName (string) The name of the stream for the merge.
ShardToMerge (string) The shard ID of the shard to combine with the adjacent shard
for the merge.
AdjacentShardToMerge (string) The shard ID of the adjacent shard for the merge.
Return type dict
put_record(StreamName, Data, PartitionKey, ExplicitHashKey=None, SequenceNumberForOrder-
ing=None)
Puts (writes) a single data record from a producer into an Amazon Kinesis stream. Call PutRecord
to send data from the producer into the Amazon Kinesis stream for real-time ingestion and subsequent
processing, one record at a time. Each shard can support up to 1000 records written per second, up to a
maximum total of 1 MB data written per second.
You must specify the name of the stream that captures, stores, and transports the data; a partition key; and
the data blob itself.
2.1. Services 381

The data blob can be any type of data; for example, a segment from a log file, geographic/location data,
website clickstream data, and so on.
The partition key is used by Amazon Kinesis to distribute data across shards. Amazon Kinesis segregates
the data records that belong to a data stream into multiple shards, using the partition key associated with
each data record to determine which shard a given data record belongs to.
Partition keys are Unicode strings, with a maximum length limit of 256 bytes. An MD5 hash function is
used to map partition keys to 128-bit integer values and to map associated data records to shards using
the hash key ranges of the shards. You can override hashing the partition key to determine the shard by
explicitly specifying a hash value using the ExplicitHashKey parameter. For more information, see
Partition Key in the Amazon Kinesis Developer Guide .
PutRecord returns the shard ID of where the data record was placed and the sequence number that was
assigned to the data record.
Sequence numbers generally increase over time. To guarantee strictly increasing ordering, use the
SequenceNumberForOrdering parameter. For more information, see Sequence Number in the Ama-
zon Kinesis Developer Guide .
If a PutRecord request cannot be processed because of insufficient provisioned throughput on the shard
involved in the request, PutRecord throws ProvisionedThroughputExceededException .
Data records are accessible for only 24 hours from the time that they are added to an Amazon Kinesis
stream.
Parameters
StreamName (string) The name of the stream to put the data record into.
Data (blob) The data blob to put into the record, which is base64-encoded when the blob
is serialized. The maximum size of the data blob (the payload before base64-encoding) is
50 kilobytes (KB)
PartitionKey (string) Determines which shard in the stream the data record is assigned
to. Partition keys are Unicode strings with a maximum length limit of 256 bytes. Amazon
Kinesis uses the partition key as input to a hash function that maps the partition key and
associated data to a specific shard. Specifically, an MD5 hash function is used to map
partition keys to 128-bit integer values and to map associated data records to shards. As a
result of this hashing mechanism, all data records with the same partition key will map to
the same shard within the stream.
ExplicitHashKey (string) The hash value used to explicitly determine the shard the data
record is assigned to by overriding the partition key hash.
SequenceNumberForOrdering (string) Guarantees strictly increasing sequence num-
bers, for puts from the same client and to the same partition key. Usage: set the
SequenceNumberForOrdering of record n to the sequence number of record n-1
(as returned in the PutRecordResult when putting record n-1 ). If this parameter is not set,
records will be coarsely ordered based on arrival time.
Return type dict
put_records(Records, StreamName)
Puts (writes) multiple data records from a producer into an Amazon Kinesis stream in a single call (also
referred to as a PutRecords request). Use this operation to send data from a data producer into the
Amazon Kinesis stream for real-time ingestion and processing. Each shard can support up to 1000 records
written per second, up to a maximum total of 1 MB data written per second.
You must specify the name of the stream that captures, stores, and transports the data; and an array of
request Records , with each record in the array requiring a partition key and data blob.

The data blob can be any type of data; for example, a segment from a log file, geographic/location data,
website clickstream data, and so on.
The partition key is used by Amazon Kinesis as input to a hash function that maps the partition key and
associated data to a specific shard. An MD5 hash function is used to map partition keys to 128-bit integer
values and to map associated data records to shards. As a result of this hashing mechanism, all data records
with the same partition key map to the same shard within the stream. For more information, see Partition
Key in the Amazon Kinesis Developer Guide .
Each record in the Records array may include an optional parameter, ExplicitHashKey , which
overrides the partition key to shard mapping. This parameter allows a data producer to determine explicitly
the shard where the record is stored. For more information, see Adding Multiple Records with PutRecords
in the Amazon Kinesis Developer Guide .
The PutRecords response includes an array of response Records . Each record in the response array
directly correlates with a record in the request array using natural ordering, from the top to the bottom of
the request and response. The response Records array always includes the same number of records as
the request array.
The response Records array includes both successfully and unsuccessfully processed records. Amazon
Kinesis attempts to process all records in each PutRecords request. A single record failure does not
stop the processing of subsequent records.
A successfully-processed record includes ShardId and SequenceNumber values. The ShardId
parameter identifies the shard in the stream where the record is stored. The SequenceNumber parameter
is an identifier assigned to the put record, unique to all records in the stream.
An unsuccessfully-processed record includes ErrorCode and ErrorMessage val-
ues. ErrorCode reflects the type of error and can be one of the following values:
ProvisionedThroughputExceededException or InternalFailure . ErrorMessage
provides more detailed information about the ProvisionedThroughputExceededException
exception including the account ID, stream name, and shard ID of the record that was throttled.
Data records are accessible for only 24 hours from the time that they are added to an Amazon Kinesis
stream.
Parameters
Records (list) The records associated with the request.
StreamName (string) The stream name associated with the request.
Return type dict
remove_tags_from_stream(StreamName, TagKeys)
Deletes tags from the specified Amazon Kinesis stream.
If you specify a tag that does not exist, it is ignored.
Parameters
TagKeys (list) A list of tag keys. Each corresponding tag is removed from the stream.
Return type dict
split_shard(StreamName, ShardToSplit, NewStartingHashKey)
Splits a shard into two new shards in the stream, to increase the streams capacity to ingest and transport
data. SplitShard is called when there is a need to increase the overall capacity of stream because of an
expected increase in the volume of data records being ingested.
2.1. Services 383

You can also use SplitShard when a shard appears to be approaching its maximum utilization, for
example, when the set of producers sending data into the specific shard are suddenly sending more than
previously anticipated. You can also call SplitShard to increase stream capacity, so that more Amazon
Kinesis applications can simultaneously read data from the stream for real-time processing.
You must specify the shard to be split and the new hash key, which is the position in the shard where the
shard gets split in two. In many cases, the new hash key might simply be the average of the beginning
and ending hash key, but it can be any hash key value in the range being mapped into the shard. For more
information about splitting shards, see Split a Shard in the Amazon Kinesis Developer Guide .
You can use DescribeStream to determine the shard ID and hash key values for the ShardToSplit and
NewStartingHashKey parameters that are specified in the SplitShard request.
SplitShard is an asynchronous operation. Upon receiving a SplitShard request, Amazon Kinesis
immediately returns a response and sets the stream status to UPDATING . After the operation is completed,
Amazon Kinesis sets the stream status to ACTIVE . Read and write operations continue to work while the
stream is in the UPDATING state.
You can use DescribeStream to check the status of the stream, which is returned in StreamStatus
. If the stream is in the ACTIVE state, you can call SplitShard . If a stream is in CREATING or
UPDATING or DELETING states, DescribeStream returns a ResourceInUseException .
If the specified stream does not exist, DescribeStream returns a ResourceNotFoundException
. If you try to create more shards than are authorized for your account, you receive a
LimitExceededException .
The default limit for an AWS account is 10 shards per stream. If you need to create a stream with more
than 10 shards, contact AWS Support to increase the limit on your account.
If you try to operate on too many streams in parallel using CreateStream , DeleteStream , MergeShards or
SplitShard , you receive a LimitExceededException .
SplitShard has limit of 5 transactions per second per account.
Parameters
StreamName (string) The name of the stream for the shard split.
ShardToSplit (string) The shard ID of the shard to split.
NewStartingHashKey (string) A hash key value for the starting hash key of one of the
child shards created by the split. The hash key range for a given shard constitutes a set of
ordered contiguous positive integers. The value for NewStartingHashKey must be in
the range of hash keys being mapped into the shard. The NewStartingHashKey hash
key value and all higher hash key values in hash key range are distributed to one of the
child shards. All the lower hash key values in the range are distributed to the other child
shard.
Return type dict
2.1.24 AWS Key Management Service
Table of Contents
AWS Key Management Service
Client

Client
class kms.Client
A low-level client representing AWS Key Management Service:
import boto3
kms = boto3.client(kms)
create_alias(AliasName, TargetKeyId)
Creates a display name for a customer master key. An alias can be used to identify a key and should
be unique. The console enforces a one-to-one mapping between the alias and a key. An alias name can
contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An alias must
start with the word alias followed by a forward slash (alias/). An alias that begins with aws after the
forward slash (alias/aws...) is reserved by Amazon Web Services (AWS).
Parameters
AliasName (string) String that contains the display name. Aliases that begin with AWS
are reserved.
TargetKeyId (string) An identifier of the key for which you are creating the alias. This
value cannot be another alias.
Return type dict
create_grant(KeyId, GranteePrincipal, RetiringPrincipal=None, Operations=None, Con-
straints=None, GrantTokens=None)
Adds a grant to a key to specify who can access the key and under what conditions. Grants are alternate
permission mechanisms to key policies. If absent, access to the key is evaluated based on IAM policies
attached to the user. By default, grants do not expire. Grants can be listed, retired, or revoked as indicated
by the following APIs. Typically, when you are finished using a grant, you retire it. When you want to end
a grant immediately, revoke it. For more information about grants, see Grants .
ListGrants
RetireGrant
RevokeGrant
Parameters
KeyId (string) A unique key identifier for a customer master key. This value can be a
globally unique identifier, an ARN, or an alias.
GranteePrincipal (string) Principal given permission by the grant to use the key identi-
fied by the keyId parameter.
RetiringPrincipal (string) Principal given permission to retire the grant. For more in-
formation, see RetireGrant .
Operations (list) List of operations permitted by the grant. This can be any combination
of one or more of the following values:
Decrypt
Encrypt
GenerateDataKey
GenerateDataKeyWithoutPlaintext
ReEncryptFrom
2.1. Services 385

ReEncryptTo
CreateGrant
Constraints (dict) Specifies the conditions under which the actions specified by the
Operations parameter are allowed.
GrantTokens (list) List of grant tokens.
Return type dict
create_key(Policy=None, Description=None, KeyUsage=None)

Creates a customer master key. Customer master keys can be used to encrypt small amounts of data (less
than 4K) directly, but they are most commonly used to encrypt or envelope data keys that are then used
to encrypt customer data. For more information about data keys, see GenerateDataKey and Generate-
DataKeyWithoutPlaintext .
Parameters
Policy (string) Policy to be attached to the key. This is required and delegates back to
the account. The key is the root of trust.
Description (string) Description of the key. We recommend that you choose a descrip-
tion that helps your customer decide whether the key is appropriate for a task.
KeyUsage (string) Specifies the intended use of the key. Currently this defaults to EN-
CRYPT/DECRYPT, and only symmetric encryption and decryption are supported.
Return type dict
decrypt(CiphertextBlob, EncryptionContext=None, GrantTokens=None)
Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using the Encrypt func-
tion.
Parameters
CiphertextBlob (blob) Ciphertext including metadata.
EncryptionContext (dict) The encryption context. If this was specified in the Encrypt
function, it must be specified here or the decryption operation will fail. For more informa-
tion, see Encryption Context .
GrantTokens (list) A list of grant tokens that represent grants which can be used to
provide long term permissions to perform decryption.
Return type dict
delete_alias(AliasName)
Deletes the specified alias.
Parameters AliasName (string) The alias to be deleted.
Return type dict
describe_key(KeyId)
Provides detailed information about the specified customer master key.
Parameters KeyId (string) Unique identifier of the customer master key to be described. This
can be an ARN, an alias, or a globally unique identifier.
Return type dict
disable_key(KeyId)
Marks a key as disabled, thereby preventing its use.

Parameters KeyId (string) Unique identifier of the customer master key to be disabled. This
Return type dict
disable_key_rotation(KeyId)
Disables rotation of the specified key.
Parameters KeyId (string) Unique identifier of the customer master key for which rotation is
to be disabled. This can be an ARN, an alias, or a globally unique identifier.
Return type dict
enable_key(KeyId)
Marks a key as enabled, thereby permitting its use. You can have up to 25 enabled keys at one time.
Parameters KeyId (string) Unique identifier of the customer master key to be enabled. This
Return type dict
enable_key_rotation(KeyId)
Enables rotation of the specified customer master key.
Parameters KeyId (string) Unique identifier of the customer master key for which rotation is
to be enabled. This can be an ARN, an alias, or a globally unique identifier.
Return type dict
encrypt(KeyId, Plaintext, EncryptionContext=None, GrantTokens=None)
Encrypts plaintext into ciphertext by using a customer master key.
Parameters
KeyId (string) Unique identifier of the customer master. This can be an ARN, an alias,
or the Key ID.
Plaintext (blob) Data to be encrypted.
EncryptionContext (dict) Name:value pair that specifies the encryption context to be
used for authenticated encryption. For more information, see Authenticated Encryption .
provide long term permissions to perform encryption.
Return type dict
generate_data_key(KeyId, EncryptionContext=None, NumberOfBytes=None, KeySpec=None,
GrantTokens=None)
Generates a secure data key. Data keys are used to encrypt and decrypt data. They are wrapped by customer
master keys.
Parameters
KeyId (string) Unique identifier of the key. This can be an ARN, an alias, or a globally
unique identifier.
EncryptionContext (dict) Name/value pair that contains additional data to be authenti-
cated during the encryption and decryption processes that use the key. This value is logged
by AWS CloudTrail to provide context around the data encrypted by the key.
NumberOfBytes (integer) Integer that contains the number of bytes to generate. Com-
mon values are 128, 256, 512, 1024 and so on. 1024 is the current limit.
KeySpec (string) Value that identifies the encryption algorithm and key size to generate
a data key for. Currently this can be AES_128 or AES_256.
2.1. Services 387

provide long term permissions to generate a key.
Return type dict
generate_data_key_without_plaintext(KeyId, EncryptionContext=None, KeySpec=None,
NumberOfBytes=None, GrantTokens=None)
Returns a key wrapped by a customer master key without the plaintext copy of that key. To retrieve the
plaintext, see GenerateDataKey .
Parameters
unique identifier.
EncryptionContext (dict) Name:value pair that contains additional data to be authenti-
cated during the encryption and decryption processes.
KeySpec (string) Value that identifies the encryption algorithm and key size. Currently
this can be AES_128 or AES_256.
NumberOfBytes (integer) Integer that contains the number of bytes to generate. Com-
mon values are 128, 256, 512, 1024 and so on.
provide long term permissions to generate a key.
Return type dict
generate_random(NumberOfBytes=None)
Generates an unpredictable byte string.
Parameters NumberOfBytes (integer) Integer that contains the number of bytes to generate.
Common values are 128, 256, 512, 1024 and so on. The current limit is 1024 bytes.
Return type dict
get_key_policy(KeyId, PolicyName)
Retrieves a policy attached to the specified key.
Parameters
unique identifier.
PolicyName (string) String that contains the name of the policy. Currently, this must be
default. Policy names can be discovered by calling ListKeyPolicies .
Return type dict
get_key_rotation_status(KeyId)
Retrieves a Boolean value that indicates whether key rotation is enabled for the specified key.
Parameters KeyId (string) Unique identifier of the key. This can be an ARN, an alias, or a
globally unique identifier.
Return type dict
list_aliases(Limit=None, Marker=None)
Lists all of the key aliases in the account.
Parameters
Limit (integer) Specify this parameter when paginating results to indicate the maximum
number of aliases you want in each response. If there are additional aliases beyond the
maximum you specify, the Truncated response element will be set to true.

Marker (string) Use this parameter when paginating results, and only in a subsequent
request after youve received a response where the results are truncated. Set it to the value
of the NextMarker element in the response you just received.
Return type dict
list_grants(KeyId, Limit=None, Marker=None)
List the grants for a specified key.
Parameters
unique identifier.
Limit (integer) Specify this parameter only when paginating results to indicate the max-
imum number of grants you want listed in the response. If there are additional grants be-
yond the maximum you specify, the Truncated response element will be set to true.
value of the NextMarker in the response you just received.
Return type dict
list_key_policies(KeyId, Limit=None, Marker=None)
Retrieves a list of policies attached to a key.
Parameters
unique identifier.
imum number of policies you want listed in the response. If there are additional poli-
cies beyond the maximum you specify, the Truncated response element will be set to
true.
Return type dict
list_keys(Limit=None, Marker=None)
Lists the customer master keys.
Parameters
imum number of keys you want listed in the response. If there are additional keys beyond
the maximum you specify, the Truncated response element will be set to true.
Return type dict
put_key_policy(KeyId, PolicyName, Policy)
Attaches a policy to the specified key.
Parameters
2.1. Services 389

unique identifier.
PolicyName (string) Name of the policy to be attached. Currently, the only supported
name is default.
Policy (string) The policy, in JSON format, to be attached to the key.
Return type dict
re_encrypt(CiphertextBlob, DestinationKeyId, SourceEncryptionContext=None, DestinationEncryp-
tionContext=None, GrantTokens=None)
Encrypts data on the server side with a new customer master key without exposing the plaintext of the data
on the client side. The data is first decrypted and then encrypted. This operation can also be used to change
the encryption context of a ciphertext.
Parameters
CiphertextBlob (blob) Ciphertext of the data to re-encrypt.
SourceEncryptionContext (dict) Encryption context used to encrypt and decrypt the
data specified in the CiphertextBlob parameter.
DestinationKeyId (string) Key identifier of the key used to re-encrypt the data.
DestinationEncryptionContext (dict) Encryption context to be used when the data is
re-encrypted.
GrantTokens (list) Grant tokens that identify the grants that have permissions for the
encryption and decryption process.
Return type dict
retire_grant(GrantToken)
Retires a grant. You can retire a grant when youre done using it to clean up. You should revoke a grant
when you intend to actively deny operations that depend on it.
Parameters GrantToken (string) Token that identifies the grant to be retired.
Return type dict
revoke_grant(KeyId, GrantId)
Revokes a grant. You can revoke a grant to actively deny operations that depend on it.
Parameters
KeyId (string) Unique identifier of the key associated with the grant.
GrantId (string) Identifier of the grant to be revoked.
Return type dict
update_key_description(KeyId, Description)
Parameters
KeyId (string)
Description (string)
Return type dict

2.1.25 Amazon Lambda
Table of Contents
Amazon Lambda
Client
Client
class lambda.Client
A low-level client representing Amazon Lambda:
import boto3
lambda = boto3.client(lambda)
add_event_source(EventSource, FunctionName, Role, BatchSize=None, Parameters=None)

Identifies an Amazon Kinesis stream as the event source for an AWS Lambda function. AWS Lambda
invokes the specified function when records are posted to the stream.
This is the pull model, where AWS Lambda invokes the function. For more information, go to AWS
LambdaL How it Works_ in the AWS Lambda Developer Guide.
This association between an Amazon Kinesis stream and an AWS Lambda function is called the event
source mapping. You provide the configuration information (for example, which stream to read from and
which AWS Lambda function to invoke) for the event source mapping in the request body.
This operation requires permission for the iam:PassRole action for the IAM role. It also requires
permission for the lambda:AddEventSource action.
Parameters
EventSource (string) The Amazon Resource Name (ARN) of the Amazon Kinesis
stream that is the event source. Any record added to this stream causes AWS Lambda
to invoke your Lambda function. AWS Lambda POSTs the Amazon Kinesis event, con-
taining records, to your Lambda function as JSON.
FunctionName (string) The Lambda function to invoke when AWS Lambda detects an
event on the stream.
Role (string) The ARN of the IAM role (invocation role) that AWS Lambda can assume
to read from the stream and invoke the function.
BatchSize (integer) The largest number of records that AWS Lambda will give to your
function in a single event. The default is 100 records.
Parameters (dict) A map (key-value pairs) defining the configuration for AWS Lambda
to use when reading the event source. Currently, AWS Lambda supports only the
InitialPositionInStream key. The valid values are: TRIM_HORIZON and
LATEST. The default value is TRIM_HORIZON. For more information, go to
ShardIteratorType in the Amazon Kinesis Service API Reference.
Return type dict
delete_function(FunctionName)
Deletes the specified Lambda function code and configuration.
This operation requires permission for the lambda:DeleteFunction action.
2.1. Services 391

Parameters FunctionName (string) The Lambda function to delete.

Return type dict
get_event_source(UUID)
Returns configuration information for the specified event source mapping (see AddEventSource ).
This operation requires permission for the lambda:GetEventSource action.
Parameters UUID (string) The AWS Lambda assigned ID of the event source mapping.
Return type dict
get_function(FunctionName)
Returns the configuration information of the Lambda function and a presigned URL link to the .zip file
you uploaded with UploadFunction so you can download the .zip file. Note that the URL is valid for up
to 10 minutes. The configuration information is the same information you provided as parameters when
uploading the function.
This operation requires permission for the lambda:GetFunction action.
Parameters FunctionName (string) The Lambda function name.
Return type dict
get_function_configuration(FunctionName)
Returns the configuration information of the Lambda function. This the same information you provided as
parameters when uploading the function by using UploadFunction .
This operation requires permission for the lambda:GetFunctionConfiguration operation.
Parameters FunctionName (string) The name of the Lambda function for which you want to
retrieve the configuration information.
Return type dict
invoke_async(FunctionName, InvokeArgs)
Submits an invocation request to AWS Lambda. Upon receiving the request, Lambda executes the specified
function asynchronously. To see the logs generated by the Lambda function execution, see the CloudWatch
logs console.
This operation requires permission for the lambda:InvokeAsync action.
Parameters
FunctionName (string) The Lambda function name.
InvokeArgs (blob) JSON that you want to provide to your Lambda function as input.
Return type dict
list_event_sources(EventSourceArn=None, FunctionName=None, Marker=None, Max-
Items=None)
Returns a list of event source mappings. For each mapping, the API returns configuration information (see
AddEventSource ). You can optionally specify filters to retrieve specific event source mappings.
This operation requires permission for the lambda:ListEventSources action.
Parameters
EventSourceArn (string) The Amazon Resource Name (ARN) of the Amazon Kinesis
stream.
FunctionName (string) The name of the AWS Lambda function.

Marker (string) Optional string. An opaque pagination token returned from a previous
ListEventSources operation. If present, specifies to continue the list from where the
returning call left off.
MaxItems (integer) Optional integer. Specifies the maximum number of event sources
to return in response. This value must be greater than 0.
Return type dict
list_functions(Marker=None, MaxItems=None)
Returns a list of your Lambda functions. For each function, the response includes the function configura-
tion information. You must use GetFunction to retrieve the code for your function.
This operation requires permission for the lambda:ListFunctions action.
Parameters
Marker (string) Optional string. An opaque pagination token returned from a previous
ListFunctions operation. If present, indicates where to continue the listing.
MaxItems (integer) Optional integer. Specifies the maximum number of AWS Lambda
functions to return in response. This parameter value must be greater than 0.
Return type dict
remove_event_source(UUID)
Removes an event source mapping. This means AWS Lambda will no longer invoke the function for events
in the associated source.
This operation requires permission for the lambda:RemoveEventSource action.
Parameters UUID (string) The event source mapping ID.
Return type dict
update_function_configuration(FunctionName, Role=None, Handler=None, Descrip-
tion=None, Timeout=None, MemorySize=None)
Updates the configuration parameters for the specified Lambda function by using the values provided in
the request. You provide only the parameters you want to change. This operation must only be used on an
existing Lambda function and cannot be used to update the functions code.
This operation requires permission for the lambda:UpdateFunctionConfiguration action.
Parameters
FunctionName (string) The name of the Lambda function.
Role (string) The Amazon Resource Name (ARN) of the IAM role that Lambda will
assume when it executes your function.
Handler (string) The function that Lambda calls to begin executing your function. For
Node.js, it is the module-name.export value in your function.
Description (string) A short user-defined function description. Lambda does not use
this value. Assign a meaningful description as you see fit.
Timeout (integer) The function execution time at which Lambda should terminate the
function. Because the execution time has cost implications, we recommend you set this
value based on your expected execution time. The default is 3 seconds.
MemorySize (integer) The amount of memory, in MB, your Lambda function is given.
Lambda uses this memory size to infer the amount of CPU allocated to your function.
Your function use-case determines your CPU and memory requirements. For example, a
database operation might need less memory compared to an image processing function.
The default value is 128 MB. The value must be a multiple of 64 MB.
2.1. Services 393

Return type dict

upload_function(FunctionName, FunctionZip, Runtime, Role, Handler, Mode, Description=None,
Timeout=None, MemorySize=None)
Creates a new Lambda function or updates an existing function. The function metadata is created from
the request parameters, and the code for the function is provided by a .zip file in the request body. If the
function name already exists, the existing Lambda function is updated with the new code and metadata.
This operation requires permission for the lambda:UploadFunction action.
Parameters
FunctionName (string) The name you want to assign to the function you are uploading.
The function names appear in the console and are returned in the ListFunctions API. Func-
tion names are used to specify functions to other AWS Lambda APIs, such as InvokeAsync
.
FunctionZip (blob) A .zip file containing your packaged source code. For more infor-
mation about creating a .zip file, go to AWS LambdaL How it Works_ in the AWS
Lambda Developer Guide.
Runtime (string) The runtime environment for the Lambda function you are uploading.
Currently, Lambda supports only nodejs as the runtime.
Role (string) The Amazon Resource Name (ARN) of the IAM role that Lambda as-
sumes when it executes your function to access any other Amazon Web Services (AWS)
resources.
Handler (string) The function that Lambda calls to begin execution. For Node.js, it is
the module-name .*export* value in your function.
Mode (string) How the Lambda function will be invoked. Lambda supports only the
event mode.
Description (string) A short, user-defined function description. Lambda does not use
this value. Assign a meaningful description as you see fit.
Timeout (integer) The function execution time at which Lambda should terminate the
function. Because the execution time has cost implications, we recommend you set this
value based on your expected execution time. The default is 3 seconds.
MemorySize (integer) The amount of memory, in MB, your Lambda function is given.
Lambda uses this memory size to infer the amount of CPU allocated to your function.
Your function use-case determines your CPU and memory requirements. For example,
database operation might need less memory compared to image processing function. The
default value is 128 MB. The value must be a multiple of 64 MB.
Return type dict
2.1.26 Amazon CloudWatch Logs
Table of Contents
Amazon CloudWatch Logs
Client

Client
class logs.Client
A low-level client representing Amazon CloudWatch Logs:
import boto3
logs = boto3.client(logs)
create_log_group(logGroupName)
Creates a new log group with the specified name. The name of the log group must be unique within a
region for an AWS account. You can create up to 500 log groups per account.
You must use the following guidelines when naming a log group:
Log group names can be between 1 and 512 characters long.
Allowed characters are a-z, A-Z, 0-9, _ (underscore), - (hyphen), / (forward slash), and . (pe-
riod).
Parameters logGroupName (string)

Return type dict
create_log_stream(logGroupName, logStreamName)
Creates a new log stream in the specified log group. The name of the log stream must be unique within the
log group. There is no limit on the number of log streams that can exist in a log group.
You must use the following guidelines when naming a log stream:
Log stream names can be between 1 and 512 characters long.
The : colon character is not allowed.
Parameters
logGroupName (string)
logStreamName (string)
Return type dict
delete_log_group(logGroupName)
Deletes the log group with the specified name and permanently deletes all the archived log events associ-
ated with it.
Return type dict
delete_log_stream(logGroupName, logStreamName)
Deletes a log stream and permanently deletes all the archived log events associated with it.
Parameters
Return type dict
delete_metric_filter(logGroupName, filterName)
Deletes a metric filter associated with the specified log group.
2.1. Services 395

Parameters
filterName (string) The name of the metric filter.
Return type dict
delete_retention_policy(logGroupName)
Deletes the retention policy of the specified log group. Log events would not expire if they belong to log
groups without a retention policy.
Return type dict
describe_log_groups(logGroupNamePrefix=None, nextToken=None, limit=None)
Returns all the log groups that are associated with the AWS account making the request. The list returned
in the response is ASCII-sorted by log group name.
By default, this operation returns up to 50 log groups. If there are more log groups to list, the response
would contain a nextToken value in the response body. You can also limit the number of log groups
returned in the response by specifying the limit parameter in the request.
Parameters
logGroupNamePrefix (string)
nextToken (string) A string token used for pagination that points to the next
page of results. It must be a value obtained from the response of the previous
DescribeLogGroups request.
limit (integer) The maximum number of items returned in the response. If you dont
specify a value, the request would return up to 50 items.
Return type dict
describe_log_streams(logGroupName, logStreamNamePrefix=None, nextToken=None,
limit=None)
Returns all the log streams that are associated with the specified log group. The list returned in the response
is ASCII-sorted by log stream name.
By default, this operation returns up to 50 log streams. If there are more log streams to list, the response
would contain a nextToken value in the response body. You can also limit the number of log streams
Parameters
logStreamNamePrefix (string)
DescribeLogStreams request.
Return type dict
describe_metric_filters(logGroupName, filterNamePrefix=None, nextToken=None,
limit=None)
Returns all the metrics filters associated with the specified log group. The list returned in the response is
ASCII-sorted by filter name.

By default, this operation returns up to 50 metric filters. If there are more metric filters to list, the response
would contain a nextToken value in the response body. You can also limit the number of metric filters
Parameters
filterNamePrefix (string) The name of the metric filter.
DescribeMetricFilters request.
Return type dict
get_log_events(logGroupName, logStreamName, startTime=None, endTime=None, nextTo-
ken=None, limit=None, startFromHead=None)
Retrieves log events from the specified log stream. You can provide an optional time range to filter the
results on the event timestamp .
By default, this operation returns as much log events as can fit in a response size of 1MB, up to 10,000
log events. The response will always include a nextForwardToken and a nextBackwardToken in
the response body. You can use any of these tokens in subsequent GetLogEvents requests to paginate
through events in either forward or backward direction. You can also limit the number of log events
Parameters
startTime (integer) A point in time expressed as the number milliseconds since Jan 1,
1970 00:00:00 UTC.
endTime (integer) A point in time expressed as the number milliseconds since Jan 1,
1970 00:00:00 UTC.
page of results. It must be a value obtained from the nextForwardToken or
nextBackwardToken fields in the response of the previous GetLogEvents request.
limit (integer) The maximum number of log events returned in the response. If you dont
specify a value, the request would return as much log events as can fit in a response size
of 1MB, up to 10,000 log events.
startFromHead (boolean) If set to true, the earliest log events would be returned first.
The default is false (the latest log events are returned first).
Return type dict
put_log_events(logGroupName, logStreamName, logEvents, sequenceToken=None)
Uploads a batch of log events to the specified log stream.
Every PutLogEvents request must include the sequenceToken obtained from the response of the pre-
vious request. An upload in a newly created log stream does not require a sequenceToken .
The batch of events must satisfy the following constraints:
The maximum batch size is 32,768 bytes, and this size is calculated as the sum of all event messages
in UTF-8, plus 26 bytes for each log event.
2.1. Services 397

None of the log events in the batch can be more than 2 hours in the future.
None of the log events in the batch can be older than 14 days or the retention period of the log group.
The log events in the batch must be in chronological ordered by their timestamp .
The maximum number of log events in a batch is 1,000.
Parameters
logEvents (list) A list of events belonging to a log stream.
sequenceToken (string) A string token that must be obtained from the response of the
previous PutLogEvents request.
Return type dict
put_metric_filter(logGroupName, filterName, filterPattern, metricTransformations)

Creates or updates a metric filter and associates it with the specified log group. Metric filters allow you to
configure rules to extract metric data from log events ingested through PutLogEvents requests.
Parameters
filterName (string) The name of the metric filter.
filterPattern (string) A symbolic description of how Amazon CloudWatch Logs should
interpret the data in each log entry. For example, a log entry may contain timestamps, IP
addresses, strings, and so on. You use the pattern to specify what to look for in the log
stream.
metricTransformations (list)
Return type dict
put_retention_policy(logGroupName, retentionInDays)
Sets the retention of the specified log group. A retention policy allows you to configure the number of days
you want to retain log events in the specified log group.
Parameters
retentionInDays (integer) Specifies the number of days you want to retain log events in
the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365,
400, 545, 731, 1827, 3653.
Return type dict
test_metric_filter(filterPattern, logEventMessages)
Tests the filter pattern of a metric filter against a sample of log event messages. You can use this operation
to validate the correctness of a metric filter pattern.
Parameters
filterPattern (string) A symbolic description of how Amazon CloudWatch Logs should
interpret the data in each log entry. For example, a log entry may contain timestamps, IP
addresses, strings, and so on. You use the pattern to specify what to look for in the log
stream.

logEventMessages (list)
Return type dict
2.1.27 AWS OpsWorks
Table of Contents
AWS OpsWorks
Client
Service Resource
Layer
Stack
StackSummary
Client
class opsworks.Client
A low-level client representing AWS OpsWorks:
import boto3
opsworks = boto3.client(opsworks)
assign_volume(VolumeId, InstanceId=None)
Assigns one of the stacks registered Amazon EBS volumes to a specified instance. The volume must first
be registered with the stack by calling RegisterVolume . For more information, see Resource Management
.
Required Permissions : To use this action, an IAM user must have a Manage permissions level for the
stack, or an attached policy that explicitly grants permissions. For more information on user permissions,
see Managing User Permissions_ .
Parameters
VolumeId (string) The volume ID.
InstanceId (string) The instance ID.
Return type dict
associate_elastic_ip(ElasticIp, InstanceId=None)
Associates one of the stacks registered Elastic IP addresses with a specified instance. The address must
first be registered with the stack by calling RegisterElasticIp . For more information, see Resource Man-
agement .
Parameters
ElasticIp (string) The Elastic IP address.
Return type dict
2.1. Services 399

attach_elastic_load_balancer(ElasticLoadBalancerName, LayerId)
Attaches an Elastic Load Balancing load balancer to a specified layer. For more information, see Elastic
Load Balancing .
Parameters
ElasticLoadBalancerName (string) The Elastic Load Balancing instances name.
LayerId (string) The ID of the layer that the Elastic Load Balancing instance is to be
attached to.
Return type dict
clone_stack(SourceStackId, ServiceRoleArn, Name=None, Region=None, VpcId=None,
Attributes=None, DefaultInstanceProfileArn=None, DefaultOs=None, Host-
nameTheme=None, DefaultAvailabilityZone=None, DefaultSubnetId=None, CustomJ-
son=None, ConfigurationManager=None, ChefConfiguration=None, UseCustomCook-
books=None, UseOpsworksSecurityGroups=None, CustomCookbooksSource=None,
DefaultSshKeyName=None, ClonePermissions=None, CloneAppIds=None, Default-
RootDeviceType=None)
Creates a clone of a specified stack. For more information, see Clone a Stack .
Required Permissions : To use this action, an IAM user must have an attached policy that explicitly grants
permissions. For more information on user permissions, see Managing User Permissions_ .
Parameters
SourceStackId (string) The source stack ID.
Name (string) The cloned stack name.
Region (string) The cloned stack AWS region, such as us-east-1. For more informa-
tion about AWS regions, see Regions and Endpoints .
VpcId (string) The ID of the VPC that the cloned stack is to be launched into. It must
be in the specified region. All instances will be launched into this VPC, and you cannot
change the ID later.
If your account supports EC2 Classic, the default value is no VPC.
If your account does not support EC2 Classic, the default value is the default VPC for
the specified region.
If the VPC ID corresponds to a default VPC and you have specified either the
DefaultAvailabilityZone or the DefaultSubnetId parameter only, AWS
OpsWorks infers the value of the other parameter. If you specify neither parameter, AWS
OpsWorks sets these parameters to the first valid Availability Zone for the specified region
and the corresponding default VPC subnet ID, respectively.
If you specify a nondefault VPC ID, note the following:
It must belong to a VPC in your account that is in the specified region.
You must specify a value for DefaultSubnetId .
For more information on how to use AWS OpsWorks with a VPC, see Running a Stack in
a VPC . For more information on default VPC and EC2 Classic, see Supported Platforms .
Attributes (dict) A list of stack attributes and values as key/value pairs to be added to
the cloned stack.

ServiceRoleArn (string) The stack AWS Identity and Access Management (IAM) role,
which allows AWS OpsWorks to work with AWS resources on your behalf. You must set
this parameter to the Amazon Resource Name (ARN) for an existing IAM role. If you
create a stack by using the AWS OpsWorks console, it creates the role for you. You can
obtain an existing stacks IAM ARN programmatically by calling DescribePermissions .
For more information about IAM ARNs, see Using Identifiers .
DefaultInstanceProfileArn (string) The ARN of an IAM profile that is the default pro-
file for all of the stacks EC2 instances. For more information about IAM ARNs, see Using
Identifiers .
DefaultOs (string) The cloned stacks default operating system, which must be set to
Amazon Linux or Ubuntu 12.04 LTS . The default option is Amazon Linux .
HostnameTheme (string) The stacks host name theme, with spaces are replaced by
underscores. The theme is used to generate host names for the stacks instances. By
default, HostnameTheme is set to Layer_Dependent , which creates host names by
appending integers to the layers short name. The other themes are:
Baked_Goods
Clouds
European_Cities
Fruits
Greek_Deities
Legendary_Creatures_from_Japan
Planets_and_Moons
Roman_Deities
Scottish_Islands
US_Cities
Wild_Cats
To obtain a generated host name, call GetHostNameSuggestion , which returns a
host name based on the current theme.
DefaultAvailabilityZone (string) The cloned stacks default Availability Zone, which
must be in the specified region. For more information, see Regions and Endpoints . If you
also specify a value for DefaultSubnetId , the subnet must be in the same zone. For
more information, see the VpcId parameter description.
DefaultSubnetId (string) The stacks default subnet ID. All instances will be launched
into this subnet unless you specify otherwise when you create the instance. If you also
specify a value for DefaultAvailabilityZone , the subnet must be in the same
zone. For information on default values and when this parameter is required, see the
VpcId parameter description.
CustomJson (string) A string that contains user-defined, custom JSON. It is used to
override the corresponding default stack configuration JSON values. The string should be
in the following format and must escape characters such as .:
"{\"key1\": \"value1\", \"key2\": \"value2\",...}"
For more information on custom JSON, see Use Custom JSON to Modify the Stack Con-
figuration JSON
2.1. Services 401

ConfigurationManager (dict) The configuration manager. When you clone a stack we

recommend that you use the configuration manager to specify the Chef version, 0.9, 11.4,
or 11.10. The default value is currently 11.4.
ChefConfiguration (dict) A ChefConfiguration object that specifies whether to
enable Berkshelf and the Berkshelf version on Chef 11.10 stacks. For more information,
see Create a New Stack_ .
UseCustomCookbooks (boolean) Whether to use custom cookbooks.
UseOpsworksSecurityGroups (boolean) Whether to associate the AWS OpsWorks
built-in security groups with the stacks layers.
AWS OpsWorks provides a standard set of built-in security groups,
one for each layer, which are associated with layers by default. With
UseOpsworksSecurityGroups you can instead provide your own custom se-
curity groups. UseOpsworksSecurityGroups has the following settings:
True - AWS OpsWorks automatically associates the appropriate built-in security group
with each layer (default setting). You can associate additional security groups with a
layer after you create it but you cannot delete the built-in security group.
False - AWS OpsWorks does not associate built-in security groups with layers. You
must create appropriate EC2 security groups and associate a security group with each
layer that you create. However, you can still manually associate a built-in security group
with a layer on creation; custom security groups are required only for those layers that
need custom settings.
For more information, see Create a New Stack_ .
CustomCookbooksSource (dict) Contains the information required to retrieve an app or
cookbook from a repository. For more information, see Creating Apps or Custom Recipes
and Cookbooks .
DefaultSshKeyName (string) A default SSH key for the stack instances. You can over-
ride this value when you create or update an instance.
ClonePermissions (boolean) Whether to clone the source stacks permissions.
CloneAppIds (list) A list of source stack app IDs to be included in the cloned stack.
DefaultRootDeviceType (string) The default root device type. This value is used by
default for all instances in the cloned stack, but you can override it when you create an
instance. For more information, see Storage for the Root Device .
Return type dict
create_app(StackId, Name, Type, Shortname=None, Description=None, DataSources=None,
AppSource=None, Domains=None, EnableSsl=None, SslConfiguration=None, At-
tributes=None)
Creates an app for a specified stack. For more information, see Creating Apps .
Parameters
StackId (string) The stack ID.
Shortname (string) The apps short name.
Name (string) The app name.

Description (string) A description of the app.

DataSources (list) The apps data source.
Type (string) The app type. Each supported type is associated with a particular layer.
For example, PHP applications are associated with a PHP layer. AWS OpsWorks deploys
an application to those instances that are members of the corresponding layer.
AppSource (dict) A Source object that specifies the app repository.
Domains (list) The app virtual host settings, with multiple domains separated by com-
mas. For example: www.example.com, example.com
EnableSsl (boolean) Whether to enable SSL for the app.
SslConfiguration (dict) An SslConfiguration object with the SSL configuration.
Attributes (dict) One or more user-defined key/value pairs to be added to the stack
attributes.
Return type dict
create_deployment(StackId, Command, AppId=None, InstanceIds=None, Comment=None, Cus-
tomJson=None)
Deploys a stack or app.
App deployment generates a deploy event, which runs the associated recipes and passes them a
JSON stack configuration object that includes information about the app.
Stack deployment runs the deploy recipes but does not raise an event.
For more information, see Deploying Apps and Run Stack Commands .
Required Permissions : To use this action, an IAM user must have a Deploy or Manage permissions
level for the stack, or an attached policy that explicitly grants permissions. For more information on user
permissions, see Managing User Permissions_ .
Parameters
AppId (string) The app ID. This parameter is required for app deployments, but not for
other deployment commands.
InstanceIds (list) The instance IDs for the deployment targets.
Command (dict) A DeploymentCommand object that specifies the deployment com-
mand and any associated arguments.
Comment (string) A user-defined comment.
figuration JSON .
Return type dict
2.1. Services 403

create_instance(StackId, LayerIds, InstanceType, AutoScalingType=None, Hostname=None,

Os=None, AmiId=None, SshKeyName=None, AvailabilityZone=None, Virtualiza-
tionType=None, SubnetId=None, Architecture=None, RootDeviceType=None, In-
stallUpdatesOnBoot=None, EbsOptimized=None)
Creates an instance in a specified stack. For more information, see Adding an Instance to a Layer .
Parameters
LayerIds (list) An array that contains the instance layer IDs.
InstanceType (string) The instance type. AWS OpsWorks supports all instance types
except Cluster Compute, Cluster GPU, and High Memory Cluster. For more information,
see Instance Families and Types . The parameter values that you use to specify the various
types are in the API Name column of the Available Instance Types table.
AutoScalingType (string) The instance auto scaling type, which has three possible val-
ues:
AlwaysRunning : A 24/7 instance, which is not affected by auto scaling.
TimeBasedAutoScaling : A time-based auto scaling instance, which is started and
stopped based on a specified schedule. To specify the schedule, call SetTimeBasedAu-
toScaling .
LoadBasedAutoScaling : A load-based auto scaling instance, which is started and
stopped based on load metrics. To use load-based auto scaling, you must enable it for
the instance layer and configure the thresholds by calling SetLoadBasedAutoScaling .
Hostname (string) The instance host name.
Os (string) The instance operating system, which must be set to one of the following.
Standard operating systems: Amazon Linux or Ubuntu 12.04 LTS
Custom AMIs: Custom
The default option is Amazon Linux . If you set this parameter to Custom , you must
use the CreateInstance actions AmiId parameter to specify the custom AMI that you want
to use. For more information on the standard operating systems, see Operating Systems
For more information on how to use custom AMIs with OpsWorks, see Using Custom
AMIs .
AmiId (string) A custom AMI ID to be used to create the instance. The AMI should be
based on one of the standard AWS OpsWorks APIs: Amazon Linux or Ubuntu 12.04 LTS.
For more information, see Instances
SshKeyName (string) The instance SSH key name.
AvailabilityZone (string) The instance Availability Zone. For more information, see
Regions and Endpoints .
VirtualizationType (string) The instances virtualization type, paravirtual or hvm
.
SubnetId (string) The ID of the instances subnet. If the stack is running in a VPC,
you can use this parameter to override the stacks default subnet ID value and direct AWS
OpsWorks to launch the instance in a different subnet.

Architecture (string) The instance architecture. The default option is x86_64 . In-
stance types do not necessarily support both architectures. For a list of the architectures
that are supported by the different instance types, see Instance Families and Types .
RootDeviceType (string) The instance root device type. For more information, see
Storage for the Root Device .
InstallUpdatesOnBoot (boolean) Whether to install operating system and package up-
dates when the instance boots. The default value is true . To control when updates are
installed, set this value to false . You must then update your instances manually by
using CreateDeployment to run the update_dependencies stack command or man-
ually running yum (Amazon Linux) or apt-get (Ubuntu) on the instances.
EbsOptimized (boolean) Whether to create an Amazon EBS-optimized instance.
Return type dict
create_layer(StackId, Type, Name, Shortname, Attributes=None, CustomInstanceProfileArn=None,
CustomSecurityGroupIds=None, Packages=None, VolumeConfigurations=None,
EnableAutoHealing=None, AutoAssignElasticIps=None, AutoAssignPublicIps=None,
CustomRecipes=None, InstallUpdatesOnBoot=None, UseEbsOptimizedIn-
stances=None)
Creates a layer. For more information, see How to Create a Layer .
Parameters
StackId (string) The layer stack ID.
Type (string) The layer type. A stack cannot have more than one built-in layer of the
same type. It can have any number of custom layers. This parameter must be set to one of
the following:
custom: A custom layer
db-master: A MySQL layer
java-app: A Java App Server layer
rails-app: A Rails App Server layer
lb: An HAProxy layer
memcached: A Memcached layer
monitoring-master: A Ganglia layer
nodejs-app: A Node.js App Server layer
php-app: A PHP App Server layer
web: A Static Web Server layer
Name (string) The layer name, which is used by the console.
Shortname (string) The layer short name, which is used internally by AWS OpsWorks
and by Chef recipes. The short name is also used as the name for the directory where your
app files are installed. It can have a maximum of 200 characters, which are limited to the
alphanumeric characters, -, _, and ..
attributes.
2.1. Services 405

CustomInstanceProfileArn (string) The ARN of an IAM profile that to be used for the
layers EC2 instances. For more information about IAM ARNs, see Using Identifiers .
CustomSecurityGroupIds (list) An array containing the layer custom security group
IDs.
Packages (list) An array of Package objects that describe the layer packages.
VolumeConfigurations (list) A VolumeConfigurations object that describes the
layers Amazon EBS volumes.
EnableAutoHealing (boolean) Whether to disable auto healing for the layer.
AutoAssignElasticIps (boolean) Whether to automatically assign an Elastic IP address
to the layers instances. For more information, see How to Edit a Layer .
AutoAssignPublicIps (boolean) For stacks that are running in a VPC, whether to au-
tomatically assign a public IP address to the layers instances. For more information, see
How to Edit a Layer .
CustomRecipes (dict) A LayerCustomRecipes object that specifies the layer cus-
tom recipes.
UseEbsOptimizedInstances (boolean) Whether to use Amazon EBS-optimized in-
stances.
Return type dict
create_stack(Name, Region, ServiceRoleArn, DefaultInstanceProfileArn, VpcId=None, At-
tributes=None, DefaultOs=None, HostnameTheme=None, DefaultAvailabil-
ityZone=None, DefaultSubnetId=None, CustomJson=None, Configuration-
Manager=None, ChefConfiguration=None, UseCustomCookbooks=None,
UseOpsworksSecurityGroups=None, CustomCookbooksSource=None, Default-
SshKeyName=None, DefaultRootDeviceType=None)
Creates a new stack. For more information, see Create a New Stack_ .
Parameters
Name (string) The stack name.
Region (string) The stack AWS region, such as us-east-1. For more information about
Amazon regions, see Regions and Endpoints .
VpcId (string) The ID of the VPC that the stack is to be launched into. It must be in the
specified region. All instances will be launched into this VPC, and you cannot change the
ID later.

attributes.
this parameter to the Amazon Resource Name (ARN) for an existing IAM role. For more
information about IAM ARNs, see Using Identifiers .
Identifiers .
DefaultOs (string) The stacks default operating system, which must be set to Amazon
Linux or Ubuntu 12.04 LTS . The default option is Amazon Linux .
Baked_Goods
Clouds
European_Cities
Fruits
Greek_Deities
Planets_and_Moons
Roman_Deities
Scottish_Islands
US_Cities
Wild_Cats
DefaultAvailabilityZone (string) The stacks default Availability Zone, which must be
in the specified region. For more information, see Regions and Endpoints . If you also
specify a value for DefaultSubnetId , the subnet must be in the same zone. For more
information, see the VpcId parameter description.
specify a value for DefaultAvailabilityZone , the subnet must be in that zone.
2.1. Services 407

For information on default values and when this parameter is required, see the VpcId
parameter description.
figuration JSON .
UseCustomCookbooks (boolean) Whether the stack uses custom cookbooks.
and Cookbooks .
default for all instances in the stack, but you can override it when you create an instance.
The default option is instance-store . For more information, see Storage for the
Root Device .
Return type dict
create_user_profile(IamUserArn, SshUsername=None, SshPublicKey=None, AllowSelfMan-
agement=None)
Creates a new user profile.

Parameters
IamUserArn (string) The users IAM ARN.
SshUsername (string) The users SSH user name. The allowable characters are [a-z],
[A-Z], [0-9], -, and _. If the specified name includes other punctuation marks, AWS
OpsWorks removes them. For example, my.name will be changed to myname . If you do
not specify an SSH user name, AWS OpsWorks generates one from the IAM user name.
SshPublicKey (string) The users public SSH key.
AllowSelfManagement (boolean) Whether users can specify their own SSH public key
through the My Settings page. For more information, see Setting an IAM Users Public
SSH Key .
Return type dict
delete_app(AppId)
Deletes a specified app.
Parameters AppId (string) The app ID.
Return type dict
delete_instance(InstanceId, DeleteElasticIp=None, DeleteVolumes=None)
Deletes a specified instance. You must stop an instance before you can delete it. For more information,
see Deleting Instances .
Parameters
DeleteElasticIp (boolean) Whether to delete the instance Elastic IP address.
DeleteVolumes (boolean) Whether to delete the instances Amazon EBS volumes.
Return type dict
delete_layer(LayerId)
Deletes a specified layer. You must first stop and then delete all associated instances. For more information,
see How to Delete a Layer .
Parameters LayerId (string) The layer ID.
Return type dict
delete_stack(StackId)
Deletes a specified stack. You must first delete all instances, layers, and apps. For more information, see
Shut Down a Stack .
2.1. Services 409

Parameters StackId (string) The stack ID.

Return type dict
delete_user_profile(IamUserArn)
Deletes a user profile.
Parameters IamUserArn (string) The users IAM ARN.
Return type dict
deregister_elastic_ip(ElasticIp)
Deregisters a specified Elastic IP address. The address can then be registered by another stack. For more
information, see Resource Management .
Parameters ElasticIp (string) The Elastic IP address.
Return type dict
deregister_rds_db_instance(RdsDbInstanceArn)
Deregisters an Amazon RDS instance.
Parameters RdsDbInstanceArn (string) The Amazon RDS instances ARN.
Return type dict
deregister_volume(VolumeId)
Deregisters an Amazon EBS volume. The volume can then be registered by another stack. For more
Parameters VolumeId (string) The volume ID.
Return type dict
describe_apps(StackId=None, AppIds=None)
Requests a description of a specified set of apps.
Required Permissions : To use this action, an IAM user must have a Show, Deploy, or Manage permis-
sions level for the stack, or an attached policy that explicitly grants permissions. For more information on
user permissions, see Managing User Permissions_ .
Parameters
StackId (string) The app stack ID. If you use this parameter, DescribeApps returns
a description of the apps in the specified stack.
AppIds (list) An array of app IDs for the apps to be described. If you use this param-
eter, DescribeApps returns a description of the specified apps. Otherwise, it returns a
description of every app.
Return type dict
describe_commands(DeploymentId=None, InstanceId=None, CommandIds=None)
Describes the results of specified commands.

Parameters
DeploymentId (string) The deployment ID. If you include this parameter,
DescribeCommands returns a description of the commands associated with the speci-
fied deployment.
InstanceId (string) The instance ID. If you include this parameter,
DescribeCommands returns a description of the commands associated with the
specified instance.
CommandIds (list) An array of command IDs. If you include this parameter,
DescribeCommands returns a description of the specified commands. Otherwise, it
returns a description of every command.
Return type dict
describe_deployments(StackId=None, AppId=None, DeploymentIds=None)
Requests a description of a specified set of deployments.
Parameters
StackId (string) The stack ID. If you include this parameter,
DescribeDeployments returns a description of the commands associated with
the specified stack.
AppId (string) The app ID. If you include this parameter, DescribeDeployments
returns a description of the commands associated with the specified app.
DeploymentIds (list) An array of deployment IDs to be described. If you include this
parameter, DescribeDeployments returns a description of the specified deployments.
Otherwise, it returns a description of every deployment.
Return type dict
describe_elastic_ips(InstanceId=None, StackId=None, Ips=None)
Describes Elastic IP addresses .
Parameters
InstanceId (string) The instance ID. If you include this parameter,
DescribeElasticIps returns a description of the Elastic IP addresses associ-
ated with the specified instance.
StackId (string) A stack ID. If you include this parameter, DescribeElasticIps
returns a description of the Elastic IP addresses that are registered with the specified stack.
Ips (list) An array of Elastic IP addresses to be described. If you include this parame-
ter, DescribeElasticIps returns a description of the specified Elastic IP addresses.
Otherwise, it returns a description of every Elastic IP address.
Return type dict
2.1. Services 411

describe_elastic_load_balancers(StackId=None, LayerIds=None)
Describes a stacks Elastic Load Balancing instances.
Parameters
StackId (string) A stack ID. The action describes the stacks Elastic Load Balancing
instances.
LayerIds (list) A list of layer IDs. The action describes the Elastic Load Balancing
instances for the specified layers.
Return type dict
describe_instances(StackId=None, LayerId=None, InstanceIds=None)
Requests a description of a set of instances.
Parameters
StackId (string) A stack ID. If you use this parameter, DescribeInstances returns
descriptions of the instances associated with the specified stack.
LayerId (string) A layer ID. If you use this parameter, DescribeInstances returns
descriptions of the instances associated with the specified layer.
InstanceIds (list) An array of instance IDs to be described. If you use this parameter,
DescribeInstances returns a description of the specified instances. Otherwise, it
returns a description of every instance.
Return type dict
describe_layers(StackId=None, LayerIds=None)
Requests a description of one or more layers in a specified stack.
Parameters
LayerIds (list) An array of layer IDs that specify the layers to be described. If you omit
this parameter, DescribeLayers returns a description of every layer in the specified
stack.
Return type dict
describe_load_based_auto_scaling(LayerIds)
Describes load-based auto scaling configurations for specified layers.
Parameters LayerIds (list) An array of layer IDs.
Return type dict

describe_my_user_profile()
Describes a users SSH information.
Required Permissions : To use this action, an IAM user must have self-management enabled or an at-
tached policy that explicitly grants permissions. For more information on user permissions, see Managing
User Permissions_ .
Return type dict
describe_permissions(IamUserArn=None, StackId=None)
Describes the permissions for a specified stack.
Parameters
IamUserArn (string) The users IAM ARN. For more information about IAM ARNs,
see Using Identifiers .
Return type dict
describe_raid_arrays(InstanceId=None, RaidArrayIds=None)
Describe an instances RAID arrays.
Parameters
InstanceId (string) The instance ID. If you use this parameter,
DescribeRaidArrays returns descriptions of the RAID arrays associated with
the specified instance.
RaidArrayIds (list) An array of RAID array IDs. If you use this parameter,
DescribeRaidArrays returns descriptions of the specified arrays. Otherwise, it re-
turns a description of every array.
Return type dict
describe_rds_db_instances(StackId, RdsDbInstanceArns=None)
Describes Amazon RDS instances.
Parameters
StackId (string) The stack ID that the instances are registered with. The operation
returns descriptions of all registered Amazon RDS instances.
RdsDbInstanceArns (list) An array containing the ARNs of the instances to be de-
scribed.
Return type dict
describe_service_errors(StackId=None, InstanceId=None, ServiceErrorIds=None)
Describes AWS OpsWorks service errors.
Parameters
2.1. Services 413

StackId (string) The stack ID. If you use this parameter, DescribeServiceErrors
returns descriptions of the errors associated with the specified stack.
InstanceId (string) The instance ID. If you use this parameter,
DescribeServiceErrors returns descriptions of the errors associated with the
specified instance.
ServiceErrorIds (list) An array of service error IDs. If you use this parameter,
DescribeServiceErrors returns descriptions of the specified errors. Otherwise,
it returns a description of every error.
Return type dict
describe_stack_summary(StackId)
Describes the number of layers and apps in a specified stack, and the number of instances in each state,
such as running_setup or online .
Return type dict
describe_stacks(StackIds=None)
Requests a description of one or more stacks.
Parameters StackIds (list) An array of stack IDs that specify the stacks to be described. If
you omit this parameter, DescribeStacks returns a description of every stack.
Return type dict
describe_time_based_auto_scaling(InstanceIds)
Describes time-based auto scaling configurations for specified instances.
Parameters InstanceIds (list) An array of instance IDs.
Return type dict
describe_user_profiles(IamUserArns=None)
Describe specified users.
Parameters IamUserArns (list) An array of IAM user ARNs that identify the users to be
described.
Return type dict
describe_volumes(InstanceId=None, StackId=None, RaidArrayId=None, VolumeIds=None)
Describes an instances Amazon EBS volumes.

Parameters
InstanceId (string) The instance ID. If you use this parameter, DescribeVolumes
returns descriptions of the volumes associated with the specified instance.
StackId (string) A stack ID. The action describes the stacks registered Amazon EBS
volumes.
RaidArrayId (string) The RAID array ID. If you use this parameter,
DescribeVolumes returns descriptions of the volumes associated with the spec-
ified RAID array.
VolumeIds (list) Am array of volume IDs. If you use this parameter,
DescribeVolumes returns descriptions of the specified volumes. Otherwise, it returns
a description of every volume.
Return type dict
detach_elastic_load_balancer(ElasticLoadBalancerName, LayerId)
Detaches a specified Elastic Load Balancing instance from its layer.
Parameters
ElasticLoadBalancerName (string) The Elastic Load Balancing instances name.
LayerId (string) The ID of the layer that the Elastic Load Balancing instance is attached
to.
Return type dict
disassociate_elastic_ip(ElasticIp)
Disassociates an Elastic IP address from its instance. The address remains registered with the stack. For
more information, see Resource Management .
Parameters ElasticIp (string) The Elastic IP address.
Return type dict
get_hostname_suggestion(LayerId)
Gets a generated host name for the specified layer, based on the current host name theme.
Parameters LayerId (string) The layer ID.
Return type dict
reboot_instance(InstanceId)
Reboots a specified instance. For more information, see Starting, Stopping, and Rebooting Instances .
2.1. Services 415

Parameters InstanceId (string) The instance ID.
Return type dict
register_elastic_ip(ElasticIp, StackId)
Registers an Elastic IP address with a specified stack. An address can be registered with only one stack at
a time. If the address is already registered, you must first deregister it by calling DeregisterElasticIp . For
Parameters
ElasticIp (string) The Elastic IP address.
Return type dict
register_rds_db_instance(StackId, RdsDbInstanceArn, DbUser, DbPassword)
Registers an Amazon RDS instance with a stack.
Parameters
RdsDbInstanceArn (string) The Amazon RDS instances ARN.
DbUser (string) The databases master user name.
DbPassword (string) The database password.
Return type dict
register_volume(StackId, Ec2VolumeId=None)
Registers an Amazon EBS volume with a specified stack. A volume can be registered with only one stack
at a time. If the volume is already registered, you must first deregister it by calling DeregisterVolume . For
Parameters
Ec2VolumeId (string) The Amazon EBS volume ID.
Return type dict
set_load_based_auto_scaling(LayerId, Enable=None, UpScaling=None, DownScal-
ing=None)
Specify the load-based auto scaling configuration for a specified layer. For more information, see Manag-
ing Load with Time-based and Load-based Instances .

Parameters
LayerId (string) The layer ID.
Enable (boolean) Enables load-based auto scaling for the layer.
UpScaling (dict) An AutoScalingThresholds object with the upscaling threshold
configuration. If the load exceeds these thresholds for a specified amount of time, AWS
OpsWorks starts a specified number of instances.
DownScaling (dict) An AutoScalingThresholds object with the downscaling
threshold configuration. If the load falls below these thresholds for a specified amount
of time, AWS OpsWorks stops a specified number of instances.
Return type dict
set_permission(StackId, IamUserArn, AllowSsh=None, AllowSudo=None, Level=None)
Specifies a users permissions. For more information, see Security and Permissions .
Parameters
IamUserArn (string) The users IAM ARN.
AllowSsh (boolean) The user is allowed to use SSH to communicate with the instance.
AllowSudo (boolean) The user is allowed to use sudo to elevate privileges.
Level (string) The users permission level, which must be set to one of the following
strings. You cannot set your own permissions level.
deny
show
deploy
manage
iam_only
For more information on the permissions associated with these levels, see Managing
User Permissions_
Return type dict
set_time_based_auto_scaling(InstanceId, AutoScalingSchedule=None)
Specify the time-based auto scaling configuration for a specified instance. For more information, see
Managing Load with Time-based and Load-based Instances .
Parameters
AutoScalingSchedule (dict) An AutoScalingSchedule with the instance sched-
ule.
Return type dict
2.1. Services 417

start_instance(InstanceId)
Starts a specified instance. For more information, see Starting, Stopping, and Rebooting Instances .
Return type dict
start_stack(StackId)
Starts a stacks instances.
Return type dict
stop_instance(InstanceId)
Stops a specified instance. When you stop a standard instance, the data disappears and must be reinstalled
when you restart the instance. You can stop an Amazon EBS-backed instance without losing data. For
more information, see Starting, Stopping, and Rebooting Instances .
Return type dict
stop_stack(StackId)
Stops a specified stack.
Return type dict
unassign_volume(VolumeId)
Unassigns an assigned Amazon EBS volume. The volume remains registered with the stack. For more
Parameters VolumeId (string) The volume ID.
Return type dict
update_app(AppId, Name=None, Description=None, DataSources=None, Type=None, App-
Source=None, Domains=None, EnableSsl=None, SslConfiguration=None, At-
tributes=None)
Updates a specified app.

Required Permissions : To use this action, an IAM user must have a Deploy or Manage permissions
level for the stack, or an attached policy that explicitly grants permissions. For more information on user
permissions, see Managing User Permissions_ .
Parameters
AppId (string) The app ID.
Name (string) The app name.
Description (string) A description of the app.
DataSources (list) The apps data sources.
Type (string) The app type.
AppSource (dict) A Source object that specifies the app repository.
Domains (list) The apps virtual host settings, with multiple domains separated by com-
mas. For example: www.example.com, example.com
EnableSsl (boolean) Whether SSL is enabled for the app.
SslConfiguration (dict) An SslConfiguration object with the SSL configuration.
attributes.
Return type dict
update_elastic_ip(ElasticIp, Name=None)
Updates a registered Elastic IP addresss name. For more information, see Resource Management .
Parameters
ElasticIp (string) The address.
Name (string) The new name.
Return type dict
update_instance(InstanceId, LayerIds=None, InstanceType=None, AutoScalingType=None, Host-
name=None, Os=None, AmiId=None, SshKeyName=None, Architecture=None,
InstallUpdatesOnBoot=None, EbsOptimized=None)
Updates a specified instance.
Parameters
LayerIds (list) The instances layer IDs.
InstanceType (string) The instance type. AWS OpsWorks supports all instance types
except Cluster Compute, Cluster GPU, and High Memory Cluster. For more information,
see Instance Families and Types . The parameter values that you use to specify the various
types are in the API Name column of the Available Instance Types table.
AutoScalingType (string) The instances auto scaling type, which has three possible
values:
2.1. Services 419

AlwaysRunning : A 24/7 instance, which is not affected by auto scaling.

TimeBasedAutoScaling : A time-based auto scaling instance, which is started and
stopped based on a specified schedule.
LoadBasedAutoScaling : A load-based auto scaling instance, which is started and
stopped based on load metrics.
Hostname (string) The instance host name.
Os (string) The instance operating system, which must be set to one of the following.
Standard operating systems: Amazon Linux or Ubuntu 12.04 LTS
Custom AMIs: Custom
The default option is Amazon Linux . If you set this parameter to Custom , you must
use the CreateInstance actions AmiId parameter to specify the custom AMI that you want
to use. For more information on the standard operating systems, see Operating Systems
For more information on how to use custom AMIs with OpsWorks, see Using Custom
AMIs .
AmiId (string) A custom AMI ID to be used to create the instance. The AMI should be
based on one of the standard AWS OpsWorks APIs: Amazon Linux or Ubuntu 12.04 LTS.
For more information, see Instances
SshKeyName (string) The instance SSH key name.
Architecture (string) The instance architecture. Instance types do not necessarily sup-
port both architectures. For a list of the architectures that are supported by the different
instance types, see Instance Families and Types .
EbsOptimized (boolean) Whether this is an Amazon EBS-optimized instance.
Return type dict
update_layer(LayerId, Name=None, Shortname=None, Attributes=None, CustomInstancePro-
fileArn=None, CustomSecurityGroupIds=None, Packages=None, VolumeConfigura-
tions=None, EnableAutoHealing=None, AutoAssignElasticIps=None, AutoAssign-
PublicIps=None, CustomRecipes=None, InstallUpdatesOnBoot=None, UseEbsOpti-
mizedInstances=None)
Updates a specified layer.
Parameters
LayerId (string) The layer ID.
Shortname (string) The layer short name, which is used internally by AWS OpsWork-
sand by Chef. The short name is also used as the name for the directory where your app
files are installed. It can have a maximum of 200 characters and must be in the following
format: /A[a-z0-9-_.]+Z/.

attributes.
CustomInstanceProfileArn (string) The ARN of an IAM profile to be used for all of
the layers EC2 instances. For more information about IAM ARNs, see Using Identifiers .
CustomSecurityGroupIds (list) An array containing the layers custom security group
IDs.
Packages (list) An array of Package objects that describe the layers packages.
CustomRecipes (dict) A LayerCustomRecipes object that specifies the layers cus-
tom recipes.
stances.
Return type dict
update_my_user_profile(SshPublicKey=None)
Updates a users SSH public key.
Required Permissions : To use this action, an IAM user must have self-management enabled or an at-
tached policy that explicitly grants permissions. For more information on user permissions, see Managing
User Permissions_ .
Parameters SshPublicKey (string) The users SSH public key.
Return type dict
update_rds_db_instance(RdsDbInstanceArn, DbUser=None, DbPassword=None)
Updates an Amazon RDS instance.
Parameters
RdsDbInstanceArn (string) The Amazon RDS instances ARN.
DbUser (string) The master user name.
DbPassword (string) The database password.
Return type dict
2.1. Services 421

update_stack(StackId, Name=None, Attributes=None, ServiceRoleArn=None, DefaultInstan-

ceProfileArn=None, DefaultOs=None, HostnameTheme=None, DefaultAvailabil-
ityZone=None, DefaultSubnetId=None, CustomJson=None, ConfigurationMan-
ager=None, ChefConfiguration=None, UseCustomCookbooks=None, CustomCook-
booksSource=None, DefaultSshKeyName=None, DefaultRootDeviceType=None,
UseOpsworksSecurityGroups=None)
Updates a specified stack.
Parameters
Name (string) The stacks new name.
attributes.
Identifiers .
HostnameTheme (string) The stacks new host name theme, with spaces are replaced
by underscores. The theme is used to generate host names for the stacks instances. By
Baked_Goods
Clouds
European_Cities
Fruits
Greek_Deities
Planets_and_Moons
Roman_Deities
Scottish_Islands
US_Cities
Wild_Cats

information, see CreateStack .
For more information, see CreateStack .
figuration JSON .
and Cookbooks .
For more information, see Storage for the Root Device .
AWS OpsWorks provides a standard set of built-in security groups, one for each layer,
which are associated with layers by default. UseOpsworksSecurityGroups
allows you to instead provide your own custom security groups.
UseOpsworksSecurityGroups has the following settings:
Return type dict
update_user_profile(IamUserArn, SshUsername=None, SshPublicKey=None, AllowSelfMan-
agement=None)
Updates a specified user profile.
2.1. Services 423

Parameters
IamUserArn (string) The user IAM ARN.
SshUsername (string) The users SSH user name. The allowable characters are [a-z],
[A-Z], [0-9], -, and _. If the specified name includes other punctuation marks, AWS
OpsWorks removes them. For example, my.name will be changed to myname . If you do
not specify an SSH user name, AWS OpsWorks generates one from the IAM user name.
SshPublicKey (string) The users new SSH public key.
AllowSelfManagement (boolean) Whether users can specify their own SSH public key
through the My Settings page. For more information, see Managing User Permissions_
.
Return type dict
update_volume(VolumeId, Name=None, MountPoint=None)
Updates an Amazon EBS volumes name or mount point. For more information, see Resource Manage-
ment .
Parameters
VolumeId (string) The volume ID.
Name (string) The new name.
MountPoint (string) The new mount point.
Return type dict
Service Resource
class opsworks.Service
A resource representing AWS OpsWorks:
import boto3
opsworks = boto3.resource(opsworks)
Actions
some attributes.
create_stack(Name, Region, ServiceRoleArn, DefaultInstanceProfileArn, VpcId=None, At-
tributes=None, DefaultOs=None, HostnameTheme=None, DefaultAvailabil-
ityZone=None, DefaultSubnetId=None, CustomJson=None, Configuration-
Manager=None, ChefConfiguration=None, UseCustomCookbooks=None,
UseOpsworksSecurityGroups=None, CustomCookbooksSource=None, Default-
SshKeyName=None, DefaultRootDeviceType=None)
This method calls opsworks.Client.create_stack().
Parameters
Name (string) The stack name.

Region (string) The stack AWS region, such as us-east-1. For more information about
Amazon regions, see Regions and Endpoints .
VpcId (string) The ID of the VPC that the stack is to be launched into. It must be in the
specified region. All instances will be launched into this VPC, and you cannot change the
ID later.
attributes.
Identifiers .
Baked_Goods
Clouds
European_Cities
Fruits
Greek_Deities
Planets_and_Moons
Roman_Deities
Scottish_Islands
2.1. Services 425

US_Cities
Wild_Cats
information, see the VpcId parameter description.
For information on default values and when this parameter is required, see the VpcId
parameter description.
figuration JSON .
and Cookbooks .

The default option is instance-store . For more information, see Storage for the
Root Device .
Return type opsworks.Stack
Sub-resources
along to the child.
Layer(id)
Create a opsworks.Layer instance.
Stack(id)
Create a opsworks.Stack instance.
StackSummary(stack_id)
Create a opsworks.StackSummary instance.
Collections
stacks
(CollectionManager) A collection of opsworks.Stack instances. This collection uses the
opsworks.Client.describe_stacks() operation to get items.
Layer
class opsworks.Layer(id)
A resource representing an AWS OpsWorks Layer:
import boto3
layer = opsworks.Layer(id)
Identifiers:
id
(string, identifier) The Layers Id identifier. This attribute must be set for the actions below to work.
Attributes:
attributes
(dict) The layer attributes.
auto_assign_elastic_ips
(boolean) Whether to automatically assign an Elastic IP address to the layers instances. For more
information, see How to Edit a Layer .
2.1. Services 427

auto_assign_public_ips
(boolean) For stacks that are running in a VPC, whether to automatically assign a public IP address to
the layers instances. For more information, see How to Edit a Layer .
created_at
(string) Date when the layer was created.
custom_instance_profile_arn
(string) The ARN of the default IAM profile to be used for the layers EC2 instances. For more infor-
mation about IAM ARNs, see Using Identifiers .
custom_recipes
(dict) A LayerCustomRecipes object that specifies the layers custom recipes.
custom_security_group_ids
(list) An array containing the layers custom security group IDs.
default_recipes
(dict) AWS OpsWorks supports five lifecycle events, setup , configuration , deploy , undeploy , and
shutdown . For each layer, AWS OpsWorks runs a set of standard recipes for each event. In addition, you
can provide custom recipes for any or all layers and events. AWS OpsWorks runs custom event recipes
after the standard recipes. LayerCustomRecipes specifies the custom recipes for a particular layer to
be run in response to each of the five events.
To specify a recipe, use the cookbooks directory name in the repository followed by two colons and the
recipe name, which is the recipes file name without the .rb extension. For example: phpapp2::dbsetup
specifies the dbsetup.rb recipe in the repositorys phpapp2 folder.
default_security_group_names
(list) An array containing the layers security group names.
enable_auto_healing
(boolean) Whether auto healing is disabled for the layer.
install_updates_on_boot
(boolean) Whether to install operating system and package updates when the instance boots. The default
value is true . If this value is set to false , you must then update your instances manually by using Cre-
ateDeployment to run the update_dependencies stack command or manually running yum (Amazon
Linux) or apt-get (Ubuntu) on the instances.
layer_id
(string) The layer ID.
name
(string) The layer name.
packages
(list) An array of Package objects that describe the layers packages.
shortname
(string) The layer short name.
stack_id
(string) The layer stack ID.
type
(string) The layer type, which must be one of the following:
Custom
GangliaMonitoringMaster
HaProxy

MemcachedServer
MySqlMaster
NodeJsAppServer
PhpAppServer
RailsAppServer
WebServer
use_ebs_optimized_instances
(boolean) Whether the layer uses Amazon EBS-optimized instances.
volume_configurations
(list) A VolumeConfigurations object that describes the layers Amazon EBS volumes.
Actions
some attributes.
delete()
This method calls opsworks.Client.delete_layer().
Return type dict
References
stack
(opsworks.Stack) The related Stack if set, otherwise None.
Stack
class opsworks.Stack(id)
A resource representing an AWS OpsWorks Stack:
import boto3
stack = opsworks.Stack(id)
Identifiers:
id
(string, identifier) The Stacks Id identifier. This attribute must be set for the actions below to work.
Attributes:
arn
(string) The stacks ARN.
attributes
(dict) The stacks attributes.
2.1. Services 429

chef_configuration
(dict) A ChefConfiguration object that specifies whether to enable Berkshelf and the Berkshelf
version. For more information, see Create a New Stack_ .
configuration_manager
(dict) The configuration manager.
created_at
(string) Date when the stack was created.
custom_cookbooks_source
(dict) Contains the information required to retrieve an app or cookbook from a repository. For more
information, see Creating Apps or Custom Recipes and Cookbooks .
custom_json
(string) A string that contains user-defined, custom JSON. It is used to override the corresponding
default stack configuration JSON values. The string should be in the following format and must escape
characters such as .:
For more information on custom JSON, see Use Custom JSON to Modify the Stack Configuration JSON .
default_availability_zone
(string) The stacks default Availability Zone. For more information, see Regions and Endpoints .
default_instance_profile_arn
(string) The ARN of an IAM profile that is the default profile for all of the stacks EC2 instances. For
more information about IAM ARNs, see Using Identifiers .
default_os
(string) The stacks default operating system, which must be set to Amazon Linux or Ubuntu
12.04 LTS . The default option is Amazon Linux .
default_root_device_type
(string) The default root device type. This value is used by default for all instances in the stack, but you
can override it when you create an instance. For more information, see Storage for the Root Device .
default_ssh_key_name
(string) A default SSH key for the stacks instances. You can override this value when you create or
update an instance.
default_subnet_id
(string) The default subnet ID, if the stack is running in a VPC.
hostname_theme
(string) The stack host name theme, with spaces replaced by underscores.
name
(string) The stack name.
region
(string) The stack AWS region, such as us-east-1. For more information about AWS regions, see
Regions and Endpoints .
service_role_arn
(string) The stack AWS Identity and Access Management (IAM) role.
stack_id
(string) The stack ID.
use_custom_cookbooks
(boolean) Whether the stack uses custom cookbooks.

use_opsworks_security_groups
(boolean) Whether the stack automatically associates the AWS OpsWorks built-in security groups with
the stacks layers.
vpc_id
(string) The VPC ID, if the stack is running in a VPC.
Actions
some attributes.
create_layer(Type, Name, Shortname, Attributes=None, CustomInstanceProfileArn=None, Custom-
SecurityGroupIds=None, Packages=None, VolumeConfigurations=None, EnableAu-
toHealing=None, AutoAssignElasticIps=None, AutoAssignPublicIps=None, Custom-
Recipes=None, InstallUpdatesOnBoot=None, UseEbsOptimizedInstances=None)
This method calls opsworks.Client.create_layer().
Parameters
Type (string) The layer type. A stack cannot have more than one built-in layer of the
same type. It can have any number of custom layers. This parameter must be set to one of
the following:
custom: A custom layer
db-master: A MySQL layer
java-app: A Java App Server layer
rails-app: A Rails App Server layer
lb: An HAProxy layer
memcached: A Memcached layer
monitoring-master: A Ganglia layer
nodejs-app: A Node.js App Server layer
php-app: A PHP App Server layer
web: A Static Web Server layer
Shortname (string) The layer short name, which is used internally by AWS OpsWorks
and by Chef recipes. The short name is also used as the name for the directory where your
app files are installed. It can have a maximum of 200 characters, which are limited to the
alphanumeric characters, -, _, and ..
attributes.
CustomInstanceProfileArn (string) The ARN of an IAM profile that to be used for the
layers EC2 instances. For more information about IAM ARNs, see Using Identifiers .
CustomSecurityGroupIds (list) An array containing the layer custom security group
IDs.
Packages (list) An array of Package objects that describe the layer packages.
2.1. Services 431


CustomRecipes (dict) A LayerCustomRecipes object that specifies the layer cus-
tom recipes.
stances.
Return type opsworks.Layer
delete()
This method calls opsworks.Client.delete_stack().
Return type dict
Sub-resources
along to the child.
StackSummary()
Create a opsworks.StackSummary instance.
Collections
layers
(CollectionManager) A collection of opsworks.Layer instances. This collection uses the
opsworks.Client.describe_layers() operation to get items.
StackSummary
class opsworks.StackSummary(stack_id)
A resource representing an AWS OpsWorks StackSummary:
import boto3
stack_summary = opsworks.StackSummary(stack_id)
Identifiers:
stack_id
(string, identifier) The StackSummarys StackId identifier. This attribute must be set for the actions
below to work.

Attributes:
apps_count
(integer) The number of apps.
arn
(string) The stacks ARN.
instances_count
(dict) An InstancesCount object with the number of instances in each status.
layers_count
(integer) The number of layers.
name
(string) The stack name.
stack_id
(string) The stack ID.
Actions
some attributes.
References
stack
(opsworks.Stack) The related Stack if set, otherwise None.
2.1.28 Amazon Relational Database Service
Table of Contents
Amazon Relational Database Service
Client
Client
class rds.Client
A low-level client representing Amazon Relational Database Service:
import boto3
rds = boto3.client(rds)
add_source_identifier_to_subscription(SubscriptionName, SourceIdentifier)
Adds a source identifier to an existing RDS event notification subscription.
Parameters
SubscriptionName (string) The name of the RDS event notification subscription you
want to add a source identifier to.
SourceIdentifier (string) The identifier of the event source to be added. An identifier
must begin with a letter and must contain only ASCII letters, digits, and hyphens; it cannot
end with a hyphen or contain two consecutive hyphens.
2.1. Services 433

Constraints:
If the source type is a DB instance, then a DBInstanceIdentifier must be sup-
plied.
If the source type is a DB security group, a DBSecurityGroupName must be sup-
plied.
If the source type is a DB parameter group, a DBParameterGroupName must be
supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier must be supplied.
Return type dict
add_tags_to_resource(ResourceName, Tags)
Adds metadata tags to an Amazon RDS resource. These tags can also be used with cost allocation reporting
to track cost associated with Amazon RDS resources, or used in Condition statement in IAM policy for
Amazon RDS.
For an overview on tagging Amazon RDS resources, see Tagging Amazon RDS Resources .
Parameters
ResourceName (string) The Amazon RDS resource the tags will be added to. This
value is an Amazon Resource Name (ARN). For information about creating an ARN, see
Constructing an RDS Amazon Resource Name (ARN) .
Tags (list) The tags to be assigned to the Amazon RDS resource.
Return type dict
authorize_db_security_group_ingress(DBSecurityGroupName, CIDRIP=None,
EC2SecurityGroupName=None,
EC2SecurityGroupId=None,
EC2SecurityGroupOwnerId=None)
Enables ingress to a DBSecurityGroup using one of two forms of authorization. First, EC2 or VPC security
groups can be added to the DBSecurityGroup if the application using the database is running on EC2 or
VPC instances. Second, IP ranges are available if the application accessing your database is running on
the Internet. Required parameters for this API are one of CIDR range, EC2SecurityGroupId for VPC, or
(EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId for non-VPC).
For an overview of CIDR ranges, go to the Wikipedia Tutorial .
Parameters
DBSecurityGroupName (string) The name of the DB security group to add authoriza-
tion to.
CIDRIP (string) The IP range to authorize.
EC2SecurityGroupName (string) Name of the EC2 security group to autho-
rize. For VPC DB security groups, EC2SecurityGroupId must be provided.
Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or
EC2SecurityGroupId must be provided.
EC2SecurityGroupId (string) Id of the EC2 security group to authorize. For
VPC DB security groups, EC2SecurityGroupId must be provided. Oth-
erwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName or
EC2SecurityGroupId must be provided.
EC2SecurityGroupOwnerId (string) AWS Account Number of the owner of
the EC2 security group specified in the EC2SecurityGroupName parameter. The
AWS Access Key ID is not an acceptable value. For VPC DB security groups,

EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and

either EC2SecurityGroupName or EC2SecurityGroupId must be provided.
Return type dict
copy_db_parameter_group(SourceDBParameterGroupIdentifier, TargetDBParameterGroupIden-
tifier, TargetDBParameterGroupDescription, Tags=None)
Copies the specified DBParameterGroup.
Parameters
SourceDBParameterGroupIdentifier (string) The identifier or ARN for the source DB
Parameter Group.
Constraints:
Must specify a valid DB Parameter Group.
If the source DB Parameter Group is in the same region as the copy, specify a valid DB
Parameter Group identifier, or a valid ARN.
If the source DB Parameter Group is in a different region than the copy, specify a valid
DB parameter group ARN.
Example: my-db-param-group
Example: arn:aws:rds:us-west-2:123456789012:pg:special-parameters
TargetDBParameterGroupIdentifier (string) The identifier for the copied DB Param-
eter Group.
Constraints:
Cannot be null, empty, or blank
Must contain from 1 to 255 alphanumeric characters or hyphens
Example: my-db-parameter-group
TargetDBParameterGroupDescription (string) The description for the copied DB Pa-
rameter Group.
Tags (list) A list of tags.
Return type dict
copy_db_snapshot(SourceDBSnapshotIdentifier, TargetDBSnapshotIdentifier, Tags=None)
Copies the specified DBSnapshot. The source DBSnapshot must be in the available state.
Parameters
SourceDBSnapshotIdentifier (string) The identifier for the source DB snapshot.
Constraints:
Must specify a valid system snapshot in the available state.
If the source snapshot is in the same region as the copy, specify a valid DB snapshot
identifier.
If the source snapshot is in a different region than the copy, specify a valid DB snapshot
ARN. For more information, go to Copying a DB Snapshot .
2.1. Services 435

Example: rds:mydb-2012-04-02-00-01
Example: arn:aws:rds:rr-regn-1:123456789012:snapshot:mysql-instance1-snapshot-
TargetDBSnapshotIdentifier (string) The identifier for the copied snapshot.
Constraints:
Example: my-db-snapshot
Return type dict
copy_option_group(SourceOptionGroupIdentifier, TargetOptionGroupIdentifier, TargetOption-
GroupDescription, Tags=None)
Copies the specified Option Group.
Parameters
SourceOptionGroupIdentifier (string) The identifier or ARN for the source Option
Group.
Constraints:
Must specify a valid Option Group.
If the source Option Group is in the same region as the copy, specify a valid Option
Group identifier, or a valid ARN.
If the source Option Group is in a different region than the copy, specify a valid Option
group ARN.
Example: my-option-group
Example: arn:aws:rds:us-west-2:123456789012:og:special-options
TargetOptionGroupIdentifier (string) The identifier for the copied Option Group.
Constraints:
Example: my-option-group
TargetOptionGroupDescription (string) The description for the copied Option Group.
Return type dict

create_db_instance(DBInstanceIdentifier, AllocatedStorage, DBInstanceClass, Engine,

MasterUsername, MasterUserPassword, DBName=None, DBSecuri-
tyGroups=None, VpcSecurityGroupIds=None, AvailabilityZone=None,
DBSubnetGroupName=None, PreferredMaintenanceWindow=None, DB-
ParameterGroupName=None, BackupRetentionPeriod=None, Preferred-
BackupWindow=None, Port=None, MultiAZ=None, EngineVersion=None,
AutoMinorVersionUpgrade=None, LicenseModel=None, Iops=None,
OptionGroupName=None, CharacterSetName=None, PubliclyAccessi-
ble=None, Tags=None, StorageType=None, TdeCredentialArn=None,
TdeCredentialPassword=None)
Creates a new DB instance.
Parameters
DBName (string) The meaning of this parameter differs according to the database engine
you use.
Type: String
MySQL
The name of the database to create when the DB instance is created. If this parameter is
not specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 64 alphanumeric characters
Cannot be a word reserved by the specified database engine
PostgreSQL
The name of the database to create when the DB instance is created. If this parameter is
not specified, no database is created in the DB instance.
Constraints:
Must contain 1 to 63 alphanumeric characters
Must begin with a letter or an underscore. Subsequent characters can be letters, under-
scores, or digits (0-9).
Cannot be a word reserved by the specified database engine
Oracle
The Oracle System ID (SID) of the created DB instance.
Default: ORCL
Constraints:
Cannot be longer than 8 characters
SQL Server
Not applicable. Must be null.
DBInstanceIdentifier (string) The DB instance identifier. This parameter is stored as a
lowercase string.
Constraints:
Must contain from 1 to 63 alphanumeric characters or hyphens (1 to 15 for SQL Server).
First character must be a letter.
2.1. Services 437

Cannot end with a hyphen or contain two consecutive hyphens.

Example: mydbinstance
AllocatedStorage (integer) The amount of storage (in gigabytes) to be initially allocated
for the database instance.
Type: Integer
MySQL
Constraints: Must be an integer from 5 to 3072.
PostgreSQL
Oracle
SQL Server
Constraints: Must be an integer from 200 to 1024 (Standard Edition and Enterprise Edi-
tion) or from 30 to 1024 (Express Edition and Web Edition)
DBInstanceClass (string) The compute and memory capacity of the DB instance.
Valid Values: db.t1.micro | db.m1.small | db.m1.medium |
db.m1.large | db.m1.xlarge | db.m2.xlarge |db.m2.2xlarge |
db.m2.4xlarge | db.m3.medium | db.m3.large | db.m3.xlarge |
db.m3.2xlarge | db.r3.large | db.r3.xlarge | db.r3.2xlarge
| db.r3.4xlarge | db.r3.8xlarge | db.t2.micro | db.t2.small
| db.t2.medium
Engine (string) The name of the database engine to be used for this instance.
Valid Values: MySQL | oracle-se1 | oracle-se | oracle-ee | sqlserver-ee |
sqlserver-se | sqlserver-ex | sqlserver-web | postgres
MasterUsername (string) The name of master user for the client DB instance.
MySQL
Constraints:
Must be 1 to 16 alphanumeric characters.
Cannot be a reserved word for the chosen database engine.
Type: String
Oracle
Constraints:
SQL Server
Constraints:


MasterUserPassword (string) The password for the master database user. Can be any
printable ASCII character except /, , or @.
Type: String
MySQL
Constraints: Must contain from 8 to 41 characters.
Oracle
SQL Server
DBSecurityGroups (list) A list of DB security groups to associate with this DB instance.
Default: The default DB security group for the database engine.
VpcSecurityGroupIds (list) A list of EC2 VPC security groups to associate with this
DB instance.
Default: The default EC2 VPC security group for the DB subnet groups VPC.
AvailabilityZone (string) The EC2 Availability Zone that the database instance will be
created in.
Default: A random, system-chosen Availability Zone in the endpoints region.
Example: us-east-1d
Constraint: The AvailabilityZone parameter cannot be specified if the MultiAZ parameter
is set to true . The specified Availability Zone must be in the same region as the current
endpoint.
DBSubnetGroupName (string) A DB subnet group to associate with this DB instance.
If there is no DB subnet group, then it is a non-VPC DB instance.
Format: ddd:hh24:mi-ddd:hh24:mi
Default: A 30-minute window selected at random from an 8-hour block of time per region,
occurring on a random day of the week. To see the time blocks available, see Adjusting
the Preferred Maintenance Window in the Amazon RDS User Guide.
Valid Days: Mon, Tue, Wed, Thu, Fri, Sat, Sun
Constraints: Minimum 30-minute window.
DBParameterGroupName (string) The name of the DB parameter group to associate
with this DB instance. If this argument is omitted, the default DBParameterGroup for the
specified engine will be used.
Constraints:
2.1. Services 439


BackupRetentionPeriod (integer) The number of days for which automated backups
are retained. Setting this parameter to a positive number enables backups. Setting this
parameter to 0 disables automated backups.
Default: 1
Constraints:
Must be a value from 0 to 35
Cannot be set to 0 if the DB instance is a source to read replicas
PreferredBackupWindow (string) The daily time range during which au-
tomated backups are created if automated backups are enabled, using the
BackupRetentionPeriod parameter.
Default: A 30-minute window selected at random from an 8-hour block of time per region.
See the Amazon RDS User Guide for the time blocks for each region from which the
default backup windows are assigned.
Constraints: Must be in the format hh24:mi-hh24:mi . Times should be Universal
Time Coordinated (UTC). Must not conflict with the preferred maintenance window. Must
be at least 30 minutes.
Port (integer) The port number on which the database accepts connections.
MySQL
Default: 3306
Valid Values: 1150-65535
Type: Integer
PostgreSQL
Default: 5432
Type: Integer
Oracle
Default: 1521
SQL Server
Default: 1433
Valid Values: 1150-65535 except for 1434 , 3389 , 47001 , 49152 , and 49152
through 49156 .
MultiAZ (boolean) Specifies if the DB instance is a Multi-AZ deployment. You cannot
set the AvailabilityZone parameter if the MultiAZ parameter is set to true.
EngineVersion (string) The version number of the database engine to use.
MySQL
Example: 5.1.42
Type: String

PostgreSQL
Example: 9.3
Type: String
Oracle
Example: 11.2.0.2.v2
Type: String
SQL Server
Example: 10.50.2789.0.v1
AutoMinorVersionUpgrade (boolean) Indicates that minor engine upgrades will be
applied automatically to the DB instance during the maintenance window.
Default: true
LicenseModel (string) License model information for this DB instance.
Valid values: license-included | bring-your-own-license |
general-public-license
Iops (integer) The amount of Provisioned IOPS (input/output operations per second) to
be initially allocated for the DB instance.
Constraints: To use PIOPS, this value must be an integer greater than 1000.
OptionGroupName (string) Indicates that the DB instance should be associated with
the specified option group.
Permanent options, such as the TDE option for Oracle Advanced Security TDE, cannot
be removed from an option group, and that option group cannot be removed from a DB
instance once it is associated with a DB instance
CharacterSetName (string) For supported engines, indicates that the DB instance
should be associated with the specified CharacterSet.
PubliclyAccessible (boolean) Specifies the accessibility options for the DB instance. A
value of true specifies an Internet-facing instance with a publicly resolvable DNS name,
which resolves to a public IP address. A value of false specifies an internal instance with
a DNS name that resolves to a private IP address.
Default: The default behavior varies depending on whether a VPC has been requested or
not. The following list shows the default behavior in each case.
Default VPC: true
VPC: false
If no DB subnet group has been specified as part of the request and the PubliclyAccessible
value has not been set, the DB instance will be publicly accessible. If a specific DB subnet
group has been specified as part of the request and the PubliclyAccessible value has not
been set, the DB instance will be private.
StorageType (string) Specifies storage type to be associated with the DB Instance.
Valid values: standard | gp2 | io1
If you specify io1 , you must also include a value for the Iops parameter.
2.1. Services 441

TdeCredentialArn (string) The ARN from the Key Store with which to associate the
instance for TDE encryption.
TdeCredentialPassword (string) The password for the given ARN from the Key Store
in order to access the device.
Return type dict
create_db_instance_read_replica(DBInstanceIdentifier, SourceDBInstanceIdentifier, DBIn-
stanceClass=None, AvailabilityZone=None, Port=None,
AutoMinorVersionUpgrade=None, Iops=None, Op-
tionGroupName=None, PubliclyAccessible=None,
Tags=None, DBSubnetGroupName=None, Stor-
ageType=None)
Creates a DB instance that acts as a read replica of a source DB instance.
All read replica DB instances are created as Single-AZ deployments with backups disabled. All other DB
instance attributes (including DB security groups and DB parameter groups) are inherited from the source
DB instance, except as specified below.
Warning: The source DB instance must have backup retention enabled.
Parameters
DBInstanceIdentifier (string) The DB instance identifier of the read replica. This is the
unique key that identifies a DB instance. This parameter is stored as a lowercase string.
SourceDBInstanceIdentifier (string) The identifier of the DB instance that will act as
the source for the read replica. Each DB instance can have up to five read replicas.
Constraints:
Must be the identifier of an existing DB instance.
Can specify a DB instance that is a read replica only if the source is running MySQL
5.6.
The specified DB instance must have automatic backups enabled, its backup retention
period must be greater than 0.
If the source DB instance is in the same region as the read replica, specify a valid DB
instance identifier.
If the source DB instance is in a different region than the read replica, specify a valid
DB instance ARN. For more information, go to Constructing a Amazon RDS Amazon
Resource Name (ARN) .
DBInstanceClass (string) The compute and memory capacity of the read replica.
Valid Values: db.m1.small | db.m1.medium | db.m1.large |
db.m1.xlarge | db.m2.xlarge |db.m2.2xlarge | db.m2.4xlarge
| db.m3.medium | db.m3.large | db.m3.xlarge | db.m3.2xlarge
| db.r3.large | db.r3.xlarge | db.r3.2xlarge |
db.r3.4xlarge | db.r3.8xlarge | db.t2.micro | db.t2.small
| db.t2.medium
Default: Inherits from the source DB instance.
AvailabilityZone (string) The Amazon EC2 Availability Zone that the read replica will
be created in.
Default: A random, system-chosen Availability Zone in the endpoints region.

Example: us-east-1d
Port (integer) The port number that the DB instance uses for connections.
Default: Inherits from the source DB instance
AutoMinorVersionUpgrade (boolean) Indicates that minor engine upgrades will be
applied automatically to the read replica during the maintenance window.
Default: Inherits from the source DB instance
OptionGroupName (string) The option group the DB instance will be associated with.
If omitted, the default option group for the engine specified will be used.
Default VPC: true
VPC: false
DBSubnetGroupName (string) Specifies a DB subnet group for the DB instance. The
new DB instance will be created in the VPC associated with the DB subnet group. If no
DB subnet group is specified, then the new DB instance is not created in a VPC.
Constraints:
Can only be specified if the source DB instance identifier specifies a DB instance in
another region.
The specified DB subnet group must be in the same region in which the operation is
running.
All read replicas in one region that are created from the same source DB instance must
either: * Specify DB subnet groups from the same VPC. All these read replicas will be
created in the same VPC.
Not specify a DB subnet group. All these read replicas will be created outside of any
VPC.
StorageType (string) Specifies storage type to be associated with the DB Instance read
replica.
Return type dict
2.1. Services 443

create_db_parameter_group(DBParameterGroupName, DBParameterGroupFamily, Descrip-

tion, Tags=None)
Creates a new DB parameter group.
A DB parameter group is initially created with the default parameters for the database engine used by the
DB instance. To provide custom values for any of the parameters, you must modify the group after creating
it using ModifyDBParameterGroup . Once youve created a DB parameter group, you need to associate it
with your DB instance using ModifyDBInstance . When you associate a new DB parameter group with a
running DB instance, you need to reboot the DB instance without failover for the new DB parameter group
and associated settings to take effect.
Warning: After you create a DB parameter group, you should wait at least 5 minutes before creating
your first DB instance that uses that DB parameter group as the default parameter group. This allows
Amazon RDS to fully complete the create action before the parameter group is used as the default
for a new DB instance. This is especially important for parameters that are critical when creating the
default database for a DB instance, such as the character set for the default database defined by the
character_set_database parameter. You can use the Parameter Groups option of the Amazon
RDS console or the DescribeDBParameters command to verify that your DB parameter group has been
created or modified.
Parameters
DBParameterGroupName (string) The name of the DB parameter group.
Constraints:
DBParameterGroupFamily (string) The DB parameter group family name. A DB
parameter group can be associated with one and only one DB parameter group family,
and can be applied only to a DB instance running a database engine and engine version
compatible with that DB parameter group family.
Description (string) The description for the DB parameter group.
Return type dict
create_db_security_group(DBSecurityGroupName, DBSecurityGroupDescription,
Tags=None)
Creates a new DB security group. DB security groups control access to a DB instance.
Parameters
DBSecurityGroupName (string) The name for the DB security group. This value is
Constraints:
Must not be Default
May not contain spaces
Example: mysecuritygroup

DBSecurityGroupDescription (string) The description for the DB security group.

Return type dict
create_db_snapshot(DBSnapshotIdentifier, DBInstanceIdentifier, Tags=None)
Creates a DBSnapshot. The source DBInstance must be in available state.
Parameters
DBSnapshotIdentifier (string) The identifier for the DB snapshot.
Constraints:
Example: my-snapshot-id
DBInstanceIdentifier (string) The DB instance identifier. This is the unique key that
identifies a DB instance.
Constraints:
Return type dict
create_db_subnet_group(DBSubnetGroupName, DBSubnetGroupDescription, SubnetIds,
Tags=None)
Creates a new DB subnet group. DB subnet groups must contain at least one subnet in at least two AZs in
the region.
Parameters
DBSubnetGroupName (string) The name for the DB subnet group. This value is stored
Constraints: Must contain no more than 255 alphanumeric characters or hyphens. Must
not be Default.
Example: mySubnetgroup
DBSubnetGroupDescription (string) The description for the DB subnet group.
SubnetIds (list) The EC2 Subnet IDs for the DB subnet group.
Return type dict
create_event_subscription(SubscriptionName, SnsTopicArn, SourceType=None, EventCate-
gories=None, SourceIds=None, Enabled=None, Tags=None)
Creates an RDS event notification subscription. This action requires a topic ARN (Amazon Resource
Name) created by either the RDS console, the SNS console, or the SNS API. To obtain an ARN with SNS,
2.1. Services 445

you must create a topic in Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS
console.
You can specify the type of source (SourceType) you want to be notified of, provide a list of RDS sources
(SourceIds) that triggers the events, and provide a list of event categories (EventCategories) for events you
want to be notified of. For example, you can specify SourceType = db-instance, SourceIds = mydbin-
stance1, mydbinstance2 and EventCategories = Availability, Backup.
If you specify both the SourceType and SourceIds, such as SourceType = db-instance and SourceIdentifier
= myDBInstance1, you will be notified of all the db-instance events for the specified source. If you specify
a SourceType but do not specify a SourceIdentifier, you will receive notice of the events for that source
type for all your RDS sources. If you do not specify either the SourceType nor the SourceIdentifier, you
will be notified of events generated from all RDS sources belonging to your customer account.
Parameters
SubscriptionName (string) The name of the subscription.
Constraints: The name must be less than 255 characters.
SnsTopicArn (string) The Amazon Resource Name (ARN) of the SNS topic created
for event notification. The ARN is created by Amazon SNS when you create a topic and
subscribe to it.
SourceType (string) The type of source that will be generating the events. For exam-
ple, if you want to be notified of events generated by a DB instance, you would set this
parameter to db-instance. if this value is not specified, all events are returned.
Valid values: db-instance | db-parameter-group | db-security-group | db-snapshot
EventCategories (list) A list of event categories for a SourceType that you want to
subscribe to. You can see a list of the categories for a given SourceType in the Events
topic in the Amazon RDS User Guide or by using the DescribeEventCategories action.
SourceIds (list) The list of identifiers of the event sources for which events will be
returned. If not specified, then all sources are included in the response. An identifier must
begin with a letter and must contain only ASCII letters, digits, and hyphens; it cannot end
with a hyphen or contain two consecutive hyphens.
Constraints:
If SourceIds are supplied, SourceType must also be provided.
If the source type is a DB instance, then a DBInstanceIdentifier must be sup-
plied.
If the source type is a DB security group, a DBSecurityGroupName must be sup-
plied.
If the source type is a DB parameter group, a DBParameterGroupName must be
supplied.
If the source type is a DB snapshot, a DBSnapshotIdentifier must be supplied.
Enabled (boolean) A Boolean value; set to true to activate the subscription, set to false
to create the subscription but not active it.
Return type dict
create_option_group(OptionGroupName, EngineName, MajorEngineVersion, OptionGroupDe-
scription, Tags=None)
Creates a new option group. You can create up to 20 option groups.

Parameters
OptionGroupName (string) Specifies the name of the option group to be created.
Constraints:
Must be 1 to 255 alphanumeric characters or hyphens
Example: myoptiongroup
EngineName (string) Specifies the name of the engine that this option group should be
associated with.
MajorEngineVersion (string) Specifies the major version of the engine that this option
group should be associated with.
OptionGroupDescription (string) The description of the option group.
Return type dict
delete_db_instance(DBInstanceIdentifier, SkipFinalSnapshot=None, FinalDBSnapshotIdenti-
fier=None)
The DeleteDBInstance action deletes a previously provisioned DB instance. A successful response from
the web service indicates the request was received correctly. When you delete a DB instance, all automated
backups for that instance are deleted and cannot be recovered. Manual DB snapshots of the DB instance
to be deleted are not deleted.
If a final DB snapshot is requested the status of the RDS instance will be deleting until the DB snapshot
is created. The API action DescribeDBInstance is used to monitor the status of this operation. The
action cannot be canceled or reverted once submitted.
Parameters
DBInstanceIdentifier (string) The DB instance identifier for the DB instance to be
deleted. This parameter isnt case sensitive.
Constraints:
SkipFinalSnapshot (boolean) Determines whether a final DB snapshot is created before
the DB instance is deleted. If true is specified, no DBSnapshot is created. If false is
specified, a DB snapshot is created before the DB instance is deleted.
Specify true when deleting a read replica.
Default: false
FinalDBSnapshotIdentifier (string) The DBSnapshotIdentifier of the new DBSnapshot
created when SkipFinalSnapshot is set to false .
Constraints:
2.1. Services 447

Cannot be specified when deleting a read replica.

Return type dict
delete_db_parameter_group(DBParameterGroupName)
Deletes a specified DBParameterGroup. The DBParameterGroup to be deleted cannot be associated with
any DB instances.
Parameters DBParameterGroupName (string) The name of the DB parameter group.
Constraints:
Must be the name of an existing DB parameter group
You cannot delete a default DB parameter group
Cannot be associated with any DB instances
Return type dict
delete_db_security_group(DBSecurityGroupName)
Deletes a DB security group.
Parameters DBSecurityGroupName (string) The name of the DB security group to delete.
Constraints:
Must not be Default
May not contain spaces
Return type dict
delete_db_snapshot(DBSnapshotIdentifier)
Deletes a DBSnapshot. If the snapshot is being copied, the copy operation is terminated.
Parameters DBSnapshotIdentifier (string) The DBSnapshot identifier.
Constraints: Must be the name of an existing DB snapshot in the available state.
Return type dict
delete_db_subnet_group(DBSubnetGroupName)
Deletes a DB subnet group.
Parameters DBSubnetGroupName (string) The name of the database subnet group to delete.
Constraints:
Return type dict
delete_event_subscription(SubscriptionName)
Deletes an RDS event notification subscription.
Parameters SubscriptionName (string) The name of the RDS event notification subscription
you want to delete.

Return type dict

delete_option_group(OptionGroupName)
Deletes an existing option group.
Parameters OptionGroupName (string) The name of the option group to be deleted.
Return type dict
describe_db_engine_versions(Engine=None, EngineVersion=None, DBParameterGroupFam-
ily=None, Filters=None, MaxRecords=None, Marker=None,
DefaultOnly=None, ListSupportedCharacterSets=None)
Returns a list of the available DB engines.
Parameters
Engine (string) The database engine to return.
EngineVersion (string) The database engine version to return.
Example: 5.1.49
DBParameterGroupFamily (string) The name of a specific DB parameter group family
Constraints:
Filters (list) Not currently supported.
MaxRecords (integer) The maximum number of records to include in the response.
If more than the MaxRecords value is available, a pagination token called a marker is
included in the response so that the following results can be retrieved.
Default: 100
Constraints: minimum 20, maximum 100
Marker (string) An optional pagination token provided by a previous request. If this
parameter is specified, the response includes only records beyond the marker, up to the
value specified by MaxRecords .
DefaultOnly (boolean) Indicates that only the default version of the specified engine or
engine and major version combination is returned.
ListSupportedCharacterSets (boolean) If this parameter is specified, and if the re-
quested engine supports the CharacterSetName parameter for CreateDBInstance, the re-
sponse includes a list of supported character sets for each engine version.
Return type dict
describe_db_instances(DBInstanceIdentifier=None, Filters=None, MaxRecords=None,
Marker=None)
Returns information about provisioned RDS instances. This API supports pagination.
Parameters
2.1. Services 449

DBInstanceIdentifier (string) The user-supplied instance identifier. If this parameter is

specified, information from only the specific DB instance is returned. This parameter isnt
case sensitive.
Constraints:
Filters (list) This parameter is not currently supported.
more records exist than the specified MaxRecords value, a pagination token called a
marker is included in the response so that the remaining results may be retrieved.
Default: 100
Marker (string) An optional pagination token provided by a previous DescribeDBIn-
stances request. If this parameter is specified, the response includes only records beyond
the marker, up to the value specified by MaxRecords .
Return type dict
describe_db_log_files(DBInstanceIdentifier, FilenameContains=None, FileLastWritten=None,
FileSize=None, Filters=None, MaxRecords=None, Marker=None)
Returns a list of DB log files for the DB instance.
Parameters
DBInstanceIdentifier (string) The customer-assigned name of the DB instance that
contains the log files you want to list.
Constraints:
FilenameContains (string) Filters the available log files for log file names that contain
the specified string.
FileLastWritten (integer) Filters the available log files for files written since the speci-
fied date, in POSIX timestamp format.
FileSize (integer) Filters the available log files for files larger than the specified size.
If more records exist than the specified MaxRecords value, a pagination token called a
marker is included in the response so that the remaining results can be retrieved.
Marker (string) The pagination token provided in the previous request. If this parameter
is specified the response includes only records beyond the marker, up to MaxRecords.
Return type dict

describe_db_parameter_groups(DBParameterGroupName=None, Filters=None,
Returns a list of DBParameterGroup descriptions. If a DBParameterGroupName is specified, the
list will contain only the description of the specified DB parameter group.
Parameters
DBParameterGroupName (string) The name of a specific DB parameter group to re-
turn details for.
Constraints:
Default: 100
Marker (string) An optional pagination token provided by a previous
DescribeDBParameterGroups request. If this parameter is specified, the response
Return type dict
describe_db_parameters(DBParameterGroupName, Source=None, Filters=None,
Returns the detailed parameter list for a particular DB parameter group.
Parameters
DBParameterGroupName (string) The name of a specific DB parameter group to re-
turn details for.
Constraints:
Source (string) The parameter types to return.
Default: All parameter types returned
Valid Values: user | system | engine-default
Default: 100
2.1. Services 451


DescribeDBParameters request. If this parameter is specified, the response
Return type dict
describe_db_security_groups(DBSecurityGroupName=None, Filters=None,
Returns a list of DBSecurityGroup descriptions. If a DBSecurityGroupName is specified, the list
will contain only the descriptions of the specified DB security group.
Parameters
DBSecurityGroupName (string) The name of the DB security group to return details
for.
Default: 100
Marker (string) An optional pagination token provided by a previous DescribeDBSe-
curityGroups request. If this parameter is specified, the response includes only records
beyond the marker, up to the value specified by MaxRecords .
Return type dict
describe_db_snapshots(DBInstanceIdentifier=None, DBSnapshotIdentifier=None, Snapshot-
Type=None, Filters=None, MaxRecords=None, Marker=None)
Returns information about DB snapshots. This API supports pagination.
Parameters
DBInstanceIdentifier (string) A DB instance identifier to retrieve the list of DB snap-
shots for. Cannot be used in conjunction with DBSnapshotIdentifier . This param-
eter is not case sensitive.
Constraints:
DBSnapshotIdentifier (string) A specific DB snapshot identifier to describe. Cannot be
used in conjunction with DBInstanceIdentifier . This value is stored as a lower-
case string.
Constraints:

If this is the identifier of an automated snapshot, the SnapshotType parameter must

also be specified.
SnapshotType (string) The type of snapshots that will be returned. Values can be auto-
mated or manual. If not specified, the returned results will include all snapshots types.
Default: 100
DescribeDBSnapshots request. If this parameter is specified, the response in-
cludes only records beyond the marker, up to the value specified by MaxRecords
.
Return type dict
describe_db_subnet_groups(DBSubnetGroupName=None, Filters=None, MaxRecords=None,
Marker=None)
Returns a list of DBSubnetGroup descriptions. If a DBSubnetGroupName is specified, the list will contain
only the descriptions of the specified DBSubnetGroup.
For an overview of CIDR ranges, go to the Wikipedia Tutorial .
Parameters
DBSubnetGroupName (string) The name of the DB subnet group to return details for.
Default: 100
Marker (string) An optional pagination token provided by a previous DescribeDBSub-
netGroups request. If this parameter is specified, the response includes only records be-
yond the marker, up to the value specified by MaxRecords .
Return type dict
describe_engine_default_parameters(DBParameterGroupFamily, Filters=None,
Returns the default engine and system parameter information for the specified database engine.
Parameters
DBParameterGroupFamily (string) The name of the DB parameter group family.
Filters (list) Not currently supported.
2.1. Services 453


Default: 100
DescribeEngineDefaultParameters request. If this parameter is speci-
fied, the response includes only records beyond the marker, up to the value specified by
MaxRecords .
Return type dict
describe_event_categories(SourceType=None, Filters=None)
Displays a list of categories for all event source types, or, if specified, for a specified source type. You can
see a list of the event categories and source types in the Events topic in the Amazon RDS User Guide.
Parameters
SourceType (string) The type of source that will be generating the events.
Return type dict
describe_event_subscriptions(SubscriptionName=None, Filters=None, MaxRecords=None,
Marker=None)
Lists all the subscription descriptions for a customer account. The description for a subscription includes
SubscriptionName, SNSTopicARN, CustomerID, SourceType, SourceID, CreationTime, and Status.
If you specify a SubscriptionName, lists the description for that subscription.
Parameters
want to describe.
Default: 100
Marker (string) An optional pagination token provided by a previous DescribeOrder-
ableDBInstanceOptions request. If this parameter is specified, the response includes only
records beyond the marker, up to the value specified by MaxRecords .
Return type dict
Duration=None, EventCategories=None, Filters=None, MaxRecords=None,
Marker=None)
Returns events related to DB instances, DB security groups, DB snapshots, and DB parameter groups for
the past 14 days. Events specific to a particular DB instance, DB security group, database snapshot, or DB

parameter group can be obtained by providing the name as a parameter. By default, the past hour of events
are returned.
Parameters
returned. If not specified, then all sources are included in the response.
Constraints:
If SourceIdentifier is supplied, SourceType must also be provided.
If the source type is DBInstance , then a DBInstanceIdentifier must be sup-
plied.
If the source type is DBSecurityGroup , a DBSecurityGroupName must be
supplied.
If the source type is DBParameterGroup , a DBParameterGroupName must be
supplied.
If the source type is DBSnapshot , a DBSnapshotIdentifier must be supplied.
in ISO 8601 format. For more information about ISO 8601, go to the ISO8601 Wikipedia
page.
Example: 2009-07-08T18:00Z
page.
Example: 2009-07-08T18:00Z
Duration (integer) The number of minutes to retrieve events for.
Default: 60
EventCategories (list) A list of event categories that trigger notifications for a event
notification subscription.
Default: 100
Marker (string) An optional pagination token provided by a previous DescribeEvents
request. If this parameter is specified, the response includes only records beyond the
marker, up to the value specified by MaxRecords .
Return type dict
2.1. Services 455

describe_option_group_options(EngineName, MajorEngineVersion=None, Filters=None,

Describes all available options.
Parameters
EngineName (string) A required parameter. Options available for the given Engine
name will be described.
MajorEngineVersion (string) If specified, filters the results to include only options for
the specified major engine version.
Default: 100
Return type dict
describe_option_groups(OptionGroupName=None, Filters=None, Marker=None,
MaxRecords=None, EngineName=None, MajorEngineVersion=None)
Describes the available option groups.
Parameters
OptionGroupName (string) The name of the option group to describe. Cannot be
supplied together with EngineName or MajorEngineVersion.
Marker (string) An optional pagination token provided by a previous DescribeOption-
Groups request. If this parameter is specified, the response includes only records beyond
the marker, up to the value specified by MaxRecords .
Default: 100
EngineName (string) Filters the list of option groups to only include groups associated
with a specific database engine.
MajorEngineVersion (string) Filters the list of option groups to only include groups
associated with a specific database engine version. If specified, then EngineName must
also be specified.
Return type dict

describe_orderable_db_instance_options(Engine, EngineVersion=None, DBIn-

stanceClass=None, LicenseModel=None,
Vpc=None, Filters=None, MaxRecords=None,
Marker=None)
Returns a list of orderable DB instance options for the specified engine.
Parameters
Engine (string) The name of the engine to retrieve DB instance options for.
EngineVersion (string) The engine version filter value. Specify this parameter to show
only the available offerings matching the specified engine version.
DBInstanceClass (string) The DB instance class filter value. Specify this parameter to
show only the available offerings matching the specified DB instance class.
LicenseModel (string) The license model filter value. Specify this parameter to show
only the available offerings matching the specified license model.
Vpc (boolean) The VPC filter value. Specify this parameter to show only the available
VPC or non-VPC offerings.
Default: 100
Marker (string) An optional pagination token provided by a previous DescribeOrder-
ableDBInstanceOptions request. If this parameter is specified, the response includes only
records beyond the marker, up to the value specified by MaxRecords .
Return type dict
describe_reserved_db_instances(ReservedDBInstanceId=None, ReservedDBInstancesOf-
feringId=None, DBInstanceClass=None, Duration=None,
ProductDescription=None, OfferingType=None,
MultiAZ=None, Filters=None, MaxRecords=None,
Marker=None)
Returns information about reserved DB instances for this account, or about a specified reserved DB in-
stance.
Parameters
ReservedDBInstanceId (string) The reserved DB instance identifier filter value. Spec-
ify this parameter to show only the reservation that matches the specified reservation ID.
ReservedDBInstancesOfferingId (string) The offering identifier filter value. Specify
this parameter to show only purchased reservations matching the specified offering iden-
tifier.
show only those reservations matching the specified DB instances class.
Duration (string) The duration filter value, specified in years or seconds. Specify this
parameter to show only reservations for this duration.
2.1. Services 457

Valid Values: 1 | 3 | 31536000 | 94608000

ProductDescription (string) The product description filter value. Specify this parameter
to show only those reservations matching the specified product description.
OfferingType (string) The offering type filter value. Specify this parameter to show
only the available offerings matching the specified offering type.
"Heavy Utilization"
MultiAZ (boolean) The Multi-AZ filter value. Specify this parameter to show only those
reservations matching the specified Multi-AZ parameter.
Default: 100
Return type dict
describe_reserved_db_instances_offerings(ReservedDBInstancesOfferingId=None,
DBInstanceClass=None, Duration=None,
ProductDescription=None, Offering-
Type=None, MultiAZ=None, Filters=None,
Lists available reserved DB instance offerings.
Parameters
ReservedDBInstancesOfferingId (string) The offering identifier filter value. Specify
this parameter to show only the available offering that matches the specified reservation
identifier.
show only the available offerings matching the specified DB instance class.
Duration (string) Duration filter value, specified in years or seconds. Specify this pa-
rameter to show only reservations for this duration.
Valid Values: 1 | 3 | 31536000 | 94608000
ProductDescription (string) Product description filter value. Specify this parameter to
show only the available offerings matching the specified product description.
OfferingType (string) The offering type filter value. Specify this parameter to show
only the available offerings matching the specified offering type.
"Heavy Utilization"

MultiAZ (boolean) The Multi-AZ filter value. Specify this parameter to show only the
available offerings matching the specified Multi-AZ parameter.
Default: 100
Return type dict
download_db_log_file_portion(DBInstanceIdentifier, LogFileName, Marker=None, Num-
berOfLines=None)
Downloads all or a portion of the specified log file.
Parameters
DBInstanceIdentifier (string) The customer-assigned name of the DB instance that
contains the log files you want to list.
Constraints:
LogFileName (string) The name of the log file to be downloaded.
Marker (string) The pagination token provided in the previous request or 0. If the
Marker parameter is specified the response includes only records beyond the marker until
the end of the file or up to NumberOfLines.
NumberOfLines (integer) The number of lines to download.
If the NumberOfLines parameter is specified, then the block of lines returned can be from
the beginning or the end of the log file, depending on the value of the Marker parameter.
If neither Marker or NumberOfLines are specified, the entire log file is returned.
If NumberOfLines is specified and Marker is not specified, then the most recent lines
from the end of the log file are returned.
If Marker is specified as 0, then the specified number of lines from the beginning of
the log file are returned.
You can download the log file in blocks of lines by specifying the size of the block
using the NumberOfLines parameter, and by specifying a value of 0 for the Marker
parameter in your first request. Include the Marker value returned in the response as the
Marker value for the next request, continuing until the AdditionalDataPending response
element returns false.
Return type dict
2.1. Services 459

get_waiter(name)
db_instance_available
db_instance_deleted
list_tags_for_resource(ResourceName, Filters=None)
Lists all tags on an Amazon RDS resource.
For an overview on tagging an Amazon RDS resource, see Tagging Amazon RDS Resources .
Parameters
ResourceName (string) The Amazon RDS resource with tags to be listed. This value
is an Amazon Resource Name (ARN). For information about creating an ARN, see Con-
structing an RDS Amazon Resource Name (ARN) .
Return type dict
modify_db_instance(DBInstanceIdentifier, AllocatedStorage=None, DBInstanceClass=None,
DBSecurityGroups=None, VpcSecurityGroupIds=None, ApplyImmedi-
ately=None, MasterUserPassword=None, DBParameterGroupName=None,
BackupRetentionPeriod=None, PreferredBackupWindow=None, Pre-
ferredMaintenanceWindow=None, MultiAZ=None, EngineVersion=None,
AllowMajorVersionUpgrade=None, AutoMinorVersionUpgrade=None,
Iops=None, OptionGroupName=None, NewDBInstanceIdentifier=None,
StorageType=None, TdeCredentialArn=None, TdeCredentialPass-
word=None)
Modify settings for a DB instance. You can change one or more database configuration parameters by
specifying these parameters and the new values in the request.
Parameters
DBInstanceIdentifier (string) The DB instance identifier. This value is stored as a
lowercase string.
Constraints:
Must be the identifier for an existing DB instance
AllocatedStorage (integer) The new storage capacity of the RDS instance. Changing
this setting does not result in an outage and the change is applied during the next mainte-
nance window unless ApplyImmediately is set to true for this request.
MySQL
Default: Uses existing setting
Constraints: Value supplied must be at least 10% greater than the current value. Values
that are not at least 10% greater than the existing value are rounded up so that they are
10% greater than the current value.
Type: Integer
PostgreSQL


Type: Integer
Oracle
SQL Server
Cannot be modified.
If you choose to migrate your DB instance from using standard storage to using Provi-
sioned IOPS, or from using Provisioned IOPS to using standard storage, the process can
take time. The duration of the migration depends on several factors such as database load,
storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if
any), and the number of prior scale storage operations. Typical migration times are under
24 hours, but the process can take up to several days in some cases. During the migration,
the DB instance will be available for use, but may experience performance degradation.
While the migration takes place, nightly backups for the instance will be suspended. No
other Amazon RDS operations can take place for the instance, including modifying the
instance, rebooting the instance, deleting the instance, creating a read replica for the in-
stance, and creating a DB snapshot of the instance.
DBInstanceClass (string) The new compute and memory capacity of the DB instance.
To determine the instance classes that are available for a particular DB engine, use the
DescribeOrderableDBInstanceOptions action.
Passing a value for this setting causes an outage during the change and is applied during
the next maintenance window, unless ApplyImmediately is specified as true for this
request.
db.m1.large | db.m1.xlarge | db.m2.xlarge | db.m2.2xlarge |
db.m2.4xlarge | db.m3.medium | db.m3.large | db.m3.xlarge |
db.m3.2xlarge | db.r3.large | db.r3.xlarge | db.r3.2xlarge
| db.r3.4xlarge | db.r3.8xlarge | db.t2.micro | db.t2.small
| db.t2.medium
DBSecurityGroups (list) A list of DB security groups to authorize on this DB instance.
Changing this setting does not result in an outage and the change is asynchronously applied
as soon as possible.
Constraints:
2.1. Services 461


VpcSecurityGroupIds (list) A list of EC2 VPC security groups to authorize on this DB
instance. This change is asynchronously applied as soon as possible.
Constraints:
ApplyImmediately (boolean) Specifies whether the modifications in this request and
any pending modifications are asynchronously applied as soon as possible, regardless of
the PreferredMaintenanceWindow setting for the DB instance.
If this parameter is set to false , changes to the DB instance are applied during the
next maintenance window. Some parameter changes can cause an outage and will be
applied on the next call to RebootDBInstance , or the next failure reboot. Review the table
of parameters in Modifying a DB Instance and Using the Apply Immediately Parameter
to see the impact that setting ApplyImmediately to true or false has for each
modified parameter and to determine when the changes will be applied.
Default: false
MasterUserPassword (string) The new password for the DB instance master user. Can
be any printable ASCII character except /, , or @.
Changing this parameter does not result in an outage and the change is asynchronously
applied as soon as possible. Between the time of the request and the completion of the re-
quest, the MasterUserPassword element exists in the PendingModifiedValues
element of the operation response.
Constraints: Must be 8 to 41 alphanumeric characters (MySQL), 8 to 30 alphanumeric
characters (Oracle), or 8 to 128 alphanumeric characters (SQL Server).
DBParameterGroupName (string) The name of the DB parameter group to apply to the
DB instance. Changing this setting does not result in an outage. The parameter group name
itself is changed immediately, but the actual parameter changes are not applied until you
reboot the instance without failover. The db instance will NOT be rebooted automatically
and the parameter changes will NOT be applied during the next maintenance window.
Constraints: The DB parameter group must be in the same DB parameter group family as
this DB instance.
BackupRetentionPeriod (integer) The number of days to retain automated backups.
Setting this parameter to a positive number enables backups. Setting this parameter to 0
disables automated backups.
Changing this parameter can result in an outage if you change from 0 to a non-zero value
or from a non-zero value to 0. These changes are applied during the next maintenance
window unless the ApplyImmediately parameter is set to true for this request. If
you change the parameter from one non-zero value to another non-zero value, the change
is asynchronously applied as soon as possible.
Constraints:


Can be specified for a read replica only if the source is running MySQL 5.6
Cannot be set to 0 if the DB instance is a source to read replicas
PreferredBackupWindow (string) The daily time range during which automated
backups are created if automated backups are enabled, as determined by the
BackupRetentionPeriod . Changing this parameter does not result in an outage
and the change is asynchronously applied as soon as possible.
Constraints:
Must be in the format hh24:mi-hh24:mi
Times should be Universal Time Coordinated (UTC)
Must not conflict with the preferred maintenance window
Must be at least 30 minutes
system maintenance can occur, which may result in an outage. Changing this parameter
does not result in an outage, except in the following situation, and the change is asyn-
chronously applied as soon as possible. If there are pending actions that cause a reboot,
and the maintenance window is changed to include the current time, then changing this
parameter will cause a reboot of the DB instance. If moving this window to the current
time, there must be at least 30 minutes between the current time and end of the window to
ensure pending changes are applied.
Valid Days: Mon | Tue | Wed | Thu | Fri | Sat | Sun
Constraints: Must be at least 30 minutes
MultiAZ (boolean) Specifies if the DB instance is a Multi-AZ deployment. Chang-
ing this parameter does not result in an outage and the change is applied during the next
maintenance window unless the ApplyImmediately parameter is set to true for this
request.
Constraints: Cannot be specified if the DB instance is a read replica.
EngineVersion (string) The version number of the database engine to upgrade to.
Changing this parameter results in an outage and the change is applied during the next
maintenance window unless the ApplyImmediately parameter is set to true for this
request.
For major version upgrades, if a non-default DB parameter group is currently in use, a new
DB parameter group in the DB parameter group family for the new engine version must
be specified. The new DB parameter group can be the default for that DB parameter group
family.
Example: 5.1.42
AllowMajorVersionUpgrade (boolean) Indicates that major version upgrades are al-
lowed. Changing this parameter does not result in an outage and the change is asyn-
chronously applied as soon as possible.
Constraints: This parameter must be set to true when specifying a value for the EngineV-
ersion parameter that is a different major version than the DB instances current version.
2.1. Services 463

AutoMinorVersionUpgrade (boolean) Indicates that minor version upgrades will be

applied automatically to the DB instance during the maintenance window. Changing this
parameter does not result in an outage except in the following case and the change is
asynchronously applied as soon as possible. An outage will result if this parameter is set
to true during the maintenance window, and a newer minor version is available, and RDS
has enabled auto patching for that engine version.
Iops (integer) The new Provisioned IOPS (I/O operations per second) value for the RDS
instance. Changing this setting does not result in an outage and the change is applied
during the next maintenance window unless the ApplyImmediately parameter is set
to true for this request.
Constraints: Value supplied must be at least 10% greater than the current value. Values that
are not at least 10% greater than the existing value are rounded up so that they are 10%
greater than the current value. If you are migrating from Provisioned IOPS to standard
storage, set this value to 0. The DB instance will require a reboot for the change in storage
type to take effect.
SQL Server
Setting the IOPS value for the SQL Server database engine is not supported.
Type: Integer
If you choose to migrate your DB instance from using standard storage to using Provi-
sioned IOPS, or from using Provisioned IOPS to using standard storage, the process can
take time. The duration of the migration depends on several factors such as database load,
storage size, storage type (standard or Provisioned IOPS), amount of IOPS provisioned (if
any), and the number of prior scale storage operations. Typical migration times are under
24 hours, but the process can take up to several days in some cases. During the migration,
the DB instance will be available for use, but may experience performance degradation.
While the migration takes place, nightly backups for the instance will be suspended. No
other Amazon RDS operations can take place for the instance, including modifying the
instance, rebooting the instance, deleting the instance, creating a read replica for the in-
stance, and creating a DB snapshot of the instance.
OptionGroupName (string) Indicates that the DB instance should be associated with
the specified option group. Changing this parameter does not result in an outage except in
the following case and the change is applied during the next maintenance window unless
the ApplyImmediately parameter is set to true for this request. If the parameter
change results in an option group that enables OEM, this change can cause a brief (sub-
second) period during which new connections are rejected but existing connections are not
interrupted.
NewDBInstanceIdentifier (string) The new DB instance identifier for the DB instance
when renaming a DB instance. When you change the DB instance identifier, an instance
reboot will occur immediately if you set Apply Immediately to true, or will occur
during the next maintenance window if Apply Immediately to false. This value is
Constraints:


Return type dict
modify_db_parameter_group(DBParameterGroupName, Parameters)
Modifies the parameters of a DB parameter group. To modify more than one parameter, submit a list
of the following: ParameterName , ParameterValue , and ApplyMethod . A maximum of 20
parameters can be modified in a single request.
Warning: After you modify a DB parameter group, you should wait at least 5 minutes before creating
your first DB instance that uses that DB parameter group as the default parameter group. This allows
Amazon RDS to fully complete the modify action before the parameter group is used as the default
for a new DB instance. This is especially important for parameters that are critical when creating the
default database for a DB instance, such as the character set for the default database defined by the
character_set_database parameter. You can use the Parameter Groups option of the Amazon
RDS console or the DescribeDBParameters command to verify that your DB parameter group has been
created or modified.
Parameters
Constraints:
Must be the name of an existing DB parameter group
Parameters (list) An array of parameter names, values, and the apply method for the
parameter update. At least one parameter name, value, and apply method must be supplied;
subsequent arguments are optional. A maximum of 20 parameters may be modified in a
single request.
Valid Values (for the application method): immediate | pending-reboot
Return type dict
modify_db_subnet_group(DBSubnetGroupName, SubnetIds, DBSubnetGroupDescrip-
tion=None)
Modifies an existing DB subnet group. DB subnet groups must contain at least one subnet in at least two
AZs in the region.
Parameters
DBSubnetGroupName (string) The name for the DB subnet group. This value is stored
2.1. Services 465

Constraints: Must contain no more than 255 alphanumeric characters or hyphens. Must
not be Default.
Example: mySubnetgroup
DBSubnetGroupDescription (string) The description for the DB subnet group.
SubnetIds (list) The EC2 subnet IDs for the DB subnet group.
Return type dict
modify_event_subscription(SubscriptionName, SnsTopicArn=None, SourceType=None, Event-
Categories=None, Enabled=None)
Modifies an existing RDS event notification subscription. Note that you cannot modify the source iden-
tifiers using this call; to change source identifiers for a subscription, use the AddSourceIdentifierToSub-
scription and RemoveSourceIdentifierFromSubscription calls.
You can see a list of the event categories for a given SourceType in the Events topic in the Amazon RDS
User Guide or by using the DescribeEventCategories action.
Parameters
SubscriptionName (string) The name of the RDS event notification subscription.
SnsTopicArn (string) The Amazon Resource Name (ARN) of the SNS topic created
for event notification. The ARN is created by Amazon SNS when you create a topic and
subscribe to it.
SourceType (string) The type of source that will be generating the events. For exam-
ple, if you want to be notified of events generated by a DB instance, you would set this
parameter to db-instance. if this value is not specified, all events are returned.
EventCategories (list) A list of event categories for a SourceType that you want to
subscribe to. You can see a list of the categories for a given SourceType in the Events
topic in the Amazon RDS User Guide or by using the DescribeEventCategories action.
Enabled (boolean) A Boolean value; set to true to activate the subscription.
Return type dict
modify_option_group(OptionGroupName, OptionsToInclude=None, OptionsToRemove=None,
ApplyImmediately=None)
Modifies an existing option group.
Parameters
OptionGroupName (string) The name of the option group to be modified.
OptionsToInclude (list) Options in this list are added to the option group or, if already
present, the specified configuration is used to update the existing configuration.
OptionsToRemove (list) Options in this list are removed from the option group.
ApplyImmediately (boolean) Indicates whether the changes should be applied immedi-
ately, or during the next maintenance window for each instance associated with the option
group.
Return type dict

promote_read_replica(DBInstanceIdentifier, BackupRetentionPeriod=None, PreferredBackup-

Window=None)
Promotes a read replica DB instance to a standalone DB instance.
Parameters
DBInstanceIdentifier (string) The DB instance identifier. This value is stored as a
lowercase string.
Constraints:
Must be the identifier for an existing read replica DB instance
Example: mydbinstance
BackupRetentionPeriod (integer) The number of days to retain automated backups.
Setting this parameter to a positive number enables backups. Setting this parameter to 0
disables automated backups.
Default: 1
Constraints:
PreferredBackupWindow (string) The daily time range during which au-
tomated backups are created if automated backups are enabled, using the
BackupRetentionPeriod parameter.
Default: A 30-minute window selected at random from an 8-hour block of time per region.
See the Amazon RDS User Guide for the time blocks for each region from which the
default backup windows are assigned.
Constraints: Must be in the format hh24:mi-hh24:mi . Times should be Universal
Time Coordinated (UTC). Must not conflict with the preferred maintenance window. Must
be at least 30 minutes.
Return type dict
purchase_reserved_db_instances_offering(ReservedDBInstancesOfferingId, Re-
servedDBInstanceId=None, DBInstance-
Count=None, Tags=None)
Purchases a reserved DB instance offering.
Parameters
ReservedDBInstancesOfferingId (string) The ID of the Reserved DB instance offering
to purchase.
ReservedDBInstanceId (string) Customer-specified identifier to track this reservation.
Example: myreservationID
DBInstanceCount (integer) The number of instances to reserve.
Default: 1
2.1. Services 467

Return type dict

reboot_db_instance(DBInstanceIdentifier, ForceFailover=None)
Rebooting a DB instance restarts the database engine service. A reboot also applies to the DB instance any
modifications to the associated DB parameter group that were pending. Rebooting a DB instance results
in a momentary outage of the instance, during which the DB instance status is set to rebooting. If the RDS
instance is configured for MultiAZ, it is possible that the reboot will be conducted through a failover. An
Amazon RDS event is created when the reboot is completed.
If your DB instance is deployed in multiple Availability Zones, you can force a failover from one AZ to the
other during the reboot. You might force a failover to test the availability of your DB instance deployment
or to restore operations to the original AZ after a failover occurs.
The time required to reboot is a function of the specific database engines crash recovery process. To
improve the reboot time, we recommend that you reduce database activities as much as possible during the
reboot process to reduce rollback activity for in-transit transactions.
Parameters
DBInstanceIdentifier (string) The DB instance identifier. This parameter is stored as a
lowercase string.
Constraints:
ForceFailover (boolean) When true , the reboot will be conducted through a MultiAZ
failover.
Constraint: You cannot specify true if the instance is not configured for MultiAZ.
Return type dict
remove_source_identifier_from_subscription(SubscriptionName, SourceIdentifier)
Removes a source identifier from an existing RDS event notification subscription.
Parameters
want to remove a source identifier from.
SourceIdentifier (string) The source identifier to be removed from the subscription,
such as the DB instance identifier for a DB instance or the name of a security group.
Return type dict
remove_tags_from_resource(ResourceName, TagKeys)
Removes metadata tags from an Amazon RDS resource.
For an overview on tagging an Amazon RDS resource, see Tagging Amazon RDS Resources .
Parameters
ResourceName (string) The Amazon RDS resource the tags will be removed from. This
value is an Amazon Resource Name (ARN). For information about creating an ARN, see
Constructing an RDS Amazon Resource Name (ARN) .
TagKeys (list) The tag key (name) of the tag to be removed.
Return type dict

reset_db_parameter_group(DBParameterGroupName, ResetAllParameters=None, Parame-

ters=None)
Modifies the parameters of a DB parameter group to the engine/system default value. To reset specific
parameters submit a list of the following: ParameterName and ApplyMethod . To reset the entire DB
parameter group, specify the DBParameterGroup name and ResetAllParameters parameters.
When resetting the entire group, dynamic parameters are updated immediately and static parameters are set
to pending-reboot to take effect on the next DB instance restart or RebootDBInstance request.
Parameters
Constraints:
ResetAllParameters (boolean) Specifies whether (true ) or not (false ) to reset all
parameters in the DB parameter group to default values.
Default: true
Parameters (list) An array of parameter names, values, and the apply method for the
parameter update. At least one parameter name, value, and apply method must be supplied;
subsequent arguments are optional. A maximum of 20 parameters may be modified in a
single request.
MySQL
Valid Values (for Apply method): immediate | pending-reboot
You can use the immediate value with dynamic parameters only. You can use the
pending-reboot value for both dynamic and static parameters, and changes are ap-
plied when DB instance reboots.
Oracle
Valid Values (for Apply method): pending-reboot
Return type dict
restore_db_instance_from_db_snapshot(DBInstanceIdentifier, DBSnapshotIdentifier,
DBInstanceClass=None, Port=None, Availability-
Zone=None, DBSubnetGroupName=None, Mul-
tiAZ=None, PubliclyAccessible=None, AutoMi-
norVersionUpgrade=None, LicenseModel=None,
DBName=None, Engine=None, Iops=None,
OptionGroupName=None, Tags=None, Stor-
ageType=None, TdeCredentialArn=None, Tde-
CredentialPassword=None)
Creates a new DB instance from a DB snapshot. The target database is created from the source database
restore point with the same configuration as the original source database, except that the new RDS instance
is created with the default security group.
Parameters
DBInstanceIdentifier (string) Name of the DB instance to create from the DB snapshot.
This parameter isnt case sensitive.
Constraints:
2.1. Services 469


DBSnapshotIdentifier (string) The identifier for the DB snapshot to restore from.
Constraints:
DBInstanceClass (string) The compute and memory capacity of the Amazon RDS DB
instance.
db.m1.large | db.m1.xlarge | db.m2.2xlarge | db.m2.4xlarge
| db.t2.medium
Default: The same port as the original DB instance
Constraints: Value must be 1150-65535
created in.
Default: A random, system-chosen Availability Zone.
Constraint: You cannot specify the AvailabilityZone parameter if the MultiAZ parameter
is set to true .
Example: us-east-1a
DBSubnetGroupName (string) The DB subnet group name to use for the new instance.
MultiAZ (boolean) Specifies if the DB instance is a Multi-AZ deployment.
is set to true .
Default VPC: true
VPC: false

LicenseModel (string) License model information for the restored DB instance.
Default: Same as source.
DBName (string) The database name for the restored DB instance.
Engine (string) The database engine to use for the new instance.
Default: The same as source
Constraint: Must be compatible with the engine of the source
Example: oracle-ee
Iops (integer) Specifies the amount of provisioned IOPS for the DB instance, expressed
in I/O operations per second. If this parameter is not specified, the IOPS value will be
taken from the backup. If this parameter is set to 0, the new instance will be converted to
a non-PIOPS instance, which will take additional time, though your DB instance will be
available for connections before the conversion starts.
Constraints: Must be an integer greater than 1000.
SQL Server
OptionGroupName (string) The name of the option group to be used for the restored
DB instance.
Return type dict
2.1. Services 471

restore_db_instance_to_point_in_time(SourceDBInstanceIdentifier, TargetDBIn-
stanceIdentifier, RestoreTime=None, Use-
LatestRestorableTime=None, DBInstance-
Class=None, Port=None, AvailabilityZone=None,
DBSubnetGroupName=None, MultiAZ=None,
PubliclyAccessible=None, AutoMinorVer-
sionUpgrade=None, LicenseModel=None,
DBName=None, Engine=None, Iops=None,
OptionGroupName=None, Tags=None, Stor-
ageType=None, TdeCredentialArn=None, Tde-
CredentialPassword=None)
Restores a DB instance to an arbitrary point-in-time. Users can restore to any point in time before the
latestRestorableTime for up to backupRetentionPeriod days. The target database is created from the source
database with the same configuration as the original database except that the DB instance is created with
the default DB security group.
Parameters
SourceDBInstanceIdentifier (string) The identifier of the source DB instance from
which to restore.
Constraints:
Must be the identifier of an existing database instance
TargetDBInstanceIdentifier (string) The name of the new database instance to be cre-
ated.
Constraints:
RestoreTime (datetime) The date and time to restore from.
Valid Values: Value must be a UTC time
Constraints:
Must be before the latest restorable time for the DB instance
Cannot be specified if UseLatestRestorableTime parameter is true
Example: 2009-09-07T23:45:00Z
UseLatestRestorableTime (boolean) Specifies whether (true ) or not (false ) the
DB instance is restored from the latest backup time.
Default: false
Constraints: Cannot be specified if RestoreTime parameter is provided.
DBInstanceClass (string) The compute and memory capacity of the Amazon RDS DB
instance.
db.m1.large | db.m1.xlarge | db.m2.2xlarge | db.m2.4xlarge


| db.t2.medium
Default: The same DBInstanceClass as the original DB instance.
Constraints: Value must be 1150-65535
Default: The same port as the original DB instance.
created in.
is set to true.
Example: us-east-1a
DBSubnetGroupName (string) The DB subnet group name to use for the new instance.
MultiAZ (boolean) Specifies if the DB instance is a Multi-AZ deployment.
is set to true .
Default VPC: true
VPC: false
LicenseModel (string) License model information for the restored DB instance.
Default: Same as source.
DBName (string) The database name for the restored DB instance.
Engine (string) The database engine to use for the new instance.
Default: The same as source
Constraint: Must be compatible with the engine of the source
Example: oracle-ee
2.1. Services 473

Constraints: Must be an integer greater than 1000.
SQL Server
OptionGroupName (string) The name of the option group to be used for the restored
DB instance.
Return type dict
revoke_db_security_group_ingress(DBSecurityGroupName, CIDRIP=None,
EC2SecurityGroupId=None,
Revokes ingress from a DBSecurityGroup for previously authorized IP ranges or EC2 or VPC Secu-
rity Groups. Required parameters for this API are one of CIDRIP, EC2SecurityGroupId for VPC, or
(EC2SecurityGroupOwnerId and either EC2SecurityGroupName or EC2SecurityGroupId).
Parameters
DBSecurityGroupName (string) The name of the DB security group to revoke ingress
from.
CIDRIP (string) The IP range to revoke access from. Must be a valid CIDR range.
If CIDRIP is specified, EC2SecurityGroupName , EC2SecurityGroupId and
EC2SecurityGroupOwnerId cannot be provided.
EC2SecurityGroupName (string) The name of the EC2 security group to revoke
access from. For VPC DB security groups, EC2SecurityGroupId must be pro-
vided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName
or EC2SecurityGroupId must be provided.
EC2SecurityGroupId (string) The id of the EC2 security group to revoke ac-
cess from. For VPC DB security groups, EC2SecurityGroupId must be pro-
vided. Otherwise, EC2SecurityGroupOwnerId and either EC2SecurityGroupName
or EC2SecurityGroupId must be provided.
EC2SecurityGroupOwnerId (string) The AWS Account Number of the owner of
the EC2 security group specified in the EC2SecurityGroupName parameter. The
AWS Access Key ID is not an acceptable value. For VPC DB security groups,
EC2SecurityGroupId must be provided. Otherwise, EC2SecurityGroupOwnerId and
either EC2SecurityGroupName or EC2SecurityGroupId must be provided.

Return type dict
2.1.29 Amazon Redshift
Table of Contents
Amazon Redshift
Client
Client
class redshift.Client
A low-level client representing Amazon Redshift:
import boto3
redshift = boto3.client(redshift)
authorize_cluster_security_group_ingress(ClusterSecurityGroupName,
CIDRIP=None,
Adds an inbound (ingress) rule to an Amazon Redshift security group. Depending on whether the applica-
tion accessing your cluster is running on the Internet or an EC2 instance, you can authorize inbound access
to either a Classless Interdomain Routing (CIDR) IP address range or an EC2 security group. You can add
as many as 20 ingress rules to an Amazon Redshift security group.
Note: The EC2 security group must be defined in the AWS region where the cluster resides.
For an overview of CIDR blocks, see the Wikipedia article on Classless Inter-Domain Routing .
You must also associate the security group with a cluster so that clients running on these IP addresses or
the EC2 instance are authorized to connect to the cluster. For information about managing security groups,
go to Working with Security Groups in the Amazon Redshift Cluster Management Guide .
Parameters
ClusterSecurityGroupName (string) The name of the security group to which the
ingress rule is added.
CIDRIP (string) The IP range to be added the Amazon Redshift security group.
EC2SecurityGroupName (string) The EC2 security group to be added the Amazon
Redshift security group.
EC2SecurityGroupOwnerId (string) The AWS account number of the owner of the
security group specified by the EC2SecurityGroupName parameter. The AWS Access
Key ID is not an acceptable value.
Example: 111122223333
Return type dict
authorize_snapshot_access(SnapshotIdentifier, AccountWithRestoreAccess, SnapshotClusterI-
dentifier=None)
Authorizes the specified AWS customer account to restore the specified snapshot.
2.1. Services 475

For more information about working with snapshots, go to Amazon Redshift Snapshots in the Amazon
Redshift Cluster Management Guide .
Parameters
SnapshotIdentifier (string) The identifier of the snapshot the account is authorized to
restore.
SnapshotClusterIdentifier (string) The identifier of the cluster the snapshot was created
from. This parameter is required if your IAM user has a policy containing a snapshot
resource element that specifies anything other than * for the cluster name.
AccountWithRestoreAccess (string) The identifier of the AWS customer account au-
thorized to restore the specified snapshot.
Return type dict
copy_cluster_snapshot(SourceSnapshotIdentifier, TargetSnapshotIdentifier, SourceSnapshot-
ClusterIdentifier=None)
Copies the specified automated cluster snapshot to a new manual cluster snapshot. The source must be an
automated snapshot and it must be in the available state.
When you delete a cluster, Amazon Redshift deletes any automated snapshots of the cluster. Also, when
the retention period of the snapshot expires, Amazon Redshift automatically deletes it. If you want to
keep an automated snapshot for a longer period, you can make a manual copy of the snapshot. Manual
snapshots are retained until you delete them.
Parameters
SourceSnapshotIdentifier (string) The identifier for the source snapshot.
Constraints:
Must be the identifier for a valid automated snapshot whose state is available .
SourceSnapshotClusterIdentifier (string) The identifier of the cluster the source snap-
shot was created from. This parameter is required if your IAM user has a policy containing
a snapshot resource element that specifies anything other than * for the cluster name.
Constraints:
Must be the identifier for a valid cluster.
TargetSnapshotIdentifier (string) The identifier given to the new manual snapshot.
Constraints:
Cannot be null, empty, or blank.
Must contain from 1 to 255 alphanumeric characters or hyphens.
Must be unique for the AWS account that is making the request.
Return type dict

create_cluster(ClusterIdentifier, NodeType, MasterUsername, MasterUserPassword, DB-

Name=None, ClusterType=None, ClusterSecurityGroups=None, VpcSecuri-
tyGroupIds=None, ClusterSubnetGroupName=None, AvailabilityZone=None,
PreferredMaintenanceWindow=None, ClusterParameterGroupName=None,
AutomatedSnapshotRetentionPeriod=None, Port=None, ClusterVersion=None,
AllowVersionUpgrade=None, NumberOfNodes=None, PubliclyAccessible=None,
Encrypted=None, HsmClientCertificateIdentifier=None, HsmConfigurationIdenti-
fier=None, ElasticIp=None, Tags=None, KmsKeyId=None)
Creates a new cluster. To create the cluster in virtual private cloud (VPC), you must provide cluster subnet
group name. If you dont provide a cluster subnet group name or the cluster security group parameter,
Amazon Redshift creates a non-VPC cluster, it associates the default cluster security group with the cluster.
For more information about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift
Cluster Management Guide .
Parameters
DBName (string) The name of the first database to be created when the cluster is created.
To create additional databases after the cluster is created, connect to the cluster with a SQL
client and use SQL commands to create a database. For more information, go to Create a
Database in the Amazon Redshift Database Developer Guide.
Default: dev
Constraints:
Must contain 1 to 64 alphanumeric characters.
Must contain only lowercase letters.
Cannot be a word that is reserved by the service. A list of reserved words can be found
in Reserved Words in the Amazon Redshift Database Developer Guide.
ClusterIdentifier (string) A unique identifier for the cluster. You use this identifier to
refer to the cluster for any subsequent cluster operations such as deleting or modifying.
The identifier also appears in the Amazon Redshift console.
Constraints:
Alphabetic characters must be lowercase.
Must be unique for all clusters within an AWS account.
Example: myexamplecluster
ClusterType (string) The type of the cluster. When cluster type is specified as
single-node , the NumberOfNodes parameter is not required.
multi-node , the NumberOfNodes parameter is required.
Valid Values: multi-node | single-node
Default: multi-node
NodeType (string) The node type to be provisioned for the cluster. For information about
node types, go to Working with Clusters in the Amazon Redshift Cluster Management
Guide .
Valid Values: dw1.xlarge | dw1.8xlarge | dw2.large | dw2.8xlarge .
2.1. Services 477

MasterUsername (string) The user name associated with the master user account for
the cluster that is being created.
Constraints:
Must be 1 - 128 alphanumeric characters.
Cannot be a reserved word. A list of reserved words can be found in Reserved Words in
the Amazon Redshift Database Developer Guide.
MasterUserPassword (string) The password associated with the master user account
for the cluster that is being created.
Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33 to 126) except (single quote),
(double quote), , /, @, or space.
ClusterSecurityGroups (list) A list of security groups to be associated with this cluster.
Default: The default cluster security group for Amazon Redshift.
VpcSecurityGroupIds (list) A list of Virtual Private Cloud (VPC) security groups to be
associated with the cluster.
Default: The default VPC security group is associated with the cluster.
ClusterSubnetGroupName (string) The name of a cluster subnet group to be associated
with this cluster.
If this parameter is not provided the resulting cluster will be deployed outside virtual
private cloud (VPC).
AvailabilityZone (string) The EC2 Availability Zone (AZ) in which you want Amazon
Redshift to provision the cluster. For example, if you have several EC2 instances running
in a specific Availability Zone, then you might want the cluster to be provisioned in the
same zone in order to decrease network latency.
Default: A random, system-chosen Availability Zone in the region that is specified by the
endpoint.
Example: us-east-1d
Constraint: The specified Availability Zone must be in the same region as the current
endpoint.
automated cluster maintenance can occur.
Default: A 30-minute window selected at random from an 8-hour block of time per region,
occurring on a random day of the week. For more information about the time blocks for
each region, see Maintenance Windows in Amazon Redshift Cluster Management Guide.


ClusterParameterGroupName (string) The name of the parameter group to be associ-
ated with this cluster.
Default: The default Amazon Redshift cluster parameter group. For information about the
default parameter group, go to Working with Amazon Redshift Parameter Groups
Constraints:
Must be 1 to 255 alphanumeric characters or hyphens.
AutomatedSnapshotRetentionPeriod (integer) The number of days that automated
snapshots are retained. If the value is 0, automated snapshots are disabled. Even if au-
tomated snapshots are disabled, you can still create manual snapshots when you want with
CreateClusterSnapshot .
Default: 1
Constraints: Must be a value from 0 to 35.
Port (integer) The port number on which the cluster accepts incoming connections.
The cluster is accessible only via the JDBC and ODBC connection strings. Part of the con-
nection string requires the port on which the cluster will listen for incoming connections.
Default: 5439
ClusterVersion (string) The version of the Amazon Redshift engine software that you
want to deploy on the cluster.
The version selected runs on all the nodes in the cluster.
Constraints: Only version 1.0 is currently available.
Example: 1.0
AllowVersionUpgrade (boolean) If true , major version upgrades can be applied dur-
ing the maintenance window to the Amazon Redshift engine that is running on the cluster.
When a new major version of the Amazon Redshift engine is released, you can request that
the service automatically apply upgrades during the maintenance window to the Amazon
Redshift engine that is running on your cluster.
Default: true
NumberOfNodes (integer) The number of compute nodes in the cluster. This parameter
is required when the ClusterType parameter is specified as multi-node .
For information about determining how many nodes you need, go to Working with Clusters
in the Amazon Redshift Cluster Management Guide .
If you dont specify this parameter, you get a single-node cluster. When requesting a
multi-node cluster, you must specify the number of nodes that you want in the cluster.
Default: 1
Constraints: Value must be at least 1 and no more than 100.
PubliclyAccessible (boolean) If true , the cluster can be accessed from a public net-
work.
2.1. Services 479

Encrypted (boolean) If true , the data in the cluster is encrypted at rest.

Default: false
HsmClientCertificateIdentifier (string) Specifies the name of the HSM client certifi-
cate the Amazon Redshift cluster uses to retrieve the data encryption keys stored in an
HSM.
HsmConfigurationIdentifier (string) Specifies the name of the HSM configuration that
contains the information the Amazon Redshift cluster can use to retrieve and store keys in
an HSM.
ElasticIp (string) The Elastic IP (EIP) address for the cluster.
Constraints: The cluster must be provisioned in EC2-VPC and publicly-accessible through
an Internet gateway. For more information about provisioning clusters in EC2-VPC, go to
Supported Platforms to Launch Your Cluster in the Amazon Redshift Cluster Management
Guide.
Tags (list) A list of tag instances.
KmsKeyId (string) The AWS Key Management Service (KMS) key ID of the encryption
key that you want to use to encrypt data in the cluster.
Return type dict
create_cluster_parameter_group(ParameterGroupName, ParameterGroupFamily, Descrip-
tion, Tags=None)
Creates an Amazon Redshift parameter group.
Creating parameter groups is independent of creating clusters. You can associate a cluster with a parameter
group when you create the cluster. You can also associate an existing cluster with a parameter group after
the cluster is created by using ModifyCluster .
Parameters in the parameter group define specific behavior that applies to the databases you create on
the cluster. For more information about managing parameter groups, go to Amazon Redshift Parameter
Groups in the Amazon Redshift Cluster Management Guide .
Parameters
ParameterGroupName (string) The name of the cluster parameter group.
Constraints:
Must be unique withing your AWS account.
Note: This value is stored as a lower-case string.
ParameterGroupFamily (string) The Amazon Redshift engine version to which the

cluster parameter group applies. The cluster engine version determines the set of parame-
ters.
To get a list of valid parameter group family names, you can call DescribeClusterParam-
eterGroups . By default, Amazon Redshift returns a list of all the parameter groups that
are owned by your AWS account, including the default parameter groups for each Ama-
zon Redshift engine version. The parameter group family names associated with the de-

fault parameter groups provide you the valid values. For example, a valid family name is
redshift-1.0.
Description (string) A description of the parameter group.
Return type dict
create_cluster_security_group(ClusterSecurityGroupName, Description, Tags=None)
Creates a new Amazon Redshift security group. You use security groups to control access to non-VPC
clusters.
For information about managing security groups, go to Amazon Redshift Cluster Security Groups in the
Amazon Redshift Cluster Management Guide .
Parameters
ClusterSecurityGroupName (string) The name for the security group. Amazon Red-
shift stores the value as a lowercase string.
Constraints:
Must contain no more than 255 alphanumeric characters or hyphens.
Must not be Default.
Must be unique for all security groups that are created by your AWS account.
Example: examplesecuritygroup
Description (string) A description for the security group.
Return type dict
create_cluster_snapshot(SnapshotIdentifier, ClusterIdentifier, Tags=None)
Creates a manual snapshot of the specified cluster. The cluster must be in the available state.
Parameters
SnapshotIdentifier (string) A unique identifier for the snapshot that you are requesting.
This identifier must be unique for all snapshots within the AWS account.
Constraints:
ClusterIdentifier (string) The cluster identifier for which you want a snapshot.
Return type dict
2.1. Services 481

create_cluster_subnet_group(ClusterSubnetGroupName, Description, SubnetIds,

Tags=None)
Creates a new Amazon Redshift subnet group. You must provide a list of one or more subnets in your
existing Amazon Virtual Private Cloud (Amazon VPC) when creating Amazon Redshift subnet group.
For information about subnet groups, go to Amazon Redshift Cluster Subnet Groups in the Amazon Red-
shift Cluster Management Guide .
Parameters
ClusterSubnetGroupName (string) The name for the subnet group. Amazon Redshift
stores the value as a lowercase string.
Constraints:
Must contain no more than 255 alphanumeric characters or hyphens.
Must not be Default.
Must be unique for all subnet groups that are created by your AWS account.
Example: examplesubnetgroup
Description (string) A description for the subnet group.
SubnetIds (list) An array of VPC subnet IDs. A maximum of 20 subnets can be modified
in a single request.
Return type dict
create_event_subscription(SubscriptionName, SnsTopicArn, SourceType=None, Sour-
ceIds=None, EventCategories=None, Severity=None, En-
abled=None, Tags=None)
Creates an Amazon Redshift event notification subscription. This action requires an ARN (Amazon Re-
source Name) of an Amazon SNS topic created by either the Amazon Redshift console, the Amazon SNS
console, or the Amazon SNS API. To obtain an ARN with Amazon SNS, you must create a topic in
Amazon SNS and subscribe to the topic. The ARN is displayed in the SNS console.
You can specify the source type, and lists of Amazon Redshift source IDs, event categories, and event
severities. Notifications will be sent for all events you want that match those criteria. For example, you
can specify source type = cluster, source ID = my-cluster-1 and mycluster2, event categories = Availability,
Backup, and severity = ERROR. The subscription will only send notifications for those ERROR events in
the Availability and Backup categories for the specified clusters.
If you specify both the source type and source IDs, such as source type = cluster and source identifier =
my-cluster-1, notifications will be sent for all the cluster events for my-cluster-1. If you specify a source
type but do not specify a source identifier, you will receive notice of the events for the objects of that type
in your AWS account. If you do not specify either the SourceType nor the SourceIdentifier, you will be
notified of events generated from all Amazon Redshift sources belonging to your AWS account. You must
specify a source type if you specify a source ID.
Parameters
SubscriptionName (string) The name of the event subscription to be created.
Constraints:
Cannot be null, empty, or blank.


SnsTopicArn (string) The Amazon Resource Name (ARN) of the Amazon SNS topic
used to transmit the event notifications. The ARN is created by Amazon SNS when you
create a topic and subscribe to it.
SourceType (string) The type of source that will be generating the events. For example,
if you want to be notified of events generated by a cluster, you would set this parameter to
cluster. If this value is not specified, events are returned for all Amazon Redshift objects
in your AWS account. You must specify a source type in order to specify source IDs.
Valid values: cluster, cluster-parameter-group, cluster-security-group, and cluster-
snapshot.
SourceIds (list) A list of one or more identifiers of Amazon Redshift source objects.
All of the objects must be of the same type as was specified in the source type parameter.
The event subscription will return only events generated by the specified objects. If not
specified, then events are returned for all objects within the source type specified.
Example: my-cluster-1, my-cluster-2
Example: my-snapshot-20131010
EventCategories (list) Specifies the Amazon Redshift event categories to be published
by the event notification subscription.
Values: Configuration, Management, Monitoring, Security
Severity (string) Specifies the Amazon Redshift event severity to be published by the
event notification subscription.
Values: ERROR, INFO
Enabled (boolean) A Boolean value; set to true to activate the subscription, set to
false to create the subscription but not active it.
Return type dict
create_hsm_client_certificate(HsmClientCertificateIdentifier, Tags=None)
Creates an HSM client certificate that an Amazon Redshift cluster will use to connect to the clients HSM
in order to store and retrieve the keys used to encrypt the cluster databases.
The command returns a public key, which you must store in the HSM. In addition to creating the HSM
certificate, you must create an Amazon Redshift HSM configuration that provides a cluster the information
needed to store and use encryption keys in the HSM. For more information, go to Hardware Security
Modules in the Amazon Redshift Cluster Management Guide.
Parameters
HsmClientCertificateIdentifier (string) The identifier to be assigned to the new HSM
client certificate that the cluster will use to connect to the HSM to use the database encryp-
tion keys.
Return type dict
create_hsm_configuration(HsmConfigurationIdentifier, Description, HsmIpAddress, HsmPar-
titionName, HsmPartitionPassword, HsmServerPublicCertificate,
Tags=None)
Creates an HSM configuration that contains the information required by an Amazon Redshift cluster to
store and use database encryption keys in a Hardware Security Module (HSM). After creating the HSM
2.1. Services 483

configuration, you can specify it as a parameter when creating a cluster. The cluster will then store its
encryption keys in the HSM.
In addition to creating an HSM configuration, you must also create an HSM client certificate. For more
information, go to Hardware Security Modules in the Amazon Redshift Cluster Management Guide.
Parameters
HsmConfigurationIdentifier (string) The identifier to be assigned to the new Amazon
Redshift HSM configuration.
Description (string) A text description of the HSM configuration to be created.
HsmIpAddress (string) The IP address that the Amazon Redshift cluster must use to
access the HSM.
HsmPartitionName (string) The name of the partition in the HSM where the Amazon
Redshift clusters will store their database encryption keys.
HsmPartitionPassword (string) The password required to access the HSM partition.
HsmServerPublicCertificate (string) The HSMs public certificate file. When using
Cloud HSM, the file name is server.pem.
Return type dict
create_tags(ResourceName, Tags)
Adds one or more tags to a specified resource.
A resource can have up to 10 tags. If you try to create more than 10 tags for a resource, you will receive
an error and the attempt will fail.
If you specify a key that already exists for the resource, the value for that key will be updated with the new
value.
Parameters
ResourceName (string) The Amazon Resource Name (ARN)
to which you want to add the tag or tags. For example,
arn:aws:redshift:us-east-1:123456789:cluster:t1 .
Tags (list) One or more name/value pairs to add as tags to the specified resource.
Each tag name is passed in with the parameter tag-key and the correspond-
ing value is passed in with the parameter tag-value . The tag-key and
tag-value parameters are separated by a colon (:). Separate multiple tags with
a space. For example, --tags "tag-key"="owner":"tag-value"="admin"
"tag-key"="environment":"tag-value"="test"
"tag-key"="version":"tag-value"="1.0" .
Return type dict
delete_cluster(ClusterIdentifier, SkipFinalClusterSnapshot=None, FinalClusterSnapshotIdenti-
fier=None)
Deletes a previously provisioned cluster. A successful response from the web service indicates that the
request was received correctly. Use DescribeClusters to monitor the status of the deletion. The delete
operation cannot be canceled or reverted once submitted. For more information about managing clusters,
go to Amazon Redshift Clusters in the Amazon Redshift Cluster Management Guide .
If you want to shut down the cluster and retain it for future use, set SkipFinalClusterSnapshot to false
and specify a name for FinalClusterSnapshotIdentifier . You can later restore this snapshot to resume using
the cluster. If a final cluster snapshot is requested, the status of the cluster will be final-snapshot while
the snapshot is being taken, then its deleting once Amazon Redshift begins deleting the cluster.

For more information about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift
Cluster Management Guide .
Parameters
ClusterIdentifier (string) The identifier of the cluster to be deleted.
Constraints:
Must contain lowercase characters.
SkipFinalClusterSnapshot (boolean) Determines whether a final snapshot of the clus-
ter is created before Amazon Redshift deletes the cluster. If true , a final cluster snapshot
is not created. If false , a final cluster snapshot is created before the cluster is deleted.
Note: The FinalClusterSnapshotIdentifier parameter must be specified if SkipFinalClus-

terSnapshot is false .
Default: false
FinalClusterSnapshotIdentifier (string) The identifier of the final snapshot that is to
be created immediately before deleting the cluster. If this parameter is provided, SkipFi-
nalClusterSnapshot must be false .
Constraints:
Return type dict
delete_cluster_parameter_group(ParameterGroupName)
Deletes a specified Amazon Redshift parameter group.
Note: You cannot delete a parameter group if it is associated with a cluster.
Parameters ParameterGroupName (string) The name of the parameter group to be deleted.

Constraints:
Must be the name of an existing cluster parameter group.
Cannot delete a default cluster parameter group.
Return type dict
delete_cluster_security_group(ClusterSecurityGroupName)
Deletes an Amazon Redshift security group.
Note: You cannot delete a security group that is associated with any clusters. You cannot delete the
default security group.
2.1. Services 485

Parameters ClusterSecurityGroupName (string) The name of the cluster security group to
be deleted.
Return type dict
delete_cluster_snapshot(SnapshotIdentifier, SnapshotClusterIdentifier=None)
Deletes the specified manual snapshot. The snapshot must be in the available state, with no other users
authorized to access the snapshot.
Unlike automated snapshots, manual snapshots are retained even after you delete your cluster. Amazon
Redshift does not delete your manual snapshots. You must delete manual snapshot explicitly to avoid
getting charged. If other accounts are authorized to access the snapshot, you must revoke all of the autho-
rizations before you can delete the snapshot.
Parameters
SnapshotIdentifier (string) The unique identifier of the manual snapshot to be deleted.
Constraints: Must be the name of an existing snapshot that is in the available state.
SnapshotClusterIdentifier (string) The unique identifier of the cluster the snapshot
was created from. This parameter is required if your IAM user has a policy containing a
snapshot resource element that specifies anything other than * for the cluster name.
Constraints: Must be the name of valid cluster.
Return type dict
delete_cluster_subnet_group(ClusterSubnetGroupName)
Deletes the specified cluster subnet group.
Parameters ClusterSubnetGroupName (string) The name of the cluster subnet group name
to be deleted.
Return type dict
delete_event_subscription(SubscriptionName)
Deletes an Amazon Redshift event notification subscription.
Parameters SubscriptionName (string) The name of the Amazon Redshift event notification
subscription to be deleted.
Return type dict
delete_hsm_client_certificate(HsmClientCertificateIdentifier)
Deletes the specified HSM client certificate.
Parameters HsmClientCertificateIdentifier (string) The identifier of the HSM client certifi-
cate to be deleted.
Return type dict
delete_hsm_configuration(HsmConfigurationIdentifier)
Deletes the specified Amazon Redshift HSM configuration.
Parameters HsmConfigurationIdentifier (string) The identifier of the Amazon Redshift
HSM configuration to be deleted.
Return type dict

delete_tags(ResourceName, TagKeys)
Deletes a tag or tags from a resource. You must provide the ARN of the resource from which you want to
delete the tag or tags.
Parameters
from which you want to remove the tag or tags. For example,
TagKeys (list) The tag key that you want to delete.
Return type dict
describe_cluster_parameter_groups(ParameterGroupName=None, MaxRecords=None,
Marker=None, TagKeys=None, TagValues=None)
Returns a list of Amazon Redshift parameter groups, including parameter groups you created and the
default parameter group. For each parameter group, the response includes the parameter group name, de-
scription, and parameter group family name. You can optionally specify a name to retrieve the description
of a specific parameter group.
For more information about managing parameter groups, go to Amazon Redshift Parameter Groups in the
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all parameter
groups that match any combination of the specified keys and values. For example, if you have owner and
environment for tag keys, and admin and test for tag values, all parameter groups that have any
combination of those values are returned.
If both tag keys and values are omitted from the request, parameter groups are returned regardless of
whether they have tag keys or values associated with them.
Parameters
ParameterGroupName (string) The name of a specific parameter group for which to
return details. By default, details about all parameter groups and the default parameter
group are returned.
MaxRecords (integer) The maximum number of response records to return in each call.
If the number of remaining response records exceeds the specified MaxRecords value,
a value is returned in a marker field of the response. You can retrieve the next set of
records by retrying the command with the returned marker value.
Default: 100
Constraints: minimum 20, maximum 100.
Marker (string) An optional parameter that specifies the starting point to return a set of
response records. When the results of a DescribeClusterParameterGroups request exceed
the value specified in MaxRecords , AWS returns a value in the Marker field of the
response. You can retrieve the next set of response records by providing the returned
marker value in the Marker parameter and retrying the request.
TagKeys (list) A tag key or keys for which you want to return all matching cluster param-
eter groups that are associated with the specified key or keys. For example, suppose that
you have parameter groups that are tagged with keys called owner and environment
. If you specify both of these tag keys in the request, Amazon Redshift returns a response
with the parameter groups that have either or both of these tag keys associated with them.
TagValues (list) A tag value or values for which you want to return all matching cluster
parameter groups that are associated with the specified tag value or values. For example,
2.1. Services 487

suppose that you have parameter groups that are tagged with values called admin and
test . If you specify both of these tag values in the request, Amazon Redshift returns a
response with the parameter groups that have either or both of these tag values associated
with them.
Return type dict
describe_cluster_parameters(ParameterGroupName, Source=None, MaxRecords=None,
Marker=None)
Returns a detailed list of parameters contained within the specified Amazon Redshift parameter group. For
each parameter the response includes information such as parameter name, description, data type, value,
whether the parameter value is modifiable, and so on.
You can specify source filter to retrieve parameters of only specific type. For example, to retrieve param-
eters that were modified by a user action such as from ModifyClusterParameterGroup , you can specify
source equal to user .
Parameters
ParameterGroupName (string) The name of a cluster parameter group for which to
return details.
Source (string) The parameter types to return. Specify user to show parameters that
are different form the default. Similarly, specify engine-default to show parameters
that are the same as the default parameter group.
Default: All parameter types returned.
Valid Values: user | engine-default
Default: 100
Marker (string) An optional parameter that specifies the starting point to return a set
of response records. When the results of a DescribeClusterParameters request exceed
Return type dict
describe_cluster_security_groups(ClusterSecurityGroupName=None, MaxRecords=None,
Returns information about Amazon Redshift security groups. If the name of a security group is specified,
the response will contain only information about only that security group.
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all security
groups that match any combination of the specified keys and values. For example, if you have owner

and environment for tag keys, and admin and test for tag values, all security groups that have any
If both tag keys and values are omitted from the request, security groups are returned regardless of whether
they have tag keys or values associated with them.
Parameters
ClusterSecurityGroupName (string) The name of a cluster security group for which
you are requesting details. You can specify either the Marker parameter or a ClusterSe-
curityGroupName parameter, but not both.
Example: securitygroup1
Default: 100
of response records. When the results of a DescribeClusterSecurityGroups request exceed
Constraints: You can specify either the ClusterSecurityGroupName parameter or the
Marker parameter, but not both.
TagKeys (list) A tag key or keys for which you want to return all matching cluster
security groups that are associated with the specified key or keys. For example, suppose
that you have security groups that are tagged with keys called owner and environment
. If you specify both of these tag keys in the request, Amazon Redshift returns a response
with the security groups that have either or both of these tag keys associated with them.
security groups that are associated with the specified tag value or values. For example,
suppose that you have security groups that are tagged with values called admin and test
. If you specify both of these tag values in the request, Amazon Redshift returns a response
with the security groups that have either or both of these tag values associated with them.
Return type dict
describe_cluster_snapshots(ClusterIdentifier=None, SnapshotIdentifier=None, Snap-
shotType=None, StartTime=None, EndTime=None,
MaxRecords=None, Marker=None, OwnerAccount=None,
TagKeys=None, TagValues=None)
Returns one or more snapshot objects, which contain metadata about your cluster snapshots. By default,
this operation returns information about all snapshots of all clusters that are owned by you AWS customer
account. No information is returned for snapshots owned by inactive AWS customer accounts.
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all snapshots
that match any combination of the specified keys and values. For example, if you have owner and
environment for tag keys, and admin and test for tag values, all snapshots that have any combi-
nation of those values are returned. Only snapshots that you own are returned in the response; shared
snapshots are not returned with the tag key and tag value request parameters.
2.1. Services 489

If both tag keys and values are omitted from the request, snapshots are returned regardless of whether they
have tag keys or values associated with them.
Parameters
ClusterIdentifier (string) The identifier of the cluster for which information about snap-
shots is requested.
SnapshotIdentifier (string) The snapshot identifier of the snapshot about which to return
information.
SnapshotType (string) The type of snapshots for which you are requesting information.
By default, snapshots of all types are returned.
Valid Values: automated | manual
StartTime (datetime) A value that requests only snapshots created at or after the spec-
ified time. The time value is specified in ISO 8601 format. For more information about
ISO 8601, go to the ISO8601 Wikipedia page.
Example: 2012-07-16T18:00:00Z
EndTime (datetime) A time value that requests only snapshots created at or before the
specified time. The time value is specified in ISO 8601 format. For more information
about ISO 8601, go to the ISO8601 Wikipedia page.
Example: 2012-07-16T18:00:00Z
Default: 100
of response records. When the results of a DescribeClusterSnapshots request exceed the
value specified in MaxRecords , AWS returns a value in the Marker field of the re-
sponse. You can retrieve the next set of response records by providing the returned marker
value in the Marker parameter and retrying the request.
OwnerAccount (string) The AWS customer account used to create or copy the snapshot.
Use this field to filter the results to snapshots owned by a particular account. To describe
snapshots you own, either specify your AWS customer account, or do not specify the
parameter.
TagKeys (list) A tag key or keys for which you want to return all matching cluster
snapshots that are associated with the specified key or keys. For example, suppose that
you have snapshots that are tagged with keys called owner and environment . If you
specify both of these tag keys in the request, Amazon Redshift returns a response with the
snapshots that have either or both of these tag keys associated with them.
snapshots that are associated with the specified tag value or values. For example, suppose
that you have snapshots that are tagged with values called admin and test . If you
specify both of these tag values in the request, Amazon Redshift returns a response with
the snapshots that have either or both of these tag values associated with them.
Return type dict

describe_cluster_subnet_groups(ClusterSubnetGroupName=None, MaxRecords=None,
Returns one or more cluster subnet group objects, which contain metadata about your cluster subnet
groups. By default, this operation returns information about all cluster subnet groups that are defined
in you AWS account.
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all subnet
groups that match any combination of the specified keys and values. For example, if you have owner
and environment for tag keys, and admin and test for tag values, all subnet groups that have any
If both tag keys and values are omitted from the request, subnet groups are returned regardless of whether
they have tag keys or values associated with them.
Parameters
ClusterSubnetGroupName (string) The name of the cluster subnet group for which
information is requested.
Default: 100
of response records. When the results of a DescribeClusterSubnetGroups request exceed
TagKeys (list) A tag key or keys for which you want to return all matching cluster subnet
groups that are associated with the specified key or keys. For example, suppose that you
have subnet groups that are tagged with keys called owner and environment . If you
specify both of these tag keys in the request, Amazon Redshift returns a response with the
subnet groups that have either or both of these tag keys associated with them.
subnet groups that are associated with the specified tag value or values. For example,
suppose that you have subnet groups that are tagged with values called admin and test
. If you specify both of these tag values in the request, Amazon Redshift returns a response
with the subnet groups that have either or both of these tag values associated with them.
Return type dict
describe_cluster_versions(ClusterVersion=None, ClusterParameterGroupFamily=None,
Returns descriptions of the available Amazon Redshift cluster versions. You can call this operation even
before creating any clusters to learn more about the Amazon Redshift versions. For more information
about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift Cluster Management
Guide
Parameters
ClusterVersion (string) The specific cluster version to return.
2.1. Services 491

Example: 1.0
ClusterParameterGroupFamily (string) The name of a specific cluster parameter
group family to return details for.
Constraints:
Default: 100
response records. When the results of a DescribeClusterVersions request exceed the value
specified in MaxRecords , AWS returns a value in the Marker field of the response.
You can retrieve the next set of response records by providing the returned marker value
in the Marker parameter and retrying the request.
Return type dict
describe_clusters(ClusterIdentifier=None, MaxRecords=None, Marker=None, TagKeys=None,
TagValues=None)
Returns properties of provisioned clusters including general cluster properties, cluster database properties,
maintenance and backup properties, and security and access properties. This operation supports pagi-
nation. For more information about managing clusters, go to Amazon Redshift Clusters in the Amazon
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all clusters
environment for tag keys, and admin and test for tag values, all clusters that have any combination
of those values are returned.
If both tag keys and values are omitted from the request, clusters are returned regardless of whether they
Parameters
ClusterIdentifier (string) The unique identifier of a cluster whose properties you are
requesting. This parameter is case sensitive.
The default is that all clusters defined for an account are returned.
Default: 100

of response records. When the results of a DescribeClusters request exceed the value
Constraints: You can specify either the ClusterIdentifier parameter or the Marker pa-
rameter, but not both.
TagKeys (list) A tag key or keys for which you want to return all matching clusters that
are associated with the specified key or keys. For example, suppose that you have clusters
that are tagged with keys called owner and environment . If you specify both of these
tag keys in the request, Amazon Redshift returns a response with the clusters that have
either or both of these tag keys associated with them.
TagValues (list) A tag value or values for which you want to return all matching clusters
that are associated with the specified tag value or values. For example, suppose that you
have clusters that are tagged with values called admin and test . If you specify both of
these tag values in the request, Amazon Redshift returns a response with the clusters that
have either or both of these tag values associated with them.
Return type dict
describe_default_cluster_parameters(ParameterGroupFamily, MaxRecords=None,
Marker=None)
Returns a list of parameter settings for the specified parameter group family.
Parameters
ParameterGroupFamily (string) The name of the cluster parameter group family.
Default: 100
response records. When the results of a DescribeDefaultClusterParameters request exceed
Return type dict
describe_event_categories(SourceType=None)
Displays a list of event categories for all event source types, or for a specified source type. For a list of the
event categories and source types, go to Amazon Redshift Event Notifications .
Parameters SourceType (string) The source type, such as cluster or parameter group, to
which the described event categories apply.
Valid values: cluster, snapshot, parameter group, and security group.
Return type dict
2.1. Services 493

describe_event_subscriptions(SubscriptionName=None, MaxRecords=None,
Marker=None)
Lists descriptions of all the Amazon Redshift event notifications subscription for a customer account. If
you specify a subscription name, lists the description for that subscription.
Parameters
SubscriptionName (string) The name of the Amazon Redshift event notification sub-
scription to be described.
Default: 100
of response records. When the results of a DescribeEventSubscriptions request exceed
Return type dict
Duration=None, MaxRecords=None, Marker=None)
Returns events related to clusters, security groups, snapshots, and parameter groups for the past 14 days.
Events specific to a particular cluster, security group, snapshot or parameter group can be obtained by
providing the name as a parameter. By default, the past hour of events are returned.
Parameters
returned. If this parameter is not specified, then all sources are included in the response.
Constraints:
If SourceIdentifier is supplied, SourceType must also be provided.
Specify a cluster identifier when SourceType is cluster .
Specify a cluster security group name when SourceType is
cluster-security-group .
Specify a cluster parameter group name when SourceType is
cluster-parameter-group .
Specify a cluster snapshot identifier when SourceType is cluster-snapshot .
Constraints:
If SourceType is supplied, SourceIdentifier must also be provided.
Specify cluster when SourceIdentifier is a cluster identifier.

Specify cluster-security-group when SourceIdentifier is a cluster security

group name.
Specify cluster-parameter-group when SourceIdentifier is a cluster parameter
group name.
Specify cluster-snapshot when SourceIdentifier is a cluster snapshot identifier.
page.
Example: 2009-07-08T18:00Z
page.
Example: 2009-07-08T18:00Z
Duration (integer) The number of minutes prior to the time of the request for which to
retrieve events. For example, if the request is sent at 18:00 and you specify a duration of
60, then only events which have occurred after 17:00 will be returned.
Default: 60
Default: 100
response records. When the results of a DescribeEvents request exceed the value specified
in MaxRecords , AWS returns a value in the Marker field of the response. You can
retrieve the next set of response records by providing the returned marker value in the
Marker parameter and retrying the request.
Return type dict
describe_hsm_client_certificates(HsmClientCertificateIdentifier=None,
MaxRecords=None, Marker=None, TagKeys=None,
TagValues=None)
Returns information about the specified HSM client certificate. If no certificate ID is specified, returns
information about all the HSM certificates owned by your AWS customer account.
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all HSM client
certificates that match any combination of the specified keys and values. For example, if you have owner
and environment for tag keys, and admin and test for tag values, all HSM client certificates that
have any combination of those values are returned.
If both tag keys and values are omitted from the request, HSM client certificates are returned regardless of
Parameters
HsmClientCertificateIdentifier (string) The identifier of a specific HSM client certifi-
cate for which you want information. If no identifier is specified, information is returned
for all HSM client certificates owned by your AWS customer account.
2.1. Services 495

Default: 100
of response records. When the results of a DescribeHsmClientCertificates request exceed
TagKeys (list) A tag key or keys for which you want to return all matching HSM
client certificates that are associated with the specified key or keys. For example, sup-
pose that you have HSM client certificates that are tagged with keys called owner and
environment . If you specify both of these tag keys in the request, Amazon Redshift
returns a response with the HSM client certificates that have either or both of these tag
keys associated with them.
TagValues (list) A tag value or values for which you want to return all matching HSM
client certificates that are associated with the specified tag value or values. For example,
suppose that you have HSM client certificates that are tagged with values called admin
and test . If you specify both of these tag values in the request, Amazon Redshift
returns a response with the HSM client certificates that have either or both of these tag
values associated with them.
Return type dict
describe_hsm_configurations(HsmConfigurationIdentifier=None, MaxRecords=None,
Returns information about the specified Amazon Redshift HSM configuration. If no configuration ID is
specified, returns information about all the HSM configurations owned by your AWS customer account.
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all HSM connec-
tions that match any combination of the specified keys and values. For example, if you have owner and
environment for tag keys, and admin and test for tag values, all HSM connections that have any
If both tag keys and values are omitted from the request, HSM connections are returned regardless of
Parameters
HsmConfigurationIdentifier (string) The identifier of a specific Amazon Redshift
HSM configuration to be described. If no identifier is specified, information is returned
for all HSM configurations owned by your AWS customer account.
Default: 100

of response records. When the results of a DescribeHsmConfigurations request exceed
TagKeys (list) A tag key or keys for which you want to return all matching HSM config-
urations that are associated with the specified key or keys. For example, suppose that you
have HSM configurations that are tagged with keys called owner and environment .
If you specify both of these tag keys in the request, Amazon Redshift returns a response
with the HSM configurations that have either or both of these tag keys associated with
them.
TagValues (list) A tag value or values for which you want to return all matching HSM
configurations that are associated with the specified tag value or values. For example,
suppose that you have HSM configurations that are tagged with values called admin
and test . If you specify both of these tag values in the request, Amazon Redshift
returns a response with the HSM configurations that have either or both of these tag values
associated with them.
Return type dict
describe_logging_status(ClusterIdentifier)
Describes whether information, such as queries and connection attempts, is being logged for the specified
Amazon Redshift cluster.
Parameters ClusterIdentifier (string) The identifier of the cluster to get the logging status
from.
Example: examplecluster
Return type dict
describe_orderable_cluster_options(ClusterVersion=None, NodeType=None,
Returns a list of orderable cluster options. Before you create a new cluster you can use this operation to
find what options are available, such as the EC2 Availability Zones (AZ) in the specific AWS region that
you can specify, and the node types you can request. The node types differ by available storage, memory,
CPU and price. With the cost involved you might want to obtain a list of cluster options in the specific
region and specify values when creating a cluster. For more information about managing clusters, go to
Amazon Redshift Clusters in the Amazon Redshift Cluster Management Guide
Parameters
ClusterVersion (string) The version filter value. Specify this parameter to show only
the available offerings matching the specified version.
Default: All versions.
Constraints: Must be one of the version returned from DescribeClusterVersions .
NodeType (string) The node type filter value. Specify this parameter to show only the
available offerings matching the specified node type.
Default: 100
2.1. Services 497


response records. When the results of a DescribeOrderableClusterOptions request exceed
Return type dict
describe_reserved_node_offerings(ReservedNodeOfferingId=None, MaxRecords=None,
Marker=None)
Returns a list of the available reserved node offerings by Amazon Redshift with their descriptions including
the node type, the fixed and recurring costs of reserving the node and duration the node will be reserved for
you. These descriptions help you determine which reserve node offering you want to purchase. You then
use the unique offering ID in you call to PurchaseReservedNodeOffering to reserve one or more nodes for
your Amazon Redshift cluster.
For more information about managing parameter groups, go to Purchasing Reserved Nodes in the Amazon
Parameters
ReservedNodeOfferingId (string) The unique identifier for the offering.
Default: 100
response records. When the results of a DescribeReservedNodeOfferings request exceed
Return type dict
describe_reserved_nodes(ReservedNodeId=None, MaxRecords=None, Marker=None)
Returns the descriptions of the reserved nodes.
Parameters
ReservedNodeId (string) Identifier for the node reservation.
Default: 100
response records. When the results of a DescribeReservedNodes request exceed the value

Return type dict
describe_resize(ClusterIdentifier)
Returns information about the last resize operation for the specified cluster. If no resize operation has ever
been initiated for the specified cluster, a HTTP 404 error is returned. If a resize operation was initiated
and completed, the status of the resize remains as SUCCEEDED until the next resize.
A resize operation can be requested using ModifyCluster and specifying a different number or type of
nodes for the cluster.
Parameters ClusterIdentifier (string) The unique identifier of a cluster whose resize progress
you are requesting. This parameter is case-sensitive.
By default, resize operations for all clusters defined for an AWS account are returned.
Return type dict
describe_tags(ResourceName=None, ResourceType=None, MaxRecords=None, Marker=None,
TagKeys=None, TagValues=None)
Returns a list of tags. You can return tags from a specific resource by specifying an ARN, or you can return
all tags for a given type of resource, such as clusters, snapshots, and so on.
The following are limitations for DescribeTags :
You cannot specify an ARN and a resource-type value together in the same request.
You cannot use the MaxRecords and Marker parameters together with the ARN parameter.
The MaxRecords parameter can be a range from 10 to 50 results to return in a request.
If you specify both tag keys and tag values in the same request, Amazon Redshift returns all resources
environment for tag keys, and admin and test for tag values, all resources that have any combi-
nation of those values are returned.
If both tag keys and values are omitted from the request, resources are returned regardless of whether they
Parameters
for which you want to describe the tag or tags. For example,
ResourceType (string) The type of resource with which you want to view tags. Valid
resource types are:
Cluster
CIDR/IP
EC2 security group
Snapshot
Cluster security group
Subnet group
HSM connection
HSM certificate
2.1. Services 499

Parameter group
For more information about Amazon Redshift resource types and constructing ARNs, go
to Constructing an Amazon Redshift Amazon Resource Name (ARN) in the Amazon Red-
shift Cluster Management Guide.
MaxRecords (integer) The maximum number or response records to return in each call.
Marker (string) A value that indicates the starting point for the next set of response
records in a subsequent request. If a value is returned in a response, you can retrieve
the next set of records by providing this returned marker value in the marker parameter
and retrying the command. If the marker field is empty, all response records have been
retrieved for the request.
TagKeys (list) A tag key or keys for which you want to return all matching resources
that are associated with the specified key or keys. For example, suppose that you have
resources tagged with keys called owner and environment . If you specify both of
these tag keys in the request, Amazon Redshift returns a response with all resources that
have either or both of these tag keys associated with them.
TagValues (list) A tag value or values for which you want to return all matching re-
sources that are associated with the specified value or values. For example, suppose that
you have resources tagged with values called admin and test . If you specify both of
these tag values in the request, Amazon Redshift returns a response with all resources that
have either or both of these tag values associated with them.
Return type dict
disable_logging(ClusterIdentifier)
Stops logging information, such as queries and connection attempts, for the specified Amazon Redshift
cluster.
Parameters ClusterIdentifier (string) The identifier of the cluster on which logging is to be
stopped.
Return type dict
disable_snapshot_copy(ClusterIdentifier)
Disables the automatic copying of snapshots from one region to another region for a specified cluster.
Parameters ClusterIdentifier (string) The unique identifier of the source cluster that you
want to disable copying of snapshots to a destination region.
Constraints: Must be the valid name of an existing cluster that has cross-region snapshot
copy enabled.
Return type dict
enable_logging(ClusterIdentifier, BucketName, S3KeyPrefix=None)
Starts logging information, such as queries and connection attempts, for the specified Amazon Redshift
cluster.
Parameters
ClusterIdentifier (string) The identifier of the cluster on which logging is to be started.

BucketName (string) The name of an existing S3 bucket where the log files are to be
stored.
Constraints:
Must be in the same region as the cluster
The cluster must have read bucket and put object permissions
S3KeyPrefix (string) The prefix applied to the log file names.
Constraints:
Cannot exceed 512 characters
Cannot contain spaces( ), double quotes (), single quotes (), a backslash (), or control
characters. The hexadecimal codes for invalid characters are: * x00 to x20
x22
x27
x5c
x7f or larger
Return type dict
enable_snapshot_copy(ClusterIdentifier, DestinationRegion, RetentionPeriod=None)
Enables the automatic copy of snapshots from one region to another region for a specified cluster.
Parameters
ClusterIdentifier (string) The unique identifier of the source cluster to copy snapshots
from.
Constraints: Must be the valid name of an existing cluster that does not already have
cross-region snapshot copy enabled.
DestinationRegion (string) The destination region that you want to copy snapshots to.
Constraints: Must be the name of a valid region. For more information, see Regions and
Endpoints in the Amazon Web Services General Reference.
RetentionPeriod (integer) The number of days to retain automated snapshots in the
destination region after they are copied from the source region.
Default: 7.
Constraints: Must be at least 1 and no more than 35.
Return type dict
get_waiter(name)
cluster_available
cluster_deleted
snapshot_available
modify_cluster(ClusterIdentifier, ClusterType=None, NodeType=None, NumberOfNodes=None,
ClusterSecurityGroups=None, VpcSecurityGroupIds=None, MasterUserPass-
word=None, ClusterParameterGroupName=None, AutomatedSnapshotReten-
tionPeriod=None, PreferredMaintenanceWindow=None, ClusterVersion=None,
AllowVersionUpgrade=None, HsmClientCertificateIdentifier=None, HsmConfigu-
rationIdentifier=None, NewClusterIdentifier=None)
2.1. Services 501

Modifies the settings for a cluster. For example, you can add another security or parameter group, update
the preferred maintenance window, or change the master user password. Resetting a cluster password
or modifying the security groups associated with a cluster do not need a reboot. However, modifying a
parameter group requires a reboot for parameters to take effect. For more information about managing
clusters, go to Amazon Redshift Clusters in the Amazon Redshift Cluster Management Guide .
You can also change node type and the number of nodes to scale up or down the cluster. When resizing a
cluster, you must specify both the number of nodes and the node type even if one of the parameters does
not change.
Parameters
ClusterIdentifier (string) The unique identifier of the cluster to be modified.
ClusterType (string) The new cluster type.
When you submit your cluster resize request, your existing cluster goes into a read-only
mode. After Amazon Redshift provisions a new cluster based on your resize requirements,
there will be outage for a period while the old cluster is deleted and your connection is
switched to the new cluster. You can use DescribeResize to track the progress of the resize
request.
Valid Values: multi-node | single-node
NodeType (string) The new node type of the cluster. If you specify a new node type,
you must also specify the number of nodes parameter.
When you submit your request to resize a cluster, Amazon Redshift sets access permis-
sions for the cluster to read-only. After Amazon Redshift provisions a new cluster ac-
cording to your resize requirements, there will be a temporary outage while the old cluster
is deleted and your connection is switched to the new cluster. When the new connec-
tion is complete, the original access permissions for the cluster are restored. You can use
DescribeResize to track the progress of the resize request.
Valid Values: dw1.xlarge | dw1.8xlarge | dw2.large | dw2.8xlarge .
NumberOfNodes (integer) The new number of nodes of the cluster. If you specify a
new number of nodes, you must also specify the node type parameter.
When you submit your request to resize a cluster, Amazon Redshift sets access permis-
sions for the cluster to read-only. After Amazon Redshift provisions a new cluster ac-
cording to your resize requirements, there will be a temporary outage while the old cluster
is deleted and your connection is switched to the new cluster. When the new connec-
tion is complete, the original access permissions for the cluster are restored. You can use
DescribeResize to track the progress of the resize request.
Valid Values: Integer greater than 0 .
ClusterSecurityGroups (list) A list of cluster security groups to be authorized on this
cluster. This change is asynchronously applied as soon as possible.
Security groups currently associated with the cluster, and not in the list of groups to apply,
will be revoked from the cluster.
Constraints:

VpcSecurityGroupIds (list) A list of virtual private cloud (VPC) security groups to be

MasterUserPassword (string) The new password for the cluster master user. This
change is asynchronously applied as soon as possible. Between the time of the request
and the completion of the request, the MasterUserPassword element exists in the
PendingModifiedValues element of the operation response.
Note: Operations never return the password, so this operation provides a way to regain
access to the master user account for a cluster if the password is lost.
Default: Uses existing setting.

Constraints:
Must be between 8 and 64 characters in length.
Must contain at least one uppercase letter.
Must contain at least one lowercase letter.
Must contain one number.
Can be any printable ASCII character (ASCII code 33 to 126) except (single quote),
(double quote), , /, @, or space.
ClusterParameterGroupName (string) The name of the cluster parameter group to
apply to this cluster. This change is applied only after the cluster is rebooted. To reboot a
cluster use RebootCluster .
Constraints: The cluster parameter group must be in the same parameter group family that
matches the cluster version.
If you decrease the automated snapshot retention period from its current value, existing
automated snapshots that fall outside of the new retention period will be immediately
deleted.
system maintenance can occur, if necessary. If system maintenance is necessary during the
window, it may result in an outage.
This maintenance window change is made immediately. If the new maintenance window
indicates the current time, there must be at least 120 minutes between the current time and
end of the window in order to ensure that pending changes are applied.
Format: ddd:hh24:mi-ddd:hh24:mi, for example wed:07:30-wed:08:00 .
Constraints: Must be at least 30 minutes.
2.1. Services 503

ClusterVersion (string) The new version number of the Amazon Redshift engine to
upgrade to.
For major version upgrades, if a non-default cluster parameter group is currently in use,
a new cluster parameter group in the cluster parameter group family for the new version
must be specified. The new cluster parameter group can be the default for that cluster
parameter group family. For more information about managing parameter groups, go to
Amazon Redshift Parameter Groups in the Amazon Redshift Cluster Management Guide .
Example: 1.0
AllowVersionUpgrade (boolean) If true , major version upgrades will be applied
automatically to the cluster during the maintenance window.
Default: false
HSM.
an HSM.
NewClusterIdentifier (string) The new identifier for the cluster.
Constraints:
Return type dict
modify_cluster_parameter_group(ParameterGroupName, Parameters)
Modifies the parameters of a parameter group.
Parameters
ParameterGroupName (string) The name of the parameter group to be modified.
Parameters (list) An array of parameters to be modified. A maximum of 20 parameters
can be modified in a single request.
For each parameter to be modified, you must supply at least the parameter name and
parameter value; other name-value pairs of the parameter are optional.
For the workload management (WLM) configuration, you must supply all the name-value
pairs in the wlm_json_configuration parameter.
Return type dict
modify_cluster_subnet_group(ClusterSubnetGroupName, SubnetIds, Description=None)
Modifies a cluster subnet group to include the specified list of VPC subnets. The operation replaces the
existing list of subnets with the new list of subnets.

Parameters
ClusterSubnetGroupName (string) The name of the subnet group to be modified.
Description (string) A text description of the subnet group to be modified.
SubnetIds (list) An array of VPC subnet IDs. A maximum of 20 subnets can be modified
in a single request.
Return type dict
modify_event_subscription(SubscriptionName, SnsTopicArn=None, SourceType=None,
SourceIds=None, EventCategories=None, Severity=None, En-
abled=None)
Modifies an existing Amazon Redshift event notification subscription.
Parameters
SubscriptionName (string) The name of the modified Amazon Redshift event notifica-
tion subscription.
SnsTopicArn (string) The Amazon Resource Name (ARN) of the SNS topic to be used
SourceType (string) The type of source that will be generating the events. For example,
if you want to be notified of events generated by a cluster, you would set this parameter to
cluster. If this value is not specified, events are returned for all Amazon Redshift objects
in your AWS account. You must specify a source type in order to specify source IDs.
Valid values: cluster, cluster-parameter-group, cluster-security-group, and cluster-
snapshot.
SourceIds (list) A list of one or more identifiers of Amazon Redshift source objects.
All of the objects must be of the same type as was specified in the source type parameter.
The event subscription will return only events generated by the specified objects. If not
specified, then events are returned for all objects within the source type specified.
Example: my-cluster-1, my-cluster-2
Example: my-snapshot-20131010
EventCategories (list) Specifies the Amazon Redshift event categories to be published
Values: Configuration, Management, Monitoring, Security
Severity (string) Specifies the Amazon Redshift event severity to be published by the
event notification subscription.
Values: ERROR, INFO
Enabled (boolean) A Boolean value indicating if the subscription is enabled. true
indicates the subscription is enabled
Return type dict
modify_snapshot_copy_retention_period(ClusterIdentifier, RetentionPeriod)
Modifies the number of days to retain automated snapshots in the destination region after they are copied
from the source region.
Parameters
ClusterIdentifier (string) The unique identifier of the cluster for which you want to
change the retention period for automated snapshots that are copied to a destination region.
2.1. Services 505

Constraints: Must be the valid name of an existing cluster that has cross-region snapshot
copy enabled.
RetentionPeriod (integer) The number of days to retain automated snapshots in the
destination region after they are copied from the source region.
If you decrease the retention period for automated snapshots that are copied to a destination
region, Amazon Redshift will delete any existing automated snapshots that were copied to
the destination region and that fall outside of the new retention period.
Constraints: Must be at least 1 and no more than 35.
Return type dict
purchase_reserved_node_offering(ReservedNodeOfferingId, NodeCount=None)
Allows you to purchase reserved nodes. Amazon Redshift offers a predefined set of reserved node offer-
ings. You can purchase one of the offerings. You can call the DescribeReservedNodeOfferings API to
obtain the available reserved node offerings. You can call this API by providing a specific reserved node
offering and the number of nodes you want to reserve.
For more information about managing parameter groups, go to Purchasing Reserved Nodes in the Amazon
Parameters
ReservedNodeOfferingId (string) The unique identifier of the reserved node offering
you want to purchase.
NodeCount (integer) The number of reserved nodes you want to purchase.
Default: 1
Return type dict
reboot_cluster(ClusterIdentifier)
Reboots a cluster. This action is taken as soon as possible. It results in a momentary outage to the cluster,
during which the cluster status is set to rebooting . A cluster event is created when the reboot is
completed. Any pending cluster modifications (see ModifyCluster ) are applied at this reboot. For more
information about managing clusters, go to Amazon Redshift Clusters in the Amazon Redshift Cluster
Management Guide
Parameters ClusterIdentifier (string) The cluster identifier.
Return type dict
reset_cluster_parameter_group(ParameterGroupName, ResetAllParameters=None, Parame-
ters=None)
Sets one or more parameters of the specified parameter group to their default values and sets the source
values of the parameters to engine-default. To reset the entire parameter group specify the ResetAllPa-
rameters parameter. For parameter changes to take effect you must reboot any associated clusters.
Parameters
ParameterGroupName (string) The name of the cluster parameter group to be reset.
ResetAllParameters (boolean) If true , all parameters in the specified parameter group
will be reset to their default values.
Default: true
Parameters (list) An array of names of parameters to be reset. If ResetAllParameters
option is not used, then at least one parameter name must be supplied.
Constraints: A maximum of 20 parameters can be reset in a single request.

Return type dict

restore_from_cluster_snapshot(ClusterIdentifier, SnapshotIdentifier, SnapshotClusterIdenti-
fier=None, Port=None, AvailabilityZone=None, AllowVer-
sionUpgrade=None, ClusterSubnetGroupName=None,
PubliclyAccessible=None, OwnerAccount=None, Hsm-
ClientCertificateIdentifier=None, HsmConfigurationIden-
tifier=None, ElasticIp=None, ClusterParameterGroup-
Name=None, ClusterSecurityGroups=None, VpcSecurity-
GroupIds=None, PreferredMaintenanceWindow=None, Au-
tomatedSnapshotRetentionPeriod=None, KmsKeyId=None)
Creates a new cluster from a snapshot. Amazon Redshift creates the resulting cluster with the same config-
uration as the original cluster from which the snapshot was created, except that the new cluster is created
with the default cluster security and parameter group. After Amazon Redshift creates the cluster you can
use the ModifyCluster API to associate a different security group and different parameter group with the
restored cluster.
If you restore a cluster into a VPC, you must provide a cluster subnet group where you want the cluster
restored.
Parameters
ClusterIdentifier (string) The identifier of the cluster that will be created from restoring
the snapshot.
Constraints:
SnapshotIdentifier (string) The name of the snapshot from which to create the new
cluster. This parameter isnt case sensitive.
SnapshotClusterIdentifier (string) The name of the cluster the source snapshot was cre-
ated from. This parameter is required if your IAM user has a policy containing a snapshot
Port (integer) The port number on which the cluster accepts connections.
Default: The same port as the original cluster.
Constraints: Must be between 1115 and 65535 .
AvailabilityZone (string) The Amazon EC2 Availability Zone in which to restore the
cluster.
Example: us-east-1a
AllowVersionUpgrade (boolean) If true , major version upgrades can be applied dur-
ing the maintenance window to the Amazon Redshift engine that is running on the cluster.
2.1. Services 507

Default: true
ClusterSubnetGroupName (string) The name of the subnet group where you want to
cluster restored.
A snapshot of cluster in VPC can be restored only in VPC. Therefore, you must provide
subnet group name where you want the cluster restored.
PubliclyAccessible (boolean) If true , the cluster can be accessed from a public net-
work.
OwnerAccount (string) The AWS customer account used to create or copy the snapshot.
Required if you are restoring a snapshot you do not own, optional if you own the snapshot.
HSM.
an HSM.
ElasticIp (string) The elastic IP (EIP) address for the cluster.
ClusterParameterGroupName (string) The name of the parameter group to be associ-
ated with this cluster.
Default: The default Amazon Redshift cluster parameter group. For information about the
default parameter group, go to Working with Amazon Redshift Parameter Groups .
Constraints:
Must be 1 to 255 alphanumeric characters or hyphens.
ClusterSecurityGroups (list) A list of security groups to be associated with this cluster.
Default: The default cluster security group for Amazon Redshift.
Cluster security groups only apply to clusters outside of VPCs.
VpcSecurityGroupIds (list) A list of Virtual Private Cloud (VPC) security groups to be
Default: The default VPC security group is associated with the cluster.
VPC security groups only apply to clusters in VPCs.
automated cluster maintenance can occur.
Default: The value selected for the cluster from which the snapshot was taken. For more
information about the time blocks for each region, see Maintenance Windows in Amazon
Redshift Cluster Management Guide.


Default: The value selected for the cluster from which the snapshot was taken.
KmsKeyId (string) The AWS Key Management Service (KMS) key ID of the encryption
key that you want to use to encrypt data in the cluster that you restore from a shared
snapshot.
Return type dict
revoke_cluster_security_group_ingress(ClusterSecurityGroupName, CIDRIP=None,
Revokes an ingress rule in an Amazon Redshift security group for a previously authorized IP range or
Amazon EC2 security group. To add an ingress rule, see AuthorizeClusterSecurityGroupIngress . For in-
formation about managing security groups, go to Amazon Redshift Cluster Security Groups in the Amazon
Parameters
ClusterSecurityGroupName (string) The name of the security Group from which to
revoke the ingress rule.
CIDRIP (string) The IP range for which to revoke access. This range must be a valid
Classless Inter-Domain Routing (CIDR) block of IP addresses. If CIDRIP is specified,
EC2SecurityGroupName and EC2SecurityGroupOwnerId cannot be provided.
EC2SecurityGroupName (string) The name of the EC2 Security Group
whose access is to be revoked. If EC2SecurityGroupName is specified,
EC2SecurityGroupOwnerId must also be provided and CIDRIP cannot be
provided.
EC2SecurityGroupOwnerId (string) The AWS account number of the owner of the
security group specified in the EC2SecurityGroupName parameter. The AWS ac-
cess key ID is not an acceptable value. If EC2SecurityGroupOwnerId is specified,
EC2SecurityGroupName must also be provided. and CIDRIP cannot be provided.
Example: 111122223333
Return type dict
revoke_snapshot_access(SnapshotIdentifier, AccountWithRestoreAccess, SnapshotClusterIdenti-
fier=None)
Removes the ability of the specified AWS customer account to restore the specified snapshot. If the account
is currently restoring the snapshot, the restore will run to completion.
Parameters
SnapshotIdentifier (string) The identifier of the snapshot that the account can no longer
access.
SnapshotClusterIdentifier (string) The identifier of the cluster the snapshot was created
from. This parameter is required if your IAM user has a policy containing a snapshot
2.1. Services 509

AccountWithRestoreAccess (string) The identifier of the AWS customer account that

can no longer restore the specified snapshot.
Return type dict
rotate_encryption_key(ClusterIdentifier)
Rotates the encryption keys for a cluster.
Parameters ClusterIdentifier (string) The unique identifier of the cluster that you want to
rotate the encryption keys for.
Constraints: Must be the name of valid cluster that has encryption enabled.
Return type dict
2.1.30 Amazon Route 53
Table of Contents
Amazon Route 53
Client
Client
class route53.Client
A low-level client representing Amazon Route 53:
import boto3
route53 = boto3.client(route53)
associate_vpc_with_hosted_zone(HostedZoneId, VPC, Comment=None)

This action associates a VPC with an hosted zone.
To associate a VPC with an hosted zone, send a POST request to the
2013-04-01/hostedzone/*hosted zone ID* /associatevpc resource. The request
body must include an XML document with a AssociateVPCWithHostedZoneRequest element.
The response returns the AssociateVPCWithHostedZoneResponse element that contains
ChangeInfo for you to track the progress of the AssociateVPCWithHostedZoneRequest you
made. See GetChange operation for how to track the progress of your change.
Parameters
HostedZoneId (string) The ID of the hosted zone you want to associate your VPC with.
Note that you cannot associate a VPC with a hosted zone that doesnt have an existing
VPC association.
VPC (dict) The VPC that you want your hosted zone to be associated with.
Comment (string) Optional: Any comments you want to include about a
AssociateVPCWithHostedZoneRequest .
Return type dict
change_resource_record_sets(HostedZoneId, ChangeBatch)
Use this action to create or change your authoritative DNS information. To use this action, send a POST

request to the 2013-04-01/hostedzone/*hosted Zone ID* /rrset resource. The request

body must include an XML document with a ChangeResourceRecordSetsRequest element.
Changes are a list of change items and are considered transactional. For more information on transactional
changes, also known as change batches, see Creating, Changing, and Deleting Resource Record Sets Using
the Route 53 API in the Amazon Route 53 Developer Guide .
Warning: Due to the nature of transactional changes, you cannot delete the same resource record set
more than once in a single change batch. If you attempt to delete the same change batch more than
once, Route 53 returns an InvalidChangeBatch error.
In response to a ChangeResourceRecordSets request, your DNS data is changed on all Route 53

DNS servers. Initially, the status of a change is PENDING . This means the change has not yet propagated
to all the authoritative Route 53 DNS servers. When the change is propagated to all hosts, the change
returns a status of INSYNC .
Note the following limitations on a ChangeResourceRecordSets request:
A request cannot contain more than 100 Change elements.
A request cannot contain more than 1000 ResourceRecord elements.
The sum of the number of characters (including spaces) in all Value elements in a request cannot exceed
32,000 characters.
Parameters
HostedZoneId (string) The ID of the hosted zone that contains the resource record sets
that you want to change.
ChangeBatch (dict) A complex type that contains an optional comment and the
Changes element.
Return type dict
change_tags_for_resource(ResourceType, ResourceId, AddTags=None, Remove-
TagKeys=None)
Parameters
ResourceType (string) The type of the resource.
The resource type for health checks is healthcheck .
The resource type for hosted zones is hostedzone .
ResourceId (string) The ID of the resource for which you want to add, change, or delete
tags.
AddTags (list) A complex type that contains a list of Tag elements. Each Tag element
identifies a tag that you want to add or update for the specified resource.
RemoveTagKeys (list) A list of Tag keys that you want to remove from the specified
resource.
Return type dict
create_health_check(CallerReference, HealthCheckConfig)
This action creates a new health check.
To create a new health check, send a POST request to the 2013-04-01/healthcheck resource. The
request body must include an XML document with a CreateHealthCheckRequest element. The
response returns the CreateHealthCheckResponse element that contains metadata about the health
check.
2.1. Services 511

Parameters
CallerReference (string) A unique string that identifies the request and that allows failed
CreateHealthCheck requests to be retried without the risk of executing the operation
twice. You must use a unique CallerReference string every time you create a health
check. CallerReference can be any unique string; you might choose to use a string
that identifies your project.
Valid characters are any Unicode code points that are legal in an XML 1.0 document. The
UTF-8 encoding of the value must be less than 128 bytes.
HealthCheckConfig (dict) A complex type that contains health check configuration.
Return type dict
create_hosted_zone(Name, CallerReference, VPC=None, HostedZoneConfig=None, Delegation-
SetId=None)
This action creates a new hosted zone.
To create a new hosted zone, send a POST request to the 2013-04-01/hostedzone resource. The
request body must include an XML document with a CreateHostedZoneRequest element. The
response returns the CreateHostedZoneResponse element that contains metadata about the hosted
zone.
Route 53 automatically creates a default SOA record and four NS records for the zone. The NS records
in the hosted zone are the name servers you give your registrar to delegate your domain to. For more
information about SOA and NS records, see NS and SOA Records that Route 53 Creates for a Hosted
Zone in the Amazon Route 53 Developer Guide .
When you create a zone, its initial status is PENDING . This means that it is not yet available on all DNS
servers. The status of the zone changes to INSYNC when the NS and SOA records are available on all
Route 53 DNS servers.
When trying to create a hosted zone using a reusable delegation set, you could specify an optional Dele-
gationSetId, and Route53 would assign those 4 NS records for the zone, instead of alloting a new one.
Parameters
Name (string) The name of the domain. This must be a fully-specified domain, for ex-
ample, www.example.com. The trailing dot is optional; Route 53 assumes that the domain
name is fully qualified. This means that Route 53 treats www.example.com (without a
trailing dot) and www.example.com. (with a trailing dot) as identical.
This is the name you have registered with your DNS registrar. You should ask your regis-
trar to change the authoritative name servers for your domain to the set of NameServers
elements returned in DelegationSet .
VPC (dict) The VPC that you want your hosted zone to be associated with. By providing
this parameter, your newly created hosted cannot be resolved anywhere other than the
given VPC.
CreateHostedZone requests to be retried without the risk of executing the operation
twice. You must use a unique CallerReference string every time you create a hosted
zone. CallerReference can be any unique string; you might choose to use a string
that identifies your project, such as DNSMigration_01 .
HostedZoneConfig (dict) A complex type that contains an optional comment about your
hosted zone.

DelegationSetId (string) The delegation set id of the reusable delgation set whose NS
records you want to assign to the new hosted zone.
Return type dict
create_reusable_delegation_set(CallerReference, HostedZoneId=None)
This action creates a reusable delegationSet.
To create a new reusable delegationSet, send a POST request to the 2013-04-01/delegationset
resource. The request body must include an XML document with a
CreateReusableDelegationSetRequest element. The response returns the
CreateReusableDelegationSetResponse element that contains metadata about the dele-
gationSet.
If the optional parameter HostedZoneId is specified, it marks the delegationSet associated with that partic-
ular hosted zone as reusable.
Parameters
CreateReusableDelegationSet requests to be retried without the risk of execut-
ing the operation twice. You must use a unique CallerReference string every time
you create a reusable delegation set. CallerReference can be any unique string; you
might choose to use a string that identifies your project, such as DNSMigration_01 .
HostedZoneId (string) The ID of the hosted zone whose delegation set you want to
mark as reusable. It is an optional parameter.
Return type dict
delete_health_check(HealthCheckId)
This action deletes a health check. To delete a health check, send a DELETE request to the
2013-04-01/healthcheck/*health check ID* resource.
Warning: You can delete a health check only if there are no resource record sets associated with
this health check. If resource record sets are associated with this health check, you must disassociate
them before you can delete your health check. If you try to delete a health check that is associated
with resource record sets, Route 53 will deny your request with a HealthCheckInUse error. For
information about disassociating the records from your health check, see ChangeResourceRecordSets
.
Parameters HealthCheckId (string) The ID of the health check to delete.

Return type dict
delete_hosted_zone(Id)
This action deletes a hosted zone. To delete a hosted zone, send a DELETE request to the
2013-04-01/hostedzone/*hosted zone ID* resource.
For more information about deleting a hosted zone, see Deleting a Hosted Zone in the Amazon Route 53
Developer Guide .
Warning: You can delete a hosted zone only if there are no resource record sets other than the default
SOA record and NS resource record sets. If your hosted zone contains other resource record sets,
you must delete them before you can delete your hosted zone. If you try to delete a hosted zone that
contains other resource record sets, Route 53 will deny your request with a HostedZoneNotEmpty
error. For information about deleting records from your hosted zone, see ChangeResourceRecordSets
.
2.1. Services 513

Parameters Id (string) The ID of the hosted zone you want to delete.

Return type dict
delete_reusable_delegation_set(Id)
This action deletes a reusable delegation set. To delete a reusable delegation set, send a DELETE request
to the 2013-04-01/delegationset/*delegation set ID* resource.
Warning: You can delete a reusable delegation set only if there are no associated hosted zones. If your
reusable delegation set contains associated hosted zones, you must delete them before you can delete
your reusable delegation set. If you try to delete a reusable delegation set that contains associated
hosted zones, Route 53 will deny your request with a DelegationSetInUse error.
Parameters Id (string) The ID of the reusable delegation set you want to delete.
Return type dict
disassociate_vpc_from_hosted_zone(HostedZoneId, VPC, Comment=None)
This action disassociates a VPC from an hosted zone.
To disassociate a VPC to a hosted zone, send a POST request to the
2013-04-01/hostedzone/*hosted zone ID* /disassociatevpc resource. The request
body must include an XML document with a DisassociateVPCFromHostedZoneRequest
element. The response returns the DisassociateVPCFromHostedZoneResponse
element that contains ChangeInfo for you to track the progress of the
DisassociateVPCFromHostedZoneRequest you made. See GetChange operation for
how to track the progress of your change.
Parameters
HostedZoneId (string) The ID of the hosted zone you want to disassociate your VPC
from.
Note that you cannot disassociate the last VPC from a hosted zone.
VPC (dict) The VPC that you want your hosted zone to be disassociated from.
Comment (string) Optional: Any comments you want to include about a
DisassociateVPCFromHostedZoneRequest .
Return type dict
get_change(Id)
This action returns the current status of a change batch request. The status is one of the following values:
PENDING indicates that the changes in this request have not replicated to all Route 53 DNS servers.
This is the initial status of all change batch requests.
INSYNC indicates that the changes have replicated to all Amazon Route 53 DNS servers.
Parameters Id (string) The ID of the change batch request. The value that you specify here
is the value that ChangeResourceRecordSets returned in the Id element when you
submitted the request.
Return type dict
get_checker_ip_ranges()
To retrieve a list of the IP ranges used by Amazon Route 53 health checkers to check the health of your
resources, send a GET request to the 2013-04-01/checkeripranges resource. You can use these
IP addresses to configure router and firewall rules to allow health checkers to check the health of your
resources.

Return type dict

get_geo_location(ContinentCode=None, CountryCode=None, SubdivisionCode=None)
To retrieve a single geo location, send a GET request to the 2013-04-01/geolocation resource with
one of these options: continentcode | countrycode | countrycode and subdivisioncode.
Parameters
ContinentCode (string) The code for a continent geo location. Note: only continent
locations have a continent code.
Valid values: AF | AN | AS | EU | OC | NA | SA
Constraint: Specifying ContinentCode with either CountryCode or
SubdivisionCode returns an InvalidInput error.
CountryCode (string) The code for a country geo location. The default location uses *
for the country code and will match all locations that are not matched by a geo location.
The default geo location uses a * for the country code. All other country codes follow the
ISO 3166 two-character code.
SubdivisionCode (string) The code for a countrys subdivision (e.g., a province of
Canada). A subdivision code is only valid with the appropriate country code.
Constraint: Specifying SubdivisionCode without CountryCode returns an Invalid-
Input error.
Return type dict
get_health_check(HealthCheckId)
To retrieve the health check, send a GET request to the 2013-04-01/healthcheck/*health
check ID* resource.
Parameters HealthCheckId (string) The ID of the health check to retrieve.
Return type dict
get_health_check_count()
To retrieve a count of all your health checks, send a GET request to the
2013-04-01/healthcheckcount resource.
Return type dict
get_health_check_last_failure_reason(HealthCheckId)
If you want to learn why a health check is currently failing or why it failed most recently (if
at all), you can get the failure reason for the most recent failure. Send a GET request to the
2013-04-01/healthcheck/*health check ID* /lastfailurereason resource.
Parameters HealthCheckId (string) The ID of the health check for which you want to retrieve
the reason for the most recent failure.
Return type dict
get_health_check_status(HealthCheckId)
To retrieve the health check status, send a GET request to the 2013-04-01/healthcheck/*health
check ID* /status resource. You can use this call to get a health checks current status.
Parameters HealthCheckId (string) The ID of the health check for which you want to retrieve
the most recent status.
Return type dict
2.1. Services 515

get_hosted_zone(Id)
To retrieve the delegation set for a hosted zone, send a GET request to the
2013-04-01/hostedzone/*hosted zone ID* resource. The delegation set is the four
Route 53 name servers that were assigned to the hosted zone when you created it.
Parameters Id (string) The ID of the hosted zone for which you want to get a list of the name
servers in the delegation set.
Return type dict
get_reusable_delegation_set(Id)
To retrieve the reusable delegation set, send a GET request to the
2013-04-01/delegationset/*delegation set ID* resource.
Parameters Id (string) The ID of the reusable delegation set for which you want to get a list
of the name server.
Return type dict
list_geo_locations(StartContinentCode=None, StartCountryCode=None, StartSubdivision-
Code=None, MaxItems=None)
To retrieve a list of supported geo locations, send a GET request to the 2013-04-01/geolocations
resource. The response to this request includes a GeoLocationDetailsList element with zero,
one, or multiple GeoLocationDetails child elements. The list is sorted by country code, and then
subdivision code, followed by continents at the end of the list.
By default, the list of geo locations is displayed on a single page. You can control the
length of the page that is displayed by using the MaxItems parameter. If the list is
truncated, IsTruncated will be set to true and a combination of NextContinentCode,
NextCountryCode, NextSubdivisionCode will be populated. You can pass these as param-
eters to StartContinentCode, StartCountryCode, StartSubdivisionCode to control
the geo location that the list begins with.
Parameters
StartContinentCode (string) The first continent code in the lexicographic ordering of
geo locations that you want the ListGeoLocations request to list. For non-continent
geo locations, this should be null.
Valid values: AF | AN | AS | EU | OC | NA | SA
Constraint: Specifying ContinentCode with either CountryCode or
SubdivisionCode returns an InvalidInput error.
StartCountryCode (string) The first country code in the lexicographic ordering of geo
locations that you want the ListGeoLocations request to list.
The default geo location uses a * for the country code. All other country codes follow the
ISO 3166 two-character code.
StartSubdivisionCode (string) The first subdivision code in the lexicographic ordering
of geo locations that you want the ListGeoLocations request to list.
Constraint: Specifying SubdivisionCode without CountryCode returns an Invalid-
Input error.
MaxItems (string) The maximum number of geo locations you want in the response
body.
Return type dict

list_health_checks(Marker=None, MaxItems=None)
To retrieve a list of your health checks, send a GET request to the 2013-04-01/healthcheck re-
source. The response to this request includes a HealthChecks element with zero, one, or multiple
HealthCheck child elements. By default, the list of health checks is displayed on a single page. You
can control the length of the page that is displayed by using the MaxItems parameter. You can use the
Marker parameter to control the health check that the list begins with.
Note: Amazon Route 53 returns a maximum of 100 items. If you set MaxItems to a value greater than
100, Amazon Route 53 returns only the first 100.

Parameters
Marker (string) If the request returned more than one page of results, submit another
request and specify the value of NextMarker from the last response in the marker
parameter to get the next page of results.
MaxItems (string) Specify the maximum number of health checks to return per page of
results.
Return type dict
list_hosted_zones(Marker=None, MaxItems=None, DelegationSetId=None)
To retrieve a list of your hosted zones, send a GET request to the 2013-04-01/hostedzone resource.
The response to this request includes a HostedZones element with zero, one, or multiple HostedZone
child elements. By default, the list of hosted zones is displayed on a single page. You can control the length
of the page that is displayed by using the MaxItems parameter. You can use the Marker parameter to
control the hosted zone that the list begins with.

Parameters
MaxItems (string) Specify the maximum number of hosted zones to return per page of
results.
DelegationSetId (string)
Return type dict
list_resource_record_sets(HostedZoneId, StartRecordName=None, StartRecordType=None,
StartRecordIdentifier=None, MaxItems=None)
Imagine all the resource record sets in a zone listed out in front of you. Imagine them sorted lexicographi-
cally first by DNS name (with the labels reversed, like com.amazon.www for example), and secondarily,
lexicographically by record type. This operation retrieves at most MaxItems resource record sets from this
list, in order, starting at a position specified by the Name and Type arguments:
If both Name and Type are omitted, this means start the results at the first RRSET in the HostedZone.
If Name is specified but Type is omitted, this means start the results at the first RRSET in the list
whose name is greater than or equal to Name.
2.1. Services 517

If both Name and Type are specified, this means start the results at the first RRSET in the list whose
name is greater than or equal to Name and whose type is greater than or equal to Type.
It is an error to specify the Type but not the Name.
Use ListResourceRecordSets to retrieve a single known record set by specifying the record sets name and
type, and setting MaxItems = 1
To retrieve all the records in a HostedZone, first pause any processes making calls to ChangeResourceRe-
cordSets. Initially call ListResourceRecordSets without a Name and Type to get the first page of record
sets. For subsequent calls, set Name and Type to the NextName and NextType values returned by the
previous response.
In the presence of concurrent ChangeResourceRecordSets calls, there is no consistency of results across
calls to ListResourceRecordSets. The only way to get a consistent multi-page snapshot of all RRSETs in
a zone is to stop making changes while pagination is in progress.
However, the results from ListResourceRecordSets are consistent within a page. If MakeChange calls are
taking place concurrently, the result of each one will either be completely visible in your results or not at
all. You will not see partial changes, or changes that do not ultimately succeed. (This follows from the fact
that MakeChange is atomic)
The results from ListResourceRecordSets are strongly consistent with ChangeResourceRecordSets. To be
precise, if a single process makes a call to ChangeResourceRecordSets and receives a successful response,
the effects of that change will be visible in a subsequent call to ListResourceRecordSets by that process.
Parameters
HostedZoneId (string) The ID of the hosted zone that contains the resource record sets
that you want to get.
StartRecordName (string) The first name in the lexicographic ordering of domain
names that you want the ListResourceRecordSets request to list.
StartRecordType (string) The DNS type at which to begin the listing of resource record
sets.
Valid values: A | AAAA | CNAME | MX | NS | PTR | SOA | SPF | SRV | TXT
Values for Weighted Resource Record Sets: A | AAAA | CNAME | TXT
Values for Regional Resource Record Sets: A | AAAA | CNAME | TXT
Values for Alias Resource Record Sets: A | AAAA
Constraint: Specifying type without specifying name returns an InvalidInput error.
StartRecordIdentifier (string) Weighted resource record sets only: If re-
sults were truncated for a given DNS name and type, specify the value
of ListResourceRecordSetsResponse$NextRecordIdentifier from the
previous response to get the next resource record set that has the current DNS name and
type.
MaxItems (string) The maximum number of records you want in the response body.
Return type dict
list_reusable_delegation_sets(Marker=None, MaxItems=None)
To retrieve a list of your reusable delegation sets, send a GET request to the
2013-04-01/delegationset resource. The response to this request includes a DelegationSets
element with zero, one, or multiple DelegationSet child elements. By default, the list of delegation
sets is displayed on a single page. You can control the length of the page that is displayed by using the

MaxItems parameter. You can use the Marker parameter to control the delegation set that the list
begins with.
Parameters
MaxItems (string) Specify the maximum number of reusable delegation sets to return
per page of results.
Return type dict
list_tags_for_resource(ResourceType, ResourceId)
Parameters
ResourceType (string) The type of the resource.
ResourceId (string) The ID of the resource for which you want to retrieve tags.
Return type dict
list_tags_for_resources(ResourceType, ResourceIds)
Parameters
ResourceType (string) The type of the resources.
ResourceIds (list) A complex type that contains the ResourceId element for each re-
source for which you want to get a list of tags.
Return type dict
update_health_check(HealthCheckId, HealthCheckVersion=None, IPAddress=None, Port=None,
ResourcePath=None, FullyQualifiedDomainName=None, Search-
String=None, FailureThreshold=None)
This action updates an existing health check.
To update a health check, send a POST request to the 2013-04-01/healthcheck/*health
check ID* resource. The request body must include an XML document
with an UpdateHealthCheckRequest element. The response returns an
UpdateHealthCheckResponse element, which contains metadata about the health check.
Parameters
HealthCheckId (string) The ID of the health check to update.
HealthCheckVersion (integer) Optional. When you specify a health check ver-
sion, Route 53 compares this value with the current value in the health check, which
prevents you from updating the health check when the versions dont match. Using
2.1. Services 519

HealthCheckVersion lets you prevent overwriting another change to the health

check.
IPAddress (string) The IP address of the resource that you want to check.
Specify this value only if you want to change it.
Port (integer) The port on which you want Route 53 to open a connection to perform
health checks.
ResourcePath (string) The path that you want Amazon Route 53 to request when per-
forming health checks. The path can be any value for which your endpoint will return
an HTTP status code of 2xx or 3xx when the endpoint is healthy, for example the file
/docs/route53-health-check.html.
FullyQualifiedDomainName (string) Fully qualified domain name of the instance to be
health checked.
SearchString (string) If the value of Type is HTTP_STR_MATCH or
HTTP_STR_MATCH , the string that you want Route 53 to search for in the re-
sponse body from the specified resource. If the string appears in the response body, Route
53 considers the resource healthy.
FailureThreshold (integer) The number of consecutive health checks that an endpoint
must pass or fail for Route 53 to change the current status of the endpoint from unhealthy
to healthy or vice versa.
Valid values are integers between 1 and 10. For more information, see How Amazon
Route 53 Determines Whether an Endpoint Is Healthy in the Amazon Route 53 Developer
Guide.
Return type dict
update_hosted_zone_comment(Id, Comment=None)
To update the hosted zone comment, send a POST request to the
2013-04-01/hostedzone/*hosted zone ID* resource. The request body must include
an XML document with a UpdateHostedZoneCommentRequest element. The response to this
request includes the modified HostedZone element.
Note: The comment can have a maximum length of 256 characters.
Parameters
Id (string) The ID of the hosted zone you want to update.
Comment (string) A comment about your hosted zone.
Return type dict
2.1.31 Amazon Route 53 Domains

Table of Contents
Amazon Route 53 Domains
Client
Client
class route53domains.Client
A low-level client representing Amazon Route 53 Domains:
import boto3
route53domains = boto3.client(route53domains)
check_domain_availability(DomainName, IdnLangCode=None)
This operation checks the availability of one domain name. You can access this API without authenticating.
Note that if the availability status of a domain is pending, you must submit another request to determine
the availability of the domain name.
Parameters
DomainName (string) The name of a domain.
Type: String
Default: None
Constraints: The domain name can contain only the letters a through z, the numbers 0
through 9, and hyphen (-). Internationalized Domain Names are not supported.
Required: Yes
IdnLangCode (string) Reserved for future use.
Return type dict
disable_domain_auto_renew(DomainName)
This operation disables automatic renewal of domain registration for the specified domain.
Parameters DomainName (string)
Return type dict
disable_domain_transfer_lock(DomainName)
This operation removes the transfer lock on the domain (specifically the
clientTransferProhibited status) to allow domain transfers. We recommend you refrain
from performing this action unless you intend to transfer the domain to a different registrar. Successful
submission returns an operation ID that you can use to track the progress and completion of the action. If
the request is not completed successfully, the domain registrant will be notified by email.
Parameters DomainName (string) The name of a domain.
Type: String
Default: None
Constraints: The domain name can contain only the letters a through z, the numbers 0 through
9, and hyphen (-). Internationalized Domain Names are not supported.
Required: Yes
Return type dict
2.1. Services 521

enable_domain_auto_renew(DomainName)
This operation configures Amazon Route 53 to automatically renew the specified domain before the do-
main registration expires. The cost of renewing your domain registration is billed to your AWS account.
The period during which you can renew a domain name varies by TLD. For a list
of TLDs and their renewal policies, see Renewal, restoration, and deletion times
(http://wiki.gandi.net/en/domains/renew#renewal_restoration_and_deletion_times) on the website
for our registrar partner, Gandi. Route 53 requires that you renew before the end of the renewal period
that is listed on the Gandi website so we can complete processing before the deadline.
Parameters DomainName (string)
Return type dict
enable_domain_transfer_lock(DomainName)
This operation sets the transfer lock on the domain (specifically the clientTransferProhibited
status) to prevent domain transfers. Successful submission returns an operation ID that you can use to
track the progress and completion of the action. If the request is not completed successfully, the domain
registrant will be notified by email.
Type: String
Default: None
Required: Yes
Return type dict
get_domain_detail(DomainName)
This operation returns detailed information about the domain. The domains contact information is also
returned as part of the output.
Type: String
Default: None
Required: Yes
Return type dict
get_operation_detail(OperationId)
This operation returns the current status of an operation that is not completed.
Parameters OperationId (string) The identifier for the operation for which you want to get
the status. Amazon Route 53 returned the identifier in the response to the original request.
Type: String
Default: None
Required: Yes
Return type dict

list_domains(Marker=None, MaxItems=None)
This operation returns all the domain names registered with Amazon Route 53 for the current AWS ac-
count.
Parameters
Marker (string) For an initial request for a list of domains, omit this element. If the num-
ber of domains that are associated with the current AWS account is greater than the value
that you specified for MaxItems , you can use Marker to return additional domains. Get
the value of NextPageMarker from the previous response, and submit another request
that includes the value of NextPageMarker in the Marker element.
Type: String
Default: None
Constraints: The marker must match the value specified in the previous request.
Required: No
MaxItems (integer) Number of domains to be returned.
Type: Integer
Default: 20
Constraints: A numeral between 1 and 100.
Required: No
Return type dict
list_operations(Marker=None, MaxItems=None)
This operation returns the operation IDs of operations that are not yet complete.
Parameters
Marker (string) For an initial request for a list of operations, omit this element. If the
number of operations that are not yet complete is greater than the value that you specified
for MaxItems , you can use Marker to return additional operations. Get the value of
NextPageMarker from the previous response, and submit another request that includes
the value of NextPageMarker in the Marker element.
Type: String
Default: None
Required: No
MaxItems (integer) Number of domains to be returned.
Type: Integer
Default: 20
Constraints: A value between 1 and 100.
Required: No
Return type dict
register_domain(DomainName, DurationInYears, AdminContact, RegistrantContact, TechContact,
IdnLangCode=None, AutoRenew=None, PrivacyProtectAdminContact=None,
PrivacyProtectRegistrantContact=None, PrivacyProtectTechContact=None)
This operation registers a domain. Domains are registered by the AWS registrar partner, Gandi. For some
top-level domains (TLDs), this operation requires extra parameters.
2.1. Services 523

When you register a domain, Amazon Route 53 does the following:

Creates a Amazon Route 53 hosted zone that has the same name as the domain. Amazon Route 53
assigns four name servers to your hosted zone and automatically updates your domain registration
with the names of these name servers.
Enables autorenew, so your domain registration will renew automatically each year. Well notify you
in advance of the renewal date so you can choose whether to renew the registration.
Optionally enables privacy protection, so WHOIS queries return contact information for our registrar
partner, Gandi, instead of the information you entered for registrant, admin, and tech contacts.
If registration is successful, returns an operation ID that you can use to track the progress and com-
pletion of the action. If the request is not completed successfully, the domain registrant is notified by
email.
Charges your AWS account an amount based on the top-level domain. For more information, see
Amazon Route 53 Pricing .
Parameters
Type: String
Default: None
Required: Yes
DurationInYears (integer) The number of years the domain will be registered. Domains
are registered for a minimum of one year. The maximum period depends on the top-level
domain.
Type: Integer
Default: 1
Valid values: Integer from 1 to 10
Required: Yes
AutoRenew (boolean) Indicates whether the domain will be automatically renewed
(true ) or not (false ). Autorenewal only takes effect after the account is charged.
Type: Boolean
Default: true
Required: No
AdminContact (dict) Provides detailed contact information.
Type: Complex
Children: FirstName , MiddleName , LastName , ContactType ,
OrganizationName , AddressLine1 , AddressLine2 , City , State ,
CountryCode , ZipCode , PhoneNumber , Email , Fax , ExtraParams
Required: Yes

RegistrantContact (dict) Provides detailed contact information.

Type: Complex
Required: Yes
TechContact (dict) Provides detailed contact information.
Type: Complex
Required: Yes
PrivacyProtectAdminContact (boolean) Whether you want to conceal contact infor-
mation from WHOIS queries. If you specify true, WHOIS (who is) queries will return
contact information for our registrar partner, Gandi, instead of the contact information that
you enter.
Type: Boolean
Default: true
Required: No
PrivacyProtectRegistrantContact (boolean) Whether you want to conceal contact in-
formation from WHOIS queries. If you specify true, WHOIS (who is) queries will return
you enter.
Type: Boolean
Default: true
Required: No
PrivacyProtectTechContact (boolean) Whether you want to conceal contact informa-
tion from WHOIS queries. If you specify true, WHOIS (who is) queries will return
you enter.
Type: Boolean
Default: true
Required: No
Return type dict
retrieve_domain_auth_code(DomainName)
This operation returns the AuthCode for the domain. To transfer a domain to another registrar, you provide
this value to the new registrar.
2.1. Services 525


Type: String
Default: None
Required: Yes
Return type dict
transfer_domain(DomainName, DurationInYears, Nameservers, AdminContact, RegistrantContact,
TechContact, IdnLangCode=None, AuthCode=None, AutoRenew=None, Priva-
cyProtectAdminContact=None, PrivacyProtectRegistrantContact=None, Priva-
cyProtectTechContact=None)
This operation transfers a domain from another registrar to Amazon Route 53. Domains are registered by
the AWS registrar, Gandi upon transfer.
To transfer a domain, you need to meet all the domain transfer criteria, including the following:
You must supply nameservers to transfer a domain.
You must disable the domain transfer lock (if any) before transferring the domain.
A minimum of 60 days must have elapsed since the domains registration or last transfer.
We recommend you use the Amazon Route 53 as the DNS service for your domain. You can create a
hosted zone in Amazon Route 53 for your current domain before transferring your domain.
Note that upon transfer, the domain duration is extended for a year if not otherwise specified. Autorenew
is enabled by default.
If the transfer is successful, this method returns an operation ID that you can use to track the progress and
completion of the action. If the request is not completed successfully, the domain registrant will be notified
by email.
Transferring domains charges your AWS account an amount based on the top-level domain. For more
information, see Amazon Route 53 Pricing .
Parameters
Type: String
Default: None
Required: Yes
DurationInYears (integer) The number of years the domain will be registered. Domains
are registered for a minimum of one year. The maximum period depends on the top-level
domain.
Type: Integer
Default: 1
Valid values: Integer from 1 to 10
Required: Yes

Nameservers (list) Contains details for the host and glue IP addresses.
Type: Complex
Children: GlueIps , Name
AuthCode (string) The authorization code for the domain. You get this value from the
current registrar.
Type: String
Required: Yes
AutoRenew (boolean) Indicates whether the domain will be automatically renewed
(true) or not (false). Autorenewal only takes effect after the account is charged.
Type: Boolean
Default: true
Required: No
Type: Complex
Required: Yes
Type: Complex
Required: Yes
Type: Complex
Required: Yes
PrivacyProtectAdminContact (boolean) Whether you want to conceal contact infor-
mation from WHOIS queries. If you specify true, WHOIS (who is) queries will return
you enter.
Type: Boolean
Default: true
Required: No
2.1. Services 527

PrivacyProtectRegistrantContact (boolean) Whether you want to conceal contact in-

formation from WHOIS queries. If you specify true, WHOIS (who is) queries will return
you enter.
Type: Boolean
Default: true
Required: No
PrivacyProtectTechContact (boolean) Whether you want to conceal contact informa-
tion from WHOIS queries. If you specify true, WHOIS (who is) queries will return
you enter.
Type: Boolean
Default: true
Required: No
Return type dict
update_domain_contact(DomainName, AdminContact=None, RegistrantContact=None, Tech-
Contact=None)
This operation updates the contact information for a particular domain. Information for at least one contact
(registrant, administrator, or technical) must be supplied for update.
If the update is successful, this method returns an operation ID that you can use to track the progress and
completion of the action. If the request is not completed successfully, the domain registrant will be notified
by email.
Parameters
Type: String
Default: None
Required: Yes
Type: Complex
Required: Yes
Type: Complex

Required: Yes
Type: Complex
Required: Yes
Return type dict
update_domain_contact_privacy(DomainName, AdminPrivacy=None, RegistrantPri-
vacy=None, TechPrivacy=None)
This operation updates the specified domain contacts privacy setting. When the privacy option is enabled,
personal information such as postal or email address is hidden from the results of a public WHOIS query.
The privacy services are provided by the AWS registrar, Gandi. For more information, see the Gandi
privacy features .
This operation only affects the privacy of the specified contact type (registrant, administrator, or tech). Suc-
cessful acceptance returns an operation ID that you can use with GetOperationDetail to track the progress
and completion of the action. If the request is not completed successfully, the domain registrant will be
notified by email.
Parameters
Type: String
Default: None
Required: Yes
AdminPrivacy (boolean) Whether you want to conceal contact information from
WHOIS queries. If you specify true, WHOIS (who is) queries will return contact in-
formation for our registrar partner, Gandi, instead of the contact information that you
enter.
Type: Boolean
Default: None
Required: No
RegistrantPrivacy (boolean) Whether you want to conceal contact information from
WHOIS queries. If you specify true, WHOIS (who is) queries will return contact infor-
mation for our registrar partner, Gandi, instead of the contact information that you enter.
Type: Boolean
Default: None
Required: No
2.1. Services 529

TechPrivacy (boolean) Whether you want to conceal contact information from WHOIS
queries. If you specify true, WHOIS (who is) queries will return contact information for
our registrar partner, Gandi, instead of the contact information that you enter.
Type: Boolean
Default: None
Required: No
Return type dict
update_domain_nameservers(DomainName, Nameservers)
This operation replaces the current set of name servers for the domain with the specified set of name
servers. If you use Amazon Route 53 as your DNS service, specify the four name servers in the delegation
set for the hosted zone for the domain.
If successful, this operation returns an operation ID that you can use to track the progress and completion
of the action. If the request is not completed successfully, the domain registrant will be notified by email.
Parameters
Type: String
Default: None
Required: Yes
Nameservers (list) A list of new name servers for the domain.
Type: Complex
Children: Name , GlueIps
Required: Yes
Return type dict
2.1.32 Amazon Simple Storage Service

Table of Contents
Amazon Simple Storage Service
Client
Service Resource
Bucket
BucketAcl
BucketCors
BucketLifecycle
BucketLogging
BucketNotification
BucketPolicy
BucketRequestPayment
BucketTagging
BucketVersioning
BucketWebsite
MultipartUpload
MultipartUploadPart
Object
ObjectAcl
ObjectVersion
Client
class s3.Client
A low-level client representing Amazon Simple Storage Service:
import boto3
s3 = boto3.client(s3)
abort_multipart_upload(Bucket, Key, UploadId)

Aborts a multipart upload.
To verify that all parts have been removed, so you dont get charged for the part storage, you should call
the List Parts operation and ensure the parts list is empty.
Parameters
Bucket (string)
Key (string)
UploadId (string)
Return type dict
complete_multipart_upload(Bucket, Key, UploadId, MultipartUpload=None)
Completes a multipart upload by assembling previously uploaded parts.
Parameters
Bucket (string)
Key (string)
MultipartUpload (dict)
UploadId (string)
2.1. Services 531

Return type dict

copy_object(Bucket, CopySource, Key, ACL=None, CacheControl=None, ContentDisposi-
tion=None, ContentEncoding=None, ContentLanguage=None, ContentType=None,
CopySourceIfMatch=None, CopySourceIfModifiedSince=None, CopySourceIfNone-
Match=None, CopySourceIfUnmodifiedSince=None, Expires=None, GrantFull-
Control=None, GrantRead=None, GrantReadACP=None, GrantWriteACP=None,
Metadata=None, MetadataDirective=None, ServerSideEncryption=None, Stor-
ageClass=None, WebsiteRedirectLocation=None, SSECustomerAlgorithm=None,
SSECustomerKey=None, SSECustomerKeyMD5=None, SSEKMSKeyId=None,
CopySourceSSECustomerAlgorithm=None, CopySourceSSECustomerKey=None,
CopySourceSSECustomerKeyMD5=None)
Creates a copy of an object that is already stored in Amazon S3.
Parameters
ACL (string) The canned ACL to apply to the object.
Bucket (string)
CacheControl (string) Specifies caching behavior along the request/reply chain.
ContentDisposition (string) Specifies presentational information for the object.
ContentEncoding (string) Specifies what content encodings have been applied to the
object and thus what decoding mechanisms must be applied to obtain the media-type ref-
erenced by the Content-Type header field.
ContentLanguage (string) The language the content is in.
ContentType (string) A standard MIME type describing the format of the object data.
CopySource (string) The name of the source bucket and key name of the source object,
separated by a slash (/). Must be URL-encoded.
CopySourceIfMatch (string) Copies the object if its entity tag (ETag) matches the spec-
ified tag.
CopySourceIfModifiedSince (datetime) Copies the object if it has been modified since
the specified time.
CopySourceIfNoneMatch (string) Copies the object if its entity tag (ETag) is different
than the specified ETag.
CopySourceIfUnmodifiedSince (datetime) Copies the object if it hasnt been modified
since the specified time.
Expires (datetime) The date and time at which the object is no longer cacheable.
GrantFullControl (string) Gives the grantee READ, READ_ACP, and WRITE_ACP
permissions on the object.
GrantRead (string) Allows grantee to read the object data and its metadata.
GrantReadACP (string) Allows grantee to read the object ACL.
GrantWriteACP (string) Allows grantee to write the ACL for the applicable object.
Key (string)
Metadata (dict) A map of metadata to store with the object in S3.
MetadataDirective (string) Specifies whether the metadata is copied from the source
object or replaced with metadata provided in the request.

ServerSideEncryption (string) The Server-side encryption algorithm used when storing

this object in S3 (e.g., AES256, aws:kms).
StorageClass (string) The type of storage to use for the object. Defaults to STAN-
DARD.
WebsiteRedirectLocation (string) If the bucket is configured as a website, redirects
requests for this object to another object in the same bucket or to an external URL. Amazon
S3 stores the value of this header in the object metadata.
SSECustomerAlgorithm (string) Specifies the algorithm to use to when encrypting the
object (e.g., AES256, aws:kms).
SSECustomerKey (string) Specifies the customer-provided encryption key for Amazon
S3 to use in encrypting data. This value is used to store the object and then it is discarded;
Amazon does not store the encryption key. The key must be appropriate for use with the
algorithm specified in the x-amz-server-side-encryption-customer-algorithm header.
SSECustomerKeyMD5 (string) Specifies the 128-bit MD5 digest of the encryption key
according to RFC 1321. Amazon S3 uses this header for a message integrity check to
ensure the encryption key was transmitted without error.
SSEKMSKeyId (string) Specifies the AWS KMS key ID to use for ob-
ject encryption. All GET and PUT requests for an object protected by AWS
KMS will fail if not made via SSL or using SigV4. Documentation on con-
figuring any of the officially supported AWS SDKs and CLI can be found at
http://docs.aws.amazon.com/AmazonS3/latest/dev/UsingAWSSDK.html#specify-
signature-version
CopySourceSSECustomerAlgorithm (string) Specifies the algorithm to use when de-
crypting the source object (e.g., AES256).
CopySourceSSECustomerKey (string) Specifies the customer-provided encryption key
for Amazon S3 to use to decrypt the source object. The encryption key provided in this
header must be one that was used when the source object was created.
CopySourceSSECustomerKeyMD5 (string) Specifies the 128-bit MD5 digest of the
encryption key according to RFC 1321. Amazon S3 uses this header for a message in-
tegrity check to ensure the encryption key was transmitted without error.
Return type dict
create_bucket(Bucket, ACL=None, CreateBucketConfiguration=None, GrantFullCon-
trol=None, GrantRead=None, GrantReadACP=None, GrantWrite=None,
GrantWriteACP=None)
Creates a new bucket.
Parameters
ACL (string) The canned ACL to apply to the bucket.
Bucket (string)
CreateBucketConfiguration (dict)
GrantFullControl (string) Allows grantee the read, write, read ACP, and write ACP
permissions on the bucket.
GrantRead (string) Allows grantee to list the objects in the bucket.
GrantReadACP (string) Allows grantee to read the bucket ACL.
GrantWrite (string) Allows grantee to create, overwrite, and delete any object in the
bucket.
2.1. Services 533

GrantWriteACP (string) Allows grantee to write the ACL for the applicable bucket.
Return type dict
create_multipart_upload(Bucket, Key, ACL=None, CacheControl=None, ContentDispo-
sition=None, ContentEncoding=None, ContentLanguage=None,
ContentType=None, Expires=None, GrantFullControl=None,
GrantRead=None, GrantReadACP=None, GrantWriteACP=None,
Metadata=None, ServerSideEncryption=None, Storage-
Class=None, WebsiteRedirectLocation=None, SSECustomerAlgo-
rithm=None, SSECustomerKey=None, SSECustomerKeyMD5=None,
SSEKMSKeyId=None)
Initiates a multipart upload and returns an upload ID.
Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort
multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either
complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the
parts storage.
Parameters
Bucket (string)
Key (string)
DARD.


signature-version
Return type dict
delete_bucket(Bucket)
Deletes the bucket. All objects (including all object versions and Delete Markers) in the bucket must be
deleted before the bucket itself can be deleted.
Parameters Bucket (string)
Return type dict
delete_bucket_cors(Bucket)
Deletes the cors configuration information set for the bucket.
Return type dict
delete_bucket_lifecycle(Bucket)
Deletes the lifecycle configuration from the bucket.
Return type dict
delete_bucket_policy(Bucket)
Deletes the policy from the bucket.
Return type dict
delete_bucket_tagging(Bucket)
Deletes the tags from the bucket.
Return type dict
delete_bucket_website(Bucket)
This operation removes the website configuration from the bucket.
Return type dict
delete_object(Bucket, Key, MFA=None, VersionId=None)
Removes the null version (if there is one) of an object and inserts a delete marker, which becomes the latest
version of the object. If there isnt a null version, Amazon S3 does not remove any objects.
2.1. Services 535

Parameters
Bucket (string)
Key (string)
MFA (string) The concatenation of the authentication devices serial number, a space,
and the value that is displayed on your authentication device.
VersionId (string) VersionId used to reference a specific version of the object.
Return type dict
delete_objects(Bucket, Delete, MFA=None)
This operation enables you to delete multiple objects from a bucket using a single HTTP request. You may
specify up to 1000 keys.
Parameters
Bucket (string)
Delete (dict)
Return type dict
get_bucket_acl(Bucket)
Gets the access control policy for the bucket.
Return type dict
get_bucket_cors(Bucket)
Returns the cors configuration for the bucket.
Return type dict
get_bucket_lifecycle(Bucket)
Returns the lifecycle configuration information set on the bucket.
Return type dict
get_bucket_location(Bucket)
Returns the region the bucket resides in.
Return type dict
get_bucket_logging(Bucket)
Returns the logging status of a bucket and the permissions users have to view and modify that status. To
use GET, you must be the bucket owner.
Return type dict
get_bucket_notification(Bucket)
Return the notification configuration of a bucket.

Return type dict

get_bucket_policy(Bucket)
Returns the policy of a specified bucket.
Return type dict
get_bucket_request_payment(Bucket)
Returns the request payment configuration of a bucket.
Return type dict
get_bucket_tagging(Bucket)
Returns the tag set associated with the bucket.
Return type dict
get_bucket_versioning(Bucket)
Returns the versioning state of a bucket.
Return type dict
get_bucket_website(Bucket)
Returns the website configuration for a bucket.
Return type dict
get_object(Bucket, Key, IfMatch=None, IfModifiedSince=None, IfNoneMatch=None, IfUnmodi-
fiedSince=None, Range=None, ResponseCacheControl=None, ResponseContentDispo-
sition=None, ResponseContentEncoding=None, ResponseContentLanguage=None, Re-
sponseContentType=None, ResponseExpires=None, VersionId=None, SSECustomerAl-
gorithm=None, SSECustomerKey=None, SSECustomerKeyMD5=None)
Retrieves objects from Amazon S3.
Parameters
Bucket (string)
IfMatch (string) Return the object only if its entity tag (ETag) is the same as the one
specified, otherwise return a 412 (precondition failed).
IfModifiedSince (datetime) Return the object only if it has been modified since the
specified time, otherwise return a 304 (not modified).
IfNoneMatch (string) Return the object only if its entity tag (ETag) is different from the
one specified, otherwise return a 304 (not modified).
IfUnmodifiedSince (datetime) Return the object only if it has not been modified since
the specified time, otherwise return a 412 (precondition failed).
Key (string)
Range (string) Downloads the specified range bytes of an object. For more informa-
tion about the HTTP Range header, go to http://www.w3.org/Protocols/rfc2616/rfc2616-
sec14.html#sec14.35.
ResponseCacheControl (string) Sets the Cache-Control header of the response.
2.1. Services 537

ResponseContentDisposition (string) Sets the Content-Disposition header of the re-

sponse
ResponseContentEncoding (string) Sets the Content-Encoding header of the response.
ResponseContentLanguage (string) Sets the Content-Language header of the response.
ResponseContentType (string) Sets the Content-Type header of the response.
ResponseExpires (datetime) Sets the Expires header of the response.
Return type dict
get_object_acl(Bucket, Key, VersionId=None)
Returns the access control list (ACL) of an object.
Parameters
Bucket (string)
Key (string)
Return type dict
get_object_torrent(Bucket, Key)
Return torrent files from a bucket.
Parameters
Bucket (string)
Key (string)
Return type dict
get_waiter(name)
bucket_exists
bucket_not_exists
object_exists
object_not_exists
head_bucket(Bucket)
This operation is useful to determine if a bucket exists and you have permission to access it.
Return type dict

head_object(Bucket, Key, IfMatch=None, IfModifiedSince=None, IfNoneMatch=None, IfUnmodi-

fiedSince=None, Range=None, VersionId=None, SSECustomerAlgorithm=None, SSE-
CustomerKey=None, SSECustomerKeyMD5=None)
The HEAD operation retrieves metadata from an object without returning the object itself. This operation
is useful if youre only interested in an objects metadata. To use HEAD, you must have READ access to
the object.
Parameters
Bucket (string)
Key (string)
Return type dict
list_buckets()
Returns a list of all buckets owned by the authenticated sender of the request.
Return type dict
list_multipart_uploads(Bucket, Delimiter=None, EncodingType=None, KeyMarker=None,
MaxUploads=None, Prefix=None, UploadIdMarker=None)
This operation lists in-progress multipart uploads.
Parameters
Bucket (string)
Delimiter (string) Character you use to group keys.
EncodingType (string) Requests Amazon S3 to encode the object keys in the response
and specifies the encoding method to use. An object key may contain any Unicode char-
acter; however, XML 1.0 parser cannot parse some characters, such as characters with an
2.1. Services 539

ASCII value from 0 to 10. For characters that are not supported in XML 1.0, you can add
this parameter to request that Amazon S3 encode the keys in the response.
KeyMarker (string) Together with upload-id-marker, this parameter specifies the mul-
tipart upload after which listing should begin.
MaxUploads (integer) Sets the maximum number of multipart uploads, from 1 to 1,000,
to return in the response body. 1,000 is the maximum number of uploads that can be
returned in a response.
Prefix (string) Lists in-progress uploads only for those keys that begin with the specified
prefix.
UploadIdMarker (string) Together with key-marker, specifies the multipart upload after
which listing should begin. If key-marker is not specified, the upload-id-marker parameter
is ignored.
Return type dict
list_object_versions(Bucket, Delimiter=None, EncodingType=None, KeyMarker=None,
MaxKeys=None, Prefix=None, VersionIdMarker=None)
Returns metadata about all of the versions of objects in a bucket.
Parameters
Bucket (string)
Delimiter (string) A delimiter is a character you use to group keys.
KeyMarker (string) Specifies the key to start with when listing objects in a bucket.
MaxKeys (integer) Sets the maximum number of keys returned in the response. The
response might contain fewer keys but will never contain more.
Prefix (string) Limits the response to keys that begin with the specified prefix.
VersionIdMarker (string) Specifies the object version you want to start listing from.
Return type dict
list_objects(Bucket, Delimiter=None, EncodingType=None, Marker=None, MaxKeys=None, Pre-
fix=None)
Returns some or all (up to 1000) of the objects in a bucket. You can use the request parameters as selection
criteria to return a subset of the objects in a bucket.
Parameters
Bucket (string)
Delimiter (string) A delimiter is a character you use to group keys.

Marker (string) Specifies the key to start with when listing objects in a bucket.
MaxKeys (integer) Sets the maximum number of keys returned in the response. The
response might contain fewer keys but will never contain more.
Prefix (string) Limits the response to keys that begin with the specified prefix.
Return type dict
list_parts(Bucket, Key, UploadId, MaxParts=None, PartNumberMarker=None)
Lists the parts that have been uploaded for a specific multipart upload.
Parameters
Bucket (string)
Key (string)
MaxParts (integer) Sets the maximum number of parts to return.
PartNumberMarker (integer) Specifies the part after which listing should begin. Only
parts with higher part numbers will be listed.
UploadId (string) Upload ID identifying the multipart upload whose parts are being
listed.
Return type dict
put_bucket_acl(Bucket, ACL=None, AccessControlPolicy=None, ContentMD5=None, Grant-
FullControl=None, GrantRead=None, GrantReadACP=None, GrantWrite=None,
GrantWriteACP=None)
Sets the permissions on a bucket using access control lists (ACL).
Parameters
AccessControlPolicy (dict)
Bucket (string)
ContentMD5 (string)
bucket.
Return type dict
put_bucket_cors(Bucket, CORSConfiguration=None, ContentMD5=None)
Sets the cors configuration for a bucket.
Parameters
Bucket (string)
2.1. Services 541

CORSConfiguration (dict)
ContentMD5 (string)
Return type dict
put_bucket_lifecycle(Bucket, ContentMD5=None, LifecycleConfiguration=None)
Sets lifecycle configuration for your bucket. If a lifecycle configuration exists, it replaces it.
Parameters
Bucket (string)
ContentMD5 (string)
LifecycleConfiguration (dict)
Return type dict
put_bucket_logging(Bucket, BucketLoggingStatus, ContentMD5=None)
Set the logging parameters for a bucket and to specify permissions for who can view and modify the
logging parameters. To set the logging status of a bucket, you must be the bucket owner.
Parameters
Bucket (string)
BucketLoggingStatus (dict)
ContentMD5 (string)
Return type dict
put_bucket_notification(Bucket, NotificationConfiguration, ContentMD5=None)
Enables notifications of specified events for a bucket.
Parameters
Bucket (string)
ContentMD5 (string)
NotificationConfiguration (dict)
Return type dict
put_bucket_policy(Bucket, Policy, ContentMD5=None)
Replaces a policy on a bucket. If the bucket already has a policy, the one in this request completely replaces
it.
Parameters
Bucket (string)
ContentMD5 (string)
Policy (string) The bucket policy as a JSON document.
Return type dict
put_bucket_request_payment(Bucket, RequestPaymentConfiguration, ContentMD5=None)
Sets the request payment configuration for a bucket. By default, the bucket owner pays for downloads
from the bucket. This configuration parameter enables the bucket owner (only) to specify that the person
requesting the download will be charged for the download.
Parameters
Bucket (string)

ContentMD5 (string)
RequestPaymentConfiguration (dict)
Return type dict
put_bucket_tagging(Bucket, Tagging, ContentMD5=None)
Sets the tags for a bucket.
Parameters
Bucket (string)
ContentMD5 (string)
Tagging (dict)
Return type dict
put_bucket_versioning(Bucket, VersioningConfiguration, ContentMD5=None, MFA=None)
Sets the versioning state of an existing bucket. To set the versioning state, you must be the bucket owner.
Parameters
Bucket (string)
ContentMD5 (string)
VersioningConfiguration (dict)
Return type dict
put_bucket_website(Bucket, WebsiteConfiguration, ContentMD5=None)
Set the website configuration for a bucket.
Parameters
Bucket (string)
ContentMD5 (string)
WebsiteConfiguration (dict)
Return type dict
put_object(Bucket, Key, ACL=None, Body=None, CacheControl=None, ContentDisposi-
tion=None, ContentEncoding=None, ContentLanguage=None, ContentLength=None,
ContentMD5=None, ContentType=None, Expires=None, GrantFullControl=None,
GrantRead=None, GrantReadACP=None, GrantWriteACP=None, Metadata=None,
ServerSideEncryption=None, StorageClass=None, WebsiteRedirectLocation=None,
SSECustomerAlgorithm=None, SSECustomerKey=None, SSECustomerKeyMD5=None,
SSEKMSKeyId=None)
Adds an object to a bucket.
Parameters
Body (blob) Object data.
Bucket (string)
2.1. Services 543

ContentLength (integer) Size of the body in bytes. This parameter is useful when the
size of the body cannot be determined automatically.
ContentMD5 (string)
Key (string)
DARD.
signature-version
Return type dict
put_object_acl(Bucket, Key, ACL=None, AccessControlPolicy=None, ContentMD5=None, Grant-
FullControl=None, GrantRead=None, GrantReadACP=None, GrantWrite=None,
GrantWriteACP=None)
uses the acl subresource to set the access control list (ACL) permissions for an object that already exists in
a bucket

Parameters
Bucket (string)
ContentMD5 (string)
bucket.
Key (string)
Return type dict
restore_object(Bucket, Key, VersionId=None, RestoreRequest=None)
Restores an archived copy of an object back into Amazon S3
Parameters
Bucket (string)
Key (string)
VersionId (string)
RestoreRequest (dict)
Return type dict
upload_part(Bucket, Key, PartNumber, UploadId, Body=None, ContentLength=None, Con-
tentMD5=None, SSECustomerAlgorithm=None, SSECustomerKey=None, SSECus-
tomerKeyMD5=None)
Uploads a part in a multipart upload.
Note: After you initiate multipart upload and upload one or more parts, you must either complete or abort
multipart upload in order to stop getting charged for storage of the uploaded parts. Only after you either
complete or abort multipart upload, Amazon S3 frees up the parts storage and stops charging you for the
parts storage.
Parameters
Body (blob)
Bucket (string)
ContentMD5 (string)
Key (string)
PartNumber (integer) Part number of part being uploaded.
UploadId (string) Upload ID identifying the multipart upload whose part is being up-
loaded.
2.1. Services 545


algorithm specified in the x-amz-server-side-encryption-customer-algorithm header. This
must be the same encryption key specified in the initiate multipart upload request.
Return type dict
upload_part_copy(Bucket, CopySource, Key, PartNumber, UploadId, CopySourceIfMatch=None,
CopySourceIfModifiedSince=None, CopySourceIfNoneMatch=None, Copy-
SourceIfUnmodifiedSince=None, CopySourceRange=None, SSECustomerAl-
gorithm=None, SSECustomerKey=None, SSECustomerKeyMD5=None, Copy-
SourceSSECustomerAlgorithm=None, CopySourceSSECustomerKey=None,
CopySourceSSECustomerKeyMD5=None)
Uploads a part by copying data from an existing object as data source.
Parameters
Bucket (string)
ified tag.
the specified time.
CopySourceRange (string) The range of bytes to copy from the source object. The
range value must use the form bytes=first-last, where the first and last are the zero-based
byte offsets to copy. For example, bytes=0-9 indicates that you want to copy the first ten
bytes of the source. You can copy a range only if the source object is greater than 5 GB.
Key (string)
PartNumber (integer) Part number of part being copied.
UploadId (string) Upload ID identifying the multipart upload whose part is being
copied.

Return type dict
Service Resource
class s3.Service
A resource representing Amazon Simple Storage Service:
import boto3
Actions
some attributes.
create_bucket(Bucket, ACL=None, CreateBucketConfiguration=None, GrantFullCon-
trol=None, GrantRead=None, GrantReadACP=None, GrantWrite=None,
GrantWriteACP=None)
This method calls s3.Client.create_bucket().
Parameters
Bucket (string)
bucket.
Return type s3.Bucket
Sub-resources
along to the child.
2.1. Services 547

Bucket(name)
Create a s3.Bucket instance.
BucketAcl(bucket_name)
Create a s3.BucketAcl instance.
BucketCors(bucket_name)
Create a s3.BucketCors instance.
BucketLifecycle(bucket_name)
Create a s3.BucketLifecycle instance.
BucketLogging(bucket_name)
Create a s3.BucketLogging instance.
BucketNotification(bucket_name)
Create a s3.BucketNotification instance.
BucketPolicy(bucket_name)
Create a s3.BucketPolicy instance.
BucketRequestPayment(bucket_name)
Create a s3.BucketRequestPayment instance.
BucketTagging(bucket_name)
Create a s3.BucketTagging instance.
BucketVersioning(bucket_name)
Create a s3.BucketVersioning instance.
BucketWebsite(bucket_name)
Create a s3.BucketWebsite instance.
MultipartUpload(bucket_name, object_key, id)
Create a s3.MultipartUpload instance.
MultipartUploadPart(bucket_name, object_key, multipart_upload_id, part_number)
Create a s3.MultipartUploadPart instance.
Object(bucket_name, key)
Create a s3.Object instance.
ObjectAcl(bucket_name, object_key)
Create a s3.ObjectAcl instance.
ObjectVersion(bucket_name, object_key, id)
Create a s3.ObjectVersion instance.
Collections
buckets
(CollectionManager) A collection of s3.Bucket instances. This collection uses the
s3.Client.list_buckets() operation to get items.
Bucket
class s3.Bucket(name)
A resource representing an Amazon Simple Storage Service Bucket:

import boto3
bucket = s3.Bucket(name)
Identifiers:
name
(string, identifier) The Buckets Name identifier. This attribute must be set for the actions below to
work.
Attributes:
creation_date
(datetime) Date the bucket was created.
name
(string) The name of the bucket.
Actions
some attributes.
create(ACL=None, CreateBucketConfiguration=None, GrantFullControl=None, GrantRead=None,
GrantReadACP=None, GrantWrite=None, GrantWriteACP=None)
This method calls s3.Client.create_bucket().
Parameters
bucket.
Return type dict
delete()
This method calls s3.Client.delete_bucket().
Return type dict
delete_objects(Delete, MFA=None)
This method calls s3.Client.delete_objects().
Parameters
Delete (dict)
2.1. Services 549

Return type dict
put_object(Key, ACL=None, Body=None, CacheControl=None, ContentDisposition=None,
ContentEncoding=None, ContentLanguage=None, ContentLength=None, Con-
tentMD5=None, ContentType=None, Expires=None, GrantFullControl=None,
GrantRead=None, GrantReadACP=None, GrantWriteACP=None, Metadata=None,
ServerSideEncryption=None, StorageClass=None, WebsiteRedirectLocation=None,
SSEKMSKeyId=None)
This method calls s3.Client.put_object().
Parameters
ContentMD5 (string)
Key (string)
DARD.


signature-version
Return type s3.Object
Sub-resources
along to the child.
BucketAcl()
Create a s3.BucketAcl instance.
BucketCors()
Create a s3.BucketCors instance.
BucketLifecycle()
Create a s3.BucketLifecycle instance.
BucketLogging()
Create a s3.BucketLogging instance.
BucketNotification()
Create a s3.BucketNotification instance.
BucketPolicy()
Create a s3.BucketPolicy instance.
BucketRequestPayment()
Create a s3.BucketRequestPayment instance.
BucketTagging()
Create a s3.BucketTagging instance.
BucketVersioning()
Create a s3.BucketVersioning instance.
BucketWebsite()
Create a s3.BucketWebsite instance.
Object(key)
Create a s3.Object instance.
Collections
multipart_uploads
(CollectionManager) A collection of s3.MultipartUpload instances. This collection uses the
s3.Client.list_multipart_uploads() operation to get items.
2.1. Services 551

object_versions
(CollectionManager) A collection of s3.ObjectVersion instances. This collection uses the
s3.Client.list_object_versions() operation to get items.
objects
(CollectionManager) A collection of s3.Object instances. This collection uses the
s3.Client.list_objects() operation to get items.
BucketAcl
class s3.BucketAcl(bucket_name)
A resource representing an Amazon Simple Storage Service BucketAcl:
import boto3
bucket_acl = s3.BucketAcl(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketAcls BucketName identifier. This attribute must be set for the actions
below to work.
Attributes:
grants
(list) A list of grants.
owner
(dict)
Actions
some attributes.
put(ACL=None, AccessControlPolicy=None, ContentMD5=None, GrantFullControl=None,
GrantRead=None, GrantReadACP=None, GrantWrite=None, GrantWriteACP=None)
This method calls s3.Client.put_bucket_acl().
Parameters
ContentMD5 (string)
bucket.

Return type dict
References
bucket
(s3.Bucket) The related Bucket if set, otherwise None.
BucketCors
class s3.BucketCors(bucket_name)
A resource representing an Amazon Simple Storage Service BucketCors:
import boto3
bucket_cors = s3.BucketCors(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketCorss BucketName identifier. This attribute must be set for the actions
below to work.
Attributes:
cors_rules
(list)
Actions
some attributes.
delete()
This method calls s3.Client.delete_bucket_cors().
Return type dict
put(CORSConfiguration=None, ContentMD5=None)
This method calls s3.Client.put_bucket_cors().
Parameters
CORSConfiguration (dict)
ContentMD5 (string)
Return type dict
References
bucket
2.1. Services 553

BucketLifecycle
class s3.BucketLifecycle(bucket_name)
A resource representing an Amazon Simple Storage Service BucketLifecycle:
import boto3
bucket_lifecycle = s3.BucketLifecycle(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketLifecycles BucketName identifier. This attribute must be set for the
Attributes:
rules
(list)
Actions
some attributes.
delete()
This method calls s3.Client.delete_bucket_lifecycle().
Return type dict
put(ContentMD5=None, LifecycleConfiguration=None)
This method calls s3.Client.put_bucket_lifecycle().
Parameters
ContentMD5 (string)
LifecycleConfiguration (dict)
Return type dict
References
bucket
BucketLogging
class s3.BucketLogging(bucket_name)
A resource representing an Amazon Simple Storage Service BucketLogging:
import boto3
bucket_logging = s3.BucketLogging(bucket_name)

Identifiers:
bucket_name
(string, identifier) The BucketLoggings BucketName identifier. This attribute must be set for the
Attributes:
logging_enabled
(dict)
Actions
some attributes.
put(BucketLoggingStatus, ContentMD5=None)
This method calls s3.Client.put_bucket_logging().
Parameters
BucketLoggingStatus (dict)
ContentMD5 (string)
Return type dict
References
bucket
BucketNotification
class s3.BucketNotification(bucket_name)
A resource representing an Amazon Simple Storage Service BucketNotification:
import boto3
bucket_notification = s3.BucketNotification(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketNotifications BucketName identifier. This attribute must be set for the
Attributes:
cloud_function_configuration
(dict)
2.1. Services 555

queue_configuration
(dict)
topic_configuration
(dict)
Actions
some attributes.
put(NotificationConfiguration, ContentMD5=None)
This method calls s3.Client.put_bucket_notification().
Parameters
ContentMD5 (string)
NotificationConfiguration (dict)
Return type dict
References
bucket
BucketPolicy
class s3.BucketPolicy(bucket_name)
A resource representing an Amazon Simple Storage Service BucketPolicy:
import boto3
bucket_policy = s3.BucketPolicy(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketPolicys BucketName identifier. This attribute must be set for the actions
below to work.
Attributes:
policy
(string) The bucket policy as a JSON document.
Actions
some attributes.
delete()
This method calls s3.Client.delete_bucket_policy().
Return type dict

put(Policy, ContentMD5=None)
This method calls s3.Client.put_bucket_policy().
Parameters
ContentMD5 (string)
Policy (string) The bucket policy as a JSON document.
Return type dict
References
bucket
BucketRequestPayment
class s3.BucketRequestPayment(bucket_name)
A resource representing an Amazon Simple Storage Service BucketRequestPayment:
import boto3
bucket_request_payment = s3.BucketRequestPayment(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketRequestPayments BucketName identifier. This attribute must be set for
Attributes:
payer
(string) Specifies who pays for the download and request fees.
Actions
some attributes.
put(RequestPaymentConfiguration, ContentMD5=None)
This method calls s3.Client.put_bucket_request_payment().
Parameters
ContentMD5 (string)
RequestPaymentConfiguration (dict)
Return type dict
References
2.1. Services 557

bucket
BucketTagging
class s3.BucketTagging(bucket_name)
A resource representing an Amazon Simple Storage Service BucketTagging:
import boto3
bucket_tagging = s3.BucketTagging(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketTaggings BucketName identifier. This attribute must be set for the
Attributes:
tag_set
(list)
Actions
some attributes.
delete()
This method calls s3.Client.delete_bucket_tagging().
Return type dict
put(Tagging, ContentMD5=None)
This method calls s3.Client.put_bucket_tagging().
Parameters
ContentMD5 (string)
Tagging (dict)
Return type dict
References
bucket
BucketVersioning
class s3.BucketVersioning(bucket_name)
A resource representing an Amazon Simple Storage Service BucketVersioning:

import boto3
bucket_versioning = s3.BucketVersioning(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketVersionings BucketName identifier. This attribute must be set for the
Attributes:
mfa_delete
(string) Specifies whether MFA delete is enabled in the bucket versioning configuration. This element
is only returned if the bucket has been configured with MFA delete. If the bucket has never been so
configured, this element is not returned.
status
(string) The versioning state of the bucket.
Actions
some attributes.
enable(VersioningConfiguration, ContentMD5=None, MFA=None)
This method calls s3.Client.put_bucket_versioning().
Parameters
ContentMD5 (string)
Return type dict
put(VersioningConfiguration, ContentMD5=None, MFA=None)
Parameters
ContentMD5 (string)
Return type dict
suspend(VersioningConfiguration, ContentMD5=None, MFA=None)
Parameters
ContentMD5 (string)
2.1. Services 559

Return type dict
References
bucket
BucketWebsite
class s3.BucketWebsite(bucket_name)
A resource representing an Amazon Simple Storage Service BucketWebsite:
import boto3
bucket_website = s3.BucketWebsite(bucket_name)
Identifiers:
bucket_name
(string, identifier) The BucketWebsites BucketName identifier. This attribute must be set for the
Attributes:
error_document
(dict)
index_document
(dict)
redirect_all_requests_to
(dict)
routing_rules
(list)
Actions
some attributes.
delete()
This method calls s3.Client.delete_bucket_website().
Return type dict
put(WebsiteConfiguration, ContentMD5=None)
This method calls s3.Client.put_bucket_website().
Parameters

ContentMD5 (string)
WebsiteConfiguration (dict)
Return type dict
References
bucket
MultipartUpload
class s3.MultipartUpload(bucket_name, object_key, id)

A resource representing an Amazon Simple Storage Service MultipartUpload:
import boto3
multipart_upload = s3.MultipartUpload(bucket_name, object_key, id)
Identifiers:
bucket_name
(string, identifier) The MultipartUploads BucketName identifier. This attribute must be set for the
id
(string, identifier) The MultipartUploads Id identifier. This attribute must be set for the actions below
to work.
object_key
(string, identifier) The MultipartUploads ObjectKey identifier. This attribute must be set for the
Attributes:
initiated
(datetime) Date and time at which the multipart upload was initiated.
initiator
(dict) Identifies who initiated the multipart upload.
key
(string) Key of the object for which the multipart upload was initiated.
owner
(dict)
storage_class
(string) The class of storage used to store the object.
upload_id
(string) Upload ID that identifies the multipart upload.
2.1. Services 561

Actions
some attributes.
abort()
This method calls s3.Client.abort_multipart_upload().
Return type dict
complete(MultipartUpload=None)
This method calls s3.Client.complete_multipart_upload().
Parameters MultipartUpload (dict)
Return type s3.Object
Sub-resources
along to the child.
MultipartUploadPart(part_number)
Create a s3.MultipartUploadPart instance.
References
object
(s3.Object) The related Object if set, otherwise None.
Collections
parts
(CollectionManager) A collection of s3.MultipartUploadPart instances. This collection
uses the s3.Client.list_parts() operation to get items.
MultipartUploadPart
class s3.MultipartUploadPart(bucket_name, object_key, multipart_upload_id, part_number)

A resource representing an Amazon Simple Storage Service MultipartUploadPart:
import boto3
multipart_upload_part = s3.MultipartUploadPart(bucket_name, object_key, multipart_upload_id
Identifiers:
bucket_name
(string, identifier) The MultipartUploadParts BucketName identifier. This attribute must be set for
multipart_upload_id
(string, identifier) The MultipartUploadParts MultipartUploadId identifier. This attribute must be set
for the actions below to work.

object_key
(string, identifier) The MultipartUploadParts ObjectKey identifier. This attribute must be set for the
part_number
(string, identifier) The MultipartUploadParts PartNumber identifier. This attribute must be set for the
Attributes:
e_tag
(string) Entity tag returned when the part was uploaded.
last_modified
(datetime) Date and time at which the part was uploaded.
part_number
(integer) Part number identifying the part.
size
(integer) Size of the uploaded part data.
Actions
some attributes.
copy_from(CopySource, CopySourceIfMatch=None, CopySourceIfModifiedSince=None, CopySour-
ceIfNoneMatch=None, CopySourceIfUnmodifiedSince=None, CopySourceRange=None,
CopySourceSSECustomerAlgorithm=None, CopySourceSSECustomerKey=None, Copy-
SourceSSECustomerKeyMD5=None)
This method calls s3.Client.upload_part_copy().
Parameters
ified tag.
the specified time.
CopySourceRange (string) The range of bytes to copy from the source object. The
range value must use the form bytes=first-last, where the first and last are the zero-based
byte offsets to copy. For example, bytes=0-9 indicates that you want to copy the first ten
bytes of the source. You can copy a range only if the source object is greater than 5 GB.
2.1. Services 563


Return type dict
upload(Body=None, ContentLength=None, ContentMD5=None, SSECustomerAlgorithm=None, SSE-
CustomerKey=None, SSECustomerKeyMD5=None)
This method calls s3.Client.upload_part().
Parameters
Body (blob)
ContentMD5 (string)
Return type dict
References
multipart_upload
(s3.MultipartUpload) The related MultipartUpload if set, otherwise None.
Object
class s3.Object(bucket_name, key)

A resource representing an Amazon Simple Storage Service Object:

import boto3
object = s3.Object(bucket_name, key)
Identifiers:
bucket_name
(string, identifier) The Objects BucketName identifier. This attribute must be set for the actions below
to work.
key
(string, identifier) The Objects Key identifier. This attribute must be set for the actions below to work.
Attributes:
accept_ranges
(string)
cache_control
(string) Specifies caching behavior along the request/reply chain.
content_disposition
(string) Specifies presentational information for the object.
content_encoding
(string) Specifies what content encodings have been applied to the object and thus what decoding
mechanisms must be applied to obtain the media-type referenced by the Content-Type header field.
content_language
(string) The language the content is in.
content_length
(integer) Size of the body in bytes.
content_type
(string) A standard MIME type describing the format of the object data.
delete_marker
(boolean) Specifies whether the object retrieved was (true) or was not (false) a Delete Marker. If false,
this response header does not appear in the response.
e_tag
(string) An ETag is an opaque identifier assigned by a web server to a specific version of a resource
found at a URL
expiration
(datetime) If the object expiration is configured (see PUT Bucket lifecycle), the response includes this
header. It includes the expiry-date and rule-id key value pairs providing object expiration information. The
value of the rule-id is URL encoded.
expires
(datetime) The date and time at which the object is no longer cacheable.
last_modified
(datetime) Last modified date of the object
2.1. Services 565

metadata
(dict) A map of metadata to store with the object in S3.
missing_meta
(integer) This is set to the number of metadata entries not returned in x-amz-meta headers. This can
happen if you create metadata using an API like SOAP that supports more flexible metadata than the REST
API. For example, using SOAP, you can create metadata whose values are not legal HTTP headers.
restore
(string) Provides information about object restoration operation and expiration time of the restored
object copy.
sse_customer_algorithm
(string) If server-side encryption with a customer-provided encryption key was requested, the response
will include this header confirming the encryption algorithm used.
sse_customer_key_md5
(string) If server-side encryption with a customer-provided encryption key was requested, the response
will include this header to provide round trip message integrity verification of the customer-provided en-
cryption key.
ssekms_key_id
(string) If present, specifies the ID of the AWS Key Management Service (KMS) master encryption key
that was used for the object.
server_side_encryption
(string) The Server-side encryption algorithm used when storing this object in S3 (e.g., AES256,
aws:kms).
version_id
(string) Version of the object.
website_redirect_location
(string) If the bucket is configured as a website, redirects requests for this object to another object in
the same bucket or to an external URL. Amazon S3 stores the value of this header in the object metadata.
Actions
some attributes.
copy_from(CopySource, ACL=None, CacheControl=None, ContentDisposition=None, ContentEn-
coding=None, ContentLanguage=None, ContentType=None, CopySourceIfMatch=None,
CopySourceIfModifiedSince=None, CopySourceIfNoneMatch=None, CopySourceI-
fUnmodifiedSince=None, Expires=None, GrantFullControl=None, GrantRead=None,
GrantReadACP=None, GrantWriteACP=None, Metadata=None, MetadataDirec-
tive=None, ServerSideEncryption=None, StorageClass=None, WebsiteRedirect-
Location=None, SSECustomerAlgorithm=None, SSECustomerKey=None, SSECus-
tomerKeyMD5=None, SSEKMSKeyId=None, CopySourceSSECustomerAlgorithm=None,
CopySourceSSECustomerKey=None, CopySourceSSECustomerKeyMD5=None)
This method calls s3.Client.copy_object().
Parameters

ified tag.
the specified time.
MetadataDirective (string) Specifies whether the metadata is copied from the source
object or replaced with metadata provided in the request.
DARD.
2.1. Services 567

signature-version
Return type dict
delete(MFA=None, VersionId=None)
This method calls s3.Client.delete_object().
Parameters
Return type dict
get(IfMatch=None, IfModifiedSince=None, IfNoneMatch=None, IfUnmodifiedSince=None,
Range=None, ResponseCacheControl=None, ResponseContentDisposition=None, Respon-
seContentEncoding=None, ResponseContentLanguage=None, ResponseContentType=None, Re-
sponseExpires=None, VersionId=None, SSECustomerAlgorithm=None, SSECustomerKey=None,
SSECustomerKeyMD5=None)
This method calls s3.Client.get_object().
Parameters
sponse


Return type dict
initiate_multipart_upload(ACL=None, CacheControl=None, ContentDisposi-
tion=None, ContentEncoding=None, ContentLanguage=None,
ContentType=None, Expires=None, GrantFullCon-
trol=None, GrantRead=None, GrantReadACP=None,
GrantWriteACP=None, Metadata=None, ServerSideEncryp-
tion=None, StorageClass=None, WebsiteRedirectLocation=None,
SSECustomerAlgorithm=None, SSECustomerKey=None, SSECus-
tomerKeyMD5=None, SSEKMSKeyId=None)
This method calls s3.Client.create_multipart_upload().
Parameters
DARD.
2.1. Services 569


signature-version
Return type s3.MultipartUpload
put(ACL=None, Body=None, CacheControl=None, ContentDisposition=None, ContentEncod-
ing=None, ContentLanguage=None, ContentLength=None, ContentMD5=None, Content-
Type=None, Expires=None, GrantFullControl=None, GrantRead=None, GrantReadACP=None,
GrantWriteACP=None, Metadata=None, ServerSideEncryption=None, StorageClass=None,
WebsiteRedirectLocation=None, SSECustomerAlgorithm=None, SSECustomerKey=None, SSECus-
tomerKeyMD5=None, SSEKMSKeyId=None)
This method calls s3.Client.put_object().
Parameters
ContentMD5 (string)

DARD.
signature-version
Return type dict
Sub-resources
along to the child.
MultipartUpload(id)
Create a s3.MultipartUpload instance.
ObjectAcl()
Create a s3.ObjectAcl instance.
ObjectVersion(id)
Create a s3.ObjectVersion instance.
References
bucket
ObjectAcl
class s3.ObjectAcl(bucket_name, object_key)

A resource representing an Amazon Simple Storage Service ObjectAcl:
2.1. Services 571

import boto3
object_acl = s3.ObjectAcl(bucket_name, object_key)
Identifiers:
bucket_name
(string, identifier) The ObjectAcls BucketName identifier. This attribute must be set for the actions
below to work.
object_key
(string, identifier) The ObjectAcls ObjectKey identifier. This attribute must be set for the actions
below to work.
Attributes:
grants
(list) A list of grants.
owner
(dict)
Actions
some attributes.
put(ACL=None, AccessControlPolicy=None, ContentMD5=None, GrantFullControl=None,
GrantRead=None, GrantReadACP=None, GrantWrite=None, GrantWriteACP=None)
This method calls s3.Client.put_object_acl().
Parameters
ContentMD5 (string)
bucket.
Return type dict
References
object

ObjectVersion
class s3.ObjectVersion(bucket_name, object_key, id)

A resource representing an Amazon Simple Storage Service ObjectVersion:
import boto3
object_version = s3.ObjectVersion(bucket_name, object_key, id)
Identifiers:
bucket_name
(string, identifier) The ObjectVersions BucketName identifier. This attribute must be set for the ac-
tions below to work.
id
(string, identifier) The ObjectVersions Id identifier. This attribute must be set for the actions below to
work.
object_key
(string, identifier) The ObjectVersions ObjectKey identifier. This attribute must be set for the actions
below to work.
Attributes:
e_tag
(string)
is_latest
(boolean) Specifies whether the object is (true) or is not (false) the latest version of an object.
key
(string) The object key.
last_modified
(datetime) Date and time the object was last modified.
owner
(dict)
size
(integer) Size in bytes of the object.
storage_class
(string) The class of storage used to store the object.
version_id
(string) Version ID of an object.
Actions
some attributes.
delete(MFA=None)
This method calls s3.Client.delete_object().
2.1. Services 573

Parameters MFA (string) The concatenation of the authentication devices serial number, a
space, and the value that is displayed on your authentication device.
Return type dict
get(IfMatch=None, IfModifiedSince=None, IfNoneMatch=None, IfUnmodifiedSince=None,
Range=None, ResponseCacheControl=None, ResponseContentDisposition=None, Respon-
seContentEncoding=None, ResponseContentLanguage=None, ResponseContentType=None,
ResponseExpires=None, SSECustomerAlgorithm=None, SSECustomerKey=None, SSECus-
tomerKeyMD5=None)
This method calls s3.Client.get_object().
Parameters
sponse
Return type dict
head(IfMatch=None, IfModifiedSince=None, IfNoneMatch=None, IfUnmodifiedSince=None,
Range=None, SSECustomerAlgorithm=None, SSECustomerKey=None, SSECus-
tomerKeyMD5=None)
This method calls s3.Client.head_object().
Parameters

Return type dict
References
object
2.1.33 Amazon SimpleDB
Table of Contents
Amazon SimpleDB
Client
Client
class sdb.Client
A low-level client representing Amazon SimpleDB:
import boto3
sdb = boto3.client(sdb)
batch_delete_attributes(DomainName, Items)
Performs multiple DeleteAttributes operations in a single call, which reduces round trips and latencies.
This enables Amazon SimpleDB to optimize requests, which generally yields better throughput.
The following limitations are enforced for this operation:
2.1. Services 575

1 MB request size
25 item limit per BatchDeleteAttributes operation
Parameters
DomainName (string) The name of the domain in which the attributes are being deleted.
Items (list) A list of items on which to perform the operation.
Return type dict
batch_put_attributes(DomainName, Items)
The BatchPutAttributes operation creates or replaces attributes within one or more items. By
using this operation, the client can perform multiple PutAttribute operation with a single call. This helps
yield savings in round trips and latencies, enabling Amazon SimpleDB to optimize requests and generally
produce better throughput.
The client may specify the item name with the Item.X.ItemName parameter. The client
may specify new attributes using a combination of the Item.X.Attribute.Y.Name and
Item.X.Attribute.Y.Value parameters. The client may specify the first attribute for the first
item using the parameters Item.0.Attribute.0.Name and Item.0.Attribute.0.Value ,
and for the second attribute for the first item by the parameters Item.0.Attribute.1.Name and
Item.0.Attribute.1.Value , and so on.
Attributes are uniquely identified within an item by their name/value combination. For ex-
ample, a single item can have the attributes { "first_name", "first_value" } and {
"first_name", "second_value" } . However, it cannot have two attribute instances where both
the Item.X.Attribute.Y.Name and Item.X.Attribute.Y.Value are the same.
Optionally, the requester can supply the Replace parameter for each individual value. Setting this value
to true will cause the new attribute values to replace the existing attribute values. For example, if an item
I has the attributes { a, 1 }, { b, 2} and { b, 3 } and the requester does a
BatchPutAttributes of {I, b, 4 } with the Replace parameter set to true, the final attributes of
the item will be { a, 1 } and { b, 4 } , replacing the previous values of the b attribute
with the new value.
Warning: This operation is vulnerable to exceeding the maximum URL size when making a
REST request using the HTTP GET method. This operation does not support conditions using
Expected.X.Name , Expected.X.Value , or Expected.X.Exists .
You can execute multiple BatchPutAttributes operations and other operations in parallel. How-
ever, large numbers of concurrent BatchPutAttributes calls can result in Service Unavailable (503)
responses.
256 attribute name-value pairs per item
1 MB request size
1 billion attributes per domain
10 GB of total user data storage per domain
25 item limit per BatchPutAttributes operation
Parameters
DomainName (string) The name of the domain in which the attributes are being stored.

Items (list) A list of items on which to perform the operation.

Return type dict
create_domain(DomainName)
The CreateDomain operation creates a new domain. The domain name should be unique among the
domains associated with the Access Key ID provided in the request. The CreateDomain operation may
take 10 or more seconds to complete.
The client can create up to 100 domains per account.
If the client requires additional domains, go to http://aws.amazon.com/contact-us/simpledb-limit-request/
.
Parameters DomainName (string) The name of the domain to create. The name can range
between 3 and 255 characters and can contain the following characters: a-z, A-Z, 0-9, _,
-, and ..
Return type dict
delete_attributes(DomainName, ItemName, Attributes=None, Expected=None)
Deletes one or more attributes associated with an item. If all attributes of the item are deleted, the item is
deleted.
DeleteAttributes is an idempotent operation; running it multiple times on the same item
or attribute does not result in an error response.
Because Amazon SimpleDB makes multiple copies of item data and uses an eventual consistency update
model, performing a GetAttributes or Select operation (read) immediately after a DeleteAttributes
or PutAttributes operation (write) might not return updated item data.
Parameters
DomainName (string) The name of the domain in which to perform the operation.
ItemName (string) The name of the item. Similar to rows on a spreadsheet, items
represent individual objects that contain one or more value-attribute pairs.
Attributes (list) A list of Attributes. Similar to columns on a spreadsheet, attributes
represent categories of data that can be assigned to items.
Expected (dict) The update condition which, if specified, determines whether the spec-
ified attributes will be deleted or not. The update condition must be satisfied in order for
this request to be processed and the attributes to be deleted.
Return type dict
delete_domain(DomainName)
The DeleteDomain operation deletes a domain. Any items (and their attributes) in the domain are
deleted as well. The DeleteDomain operation might take 10 or more seconds to complete.
Parameters DomainName (string) The name of the domain to delete.
Return type dict
domain_metadata(DomainName)
Returns information about the domain, including when the domain was created, the number of items and
attributes in the domain, and the size of the attribute names and values.
Parameters DomainName (string) The name of the domain for which to display the metadata
of.
Return type dict
2.1. Services 577

get_attributes(DomainName, ItemName, AttributeNames=None, ConsistentRead=None)

Returns all of the attributes associated with the specified item. Optionally, the attributes returned can be
limited to one or more attributes by specifying an attribute name parameter.
If the item does not exist on the replica that was accessed for this operation, an empty set is returned. The
system does not return an error as it cannot guarantee the item does not exist on other replicas.
Parameters
ItemName (string) The name of the item.
AttributeNames (list) The names of the attributes.
ConsistentRead (boolean) Determines whether or not strong consistency should be en-
forced when data is read from SimpleDB. If true , any data previously written to Sim-
pleDB will be returned. Otherwise, results will be consistent eventually, and the client
may not see data that was written immediately before your read.
Return type dict
list_domains(MaxNumberOfDomains=None, NextToken=None)
The ListDomains operation lists all domains associated with the Access Key ID. It returns domain
names up to the limit set by MaxNumberOfDomains . A NextToken is returned if there are more than
MaxNumberOfDomains domains. Calling ListDomains successive times with the NextToken pro-
vided by the operation returns up to MaxNumberOfDomains more domain names with each successive
operation call.
Parameters
MaxNumberOfDomains (integer) The maximum number of domain names you want
returned. The range is 1 to 100. The default setting is 100.
NextToken (string) A string informing Amazon SimpleDB where to start the next list of
domain names.
Return type dict
put_attributes(DomainName, ItemName, Attributes, Expected=None)
The PutAttributes operation creates or replaces attributes in an item. The client may specify new attributes
using a combination of the Attribute.X.Name and Attribute.X.Value parameters. The client
specifies the first attribute by the parameters Attribute.0.Name and Attribute.0.Value , the
second attribute by the parameters Attribute.1.Name and Attribute.1.Value , and so on.
Attributes are uniquely identified in an item by their name/value combination. For exam-
ple, a single item can have the attributes { "first_name", "first_value" } and {
"first_name", second_value" } . However, it cannot have two attribute instances where both
the Attribute.X.Name and Attribute.X.Value are the same.
Optionally, the requestor can supply the Replace parameter for each individual attribute. Setting this
value to true causes the new attribute value to replace the existing attribute value(s). For example, if an
item has the attributes { a, 1 } , { b, 2} and { b, 3 } and the requestor calls
PutAttributes using the attributes { b, 4 } with the Replace parameter set to true, the
final attributes of the item are changed to { a, 1 } and { b, 4 } , which replaces the
previous values of the b attribute with the new value.
You cannot specify an empty string as an attribute name.

Because Amazon SimpleDB makes multiple copies of client data and uses an eventual consistency up-
date model, an immediate GetAttributes or Select operation (read) immediately after a PutAttributes or
DeleteAttributes operation (write) might not return the updated data.
256 total attribute name-value pairs per item
One billion attributes per domain
10 GB of total user data storage per domain
Parameters
ItemName (string) The name of the item.
Attributes (list) The list of attributes.
Expected (dict) The update condition which, if specified, determines whether the spec-
ified attributes will be updated or not. The update condition must be satisfied in order for
this request to be processed and the attributes to be updated.
Return type dict
select(SelectExpression, NextToken=None, ConsistentRead=None)

The Select operation returns a set of attributes for ItemNames that match the select expression.
Select is similar to the standard SQL SELECT statement.
The total size of the response cannot exceed 1 MB in total size. Amazon SimpleDB automatically adjusts
the number of items returned per page to enforce this limit. For example, if the client asks to retrieve
2500 items, but each individual item is 10 kB in size, the system returns 100 items and an appropriate
NextToken so the client can access the next page of results.
For information on how to construct select expressions, see Using Select to Create Amazon SimpleDB
Queries in the Developer Guide.
Parameters
SelectExpression (string) The expression used to query the domain.
NextToken (string) A string informing Amazon SimpleDB where to start the next list of
ItemNames .
ConsistentRead (boolean) Determines whether or not strong consistency should be en-
forced when data is read from SimpleDB. If true , any data previously written to Sim-
pleDB will be returned. Otherwise, results will be consistent eventually, and the client
may not see data that was written immediately before your read.
Return type dict
2.1.34 Amazon Simple Email Service
Table of Contents
Amazon Simple Email Service
Client
2.1. Services 579

Client
class ses.Client
A low-level client representing Amazon Simple Email Service:
import boto3
ses = boto3.client(ses)
delete_identity(Identity)
Deletes the specified identity (email address or domain) from the list of verified identities.
This action is throttled at one request per second.
Parameters Identity (string) The identity to be removed from the list of identities for the
AWS Account.
Return type dict
delete_verified_email_address(EmailAddress)
Deletes the specified email address from the list of verified addresses.
Warning: The DeleteVerifiedEmailAddress action is deprecated as of the May 15, 2012 release of
Domain Verification. The DeleteIdentity action is now preferred.

Parameters EmailAddress (string) An email address to be removed from the list of verified
addresses.
Return type dict
get_identity_dkim_attributes(Identities)
Returns the current status of Easy DKIM signing for an entity. For domain name identities, this action
also returns the DKIM tokens that are required for Easy DKIM signing, and whether Amazon SES has
successfully verified that these tokens have been published.
This action takes a list of identities as input and returns the following information for each:
Whether Easy DKIM signing is enabled or disabled.
A set of DKIM tokens that represent the identity. If the identity is an email address, the tokens
represent the domain of that address.
Whether Amazon SES has successfully verified the DKIM tokens published in the domains DNS.
This information is only returned for domain name identities, not for email addresses.
For more information about creating DNS records using DKIM tokens, go to the Amazon SES Developer
Guide_ .
Parameters Identities (list) A list of one or more verified identities - email addresses, do-
mains, or both.
Return type dict
get_identity_notification_attributes(Identities)
Given a list of verified identities (email addresses and/or domains), returns a structure describing identity
notification attributes.

For more information about using notifications with Amazon SES, see the Amazon SES Developer
Guide_ .
Parameters Identities (list) A list of one or more identities.
Return type dict
get_identity_verification_attributes(Identities)
Given a list of identities (email addresses and/or domains), returns the verification status and (for domain
identities) the verification token for each identity.
Parameters Identities (list) A list of identities.
Return type dict
get_send_quota()
Returns the users current sending limits.
Return type dict
get_send_statistics()
Returns the users sending statistics. The result is a list of data points, representing the last two weeks of
sending activity.
Each data point in the list contains statistics for a 15-minute interval.
Return type dict
get_waiter(name)
identity_exists
list_identities(IdentityType=None, NextToken=None, MaxItems=None)
Returns a list containing all of the identities (email addresses and domains) for a specific AWS Account,
regardless of verification status.
Parameters
IdentityType (string) The type of the identities to list. Possible values are EmailAd-
dress and Domain. If this parameter is omitted, then all identities will be listed.
NextToken (string) The token to use for pagination.
MaxItems (integer) The maximum number of identities per page. Possible values are
1-100 inclusive.
Return type dict
list_verified_email_addresses()
Returns a list containing all of the email addresses that have been verified.
Warning: The ListVerifiedEmailAddresses action is deprecated as of the May 15, 2012 release of
Domain Verification. The ListIdentities action is now preferred.
2.1. Services 581

Return type dict

send_email(Source, Destination, Message, ReplyToAddresses=None, ReturnPath=None)
Composes an email message based on input data, and then immediately queues the message for sending.
Warning: You can only send email from verified email addresses and domains. If you have not
requested production access to Amazon SES, you must also verify every recipient email address except
for the recipients provided by the Amazon SES mailbox simulator. For more information, go to the
Amazon SES Developer Guide_ .
The total size of the message cannot exceed 10 MB.

Amazon SES has a limit on the total number of recipients per message: The combined number of To:, CC:
and BCC: email addresses cannot exceed 50. If you need to send an email message to a larger audience,
you can divide your recipient list into groups of 50 or fewer, and then call Amazon SES repeatedly to send
the message to each group.
For every message that you send, the total number of recipients (To:, CC: and BCC:) is counted against
your sending quota - the maximum number of emails you can send in a 24-hour period. For information
about your sending quota, go to the Amazon SES Developer Guide_ .
Parameters
Source (string) The identitys email address.
By default, the string must be 7-bit ASCII. If the text must contain any
other characters, then you must use MIME encoded-word syntax (RFC 2047) in-
stead of a literal string. MIME encoded-word syntax uses the following form:
=?charset?encoding?encoded-text?= . For more information, see RFC 2047 .
Destination (dict) The destination for this email, composed of To:, CC:, and BCC: fields.
Message (dict) The message to be sent.
ReplyToAddresses (list) The reply-to email address(es) for the message. If the recipient
replies to the message, each reply-to address will receive the reply.
ReturnPath (string) The email address to which bounces and complaints are to be for-
warded when feedback forwarding is enabled. If the message cannot be delivered to the
recipient, then an error message will be returned from the recipients ISP; this message
will then be forwarded to the email address specified by the ReturnPath parameter.
Return type dict
send_raw_email(RawMessage, Source=None, Destinations=None)
Sends an email message, with header and content specified by the client. The SendRawEmail action is
useful for sending multipart MIME emails. The raw text of the message must comply with Internet email
standards; otherwise, the message cannot be sent.
Warning: You can only send email from verified email addresses and domains. If you have not
requested production access to Amazon SES, you must also verify every recipient email address except
for the recipients provided by the Amazon SES mailbox simulator. For more information, go to the
Amazon SES Developer Guide_ .
The total size of the message cannot exceed 10 MB. This includes any attachments that are part of the
message.
Amazon SES has a limit on the total number of recipients per message: The combined number of To:, CC:
and BCC: email addresses cannot exceed 50. If you need to send an email message to a larger audience,

you can divide your recipient list into groups of 50 or fewer, and then call Amazon SES repeatedly to send
the message to each group.
The To:, CC:, and BCC: headers in the raw message can contain a group list. Note that each recipient in a
group list counts towards the 50-recipient limit.
For every message that you send, the total number of recipients (To:, CC: and BCC:) is counted against
your sending quota - the maximum number of emails you can send in a 24-hour period. For information
about your sending quota, go to the Amazon SES Developer Guide_ .
Parameters
Source (string) The identitys email address.
By default, the string must be 7-bit ASCII. If the text must contain any
other characters, then you must use MIME encoded-word syntax (RFC 2047) in-
stead of a literal string. MIME encoded-word syntax uses the following form:
=?charset?encoding?encoded-text?= . For more information, see RFC 2047 .
Destinations (list) A list of destinations for the message, consisting of To:, CC:, and
BCC: addresses.
RawMessage (dict) The raw text of the message. The client is responsible for ensuring
the following:
Message must contain a header and a body, separated by a blank line.
All required header fields must be present.
Each part of a multipart MIME message must be formatted properly.
MIME content types must be among those supported by Amazon SES. For more infor-
mation, go to the Amazon SES Developer Guide_ .
Content must be base64-encoded, if MIME requires it.
Return type dict
set_identity_dkim_enabled(Identity, DkimEnabled)
Enables or disables Easy DKIM signing of email sent from an identity:
If Easy DKIM signing is enabled for a domain name identity (e.g., example.com ), then
Amazon SES will DKIM-sign all email sent by addresses under that domain name (e.g.,
user@example.com ).
If Easy DKIM signing is enabled for an email address, then Amazon SES will DKIM-sign all email
sent by that email address.
For email addresses (e.g., user@example.com ), you can only enable Easy DKIM signing if the corre-
sponding domain (e.g., example.com ) has been set up for Easy DKIM using the AWS Console or the
VerifyDomainDkim action.
For more information about Easy DKIM signing, go to the Amazon SES Developer Guide_ .
Parameters
Identity (string) The identity for which DKIM signing should be enabled or disabled.
DkimEnabled (boolean) Sets whether DKIM signing is enabled for an identity. Set to
true to enable DKIM signing for this identity; false to disable it.
Return type dict
2.1. Services 583

set_identity_feedback_forwarding_enabled(Identity, ForwardingEnabled)
Given an identity (email address or domain), enables or disables whether Amazon SES forwards bounce
and complaint notifications as email. Feedback forwarding can only be disabled when Amazon Simple
Notification Service (Amazon SNS) topics are specified for both bounces and complaints.
For more information about using notifications with Amazon SES, see the Amazon SES Developer
Guide_ .
Parameters
Identity (string) The identity for which to set bounce and complaint notification for-
warding. Examples: user@example.com , example.com .
ForwardingEnabled (boolean) Sets whether Amazon SES will forward bounce and
complaint notifications as email. true specifies that Amazon SES will forward bounce
and complaint notifications as email, in addition to any Amazon SNS topic publishing
otherwise specified. false specifies that Amazon SES will publish bounce and com-
plaint notifications only through Amazon SNS. This value can only be set to false when
Amazon SNS topics are set for both Bounce and Complaint notification types.
Return type dict
set_identity_notification_topic(Identity, NotificationType, SnsTopic=None)
Given an identity (email address or domain), sets the Amazon Simple Notification Service (Amazon SNS)
topic to which Amazon SES will publish bounce, complaint, and/or delivery notifications for emails sent
with that identity as the Source .
For more information about feedback notification, see the Amazon SES Developer Guide_ .
Parameters
Identity (string) The identity for which the Amazon SNS topic will be set. Examples:
user@example.com , example.com .
NotificationType (string) The type of notifications that will be published to the specified
Amazon SNS topic.
SnsTopic (string) The Amazon Resource Name (ARN) of the Amazon SNS topic. If the
parameter is omitted from the request or a null value is passed, SnsTopic is cleared and
publishing is disabled.
Return type dict
verify_domain_dkim(Domain)
Returns a set of DKIM tokens for a domain. DKIM tokens are character strings that represent your do-
mains identity. Using these tokens, you will need to create DNS CNAME records that point to DKIM
public keys hosted by Amazon SES. Amazon Web Services will eventually detect that you have updated
your DNS records; this detection process may take up to 72 hours. Upon successful detection, Amazon
SES will be able to DKIM-sign email originating from that domain.
To enable or disable Easy DKIM signing for a domain, use the SetIdentityDkimEnabled action.
For more information about creating DNS records using DKIM tokens, go to the Amazon SES Developer
Guide_ .
Parameters Domain (string) The name of the domain to be verified for Easy DKIM signing.
Return type dict

verify_domain_identity(Domain)
Verifies a domain.
Parameters Domain (string) The domain to be verified.
Return type dict
verify_email_address(EmailAddress)
Verifies an email address. This action causes a confirmation email message to be sent to the specified
address.
Warning: The VerifyEmailAddress action is deprecated as of the May 15, 2012 release of Domain
Verification. The VerifyEmailIdentity action is now preferred.

Parameters EmailAddress (string) The email address to be verified.
Return type dict
verify_email_identity(EmailAddress)
Verifies an email address. This action causes a confirmation email message to be sent to the specified
address.
Parameters EmailAddress (string) The email address to be verified.
Return type dict
2.1.35 Amazon Simple Notification Service
Table of Contents
Amazon Simple Notification Service
Client
Service Resource
PlatformApplication
PlatformEndpoint
Subscription
Topic
Client
class sns.Client
A low-level client representing Amazon Simple Notification Service:
import boto3
sns = boto3.client(sns)
add_permission(TopicArn, Label, AWSAccountId, ActionName)

Adds a statement to a topics access control policy, granting access for the specified AWS accounts to the
specified actions.
2.1. Services 585

Parameters
TopicArn (string) The ARN of the topic whose access control policy you wish to modify.
Label (string) A unique identifier for the new policy statement.
AWSAccountId (list) The AWS account IDs of the users (principals) who will be given
access to the specified actions. The users must have AWS accounts, but do not need to be
signed up for this service.
ActionName (list) The action you want to allow for the specified principal(s).
Valid values: any Amazon SNS action name.
Return type dict
confirm_subscription(TopicArn, Token, AuthenticateOnUnsubscribe=None)
Verifies an endpoint owners intent to receive messages by validating the token sent to the end-
point by an earlier Subscribe action. If the token is valid, the action creates a new subscription
and returns its Amazon Resource Name (ARN). This call requires an AWS signature only when the
AuthenticateOnUnsubscribe flag is set to true.
Parameters
TopicArn (string) The ARN of the topic for which you wish to confirm a subscription.
Token (string) Short-lived token sent to an endpoint during the Subscribe action.
AuthenticateOnUnsubscribe (string) Disallows unauthenticated unsubscribes of the
subscription. If the value of this parameter is true and the request has an AWS signature,
then only the topic owner and the subscription owner can unsubscribe the endpoint. The
unsubscribe action requires AWS authentication.
Return type dict
create_platform_application(Name, Platform, Attributes)
Creates a platform application object for one of the supported push notification services, such as
APNS and GCM, to which devices and mobile apps may register. You must specify Platform-
Principal and PlatformCredential attributes when using the CreatePlatformApplication ac-
tion. The PlatformPrincipal is received from the notification service. For APNS/APNS_SANDBOX,
PlatformPrincipal is SSL certificate. For GCM, PlatformPrincipal is not applicable. For ADM,
PlatformPrincipal is client id. The PlatformCredential is also received from the notification ser-
vice. For APNS/APNS_SANDBOX, PlatformCredential is private key. For GCM, PlatformCre-
dential is API key. For ADM, PlatformCredential is client secret. The PlatformApplicationArn
that is returned when using CreatePlatformApplication is then used as an attribute for the
CreatePlatformEndpoint action. For more information, see Using Amazon SNS Mobile Push
Notifications .
Parameters
Name (string) Application names must be made up of only uppercase and lowercase
ASCII letters, numbers, underscores, hyphens, and periods, and must be between 1 and
Platform (string) The following platforms are supported: ADM (Amazon Device Mes-
saging), APNS (Apple Push Notification Service), APNS_SANDBOX, and GCM (Google
Cloud Messaging).
Attributes (dict) For a list of attributes, see SetPlatformApplicationAttributes
Return type dict

create_platform_endpoint(PlatformApplicationArn, Token, CustomUserData=None, At-

tributes=None)
Creates an endpoint for a device and mobile app on one of the supported push notification services,
such as GCM and APNS. CreatePlatformEndpoint requires the PlatformApplicationArn that
is returned from CreatePlatformApplication . The EndpointArn that is returned when using
CreatePlatformEndpoint can then be used by the Publish action to send a message to a mobile
app or by the Subscribe action for subscription to a topic. The CreatePlatformEndpoint action
is idempotent, so if the requester already owns an endpoint with the same device token and attributes, that
endpoints ARN is returned without creating a new endpoint. For more information, see Using Amazon
SNS Mobile Push Notifications .
When using CreatePlatformEndpoint with Baidu, two attributes must be provided: ChannelId and
UserId. The token field must also contain the ChannelId. For more information, see Creating an Amazon
SNS Endpoint for Baidu .
Parameters
PlatformApplicationArn (string) PlatformApplicationArn returned from CreatePlat-
formApplication is used to create a an endpoint.
Token (string) Unique identifier created by the notification service for an app on a de-
vice. The specific name for Token will vary, depending on which notification service is
being used. For example, when using APNS as the notification service, you need the de-
vice token. Alternatively, when using GCM or ADM, the device token equivalent is called
the registration ID.
CustomUserData (string) Arbitrary user data to associate with the endpoint. Amazon
SNS does not use this data. The data must be in UTF-8 format and less than 2KB.
Attributes (dict) For a list of attributes, see SetEndpointAttributes .
Return type dict
create_topic(Name)
Creates a topic to which notifications can be published. Users can create at most 3000 topics. For more
information, see http://aws.amazon.com/sns . This action is idempotent, so if the requester already owns a
topic with the specified name, that topics ARN is returned without creating a new topic.
Parameters Name (string) The name of the topic you want to create.
Constraints: Topic names must be made up of only uppercase and lowercase ASCII letters,
numbers, underscores, and hyphens, and must be between 1 and 256 characters long.
Return type dict
delete_endpoint(EndpointArn)
Deletes the endpoint from Amazon SNS. This action is idempotent. For more information, see Using
Amazon SNS Mobile Push Notifications .
Parameters EndpointArn (string) EndpointArn of endpoint to delete.
Return type dict
delete_platform_application(PlatformApplicationArn)
Deletes a platform application object for one of the supported push notification services, such as APNS
and GCM. For more information, see Using Amazon SNS Mobile Push Notifications .
Parameters PlatformApplicationArn (string) PlatformApplicationArn of platform applica-
tion object to delete.
Return type dict
2.1. Services 587

delete_topic(TopicArn)
Deletes a topic and all its subscriptions. Deleting a topic might prevent some messages previously sent to
the topic from being delivered to subscribers. This action is idempotent, so deleting a topic that does not
exist does not result in an error.
Parameters TopicArn (string) The ARN of the topic you want to delete.
Return type dict
get_endpoint_attributes(EndpointArn)
Retrieves the endpoint attributes for a device on one of the supported push notification services, such as
GCM and APNS. For more information, see Using Amazon SNS Mobile Push Notifications .
Parameters EndpointArn (string) EndpointArn for GetEndpointAttributes input.
Return type dict
get_platform_application_attributes(PlatformApplicationArn)
Retrieves the attributes of the platform application object for the supported push notification services, such
as APNS and GCM. For more information, see Using Amazon SNS Mobile Push Notifications .
Parameters PlatformApplicationArn (string) PlatformApplicationArn for GetPlatformAp-
plicationAttributesInput.
Return type dict
get_subscription_attributes(SubscriptionArn)
Returns all of the properties of a subscription.
Parameters SubscriptionArn (string) The ARN of the subscription whose properties you
want to get.
Return type dict
get_topic_attributes(TopicArn)
Returns all of the properties of a topic. Topic properties returned might differ based on the authorization
of the user.
Parameters TopicArn (string) The ARN of the topic whose properties you want to get.
Return type dict
list_endpoints_by_platform_application(PlatformApplicationArn, NextToken=None)
Lists the endpoints and endpoint attributes for devices in a supported push notification service, such
as GCM and APNS. The results for ListEndpointsByPlatformApplication are paginated
and return a limited list of endpoints, up to 100. If additional records are available after the
first page results, then a NextToken string will be returned. To receive the next page, you call
ListEndpointsByPlatformApplication again using the NextToken string received from the
previous call. When there are no more records to return, NextToken will be null. For more information,
see Using Amazon SNS Mobile Push Notifications .
Parameters
PlatformApplicationArn (string) PlatformApplicationArn for ListEndpointsByPlat-
formApplicationInput action.
NextToken (string) NextToken string is used when calling ListEndpointsByPlatformAp-
plication action to retrieve additional records that are available after the first page results.
Return type dict

list_platform_applications(NextToken=None)
Lists the platform application objects for the supported push notification services, such as APNS and GCM.
The results for ListPlatformApplications are paginated and return a limited list of applications,
up to 100. If additional records are available after the first page results, then a NextToken string will
be returned. To receive the next page, you call ListPlatformApplications using the NextToken
string received from the previous call. When there are no more records to return, NextToken will be null.
For more information, see Using Amazon SNS Mobile Push Notifications .
Parameters NextToken (string) NextToken string is used when calling ListPlatformApplica-
tions action to retrieve additional records that are available after the first page results.
Return type dict
list_subscriptions(NextToken=None)
Returns a list of the requesters subscriptions. Each call returns a limited list of subscriptions, up to 100.
If there are more subscriptions, a NextToken is also returned. Use the NextToken parameter in a new
ListSubscriptions call to get further results.
Parameters NextToken (string) Token returned by the previous ListSubscriptions re-
quest.
Return type dict
list_subscriptions_by_topic(TopicArn, NextToken=None)
Returns a list of the subscriptions to a specific topic. Each call returns a limited list of subscriptions, up to
100. If there are more subscriptions, a NextToken is also returned. Use the NextToken parameter in a
new ListSubscriptionsByTopic call to get further results.
Parameters
TopicArn (string) The ARN of the topic for which you wish to find subscriptions.
NextToken (string) Token returned by the previous ListSubscriptionsByTopic
request.
Return type dict
list_topics(NextToken=None)
Returns a list of the requesters topics. Each call returns a limited list of topics, up to 100. If there are more
topics, a NextToken is also returned. Use the NextToken parameter in a new ListTopics call to
get further results.
Parameters NextToken (string) Token returned by the previous ListTopics request.
Return type dict
publish(Message, TopicArn=None, TargetArn=None, Subject=None, MessageStructure=None, Mes-
sageAttributes=None)
Sends a message to all of a topics subscribed endpoints. When a messageId is returned, the message
has been saved and Amazon SNS will attempt to deliver it to the topics subscribers shortly. The format of
the outgoing message to each subscribed endpoint depends on the notification protocol selected.
To use the Publish action for sending a message to a mobile endpoint, such as an app on a Kindle
device or mobile phone, you must specify the EndpointArn. The EndpointArn is returned when making
a call with the CreatePlatformEndpoint action. The second example below shows a request and
response for publishing to a mobile endpoint.
2.1. Services 589

Parameters
TopicArn (string) The topic you want to publish to.
TargetArn (string) Either TopicArn or EndpointArn, but not both.
Message (string) The message you want to send to the topic.
If you want to send the same message to all transport protocols, include the text of the
message as a String value.
If you want to send different messages for each transport protocol, set the value of the
MessageStructure parameter to json and use a JSON object for the Message pa-
rameter. See the Examples section for the format of the JSON object.
Constraints: Messages must be UTF-8 encoded strings at most 256 KB in size (262144
bytes, not 262144 characters).
JSON-specific constraints:
Keys in the JSON object that correspond to supported transport protocols must have
simple JSON string values.
The values will be parsed (unescaped) before they are used in outgoing messages.
Outbound notifications are JSON encoded (meaning that the characters will be
reescaped for sending).
Values have a minimum length of 0 (the empty string, , is allowed).
Values have a maximum length bounded by the overall message size (so, including
multiple protocols may limit message sizes).
Non-string values will cause the key to be ignored.
Keys that do not correspond to supported transport protocols are ignored.
Duplicate keys are not allowed.
Failure to parse or validate any key or value in the message will cause the Publish
call to return an error (no partial delivery).
Subject (string) Optional parameter to be used as the Subject line when the message
is delivered to email endpoints. This field will also be included, if present, in the standard
JSON messages delivered to other endpoints.
Constraints: Subjects must be ASCII text that begins with a letter, number, or punctua-
tion mark; must not include line breaks or control characters; and must be less than 100
characters long.
MessageStructure (string) Set MessageStructure to json if you want to send a
different message for each protocol. For example, using one publish action, you can send
a short message to your SMS subscribers and a longer message to your email subscribers.
If you set MessageStructure to json , the value of the Message parameter must:
be a syntactically valid JSON object; and
contain at least a top-level JSON key of default with a value that is a string.
You can define other top-level keys that define the message you want to send to a specific
transport protocol (e.g., http).
For information about sending different messages for each protocol using the AWS Man-
agement Console, go to Create Different Messages for Each Protocol in the Amazon Simple
Notification Service Getting Started Guide .

Valid value: json

MessageAttributes (dict) Message attributes for Publish action.
Return type dict
remove_permission(TopicArn, Label)
Removes a statement from a topics access control policy.
Parameters
TopicArn (string) The ARN of the topic whose access control policy you wish to modify.
Label (string) The unique label of the statement you want to remove.
Return type dict
set_endpoint_attributes(EndpointArn, Attributes)
Sets the attributes for an endpoint for a device on one of the supported push notification services, such as
GCM and APNS. For more information, see Using Amazon SNS Mobile Push Notifications .
Parameters
EndpointArn (string) EndpointArn used for SetEndpointAttributes action.
Attributes (dict) A map of the endpoint attributes. Attributes in this map include the
following:
CustomUserData arbitrary user data to associate with the endpoint. Amazon SNS
does not use this data. The data must be in UTF-8 format and less than 2KB.
Enabled flag that enables/disables delivery to the endpoint. Amazon SNS will set
this to false when a notification service indicates to Amazon SNS that the endpoint is
invalid. Users can set it back to true, typically after updating Token.
Token device token, also referred to as a registration id, for an app and mobile de-
vice. This is returned from the notification service when an app and mobile device are
registered with the notification service.
Return type dict
set_platform_application_attributes(PlatformApplicationArn, Attributes)
Sets the attributes of the platform application object for the supported push notification services, such as
APNS and GCM. For more information, see Using Amazon SNS Mobile Push Notifications .
Parameters
PlatformApplicationArn (string) PlatformApplicationArn for SetPlatformApplication-
Attributes action.
Attributes (dict) A map of the platform application attributes. Attributes in this map
include the following:
PlatformCredential The credential received from the notification service. For
APNS/APNS_SANDBOX, PlatformCredential is private key. For GCM, Platform-
Credential is API key. For ADM, PlatformCredential is client secret.
PlatformPrincipal The principal received from the notification service. For
APNS/APNS_SANDBOX, PlatformPrincipal is SSL certificate. For GCM, Platform-
Principal is not applicable. For ADM, PlatformPrincipal is client id.
EventEndpointCreated Topic ARN to which EndpointCreated event notifica-
tions should be sent.
2.1. Services 591

EventEndpointDeleted Topic ARN to which EndpointDeleted event notifica-

EventEndpointUpdated Topic ARN to which EndpointUpdate event notifica-
EventDeliveryFailure Topic ARN to which DeliveryFailure event notifica-
tions should be sent upon Direct Publish delivery failure (permanent) to one of the
applications endpoints.
Return type dict
set_subscription_attributes(SubscriptionArn, AttributeName, AttributeValue=None)
Allows a subscription owner to set an attribute of the topic to a new value.
Parameters
SubscriptionArn (string) The ARN of the subscription to modify.
AttributeName (string) The name of the attribute you want to set. Only a subset of the
subscriptions attributes are mutable.
Valid values: DeliveryPolicy | RawMessageDelivery
AttributeValue (string) The new value for the attribute in JSON format.
Return type dict
set_topic_attributes(TopicArn, AttributeName, AttributeValue=None)
Allows a topic owner to set an attribute of the topic to a new value.
Parameters
TopicArn (string) The ARN of the topic to modify.
topics attributes are mutable.
Valid values: Policy | DisplayName | DeliveryPolicy
AttributeValue (string) The new value for the attribute.
Return type dict
subscribe(TopicArn, Protocol, Endpoint=None)
Prepares to subscribe an endpoint by sending the endpoint a confirmation message. To actually create a
subscription, the endpoint owner must call the ConfirmSubscription action with the token from the
confirmation message. Confirmation tokens are valid for three days.
Parameters
TopicArn (string) The ARN of the topic you want to subscribe to.
Protocol (string) The protocol you want to use. Supported protocols include:
http delivery of JSON-encoded message via HTTP POST
https delivery of JSON-encoded message via HTTPS POST
email delivery of message via SMTP
email-json delivery of JSON-encoded message via SMTP
sms delivery of message via SMS
sqs delivery of JSON-encoded message to an Amazon SQS queue

application delivery of JSON-encoded message to an EndpointArn for a mobile

app and device.
Endpoint (string) The endpoint that you want to receive notifications. Endpoints vary
by protocol:
For the http protocol, the endpoint is an URL beginning with http://
For the https protocol, the endpoint is a URL beginning with https://
For the email protocol, the endpoint is an email address
For the email-json protocol, the endpoint is an email address
For the sms protocol, the endpoint is a phone number of an SMS-enabled device
For the sqs protocol, the endpoint is the ARN of an Amazon SQS queue
For the application protocol, the endpoint is the EndpointArn of a mobile app and
device.
Return type dict
unsubscribe(SubscriptionArn)
Deletes a subscription. If the subscription requires authentication for deletion, only the owner of the sub-
scription or the topics owner can unsubscribe, and an AWS signature is required. If the Unsubscribe
call does not require authentication and the requester is not the subscription owner, a final cancellation
message is delivered to the endpoint, so that the endpoint owner can easily resubscribe to the topic if the
Unsubscribe request was unintended.
Parameters SubscriptionArn (string) The ARN of the subscription to be deleted.
Return type dict
Service Resource
class sns.Service
A resource representing Amazon Simple Notification Service:
import boto3
sns = boto3.resource(sns)
Actions
some attributes.
create_platform_application(Name, Platform, Attributes)
This method calls sns.Client.create_platform_application().
Parameters
Name (string) Application names must be made up of only uppercase and lowercase
ASCII letters, numbers, underscores, hyphens, and periods, and must be between 1 and
Platform (string) The following platforms are supported: ADM (Amazon Device Mes-
saging), APNS (Apple Push Notification Service), APNS_SANDBOX, and GCM (Google
Cloud Messaging).
Attributes (dict) For a list of attributes, see SetPlatformApplicationAttributes
2.1. Services 593

Return type sns.PlatformApplication

create_topic(Name)
This method calls sns.Client.create_topic().
Parameters Name (string) The name of the topic you want to create.
Constraints: Topic names must be made up of only uppercase and lowercase ASCII letters,
numbers, underscores, and hyphens, and must be between 1 and 256 characters long.
Return type sns.Topic
Sub-resources
along to the child.
PlatformApplication(arn)
Create a sns.PlatformApplication instance.
PlatformEndpoint(arn)
Create a sns.PlatformEndpoint instance.
Subscription(topic_arn, arn)
Create a sns.Subscription instance.
Topic(arn)
Create a sns.Topic instance.
Collections
platform_applications
(CollectionManager) A collection of sns.PlatformApplication instances. This collection
uses the sns.Client.list_platform_applications() operation to get items.
subscriptions
(CollectionManager) A collection of sns.Subscription instances. This collection uses the
sns.Client.list_subscriptions() operation to get items.
topics
(CollectionManager) A collection of sns.Topic instances. This collection uses the
sns.Client.list_topics() operation to get items.
PlatformApplication
class sns.PlatformApplication(arn)
A resource representing an Amazon Simple Notification Service PlatformApplication:
import boto3
platform_application = sns.PlatformApplication(arn)
Identifiers:

arn
(string, identifier) The PlatformApplications Arn identifier. This attribute must be set for the actions
below to work.
Attributes:
attributes
(dict) Attributes include the following:
EventEndpointCreated Topic ARN to which EndpointCreated event notifications should be
sent.
EventEndpointDeleted Topic ARN to which EndpointDeleted event notifications should be
sent.
EventEndpointUpdated Topic ARN to which EndpointUpdate event notifications should be
sent.
EventDeliveryFailure Topic ARN to which DeliveryFailure event notifications should be
sent upon Direct Publish delivery failure (permanent) to one of the applications endpoints.
Actions
some attributes.
create_platform_endpoint(Token, CustomUserData=None, Attributes=None)
This method calls sns.Client.create_platform_endpoint().
Parameters
Token (string) Unique identifier created by the notification service for an app on a de-
vice. The specific name for Token will vary, depending on which notification service is
being used. For example, when using APNS as the notification service, you need the de-
vice token. Alternatively, when using GCM or ADM, the device token equivalent is called
the registration ID.
CustomUserData (string) Arbitrary user data to associate with the endpoint. Amazon
SNS does not use this data. The data must be in UTF-8 format and less than 2KB.
Attributes (dict) For a list of attributes, see SetEndpointAttributes .
Return type sns.PlatformEndpoint
delete()
This method calls sns.Client.delete_platform_application().
Return type dict
set_attributes(Attributes)
This method calls sns.Client.set_platform_application_attributes().
Parameters Attributes (dict) A map of the platform application attributes. Attributes in this
map include the following:
PlatformCredential The credential received from the notification service. For
APNS/APNS_SANDBOX, PlatformCredential is private key. For GCM, PlatformCre-
dential is API key. For ADM, PlatformCredential is client secret.
PlatformPrincipal The principal received from the notification service. For
APNS/APNS_SANDBOX, PlatformPrincipal is SSL certificate. For GCM, Platform-
Principal is not applicable. For ADM, PlatformPrincipal is client id.
2.1. Services 595

EventEndpointCreated Topic ARN to which EndpointCreated event notifications

should be sent.
EventEndpointDeleted Topic ARN to which EndpointDeleted event notifications
should be sent.
EventEndpointUpdated Topic ARN to which EndpointUpdate event notifications
should be sent.
EventDeliveryFailure Topic ARN to which DeliveryFailure event notifications
should be sent upon Direct Publish delivery failure (permanent) to one of the applications
endpoints.
Return type dict
Collections
endpoints
(CollectionManager) A collection of sns.PlatformEndpoint instances. This collection uses
the sns.Client.list_endpoints_by_platform_application() operation to get items.
PlatformEndpoint
class sns.PlatformEndpoint(arn)
A resource representing an Amazon Simple Notification Service PlatformEndpoint:
import boto3
platform_endpoint = sns.PlatformEndpoint(arn)
Identifiers:
arn
(string, identifier) The PlatformEndpoints Arn identifier. This attribute must be set for the actions
below to work.
Attributes:
attributes
(dict) Attributes include the following:
CustomUserData arbitrary user data to associate with the endpoint. Amazon SNS does not use
this data. The data must be in UTF-8 format and less than 2KB.
Enabled flag that enables/disables delivery to the endpoint. Amazon SNS will set this to false
when a notification service indicates to Amazon SNS that the endpoint is invalid. Users can set it
back to true, typically after updating Token.
Token device token, also referred to as a registration id, for an app and mobile device. This is re-
turned from the notification service when an app and mobile device are registered with the notification
service.
Actions

some attributes.
delete()
This method calls sns.Client.delete_endpoint().
Return type dict
publish(Message, TopicArn=None, Subject=None, MessageStructure=None, MessageAt-
tributes=None)
This method calls sns.Client.publish().
Parameters
TopicArn (string) The topic you want to publish to.
characters long.
2.1. Services 597

Valid value: json
Return type dict
This method calls sns.Client.set_endpoint_attributes().
Parameters Attributes (dict) A map of the endpoint attributes. Attributes in this map include
the following:
CustomUserData arbitrary user data to associate with the endpoint. Amazon SNS
does not use this data. The data must be in UTF-8 format and less than 2KB.
Enabled flag that enables/disables delivery to the endpoint. Amazon SNS will set this
to false when a notification service indicates to Amazon SNS that the endpoint is invalid.
Users can set it back to true, typically after updating Token.
Token device token, also referred to as a registration id, for an app and mobile device.
This is returned from the notification service when an app and mobile device are registered
with the notification service.
Return type dict
Subscription
class sns.Subscription(topic_arn, arn)

A resource representing an Amazon Simple Notification Service Subscription:
import boto3
subscription = sns.Subscription(topic_arn, arn)
Identifiers:
arn
(string, identifier) The Subscriptions Arn identifier. This attribute must be set for the actions below to
work.
topic_arn
(string, identifier) The Subscriptions TopicArn identifier. This attribute must be set for the actions
below to work.
Attributes:
attributes
(dict) A map of the subscriptions attributes. Attributes in this map include the following:

SubscriptionArn the subscriptions ARN

TopicArn the topic ARN that the subscription is associated with
Owner the AWS account ID of the subscriptions owner
ConfirmationWasAuthenticated true if the subscription confirmation request was authen-
ticated
DeliveryPolicy the JSON serialization of the subscriptions delivery policy
EffectiveDeliveryPolicy the JSON serialization of the effective delivery policy that takes
into account the topic delivery policy and account system defaults
Actions
some attributes.
delete()
This method calls sns.Client.unsubscribe().
Return type dict
set_attributes(AttributeName, AttributeValue=None)
This method calls sns.Client.set_subscription_attributes().
Parameters
subscriptions attributes are mutable.
Valid values: DeliveryPolicy | RawMessageDelivery
AttributeValue (string) The new value for the attribute in JSON format.
Return type dict
References
topic
(sns.Topic) The related Topic if set, otherwise None.
Topic
class sns.Topic(arn)
A resource representing an Amazon Simple Notification Service Topic:
import boto3
topic = sns.Topic(arn)
Identifiers:
arn
(string, identifier) The Topics Arn identifier. This attribute must be set for the actions below to work.
2.1. Services 599

Attributes:
attributes
(dict) A map of the topics attributes. Attributes in this map include the following:
TopicArn the topics ARN
Owner the AWS account ID of the topics owner
Policy the JSON serialization of the topics access control policy
DisplayName the human-readable name used in the From field for notifications to email and
email-json endpoints
SubscriptionsPending the number of subscriptions pending confirmation on this topic
SubscriptionsConfirmed the number of confirmed subscriptions on this topic
SubscriptionsDeleted the number of deleted subscriptions on this topic
DeliveryPolicy the JSON serialization of the topics delivery policy
EffectiveDeliveryPolicy the JSON serialization of the effective delivery policy that takes
into account system defaults
Actions
some attributes.
add_permission(Label, AWSAccountId, ActionName)
This method calls sns.Client.add_permission().
Parameters
Label (string) A unique identifier for the new policy statement.
AWSAccountId (list) The AWS account IDs of the users (principals) who will be given
access to the specified actions. The users must have AWS accounts, but do not need to be
signed up for this service.
ActionName (list) The action you want to allow for the specified principal(s).
Valid values: any Amazon SNS action name.
Return type dict
confirm_subscription(Token, AuthenticateOnUnsubscribe=None)
This method calls sns.Client.confirm_subscription().
Parameters
Token (string) Short-lived token sent to an endpoint during the Subscribe action.
AuthenticateOnUnsubscribe (string) Disallows unauthenticated unsubscribes of the
subscription. If the value of this parameter is true and the request has an AWS signature,
then only the topic owner and the subscription owner can unsubscribe the endpoint. The
unsubscribe action requires AWS authentication.
Return type sns.Subscription
delete()
This method calls sns.Client.delete_topic().
Return type dict

publish(Message, TargetArn=None, Subject=None, MessageStructure=None, MessageAt-

tributes=None)
This method calls sns.Client.publish().
Parameters
TargetArn (string) Either TopicArn or EndpointArn, but not both.
characters long.
2.1. Services 601

Valid value: json
Return type dict
remove_permission(Label)
This method calls sns.Client.remove_permission().
Parameters Label (string) The unique label of the statement you want to remove.
Return type dict
set_attributes(AttributeName, AttributeValue=None)
This method calls sns.Client.set_topic_attributes().
Parameters
topics attributes are mutable.
Valid values: Policy | DisplayName | DeliveryPolicy
AttributeValue (string) The new value for the attribute.
Return type dict
subscribe(Protocol, Endpoint=None)
This method calls sns.Client.subscribe().
Parameters
Protocol (string) The protocol you want to use. Supported protocols include:
http delivery of JSON-encoded message via HTTP POST
https delivery of JSON-encoded message via HTTPS POST
email delivery of message via SMTP
email-json delivery of JSON-encoded message via SMTP
sms delivery of message via SMS
sqs delivery of JSON-encoded message to an Amazon SQS queue
application delivery of JSON-encoded message to an EndpointArn for a mobile
app and device.
Endpoint (string) The endpoint that you want to receive notifications. Endpoints vary
by protocol:
For the http protocol, the endpoint is an URL beginning with http://
For the https protocol, the endpoint is a URL beginning with https://
For the email protocol, the endpoint is an email address
For the email-json protocol, the endpoint is an email address
For the sms protocol, the endpoint is a phone number of an SMS-enabled device
For the sqs protocol, the endpoint is the ARN of an Amazon SQS queue

For the application protocol, the endpoint is the EndpointArn of a mobile app and
device.
Return type sns.Subscription
Sub-resources
along to the child.
Subscription(arn)
Create a sns.Subscription instance.
Collections
subscriptions
(CollectionManager) A collection of sns.Subscription instances. This collection uses the
sns.Client.list_subscriptions_by_topic() operation to get items.
2.1.36 Amazon Simple Queue Service
Table of Contents
Amazon Simple Queue Service
Client
Service Resource
Message
Queue
Client
class sqs.Client
A low-level client representing Amazon Simple Queue Service:
import boto3
add_permission(QueueUrl, Label, AWSAccountIds, Actions)

Adds a permission to a queue for a specific principal . This allows for sharing access to the queue.
When you create a queue, you have full control access rights for the queue. Only you (as owner of the
queue) can grant or deny permissions to the queue. For more information about these permissions, see
Shared Queues in the Amazon SQS Developer Guide .
Attribute.1=this
Attribute.2=that
Parameters
QueueUrl (string) The URL of the Amazon SQS queue to take action on.
Label (string) The unique identification of the permission youre setting (e.g.,
AliceSendMessage ). Constraints: Maximum 80 characters; alphanumeric charac-
ters, hyphens (-), and underscores (_) are allowed.
2.1. Services 603

AWSAccountIds (list) The AWS account number of the principal who will be given
permission. The principal must have an AWS account, but does not need to be signed
up for Amazon SQS. For information about locating the AWS account identification, see
Your AWS Identifiers in the Amazon SQS Developer Guide .
Actions (list) The action the client wants to allow for the speci-
fied principal. The following are valid values: * | SendMessage |
ReceiveMessage | DeleteMessage | ChangeMessageVisibility
| GetQueueAttributes | GetQueueUrl . For more information about these
actions, see Understanding Permissions in the Amazon SQS Developer Guide .
Specifying SendMessage , DeleteMessage , or ChangeMessageVisibility
for the ActionName.n also grants permissions for the corresponding batch ver-
sions of those actions: SendMessageBatch , DeleteMessageBatch , and
ChangeMessageVisibilityBatch .
Return type dict
change_message_visibility(QueueUrl, ReceiptHandle, VisibilityTimeout)
Changes the visibility timeout of a specified message in a queue to a new value. The maximum allowed
timeout value you can set the value to is 12 hours. This means you cant extend the timeout of a message
in an existing queue to more than a total visibility timeout of 12 hours. (For more information visibility
timeout, see Visibility Timeout in the Amazon SQS Developer Guide .)
For example, lets say you have a message and its default message visibility timeout is 30 minutes. You
could call ChangeMessageVisiblity with a value of two hours and the effective timeout would be
two hours and 30 minutes. When that time comes near you could again extend the time out by calling
ChangeMessageVisiblity, but this time the maximum allowed timeout would be 9 hours and 30 minutes.
Warning: If you attempt to set the VisibilityTimeout to an amount more than the maximum
time left, Amazon SQS returns an error. It will not automatically recalculate and increase the timeout
to the maximum time remaining.
Warning: Unlike with a queue, when you change the visibility timeout for a specific message, that
timeout value is applied immediately but is not saved in memory for that message. If you dont delete
a message after it is received, the visibility timeout for the message the next time it is received reverts
to the original timeout value, not the value you set with the ChangeMessageVisibility action.
Parameters
ReceiptHandle (string) The receipt handle associated with the message whose visibility
timeout should be changed. This parameter is returned by the ReceiveMessage action.
VisibilityTimeout (integer) The new value (in seconds - from 0 to 43200 - maximum
12 hours) for the messages visibility timeout.
Return type dict
change_message_visibility_batch(QueueUrl, Entries)
Changes the visibility timeout of multiple messages. This is a batch version of ChangeMessageVisibility
. The result of the action on each message is reported individually in the response. You can send up to 10
ChangeMessageVisibility requests with each ChangeMessageVisibilityBatch action.
Warning: Because the batch request can result in a combination of successful and unsuccessful
actions, you should check for batch errors even when the call returns an HTTP status code of 200.

Attribute.1=this
Attribute.2=that
Parameters
Entries (list) A list of receipt handles of the messages for which the visibility timeout
must be changed.
Return type dict
create_queue(QueueName, Attributes=None)
Creates a new queue, or returns the URL of an existing one. When you request CreateQueue , you
provide a name for the queue. To successfully create a new queue, you must provide a name that is unique
within the scope of your own queues.
You may pass one or more attributes in the request. If you do not provide a value for any attribute, the
queue will have the default value for that attribute. Permitted attributes are the same that can be set using
SetQueueAttributes .
If you provide the name of an existing queue, along with the exact names and values of all the queues
attributes, CreateQueue returns the queue URL for the existing queue. If the queue name, attribute
names, or attribute values do not match an existing queue, CreateQueue returns an error.
Attribute.1=this
Attribute.2=that
Parameters
QueueName (string) The name for the queue to be created.
Attributes (dict) A map of attributes with their corresponding values.
The following lists the names, descriptions, and values of the special request parameters
the CreateQueue action uses:
DelaySeconds - The time in seconds that the delivery of all messages in the queue
will be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is
0 (zero).
MaximumMessageSize - The limit of how many bytes a message can contain before
Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256
KiB). The default for this attribute is 262144 (256 KiB).
MessageRetentionPeriod - The number of seconds Amazon SQS retains a mes-
sage. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The
default for this attribute is 345600 (4 days).
Policy - The queues policy. A valid form-url-encoded policy. For more information
about policy structure, see Basic Policy Structure in the Amazon SQS Developer Guide
. For more information about form-url-encoding, see http://www.w3.org/MarkUp/html-
spec/html-spec_8.html#SEC8.2.1 .
ReceiveMessageWaitTimeSeconds - The time for which a ReceiveMessage call
will wait for a message to arrive. An integer from 0 to 20 (seconds). The default for this
attribute is 0.
VisibilityTimeout - The visibility timeout for the queue. An integer from 0 to
43200 (12 hours). The default for this attribute is 30. For more information about
visibility timeout, see Visibility Timeout in the Amazon SQS Developer Guide .
2.1. Services 605

Return type dict

delete_message(QueueUrl, ReceiptHandle)
Deletes the specified message from the specified queue. You specify the message by using the messages
receipt handle and not the message ID you received when you sent the message. Even if the
message is locked by another reader due to the visibility timeout setting, it is still deleted from the queue.
If you leave a message in the queue for longer than the queues configured retention period, Amazon SQS
automatically deletes it.
Warning: It is possible you will receive a message even after you have deleted it. This might happen
on rare occasions if one of the servers storing a copy of the message is unavailable when you request to
delete the message. The copy remains on the server and might be returned to you again on a subsequent
receive request. You should create your system to be idempotent so that receiving a particular message
more than once is not a problem.
Parameters
ReceiptHandle (string) The receipt handle associated with the message to delete.
Return type dict
delete_message_batch(QueueUrl, Entries)
Deletes multiple messages. This is a batch version of DeleteMessage . The result of the delete action on
each message is reported individually in the response.
Attribute.1=this
Attribute.2=that
Parameters
Entries (list) A list of receipt handles for the messages to be deleted.
Return type dict
delete_queue(QueueUrl)
Deletes the queue specified by the queue URL , regardless of whether the queue is empty. If the specified
queue does not exist, Amazon SQS returns a successful response.
Warning: Use DeleteQueue with care; once you delete your queue, any messages in the queue are
no longer available.
When you delete a queue, the deletion process takes up to 60 seconds. Requests you send involving that
queue during the 60 seconds might succeed. For example, a SendMessage request might succeed, but after
the 60 seconds, the queue and that message you sent no longer exist. Also, when you delete a queue, you
must wait at least 60 seconds before creating a queue with the same name.
We reserve the right to delete queues that have had no activity for more than 30 days. For more information,
see How Amazon SQS Queues Work in the Amazon SQS Developer Guide .
Parameters QueueUrl (string) The URL of the Amazon SQS queue to take action on.
Return type dict

get_queue_attributes(QueueUrl, AttributeNames=None)
Gets attributes for the specified queue. The following attributes are supported:
All - returns all values.
ApproximateNumberOfMessages - returns the approximate number of visible messages in a
queue. For more information, see Resources Required to Process Messages in the Amazon SQS De-
veloper Guide .
ApproximateNumberOfMessagesNotVisible - returns the approximate number of mes-
sages that are not timed-out and not deleted. For more information, see Resources Required to Process
Messages in the Amazon SQS Developer Guide .
VisibilityTimeout - returns the visibility timeout for the queue. For more information about
CreatedTimestamp - returns the time when the queue was created (epoch time in seconds).
LastModifiedTimestamp - returns the time when the queue was last changed (epoch time in
seconds).
Policy - returns the queues policy.
MaximumMessageSize - returns the limit of how many bytes a message can contain before Ama-
zon SQS rejects it.
MessageRetentionPeriod - returns the number of seconds Amazon SQS retains a message.
QueueArn - returns the queues Amazon resource name (ARN).
ApproximateNumberOfMessagesDelayed - returns the approximate number of messages
that are pending to be added to the queue.
DelaySeconds - returns the default delay on the queue in seconds.
ReceiveMessageWaitTimeSeconds - returns the time for which a ReceiveMessage call will
wait for a message to arrive.
RedrivePolicy - returns the parameters for dead letter queue functionality of the source queue.
For more information about RedrivePolicy and dead letter queues, see Using Amazon SQS Dead
Letter Queues in the Amazon SQS Developer Guide .
Attribute.1=this
Attribute.2=that
Parameters
AttributeNames (list) A list of attributes to retrieve information for.
Return type dict
get_queue_url(QueueName, QueueOwnerAWSAccountId=None)
Returns the URL of an existing queue. This action provides a simple way to retrieve the URL of an
Amazon SQS queue.
To access a queue that belongs to another AWS account, use the QueueOwnerAWSAccountId parame-
ter to specify the account ID of the queues owner. The queues owner must grant you permission to access
the queue. For more information about shared queue access, see AddPermission or go to Shared Queues
in the Amazon SQS Developer Guide .
Parameters
2.1. Services 607

QueueName (string) The name of the queue whose URL must be fetched. Maximum
80 characters; alphanumeric characters, hyphens (-), and underscores (_) are allowed.
QueueOwnerAWSAccountId (string) The AWS account ID of the account that created
the queue.
Return type dict
list_dead_letter_source_queues(QueueUrl)
Returns a list of your queues that have the RedrivePolicy queue attribute configured with a dead letter
queue.
For more information about using dead letter queues, see Using Amazon SQS Dead Letter Queues .
Parameters QueueUrl (string) The queue URL of a dead letter queue.
Return type dict
list_queues(QueueNamePrefix=None)
Returns a list of your queues. The maximum number of queues that can be returned is 1000. If you specify
a value for the optional QueueNamePrefix parameter, only queues with a name beginning with the
specified value are returned.
Parameters QueueNamePrefix (string) A string to use for filtering the list results. Only those
queues whose name begins with the specified string are returned.
Return type dict
receive_message(QueueUrl, AttributeNames=None, MessageAttributeNames=None, MaxNum-
berOfMessages=None, VisibilityTimeout=None, WaitTimeSeconds=None)
Retrieves one or more messages, with a maximum limit of 10 messages, from the specified queue. Long
poll support is enabled by using the WaitTimeSeconds parameter. For more information, see Amazon
SQS Long Poll in the Amazon SQS Developer Guide .
Short poll is the default behavior where a weighted random set of machines is sampled on a
ReceiveMessage call. This means only the messages on the sampled machines are returned. If the
number of messages in the queue is small (less than 1000), it is likely you will get fewer messages than
you requested per ReceiveMessage call. If the number of messages in the queue is extremely small,
you might not receive any messages in a particular ReceiveMessage response; in which case you
should repeat the request.
For each message returned, the response includes the following:
Message body
MD5 digest of the message body. For information about MD5, go to
http://www.faqs.org/rfcs/rfc1321.html .
Message ID you received when you sent the message to the queue.
Receipt handle.
Message attributes.
MD5 digest of the message attributes.
The receipt handle is the identifier you must provide when deleting the message. For more information,
see Queue and Message Identifiers in the Amazon SQS Developer Guide .
You can provide the VisibilityTimeout parameter in your request, which will be applied to the
messages that Amazon SQS returns in the response. If you do not include the parameter, the overall
visibility timeout for the queue is used for the returned messages. For more information, see Visibility
Timeout in the Amazon SQS Developer Guide .
Parameters

AttributeNames (list) A list of attributes that need to be returned along with each mes-
sage.
The following lists the names and descriptions of the attributes that can be returned:
ApproximateFirstReceiveTimestamp - returns the time when the message
was first received (epoch time in milliseconds).
ApproximateReceiveCount - returns the number of times a message has been
received but not deleted.
SenderId - returns the AWS account number (or the IP address, if anonymous access
is allowed) of the sender.
SentTimestamp - returns the time when the message was sent (epoch time in mil-
liseconds).
MessageAttributeNames (list) The message attribute Name can contain the following
characters: A-Z, a-z, 0-9, underscore(_), hyphen(-), and period (.). The message attribute
name must not start or end with a period, and it should not have successive periods. The
message attribute name is case sensitive and must be unique among all attribute names
for the message. The message attribute name can be up to 256 characters long. Attribute
names cannot start with AWS. or Amazon. because these prefixes are reserved for use
by Amazon Web Services.
MaxNumberOfMessages (integer) The maximum number of messages to return. Ama-
zon SQS never returns more messages than this value but may return fewer. Values can be
from 1 to 10. Default is 1.
All of the messages are not necessarily returned.
VisibilityTimeout (integer) The duration (in seconds) that the received messages are
hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage
request.
WaitTimeSeconds (integer) The duration (in seconds) for which the call will wait for
a message to arrive in the queue before returning. If a message is available, the call will
return sooner than WaitTimeSeconds.
Return type dict
remove_permission(QueueUrl, Label)
Revokes any permissions in the queue policy that matches the specified Label parameter. Only the owner
of the queue can remove permissions.
Parameters
Label (string) The identification of the permission to remove. This is the label added
with the AddPermission action.
Return type dict
send_message(QueueUrl, MessageBody, DelaySeconds=None, MessageAttributes=None)
Delivers a message to the specified queue. With Amazon SQS, you now have the ability to send large
payload messages that are up to 256KB (262,144 bytes) in size. To send large payloads, you must use an
AWS SDK that supports SigV4 signing. To verify whether SigV4 is supported for an AWS SDK, check
the SDK release notes.
2.1. Services 609

Warning: The following list shows the characters (in Unicode) allowed in your message, according to
the W3C XML specification. For more information, go to http://www.w3.org/TR/REC-xml/#charsets
If you send any characters not included in the list, your request will be rejected.
#x9 | #xA | #xD | [#x20 to #xD7FF] | [#xE000 to #xFFFD] | [#x10000 to #x10FFFF]
Parameters
MessageBody (string) The message to send. String maximum 256 KB in size. For a list
of allowed characters, see the preceding important note.
DelaySeconds (integer) The number of seconds (0 to 900 - 15 minutes) to delay a spe-
cific message. Messages with a positive DelaySeconds value become available for
processing after the delay time is finished. If you dont specify a value, the default value
for the queue applies.
MessageAttributes (dict) Each message attribute consists of a Name, Type, and Value.
For more information, see Message Attribute Items .
Return type dict
send_message_batch(QueueUrl, Entries)
Delivers up to ten messages to the specified queue. This is a batch version of SendMessage . The result of
the send action on each message is reported individually in the response. The maximum allowed individual
message size is 256 KB (262,144 bytes).
The maximum total payload size (i.e., the sum of all a batchs individual message lengths) is also 256 KB
(262,144 bytes).
If the DelaySeconds parameter is not specified for an entry, the default for the queue is used.
Warning: The following list shows the characters (in Unicode) that are allowed in
your message, according to the W3C XML specification. For more information, go to
http://www.faqs.org/rfcs/rfc1321.html . If you send any characters that are not included in the list,
your request will be rejected.
#x9 | #xA | #xD | [#x20 to #xD7FF] | [#xE000 to #xFFFD] | [#x10000 to #x10FFFF]
Attribute.1=this
Attribute.2=that
Parameters
Entries (list) A list of SendMessageBatchRequestEntry items.
Return type dict
set_queue_attributes(QueueUrl, Attributes)
Sets the value of one or more queue attributes. When you change a queues attributes, the change can take
up to 60 seconds for most of the attributes to propagate throughout the SQS system. Changes made to the
MessageRetentionPeriod attribute can take up to 15 minutes.
Parameters

Attributes (dict) A map of attributes to set.

the SetQueueAttributes action uses:
0 (zero).
attribute is 0.
RedrivePolicy - The parameters for dead letter queue functionality of the source
queue. For more information about RedrivePolicy and dead letter queues, see Using
Amazon SQS Dead Letter Queues in the Amazon SQS Developer Guide .
Return type dict
Service Resource
class sqs.Service
A resource representing Amazon Simple Queue Service:
import boto3
Actions
some attributes.
create_queue(QueueName, Attributes=None)
This method calls sqs.Client.create_queue().
Parameters
QueueName (string) The name for the queue to be created.
Attributes (dict) A map of attributes with their corresponding values.
the CreateQueue action uses:
2.1. Services 611

0 (zero).
attribute is 0.
Return type sqs.Queue
get_queue_by_name(QueueName, QueueOwnerAWSAccountId=None)
This method calls sqs.Client.get_queue_url().
Parameters
QueueName (string) The name of the queue whose URL must be fetched. Maximum
80 characters; alphanumeric characters, hyphens (-), and underscores (_) are allowed.
QueueOwnerAWSAccountId (string) The AWS account ID of the account that created
the queue.
Return type sqs.Queue
Sub-resources
along to the child.
Message(queue_url, receipt_handle)
Create a sqs.Message instance.
Queue(url)
Create a sqs.Queue instance.
Collections
dead_letter_source_queues
(CollectionManager) A collection of sqs.Queue instances. This collection uses the
sqs.Client.list_dead_letter_source_queues() operation to get items.
queues
(CollectionManager) A collection of sqs.Queue instances. This collection uses the
sqs.Client.list_queues() operation to get items.

Message
class sqs.Message(queue_url, receipt_handle)

A resource representing an Amazon Simple Queue Service Message:
import boto3
message = sqs.Message(queue_url, receipt_handle)
Identifiers:
queue_url
(string, identifier) The Messages QueueUrl identifier. This attribute must be set for the actions below
to work.
receipt_handle
(string, identifier) The Messages ReceiptHandle identifier. This attribute must be set for the actions
below to work.
Attributes:
attributes
(dict) SenderId , SentTimestamp , ApproximateReceiveCount ,
and/or ApproximateFirstReceiveTimestamp . SentTimestamp and
ApproximateFirstReceiveTimestamp are each returned as an integer representing the
epoch time in milliseconds.
body
(string) The messages contents (not URL-encoded).
md5_of_body
(string) An MD5 digest of the non-URL-encoded message body string.
md5_of_message_attributes
(string) An MD5 digest of the non-URL-encoded message attribute string. This can be used to verify
that Amazon SQS received the message correctly. Amazon SQS first URL decodes the message before
creating the MD5 digest. For information about MD5, go to http://www.faqs.org/rfcs/rfc1321.html .
message_attributes
(dict) Each message attribute consists of a Name, Type, and Value. For more information, see Message
Attribute Items .
message_id
(string) A unique identifier for the message. Message IDs are considered unique across all AWS ac-
counts for an extended period of time.
receipt_handle
(string) An identifier associated with the act of receiving the message. A new receipt handle is returned
every time you receive a message. When deleting a message, you provide the last received receipt handle
to delete the message.
Actions
some attributes.
2.1. Services 613

change_visibility(VisibilityTimeout)
This method calls sqs.Client.change_message_visibility().
Parameters VisibilityTimeout (integer) The new value (in seconds - from 0 to 43200 - max-
imum 12 hours) for the messages visibility timeout.
Return type dict
delete()
This method calls sqs.Client.delete_message().
Return type dict
References
queue
(sqs.Queue) The related Queue if set, otherwise None.
Queue
class sqs.Queue(url)
A resource representing an Amazon Simple Queue Service Queue:
import boto3
queue = sqs.Queue(url)
Identifiers:
url
(string, identifier) The Queues Url identifier. This attribute must be set for the actions below to work.
Attributes:
attributes
(dict) A map of attributes to the respective values.
Actions
some attributes.
add_permission(Label, AWSAccountIds, Actions)
This method calls sqs.Client.add_permission().
Parameters
Label (string) The unique identification of the permission youre setting (e.g.,
AliceSendMessage ). Constraints: Maximum 80 characters; alphanumeric charac-
ters, hyphens (-), and underscores (_) are allowed.
AWSAccountIds (list) The AWS account number of the principal who will be given
permission. The principal must have an AWS account, but does not need to be signed
up for Amazon SQS. For information about locating the AWS account identification, see
Your AWS Identifiers in the Amazon SQS Developer Guide .

Actions (list) The action the client wants to allow for the speci-
fied principal. The following are valid values: * | SendMessage |
ReceiveMessage | DeleteMessage | ChangeMessageVisibility
| GetQueueAttributes | GetQueueUrl . For more information about these
actions, see Understanding Permissions in the Amazon SQS Developer Guide .
Specifying SendMessage , DeleteMessage , or ChangeMessageVisibility
for the ActionName.n also grants permissions for the corresponding batch ver-
sions of those actions: SendMessageBatch , DeleteMessageBatch , and
ChangeMessageVisibilityBatch .
Return type dict
change_message_visibility_batch(Entries)
This method calls sqs.Client.change_message_visibility_batch().
Parameters Entries (list) A list of receipt handles of the messages for which the visibility
timeout must be changed.
Return type dict
delete()
This method calls sqs.Client.delete_queue().
Return type dict
delete_messages(Entries)
This method calls sqs.Client.delete_message_batch().
Parameters Entries (list) A list of receipt handles for the messages to be deleted.
Return type dict
receive_messages(AttributeNames=None, MessageAttributeNames=None, MaxNumberOfMes-
sages=None, VisibilityTimeout=None, WaitTimeSeconds=None)
This method calls sqs.Client.receive_message().
Parameters
AttributeNames (list) A list of attributes that need to be returned along with each mes-
sage.
The following lists the names and descriptions of the attributes that can be returned:
ApproximateFirstReceiveTimestamp - returns the time when the message
was first received (epoch time in milliseconds).
ApproximateReceiveCount - returns the number of times a message has been
received but not deleted.
SenderId - returns the AWS account number (or the IP address, if anonymous access
is allowed) of the sender.
SentTimestamp - returns the time when the message was sent (epoch time in mil-
liseconds).
MessageAttributeNames (list) The message attribute Name can contain the following
characters: A-Z, a-z, 0-9, underscore(_), hyphen(-), and period (.). The message attribute
name must not start or end with a period, and it should not have successive periods. The
message attribute name is case sensitive and must be unique among all attribute names
for the message. The message attribute name can be up to 256 characters long. Attribute
2.1. Services 615

names cannot start with AWS. or Amazon. because these prefixes are reserved for use
by Amazon Web Services.
MaxNumberOfMessages (integer) The maximum number of messages to return. Ama-
zon SQS never returns more messages than this value but may return fewer. Values can be
from 1 to 10. Default is 1.
All of the messages are not necessarily returned.
VisibilityTimeout (integer) The duration (in seconds) that the received messages are
hidden from subsequent retrieve requests after being retrieved by a ReceiveMessage
request.
WaitTimeSeconds (integer) The duration (in seconds) for which the call will wait for
a message to arrive in the queue before returning. If a message is available, the call will
return sooner than WaitTimeSeconds.
Return type sqs.Message
remove_permission(Label)
This method calls sqs.Client.remove_permission().
Parameters Label (string) The identification of the permission to remove. This is the label
added with the AddPermission action.
Return type dict
send_message(MessageBody, DelaySeconds=None, MessageAttributes=None)
This method calls sqs.Client.send_message().
Parameters
MessageBody (string) The message to send. String maximum 256 KB in size. For a list
of allowed characters, see the preceding important note.
DelaySeconds (integer) The number of seconds (0 to 900 - 15 minutes) to delay a spe-
cific message. Messages with a positive DelaySeconds value become available for
processing after the delay time is finished. If you dont specify a value, the default value
for the queue applies.
MessageAttributes (dict) Each message attribute consists of a Name, Type, and Value.
For more information, see Message Attribute Items .
Return type dict
send_messages(Entries)
This method calls sqs.Client.send_message_batch().
Parameters Entries (list) A list of SendMessageBatchRequestEntry items.
Return type dict
This method calls sqs.Client.set_queue_attributes().
Parameters Attributes (dict) A map of attributes to set.
The following lists the names, descriptions, and values of the special request parameters the
SetQueueAttributes action uses:
DelaySeconds - The time in seconds that the delivery of all messages in the queue will
be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is 0 (zero).

sage. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The default
for this attribute is 345600 (4 days).
attribute is 0.
43200 (12 hours). The default for this attribute is 30. For more information about visibility
timeout, see Visibility Timeout in the Amazon SQS Developer Guide .
RedrivePolicy - The parameters for dead letter queue functionality of the source
queue. For more information about RedrivePolicy and dead letter queues, see Using Ama-
zon SQS Dead Letter Queues in the Amazon SQS Developer Guide .
Return type dict
Sub-resources
along to the child.
Message(receipt_handle)
Create a sqs.Message instance.
2.1.37 AWS Storage Gateway
Table of Contents
AWS Storage Gateway
Client
Client
class storagegateway.Client
A low-level client representing AWS Storage Gateway:
import boto3
storagegateway = boto3.client(storagegateway)
activate_gateway(ActivationKey, GatewayName, GatewayTimezone, GatewayRegion, Gateway-

Type=None, TapeDriveType=None, MediumChangerType=None)
This operation activates the gateway you previously deployed on your host. For more information, see
Activate the AWS Storage Gateway . In the activation process, you specify information such as the region
you want to use for storing snapshots, the time zone for scheduled snapshots the gateway snapshot schedule
2.1. Services 617

window, an activation key, and a name for your gateway. The activation process also associates your
gateway with your account; for more information, see UpdateGatewayInformation .
Parameters
ActivationKey (string) Your gateway activation key. You can obtain the activation key
by sending an HTTP GET request with redirects enabled to the gateway IP address (port
80). The redirect URL returned in the response provides you the activation key for your
gateway in the query string parameter activationKey . It may also include other
activation-related parameters, however, these are merely defaults the arguments you pass
to the ActivateGateway API call determine the actual configuration of your gateway.
GatewayName (string) A unique identifier for your gateway. This name becomes part
of the gateway Amazon Resources Name (ARN) which is what you use as an input to
other operations.
GatewayTimezone (string) One of the values that indicates the time zone you want to
set for the gateway. The time zone is used, for example, for scheduling snapshots and your
gateways maintenance schedule.
GatewayRegion (string) One of the values that indicates the region where you want to
store the snapshot backups. The gateway region specified must be the same region as the
region in your Host header in the request. For more information about available regions
and endpoints for AWS Storage Gateway, see Regions and Endpoints in the Amazon Web
Services Glossary .
Valid Values : us-east-1, us-west-1, us-west-2, eu-west-1, eu-central-1, ap-
northeast-1, ap-southeast-1, ap-southeast-2, sa-east-1
GatewayType (string) One of the values that defines the type of gateway to activate.
The type specified is critical to all later functions of the gateway and cannot be changed
after activation. The default value is STORED .
TapeDriveType (string) The value that indicates the type of tape drive to use for
gateway-VTL. This field is optional.
Valid Values : IBM-ULT3580-TD5
MediumChangerType (string) The value that indicates the type of medium changer to
use for gateway-VTL. This field is optional.
Valid Values : STK-L700
Return type dict
add_cache(GatewayARN, DiskIds)
This operation configures one or more gateway local disks as cache for a cached-volume gateway. This
operation is supported only for the gateway-cached volume architecture (see Storage Gateway Concepts ).
In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add cache,
and one or more disk IDs that you want to configure as cache.
Parameters
GatewayARN (string) The Amazon Resource Name (ARN) of the gateway. Use the
ListGateways operation to return a list of gateways for your account and region.
DiskIds (list)
Return type dict

add_upload_buffer(GatewayARN, DiskIds)
This operation configures one or more gateway local disks as upload buffer for a specified gateway. This
operation is supported for both the gateway-stored and gateway-cached volume architectures.
In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add upload
buffer, and one or more disk IDs that you want to configure as upload buffer.
Parameters
DiskIds (list)
Return type dict
add_working_storage(GatewayARN, DiskIds)
This operation configures one or more gateway local disks as working storage for a gateway. This operation
is supported only for the gateway-stored volume architecture. This operation is deprecated method in
cached-volumes API version (20120630). Use AddUploadBuffer instead.
In the request, you specify the gateway Amazon Resource Name (ARN) to which you want to add working
storage, and one or more disk IDs that you want to configure as working storage.
Parameters
DiskIds (list) An array of strings that identify disks that are to be configured as working
storage. Each string have a minimum length of 1 and maximum length of 300. You can
get the disk IDs from the ListLocalDisks API.
Return type dict
cancel_archival(GatewayARN, TapeARN)
Cancels archiving of a virtual tape to the virtual tape shelf (VTS) after the archiving process is initiated.
Parameters
TapeARN (string) The Amazon Resource Name (ARN) of the virtual tape you want to
cancel archiving for.
Return type dict
cancel_retrieval(GatewayARN, TapeARN)
Cancels retrieval of a virtual tape from the virtual tape shelf (VTS) to a gateway after the retrieval process
is initiated. The virtual tape is returned to the VTS.
Parameters
cancel retrieval for.
Return type dict
2.1. Services 619

create_cached_iscsi_volume(GatewayARN, VolumeSizeInBytes, TargetName, NetworkInter-

faceId, ClientToken, SnapshotId=None)
This operation creates a cached volume on a specified cached gateway. This operation is supported only
for the gateway-cached volume architecture.
In the request, you must specify the gateway, size of the volume in bytes, the iSCSI target name, an IP
address on which to expose the target, and a unique client token. In response, AWS Storage Gateway
creates the volume and returns information about it such as the volume Amazon Resource Name (ARN),
its size, and the iSCSI target ARN that initiators can use to connect to the volume target.
Parameters
VolumeSizeInBytes (integer)
SnapshotId (string)
TargetName (string)
NetworkInterfaceId (string)
ClientToken (string)
Return type dict
create_snapshot(VolumeARN, SnapshotDescription)
This operation initiates a snapshot of a volume.
AWS Storage Gateway provides the ability to back up point-in-time snapshots of your data to Amazon
Simple Storage (S3) for durable off-site recovery, as well as import the data to an Amazon Elastic Block
Store (EBS) volume in Amazon Elastic Compute Cloud (EC2). You can take snapshots of your gate-
way volume on a scheduled or ad-hoc basis. This API enables you to take ad-hoc snapshot. For more
information, see Working With Snapshots in the AWS Storage Gateway Console .
In the CreateSnapshot request you identify the volume by providing its Amazon Resource Name (ARN).
You must also provide description for the snapshot. When AWS Storage Gateway takes the snapshot of
specified volume, the snapshot and description appears in the AWS Storage Gateway Console. In response,
AWS Storage Gateway returns you a snapshot ID. You can use this snapshot ID to check the snapshot
progress or later use it when you want to create a volume from a snapshot.
Parameters
VolumeARN (string) The Amazon Resource Name (ARN) of the volume. Use the
ListVolumes operation to return a list of gateway volumes.
SnapshotDescription (string) Textual description of the snapshot that appears in the
Amazon EC2 console, Elastic Block Store snapshots panel in the Description field, and
in the AWS Storage Gateway snapshot Details pane, Description field
Return type dict
create_snapshot_from_volume_recovery_point(VolumeARN, SnapshotDescription)
This operation initiates a snapshot of a gateway from a volume recovery point. This operation is supported
only for the gateway-cached volume architecture (see ).
A volume recovery point is a point in time at which all data of the volume is consistent and from which
you can create a snapshot. To get a list of volume recovery point for gateway-cached volumes, use ListVol-
umeRecoveryPoints .
In the CreateSnapshotFromVolumeRecoveryPoint request, you identify the volume by provid-
ing its Amazon Resource Name (ARN). You must also provide a description for the snapshot. When AWS
Storage Gateway takes a snapshot of the specified volume, the snapshot and its description appear in the

AWS Storage Gateway console. In response, AWS Storage Gateway returns you a snapshot ID. You can
use this snapshot ID to check the snapshot progress or later use it when you want to create a volume from
a snapshot.
Parameters
VolumeARN (string)
SnapshotDescription (string)
Return type dict
create_stored_iscsi_volume(GatewayARN, DiskId, PreserveExistingData, TargetName, Net-
workInterfaceId, SnapshotId=None)
This operation creates a volume on a specified gateway. This operation is supported only for the gateway-
stored volume architecture.
The size of the volume to create is inferred from the disk size. You can choose to preserve existing data on
the disk, create volume from an existing snapshot, or create an empty volume. If you choose to create an
empty gateway volume, then any existing data on the disk is erased.
In the request you must specify the gateway and the disk information on which you are creating the volume.
In response, AWS Storage Gateway creates the volume and returns volume information such as the volume
Amazon Resource Name (ARN), its size, and the iSCSI target ARN that initiators can use to connect to
the volume target.
Parameters
DiskId (string) The unique identifier for the gateway local disk that is configured as a
stored volume. Use ListLocalDisks to list disk IDs for a gateway.
SnapshotId (string) The snapshot ID (e.g. snap-1122aabb) of the snapshot to restore
as the new stored volume. Specify this field if you want to create the iSCSI storage volume
from a snapshot otherwise do not include this field. To list snapshots for your account use
DescribeSnapshots in the Amazon Elastic Compute Cloud API Reference .
PreserveExistingData (boolean) Specify this field as true if you want to preserve the
data on the local disk. Otherwise, specifying this field as false creates an empty volume.
Valid Values : true, false
TargetName (string) The name of the iSCSI target used by initiators to con-
nect to the target and as a suffix for the target ARN. For example, specifying
TargetName as myvolume results in the target ARN of arn:aws:storagegateway:us-east-
1:111122223333:gateway/mygateway/target/iqn.1997-05.com.amazon:myvolume. The
target name must be unique across all volumes of a gateway.
NetworkInterfaceId (string) The network interface of the gateway on which to expose
the iSCSI target. Only IPv4 addresses are accepted. Use DescribeGatewayInformation to
get a list of the network interfaces available on a gateway.
Valid Values : A valid IP address.
Return type dict
create_tapes(GatewayARN, TapeSizeInBytes, ClientToken, NumTapesToCreate, TapeBarcodePre-
fix)
Creates one or more virtual tapes. You write data to the virtual tapes and then archive the tapes.
Parameters
2.1. Services 621

GatewayARN (string) The unique Amazon Resource Name(ARN) that represents the
gateway to associate the virtual tapes with. Use the ListGateways operation to return a list
of gateways for your account and region.
TapeSizeInBytes (integer) The size, in bytes, of the virtual tapes you want to create.
ClientToken (string) A unique identifier that you use to retry a request. If you retry a
request, use the same ClientToken you specified in the initial request.
NumTapesToCreate (integer) The number of virtual tapes you want to create.
TapeBarcodePrefix (string) A prefix you append to the barcode of the virtual tape you
are creating. This makes a barcode unique.
Return type dict
delete_bandwidth_rate_limit(GatewayARN, BandwidthType)
This operation deletes the bandwidth rate limits of a gateway. You can delete either the upload and down-
load bandwidth rate limit, or you can delete both. If you delete only one of the limits, the other limit
remains unchanged. To specify which gateway to work with, use the Amazon Resource Name (ARN) of
the gateway in your request.
Parameters
BandwidthType (string)
Return type dict
delete_chap_credentials(TargetARN, InitiatorName)
This operation deletes Challenge-Handshake Authentication Protocol (CHAP) credentials for a specified
iSCSI target and initiator pair.
Parameters
TargetARN (string) The Amazon Resource Name (ARN) of the iSCSI volume target.
Use the DescribeStorediSCSIVolumes operation to return to retrieve the TargetARN for
specified VolumeARN.
InitiatorName (string) The iSCSI initiator that connects to the target.
Return type dict
delete_gateway(GatewayARN)
This operation deletes a gateway. To specify which gateway to delete, use the Amazon Resource Name
(ARN) of the gateway in your request. The operation deletes the gateway; however, it does not delete the
gateway virtual machine (VM) from your host computer.
After you delete a gateway, you cannot reactivate it. Completed snapshots of the gateway volumes are
not deleted upon deleting the gateway, however, pending snapshots will not complete. After you delete a
gateway, your next step is to remove it from your environment.
Warning: You no longer pay software charges after the gateway is deleted; however, your existing
Amazon EBS snapshots persist and you will continue to be billed for these snapshots. You can choose
to remove all remaining Amazon EBS snapshots by canceling your Amazon EC2 subscription. If you
prefer not to cancel your Amazon EC2 subscription, you can delete your snapshots using the Amazon
EC2 console. For more information, see the AWS Storage Gateway Detail Page .
Parameters GatewayARN (string) The Amazon Resource Name (ARN) of the gateway. Use
the ListGateways operation to return a list of gateways for your account and region.

Return type dict

delete_snapshot_schedule(VolumeARN)
This operation deletes a snapshot of a volume.
You can take snapshots of your gateway volumes on a scheduled or ad-hoc basis. This API enables you
to delete a snapshot schedule for a volume. For more information, see Working with Snapshots . In
the DeleteSnapshotSchedule request, you identify the volume by providing its Amazon Resource
Name (ARN).
Parameters VolumeARN (string)
Return type dict
delete_tape(GatewayARN, TapeARN)
Deletes the specified virtual tape.
Parameters
GatewayARN (string) The unique Amazon Resource Name (ARN) of the gateway that
the virtual tape to delete is associated with. Use the ListGateways operation to return a list
of gateways for your account and region.
TapeARN (string) The Amazon Resource Name (ARN) of the virtual tape to delete.
Return type dict
delete_tape_archive(TapeARN)
Deletes the specified virtual tape from the virtual tape shelf (VTS).
Parameters TapeARN (string) The Amazon Resource Name (ARN) of the virtual tape to
delete from the virtual tape shelf (VTS).
Return type dict
delete_volume(VolumeARN)
This operation delete the specified gateway volume that you previously created using the CreateStorediSC-
SIVolume API. For gateway-stored volumes, the local disk that was configured as the storage volume is
not deleted. You can reuse the local disk to create another storage volume.
Before you delete a gateway volume, make sure there are no iSCSI connections to the volume you are
deleting. You should also make sure there is no snapshot in progress. You can use the Amazon Elastic
Compute Cloud (Amazon EC2) API to query snapshots on the volume you are deleting and check the
snapshot status. For more information, go to DescribeSnapshots in the Amazon Elastic Compute Cloud
API Reference .
In the request, you must provide the Amazon Resource Name (ARN) of the storage volume you want to
delete.
Parameters VolumeARN (string) The Amazon Resource Name (ARN) of the volume. Use
the ListVolumes operation to return a list of gateway volumes.
Return type dict
describe_bandwidth_rate_limit(GatewayARN)
This operation returns the bandwidth rate limits of a gateway. By default, these limits are not set, which
means no bandwidth rate limiting is in effect.
This operation only returns a value for a bandwidth rate limit only if the limit is set. If no limits are set
for the gateway, then this operation returns only the gateway ARN in the response body. To specify which
gateway to describe, use the Amazon Resource Name (ARN) of the gateway in your request.
2.1. Services 623

Return type dict

describe_cache(GatewayARN)
This operation returns information about the cache of a gateway. This operation is supported only for the
gateway-cached volume architecture.
The response includes disk IDs that are configured as cache, and it includes the amount of cache allocated
and used.
Return type dict
describe_cached_iscsi_volumes(VolumeARNs)
This operation returns a description of the gateway volumes specified in the request. This operation is
supported only for the gateway-cached volume architecture.
The list of gateway volumes in the request must be from one gateway. In the response Amazon Storage
Gateway returns volume information sorted by volume Amazon Resource Name (ARN).
Parameters VolumeARNs (list)
Return type dict
describe_chap_credentials(TargetARN)
This operation returns an array of Challenge-Handshake Authentication Protocol (CHAP) credentials in-
formation for a specified iSCSI target, one for each target-initiator pair.
Parameters TargetARN (string) The Amazon Resource Name (ARN) of the iSCSI volume
target. Use the DescribeStorediSCSIVolumes operation to return to retrieve the TargetARN
for specified VolumeARN.
Return type dict
describe_gateway_information(GatewayARN)
This operation returns metadata about a gateway such as its name, network interfaces, configured time
zone, and the state (whether the gateway is running or not). To specify which gateway to describe, use the
Amazon Resource Name (ARN) of the gateway in your request.
Return type dict
describe_maintenance_start_time(GatewayARN)
This operation returns your gateways weekly maintenance start time including the day and time of the
week. Note that values are in terms of the gateways time zone.
Return type dict
describe_snapshot_schedule(VolumeARN)
This operation describes the snapshot schedule for the specified gateway volume. The snapshot schedule
information includes intervals at which snapshots are automatically initiated on the volume.
Parameters VolumeARN (string) The Amazon Resource Name (ARN) of the volume. Use
the ListVolumes operation to return a list of gateway volumes.
Return type dict

describe_stored_iscsi_volumes(VolumeARNs)
This operation returns description of the gateway volumes specified in the request. The list of gateway
volumes in the request must be from one gateway. In the response Amazon Storage Gateway returns
volume information sorted by volume ARNs.
Parameters VolumeARNs (list) An array of strings where each string represents the Amazon
Resource Name (ARN) of a stored volume. All of the specified stored volumes must from
the same gateway. Use ListVolumes to get volume ARNs for a gateway.
Return type dict
describe_tape_archives(TapeARNs=None, Marker=None, Limit=None)
Returns a description of specified virtual tapes in the virtual tape shelf (VTS).
If a specific TapeARN is not specified, AWS Storage Gateway returns a description of all virtual tapes
found in the VTS associated with your account.
Parameters
TapeARNs (list) Specifies one or more unique Amazon Resource Names (ARNs) that
represent the virtual tapes you want to describe.
Marker (string) An opaque string that indicates the position at which to begin describing
virtual tapes.
Limit (integer) Specifies that the number of virtual tapes descried be limited to the
specified number.
Return type dict
describe_tape_recovery_points(GatewayARN, Marker=None, Limit=None)
Returns a list of virtual tape recovery points that are available for the specified gateway-VTL.
A recovery point is a point in time view of a virtual tape at which all the data on the virtual tape is
consistent. If your gateway crashes, virtual tapes that have recovery points can be recovered to a new
gateway.
Parameters
the virtual tape recovery points.
Limit (integer) Specifies that the number of virtual tape recovery points that are de-
scribed be limited to the specified number.
Return type dict
describe_tapes(GatewayARN, TapeARNs=None, Marker=None, Limit=None)
Returns a description of the specified Amazon Resource Name (ARN) of virtual tapes. If a TapeARN is
not specified, returns a description of all virtual tapes associated with the specified gateway.
Parameters
2.1. Services 625

TapeARNs (list) Specifies one or more unique Amazon Resource Names (ARNs) that
represent the virtual tapes you want to describe. If this parameter is not specified, AWS
Storage Gateway returns a description of all virtual tapes associated with the specified
gateway.
Marker (string) A marker value, obtained in a previous call to DescribeTapes .
This marker indicates which page of results to retrieve.
If not specified, the first page of results is retrieved.
Limit (integer) Specifies that the number of virtual tapes described be limited to the
specified number.
Return type dict
describe_upload_buffer(GatewayARN)
This operation returns information about the upload buffer of a gateway. This operation is supported for
both the gateway-stored and gateway-cached volume architectures.
The response includes disk IDs that are configured as upload buffer space, and it includes the amount of
upload buffer space allocated and used.
Return type dict
describe_vtl_devices(GatewayARN, VTLDeviceARNs=None, Marker=None, Limit=None)
Returns a description of virtual tape library (VTL) devices for the specified gateway. In the response, AWS
Storage Gateway returns VTL device information.
The list of VTL devices must be from one gateway.
Parameters
VTLDeviceARNs (list) An array of strings, where each string represents the Amazon
Resource Name (ARN) of a VTL device.
the VTL devices.
Limit (integer) Specifies that the number of VTL devices described be limited to the
specified number.
Return type dict
describe_working_storage(GatewayARN)
This operation returns information about the working storage of a gateway. This operation is supported
only for the gateway-stored volume architecture. This operation is deprecated in cached-volumes API
version (20120630). Use DescribeUploadBuffer instead.
The response includes disk IDs that are configured as working storage, and it includes the amount of
working storage allocated and used.
Return type dict

disable_gateway(GatewayARN)
Disables a gateway when the gateway is no longer functioning. For example, if your gateway VM is
damaged, you can disable the gateway so you can recover virtual tapes.
Use this operation for a gateway-VTL that is not reachable or not functioning.
Warning: Once a gateway is disabled it cannot be enabled.
Return type dict
list_gateways(Marker=None, Limit=None)
This operation lists gateways owned by an AWS account in a region specified in the request. The returned
list is ordered by gateway Amazon Resource Name (ARN).
By default, the operation returns a maximum of 100 gateways. This operation supports pagination that
allows you to optionally reduce the number of gateways returned in a response.
If you have more gateways than are returned in a response-that is, the response returns only a truncated
list of your gateways-the response contains a marker that you can specify in your next request to fetch the
next page of gateways.
Parameters
Marker (string) An opaque string that indicates the position at which to begin the re-
turned list of gateways.
Limit (integer) Specifies that the list of gateways returned be limited to the specified
number of items.
Return type dict
list_local_disks(GatewayARN)
This operation returns a list of the local disks of a gateway. To specify which gateway to describe you use
the Amazon Resource Name (ARN) of the gateway in the body of the request.
The request returns all disks, specifying which are configured as working storage, stored volume or not
configured at all.
Return type dict
list_volume_recovery_points(GatewayARN)
This operation lists the recovery points for a specified gateway. This operation is supported only for the
gateway-cached volume architecture.
Each gateway-cached volume has one recovery point. A volume recovery point is a point in time at which
all data of the volume is consistent and from which you can create a snapshot. To create a snapshot from
a volume recovery point use the CreateSnapshotFromVolumeRecoveryPoint operation.
Return type dict
2.1. Services 627

list_volumes(GatewayARN, Marker=None, Limit=None)

This operation lists the iSCSI stored volumes of a gateway. Results are sorted by volume ARN. The re-
sponse includes only the volume ARNs. If you want additional volume information, use the DescribeStore-
diSCSIVolumes API.
The operation supports pagination. By default, the operation returns a maximum of up to 100 volumes.
You can optionally specify the Limit field in the body to limit the number of volumes in the response.
If the number of volumes returned in the response is truncated, the response includes a Marker field. You
can use this Marker value in your subsequent request to retrieve the next set of volumes.
Parameters
Marker (string) A string that indicates the position at which to begin the returned list of
volumes. Obtain the marker from the response of a previous List iSCSI Volumes request.
Limit (integer) Specifies that the list of volumes returned be limited to the specified
number of items.
Return type dict
retrieve_tape_archive(TapeARN, GatewayARN)
Retrieves an archived virtual tape from the virtual tape shelf (VTS) to a gateway-VTL. Virtual tapes
archived in the VTS are not associated with any gateway. However after a tape is retrieved, it is asso-
ciated with a gateway, even though it is also listed in the VTS.
Once a tape is successfully retrieved to a gateway, it cannot be retrieved again to another gateway. You
must archive the tape again before you can retrieve it to another gateway.
Parameters
retrieve from the virtual tape shelf (VTS).
GatewayARN (string) The Amazon Resource Name (ARN) of the gateway you want to
retrieve the virtual tape to. Use the ListGateways operation to return a list of gateways for
your account and region.
You retrieve archived virtual tapes to only one gateway and the gateway must be a gateway-
VTL.
Return type dict
retrieve_tape_recovery_point(TapeARN, GatewayARN)
Retrieves the recovery point for the specified virtual tape.
A recovery point is a point in time view of a virtual tape at which all the data on the tape is consistent. If
your gateway crashes, virtual tapes that have recovery points can be recovered to a new gateway.
Parameters
TapeARN (string) The Amazon Resource Name (ARN) of the virtual tape for which
you want to retrieve the recovery point.
Return type dict

shutdown_gateway(GatewayARN)
This operation shuts down a gateway. To specify which gateway to shut down, use the Amazon Resource
Name (ARN) of the gateway in the body of your request.
The operation shuts down the gateway service component running in the storage gateways virtual machine
(VM) and not the VM.
After the gateway is shutdown, you cannot call any other API except StartGateway , DescribeGateway-
Information , and ListGateways . For more information, see ActivateGateway . Your applications cannot
read from or write to the gateways storage volumes, and there are no snapshots taken.
If do not intend to use the gateway again, you must delete the gateway (using DeleteGateway ) to no longer
pay software charges associated with the gateway.
Return type dict
start_gateway(GatewayARN)
This operation starts a gateway that you previously shut down (see ShutdownGateway ). After the gateway
starts, you can then make other API calls, your applications can read from or write to the gateways storage
volumes and you will be able to take snapshot backups.
To specify which gateway to start, use the Amazon Resource Name (ARN) of the gateway in your request.
Return type dict
update_bandwidth_rate_limit(GatewayARN, AverageUploadRateLimitInBitsPerSec=None,
AverageDownloadRateLimitInBitsPerSec=None)
This operation updates the bandwidth rate limits of a gateway. You can update both the upload and down-
load bandwidth rate limit or specify only one of the two. If you dont set a bandwidth rate limit, the existing
rate limit remains.
By default, a gateways bandwidth rate limits are not set. If you dont set any limit, the gateway does not
have any limitations on its bandwidth usage and could potentially use the maximum available bandwidth.
To specify which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your
request.
Parameters
AverageUploadRateLimitInBitsPerSec (integer) The average upload bandwidth rate
limit in bits per second.
AverageDownloadRateLimitInBitsPerSec (integer) The average download bandwidth
rate limit in bits per second.
Return type dict
update_chap_credentials(TargetARN, SecretToAuthenticateInitiator, InitiatorName, Secret-
ToAuthenticateTarget=None)
This operation updates the Challenge-Handshake Authentication Protocol (CHAP) credentials for a spec-
ified iSCSI target. By default, a gateway does not have CHAP enabled; however, for added security, you
might use it.
2.1. Services 629

Warning: When you update CHAP credentials, all existing connections on the target are closed and
initiators must reconnect with the new credentials.
Parameters
TargetARN (string) The Amazon Resource Name (ARN) of the iSCSI volume target.
Use the DescribeStorediSCSIVolumes operation to return to retrieve the TargetARN for
specified VolumeARN.
SecretToAuthenticateInitiator (string) The secret key that the initiator (e.g. Windows
client) must provide to participate in mutual CHAP with the target.
InitiatorName (string) The iSCSI initiator that connects to the target.
SecretToAuthenticateTarget (string) The secret key that the target must provide to
participate in mutual CHAP with the initiator (e.g. Windows client).
Return type dict
update_gateway_information(GatewayARN, GatewayName=None, GatewayTimezone=None)
This operation updates a gateways metadata, which includes the gateways name and time zone. To specify
which gateway to update, use the Amazon Resource Name (ARN) of the gateway in your request.
Parameters
GatewayName (string) A unique identifier for your gateway. This name becomes part
of the gateway Amazon Resources Name (ARN) which is what you use as an input to
other operations.
GatewayTimezone (string)
Return type dict
update_gateway_software_now(GatewayARN)
This operation updates the gateway virtual machine (VM) software. The request immediately triggers the
software update.
Warning: A software update forces a system restart of your gateway. You can minimize the chance of
any disruption to your applications by increasing your iSCSI Initiators timeouts. For more information
about increasing iSCSI Initiator timeouts for Windows and Linux, see Customizing Your Windows
iSCSI Settings and Customizing Your Linux iSCSI Settings , respectively.
Return type dict
update_maintenance_start_time(GatewayARN, HourOfDay, MinuteOfHour, DayOfWeek)
This operation updates a gateways weekly maintenance start time information, including day and time of
the week. The maintenance time is the time in your gateways time zone.
Parameters
HourOfDay (integer) The hour component of the maintenance start time represented as
hh, where hh is the hour (00 to 23). The hour of the day is in the time zone of the gateway.

MinuteOfHour (integer) The minute component of the maintenance start time repre-
sented as mm , where mm is the minute (00 to 59). The minute of the hour is in the time
zone of the gateway.
DayOfWeek (integer) The maintenance start time day of the week.
Return type dict
update_snapshot_schedule(VolumeARN, StartAt, RecurrenceInHours, Description=None)
This operation updates a snapshot schedule configured for a gateway volume.
The default snapshot schedule for volume is once every 24 hours, starting at the creation time of the
volume. You can use this API to change the snapshot schedule configured for the volume.
In the request you must identify the gateway volume whose snapshot schedule you want to update, and
the schedule information, including when you want the snapshot to begin on a day and the frequency (in
hours) of snapshots.
Parameters
VolumeARN (string) The Amazon Resource Name (ARN) of the volume. Use the
ListVolumes operation to return a list of gateway volumes.
StartAt (integer) The hour of the day at which the snapshot schedule begins represented
as hh , where hh is the hour (0 to 23). The hour of the day is in the time zone of the
gateway.
RecurrenceInHours (integer) Frequency of snapshots. Specify the number of hours
between snapshots.
Description (string) Optional description of the snapshot that overwrites the existing
description.
Return type dict
2.1.38 AWS Security Token Service
Table of Contents
AWS Security Token Service
Client
Client
class sts.Client
A low-level client representing AWS Security Token Service:
import boto3
sts = boto3.client(sts)
assume_role(RoleArn, RoleSessionName, Policy=None, DurationSeconds=None, ExternalId=None,

SerialNumber=None, TokenCode=None)
Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and
a security token) that you can use to access AWS resources that you might not normally have access to.
Typically, you use AssumeRole for cross-account access or federation.
2.1. Services 631

Important: You cannot call AssumeRole by using AWS account credentials; access will be denied. You
must use IAM user credentials or temporary security credentials to call AssumeRole .
For cross-account access, imagine that you own multiple accounts and need to access resources in each
account. You could create long-term credentials in each account to access those resources. However, man-
aging all those credentials and remembering which one can access which account can be time consuming.
Instead, you can create one set of long-term credentials in one account and then use temporary security
credentials to access all the other accounts by assuming roles in those accounts. For more information
about roles, see Roles in Using IAM .
For federation, you can, for example, grant single sign-on access to the AWS Management Console. If you
already have an identity and authentication system in your corporate network, you dont have to recreate
user identities in AWS in order to grant those user identities access to AWS. Instead, after a user has
been authenticated, you call AssumeRole (and specify the role with the appropriate permissions) to get
temporary security credentials for that user. With those temporary security credentials, you construct a
sign-in URL that users can use to access the console. For more information, see Scenarios for Granting
Temporary Access in Using Temporary Security Credentials .
The temporary security credentials are valid for the duration that you specified when calling AssumeRole
, which can be from 900 seconds (15 minutes) to 3600 seconds (1 hour). The default is 1 hour.
Optionally, you can pass an IAM access policy to this operation. If you choose not to pass a policy, the
temporary security credentials that are returned by the operation have the permissions that are defined in
the access policy of the role that is being assumed. If you pass a policy to this operation, the temporary
security credentials that are returned by the operation have the permissions that are allowed by both the
access policy of the role that is being assumed, *and* the policy that you pass. This gives you a way
to further restrict the permissions for the resulting temporary security credentials. You cannot use the
passed policy to grant permissions that are in excess of those allowed by the access policy of the role that
is being assumed. For more information, see Permissions for AssumeRole in Using Temporary Security
Credentials .
To assume a role, your AWS account must be trusted by the role. The trust relationship is defined in
the roles trust policy when the role is created. You must also have a policy that allows you to call
sts:AssumeRole .
Using MFA with AssumeRole
You can optionally include multi-factor authentication (MFA) information when you call AssumeRole .
This is useful for cross-account scenarios in which you want to make sure that the user who is assuming
the role has been authenticated using an AWS MFA device. In that scenario, the trust policy of the role
being assumed includes a condition that tests for MFA authentication; if the caller does not include valid
MFA information, the request to assume the role is denied. The condition in a trust policy that tests for
MFA authentication might look like the following example.
"Condition": {"Null": {"aws:MultiFactorAuthAge": false}}
For more information, see Configuring MFA-Protected API Access in the Using IAM guide.
To use MFA with AssumeRole , you pass values for the SerialNumber and TokenCode parameters.
The SerialNumber value identifies the users hardware or virtual MFA device. The TokenCode is the
time-based one-time password (TOTP) that the MFA devices produces.
Parameters
RoleArn (string) The Amazon Resource Name (ARN) of the role that the caller is as-
suming.
RoleSessionName (string) An identifier for the assumed role session. The session name
is included as part of the AssumedRoleUser .
Policy (string) An IAM policy in JSON format.

The policy parameter is optional. If you pass a policy, the temporary security credentials
that are returned by the operation have the permissions that are allowed by both the access
policy of the role that is being assumed, *and* the policy that you pass. This gives you a
way to further restrict the permissions for the resulting temporary security credentials. You
cannot use the passed policy to grant permissions that are in excess of those allowed by
the access policy of the role that is being assumed. For more information, see Permissions
for AssumeRole in Using Temporary Security Credentials .
DurationSeconds (integer) The duration, in seconds, of the role session. The value can
range from 900 seconds (15 minutes) to 3600 seconds (1 hour). By default, the value is
set to 3600 seconds.
ExternalId (string) A unique identifier that is used by third parties to assume a role
in their customers accounts. For each role that the third party can assume, they should
instruct their customers to create a role with the external ID that the third party generated.
Each time the third party assumes the role, they must pass the customers external ID.
The external ID is useful in order to help third parties bind a role to the customer who
created it. For more information about the external ID, see About the External ID in Using
Temporary Security Credentials .
SerialNumber (string) The identification number of the MFA device that is associ-
ated with the user who is making the AssumeRole call. Specify this value if the
trust policy of the role being assumed includes a condition that requires MFA au-
thentication. The value is either the serial number for a hardware device (such as
GAHT12345678 ) or an Amazon Resource Name (ARN) for a virtual device (such as
arn:aws:iam::123456789012:mfa/user ).
TokenCode (string) The value provided by the MFA device, if the trust policy of the
role being assumed requires MFA (that is, if the policy includes a condition that tests for
MFA). If the role being assumed requires MFA and if the TokenCode value is missing
or expired, the AssumeRole call returns an access denied error.
Return type dict
assume_role_with_saml(RoleArn, PrincipalArn, SAMLAssertion, Policy=None, DurationSec-
onds=None)
Returns a set of temporary security credentials for users who have been authenticated via a SAML authen-
tication response. This operation provides a mechanism for tying an enterprise identity store or directory
to role-based AWS access without user-specific credentials or configuration.
The temporary security credentials returned by this operation consist of an access key ID, a secret
access key, and a security token. Applications can use these temporary security credentials to sign
calls to AWS services. The credentials are valid for the duration that you specified when calling
AssumeRoleWithSAML , which can be up to 3600 seconds (1 hour) or until the time specified in the
SAML authentication responses NotOnOrAfter value, whichever is shorter.
access policy of the role that is being assumed, *and* the policy that you pass. This gives you a way to
further restrict the permissions for the resulting temporary security credentials. You cannot use the passed
policy to grant permissions that are in excess of those allowed by the access policy of the role that is
being assumed. For more information, see Permissions for AssumeRoleWithSAML in Using Temporary
Security Credentials .
Before your application can call AssumeRoleWithSAML , you must configure your SAML identity
provider (IdP) to issue the claims required by AWS. Additionally, you must use AWS Identity and Access
2.1. Services 633

Management (IAM) to create a SAML provider entity in your AWS account that represents your identity
provider, and create an IAM role that specifies this SAML provider in its trust policy.
Calling AssumeRoleWithSAML does not require the use of AWS security credentials. The identity of
the caller is validated by using keys in the metadata document that is uploaded for the SAML provider
entity for your identity provider.
For more information, see the following resources:
Creating Temporary Security Credentials for SAML Federation in Using Temporary Security Creden-
tials .
SAML Providers in Using IAM .
Configuring a Relying Party and Claims in Using IAM .
Creating a Role for SAML-Based Federation in Using IAM .
Parameters
suming.
PrincipalArn (string) The Amazon Resource Name (ARN) of the SAML provider in
IAM that describes the IdP.
SAMLAssertion (string) The base-64 encoded SAML authentication response provided
by the IdP.
For more information, see Configuring a Relying Party and Adding Claims in the Using
IAM guide.
for AssumeRoleWithSAML in Using Temporary Security Credentials .
set to 3600 seconds. An expiration can also be specified in the SAML authentication re-
sponses NotOnOrAfter value. The actual expiration time is whichever value is shorter.
Return type dict
assume_role_with_web_identity(RoleArn, RoleSessionName, WebIdentityToken,

ProviderId=None, Policy=None, DurationSeconds=None)
Returns a set of temporary security credentials for users who have been authenticated in a mobile or web
application with a web identity provider, such as Login with Amazon, Amazon Cognito, Facebook, or
Google.
Calling AssumeRoleWithWebIdentity does not require the use of AWS security credentials. There-
fore, you can distribute an application (for example, on mobile devices) that requests temporary security
credentials without including long-term AWS credentials in the application, and without deploying server-
based proxy services that use long-term AWS credentials. Instead, the identity of the caller is validated by
using a token from the web identity provider.

The temporary security credentials returned by this API consist of an access key ID, a secret ac-
cess key, and a security token. Applications can use these temporary security credentials to sign
calls to AWS service APIs. The credentials are valid for the duration that you specified when calling
AssumeRoleWithWebIdentity , which can be from 900 seconds (15 minutes) to 3600 seconds (1
hour). By default, the temporary security credentials are valid for 1 hour.
access policy of the role that is being assumed, *and* the policy that you pass. This gives you a way to
further restrict the permissions for the resulting temporary security credentials. You cannot use the passed
policy to grant permissions that are in excess of those allowed by the access policy of the role that is being
assumed. For more information, see Permissions for AssumeRoleWithWebIdentity in Using Temporary
Security Credentials .
Before your application can call AssumeRoleWithWebIdentity , you must have an identity token
from a supported identity provider and create a role that the application can assume. The role that your
application assumes must trust the identity provider that is associated with the identity token. In other
words, the identity provider must be specified in the roles trust policy.
For more information about how to use web identity federation and the
AssumeRoleWithWebIdentity , see the following resources:
Creating a Mobile Application with Third-Party Sign-In and Creating Temporary Security Credentials
for Mobile Apps Using Third-Party Identity Providers in Using Temporary Security Credentials .
Web Identity Federation Playground . This interactive website lets you walk through the process of
authenticating via Login with Amazon, Facebook, or Google, getting temporary security credentials,
and then using those credentials to make a request to AWS.
AWS SDK for iOS and AWS SDK for Android . These toolkits contain sample apps that show how
to invoke the identity providers, and then how to use the information from these providers to get and
use temporary security credentials.
Web Identity Federation with Mobile Applications . This article discusses web identity federation and
shows an example of how to use web identity federation to get access to content in Amazon S3.
Parameters
suming.
RoleSessionName (string) An identifier for the assumed role session. Typically, you
pass the name or identifier that is associated with the user who is using your application.
That way, the temporary security credentials that your application will use are associated
with that user. This session name is included as part of the ARN and assumed role ID in
the AssumedRoleUser response element.
WebIdentityToken (string) The OAuth 2.0 access token or OpenID Connect ID token
that is provided by the identity provider. Your application must get this token by authen-
ticating the user who is using your application with a web identity provider before the
application makes an AssumeRoleWithWebIdentity call.
ProviderId (string) The fully-qualified host component of the domain name of the
identity provider. Specify this value only for OAuth access tokens. Do not spec-
ify this value for OpenID Connect ID tokens, such as accounts.google.com .
Do not include URL schemes and port numbers. Currently, www.amazon.com and
graph.facebook.com are supported.
2.1. Services 635


for AssumeRoleWithWebIdentity in Using Temporary Security Credentials .
set to 3600 seconds.
Return type dict
decode_authorization_message(EncodedMessage)
Decodes additional information about the authorization status of a request from an encoded message re-
turned in response to an AWS request.
For example, if a user is not authorized to perform an action that he or she has requested, the request
returns a Client.UnauthorizedOperation response (an HTTP 403 response). Some AWS actions
additionally return an encoded message that can provide details about this authorization failure.
The message is encoded because the details of the authorization status can constitute privileged information
that the user who requested the action should not see. To decode an authorization status message, a
user must be granted permissions via an IAM policy to request the DecodeAuthorizationMessage
(sts:DecodeAuthorizationMessage ) action.
The decoded message includes the following type of information:
Whether the request was denied due to an explicit deny or due to the absence of an explicit allow. For
more information, see Determining Whether a Request is Allowed or Denied in Using IAM .
The principal who made the request.
The requested action.
The requested resource.
The values of condition keys in the context of the users request.
Parameters EncodedMessage (string) The encoded message that was returned with the re-
sponse.
Return type dict
get_federation_token(Name, Policy=None, DurationSeconds=None)

Returns a set of temporary security credentials (consisting of an access key ID, a secret access key, and
a security token) for a federated user. A typical use is in a proxy application that gets temporary security
credentials on behalf of distributed applications inside a corporate network. Because you must call the
GetFederationToken action using the long-term security credentials of an IAM user, this call is
appropriate in contexts where those credentials can be safely stored, usually in a server-based application.
Note: Do not use this call in mobile applications or client-based web applications
that directly get temporary security credentials. For those types of applications, use
AssumeRoleWithWebIdentity .
The GetFederationToken action must be called by using the long-term AWS security credentials
of an IAM user. You can also call GetFederationToken using the security credentials of an AWS
account (root), but this is not recommended. Instead, we recommend that you create an IAM user for the

purpose of the proxy application and then attach a policy to the IAM user that limits federated users to
only the actions and resources they need access to. For more information, see IAM Best Practices in Using
IAM .
The temporary security credentials that are obtained by using the long-term credentials of an IAM user
are valid for the specified duration, between 900 seconds (15 minutes) and 129600 seconds (36 hours).
Temporary credentials that are obtained by using AWS account (root) credentials have a maximum duration
of 3600 seconds (1 hour)
Permissions
The permissions for the temporary security credentials returned by GetFederationToken are deter-
mined by a combination of the following:
The policy or policies that are attached to the IAM user whose credentials are used to call
GetFederationToken .
The policy that is passed as a parameter in the call.
The passed policy is attached to the temporary security credentials that result from the
GetFederationToken API callthat is, to the federated user . When the federated user makes an
AWS request, AWS evaluates the policy attached to the federated user in combination with the policy or
policies attached to the IAM user whose credentials were used to call GetFederationToken . AWS
allows the federated users request only when both the federated user *and* the IAM user are explicitly
allowed to perform the requested action. The passed policy cannot grant more permissions than those that
are defined in the IAM user policy.
A typical use case is that the permissions of the IAM user whose credentials are used to call
GetFederationToken are designed to allow access to all the actions and resources that any feder-
ated user will need. Then, for individual users, you pass a policy to the operation that scopes down the
permissions to a level thats appropriate to that individual user, using a policy that allows only a subset of
permissions that are granted to the IAM user.
If you do not pass a policy, the resulting temporary security credentials have no effective permissions.
The only exception is when the temporary security credentials are used to access a resource that has a
resource-based policy that specifically allows the federated user to access the resource.
For more information about how permissions work, see Permissions for GetFederationToken in Using
Temporary Security Credentials . For information about using GetFederationToken to create tem-
porary security credentials, see Creating Temporary Credentials to Enable Access for Federated Users in
Using Temporary Security Credentials .
Parameters
Name (string) The name of the federated user. The name is used as an identifier for
the temporary security credentials (such as Bob ). For example, you can reference the
federated user name in a resource-based policy, such as in an Amazon S3 bucket policy.
Policy (string) An IAM policy in JSON format that is passed with the
GetFederationToken call and evaluated along with the policy or policies that are
attached to the IAM user whose credentials are used to call GetFederationToken .
The passed policy is used to scope down the permissions that are available to the IAM
user, by allowing only a subset of the permissions that are granted to the IAM user. The
passed policy cannot grant more permissions than those granted to the IAM user. The final
permissions for the federated user are the most restrictive set based on the intersection of
the passed policy and the IAM user policy.
If you do not pass a policy, the resulting temporary security credentials have no effective
permissions. The only exception is when the temporary security credentials are used to
2.1. Services 637

access a resource that has a resource-based policy that specifically allows the federated
user to access the resource.
For more information about how permissions work, see Permissions for GetFederationTo-
ken in Using Temporary Security Credentials .
DurationSeconds (integer) The duration, in seconds, that the session should last. Ac-
ceptable durations for federation sessions range from 900 seconds (15 minutes) to 129600
seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions obtained using
AWS account (root) credentials are restricted to a maximum of 3600 seconds (one hour). If
the specified duration is longer than one hour, the session obtained by using AWS account
(root) credentials defaults to one hour.
Return type dict
get_session_token(DurationSeconds=None, SerialNumber=None, TokenCode=None)
Returns a set of temporary credentials for an AWS account or IAM user. The credentials consist of an ac-
cess key ID, a secret access key, and a security token. Typically, you use GetSessionToken if you want
to use MFA to protect programmatic calls to specific AWS APIs like Amazon EC2 StopInstances .
MFA-enabled IAM users would need to call GetSessionToken and submit an MFA code that is as-
sociated with their MFA device. Using the temporary security credentials that are returned from the call,
IAM users can then make programmatic calls to APIs that require MFA authentication.
The GetSessionToken action must be called by using the long-term AWS security credentials of the
AWS account or an IAM user. Credentials that are created by IAM users are valid for the duration that you
specify, between 900 seconds (15 minutes) and 129600 seconds (36 hours); credentials that are created by
using account credentials have a maximum duration of 3600 seconds (1 hour).
The permissions associated with the temporary security credentials returned by GetSessionToken are
based on the permissions associated with account or IAM user whose credentials are used to call the
action. If GetSessionToken is called using root account credentials, the temporary credentials have
root account permissions. Similarly, if GetSessionToken is called using the credentials of an IAM
user, the temporary credentials have the same permissions as the IAM user.
For more information about using GetSessionToken to create temporary credentials, go to Creating
Temporary Credentials to Enable Access for IAM Users in Using Temporary Security Credentials .
Parameters
DurationSeconds (integer) The duration, in seconds, that the credentials should remain
valid. Acceptable durations for IAM user sessions range from 900 seconds (15 minutes)
to 129600 seconds (36 hours), with 43200 seconds (12 hours) as the default. Sessions
for AWS account owners are restricted to a maximum of 3600 seconds (one hour). If the
duration is longer than one hour, the session for AWS account owners defaults to one hour.
SerialNumber (string) The identification number of the MFA device that is associated
with the IAM user who is making the GetSessionToken call. Specify this value if
the IAM user has a policy that requires MFA authentication. The value is either the serial
number for a hardware device (such as GAHT12345678 ) or an Amazon Resource Name
(ARN) for a virtual device (such as arn:aws:iam::123456789012:mfa/user ).
You can find the device for an IAM user by going to the AWS Management Console and
viewing the users security credentials.
TokenCode (string) The value provided by the MFA device, if MFA is required. If
any policy requires the IAM user to submit an MFA code, specify this value. If MFA
authentication is required, and the user does not provide a code when requesting a set of
temporary security credentials, the user will receive an access denied response when
requesting resources that require MFA authentication.
Return type dict

2.1.39 AWS Support
Table of Contents
AWS Support
Client
Client
class support.Client
A low-level client representing AWS Support:
import boto3
support = boto3.client(support)
add_attachments_to_set(attachments, attachmentSetId=None)
Adds one or more attachments to an attachment set. If an AttachmentSetId is not specified, a new
attachment set is created, and the ID of the set is returned in the response. If an AttachmentSetId is
specified, the attachments are added to the specified set, if it exists.
An attachment set is a temporary container for attachments that are to be added to a case or case commu-
nication. The set is available for one hour after it is created; the ExpiryTime returned in the response
indicates when the set expires. The maximum number of attachments in a set is 3, and the maximum size
of any attachment in the set is 5 MB.
Parameters
attachmentSetId (string) The ID of the attachment set. If an AttachmentSetId is
not specified, a new attachment set is created, and the ID of the set is returned in the re-
sponse. If an AttachmentSetId is specified, the attachments are added to the specified
set, if it exists.
attachments (list) One or more attachments to add to the set. The limit is 3 attachments
per set, and the size limit is 5 MB per attachment.
Return type dict
add_communication_to_case(communicationBody, caseId=None, ccEmailAddresses=None, at-
tachmentSetId=None)
Adds additional customer communication to an AWS Support case. You use the CaseId value to identify
the case to add communication to. You can list a set of email addresses to copy on the communication
using the CcEmailAddresses value. The CommunicationBody value contains the text of the com-
munication.
The response indicates the success or failure of the request.
This operation implements a subset of the features of the AWS Support Center.
Parameters
caseId (string) The AWS Support case ID requested or returned in the call. The case ID
is an alphanumeric string formatted as shown in this example: case-12345678910-2013-
c4c1d2bf33c5cf47
communicationBody (string) The body of an email communication to add to the support
case.
2.1. Services 639

ccEmailAddresses (list) The email addresses in the CC line of an email to be added to

the support case.
attachmentSetId (string) The ID of a set of one or more attachments for the communi-
cation to add to the case. Create the set by calling AddAttachmentsToSet
Return type dict
create_case(subject, communicationBody, serviceCode=None, severityCode=None, catego-
ryCode=None, ccEmailAddresses=None, language=None, issueType=None, attach-
mentSetId=None)
Creates a new case in the AWS Support Center. This operation is modeled on the behavior of the AWS
Support Center Create Case page. Its parameters require you to specify the following information:
IssueType. The type of issue for the case. You can specify either customer-service or technical.
If you do not indicate a value, the default is technical.
ServiceCode. The code for an AWS service. You obtain the ServiceCode by calling DescribeSer-
vices .
CategoryCode. The category for the service defined for the ServiceCode value. You also obtain
the category code for a service by calling DescribeServices . Each AWS service defines its own set of
category codes.
SeverityCode. A value that indicates the urgency of the case, which in turn determines the response
time according to your service level agreement with AWS Support. You obtain the SeverityCode by
calling DescribeSeverityLevels .
Subject. The Subject field on the AWS Support Center Create Case page.
CommunicationBody. The Description field on the AWS Support Center Create Case page.
AttachmentSetId. The ID of a set of attachments that has been created by using AddAttach-
mentsToSet .
Language. The human language in which AWS Support handles the case. English and Japanese are
currently supported.
CcEmailAddresses. The AWS Support Center CC field on the Create Case page. You can list email
addresses to be copied on any correspondence about the case. The account that opens the case is
already identified by passing the AWS Credentials in the HTTP POST method or in a method or
function call from one of the programming languages supported by an AWS SDK .
Note: To add additional communication or attachments to an existing case, use AddCommunicationTo-

Case .
A successful CreateCase request returns an AWS Support case number. Case numbers are used by the
DescribeCases operation to retrieve existing AWS Support cases.
Parameters
subject (string) The title of the AWS Support case.
serviceCode (string) The code for the AWS service returned by the call to DescribeSer-
vices .
severityCode (string) The code for the severity level returned by the call to Describe-
SeverityLevels .
Note: The availability of severity levels depends on each customers support subscription.
In other words, your subscription may not necessarily require the urgent level of response
time.

categoryCode (string) The category of problem for the AWS Support case.
communicationBody (string) The communication body text when you create an AWS
Support case by calling CreateCase .
ccEmailAddresses (list) A list of email addresses that AWS Support copies on case
correspondence.
language (string) The ISO 639-1 code for the language in which AWS provides support.
AWS Support currently supports English (en) and Japanese (ja). Language parameters
must be passed explicitly for operations that take them.
issueType (string) The type of issue for the case. You can specify either customer-
service or technical. If you do not indicate a value, the default is technical.
attachmentSetId (string) The ID of a set of one or more attachments for the case. Create
the set by using AddAttachmentsToSet .
Return type dict
describe_attachment(attachmentId)
Returns the attachment that has the specified ID. Attachment IDs are generated by the case management
system when you add an attachment to a case or case communication. Attachment IDs are returned in the
AttachmentDetails objects that are returned by the DescribeCommunications operation.
Parameters attachmentId (string) The ID of the attachment to return. Attachment IDs are
returned by the DescribeCommunications operation.
Return type dict
describe_cases(caseIdList=None, displayId=None, afterTime=None, beforeTime=None, includ-
eResolvedCases=None, nextToken=None, maxResults=None, language=None, in-
cludeCommunications=None)
Returns a list of cases that you specify by passing one or more case IDs. In addition, you can filter the
cases by date by setting values for the AfterTime and BeforeTime request parameters. You can
set values for the IncludeResolvedCases and IncludeCommunications request parameters to
control how much information is returned.
Case data is available for 12 months after creation. If a case was created more than 12 months ago, a
request for data might cause an error.
The response returns the following in JSON format:
One or more CaseDetails data types.
One or more NextToken values, which specify where to paginate the returned records represented
by the CaseDetails objects.
Parameters
caseIdList (list) A list of ID numbers of the support cases you want returned. The
maximum number of cases is 100.
displayId (string) The ID displayed for a case in the AWS Support Center user interface.
afterTime (string) The start date for a filtered date search on support case communica-
tions. Case communications are available for 12 months after creation.
beforeTime (string) The end date for a filtered date search on support case communica-
2.1. Services 641

includeResolvedCases (boolean) Specifies whether resolved support cases should be

included in the DescribeCases results. The default is false .
nextToken (string) A resumption point for pagination.
maxResults (integer) The maximum number of results to return before paginating.
includeCommunications (boolean) Specifies whether communications should be in-
cluded in the DescribeCases results. The default is true .
Return type dict
describe_communications(caseId, beforeTime=None, afterTime=None, nextToken=None,
maxResults=None)
Returns communications (and attachments) for one or more support cases. You can use the AfterTime
and BeforeTime parameters to filter by date. You can use the CaseId parameter to restrict the results
to a particular case.
Case data is available for 12 months after creation. If a case was created more than 12 months ago, a
request for data might cause an error.
You can use the MaxResults and NextToken parameters to control the pagination of the result set. Set
MaxResults to the number of cases you want displayed on each page, and use NextToken to specify
the resumption of pagination.
Parameters
caseId (string) The AWS Support case ID requested or returned in the call. The case ID
is an alphanumeric string formatted as shown in this example: case-12345678910-2013-
c4c1d2bf33c5cf47
beforeTime (string) The end date for a filtered date search on support case communica-
afterTime (string) The start date for a filtered date search on support case communica-
nextToken (string) A resumption point for pagination.
maxResults (integer) The maximum number of results to return before paginating.
Return type dict
describe_services(serviceCodeList=None, language=None)
Returns the current list of AWS services and a list of service categories that applies to each one. You
then use service names and categories in your CreateCase requests. Each AWS service has its own set of
categories.
The service codes and category codes correspond to the values that are displayed in the Service and
Category drop-down lists on the AWS Support Center Create Case page. The values in those fields,
however, do not necessarily match the service codes and categories returned by the DescribeServices
request. Always use the service codes and categories obtained programmatically. This practice ensures
that you always have the most recent set of service and category codes.
Parameters
serviceCodeList (list) A JSON-formatted list of service codes available for AWS ser-
vices.

Return type dict
describe_severity_levels(language=None)
Returns the list of severity levels that you can assign to an AWS Support case. The severity level for a case
is also a field in the CaseDetails data type included in any CreateCase request.
Parameters language (string) The ISO 639-1 code for the language in which AWS provides
support. AWS Support currently supports English (en) and Japanese (ja). Language
parameters must be passed explicitly for operations that take them.
Return type dict
describe_trusted_advisor_check_refresh_statuses(checkIds)
Returns the refresh status of the Trusted Advisor checks that have the specified check IDs. Check IDs can
be obtained by calling DescribeTrustedAdvisorChecks .
Parameters checkIds (list) The IDs of the Trusted Advisor checks.
Return type dict
describe_trusted_advisor_check_result(checkId, language=None)
Returns the results of the Trusted Advisor check that has the specified check ID. Check IDs can be obtained
by calling DescribeTrustedAdvisorChecks .
The response contains a TrustedAdvisorCheckResult object, which contains these three objects:
TrustedAdvisorCategorySpecificSummary
TrustedAdvisorResourceDetail
TrustedAdvisorResourcesSummary
In addition, the response contains these fields:
Status. The alert status of the check: ok (green), warning (yellow), error (red), or
not_available.
Timestamp. The time of the last refresh of the check.
CheckId. The unique identifier for the check.
Parameters
checkId (string) The unique identifier for the Trusted Advisor check.
Return type dict
describe_trusted_advisor_check_summaries(checkIds)
Returns the summaries of the results of the Trusted Advisor checks that have the specified check IDs.
Check IDs can be obtained by calling DescribeTrustedAdvisorChecks .
The response contains an array of TrustedAdvisorCheckSummary objects.
Parameters checkIds (list) The IDs of the Trusted Advisor checks.
Return type dict
2.1. Services 643

describe_trusted_advisor_checks(language)
Returns information about all available Trusted Advisor checks, including name, ID, category, descrip-
tion, and metadata. You must specify a language code; English (en) and Japanese (ja) are currently
supported. The response contains a TrustedAdvisorCheckDescription for each check.
Parameters language (string) The ISO 639-1 code for the language in which AWS provides
support. AWS Support currently supports English (en) and Japanese (ja). Language
parameters must be passed explicitly for operations that take them.
Return type dict
refresh_trusted_advisor_check(checkId)
Requests a refresh of the Trusted Advisor check that has the specified check ID. Check IDs can be obtained
by calling DescribeTrustedAdvisorChecks .
The response contains a TrustedAdvisorCheckRefreshStatus object, which contains these fields:
Status. The refresh status of the check: none, enqueued, processing, success, or aban-
doned.
MillisUntilNextRefreshable. The amount of time, in milliseconds, until the check is eligible for
refresh.
CheckId. The unique identifier for the check.
Parameters checkId (string) The unique identifier for the Trusted Advisor check.
Return type dict
resolve_case(caseId=None)
Takes a CaseId and returns the initial state of the case along with the state of the case after the call to
ResolveCase completed.
Parameters caseId (string) The AWS Support case ID requested or returned in the call. The
case ID is an alphanumeric string formatted as shown in this example: case-12345678910-
2013-c4c1d2bf33c5cf47
Return type dict
2.1.40 Amazon Simple Workflow Service
Table of Contents
Amazon Simple Workflow Service
Client
Client
class swf.Client
A low-level client representing Amazon Simple Workflow Service:
import boto3
swf = boto3.client(swf)

count_closed_workflow_executions(domain, startTimeFilter=None, closeTimeFilter=None,

executionFilter=None, typeFilter=None, tagFil-
ter=None, closeStatusFilter=None)
Returns the number of closed workflow executions within the given domain that meet the specified filtering
criteria.
Access Control
You can use IAM policies to control this actions access to Amazon SWF resources as follows:
Use a Resource element with the domain name to limit the action to only specified domains.
Use an Action element to allow or deny permission to call this action.
Constrain the following parameters by using a Condition element with the appropriate keys. *
tagFilter.tag : String constraint. The key is swf:tagFilter.tag .
typeFilter.name : String constraint. The key is swf:typeFilter.name .
typeFilter.version : String constraint. The key is swf:typeFilter.version .
If the caller does not have sufficient permissions to invoke the action, or the parameter values fall outside
the specified constraints, the action fails by throwing OperationNotPermitted . For details and
example IAM policies, see Using IAM to Manage Access to Amazon SWF Workflows .
Parameters
domain (string) The name of the domain containing the workflow executions to count.
startTimeFilter (dict) If specified, only workflow executions that meet the start time
criteria of the filter are counted.
closeTimeFilter (dict) If specified, only workflow executions that meet the close time
criteria of the filter are counted.
executionFilter (dict) If specified, only workflow executions matching the
WorkflowId in the filter are counted.
typeFilter (dict) If specified, indicates the type of the workflow executions to be counted.
tagFilter (dict) If specified, only executions that have a tag that matches the filter are
counted.
closeStatusFilter (dict) If specified, only workflow executions that match this close
status are counted. This filter has an affect only if executionStatus is specified as
CLOSED .
Return type dict
count_open_workflow_executions(domain, startTimeFilter, typeFilter=None, tagFilter=None,
executionFilter=None)
Returns the number of open workflow executions within the given domain that meet the specified filtering
criteria.
Access Control
2.1. Services 645


Parameters
domain (string) The name of the domain containing the workflow executions to count.
startTimeFilter (dict) Specifies the start time criteria that workflow executions must
meet in order to be counted.
typeFilter (dict) Specifies the type of the workflow executions to be counted.
tagFilter (dict) If specified, only executions that have a tag that matches the filter are
counted.
executionFilter (dict) If specified, only workflow executions matching the
WorkflowId in the filter are counted.
Return type dict
count_pending_activity_tasks(domain, taskList)
Returns the estimated number of activity tasks in the specified task list. The count returned is an approxi-
mation and is not guaranteed to be exact. If you specify a task list that no activity task was ever scheduled
in then 0 will be returned.
Access Control
Constrain the taskList.name parameter by using a Condition element with the
swf:taskList.name key to allow the action to access only certain task lists.
Parameters
domain (string) The name of the domain that contains the task list.
taskList (dict) The name of the task list.
Return type dict
count_pending_decision_tasks(domain, taskList)
Returns the estimated number of decision tasks in the specified task list. The count returned is an approxi-
mation and is not guaranteed to be exact. If you specify a task list that no decision task was ever scheduled
in then 0 will be returned.
Access Control

Parameters
domain (string) The name of the domain that contains the task list.
taskList (dict) The name of the task list.
Return type dict
deprecate_activity_type(domain, activityType)
Deprecates the specified activity type . After an activity type has been deprecated, you cannot create new
tasks of that activity type. Tasks of this type that were scheduled before the type was deprecated will
continue to run.
Access Control
activityType.name : String constraint. The key is swf:activityType.name .
activityType.version : String constraint. The key is swf:activityType.version .
Parameters
domain (string) The name of the domain in which the activity type is registered.
activityType (dict) The activity type to deprecate.
Return type dict
deprecate_domain(name)
Deprecates the specified domain. After a domain has been deprecated it cannot be used to create new
workflow executions or register new types. However, you can still use visibility actions on this domain.
Deprecating a domain also deprecates all activity and workflow types registered in the domain. Executions
that were started before the domain was deprecated will continue to run.
Access Control
You cannot use an IAM policy to constrain this actions parameters.
Parameters name (string) The name of the domain to deprecate.
Return type dict
2.1. Services 647

deprecate_workflow_type(domain, workflowType)
Deprecates the specified workflow type . After a workflow type has been deprecated, you cannot create
new executions of that type. Executions that were started before the type was deprecated will continue to
run. A deprecated workflow type may still be used when calling visibility actions.
Access Control
workflowType.name : String constraint. The key is swf:workflowType.name .
workflowType.version : String constraint. The key is swf:workflowType.version .
Parameters
domain (string) The name of the domain in which the workflow type is registered.
workflowType (dict) The workflow type to deprecate.
Return type dict
describe_activity_type(domain, activityType)
Returns information about the specified activity type. This includes configuration settings provided at
registration time as well as other general information about the type.
Access Control
activityType.name : String constraint. The key is swf:activityType.name .
activityType.version : String constraint. The key is swf:activityType.version .
Parameters
domain (string) The name of the domain in which the activity type is registered.
activityType (dict) The activity type to describe.
Return type dict
describe_domain(name)
Returns information about the specified domain including description and status.
Access Control


Parameters name (string) The name of the domain to describe.
Return type dict
describe_workflow_execution(domain, execution)
Returns information about the specified workflow execution including its type and some statistics.
Access Control
Parameters
domain (string) The name of the domain containing the workflow execution.
execution (dict) The workflow execution to describe.
Return type dict
describe_workflow_type(domain, workflowType)
Returns information about the specified workflow type . This includes configuration settings specified
when the type was registered and other information such as creation date, current status, etc.
Access Control
workflowType.name : String constraint. The key is swf:workflowType.name .
workflowType.version : String constraint. The key is swf:workflowType.version .
Parameters
domain (string) The name of the domain in which this workflow type is registered.
workflowType (dict) The workflow type to describe.
Return type dict
2.1. Services 649

get_workflow_execution_history(domain, execution, nextPageToken=None, maximumPage-

Size=None, reverseOrder=None)
Returns the history of the specified workflow execution. The results may be split into multiple pages. To
retrieve subsequent pages, make the call again using the nextPageToken returned by the initial call.
Access Control
Parameters
domain (string) The name of the domain containing the workflow execution.
execution (dict) Specifies the workflow execution for which to return the history.
nextPageToken (string) If a NextPageToken is returned, the result has more than
one pages. To get the next page, repeat the call and specify the nextPageToken with all
other arguments unchanged.
maximumPageSize (integer) Specifies the maximum number of history events returned
in one page. The next page in the result is identified by the NextPageToken returned.
By default 100 history events are returned in a page but the caller can override this value
to a page size smaller than the default. You cannot specify a page size larger than 100.
Note that the number of events may be less than the maxiumum page size, in which case,
the returned page will have fewer results than the maximumPageSize specified.
reverseOrder (boolean) When set to true , returns the events in reverse order. By
default the results are returned in ascending order of the eventTimeStamp of the events.
Return type dict
list_activity_types(domain, registrationStatus, name=None, nextPageToken=None, maxi-
mumPageSize=None, reverseOrder=None)
Returns information about all activities registered in the specified domain that match the specified name
and registration status. The result includes information like creation date, current status of the activity, etc.
The results may be split into multiple pages. To retrieve subsequent pages, make the call again using the
nextPageToken returned by the initial call.
Access Control

Parameters
domain (string) The name of the domain in which the activity types have been registered.
name (string) If specified, only lists the activity types that have this name.
registrationStatus (string) Specifies the registration status of the activity types to list.
nextPageToken (string) If on a previous call to this method a NextResultToken
was returned, the results have more than one page. To get the next page of results, repeat
the call with the nextPageToken and keep all other arguments unchanged.
maximumPageSize (integer) The maximum number of results returned in each page.
The default is 100, but the caller can override this value to a page size smaller than the
default. You cannot specify a page size greater than 100. Note that the number of types
may be less than the maxiumum page size, in which case, the returned page will have
fewer results than the maximumPageSize specified.
reverseOrder (boolean) When set to true , returns the results in reverse order. By
default the results are returned in ascending alphabetical order of the name of the activity
types.
Return type dict
list_closed_workflow_executions(domain, startTimeFilter=None, closeTimeFilter=None,
executionFilter=None, closeStatusFilter=None, type-
Filter=None, tagFilter=None, nextPageToken=None,
maximumPageSize=None, reverseOrder=None)
Returns a list of closed workflow executions in the specified domain that meet the filtering criteria. The
results may be split into multiple pages. To retrieve subsequent pages, make the call again using the
Access Control
Parameters
domain (string) The name of the domain that contains the workflow executions to list.
startTimeFilter (dict) If specified, the workflow executions are included in the returned
results based on whether their start times are within the range specified by this filter. Also,
if this parameter is specified, the returned results are ordered by their start times.
closeTimeFilter (dict) If specified, the workflow executions are included in the returned
results based on whether their close times are within the range specified by this filter. Also,
if this parameter is specified, the returned results are ordered by their close times.
2.1. Services 651

executionFilter (dict) If specified, only workflow executions matching the workflow id

specified in the filter are returned.
closeStatusFilter (dict) If specified, only workflow executions that match this close
status are listed. For example, if TERMINATED is specified, then only TERMINATED
workflow executions are listed.
typeFilter (dict) If specified, only executions of the type specified in the filter are re-
turned.
tagFilter (dict) If specified, only executions that have the matching tag are listed.
nextPageToken (string) If on a previous call to this method a NextPageToken was
returned, the results are being paginated. To get the next page of results, repeat the call
with the returned token and all other arguments unchanged.
default. You cannot specify a page size greater than 100. Note that the number of exe-
cutions may be less than the maxiumum page size, in which case, the returned page will
have fewer results than the maximumPageSize specified.
default the results are returned in descending order of the start or the close time of the
executions.
Return type dict
list_domains(registrationStatus, nextPageToken=None, maximumPageSize=None, reverse-
Order=None)
Returns the list of domains registered in the account. The results may be split into multiple pages. To
retrieve subsequent pages, make the call again using the nextPageToken returned by the initial call.
Access Control
Use a Resource element with the domain name to limit the action to only specified domains. The
element must be set to arn:aws:swf::AccountID:domain/*" , where AccountID is the
account ID, with no dashes.
Parameters
returned, the result has more than one page. To get the next page of results, repeat the call
registrationStatus (string) Specifies the registration status of the domains to list.
default. You cannot specify a page size greater than 100. Note that the number of domains

default the results are returned in ascending alphabetical order of the name of the domains.
Return type dict
list_open_workflow_executions(domain, startTimeFilter, typeFilter=None, tagFilter=None,
nextPageToken=None, maximumPageSize=None, reverse-
Order=None, executionFilter=None)
Returns a list of open workflow executions in the specified domain that meet the filtering criteria. The
results may be split into multiple pages. To retrieve subsequent pages, make the call again using the
Access Control
Parameters
domain (string) The name of the domain that contains the workflow executions to list.
startTimeFilter (dict) Workflow executions are included in the returned results based
on whether their start times are within the range specified by this filter.
typeFilter (dict) If specified, only executions of the type specified in the filter are re-
turned.
tagFilter (dict) If specified, only executions that have the matching tag are listed.
default. You cannot specify a page size greater than 100. Note that the number of exe-
cutions may be less than the maxiumum page size, in which case, the returned page will
default the results are returned in descending order of the start time of the executions.
executionFilter (dict) If specified, only workflow executions matching the workflow id
specified in the filter are returned.
Return type dict
2.1. Services 653

list_workflow_types(domain, registrationStatus, name=None, nextPageToken=None, maxi-

mumPageSize=None, reverseOrder=None)
Returns information about workflow types in the specified domain. The results may be split into multiple
pages that can be retrieved by making the call repeatedly.
Access Control
Parameters
domain (string) The name of the domain in which the workflow types have been regis-
tered.
name (string) If specified, lists the workflow type with this name.
registrationStatus (string) Specifies the registration status of the workflow types to list.
default. You cannot specify a page size greater than 100. Note that the number of types
reverseOrder (boolean) When set to true , returns the results in reverse order. By de-
fault the results are returned in ascending alphabetical order of the name of the workflow
types.
Return type dict
poll_for_activity_task(domain, taskList, identity=None)
Used by workers to get an ActivityTask from the specified activity taskList . This initiates a long poll,
where the service holds the HTTP connection open and responds as soon as a task becomes available. The
maximum time the service holds on to the request before responding is 60 seconds. If no task is available
within 60 seconds, the poll will return an empty result. An empty result, in this context, means that an
ActivityTask is returned, but that the value of taskToken is an empty string. If a task is returned, the worker
should use its type to identify and process it correctly.
Warning: Workers should set their client side socket timeout to at least 70 seconds (10 seconds higher
than the maximum time service may hold the poll request).
Access Control


Parameters
domain (string) The name of the domain that contains the task lists being polled.
taskList (dict) Specifies the task list to poll for activity tasks.
The specified string must not start or end with whitespace. It must not contain a : (colon),
/ (slash), | (vertical bar), or any control characters (u0000-u001f | u007f - u009f). Also,
it must not contain the literal string arn.
identity (string) Identity of the worker making the request, which is recorded in the
ActivityTaskStarted event in the workflow history. This enables diagnostic tracing
when problems arise. The form of this identity is user defined.
Return type dict
poll_for_decision_task(domain, taskList, identity=None, nextPageToken=None, maximumPa-
geSize=None, reverseOrder=None)
Used by deciders to get a DecisionTask from the specified decision taskList . A decision task may be
returned for any open workflow execution that is using the specified task list. The task includes a paginated
view of the history of the workflow execution. The decider should use the workflow type and the history
to determine how to properly handle the task.
This action initiates a long poll, where the service holds the HTTP connection open and responds as soon
a task becomes available. If no decision task is available in the specified task list before the timeout of 60
seconds expires, an empty result is returned. An empty result, in this context, means that a DecisionTask
is returned, but that the value of taskToken is an empty string.
Warning: Deciders should set their client side socket timeout to at least 70 seconds (10 seconds higher
than the timeout).
Warning: Because the number of workflow history events for a single workflow execution might
be very large, the result returned might be split up across a number of pages. To retrieve subse-
quent pages, make additional calls to PollForDecisionTask using the nextPageToken re-
turned by the initial call. Note that you do not call GetWorkflowExecutionHistory with this
nextPageToken . Instead, call PollForDecisionTask again.
Access Control
2.1. Services 655


Parameters
domain (string) The name of the domain containing the task lists to poll.
taskList (dict) Specifies the task list to poll for decision tasks.
identity (string) Identity of the decider making the request, which is recorded in the
DecisionTaskStarted event in the workflow history. This enables diagnostic tracing when
problems arise. The form of this identity is user defined.
.
maximumPageSize (integer) The maximum number of history events returned in each
page. The default is 100, but the caller can override this value to a page size smaller than
the default. You cannot specify a page size greater than 100. Note that the number of
events may be less than the maxiumum page size, in which case, the returned page will
reverseOrder (boolean) When set to true , returns the events in reverse order. By
default the results are returned in ascending order of the eventTimestamp of the events.
Return type dict
record_activity_task_heartbeat(taskToken, details=None)
Used by activity workers to report to the service that the ActivityTask represented by the specified
taskToken is still making progress. The worker can also (optionally) specify details of the progress,
for example percent complete, using the details parameter. This action can also be used by the worker
as a mechanism to check if cancellation is being requested for the activity task. If a cancellation is being
attempted for the specified task, then the boolean cancelRequested flag returned by the service is set
to true .
This action resets the taskHeartbeatTimeout clock. The taskHeartbeatTimeout is specified
in RegisterActivityType .
This action does not in itself create an event in the workflow execution history. However, if the task times
out, the workflow execution history will contain a ActivityTaskTimedOut event that contains the
information from the last heartbeat generated by the activity worker.
Warning: If the cancelRequested flag returns true , a cancellation is being attempted. If the
worker can cancel the activity, it should respond with RespondActivityTaskCanceled . Otherwise, it
should ignore the cancellation request.
Access Control

Parameters
taskToken (string) The taskToken of the ActivityTask .
Warning: The taskToken is generated by the service and should be treated as an

opaque value. If the task is passed to another process, its taskToken must also be
passed. This enables it to provide its progress and respond with results.
details (string) If specified, contains details about the progress of the task.
Return type dict
register_activity_type(domain, name, version, description=None, defaultTaskStartTo-
CloseTimeout=None, defaultTaskHeartbeatTimeout=None, de-
faultTaskList=None, defaultTaskScheduleToStartTimeout=None,
defaultTaskScheduleToCloseTimeout=None)
Registers a new activity type along with its configuration settings in the specified domain.
Warning: A TypeAlreadyExists fault is returned if the type already exists in the domain. You
cannot change any configuration settings of the type after its registration, and it must be registered as a
new version.
Access Control
defaultTaskList.name : String constraint. The key is swf:defaultTaskList.name .
name : String constraint. The key is swf:name .
version : String constraint. The key is swf:version .
Parameters
domain (string) The name of the domain in which this activity is to be registered.
name (string) The name of the activity type within the domain.
version (string) The version of the activity type.
description (string) A textual description of the activity type.
2.1. Services 657

defaultTaskStartToCloseTimeout (string) If set, specifies the default maximum du-

ration that a worker can take to process tasks of this activity type. This default can be
overridden when scheduling an activity task using the ScheduleActivityTask De-
cision .
The valid values are integers greater than or equal to 0 . An integer value can be used to
specify the duration in seconds while NONE can be used to specify unlimited duration.
defaultTaskHeartbeatTimeout (string) If set, specifies the default maximum time be-
fore which a worker processing a task of this type must report progress by calling Recor-
dActivityTaskHeartbeat . If the timeout is exceeded, the activity task is automatically
timed out. This default can be overridden when scheduling an activity task using the
ScheduleActivityTask Decision . If the activity worker subsequently attempts to
record a heartbeat or returns a result, the activity worker receives an UnknownResource
fault. In this case, Amazon SWF no longer considers the activity task to be valid; the ac-
tivity worker should clean up the activity task.
defaultTaskList (dict) If set, specifies the default task list to use for scheduling tasks of
this activity type. This default task list is used if a task list is not provided when a task is
scheduled through the ScheduleActivityTask Decision .
defaultTaskScheduleToStartTimeout (string) If set, specifies the default maxi-
mum duration that a task of this activity type can wait before being assigned to a
worker. This default can be overridden when scheduling an activity task using the
ScheduleActivityTask Decision .
defaultTaskScheduleToCloseTimeout (string) If set, specifies the default maximum
duration for a task of this activity type. This default can be overridden when scheduling
an activity task using the ScheduleActivityTask Decision .
Return type dict
register_domain(name, workflowExecutionRetentionPeriodInDays, description=None)
Registers a new domain.
Access Control
You cannot use an IAM policy to control domain access for this action. The name of the domain being
registered is available as the resource of this action.
Parameters
name (string) Name of the domain to register. The name must be unique.

description (string) Textual description of the domain.
workflowExecutionRetentionPeriodInDays (string) Specifies the duration*in days*
for which the record (including the history) of workflow executions in this domain should
be kept by the service. After the retention period, the workflow execution will not be
available in the results of visibility calls. If a duration of NONE is specified, the records for
workflow executions in this domain are not retained at all.
Return type dict
register_workflow_type(domain, name, version, description=None, defaultTaskStartToClose-
Timeout=None, defaultExecutionStartToCloseTimeout=None, default-
TaskList=None, defaultChildPolicy=None)
Registers a new workflow type and its configuration settings in the specified domain.
The retention period for the workflow history is set by the RegisterDomain action.
Warning: If the type already exists, then a TypeAlreadyExists fault is returned. You cannot
change the configuration settings of a workflow type once it is registered and it must be registered as a
new version.
Access Control
defaultTaskList.name : String constraint. The key is swf:defaultTaskList.name .
name : String constraint. The key is swf:name .
version : String constraint. The key is swf:version .
Parameters
domain (string) The name of the domain in which to register the workflow type.
name (string) The name of the workflow type.
version (string) The version of the workflow type.
description (string) Textual description of the workflow type.
defaultTaskStartToCloseTimeout (string) If set, specifies the default maximum
duration of decision tasks for this workflow type. This default can be overridden
2.1. Services 659

when starting a workflow execution using the StartWorkflowExecution action or the

StartChildWorkflowExecution Decision .
defaultExecutionStartToCloseTimeout (string) If set, specifies the default max-
imum duration for executions of this workflow type. You can override this de-
fault when starting an execution through the StartWorkflowExecution Action or
The duration is specified in seconds. The valid values are integers greater than or equal
to 0. Unlike some of the other timeout parameters in Amazon SWF, you cannot specify
a value of NONE for defaultExecutionStartToCloseTimeout ; there is a
one-year max limit on the time that a workflow execution can run. Exceeding this limit
will always cause the workflow execution to time out.
defaultTaskList (dict) If set, specifies the default task list to use for scheduling deci-
sion tasks for executions of this workflow type. This default is used only if a task list is
not provided when starting the execution through the StartWorkflowExecution Action or
defaultChildPolicy (string) If set, specifies the default policy to use for the child work-
flow executions when a workflow execution of this type is terminated, by calling the Termi-
nateWorkflowExecution action explicitly or due to an expired timeout. This default can be
overridden when starting a workflow execution using the StartWorkflowExecution action
or the StartChildWorkflowExecution Decision . The supported child policies
are:
TERMINATE: the child executions will be terminated.
REQUEST_CANCEL: a request to cancel will be attempted for each child execution
by recording a WorkflowExecutionCancelRequested event in its history. It is
up to the decider to take appropriate actions when it receives an execution history with
this event.
ABANDON: no action will be taken. The child executions will continue to run.
Return type dict
request_cancel_workflow_execution(domain, workflowId, runId=None)
Records a WorkflowExecutionCancelRequested event in the currently running workflow exe-
cution identified by the given domain, workflowId, and runId. This logically requests the cancellation of
the workflow execution as a whole. It is up to the decider to take appropriate actions when it receives an
execution history with this event.
Access Control
Parameters
domain (string) The name of the domain containing the workflow execution to cancel.

workflowId (string) The workflowId of the workflow execution to cancel.

runId (string) The runId of the workflow execution to cancel.
Return type dict
respond_activity_task_canceled(taskToken, details=None)
Used by workers to tell the service that the ActivityTask identified by the taskToken was successfully
canceled. Additional details can be optionally provided using the details argument.
These details (if provided) appear in the ActivityTaskCanceled event added to the workflow
history.
Warning: Only use this operation if the canceled flag of a RecordActivityTaskHeartbeat request
returns true and if the activity can be safely undone or abandoned.
A task is considered open from the time that it is scheduled until it is closed. Therefore a task is reported
as open while a worker is processing it. A task is closed after it has been specified in a call to RespondAc-
tivityTaskCompleted , RespondActivityTaskCanceled, RespondActivityTaskFailed , or the task has timed
out .
Access Control
Parameters

details (string) Optional information about the cancellation.

Return type dict
respond_activity_task_completed(taskToken, result=None)
Used by workers to tell the service that the ActivityTask identified by the taskToken completed suc-
cessfully with a result (if provided). The result appears in the ActivityTaskCompleted event
in the workflow history.
Warning: If the requested task does not complete successfully, use RespondActivityTaskFailed in-
stead. If the worker finds that the task is canceled through the canceled flag returned by RecordAc-
tivityTaskHeartbeat , it should cancel the task, clean up and then call RespondActivityTaskCanceled
.
2.1. Services 661

tivityTaskCompleted, RespondActivityTaskCanceled , RespondActivityTaskFailed , or the task has timed

out .
Access Control
Parameters

result (string) The result of the activity task. It is a free form string that is implementa-
tion specific.
Return type dict
respond_activity_task_failed(taskToken, reason=None, details=None)
Used by workers to tell the service that the ActivityTask identified by the taskToken has failed with
reason (if specified). The reason and details appear in the ActivityTaskFailed event added
to the workflow history.
tivityTaskCompleted , RespondActivityTaskCanceled , RespondActivityTaskFailed, or the task has timed
out .
Access Control
Parameters

reason (string) Description of the error that may assist in diagnostics.

details (string) Optional detailed information about the failure.

Return type dict
respond_decision_task_completed(taskToken, decisions=None, executionContext=None)
Used by deciders to tell the service that the DecisionTask identified by the taskToken has successfully
completed. The decisions argument specifies the list of decisions made while processing the task.
A DecisionTaskCompleted event is added to the workflow history. The executionContext
specified is attached to the event in the workflow execution history.
Access Control
If an IAM policy grants permission to use RespondDecisionTaskCompleted , it can express per-
missions for the list of decisions in the decisions parameter. Each of the decisions has one or more
parameters, much like a regular API call. To allow for policies to be as readable as possible, you can
express permissions on decisions as if they were actual API calls, including applying conditions to some
parameters. For more information, see Using IAM to Manage Access to Amazon SWF Workflows .
Parameters
taskToken (string) The taskToken from the DecisionTask .

decisions (list) The list of decisions (possibly empty) made by the decider while pro-
cessing this decision task. See the docs for the Decision structure for details.
executionContext (string) User defined context to add to workflow execution.
Return type dict
signal_workflow_execution(domain, workflowId, signalName, runId=None, input=None)
Records a WorkflowExecutionSignaled event in the workflow execution history and creates a
decision task for the workflow execution identified by the given domain, workflowId and runId. The event
is recorded with the specified user defined signalName and input (if provided).
Access Control
Parameters
domain (string) The name of the domain containing the workflow execution to signal.
workflowId (string) The workflowId of the workflow execution to signal.
runId (string) The runId of the workflow execution to signal.
signalName (string) The name of the signal. This name must be meaningful to the target
workflow.
2.1. Services 663

input (string) Data to attach to the WorkflowExecutionSignaled event in the

target workflow executions history.
Return type dict
start_workflow_execution(domain, workflowId, workflowType, taskList=None, input=None,
executionStartToCloseTimeout=None, tagList=None, taskStartTo-
CloseTimeout=None, childPolicy=None)
Starts an execution of the workflow type in the specified domain using the provided workflowId and
input data.
This action returns the newly started workflow execution.
Access Control
tagList.member.0 : The key is swf:tagList.member.0 .
taskList : String constraint. The key is swf:taskList.name .
name : String constraint. The key is swf:workflowType.name .
version : String constraint. The key is swf:workflowType.version .
Parameters
domain (string) The name of the domain in which the workflow execution is created.
workflowId (string) The user defined identifier associated with the workflow execution.
You can use this to associate a custom identifier with the workflow execution. You may
specify the same identifier if a workflow execution is logically a restart of a previous
execution. You cannot have two open workflow executions with the same workflowId
at the same time.
workflowType (dict) The type of the workflow to start.
taskList (dict) The task list to use for the decision tasks generated for this workflow exe-
cution. This overrides the defaultTaskList specified when registering the workflow
type.

input (string) The input for the workflow execution. This is a free form string which
should be meaningful to the workflow you are starting. This input is made available to
the new workflow execution in the WorkflowExecutionStarted history event.
executionStartToCloseTimeout (string) The total duration for this workflow execution.
This overrides the defaultExecutionStartToCloseTimeout specified when registering the
workflow type.
The duration is specified in seconds. The valid values are integers greater than or equal to
0. Exceeding this limit will cause the workflow execution to time out. Unlike some of the
other timeout parameters in Amazon SWF, you cannot specify a value of NONE for this
timeout; there is a one-year max limit on the time that a workflow execution can run.
tagList (list) The list of tags to associate with the workflow execution. You can spec-
ify a maximum of 5 tags. You can list workflow executions with a specific tag by calling
ListOpenWorkflowExecutions or ListClosedWorkflowExecutions and specifying a TagFil-
ter .
taskStartToCloseTimeout (string) Specifies the maximum duration of de-
cision tasks for this workflow execution. This parameter overrides the
defaultTaskStartToCloseTimout specified when registering the workflow
type using RegisterWorkflowType .
childPolicy (string) If set, specifies the policy to use for the child workflow executions
of this workflow execution if it is terminated, by calling the TerminateWorkflowExecution
action explicitly or due to an expired timeout. This policy overrides the default child
policy specified when registering the workflow type using RegisterWorkflowType . The
supported child policies are:
this event.
Return type dict
terminate_workflow_execution(domain, workflowId, runId=None, reason=None, de-
tails=None, childPolicy=None)
Records a WorkflowExecutionTerminated event and forces closure of the workflow execution
identified by the given domain, runId, and workflowId. The child policy, registered with the workflow
type or specified when starting this execution, is applied to any open child workflow executions of this
workflow execution.
Warning: If the identified workflow execution was in progress, it is terminated immediately.
Access Control
2.1. Services 665

Parameters
domain (string) The domain of the workflow execution to terminate.
workflowId (string) The workflowId of the workflow execution to terminate.
runId (string) The runId of the workflow execution to terminate.
reason (string) An optional descriptive reason for terminating the workflow execution.
details (string) Optional details for terminating the workflow execution.
childPolicy (string) If set, specifies the policy to use for the child workflow executions
of the workflow execution being terminated. This policy overrides the child policy spec-
ified for the workflow execution at registration time or when starting the execution. The
supported child policies are:
this event.
Return type dict
2.2 Core
2.2.1 Boto3 Reference
class boto3.NullHandler(level=0)
Initializes the instance - basically setting the formatter to None and the filter list to empty.
emit(record)
boto3.client(*args, **kwargs)
Create a low-level service client by name using the default session.
See boto3.session.Session.client().
boto3.resource(*args, **kwargs)
Create a resource service client by name using the default session.
See boto3.session.Session.resource().
boto3.set_stream_logger(name=boto3, level=10, format_string=None)
Add a stream handler for the given name and level to the logging module. By default, this logs all boto3
messages to stdout.
>>> import boto3
>>> boto3.set_stream_logger(boto3.resources, logging.INFO)
Parameters
name (string) Log name

level (int) Logging level, e.g. logging.INFO

format_string (str) Log message format
boto3.setup_default_session(**kwargs)
Set up a default session, passing through any parameters to the session constructor. There is no need to call this
unless you wish to pass custom parameters, because a default session will be created for you.
2.2.2 Collections Reference
class boto3.resources.collection.CollectionManager(model, parent, factory, resource_defs,

service_model)
A collection manager provides access to resource collection instances, which can be iterated and filtered. The
manager exposes some convenience functions that are also found on resource collections, such as all() and
filter().
Get all items:
>>> for bucket in s3.buckets.all():
... print(bucket.name)
Get only some items via filtering:

>>> for queue in sqs.queues.filter(QueueNamePrefix=AWS):
... print(queue.url)
A collection manager is not iterable. You must call one of the methods that return a ResourceCollection
before trying to iterate, slice, or convert to a list.
See Collections for a high-level overview of collections, including when remote service requests are performed.
Parameters
model (Collection) Collection model
parent (ServiceResource) The collections parent resource
factory (ResourceFactory) The resource factory to create new resources
resource_defs (dict) Service resource definitions.
service_model (botocore.model.ServiceModel) The Botocore service model
all(limit=None, page_size=None)
Get all items from the collection, optionally with a custom page size and item count limit.
This method returns an iterable generator which yields individual resource instances. Example use:
# Iterate through items
>>> for queue in sqs.queues.all():
https://url1
https://url2
# Convert to list
>>> queues = list(sqs.queues.all())
>>> len(queues)
2
Parameters
limit (int) Return no more than this many items
2.2. Core 667

page_size (int) Fetch this many items per request

Return type ResourceCollection
filter(**kwargs)
Get items from the collection, passing keyword arguments along as parameters to the underlying service
operation, which are typically used to filter the results.
>>> for queue in sqs.queues.filter(Param=foo):
https://url1
https://url2
# Convert to list
>>> queues = list(sqs.queues.filter(Param=foo))
>>> len(queues)
2
iterator(**kwargs)
Get a resource collection iterator from this manager.
Returns An iterable representing the collection of resources
limit(count)
Return at most this many resources.
Parameters count (int) Return no more than this many items
page_size(count)
Fetch at most this many resources per service request.
Parameters count (int) Fetch this many items per request
class boto3.resources.collection.ResourceCollection(model, parent, handler, **kwargs)
Represents a collection of resources, which can be iterated through, optionally with filtering. Collections auto-
matically handle pagination for you.
See Collections for a high-level overview of collections, including when remote service requests are performed.
Parameters
model (Collection) Collection model
parent (ServiceResource) The collections parent resource
handler (ResourceHandler) The resource response handler used to create resource
instances
all(limit=None, page_size=None)
Get all items from the collection, optionally with a custom page size and item count limit.


>>> for queue in sqs.queues.all():
https://url1
https://url2
# Convert to list
>>> queues = list(sqs.queues.all())
>>> len(queues)
2
Parameters
limit (int) Return no more than this many items
page_size (int) Fetch this many items per request
filter(**kwargs)
Get items from the collection, passing keyword arguments along as parameters to the underlying service
operation, which are typically used to filter the results.
>>> for queue in sqs.queues.filter(Param=foo):
https://url1
https://url2
# Convert to list
>>> queues = list(sqs.queues.filter(Param=foo))
>>> len(queues)
2
limit(count)
Return at most this many resources.
Parameters count (int) Return no more than this many items
page_size(count)
Fetch at most this many resources per service request.
Parameters count (int) Fetch this many items per request
2.2.3 Resources Reference
Resource Model
The models defined in this file represent the resource JSON description format and provide a layer of abstraction from
the raw JSON. The advantages of this are:
2.2. Core 669

Pythonic interface (e.g. action.request.operation)

Consumers need not change for minor JSON changes (e.g. renamed field)
These models are used both by the resource factory to generate resource classes as well as by the documentation
generator.
class boto3.resources.model.Action(name, definition, resource_defs)
A service operation action.
Parameters
name (string) The name of the action
definition (dict) The JSON definition
resource_defs (dict) All resources defined in the service
name = None
(string) The name of the action
path = None
(string) The JMESPath search path or None
request = None
(Request) This actions request or None
resource = None
(ResponseResource) This actions resource or None
class boto3.resources.model.Collection(name, definition, resource_defs)
A group of resources. See Action.
Parameters
name (string) The name of the collection
class boto3.resources.model.DefinitionWithParams(definition)
An item which has parameters exposed via the params property. A request has an operation and parameters,
while a waiter has a name, a low-level waiter name and parameters.
Parameters definition (dict) The JSON definition
params
Get a list of auto-filled parameters for this request.
Type list(Parameter)
class boto3.resources.model.Identifier(name)
A resource identifier, given by its name.
Parameters name (string) The name of the identifier
name = None
(string) The name of the identifier
class boto3.resources.model.Parameter(target, source_type, source)
An auto-filled parameter which has a source and target. For example, the QueueUrl may be auto-filled from a
resources url identifier when making calls to queue.receive_messages.
Parameters
target (string) The destination parameter name, e.g. QueueUrl

source_type (string) Where the source is defined.

source (string) The source name, e.g. Url
source = None
(string) The source name
source_type = None
(string) Where the source is defined
target = None
(string) The destination parameter name
class boto3.resources.model.Request(definition)
A service operation action request.
Parameters definition (dict) The JSON definition
operation = None
(string) The name of the low-level service operation
params
class boto3.resources.model.ResourceModel(name, definition, resource_defs)
A model representing a resource, defined via a JSON description format. A resource has identifiers, attributes,
actions, sub-resources, references and collections. For more information on resources, see Resources.
Parameters
name (string) The name of this resource, e.g. sqs or Queue
actions
Get a list of actions for this resource.
Type list(Action)
batch_actions
Get a list of batch actions for this resource.
Type list(Action)
collections
Get a list of collections for this resource.
Type list(Collection)
identifiers
Get a list of resource identifiers.
Type list(Identifier)
load
Get the load action for this resource, if it is defined.
Type Action or None
name = None
(string) The name of this resource
2.2. Core 671

references
Get a list of reference resources.
Type list(ResponseResource)
reverse_references
Get a list of reverse reference resources. E.g. an S3 object has a bucket_name identifier that can be
used to instantiate a bucket resource instance.
shape = None
(string) The service shape name for this resource or None
sub_resources = None
(SubResourceList) Sub-resource information or None
waiters
Get a list of waiters for this resource.
Type list(Waiter)
class boto3.resources.model.ResponseResource(definition, resource_defs)
A resource response to create after performing an action.
Parameters
identifiers
A list of resource identifiers.
Type list(Identifier)
model
Get the resource model for the response resource.
Type ResourceModel
path = None
(string) The JMESPath search query or None
type = None
(string) The name of the response resource type
class boto3.resources.model.SubResourceList(definition, resource_defs)
A list of information about sub-resources. It includes access to identifiers as well as resource names and models.
Parameters
identifiers = None
(dict) Identifier key:value pairs
resource_names = None
(list) A list of resource names
resources
Get a list of resource models contained in this sub-resource entry.
Type list(ResourceModel)

class boto3.resources.model.Waiter(name, definition)

An event waiter specification.
Parameters
name (string) Name of the waiter
name = None
(string) The name of this waiter
params
waiter_name = None
(string) The name of the underlying event waiter
Request Parameters
boto3.resources.params.build_param_structure(params, target, value)

This method provides a basic reverse JMESPath implementation that lets you go from a JMESPath-like string
to a possibly deeply nested object. The params are mutated in-place, so subsequent calls can modify the same
element by its index.
>>> build_param_structure(params, test[0], 1)
>>> print(params)
{test: [1]}
>>> build_param_structure(params, foo.bar[0].baz, hello world)

>>> print(params)
{test: [1], foo: {bar: [{baz: hello, world}]}}
boto3.resources.params.create_request_parameters(parent, request_model)
Handle request parameters that can be filled in from identifiers, resource data members or constants.
Parameters
parent (ServiceResource) The resource instance to which this action is attached.
request_model (Request) The action request model.
Return type dict
Returns Pre-filled parameters to be sent to the request operation.
Response Handlers
class boto3.resources.response.RawHandler(search_path)
A raw action response handler. This passed through the response dictionary, optionally after performing a
JMESPath search if one has been defined for the action.
Parameters search_path (string) JMESPath expression to search in the response
Return type dict
Returns Service response
2.2. Core 673

class boto3.resources.response.ResourceHandler(search_path, factory, resource_defs,

service_model, resource_model, opera-
tion_name)
Creates a new resource or list of new resources from the low-level response based on the given response resource
definition.
Parameters
search_path (string) JMESPath expression to search in the response
factory (ResourceFactory) The factory that created the resource class to which this action
is attached.
resource_model (ResponseResource) Response resource model.
operation_name (string) Name of the underlying service operation
Return type ServiceResource or list
Returns New resource instance(s).
handle_response_item(resource_cls, parent, identifiers, resource_data)
Handles the creation of a single response item by setting parameters and creating the appropriate resource
instance.
Parameters
resource_cls (ServiceResource subclass) The resource class to instantiate.
identifiers (dict) Map of identifier names to value or values.
resource_data (dict or None) Data for resource attributes.
Return type ServiceResource
Returns New resource instance.
boto3.resources.response.all_not_none(iterable)
Return True if all elements of the iterable are not None (or if the iterable is empty). This is like the built-in all,
except checks against None, so 0 and False are allowable values.
boto3.resources.response.build_empty_response(search_path, operation_name, ser-
vice_model)
Creates an appropriate empty response for the type that is expected, based on the service models shape type.
For example, a value that is normally a list would then return an empty list. A structure would return an empty
dict, and a number would return None.
Parameters
search_path (string) JMESPath expression to search in the response
operation_name (string) Name of the underlying service operation
Return type dict, list, or None
Returns An appropriate empty value

boto3.resources.response.build_identifiers(identifiers, parent, params, raw_response)

Builds a mapping of identifier names to values based on the identifier source location, type, and target. Identifier
values may be scalars or lists depending on the source type and location.
Parameters
identifiers (list) List of Parameter definitions
params (dict) Request parameters sent to the service.
raw_response (dict) Low-level operation response.
Resource Actions
class boto3.resources.action.ServiceAction(action_model, factory=None, re-

source_defs=None, service_model=None)
A class representing a callable action on a resource, for example sqs.get_queue_by_name(...) or
s3.Bucket(foo).delete(). The action may construct parameters from existing resource identifiers
and may return either a raw response or a new resource instance.
Parameters
action_model (:py:class~boto3.resources.model.Action) The action model.
factory (ResourceFactory) The factory that created the resource class to which this action
is attached.
Resource Base
class boto3.resources.base.ServiceResource(*args, **kwargs)

A base class for resources.
Parameters client (botocore.client) A low-level Botocore client instance
meta = None
Stores metadata about this resource instance, such as the service_name, the low-level client and
any cached data from when the instance was hydrated. For example:
# Get a low-level client from a resource instance
client = resource.meta[client]
response = client.operation(Param=foo)
# Print the resource instances service short name

print(resource.meta[service_name])
Resource Factory
class boto3.resources.factory.ResourceFactory
A factory to create new ServiceResource classes from a ResourceModel. There are two types of
lookups that can be done: one on the service itself (e.g. an SQS resource) and another on models contained
within the service (e.g. an SQS Queue resource).
2.2. Core 675

load_from_definition(service_name, resource_name, model, resource_defs, service_model)

Loads a resource from a model, creating a new ServiceResource subclass with the correct properties
and methods, named based on the service and resource name, e.g. EC2.Instance.
Parameters
service_name (string) Name of the service to look up
resource_name (string) Name of the resource to look up. For services, this should
match the service_name.
model (dict) The service or resource definition.
resource_defs (dict) The services resource definitions, used to load subresources (e.g.
sqs.Queue).
service_model (botocore.model.ServiceModel) The Botocore service model,
required only if the resource shape contains members. This is used to expose lazy-loaded
attributes on the resource.
Return type Subclass of ServiceResource
Returns The service or resource class.
2.2.4 Session Reference
class boto3.session.Session(aws_access_key_id=None, aws_secret_access_key=None,

aws_session_token=None, region_name=None, boto-
core_session=None)
A session stores configuration state and allows you to create service clients and resources.
Parameters
aws_access_key_id (string) AWS access key ID
aws_secret_access_key (string) AWS secret access key
aws_session_token (string) AWS temporary session token
region_name (string) Default region when creating new connections
botocore_session (botocore.session.Session) Use this Botocore session instead of creating
a new default one.
client(service_name, region_name=None, api_version=None, use_ssl=True, verify=None,
endpoint_url=None, aws_access_key_id=None, aws_secret_access_key=None,
aws_session_token=None)
Create a low-level service client by name.
Parameters
service_name (string) The name of a service, e.g. s3 or ec2. You can get a list of
available services via get_available_services().
region_name (string) The name of the region associated with the client. A client is
associated with a single region.
api_version (string) The API version to use. By default, botocore will use the latest API
version when creating a client. You only need to specify this parameter if you want to use
a previous API version of the client.
use_ssl (boolean) Whether or not to use SSL. By default, SSL is used. Note that not all
services support non-ssl connections.

verify (boolean/string) Whether or not to verify SSL certificates. By default SSL cer-
tificates are verified. You can provide the following values:
False - do not validate SSL certificates. SSL will still be used (unless use_ssl is False),
but SSL certificates will not be verified.
path/to/cert/bundle.pem - A filename of the CA cert bundle to uses. You can specify this
argument if you want to use a different CA cert bundle than the one used by botocore.
endpoint_url (string) The complete URL to use for the constructed client. Normally,
botocore will automatically construct the appropriate URL to use when communicating
with a service. You can specify a complete URL (including the http/https scheme) to
override this behavior. If this value is provided, then use_ssl is ignored.
aws_access_key_id (string) The access key to use when creating the client. This is
entirely optional, and if not provided, the credentials configured for the session will au-
tomatically be used. You only need to provide this argument if you want to override the
credentials used for this specific client.
aws_secret_access_key (string) The secret key to use when creating the client. Same
semantics as aws_access_key_id above.
aws_session_token (string) The session token to use when creating the client. Same
Returns Service client instance
get_available_resources()
Get a list of available services that can be loaded as resource clients via Session.resource().
Return type list
Returns List of service names
get_available_services()
Get a list of available services that can be loaded as low-level clients via Session.client().
Return type list
Returns List of service names
resource(service_name, region_name=None, api_version=None, use_ssl=True, verify=None,
endpoint_url=None, aws_access_key_id=None, aws_secret_access_key=None,
aws_session_token=None)
Create a resource service client by name.
Parameters
service_name (string) The name of a service, e.g. s3 or ec2. You can get a list of
available services via get_available_resources().
region_name (string) The name of the region associated with the client. A client is
associated with a single region.
api_version (string) The API version to use. By default, botocore will use the latest API
version when creating a client. You only need to specify this parameter if you want to use
a previous API version of the client.
use_ssl (boolean) Whether or not to use SSL. By default, SSL is used. Note that not all
services support non-ssl connections.
verify (boolean/string) Whether or not to verify SSL certificates. By default SSL cer-
tificates are verified. You can provide the following values:
2.2. Core 677

False - do not validate SSL certificates. SSL will still be used (unless use_ssl is False),
but SSL certificates will not be verified.
path/to/cert/bundle.pem - A filename of the CA cert bundle to uses. You can specify this
argument if you want to use a different CA cert bundle than the one used by botocore.
endpoint_url (string) The complete URL to use for the constructed client. Normally,
botocore will automatically construct the appropriate URL to use when communicating
with a service. You can specify a complete URL (including the http/https scheme) to
override this behavior. If this value is provided, then use_ssl is ignored.
aws_access_key_id (string) The access key to use when creating the client. This is
entirely optional, and if not provided, the credentials configured for the session will au-
tomatically be used. You only need to provide this argument if you want to override the
credentials used for this specific client.
aws_secret_access_key (string) The secret key to use when creating the client. Same
aws_session_token (string) The session token to use when creating the client. Same
Returns Subclass of ServiceResource

CHAPTER 3
Indices and tables
genindex
modindex
search
679
680 Chapter 3. Indices and tables

Python Module Index
b
boto3, 666
boto3.resources.action, 675
boto3.resources.base, 675
boto3.resources.collection, 667
boto3.resources.factory, 675
boto3.resources.model, 669
boto3.resources.params, 673
boto3.resources.response, 673
boto3.session, 676
681
682 Python Module Index

Index
A add_permission() (sqs.Queue method), 614

abort() (s3.MultipartUpload method), 562 add_role() (iam.InstanceProfile method), 362
abort_multipart_upload() (s3.Client method), 531 add_role_to_instance_profile() (iam.Client method), 324
accept() (ec2.VpcPeeringConnection method), 263 add_source_identifier_to_subscription() (rds.Client
accept_ranges (s3.Object attribute), 565 method), 433
accept_vpc_peering_connection() (ec2.Client method), add_tags() (elb.Client method), 308
136 add_tags() (emr.Client method), 318
accepted_vpc_peering_connections (ec2.Vpc attribute), add_tags_to_resource() (rds.Client method), 434
262 add_tags_to_stream() (kinesis.Client method), 376
accepter_vpc (ec2.VpcPeeringConnection attribute), 263 add_upload_buffer() (storagegateway.Client method),
accepter_vpc_info (ec2.VpcPeeringConnection attribute), 618
263 add_user() (iam.Group method), 359
access_key_id (iam.AccessKey attribute), 354 add_user_to_group() (iam.Client method), 325
access_keys (iam.User attribute), 372 add_working_storage() (storagegateway.Client method),
AccessKey() (iam.Service method), 352 619
AccessKey() (iam.User method), 372 all() (boto3.resources.collection.CollectionManager
account_aliases (iam.Service attribute), 353 method), 667
AccountAlias() (iam.Service method), 352 all() (boto3.resources.collection.ResourceCollection
AccountPasswordPolicy() (iam.Service method), 352 method), 668
AccountSummary() (iam.Service method), 353 all_not_none() (in module boto3.resources.response), 674
Action (class in boto3.resources.model), 670 allocate_address() (ec2.Client method), 136
actions (boto3.resources.model.ResourceModel at- allocate_connection_on_interconnect() (directcon-
tribute), 671 nect.Client method), 99
activate() (iam.AccessKey method), 355 allocate_private_virtual_interface() (directconnect.Client
activate() (iam.SigningCertificate method), 370 method), 99
activate_gateway() (storagegateway.Client method), 617 allocate_public_virtual_interface() (directconnect.Client
activate_pipeline() (datapipeline.Client method), 93 method), 100
add_attachments_to_set() (support.Client method), 639 allow_users_to_change_password
add_cache() (storagegateway.Client method), 618 (iam.AccountPasswordPolicy attribute),
add_client_id_to_open_id_connect_provider() 356
(iam.Client method), 324 ami_launch_index (ec2.Instance attribute), 226
add_communication_to_case() (support.Client method), apply_security_groups_to_load_balancer() (elb.Client
639 method), 308
add_event_source() (lambda.Client method), 391 apps_count (opsworks.StackSummary attribute), 433
add_group() (iam.User method), 371 architecture (ec2.Image attribute), 223
add_instance_groups() (emr.Client method), 318 architecture (ec2.Instance attribute), 226
add_job_flow_steps() (emr.Client method), 318 arn (iam.Group attribute), 359
add_permission() (sns.Client method), 585 arn (iam.InstanceProfile attribute), 362
add_permission() (sns.Topic method), 600 arn (iam.Role attribute), 365
add_permission() (sqs.Client method), 603 arn (iam.SamlProvider attribute), 367
arn (iam.User attribute), 370
683
arn (opsworks.Stack attribute), 429 authorize_cluster_security_group_ingress() (red-

arn (opsworks.StackSummary attribute), 433 shift.Client method), 475
arn (sns.PlatformApplication attribute), 594 authorize_db_security_group_ingress() (rds.Client
arn (sns.PlatformEndpoint attribute), 596 method), 434
arn (sns.Subscription attribute), 598 authorize_egress() (ec2.SecurityGroup method), 245
arn (sns.Topic attribute), 599 authorize_ingress() (ec2.SecurityGroup method), 245
assign_private_ip_addresses() (ec2.Client method), 137 authorize_security_group_egress() (ec2.Client method),
assign_private_ip_addresses() (ec2.NetworkInterface 140
method), 238 authorize_security_group_ingress() (ec2.Client method),
assign_volume() (opsworks.Client method), 399 140
associate_address() (ec2.Client method), 137 authorize_snapshot_access() (redshift.Client method),
associate_dhcp_options() (ec2.Client method), 138 475
associate_dhcp_options() (ec2.Vpc method), 259 auto_assign_elastic_ips (opsworks.Layer attribute), 427
associate_elastic_ip() (opsworks.Client method), 399 auto_assign_public_ips (opsworks.Layer attribute), 427
associate_route_table() (ec2.Client method), 138 autoscaling.Client (built-in class), 17
associate_vpc_with_hosted_zone() (route53.Client availability_zone (ec2.NetworkInterface attribute), 238
method), 510 availability_zone (ec2.Subnet attribute), 250
associate_with_subnet() (ec2.RouteTable method), 242 availability_zone (ec2.Volume attribute), 255
associate_with_vpc() (ec2.DhcpOptions method), 222 available_ip_address_count (ec2.Subnet attribute), 250
association (ec2.NetworkInterface attribute), 238
associations (ec2.NetworkAcl attribute), 235 B
associations (ec2.RouteTable attribute), 242, 243 base_32_string_seed (iam.VirtualMfaDevice attribute),
assume_role() (sts.Client method), 631 374
assume_role_policy_document (iam.Role attribute), 365 batch_actions (boto3.resources.model.ResourceModel at-
assume_role_with_saml() (sts.Client method), 633 tribute), 671
assume_role_with_web_identity() (sts.Client method), batch_delete_attributes() (sdb.Client method), 575
634 batch_get_applications() (codedeploy.Client method), 75
attach() (ec2.NetworkInterface method), 239 batch_get_deployments() (codedeploy.Client method), 76
attach_elastic_load_balancer() (opsworks.Client batch_get_item() (dynamodb.Client method), 105
method), 399 batch_put_attributes() (sdb.Client method), 576
attach_instances() (autoscaling.Client method), 17 batch_write_item() (dynamodb.Client method), 106
attach_internet_gateway() (ec2.Client method), 138 block_device_mappings (ec2.Image attribute), 223
attach_internet_gateway() (ec2.Vpc method), 259 block_device_mappings (ec2.Instance attribute), 226
attach_load_balancer_to_subnets() (elb.Client method), body (sqs.Message attribute), 613
309 boto3 (module), 666
attach_network_interface() (ec2.Client method), 139 boto3.resources.action (module), 675
attach_to_instance() (ec2.Volume method), 256 boto3.resources.base (module), 675
attach_to_vpc() (ec2.InternetGateway method), 233 boto3.resources.collection (module), 667
attach_volume() (ec2.Client method), 139 boto3.resources.factory (module), 675
attach_volume() (ec2.Instance method), 228 boto3.resources.model (module), 669
attach_vpn_gateway() (ec2.Client method), 139 boto3.resources.params (module), 673
attachment (ec2.NetworkInterface attribute), 238 boto3.resources.response (module), 673
attachments (ec2.InternetGateway attribute), 233 boto3.session (module), 676
attachments (ec2.Volume attribute), 255 bucket (s3.BucketAcl attribute), 553
attributes (opsworks.Layer attribute), 427 bucket (s3.BucketCors attribute), 553
attributes (opsworks.Stack attribute), 429 bucket (s3.BucketLifecycle attribute), 554
attributes (sns.PlatformApplication attribute), 595 bucket (s3.BucketLogging attribute), 555
attributes (sns.PlatformEndpoint attribute), 596 bucket (s3.BucketNotification attribute), 556
attributes (sns.Subscription attribute), 598 bucket (s3.BucketPolicy attribute), 557
attributes (sns.Topic attribute), 600 bucket (s3.BucketRequestPayment attribute), 557
attributes (sqs.Message attribute), 613 bucket (s3.BucketTagging attribute), 558
attributes (sqs.Queue attribute), 614 bucket (s3.BucketVersioning attribute), 560
authorize_cache_security_group_ingress() (elasti- bucket (s3.BucketWebsite attribute), 561
cache.Client method), 264 bucket (s3.Object attribute), 571
684 Index
Bucket() (s3.Service method), 547 cancel_reserved_instances_listing() (ec2.Client method),

bucket_name (s3.BucketAcl attribute), 552 142
bucket_name (s3.BucketCors attribute), 553 cancel_retrieval() (storagegateway.Client method), 619
bucket_name (s3.BucketLifecycle attribute), 554 cancel_spot_instance_requests() (ec2.Client method),
bucket_name (s3.BucketLogging attribute), 555 142
bucket_name (s3.BucketNotification attribute), 555 cancel_update() (cloudformation.Stack method), 49
bucket_name (s3.BucketPolicy attribute), 556 cancel_update_stack() (cloudformation.Client method),
bucket_name (s3.BucketRequestPayment attribute), 557 37
bucket_name (s3.BucketTagging attribute), 558 capabilities (cloudformation.Stack attribute), 48
bucket_name (s3.BucketVersioning attribute), 559 certificate_body (iam.ServerCertificate attribute), 368
bucket_name (s3.BucketWebsite attribute), 560 certificate_body (iam.SigningCertificate attribute), 369
bucket_name (s3.MultipartUpload attribute), 561 certificate_chain (iam.ServerCertificate attribute), 368
bucket_name (s3.MultipartUploadPart attribute), 562 certificate_id (iam.SigningCertificate attribute), 369
bucket_name (s3.Object attribute), 565 change_message_visibility() (sqs.Client method), 604
bucket_name (s3.ObjectAcl attribute), 572 change_message_visibility_batch() (sqs.Client method),
bucket_name (s3.ObjectVersion attribute), 573 604
BucketAcl() (s3.Bucket method), 551 change_message_visibility_batch() (sqs.Queue method),
BucketAcl() (s3.Service method), 548 615
BucketCors() (s3.Bucket method), 551 change_password() (iam.Client method), 325
BucketCors() (s3.Service method), 548 change_password() (iam.Service method), 349
BucketLifecycle() (s3.Bucket method), 551 change_resource_record_sets() (route53.Client method),
BucketLifecycle() (s3.Service method), 548 510
BucketLogging() (s3.Bucket method), 551 change_tags_for_resource() (route53.Client method), 511
BucketLogging() (s3.Service method), 548 change_visibility() (sqs.Message method), 613
BucketNotification() (s3.Bucket method), 551 check_dns_availability() (elasticbeanstalk.Client
BucketNotification() (s3.Service method), 548 method), 285
BucketPolicy() (s3.Bucket method), 551 check_domain_availability() (route53domains.Client
BucketPolicy() (s3.Service method), 548 method), 521
BucketRequestPayment() (s3.Bucket method), 551 chef_configuration (opsworks.Stack attribute), 429
BucketRequestPayment() (s3.Service method), 548 cidr_block (ec2.Subnet attribute), 250
buckets (s3.Service attribute), 548 cidr_block (ec2.Vpc attribute), 259
BucketTagging() (s3.Bucket method), 551 client() (boto3.session.Session method), 676
BucketTagging() (s3.Service method), 548 client() (in module boto3), 666
BucketVersioning() (s3.Bucket method), 551 client_token (ec2.Instance attribute), 226
BucketVersioning() (s3.Service method), 548 clone_stack() (opsworks.Client method), 400
BucketWebsite() (s3.Bucket method), 551 cloud_function_configuration (s3.BucketNotification at-
BucketWebsite() (s3.Service method), 548 tribute), 555
build_empty_response() (in module cloudformation.Client (built-in class), 36
boto3.resources.response), 674 cloudformation.Event (built-in class), 47
build_identifiers() (in module boto3.resources.response), cloudformation.Service (built-in class), 45
674 cloudformation.Stack (built-in class), 48
build_param_structure() (in module cloudformation.StackResource (built-in class), 51
boto3.resources.params), 673 cloudformation.StackResourceSummary (built-in class),
build_suggesters() (cloudsearch.Client method), 57 52
bundle_instance() (ec2.Client method), 141 cloudfront.Client (built-in class), 53
cloudsearch.Client (built-in class), 57
C cloudsearchdomain.Client (built-in class), 63
cache_control (s3.Object attribute), 565 cloudtrail.Client (built-in class), 69
cancel_archival() (storagegateway.Client method), 619 cloudwatch.Client (built-in class), 71
cancel_bundle_task() (ec2.Client method), 142 codedeploy.Client (built-in class), 75
cancel_conversion_task() (ec2.Client method), 142 Collection (class in boto3.resources.model), 670
cancel_export_task() (ec2.Client method), 142 CollectionManager (class in boto3.resources.collection),
cancel_job() (elastictranscoder.Client method), 298 667
cancel_job() (importexport.Client method), 375
Index 685
collections (boto3.resources.model.ResourceModel at- create_app_cookie_stickiness_policy() (elb.Client

tribute), 671 method), 309
complete() (s3.MultipartUpload method), 562 create_application() (codedeploy.Client method), 76
complete_lifecycle_action() (autoscaling.Client method), create_application() (elasticbeanstalk.Client method),
17 286
complete_multipart_upload() (s3.Client method), 531 create_application_version() (elasticbeanstalk.Client
config.Client (built-in class), 91 method), 286
configuration_manager (opsworks.Stack attribute), 430 create_auto_scaling_group() (autoscaling.Client method),
configure_health_check() (elb.Client method), 309 18
confirm_connection() (directconnect.Client method), 100 create_bucket() (s3.Client method), 533
confirm_private_virtual_interface() (directconnect.Client create_bucket() (s3.Service method), 547
method), 100 create_cache_cluster() (elasticache.Client method), 264
confirm_product_instance() (ec2.Client method), 143 create_cache_parameter_group() (elasticache.Client
confirm_public_virtual_interface() (directconnect.Client method), 267
method), 101 create_cache_security_group() (elasticache.Client
confirm_subscription() (sns.Client method), 586 method), 267
confirm_subscription() (sns.Topic method), 600 create_cache_subnet_group() (elasticache.Client
console_output() (ec2.Instance method), 228 method), 268
content_disposition (s3.Object attribute), 565 create_cached_iscsi_volume() (storagegateway.Client
content_encoding (s3.Object attribute), 565 method), 619
content_language (s3.Object attribute), 565 create_case() (support.Client method), 640
content_length (s3.Object attribute), 565 create_cluster() (redshift.Client method), 476
content_type (s3.Object attribute), 565 create_cluster_parameter_group() (redshift.Client
copy() (ec2.Snapshot method), 248 method), 480
copy_cluster_snapshot() (redshift.Client method), 476 create_cluster_security_group() (redshift.Client method),
copy_db_parameter_group() (rds.Client method), 435 481
copy_db_snapshot() (rds.Client method), 435 create_cluster_snapshot() (redshift.Client method), 481
copy_from() (s3.MultipartUploadPart method), 563 create_cluster_subnet_group() (redshift.Client method),
copy_from() (s3.Object method), 566 481
copy_image() (ec2.Client method), 143 create_configuration_template() (elasticbeanstalk.Client
copy_object() (s3.Client method), 532 method), 287
copy_option_group() (rds.Client method), 436 create_connection() (directconnect.Client method), 101
copy_snapshot() (ec2.Client method), 143 create_customer_gateway() (ec2.Client method), 144
copy_snapshot() (elasticache.Client method), 264 create_date (iam.AccessKey attribute), 354
cors_rules (s3.BucketCors attribute), 553 create_date (iam.Group attribute), 359
count_closed_workflow_executions() (swf.Client create_date (iam.InstanceProfile attribute), 362
method), 644 create_date (iam.LoginProfile attribute), 363
count_open_workflow_executions() (swf.Client method), create_date (iam.Role attribute), 365
645 create_date (iam.SamlProvider attribute), 368
count_pending_activity_tasks() (swf.Client method), 646 create_date (iam.User attribute), 370
count_pending_decision_tasks() (swf.Client method), create_db_instance() (rds.Client method), 436
646 create_db_instance_read_replica() (rds.Client method),
create() (iam.Group method), 359 442
create() (iam.LoginProfile method), 363 create_db_parameter_group() (rds.Client method), 443
create() (s3.Bucket method), 549 create_db_security_group() (rds.Client method), 444
create_access_key() (iam.Client method), 325 create_db_snapshot() (rds.Client method), 445
create_access_key() (iam.User method), 371 create_db_subnet_group() (rds.Client method), 445
create_account_alias() (iam.Client method), 325 create_deployment() (codedeploy.Client method), 76
create_account_alias() (iam.Service method), 349 create_deployment() (opsworks.Client method), 403
create_account_password_policy() (iam.Service method), create_deployment_config() (codedeploy.Client method),
349 76
create_alias() (kms.Client method), 385 create_deployment_group() (codedeploy.Client method),
create_app() (opsworks.Client method), 402 77
create_dhcp_options() (ec2.Client method), 145
686 Index
create_dhcp_options() (ec2.Service method), 213 create_open_id_connect_provider() (iam.Client method),

create_domain() (cloudsearch.Client method), 57 326
create_domain() (sdb.Client method), 577 create_option_group() (rds.Client method), 446
create_entry() (ec2.NetworkAcl method), 235 create_or_update_tags() (autoscaling.Client method), 21
create_environment() (elasticbeanstalk.Client method), create_pipeline() (datapipeline.Client method), 93
288 create_pipeline() (elastictranscoder.Client method), 299
create_event_subscription() (rds.Client method), 445 create_placement_group() (ec2.Client method), 148
create_event_subscription() (redshift.Client method), 482 create_placement_group() (ec2.Service method), 216
create_grant() (kms.Client method), 385 create_platform_application() (sns.Client method), 586
create_group() (iam.Client method), 325 create_platform_application() (sns.Service method), 593
create_group() (iam.Service method), 350 create_platform_endpoint() (sns.Client method), 586
create_health_check() (route53.Client method), 511 create_platform_endpoint() (sns.PlatformApplication
create_hosted_zone() (route53.Client method), 512 method), 595
create_hsm_client_certificate() (redshift.Client method), create_policy() (iam.Group method), 359
483 create_policy() (iam.User method), 371
create_hsm_configuration() (redshift.Client method), 483 create_preset() (elastictranscoder.Client method), 302
create_identity_pool(), 83 create_private_virtual_interface() (directconnect.Client
create_image() (ec2.Client method), 145 method), 102
create_image() (ec2.Instance method), 228 create_public_virtual_interface() (directconnect.Client
create_instance() (opsworks.Client method), 403 method), 102
create_instance_export_task() (ec2.Client method), 146 create_queue() (sqs.Client method), 605
create_instance_profile() (iam.Client method), 326 create_queue() (sqs.Service method), 611
create_instance_profile() (iam.Service method), 351 create_replication_group() (elasticache.Client method),
create_instances() (ec2.Service method), 213 268
create_instances() (ec2.Subnet method), 251 create_request_parameters() (in module
create_interconnect() (directconnect.Client method), 101 boto3.resources.params), 673
create_internet_gateway() (ec2.Client method), 146 create_reserved_instances_listing() (ec2.Client method),
create_internet_gateway() (ec2.Service method), 215 148
create_job() (elastictranscoder.Client method), 298 create_reusable_delegation_set() (route53.Client
create_job() (importexport.Client method), 375 method), 513
create_key() (kms.Client method), 386 create_role() (iam.Client method), 327
create_key_pair() (ec2.Client method), 146 create_role() (iam.Service method), 351
create_key_pair() (ec2.Service method), 215 create_route() (ec2.Client method), 149
create_launch_configuration() (autoscaling.Client create_route() (ec2.RouteTable method), 242
method), 19 create_route_table() (ec2.Client method), 150
create_layer() (opsworks.Client method), 405 create_route_table() (ec2.Service method), 216
create_layer() (opsworks.Stack method), 431 create_route_table() (ec2.Vpc method), 260
create_lb_cookie_stickiness_policy() (elb.Client create_saml_provider() (iam.Client method), 327
method), 310 create_saml_provider() (iam.Service method), 351
create_load_balancer() (elb.Client method), 310 create_security_group() (ec2.Client method), 150
create_load_balancer_listeners() (elb.Client method), 311 create_security_group() (ec2.Service method), 216
create_load_balancer_policy() (elb.Client method), 312 create_security_group() (ec2.Vpc method), 260
create_log_group() (logs.Client method), 395 create_server_certificate() (iam.Service method), 351
create_log_stream() (logs.Client method), 395 create_signing_certificate() (iam.Service method), 352
create_login_profile() (iam.Client method), 326 create_snapshot() (ec2.Client method), 150
create_multipart_upload() (s3.Client method), 534 create_snapshot() (ec2.Service method), 216
create_network_acl() (ec2.Client method), 147 create_snapshot() (ec2.Volume method), 256
create_network_acl() (ec2.Service method), 215 create_snapshot() (elasticache.Client method), 271
create_network_acl() (ec2.Vpc method), 259 create_snapshot() (storagegateway.Client method), 620
create_network_acl_entry() (ec2.Client method), 147 create_snapshot_from_volume_recovery_point() (stor-
create_network_interface() (ec2.Client method), 147 agegateway.Client method), 620
create_network_interface() (ec2.Service method), 215 create_spot_datafeed_subscription() (ec2.Client method),
create_network_interface() (ec2.Subnet method), 253 151
create_stack() (cloudformation.Client method), 37
Index 687
create_stack() (cloudformation.Service method), 45 CreateInvalidation2014_10_21() (cloudfront.Client

create_stack() (opsworks.Client method), 406 method), 53
create_stack() (opsworks.Service method), 424 CreateStreamingDistribution2014_10_21() (cloud-
create_storage_location() (elasticbeanstalk.Client front.Client method), 53
method), 289 creation_date (s3.Bucket attribute), 549
create_stored_iscsi_volume() (storagegateway.Client creation_time (cloudformation.Stack attribute), 48
method), 621 custom_cookbooks_source (opsworks.Stack attribute),
create_stream() (kinesis.Client method), 376 430
create_subnet() (ec2.Client method), 151 custom_instance_profile_arn (opsworks.Layer attribute),
create_subnet() (ec2.Service method), 217 428
create_subnet() (ec2.Vpc method), 260 custom_json (opsworks.Stack attribute), 430
create_table() (dynamodb.Client method), 107 custom_recipes (opsworks.Layer attribute), 428
create_tags() (ec2.Client method), 152 custom_security_group_ids (opsworks.Layer attribute),
create_tags() (ec2.DhcpOptions method), 222 428
create_tags() (ec2.Image method), 224
create_tags() (ec2.Instance method), 228 D
create_tags() (ec2.InternetGateway method), 234 datapipeline.Client (built-in class), 93
create_tags() (ec2.NetworkAcl method), 236 deactivate() (iam.AccessKey method), 355
create_tags() (ec2.NetworkInterface method), 239 deactivate() (iam.MfaDevice method), 364
create_tags() (ec2.RouteTable method), 243 deactivate() (iam.SigningCertificate method), 370
create_tags() (ec2.SecurityGroup method), 246 deactivate_mfa_device() (iam.Client method), 329
create_tags() (ec2.Service method), 217 dead_letter_source_queues (sqs.Service attribute), 612
create_tags() (ec2.Snapshot method), 249 decode_authorization_message() (sts.Client method), 636
create_tags() (ec2.Subnet method), 253 decrypt() (kms.Client method), 386
create_tags() (ec2.Volume method), 256 default_availability_zone (opsworks.Stack attribute), 430
create_tags() (ec2.Vpc method), 260 default_for_az (ec2.Subnet attribute), 250
create_tags() (redshift.Client method), 484 default_instance_profile_arn (opsworks.Stack attribute),
create_tapes() (storagegateway.Client method), 621 430
create_time (ec2.Volume attribute), 255 default_os (opsworks.Stack attribute), 430
create_topic() (sns.Client method), 587 default_recipes (opsworks.Layer attribute), 428
create_topic() (sns.Service method), 594 default_root_device_type (opsworks.Stack attribute), 430
create_trail() (cloudtrail.Client method), 69 default_security_group_names (opsworks.Layer at-
create_user() (iam.Client method), 328 tribute), 428
create_user() (iam.Service method), 352 default_ssh_key_name (opsworks.Stack attribute), 430
create_user_profile() (opsworks.Client method), 408 default_subnet_id (opsworks.Stack attribute), 430
create_virtual_mfa_device() (iam.Client method), 328 define_analysis_scheme() (cloudsearch.Client method),
create_virtual_mfa_device() (iam.Service method), 352 57
create_volume() (ec2.Client method), 152 define_expression() (cloudsearch.Client method), 58
create_volume() (ec2.Service method), 217 define_index_field() (cloudsearch.Client method), 58
create_vpc() (ec2.Client method), 153 define_suggester() (cloudsearch.Client method), 58
create_vpc() (ec2.Service method), 218 DefinitionWithParams (class in boto3.resources.model),
create_vpc_peering_connection() (ec2.Client method), 670
153 delete() (cloudformation.Stack method), 49
create_vpc_peering_connection() (ec2.Service method), delete() (ec2.DhcpOptions method), 222
218 delete() (ec2.InternetGateway method), 234
create_vpn_connection() (ec2.Client method), 154 delete() (ec2.KeyPair method), 235
create_vpn_connection_route() (ec2.Client method), 154 delete() (ec2.NetworkAcl method), 236
create_vpn_gateway() (ec2.Client method), 155 delete() (ec2.NetworkInterface method), 239
CreateCloudFrontOriginAccessIdentity2014_10_21() delete() (ec2.PlacementGroup method), 241
(cloudfront.Client method), 53 delete() (ec2.RouteTableAssociation method), 244
created_at (opsworks.Layer attribute), 428 delete() (ec2.SecurityGroup method), 246
created_at (opsworks.Stack attribute), 430 delete() (ec2.Snapshot method), 249
CreateDistribution2014_10_21() (cloudfront.Client delete() (ec2.Subnet method), 253
method), 53 delete() (ec2.Tag method), 255
688 Index
delete() (ec2.Vpc method), 260 delete_bucket_lifecycle() (s3.Client method), 535

delete() (ec2.VpcPeeringConnection method), 263 delete_bucket_policy() (s3.Client method), 535
delete() (iam.AccessKey method), 355 delete_bucket_tagging() (s3.Client method), 535
delete() (iam.AccountAlias method), 355 delete_bucket_website() (s3.Client method), 535
delete() (iam.AccountPasswordPolicy method), 356 delete_cache_cluster() (elasticache.Client method), 271
delete() (iam.Group method), 360 delete_cache_parameter_group() (elasticache.Client
delete() (iam.GroupPolicy method), 361 method), 271
delete() (iam.InstanceProfile method), 362 delete_cache_security_group() (elasticache.Client
delete() (iam.LoginProfile method), 363 method), 272
delete() (iam.Role method), 366 delete_cache_subnet_group() (elasticache.Client
delete() (iam.RolePolicy method), 367 method), 272
delete() (iam.SamlProvider method), 368 delete_chap_credentials() (storagegateway.Client
delete() (iam.ServerCertificate method), 369 method), 622
delete() (iam.SigningCertificate method), 370 delete_cluster() (redshift.Client method), 484
delete() (iam.User method), 371 delete_cluster_parameter_group() (redshift.Client
delete() (iam.UserPolicy method), 373 method), 485
delete() (iam.VirtualMfaDevice method), 374 delete_cluster_security_group() (redshift.Client method),
delete() (opsworks.Layer method), 429 485
delete() (opsworks.Stack method), 432 delete_cluster_snapshot() (redshift.Client method), 486
delete() (s3.Bucket method), 549 delete_cluster_subnet_group() (redshift.Client method),
delete() (s3.BucketCors method), 553 486
delete() (s3.BucketLifecycle method), 554 delete_configuration_template() (elasticbeanstalk.Client
delete() (s3.BucketPolicy method), 556 method), 289
delete() (s3.BucketTagging method), 558 delete_connection() (directconnect.Client method), 103
delete() (s3.BucketWebsite method), 560 delete_customer_gateway() (ec2.Client method), 155
delete() (s3.Object method), 568 delete_dataset(), 87
delete() (s3.ObjectVersion method), 573 delete_db_instance() (rds.Client method), 447
delete() (sns.PlatformApplication method), 595 delete_db_parameter_group() (rds.Client method), 448
delete() (sns.PlatformEndpoint method), 597 delete_db_security_group() (rds.Client method), 448
delete() (sns.Subscription method), 599 delete_db_snapshot() (rds.Client method), 448
delete() (sns.Topic method), 600 delete_db_subnet_group() (rds.Client method), 448
delete() (sqs.Message method), 614 delete_delivery_channel() (config.Client method), 91
delete() (sqs.Queue method), 615 delete_deployment_config() (codedeploy.Client method),
delete_access_key() (iam.Client method), 329 78
delete_account_alias() (iam.Client method), 329 delete_deployment_group() (codedeploy.Client method),
delete_account_password_policy() (iam.Client method), 78
329 delete_dhcp_options() (ec2.Client method), 155
delete_alarms() (cloudwatch.Client method), 71 delete_domain() (cloudsearch.Client method), 59
delete_alias() (kms.Client method), 386 delete_domain() (sdb.Client method), 577
delete_analysis_scheme() (cloudsearch.Client method), delete_endpoint() (sns.Client method), 587
59 delete_entry() (ec2.NetworkAcl method), 236
delete_app() (opsworks.Client method), 409 delete_environment_configuration() (elas-
delete_application() (codedeploy.Client method), 78 ticbeanstalk.Client method), 290
delete_application() (elasticbeanstalk.Client method), delete_event_subscription() (rds.Client method), 448
289 delete_event_subscription() (redshift.Client method), 486
delete_application_version() (elasticbeanstalk.Client delete_expression() (cloudsearch.Client method), 59
method), 289 delete_function() (lambda.Client method), 391
delete_attributes() (sdb.Client method), 577 delete_gateway() (storagegateway.Client method), 622
delete_auto_scaling_group() (autoscaling.Client method), delete_group() (iam.Client method), 329
22 delete_group_policy() (iam.Client method), 330
delete_bandwidth_rate_limit() (storagegateway.Client delete_health_check() (route53.Client method), 513
method), 622 delete_hosted_zone() (route53.Client method), 513
delete_bucket() (s3.Client method), 535 delete_hsm_client_certificate() (redshift.Client method),
delete_bucket_cors() (s3.Client method), 535 486
Index 689
delete_hsm_configuration() (redshift.Client method), 486 delete_scheduled_action() (autoscaling.Client method),

delete_identity() (ses.Client method), 580 23
delete_identity_pool(), 83 delete_security_group() (ec2.Client method), 157
delete_index_field() (cloudsearch.Client method), 59 delete_server_certificate() (iam.Client method), 331
delete_instance() (opsworks.Client method), 409 delete_signing_certificate() (iam.Client method), 331
delete_instance_profile() (iam.Client method), 330 delete_snapshot() (ec2.Client method), 157
delete_interconnect() (directconnect.Client method), 103 delete_snapshot() (elasticache.Client method), 272
delete_internet_gateway() (ec2.Client method), 155 delete_snapshot_schedule() (storagegateway.Client
delete_item() (dynamodb.Client method), 109 method), 623
delete_key_pair() (ec2.Client method), 156 delete_spot_datafeed_subscription() (ec2.Client method),
delete_launch_configuration() (autoscaling.Client 157
method), 22 delete_stack() (cloudformation.Client method), 38
delete_layer() (opsworks.Client method), 409 delete_stack() (opsworks.Client method), 409
delete_lifecycle_hook() (autoscaling.Client method), 22 delete_stream() (kinesis.Client method), 377
delete_load_balancer() (elb.Client method), 312 delete_subnet() (ec2.Client method), 158
delete_load_balancer_listeners() (elb.Client method), 312 delete_suggester() (cloudsearch.Client method), 60
delete_load_balancer_policy() (elb.Client method), 312 delete_table() (dynamodb.Client method), 113
delete_log_group() (logs.Client method), 395 delete_tags() (autoscaling.Client method), 23
delete_log_stream() (logs.Client method), 395 delete_tags() (ec2.Client method), 158
delete_login_profile() (iam.Client method), 330 delete_tags() (redshift.Client method), 486
delete_marker (s3.Object attribute), 565 delete_tape() (storagegateway.Client method), 623
delete_message() (sqs.Client method), 606 delete_tape_archive() (storagegateway.Client method),
delete_message_batch() (sqs.Client method), 606 623
delete_messages() (sqs.Queue method), 615 delete_topic() (sns.Client method), 587
delete_metric_filter() (logs.Client method), 395 delete_trail() (cloudtrail.Client method), 70
delete_network_acl() (ec2.Client method), 156 delete_user() (iam.Client method), 332
delete_network_acl_entry() (ec2.Client method), 156 delete_user_policy() (iam.Client method), 332
delete_network_interface() (ec2.Client method), 156 delete_user_profile() (opsworks.Client method), 410
delete_notification_configuration() (autoscaling.Client delete_verified_email_address() (ses.Client method), 580
method), 23 delete_virtual_interface() (directconnect.Client method),
delete_object() (s3.Client method), 535 103
delete_objects() (s3.Bucket method), 549 delete_virtual_mfa_device() (iam.Client method), 332
delete_objects() (s3.Client method), 536 delete_volume() (ec2.Client method), 158
delete_open_id_connect_provider() (iam.Client method), delete_volume() (storagegateway.Client method), 623
330 delete_vpc() (ec2.Client method), 158
delete_option_group() (rds.Client method), 449 delete_vpc_peering_connection() (ec2.Client method),
delete_pipeline() (datapipeline.Client method), 94 159
delete_pipeline() (elastictranscoder.Client method), 302 delete_vpn_connection() (ec2.Client method), 159
delete_placement_group() (ec2.Client method), 156 delete_vpn_connection_route() (ec2.Client method), 159
delete_platform_application() (sns.Client method), 587 delete_vpn_gateway() (ec2.Client method), 159
delete_policy() (autoscaling.Client method), 23 DeleteCloudFrontOriginAccessIdentity2014_10_21()
delete_preset() (elastictranscoder.Client method), 302 (cloudfront.Client method), 54
delete_queue() (sqs.Client method), 606 DeleteDistribution2014_10_21() (cloudfront.Client
delete_replication_group() (elasticache.Client method), method), 54
272 DeleteStreamingDistribution2014_10_21() (cloud-
delete_retention_policy() (logs.Client method), 396 front.Client method), 54
delete_reusable_delegation_set() (route53.Client deliver_config_snapshot() (config.Client method), 91
method), 514 deprecate_activity_type() (swf.Client method), 647
delete_role() (iam.Client method), 330 deprecate_domain() (swf.Client method), 647
delete_role_policy() (iam.Client method), 331 deprecate_workflow_type() (swf.Client method), 647
delete_route() (ec2.Client method), 156 deregister() (ec2.Image method), 224
delete_route_table() (ec2.Client method), 157 deregister_elastic_ip() (opsworks.Client method), 410
delete_saml_provider() (iam.Client method), 331 deregister_image() (ec2.Client method), 159
690 Index
deregister_instances_from_load_balancer() (elb.Client describe_cache_subnet_groups() (elasticache.Client

method), 312 method), 275
deregister_rds_db_instance() (opsworks.Client method), describe_cached_iscsi_volumes() (storagegateway.Client
410 method), 624
deregister_volume() (opsworks.Client method), 410 describe_cases() (support.Client method), 641
describe_account_attributes() (ec2.Client method), 160 describe_chap_credentials() (storagegateway.Client
describe_account_limits() (autoscaling.Client method), method), 624
23 describe_cluster() (emr.Client method), 318
describe_activity_type() (swf.Client method), 648 describe_cluster_parameter_groups() (redshift.Client
describe_addresses() (ec2.Client method), 160 method), 487
describe_adjustment_types() (autoscaling.Client describe_cluster_parameters() (redshift.Client method),
method), 23 488
describe_alarm_history() (cloudwatch.Client method), 71 describe_cluster_security_groups() (redshift.Client
describe_alarms() (cloudwatch.Client method), 71 method), 488
describe_alarms_for_metric() (cloudwatch.Client describe_cluster_snapshots() (redshift.Client method),
method), 72 489
describe_analysis_schemes() (cloudsearch.Client describe_cluster_subnet_groups() (redshift.Client
describe_application_versions() (elasticbeanstalk.Client describe_cluster_versions() (redshift.Client method), 491
method), 290 describe_clusters() (redshift.Client method), 492
describe_applications() (elasticbeanstalk.Client method), describe_commands() (opsworks.Client method), 410
290 describe_communications() (support.Client method), 642
describe_apps() (opsworks.Client method), 410 describe_configuration_options() (elasticbeanstalk.Client
describe_attachment() (support.Client method), 641 method), 290
describe_attribute() (ec2.Image method), 224 describe_configuration_recorder_status() (config.Client
describe_attribute() (ec2.Instance method), 228 method), 91
describe_attribute() (ec2.NetworkInterface method), 239 describe_configuration_recorders() (config.Client
describe_attribute() (ec2.Snapshot method), 249 method), 91
describe_attribute() (ec2.Volume method), 257 describe_configuration_settings() (elasticbeanstalk.Client
describe_attribute() (ec2.Vpc method), 261 method), 291
describe_auto_scaling_groups() (autoscaling.Client describe_connections() (directconnect.Client method),
method), 23 103
describe_auto_scaling_instances() (autoscaling.Client describe_connections_on_interconnect() (directcon-
method), 24 nect.Client method), 103
describe_auto_scaling_notification_types() (autoscal- describe_conversion_tasks() (ec2.Client method), 161
ing.Client method), 24 describe_customer_gateways() (ec2.Client method), 162
describe_availability_options() (cloudsearch.Client describe_dataset(), 87
method), 60 describe_db_engine_versions() (rds.Client method), 449
describe_availability_zones() (ec2.Client method), 160 describe_db_instances() (rds.Client method), 449
describe_bandwidth_rate_limit() (storagegateway.Client describe_db_log_files() (rds.Client method), 450
method), 623 describe_db_parameter_groups() (rds.Client method),
describe_bundle_tasks() (ec2.Client method), 161 450
describe_cache() (storagegateway.Client method), 624 describe_db_parameters() (rds.Client method), 451
describe_cache_clusters() (elasticache.Client method), describe_db_security_groups() (rds.Client method), 452
272 describe_db_snapshots() (rds.Client method), 452
describe_cache_engine_versions() (elasticache.Client describe_db_subnet_groups() (rds.Client method), 453
method), 273 describe_default_cluster_parameters() (redshift.Client
describe_cache_parameter_groups() (elasticache.Client method), 493
method), 274 describe_delivery_channel_status() (config.Client
describe_cache_parameters() (elasticache.Client method), 91
method), 274 describe_delivery_channels() (config.Client method), 92
describe_cache_security_groups() (elasticache.Client describe_deployments() (opsworks.Client method), 411
method), 274 describe_dhcp_options() (ec2.Client method), 162
describe_domain() (swf.Client method), 648
Index 691
describe_domains() (cloudsearch.Client method), 60 describe_load_balancer_attributes() (elb.Client method),

describe_elastic_ips() (opsworks.Client method), 411 313
describe_elastic_load_balancers() (opsworks.Client describe_load_balancer_policies() (elb.Client method),
method), 411 313
describe_engine_default_parameters() (elasticache.Client describe_load_balancer_policy_types() (elb.Client
describe_engine_default_parameters() (rds.Client describe_load_balancers() (elb.Client method), 314
method), 453 describe_load_based_auto_scaling() (opsworks.Client
describe_environment_resources() (elas- method), 412
ticbeanstalk.Client method), 291 describe_locations() (directconnect.Client method), 104
describe_environments() (elasticbeanstalk.Client describe_log_groups() (logs.Client method), 396
method), 291 describe_log_streams() (logs.Client method), 396
describe_event_categories() (rds.Client method), 454 describe_logging_status() (redshift.Client method), 497
describe_event_categories() (redshift.Client method), 493 describe_maintenance_start_time() (storagegate-
describe_event_subscriptions() (rds.Client method), 454 way.Client method), 624
describe_event_subscriptions() (redshift.Client method), describe_metric_collection_types() (autoscaling.Client
493 method), 25
describe_events() (elasticache.Client method), 276 describe_metric_filters() (logs.Client method), 396
describe_events() (elasticbeanstalk.Client method), 292 describe_my_user_profile() (opsworks.Client method),
describe_events() (rds.Client method), 454 412
describe_events() (redshift.Client method), 494 describe_network_acls() (ec2.Client method), 171
describe_export_tasks() (ec2.Client method), 163 describe_network_interface_attribute() (ec2.Client
describe_expressions() (cloudsearch.Client method), 61 method), 172
describe_gateway_information() (storagegateway.Client describe_network_interfaces() (ec2.Client method), 173
method), 624 describe_notification_configurations() (autoscal-
describe_hsm_client_certificates() (redshift.Client ing.Client method), 25
method), 495 describe_objects() (datapipeline.Client method), 94
describe_hsm_configurations() (redshift.Client method), describe_option_group_options() (rds.Client method),
496 455
describe_identity_pool(), 83 describe_option_groups() (rds.Client method), 456
describe_identity_pool_usage(), 87 describe_orderable_cluster_options() (redshift.Client
describe_identity_usage(), 88 method), 497
describe_image_attribute() (ec2.Client method), 163 describe_orderable_db_instance_options() (rds.Client
describe_images() (ec2.Client method), 163 method), 456
describe_index_fields() (cloudsearch.Client method), 61 describe_permissions() (opsworks.Client method), 413
describe_instance_attribute() (ec2.Client method), 165 describe_pipelines() (datapipeline.Client method), 94
describe_instance_health() (elb.Client method), 313 describe_placement_groups() (ec2.Client method), 174
describe_instance_status() (ec2.Client method), 165 describe_policies() (autoscaling.Client method), 25
describe_instances() (ec2.Client method), 167 describe_raid_arrays() (opsworks.Client method), 413
describe_instances() (opsworks.Client method), 412 describe_rds_db_instances() (opsworks.Client method),
describe_interconnects() (directconnect.Client method), 413
104 describe_regions() (ec2.Client method), 175
describe_internet_gateways() (ec2.Client method), 171 describe_replication_groups() (elasticache.Client
describe_job_flows() (emr.Client method), 319 method), 276
describe_key() (kms.Client method), 386 describe_reserved_cache_nodes() (elasticache.Client
describe_key_pairs() (ec2.Client method), 171 method), 277
describe_launch_configurations() (autoscaling.Client describe_reserved_cache_nodes_offerings() (elasti-
method), 24 cache.Client method), 278
describe_layers() (opsworks.Client method), 412 describe_reserved_db_instances() (rds.Client method),
describe_lifecycle_hook_types() (autoscaling.Client 457
method), 24 describe_reserved_db_instances_offerings() (rds.Client
describe_lifecycle_hooks() (autoscaling.Client method), method), 458
24 describe_reserved_instances() (ec2.Client method), 175
692 Index
describe_reserved_instances_listings() (ec2.Client describe_tags() (ec2.Client method), 186

method), 176 describe_tags() (elb.Client method), 314
describe_reserved_instances_modifications() (ec2.Client describe_tags() (redshift.Client method), 499
method), 176 describe_tape_archives() (storagegateway.Client
describe_reserved_instances_offerings() (ec2.Client method), 625
method), 177 describe_tape_recovery_points() (storagegateway.Client
describe_reserved_node_offerings() (redshift.Client method), 625
method), 498 describe_tapes() (storagegateway.Client method), 625
describe_reserved_nodes() (redshift.Client method), 498 describe_termination_policy_types() (autoscaling.Client
describe_resize() (redshift.Client method), 499 method), 27
describe_route_tables() (ec2.Client method), 179 describe_time_based_auto_scaling() (opsworks.Client
describe_scaling_activities() (autoscaling.Client method), method), 414
25 describe_trails() (cloudtrail.Client method), 70
describe_scaling_parameters() (cloudsearch.Client describe_trusted_advisor_check_refresh_statuses() (sup-
method), 61 port.Client method), 643
describe_scaling_process_types() (autoscaling.Client describe_trusted_advisor_check_result() (support.Client
describe_scheduled_actions() (autoscaling.Client describe_trusted_advisor_check_summaries() (sup-
method), 26 port.Client method), 643
describe_security_groups() (ec2.Client method), 180 describe_trusted_advisor_checks() (support.Client
describe_service_access_policies() (cloudsearch.Client method), 643
method), 61 describe_upload_buffer() (storagegateway.Client
describe_service_errors() (opsworks.Client method), 413 method), 626
describe_services() (support.Client method), 642 describe_user_profiles() (opsworks.Client method), 414
describe_severity_levels() (support.Client method), 643 describe_virtual_gateways() (directconnect.Client
describe_snapshot_attribute() (ec2.Client method), 181 method), 104
describe_snapshot_schedule() (storagegateway.Client describe_virtual_interfaces() (directconnect.Client
describe_snapshots() (ec2.Client method), 181 describe_volume_attribute() (ec2.Client method), 186
describe_snapshots() (elasticache.Client method), 278 describe_volume_status() (ec2.Client method), 186
describe_spot_datafeed_subscription() (ec2.Client describe_volumes() (ec2.Client method), 188
method), 182 describe_volumes() (opsworks.Client method), 414
describe_spot_instance_requests() (ec2.Client method), describe_vpc_attribute() (ec2.Client method), 189
182 describe_vpc_peering_connections() (ec2.Client
describe_spot_price_history() (ec2.Client method), 184 method), 189
describe_stack_events() (cloudformation.Client method), describe_vpcs() (ec2.Client method), 190
38 describe_vpn_connections() (ec2.Client method), 191
describe_stack_resource() (cloudformation.Client describe_vpn_gateways() (ec2.Client method), 191
method), 39 describe_vtl_devices() (storagegateway.Client method),
describe_stack_resources() (cloudformation.Client 626
method), 39 describe_workflow_execution() (swf.Client method), 649
describe_stack_summary() (opsworks.Client method), describe_workflow_type() (swf.Client method), 649
414 describe_working_storage() (storagegateway.Client
describe_stacks() (cloudformation.Client method), 40 method), 626
describe_stacks() (opsworks.Client method), 414 description (cloudformation.Stack attribute), 48
describe_status() (ec2.Volume method), 257 description (cloudformation.StackResource attribute), 51
describe_step() (emr.Client method), 319 description (ec2.Image attribute), 223
describe_stored_iscsi_volumes() (storagegateway.Client description (ec2.NetworkInterface attribute), 238
method), 624 description (ec2.SecurityGroup attribute), 244
describe_stream() (kinesis.Client method), 378 description (ec2.Snapshot attribute), 248
describe_subnets() (ec2.Client method), 185 detach() (ec2.NetworkInterface method), 239
describe_suggesters() (cloudsearch.Client method), 62 detach_elastic_load_balancer() (opsworks.Client
describe_table() (dynamodb.Client method), 114 method), 415
describe_tags() (autoscaling.Client method), 26 detach_from_instance() (ec2.Volume method), 258
Index 693
detach_from_vpc() (ec2.InternetGateway method), 234 ec2.KeyPair (built-in class), 234

detach_instances() (autoscaling.Client method), 27 ec2.NetworkAcl (built-in class), 235
detach_internet_gateway() (ec2.Client method), 192 ec2.NetworkInterface (built-in class), 237
detach_internet_gateway() (ec2.Vpc method), 261 ec2.PlacementGroup (built-in class), 241
detach_load_balancer_from_subnets() (elb.Client ec2.RouteTable (built-in class), 241
method), 314 ec2.RouteTableAssociation (built-in class), 243
detach_network_interface() (ec2.Client method), 192 ec2.SecurityGroup (built-in class), 244
detach_volume() (ec2.Client method), 192 ec2.Service (built-in class), 212
detach_volume() (ec2.Instance method), 229 ec2.Snapshot (built-in class), 247
detach_vpn_gateway() (ec2.Client method), 193 ec2.Subnet (built-in class), 250
dhcp_configurations (ec2.DhcpOptions attribute), 222 ec2.Tag (built-in class), 254
dhcp_options (ec2.Vpc attribute), 261 ec2.Volume (built-in class), 255
dhcp_options_id (ec2.DhcpOptions attribute), 222 ec2.Vpc (built-in class), 258
dhcp_options_id (ec2.Vpc attribute), 259 ec2.VpcPeeringConnection (built-in class), 262
dhcp_options_sets (ec2.Service attribute), 220 elasticache.Client (built-in class), 264
DhcpOptions() (ec2.Service method), 220 elasticbeanstalk.Client (built-in class), 285
directconnect.Client (built-in class), 99 elastictranscoder.Client (built-in class), 298
disable_alarm_actions() (cloudwatch.Client method), 72 elb.Client (built-in class), 308
disable_availability_zones_for_load_balancer() emit() (boto3.NullHandler method), 666
(elb.Client method), 314 emr.Client (built-in class), 317
disable_domain_auto_renew() (route53domains.Client enable() (iam.MfaDevice method), 364
method), 521 enable() (s3.BucketVersioning method), 559
disable_domain_transfer_lock() (route53domains.Client enable_alarm_actions() (cloudwatch.Client method), 72
method), 521 enable_auto_healing (opsworks.Layer attribute), 428
disable_gateway() (storagegateway.Client method), 626 enable_availability_zones_for_load_balancer()
disable_key() (kms.Client method), 386 (elb.Client method), 315
disable_key_rotation() (kms.Client method), 387 enable_date (iam.MfaDevice attribute), 364
disable_logging() (redshift.Client method), 500 enable_date (iam.VirtualMfaDevice attribute), 374
disable_metrics_collection() (autoscaling.Client method), enable_domain_auto_renew() (route53domains.Client
27 method), 522
disable_rollback (cloudformation.Stack attribute), 48 enable_domain_transfer_lock() (route53domains.Client
disable_snapshot_copy() (redshift.Client method), 500 method), 522
disable_vgw_route_propagation() (ec2.Client method), enable_io() (ec2.Volume method), 258
193 enable_key() (kms.Client method), 387
disassociate_address() (ec2.Client method), 193 enable_key_rotation() (kms.Client method), 387
disassociate_elastic_ip() (opsworks.Client method), 415 enable_logging() (redshift.Client method), 500
disassociate_route_table() (ec2.Client method), 194 enable_metrics_collection() (autoscaling.Client method),
disassociate_route_table() (ec2.Service method), 218 28
disassociate_vpc_from_hosted_zone() (route53.Client enable_mfa() (iam.User method), 371
method), 514 enable_mfa_device() (iam.Client method), 332
domain_metadata() (sdb.Client method), 577 enable_snapshot_copy() (redshift.Client method), 501
download_db_log_file_portion() (rds.Client method), 459 enable_vgw_route_propagation() (ec2.Client method),
dynamodb.Client (built-in class), 105 194
enable_volume_io() (ec2.Client method), 194
E encrypt() (kms.Client method), 387
e_tag (s3.MultipartUploadPart attribute), 563 encrypted (ec2.Snapshot attribute), 248
e_tag (s3.Object attribute), 565 encrypted (ec2.Volume attribute), 255
e_tag (s3.ObjectVersion attribute), 573 endpoints (sns.PlatformApplication attribute), 596
ebs_optimized (ec2.Instance attribute), 226 enter_standby() (autoscaling.Client method), 28
ec2.Client (built-in class), 136 entries (ec2.NetworkAcl attribute), 235
ec2.DhcpOptions (built-in class), 221 error_document (s3.BucketWebsite attribute), 560
ec2.Image (built-in class), 223 estimate_template_cost() (cloudformation.Client
ec2.Instance (built-in class), 225 method), 40
ec2.InternetGateway (built-in class), 233 evaluate_expression() (datapipeline.Client method), 95
694 Index
Event() (cloudformation.Service method), 46 get_deployment_config() (codedeploy.Client method), 79

event_id (cloudformation.Event attribute), 47 get_deployment_group() (codedeploy.Client method), 79
events (cloudformation.Stack attribute), 50 get_deployment_instance() (codedeploy.Client method),
execute_policy() (autoscaling.Client method), 29 79
exit_standby() (autoscaling.Client method), 29 get_domain_detail() (route53domains.Client method),
expiration (s3.Object attribute), 565 522
expiration_time (ec2.VpcPeeringConnection attribute), get_endpoint_attributes() (sns.Client method), 588
263 get_event_source() (lambda.Client method), 392
expire_passwords (iam.AccountPasswordPolicy at- get_federation_token() (sts.Client method), 636
tribute), 356 get_function() (lambda.Client method), 392
expires (s3.Object attribute), 565 get_function_configuration() (lambda.Client method),
392
F get_geo_location() (route53.Client method), 515
filter() (boto3.resources.collection.CollectionManager get_group() (iam.Client method), 333
method), 668 get_group_policy() (iam.Client method), 333
filter() (boto3.resources.collection.ResourceCollection get_health_check() (route53.Client method), 515
method), 669 get_health_check_count() (route53.Client method), 515
get_health_check_last_failure_reason() (route53.Client
G method), 515
generate_credential_report() (iam.Client method), 332 get_health_check_status() (route53.Client method), 515
generate_data_key() (kms.Client method), 387 get_hosted_zone() (route53.Client method), 515
generate_data_key_without_plaintext() (kms.Client get_hostname_suggestion() (opsworks.Client method),
method), 388 415
generate_random() (kms.Client method), 388 get_id(), 83
get() (s3.Object method), 568 get_identity_dkim_attributes() (ses.Client method), 580
get() (s3.ObjectVersion method), 574 get_identity_notification_attributes() (ses.Client method),
get_account_authorization_details() (iam.Client method), 580
332 get_identity_pool_configuration(), 88
get_account_password_policy() (iam.Client method), 333 get_identity_verification_attributes() (ses.Client method),
get_account_summary() (iam.Client method), 333 581
get_application() (codedeploy.Client method), 78 get_instance_profile() (iam.Client method), 334
get_application_revision() (codedeploy.Client method), get_item() (dynamodb.Client method), 114
78 get_key_policy() (kms.Client method), 388
get_attributes() (sdb.Client method), 577 get_key_rotation_status() (kms.Client method), 388
get_available_resources() (boto3.session.Session get_log_events() (logs.Client method), 397
method), 677 get_login_profile() (iam.Client method), 334
get_available_services() (boto3.session.Session method), get_metric_statistics() (cloudwatch.Client method), 72
677 get_object() (s3.Client method), 537
get_bucket_acl() (s3.Client method), 536 get_object_acl() (s3.Client method), 538
get_bucket_cors() (s3.Client method), 536 get_object_torrent() (s3.Client method), 538
get_bucket_lifecycle() (s3.Client method), 536 get_open_id_connect_provider() (iam.Client method),
get_bucket_location() (s3.Client method), 536 334
get_bucket_logging() (s3.Client method), 536 get_open_id_token(), 84
get_bucket_notification() (s3.Client method), 536 get_open_id_token_for_developer_identity(), 84
get_bucket_policy() (s3.Client method), 537 get_operation_detail() (route53domains.Client method),
get_bucket_request_payment() (s3.Client method), 537 522
get_bucket_tagging() (s3.Client method), 537 get_password_data() (ec2.Client method), 195
get_bucket_versioning() (s3.Client method), 537 get_pipeline_definition() (datapipeline.Client method),
get_bucket_website() (s3.Client method), 537 95
get_change() (route53.Client method), 514 get_platform_application_attributes() (sns.Client
get_checker_ip_ranges() (route53.Client method), 514 method), 588
get_console_output() (ec2.Client method), 194 get_queue_attributes() (sqs.Client method), 606
get_credential_report() (iam.Client method), 333 get_queue_by_name() (sqs.Service method), 612
get_deployment() (codedeploy.Client method), 79 get_queue_url() (sqs.Client method), 607
Index 695
get_records() (kinesis.Client method), 378 group_name (ec2.PlacementGroup attribute), 241

get_resource_config_history() (config.Client method), 92 group_name (ec2.SecurityGroup attribute), 244
get_reusable_delegation_set() (route53.Client method), group_name (iam.Group attribute), 359
516 group_name (iam.GroupPolicy attribute), 361
get_role() (iam.Client method), 334 GroupPolicy() (iam.Group method), 360
get_role_policy() (iam.Client method), 334 GroupPolicy() (iam.Service method), 353
get_saml_provider() (iam.Client method), 334 groups (ec2.NetworkInterface attribute), 238
get_send_quota() (ses.Client method), 581 groups (iam.Service attribute), 353
get_send_statistics() (ses.Client method), 581 groups (iam.User attribute), 372
get_server_certificate() (iam.Client method), 335
get_session_token() (sts.Client method), 638 H
get_shard_iterator() (kinesis.Client method), 379 handle_response_item() (boto3.resources.response.ResourceHandler
get_stack_policy() (cloudformation.Client method), 40 method), 674
get_status() (importexport.Client method), 375 hard_expiry (iam.AccountPasswordPolicy attribute), 356
get_subscription_attributes() (sns.Client method), 588 head() (s3.ObjectVersion method), 574
get_template() (cloudformation.Client method), 41 head_bucket() (s3.Client method), 538
get_template_summary() (cloudformation.Client head_object() (s3.Client method), 538
method), 41 hostname_theme (opsworks.Stack attribute), 430
get_topic_attributes() (sns.Client method), 588 hypervisor (ec2.Image attribute), 223
get_trail_status() (cloudtrail.Client method), 70 hypervisor (ec2.Instance attribute), 226
get_user() (iam.Client method), 335
get_user_policy() (iam.Client method), 335 I
get_waiter() (cloudfront.Client method), 55 iam.AccessKey (built-in class), 354
get_waiter() (dynamodb.Client method), 115 iam.AccountAlias (built-in class), 355
get_waiter() (ec2.Client method), 195 iam.AccountPasswordPolicy (built-in class), 356
get_waiter() (elastictranscoder.Client method), 303 iam.AccountSummary (built-in class), 357
get_waiter() (emr.Client method), 319 iam.Client (built-in class), 324
get_waiter() (kinesis.Client method), 380 iam.Group (built-in class), 359
get_waiter() (rds.Client method), 459 iam.GroupPolicy (built-in class), 360
get_waiter() (redshift.Client method), 501 iam.InstanceProfile (built-in class), 361
get_waiter() (s3.Client method), 538 iam.LoginProfile (built-in class), 363
get_waiter() (ses.Client method), 581 iam.MfaDevice (built-in class), 364
get_workflow_execution_history() (swf.Client method), iam.Role (built-in class), 365
649 iam.RolePolicy (built-in class), 366
GetCloudFrontOriginAccessIdentity2014_10_21() iam.SamlProvider (built-in class), 367
(cloudfront.Client method), 54 iam.ServerCertificate (built-in class), 368
GetCloudFrontOriginAccessIdentityConfig2014_10_21() iam.Service (built-in class), 349
(cloudfront.Client method), 54 iam.SigningCertificate (built-in class), 369
GetDistribution2014_10_21() (cloudfront.Client iam.User (built-in class), 370
method), 54 iam.UserPolicy (built-in class), 372
GetDistributionConfig2014_10_21() (cloudfront.Client iam.VirtualMfaDevice (built-in class), 373
method), 54 iam_instance_profile (ec2.Instance attribute), 226
GetInvalidation2014_10_21() (cloudfront.Client id (cloudformation.Event attribute), 47
method), 54 id (ec2.DhcpOptions attribute), 222
GetStreamingDistribution2014_10_21() (cloud- id (ec2.Image attribute), 223
front.Client method), 55 id (ec2.Instance attribute), 225
GetStreamingDistributionConfig2014_10_21() (cloud- id (ec2.InternetGateway attribute), 233
front.Client method), 55 id (ec2.NetworkAcl attribute), 235
grants (s3.BucketAcl attribute), 552 id (ec2.NetworkInterface attribute), 237
grants (s3.ObjectAcl attribute), 572 id (ec2.RouteTable attribute), 242
group (iam.GroupPolicy attribute), 361 id (ec2.RouteTableAssociation attribute), 243
Group() (iam.Service method), 353 id (ec2.SecurityGroup attribute), 244
group_id (ec2.SecurityGroup attribute), 244 id (ec2.Snapshot attribute), 248
group_id (iam.Group attribute), 359 id (ec2.Subnet attribute), 250
696 Index
id (ec2.Volume attribute), 255 InternetGateway() (ec2.Service method), 220

id (ec2.Vpc attribute), 259 invoke_async() (lambda.Client method), 392
id (ec2.VpcPeeringConnection attribute), 262 iops (ec2.Volume attribute), 255
id (iam.AccessKey attribute), 354 ip_permissions (ec2.SecurityGroup attribute), 245
id (iam.SigningCertificate attribute), 369 ip_permissions_egress (ec2.SecurityGroup attribute), 245
id (opsworks.Layer attribute), 427 is_default (ec2.NetworkAcl attribute), 235
id (opsworks.Stack attribute), 429 is_default (ec2.Vpc attribute), 259
id (s3.MultipartUpload attribute), 561 is_latest (s3.ObjectVersion attribute), 573
id (s3.ObjectVersion attribute), 573 iterator() (boto3.resources.collection.CollectionManager
Identifier (class in boto3.resources.model), 670 method), 668
identifiers (boto3.resources.model.ResourceModel
attribute), 671 K
identifiers (boto3.resources.model.ResponseResource at- kernel_id (ec2.Image attribute), 223
tribute), 672 kernel_id (ec2.Instance attribute), 226
identifiers (boto3.resources.model.SubResourceList at- key (ec2.Tag attribute), 254
tribute), 672 key (s3.MultipartUpload attribute), 561
image (ec2.Instance attribute), 232 key (s3.Object attribute), 565
Image() (ec2.Service method), 220 key (s3.ObjectVersion attribute), 573
image_id (ec2.Image attribute), 223 key_fingerprint (ec2.KeyPair attribute), 234
image_id (ec2.Instance attribute), 226 key_name (ec2.Instance attribute), 226
image_location (ec2.Image attribute), 223 key_name (ec2.KeyPair attribute), 234
image_owner_alias (ec2.Image attribute), 223 key_pair (ec2.Instance attribute), 233
image_type (ec2.Image attribute), 223 key_pairs (ec2.Service attribute), 221
images (ec2.Service attribute), 220 KeyPair() (ec2.Service method), 220
import_instance() (ec2.Client method), 195 kinesis.Client (built-in class), 376
import_key_pair() (ec2.Client method), 196 kms.Client (built-in class), 385
import_key_pair() (ec2.Service method), 219 kms_key_id (ec2.Snapshot attribute), 248
import_volume() (ec2.Client method), 196 kms_key_id (ec2.Volume attribute), 256
importexport.Client (built-in class), 375
index_document (s3.BucketWebsite attribute), 560 L
index_documents() (cloudsearch.Client method), 62 lambda.Client (built-in class), 391
initiate_multipart_upload() (s3.Object method), 569 last_modified (s3.MultipartUploadPart attribute), 563
initiated (s3.MultipartUpload attribute), 561 last_modified (s3.Object attribute), 565
initiator (s3.MultipartUpload attribute), 561 last_modified (s3.ObjectVersion attribute), 573
install_updates_on_boot (opsworks.Layer attribute), 428 last_updated_time (cloudformation.Stack attribute), 48
Instance() (ec2.Service method), 220 last_updated_timestamp (cloudformation.StackResource
instance_id (ec2.Instance attribute), 226 attribute), 51
instance_lifecycle (ec2.Instance attribute), 226 last_updated_timestamp (cloudforma-
instance_profile_id (iam.InstanceProfile attribute), 362 tion.StackResourceSummary attribute), 52
instance_profile_name (iam.InstanceProfile attribute), launch_time (ec2.Instance attribute), 226
362 Layer() (opsworks.Service method), 427
instance_profiles (iam.Role attribute), 366 layer_id (opsworks.Layer attribute), 428
instance_profiles (iam.Service attribute), 353 layers (opsworks.Stack attribute), 432
instance_tenancy (ec2.Vpc attribute), 259 layers_count (opsworks.StackSummary attribute), 433
instance_type (ec2.Instance attribute), 226 limit() (boto3.resources.collection.CollectionManager
InstanceProfile() (iam.Service method), 353 method), 668
instances (ec2.PlacementGroup attribute), 241 limit() (boto3.resources.collection.ResourceCollection
instances (ec2.Service attribute), 221 method), 669
instances (ec2.Subnet attribute), 254 list_access_keys() (iam.Client method), 335
instances (ec2.Vpc attribute), 262 list_account_aliases() (iam.Client method), 336
instances_count (opsworks.StackSummary attribute), 433 list_activity_types() (swf.Client method), 650
internet_gateway_id (ec2.InternetGateway attribute), 233 list_aliases() (kms.Client method), 388
internet_gateways (ec2.Service attribute), 221 list_application_revisions() (codedeploy.Client method),
internet_gateways (ec2.Vpc attribute), 262 79
Index 697
list_applications() (codedeploy.Client method), 80 list_object_versions() (s3.Client method), 540

list_available_solution_stacks() (elasticbeanstalk.Client list_objects() (s3.Client method), 540
method), 292 list_open_id_connect_providers() (iam.Client method),
list_bootstrap_actions() (emr.Client method), 319 338
list_buckets() (s3.Client method), 539 list_open_workflow_executions() (swf.Client method),
list_closed_workflow_executions() (swf.Client method), 653
651 list_operations() (route53domains.Client method), 523
list_clusters() (emr.Client method), 319 list_parts() (s3.Client method), 541
list_datasets(), 88 list_pipelines() (datapipeline.Client method), 95
list_dead_letter_source_queues() (sqs.Client method), list_pipelines() (elastictranscoder.Client method), 303
608 list_platform_applications() (sns.Client method), 588
list_deployment_configs() (codedeploy.Client method), list_presets() (elastictranscoder.Client method), 303
80 list_queues() (sqs.Client method), 608
list_deployment_groups() (codedeploy.Client method), list_records(), 88
80 list_resource_record_sets() (route53.Client method), 517
list_deployment_instances() (codedeploy.Client method), list_reusable_delegation_sets() (route53.Client method),
80 518
list_deployments() (codedeploy.Client method), 81 list_role_policies() (iam.Client method), 338
list_domain_names() (cloudsearch.Client method), 62 list_roles() (iam.Client method), 339
list_domains() (route53domains.Client method), 522 list_saml_providers() (iam.Client method), 339
list_domains() (sdb.Client method), 578 list_server_certificates() (iam.Client method), 339
list_domains() (swf.Client method), 652 list_signing_certificates() (iam.Client method), 340
list_endpoints_by_platform_application() (sns.Client list_stack_resources() (cloudformation.Client method),
method), 588 41
list_event_sources() (lambda.Client method), 392 list_stacks() (cloudformation.Client method), 42
list_functions() (lambda.Client method), 393 list_steps() (emr.Client method), 320
list_gateways() (storagegateway.Client method), 627 list_streams() (kinesis.Client method), 380
list_geo_locations() (route53.Client method), 516 list_subscriptions() (sns.Client method), 589
list_grants() (kms.Client method), 389 list_subscriptions_by_topic() (sns.Client method), 589
list_group_policies() (iam.Client method), 336 list_tables() (dynamodb.Client method), 115
list_groups() (iam.Client method), 336 list_tags_for_resource() (rds.Client method), 460
list_groups_for_user() (iam.Client method), 337 list_tags_for_resource() (route53.Client method), 519
list_health_checks() (route53.Client method), 516 list_tags_for_resources() (route53.Client method), 519
list_hosted_zones() (route53.Client method), 517 list_tags_for_stream() (kinesis.Client method), 380
list_identities(), 84 list_topics() (sns.Client method), 589
list_identities() (ses.Client method), 581 list_user_policies() (iam.Client method), 340
list_identity_pool_usage(), 88 list_users() (iam.Client method), 340
list_identity_pools(), 85 list_verified_email_addresses() (ses.Client method), 581
list_instance_groups() (emr.Client method), 320 list_virtual_mfa_devices() (iam.Client method), 341
list_instance_profiles() (iam.Client method), 337 list_volume_recovery_points() (storagegateway.Client
list_instance_profiles_for_role() (iam.Client method), method), 627
337 list_volumes() (storagegateway.Client method), 627
list_instances() (emr.Client method), 320 list_workflow_types() (swf.Client method), 653
list_jobs() (importexport.Client method), 375 ListCloudFrontOriginAccessIdentities2014_10_21()
list_jobs_by_pipeline() (elastictranscoder.Client method), (cloudfront.Client method), 55
303 ListDistributions2014_10_21() (cloudfront.Client
list_jobs_by_status() (elastictranscoder.Client method), method), 55
303 ListInvalidations2014_10_21() (cloudfront.Client
list_key_policies() (kms.Client method), 389 method), 55
list_keys() (kms.Client method), 389 ListStreamingDistributions2014_10_21() (cloud-
list_local_disks() (storagegateway.Client method), 627 front.Client method), 56
list_metrics() (cloudwatch.Client method), 73 load (boto3.resources.model.ResourceModel attribute),
list_mfa_devices() (iam.Client method), 338 671
list_multipart_uploads() (s3.Client method), 539
698 Index
load_from_definition() (boto3.resources.factory.ResourceFactory
modify_cache_subnet_group() (elasticache.Client
logging_enabled (s3.BucketLogging attribute), 555 modify_cluster() (redshift.Client method), 501
logical_id (cloudformation.StackResource attribute), 51 modify_cluster_parameter_group() (redshift.Client
logical_id (cloudformation.StackResourceSummary at- method), 504
tribute), 52 modify_cluster_subnet_group() (redshift.Client method),
logical_resource_id (cloudformation.Event attribute), 47 504
logical_resource_id (cloudformation.StackResource at- modify_db_instance() (rds.Client method), 460
tribute), 51 modify_db_parameter_group() (rds.Client method), 465
logical_resource_id (cloudforma- modify_db_subnet_group() (rds.Client method), 465
tion.StackResourceSummary attribute), 52 modify_event_subscription() (rds.Client method), 466
LoginProfile() (iam.Service method), 353 modify_event_subscription() (redshift.Client method),
LoginProfile() (iam.User method), 372 505
logs.Client (built-in class), 395 modify_image_attribute() (ec2.Client method), 196
lookup_developer_identity(), 85 modify_instance_attribute() (ec2.Client method), 197
modify_instance_groups() (emr.Client method), 321
M modify_load_balancer_attributes() (elb.Client method),
mac_address (ec2.NetworkInterface attribute), 238 315
main (ec2.RouteTableAssociation attribute), 243 modify_network_interface_attribute() (ec2.Client
map_public_ip_on_launch (ec2.Subnet attribute), 251 method), 198
max_password_age (iam.AccountPasswordPolicy at- modify_option_group() (rds.Client method), 466
tribute), 356 modify_replication_group() (elasticache.Client method),
md5_of_body (sqs.Message attribute), 613 282
md5_of_message_attributes (sqs.Message attribute), 613 modify_reserved_instances() (ec2.Client method), 199
merge_developer_identities(), 85 modify_snapshot_attribute() (ec2.Client method), 199
merge_shards() (kinesis.Client method), 381 modify_snapshot_copy_retention_period() (red-
Message() (sqs.Queue method), 617 shift.Client method), 505
Message() (sqs.Service method), 612 modify_subnet_attribute() (ec2.Client method), 199
message_attributes (sqs.Message attribute), 613 modify_volume_attribute() (ec2.Client method), 200
message_id (sqs.Message attribute), 613 modify_vpc_attribute() (ec2.Client method), 200
meta (boto3.resources.base.ServiceResource attribute), monitor() (ec2.Instance method), 230
675 monitor_instances() (ec2.Client method), 200
metadata (cloudformation.StackResource attribute), 51 monitoring (ec2.Instance attribute), 226
metadata (s3.Object attribute), 565 multipart_upload (s3.MultipartUploadPart attribute), 564
mfa_delete (s3.BucketVersioning attribute), 559 multipart_upload_id (s3.MultipartUploadPart attribute),
mfa_devices (iam.User attribute), 372 562
MfaDevice() (iam.Service method), 353 multipart_uploads (s3.Bucket attribute), 551
MfaDevice() (iam.User method), 372 MultipartUpload() (s3.Object method), 571
minimum_password_length MultipartUpload() (s3.Service method), 548
(iam.AccountPasswordPolicy attribute), MultipartUploadPart() (s3.MultipartUpload method), 562
356 MultipartUploadPart() (s3.Service method), 548
missing_meta (s3.Object attribute), 566
model (boto3.resources.model.ResponseResource at- N
tribute), 672 name (boto3.resources.model.Action attribute), 670
modify_attribute() (ec2.Image method), 225 name (boto3.resources.model.Identifier attribute), 670
modify_attribute() (ec2.Instance method), 229 name (boto3.resources.model.ResourceModel attribute),
modify_attribute() (ec2.NetworkInterface method), 240 671
modify_attribute() (ec2.Snapshot method), 249 name (boto3.resources.model.Waiter attribute), 673
modify_attribute() (ec2.Volume method), 258 name (cloudformation.Stack attribute), 48
modify_attribute() (ec2.Vpc method), 261 name (ec2.Image attribute), 223
modify_cache_cluster() (elasticache.Client method), 279 name (ec2.KeyPair attribute), 234
modify_cache_parameter_group() (elasticache.Client name (ec2.PlacementGroup attribute), 241
method), 282 name (iam.AccountAlias attribute), 355
name (iam.Group attribute), 359
Index 699
name (iam.GroupPolicy attribute), 361 owner_id (ec2.NetworkInterface attribute), 238

name (iam.InstanceProfile attribute), 362 owner_id (ec2.SecurityGroup attribute), 245
name (iam.Role attribute), 365 owner_id (ec2.Snapshot attribute), 248
name (iam.RolePolicy attribute), 367
name (iam.ServerCertificate attribute), 368 P
name (iam.User attribute), 370 packages (opsworks.Layer attribute), 428
name (iam.UserPolicy attribute), 373 page_size() (boto3.resources.collection.CollectionManager
name (opsworks.Layer attribute), 428 method), 668
name (opsworks.Stack attribute), 430 page_size() (boto3.resources.collection.ResourceCollection
name (opsworks.StackSummary attribute), 433 method), 669
name (s3.Bucket attribute), 549 Parameter (class in boto3.resources.model), 670
network_acl_id (ec2.NetworkAcl attribute), 235 parameters (cloudformation.Stack attribute), 48
network_acls (ec2.Service attribute), 221 params (boto3.resources.model.DefinitionWithParams at-
network_acls (ec2.Vpc attribute), 262 tribute), 670
network_interface_id (ec2.NetworkInterface attribute), params (boto3.resources.model.Request attribute), 671
238 params (boto3.resources.model.Waiter attribute), 673
network_interfaces (ec2.Instance attribute), 226 part_number (s3.MultipartUploadPart attribute), 563
network_interfaces (ec2.Service attribute), 221 parts (s3.MultipartUpload attribute), 562
network_interfaces (ec2.Subnet attribute), 254 password_data() (ec2.Instance method), 230
network_interfaces (ec2.Vpc attribute), 262 password_last_used (iam.User attribute), 370
NetworkAcl() (ec2.Service method), 220 password_reset_required (iam.LoginProfile attribute),
NetworkInterface() (ec2.Service method), 220 363
notification_arns (cloudformation.Stack attribute), 48 password_reuse_prevention
NullHandler (class in boto3), 666 (iam.AccountPasswordPolicy attribute),
356
O path (boto3.resources.model.Action attribute), 670
object (s3.MultipartUpload attribute), 562 path (boto3.resources.model.ResponseResource at-
object (s3.ObjectAcl attribute), 572 tribute), 672
object (s3.ObjectVersion attribute), 575 path (iam.Group attribute), 359
Object() (s3.Bucket method), 551 path (iam.InstanceProfile attribute), 362
Object() (s3.Service method), 548 path (iam.Role attribute), 365
object_key (s3.MultipartUpload attribute), 561 path (iam.User attribute), 371
object_key (s3.MultipartUploadPart attribute), 562 payer (s3.BucketRequestPayment attribute), 557
object_key (s3.ObjectAcl attribute), 572 physical_resource_id (cloudformation.Event attribute),
object_key (s3.ObjectVersion attribute), 573 47
object_versions (s3.Bucket attribute), 551 physical_resource_id (cloudformation.StackResource at-
ObjectAcl() (s3.Object method), 571 tribute), 51
ObjectAcl() (s3.Service method), 548 physical_resource_id (cloudforma-
objects (s3.Bucket attribute), 552 tion.StackResourceSummary attribute), 52
ObjectVersion() (s3.Object method), 571 placement (ec2.Instance attribute), 226
ObjectVersion() (s3.Service method), 548 placement_group (ec2.Instance attribute), 233
operation (boto3.resources.model.Request attribute), 671 placement_groups (ec2.Service attribute), 221
opsworks.Client (built-in class), 399 PlacementGroup() (ec2.Service method), 220
opsworks.Layer (built-in class), 427 platform (ec2.Image attribute), 223
opsworks.Service (built-in class), 424 platform (ec2.Instance attribute), 226
opsworks.Stack (built-in class), 429 platform_applications (sns.Service attribute), 594
opsworks.StackSummary (built-in class), 432 PlatformApplication() (sns.Service method), 594
outputs (cloudformation.Stack attribute), 48 PlatformEndpoint() (sns.Service method), 594
owner (s3.BucketAcl attribute), 552 policies (iam.Group attribute), 360
owner (s3.MultipartUpload attribute), 561 policies (iam.Role attribute), 366
owner (s3.ObjectAcl attribute), 572 policies (iam.User attribute), 372
owner (s3.ObjectVersion attribute), 573 policy (s3.BucketPolicy attribute), 556
owner_alias (ec2.Snapshot attribute), 248 policy_document (iam.GroupPolicy attribute), 361
owner_id (ec2.Image attribute), 223 policy_document (iam.RolePolicy attribute), 367
700 Index
policy_document (iam.UserPolicy attribute), 373 put_bucket_request_payment() (s3.Client method), 542

policy_name (iam.GroupPolicy attribute), 361 put_bucket_tagging() (s3.Client method), 543
policy_name (iam.RolePolicy attribute), 367 put_bucket_versioning() (s3.Client method), 543
policy_name (iam.UserPolicy attribute), 373 put_bucket_website() (s3.Client method), 543
poll_for_activity_task() (swf.Client method), 654 put_configuration_recorder() (config.Client method), 92
poll_for_decision_task() (swf.Client method), 655 put_delivery_channel() (config.Client method), 92
poll_for_task() (datapipeline.Client method), 95 put_group_policy() (iam.Client method), 341
private_dns_name (ec2.Instance attribute), 226 put_item() (dynamodb.Client method), 115
private_dns_name (ec2.NetworkInterface attribute), 238 put_key_policy() (kms.Client method), 389
private_ip_address (ec2.Instance attribute), 227 put_lifecycle_hook() (autoscaling.Client method), 29
private_ip_address (ec2.NetworkInterface attribute), 238 put_log_events() (logs.Client method), 397
private_ip_addresses (ec2.NetworkInterface attribute), put_metric_alarm() (cloudwatch.Client method), 73
238 put_metric_data() (cloudwatch.Client method), 74
product_codes (ec2.Image attribute), 223 put_metric_filter() (logs.Client method), 398
product_codes (ec2.Instance attribute), 227 put_notification_configuration() (autoscaling.Client
progress (ec2.Snapshot attribute), 248 method), 31
promote_read_replica() (rds.Client method), 466 put_object() (s3.Bucket method), 550
propagating_vgws (ec2.RouteTable attribute), 242 put_object() (s3.Client method), 543
public (ec2.Image attribute), 223 put_object_acl() (s3.Client method), 544
public_dns_name (ec2.Instance attribute), 227 put_pipeline_definition() (datapipeline.Client method),
public_ip_address (ec2.Instance attribute), 227 96
publish() (sns.Client method), 589 put_record() (kinesis.Client method), 381
publish() (sns.PlatformEndpoint method), 597 put_records() (kinesis.Client method), 382
publish() (sns.Topic method), 600 put_retention_policy() (logs.Client method), 398
purchase_reserved_cache_nodes_offering() (elasti- put_role_policy() (iam.Client method), 342
cache.Client method), 284 put_scaling_policy() (autoscaling.Client method), 31
purchase_reserved_db_instances_offering() (rds.Client put_scheduled_update_group_action() (autoscal-
method), 467 ing.Client method), 31
purchase_reserved_instances_offering() (ec2.Client put_user_policy() (iam.Client method), 342
method), 200
purchase_reserved_node_offering() (redshift.Client Q
method), 506 qr_code_png (iam.VirtualMfaDevice attribute), 374
put() (iam.GroupPolicy method), 361 query() (dynamodb.Client method), 120
put() (iam.RolePolicy method), 367 query_objects() (datapipeline.Client method), 96
put() (iam.UserPolicy method), 373 queue (sqs.Message attribute), 614
put() (s3.BucketAcl method), 552 Queue() (sqs.Service method), 612
put() (s3.BucketCors method), 553 queue_configuration (s3.BucketNotification attribute),
put() (s3.BucketLifecycle method), 554 555
put() (s3.BucketLogging method), 555 queue_url (sqs.Message attribute), 613
put() (s3.BucketNotification method), 556 queues (sqs.Service attribute), 612
put() (s3.BucketPolicy method), 556
put() (s3.BucketRequestPayment method), 557 R
put() (s3.BucketTagging method), 558 ramdisk_id (ec2.Image attribute), 224
put() (s3.BucketVersioning method), 559 ramdisk_id (ec2.Instance attribute), 227
put() (s3.BucketWebsite method), 560 RawHandler (class in boto3.resources.response), 673
put() (s3.Object method), 570 rds.Client (built-in class), 433
put() (s3.ObjectAcl method), 572 re_encrypt() (kms.Client method), 390
put_attributes() (sdb.Client method), 578 read_job() (elastictranscoder.Client method), 304
put_bucket_acl() (s3.Client method), 541 read_pipeline() (elastictranscoder.Client method), 304
put_bucket_cors() (s3.Client method), 541 read_preset() (elastictranscoder.Client method), 304
put_bucket_lifecycle() (s3.Client method), 542 reboot() (ec2.Instance method), 230
put_bucket_logging() (s3.Client method), 542 reboot_cache_cluster() (elasticache.Client method), 284
put_bucket_notification() (s3.Client method), 542 reboot_cluster() (redshift.Client method), 506
put_bucket_policy() (s3.Client method), 542 reboot_db_instance() (rds.Client method), 468
Index 701
reboot_instance() (opsworks.Client method), 415 remove_tags_from_stream() (kinesis.Client method), 383

reboot_instances() (ec2.Client method), 201 remove_user() (iam.Group method), 360
rebuild_environment() (elasticbeanstalk.Client method), remove_user_from_group() (iam.Client method), 343
293 replace_association() (ec2.NetworkAcl method), 236
receipt_handle (sqs.Message attribute), 613 replace_entry() (ec2.NetworkAcl method), 237
receive_message() (sqs.Client method), 608 replace_network_acl_association() (ec2.Client method),
receive_messages() (sqs.Queue method), 615 203
record_activity_task_heartbeat() (swf.Client method), replace_network_acl_entry() (ec2.Client method), 203
656 replace_route() (ec2.Client method), 203
record_lifecycle_action_heartbeat() (autoscaling.Client replace_route_table_association() (ec2.Client method),
method), 32 204
redirect_all_requests_to (s3.BucketWebsite attribute), replace_subnet() (ec2.RouteTableAssociation method),
560 244
redshift.Client (built-in class), 475 report_instance_status() (ec2.Client method), 204
references (boto3.resources.model.ResourceModel report_status() (ec2.Instance method), 231
attribute), 671 report_task_progress() (datapipeline.Client method), 97
refresh_trusted_advisor_check() (support.Client method), report_task_runner_heartbeat() (datapipeline.Client
644 method), 97
region (opsworks.Stack attribute), 430 request (boto3.resources.model.Action attribute), 670
register_activity_type() (swf.Client method), 657 Request (class in boto3.resources.model), 671
register_application_revision() (codedeploy.Client request_cancel_workflow_execution() (swf.Client
register_device(), 89 request_environment_info() (elasticbeanstalk.Client
register_domain() (route53domains.Client method), 523 method), 293
register_domain() (swf.Client method), 658 request_spot_instances() (ec2.Client method), 205
register_elastic_ip() (opsworks.Client method), 416 request_vpc_peering_connection() (ec2.Vpc method),
register_image() (ec2.Client method), 201 261
register_image() (ec2.Service method), 219 requested_vpc_peering_connections (ec2.Vpc attribute),
register_instances_with_load_balancer() (elb.Client 262
method), 315 requester_id (ec2.NetworkInterface attribute), 238
register_rds_db_instance() (opsworks.Client method), requester_managed (ec2.NetworkInterface attribute), 238
416 requester_vpc (ec2.VpcPeeringConnection attribute), 263
register_volume() (opsworks.Client method), 416 requester_vpc_info (ec2.VpcPeeringConnection at-
register_workflow_type() (swf.Client method), 659 tribute), 263
reject() (ec2.VpcPeeringConnection method), 263 require_lowercase_characters
reject_vpc_peering_connection() (ec2.Client method), (iam.AccountPasswordPolicy attribute),
202 356
release_address() (ec2.Client method), 202 require_numbers (iam.AccountPasswordPolicy attribute),
remove_client_id_from_open_id_connect_provider() 356
(iam.Client method), 342 require_symbols (iam.AccountPasswordPolicy attribute),
remove_event_source() (lambda.Client method), 393 356
remove_group() (iam.User method), 371 require_uppercase_characters
remove_permission() (sns.Client method), 591 (iam.AccountPasswordPolicy attribute),
remove_permission() (sns.Topic method), 602 356
remove_permission() (sqs.Client method), 609 reset_attribute() (ec2.Image method), 225
remove_permission() (sqs.Queue method), 616 reset_attribute() (ec2.Instance method), 231
remove_role() (iam.InstanceProfile method), 362 reset_attribute() (ec2.NetworkInterface method), 240
remove_role_from_instance_profile() (iam.Client reset_attribute() (ec2.Snapshot method), 250
method), 343 reset_cache_parameter_group() (elasticache.Client
remove_source_identifier_from_subscription() method), 285
(rds.Client method), 468 reset_cluster_parameter_group() (redshift.Client
remove_tags() (elb.Client method), 316 method), 506
remove_tags() (emr.Client method), 321 reset_db_parameter_group() (rds.Client method), 468
remove_tags_from_resource() (rds.Client method), 468 reset_image_attribute() (ec2.Client method), 206
702 Index
reset_instance_attribute() (ec2.Client method), 206 restore_db_instance_from_db_snapshot() (rds.Client

reset_kernel() (ec2.Instance method), 231 method), 469
reset_network_interface_attribute() (ec2.Client method), restore_db_instance_to_point_in_time() (rds.Client
206 method), 471
reset_ramdisk() (ec2.Instance method), 231 restore_from_cluster_snapshot() (redshift.Client
reset_snapshot_attribute() (ec2.Client method), 207 method), 507
reset_source_dest_check() (ec2.Instance method), 232 restore_object() (s3.Client method), 545
resolve_case() (support.Client method), 644 resume_processes() (autoscaling.Client method), 33
resource (boto3.resources.model.Action attribute), 670 resync() (iam.MfaDevice method), 365
resource (cloudformation.StackResourceSummary resync_mfa_device() (iam.Client method), 343
attribute), 53 retire_grant() (kms.Client method), 390
resource() (boto3.session.Session method), 677 retrieve_domain_auth_code() (route53domains.Client
resource() (in module boto3), 666 method), 525
resource_id (ec2.Tag attribute), 254 retrieve_environment_info() (elasticbeanstalk.Client
resource_names (boto3.resources.model.SubResourceList method), 294
attribute), 672 retrieve_tape_archive() (storagegateway.Client method),
resource_properties (cloudformation.Event attribute), 47 628
resource_status (cloudformation.Event attribute), 47 retrieve_tape_recovery_point() (storagegateway.Client
resource_status (cloudformation.StackResource at- method), 628
tribute), 51 reverse_references (boto3.resources.model.ResourceModel
resource_status (cloudformation.StackResourceSummary attribute), 672
attribute), 52 revoke_cache_security_group_ingress() (elasti-
resource_status_reason (cloudformation.Event attribute), cache.Client method), 285
47 revoke_cluster_security_group_ingress() (redshift.Client
resource_status_reason (cloudformation.StackResource method), 509
attribute), 51 revoke_db_security_group_ingress() (rds.Client method),
resource_status_reason (cloudforma- 474
tion.StackResourceSummary attribute), 52 revoke_egress() (ec2.SecurityGroup method), 246
resource_summaries (cloudformation.Stack attribute), 50 revoke_grant() (kms.Client method), 390
resource_type (cloudformation.Event attribute), 47 revoke_ingress() (ec2.SecurityGroup method), 247
resource_type (cloudformation.StackResource attribute), revoke_security_group_egress() (ec2.Client method), 207
51 revoke_security_group_ingress() (ec2.Client method),
resource_type (cloudformation.StackResourceSummary 208
attribute), 52 revoke_snapshot_access() (redshift.Client method), 509
resource_type (ec2.Tag attribute), 254 role (iam.RolePolicy attribute), 367
ResourceCollection (class in boto3.resources.collection), Role() (iam.Service method), 353
668 role_id (iam.Role attribute), 366
ResourceFactory (class in boto3.resources.factory), 675 role_name (iam.Role attribute), 366
ResourceHandler (class in boto3.resources.response), 673 role_name (iam.RolePolicy attribute), 367
ResourceModel (class in boto3.resources.model), 671 RolePolicy() (iam.Role method), 366
resources (boto3.resources.model.SubResourceList at- RolePolicy() (iam.Service method), 353
tribute), 672 roles (iam.InstanceProfile attribute), 362, 363
respond_activity_task_canceled() (swf.Client method), roles (iam.Service attribute), 353
661 root_device_name (ec2.Image attribute), 224
respond_activity_task_completed() (swf.Client method), root_device_name (ec2.Instance attribute), 227
661 root_device_type (ec2.Image attribute), 224
respond_activity_task_failed() (swf.Client method), 662 root_device_type (ec2.Instance attribute), 227
respond_decision_task_completed() (swf.Client method), rotate_encryption_key() (redshift.Client method), 510
663 route53.Client (built-in class), 510
ResponseResource (class in boto3.resources.model), 672 route53domains.Client (built-in class), 521
restart_app_server() (elasticbeanstalk.Client method), route_table (ec2.RouteTableAssociation attribute), 244
293 route_table_association_id (ec2.RouteTableAssociation
restore (s3.Object attribute), 566 attribute), 243
route_table_id (ec2.RouteTable attribute), 242
Index 703
route_table_id (ec2.RouteTableAssociation attribute), server_certificates (iam.Service attribute), 354

243 server_side_encryption (s3.Object attribute), 566
route_tables (ec2.Service attribute), 221 ServerCertificate() (iam.Service method), 353
route_tables (ec2.Vpc attribute), 262 service_role_arn (opsworks.Stack attribute), 430
routes (ec2.RouteTable attribute), 242 ServiceAction (class in boto3.resources.action), 675
RouteTable() (ec2.Service method), 220 ServiceResource (class in boto3.resources.base), 675
RouteTableAssociation() (ec2.Service method), 220 ses.Client (built-in class), 580
routing_rules (s3.BucketWebsite attribute), 560 Session (class in boto3.session), 676
rules (s3.BucketLifecycle attribute), 554 set_alarm_state() (cloudwatch.Client method), 75
run_instances() (ec2.Client method), 208 set_attributes() (sns.PlatformApplication method), 595
run_job_flow() (emr.Client method), 321 set_attributes() (sns.PlatformEndpoint method), 598
set_attributes() (sns.Subscription method), 599
S set_attributes() (sns.Topic method), 602
s3.Bucket (built-in class), 548 set_attributes() (sqs.Queue method), 616
s3.BucketAcl (built-in class), 552 set_desired_capacity() (autoscaling.Client method), 33
s3.BucketCors (built-in class), 553 set_endpoint_attributes() (sns.Client method), 591
s3.BucketLifecycle (built-in class), 554 set_identity_dkim_enabled() (ses.Client method), 583
s3.BucketLogging (built-in class), 554 set_identity_feedback_forwarding_enabled() (ses.Client
s3.BucketNotification (built-in class), 555 method), 583
s3.BucketPolicy (built-in class), 556 set_identity_notification_topic() (ses.Client method), 584
s3.BucketRequestPayment (built-in class), 557 set_identity_pool_configuration(), 89
s3.BucketTagging (built-in class), 558 set_instance_health() (autoscaling.Client method), 34
s3.BucketVersioning (built-in class), 558 set_load_balancer_listener_ssl_certificate() (elb.Client
s3.BucketWebsite (built-in class), 560 method), 316
s3.Client (built-in class), 531 set_load_balancer_policies_for_backend_server()
s3.MultipartUpload (built-in class), 561 (elb.Client method), 317
s3.MultipartUploadPart (built-in class), 562 set_load_balancer_policies_of_listener() (elb.Client
s3.Object (built-in class), 564 method), 317
s3.ObjectAcl (built-in class), 571 set_load_based_auto_scaling() (opsworks.Client
s3.ObjectVersion (built-in class), 573 method), 416
s3.Service (built-in class), 547 set_permission() (opsworks.Client method), 417
saml_metadata_document (iam.SamlProvider attribute), set_platform_application_attributes() (sns.Client
368 method), 591
saml_providers (iam.Service attribute), 353 set_queue_attributes() (sqs.Client method), 610
SamlProvider() (iam.Service method), 353 set_stack_policy() (cloudformation.Client method), 42
scan() (dynamodb.Client method), 125 set_status() (datapipeline.Client method), 97
sdb.Client (built-in class), 575 set_stream_logger() (in module boto3), 666
search() (cloudsearchdomain.Client method), 63 set_subscription_attributes() (sns.Client method), 592
secret_access_key (iam.AccessKey attribute), 354 set_task_status() (datapipeline.Client method), 98
security_groups (ec2.Instance attribute), 227 set_termination_protection() (emr.Client method), 322
security_groups (ec2.Service attribute), 221 set_time_based_auto_scaling() (opsworks.Client
security_groups (ec2.Vpc attribute), 262 method), 417
SecurityGroup() (ec2.Service method), 220 set_topic_attributes() (sns.Client method), 592
select() (sdb.Client method), 579 set_visible_to_all_users() (emr.Client method), 323
send_email() (ses.Client method), 582 setup_default_session() (in module boto3), 667
send_message() (sqs.Client method), 609 shape (boto3.resources.model.ResourceModel attribute),
send_message() (sqs.Queue method), 616 672
send_message_batch() (sqs.Client method), 610 shortname (opsworks.Layer attribute), 428
send_messages() (sqs.Queue method), 616 shutdown_gateway() (storagegateway.Client method),
send_raw_email() (ses.Client method), 582 628
serial_number (iam.MfaDevice attribute), 364 signal_resource() (cloudformation.Client method), 42
serial_number (iam.VirtualMfaDevice attribute), 374 signal_workflow_execution() (swf.Client method), 663
server_certificate_metadata (iam.ServerCertificate signing_certificates (iam.Service attribute), 354
attribute), 369 SigningCertificate() (iam.Service method), 353
704 Index
size (ec2.Volume attribute), 256 StackSummary() (opsworks.Service method), 427

size (s3.MultipartUploadPart attribute), 563 StackSummary() (opsworks.Stack method), 432
size (s3.ObjectVersion attribute), 573 start() (ec2.Instance method), 232
Snapshot() (ec2.Service method), 220 start_configuration_recorder() (config.Client method), 93
snapshot_id (ec2.Snapshot attribute), 248 start_gateway() (storagegateway.Client method), 629
snapshot_id (ec2.Volume attribute), 256 start_instance() (opsworks.Client method), 417
snapshots (ec2.Service attribute), 221 start_instances() (ec2.Client method), 211
snapshots (ec2.Volume attribute), 258 start_logging() (cloudtrail.Client method), 70
sns.Client (built-in class), 585 start_stack() (opsworks.Client method), 418
sns.PlatformApplication (built-in class), 594 start_time (ec2.Snapshot attribute), 248
sns.PlatformEndpoint (built-in class), 596 start_workflow_execution() (swf.Client method), 664
sns.Service (built-in class), 593 state (ec2.Image attribute), 224
sns.Subscription (built-in class), 598 state (ec2.Instance attribute), 227
sns.Topic (built-in class), 599 state (ec2.PlacementGroup attribute), 241
source (boto3.resources.model.Parameter attribute), 671 state (ec2.Snapshot attribute), 248
source_dest_check (ec2.Instance attribute), 227 state (ec2.Subnet attribute), 251
source_dest_check (ec2.NetworkInterface attribute), 238 state (ec2.Volume attribute), 256
source_type (boto3.resources.model.Parameter attribute), state (ec2.Vpc attribute), 259
671 state_reason (ec2.Image attribute), 224
split_shard() (kinesis.Client method), 383 state_reason (ec2.Instance attribute), 227
spot_instance_request_id (ec2.Instance attribute), 227 state_transition_reason (ec2.Instance attribute), 227
sqs.Client (built-in class), 603 status (ec2.NetworkInterface attribute), 238
sqs.Message (built-in class), 613 status (ec2.VpcPeeringConnection attribute), 263
sqs.Queue (built-in class), 614 status (iam.AccessKey attribute), 354
sqs.Service (built-in class), 611 status (iam.SigningCertificate attribute), 369
sriov_net_support (ec2.Image attribute), 224 status (s3.BucketVersioning attribute), 559
sriov_net_support (ec2.Instance attribute), 227 stop() (ec2.Instance method), 232
sse_customer_algorithm (s3.Object attribute), 566 stop_configuration_recorder() (config.Client method), 93
sse_customer_key_md5 (s3.Object attribute), 566 stop_deployment() (codedeploy.Client method), 81
ssekms_key_id (s3.Object attribute), 566 stop_instance() (opsworks.Client method), 418
stack (cloudformation.StackResource attribute), 52 stop_instances() (ec2.Client method), 211
stack (opsworks.Layer attribute), 429 stop_logging() (cloudtrail.Client method), 70
stack (opsworks.StackSummary attribute), 433 stop_stack() (opsworks.Client method), 418
Stack() (cloudformation.Service method), 46 storage_class (s3.MultipartUpload attribute), 561
Stack() (opsworks.Service method), 427 storage_class (s3.ObjectVersion attribute), 573
stack_id (cloudformation.Event attribute), 47 storagegateway.Client (built-in class), 617
stack_id (cloudformation.Stack attribute), 48 strategy (ec2.PlacementGroup attribute), 241
stack_id (cloudformation.StackResource attribute), 51 sts.Client (built-in class), 631
stack_id (opsworks.Layer attribute), 428 sub_resources (boto3.resources.model.ResourceModel
stack_id (opsworks.Stack attribute), 430 attribute), 672
stack_id (opsworks.StackSummary attribute), 432, 433 subnet (ec2.Instance attribute), 232
stack_name (cloudformation.Event attribute), 47 subnet (ec2.NetworkInterface attribute), 240
stack_name (cloudformation.Stack attribute), 48 subnet (ec2.RouteTableAssociation attribute), 244
stack_name (cloudformation.StackResource attribute), 51 Subnet() (ec2.Service method), 220
stack_name (cloudformation.StackResourceSummary at- subnet_id (ec2.Instance attribute), 227
tribute), 52 subnet_id (ec2.NetworkInterface attribute), 238
stack_status (cloudformation.Stack attribute), 49 subnet_id (ec2.RouteTableAssociation attribute), 243
stack_status_reason (cloudformation.Stack attribute), 49 subnet_id (ec2.Subnet attribute), 251
StackResource() (cloudformation.Service method), 46 subnets (ec2.Service attribute), 221
StackResource() (cloudformation.Stack method), 50 subnets (ec2.Vpc attribute), 262
StackResourceSummary() (cloudformation.Service SubResourceList (class in boto3.resources.model), 672
method), 47 subscribe() (sns.Client method), 592
stacks (cloudformation.Service attribute), 47 subscribe() (sns.Topic method), 602
stacks (opsworks.Service attribute), 427 subscribe_to_dataset(), 89
Index 705
Subscription() (sns.Service method), 594 U

Subscription() (sns.Topic method), 603 unassign_private_ip_addresses() (ec2.Client method),
subscriptions (sns.Service attribute), 594 212
subscriptions (sns.Topic attribute), 603 unassign_private_ip_addresses() (ec2.NetworkInterface
suggest() (cloudsearchdomain.Client method), 68 method), 240
summary_map (iam.AccountSummary attribute), 358 unassign_volume() (opsworks.Client method), 418
support.Client (built-in class), 639 unlink_developer_identity(), 86
suspend() (s3.BucketVersioning method), 559 unlink_identity(), 86
suspend_processes() (autoscaling.Client method), 34 unmonitor() (ec2.Instance method), 232
swap_environment_cnames() (elasticbeanstalk.Client unmonitor_instances() (ec2.Client method), 212
method), 294 unsubscribe() (sns.Client method), 593
swf.Client (built-in class), 644 unsubscribe_from_dataset(), 90
update() (cloudformation.Stack method), 49
T update() (iam.AccountPasswordPolicy method), 356
Tag() (ec2.Service method), 220 update() (iam.Group method), 360
tag_set (ec2.NetworkInterface attribute), 238 update() (iam.LoginProfile method), 363
tag_set (s3.BucketTagging attribute), 558 update() (iam.SamlProvider method), 368
tags (cloudformation.Stack attribute), 49 update() (iam.ServerCertificate method), 369
tags (ec2.DhcpOptions attribute), 222 update() (iam.User method), 372
tags (ec2.Image attribute), 224 update_access_key() (iam.Client method), 344
tags (ec2.Instance attribute), 227 update_account_password_policy() (iam.Client method),
tags (ec2.InternetGateway attribute), 233 344
tags (ec2.NetworkAcl attribute), 235 update_app() (opsworks.Client method), 418
tags (ec2.RouteTable attribute), 242 update_application() (codedeploy.Client method), 82
tags (ec2.SecurityGroup attribute), 245 update_application() (elasticbeanstalk.Client method),
tags (ec2.Snapshot attribute), 248 295
tags (ec2.Subnet attribute), 251 update_application_version() (elasticbeanstalk.Client
tags (ec2.Volume attribute), 256 method), 295
tags (ec2.Vpc attribute), 259 update_assume_role_policy() (iam.Client method), 345
tags (ec2.VpcPeeringConnection attribute), 263 update_assume_role_policy() (iam.Role method), 366
target (boto3.resources.model.Parameter attribute), 671 update_auto_scaling_group() (autoscaling.Client
terminate() (ec2.Instance method), 232 method), 35
terminate_environment() (elasticbeanstalk.Client update_availability_options() (cloudsearch.Client
terminate_instance_in_auto_scaling_group() (autoscal- update_bandwidth_rate_limit() (storagegateway.Client
ing.Client method), 35 method), 629
terminate_instances() (ec2.Client method), 212 update_chap_credentials() (storagegateway.Client
terminate_job_flows() (emr.Client method), 323 method), 629
terminate_workflow_execution() (swf.Client method), update_configuration_template() (elasticbeanstalk.Client
665 method), 296
test_metric_filter() (logs.Client method), 398 update_deployment_group() (codedeploy.Client method),
test_role() (elastictranscoder.Client method), 304 82
timeout_in_minutes (cloudformation.Stack attribute), 49 update_domain_contact() (route53domains.Client
timestamp (cloudformation.Event attribute), 48 method), 528
topic (sns.Subscription attribute), 599 update_domain_contact_privacy()
Topic() (sns.Service method), 594 (route53domains.Client method), 529
topic_arn (sns.Subscription attribute), 598 update_domain_nameservers() (route53domains.Client
topic_configuration (s3.BucketNotification attribute), 556 method), 530
topics (sns.Service attribute), 594 update_elastic_ip() (opsworks.Client method), 419
transfer_domain() (route53domains.Client method), 526 update_environment() (elasticbeanstalk.Client method),
type (boto3.resources.model.ResponseResource at- 296
tribute), 672 update_function_configuration() (lambda.Client method),
type (opsworks.Layer attribute), 428 393
706 Index
update_gateway_information() (storagegateway.Client upload_id (s3.MultipartUpload attribute), 561

method), 630 upload_part() (s3.Client method), 545
update_gateway_software_now() (storagegateway.Client upload_part_copy() (s3.Client method), 546
method), 630 upload_server_certificate() (iam.Client method), 348
update_group() (iam.Client method), 345 upload_signing_certificate() (iam.Client method), 348
update_health_check() (route53.Client method), 519 url (sqs.Queue attribute), 614
update_hosted_zone_comment() (route53.Client use_custom_cookbooks (opsworks.Stack attribute), 430
method), 520 use_ebs_optimized_instances (opsworks.Layer attribute),
update_identity_pool(), 86 429
update_instance() (opsworks.Client method), 419 use_opsworks_security_groups (opsworks.Stack at-
update_item() (dynamodb.Client method), 128 tribute), 430
update_job() (importexport.Client method), 376 user (iam.AccessKey attribute), 355
update_key_description() (kms.Client method), 390 user (iam.LoginProfile attribute), 364
update_layer() (opsworks.Client method), 420 user (iam.MfaDevice attribute), 365
update_login_profile() (iam.Client method), 346 user (iam.UserPolicy attribute), 373
update_maintenance_start_time() (storagegateway.Client user (iam.VirtualMfaDevice attribute), 374
method), 630 User() (iam.Service method), 353
update_my_user_profile() (opsworks.Client method), 421 user_id (iam.User attribute), 371
update_open_id_connect_provider_thumbprint() user_name (iam.AccessKey attribute), 354
(iam.Client method), 346 user_name (iam.LoginProfile attribute), 363
update_pipeline() (elastictranscoder.Client method), 304 user_name (iam.MfaDevice attribute), 364
update_pipeline_notifications() (elastictranscoder.Client user_name (iam.SigningCertificate attribute), 370
method), 307 user_name (iam.User attribute), 371
update_pipeline_status() (elastictranscoder.Client user_name (iam.UserPolicy attribute), 373
method), 307 UserPolicy() (iam.Service method), 353
update_rds_db_instance() (opsworks.Client method), 421 UserPolicy() (iam.User method), 372
update_records(), 90 users (iam.Group attribute), 360
update_saml_provider() (iam.Client method), 346 users (iam.Service attribute), 354
update_scaling_parameters() (cloudsearch.Client
method), 62 V
update_server_certificate() (iam.Client method), 347 valid_until (iam.SamlProvider attribute), 368
update_service_access_policies() (cloudsearch.Client validate_configuration_settings() (elasticbeanstalk.Client
update_signing_certificate() (iam.Client method), 347 validate_pipeline_definition() (datapipeline.Client
update_snapshot_schedule() (storagegateway.Client method), 98
method), 631 validate_template() (cloudformation.Client method), 44
update_stack() (cloudformation.Client method), 43 value (ec2.Tag attribute), 254
update_stack() (opsworks.Client method), 421 verify_domain_dkim() (ses.Client method), 584
update_table() (dynamodb.Client method), 135 verify_domain_identity() (ses.Client method), 584
update_trail() (cloudtrail.Client method), 70 verify_email_address() (ses.Client method), 585
update_user() (iam.Client method), 347 verify_email_identity() (ses.Client method), 585
update_user_profile() (opsworks.Client method), 423 version_id (s3.Object attribute), 566
update_volume() (opsworks.Client method), 424 version_id (s3.ObjectVersion attribute), 573
UpdateCloudFrontOriginAccessIdentity2014_10_21() virtual_mfa_devices (iam.Service attribute), 354
(cloudfront.Client method), 56 virtualization_type (ec2.Image attribute), 224
UpdateDistribution2014_10_21() (cloudfront.Client virtualization_type (ec2.Instance attribute), 227
method), 56 VirtualMfaDevice() (iam.Service method), 353
UpdateStreamingDistribution2014_10_21() (cloud- volume (ec2.Snapshot attribute), 250
front.Client method), 57 Volume() (ec2.Service method), 220
upload() (s3.MultipartUploadPart method), 564 volume_configurations (opsworks.Layer attribute), 429
upload_date (iam.SigningCertificate attribute), 369 volume_id (ec2.Snapshot attribute), 248
upload_documents() (cloudsearchdomain.Client volume_id (ec2.Volume attribute), 256
method), 68 volume_size (ec2.Snapshot attribute), 248
upload_function() (lambda.Client method), 394 volume_type (ec2.Volume attribute), 256
Index 707
volumes (ec2.Instance attribute), 233

volumes (ec2.Service attribute), 221
vpc (ec2.Instance attribute), 233
vpc (ec2.NetworkAcl attribute), 237
vpc (ec2.NetworkInterface attribute), 240
vpc (ec2.RouteTable attribute), 243
vpc (ec2.Subnet attribute), 254
Vpc() (ec2.Service method), 220
vpc_id (ec2.Instance attribute), 227
vpc_id (ec2.NetworkAcl attribute), 235
vpc_id (ec2.NetworkInterface attribute), 238
vpc_id (ec2.RouteTable attribute), 242
vpc_id (ec2.SecurityGroup attribute), 245
vpc_id (ec2.Subnet attribute), 251
vpc_id (ec2.Vpc attribute), 259
vpc_id (opsworks.Stack attribute), 431
vpc_peering_connection_id (ec2.VpcPeeringConnection
attribute), 263
vpc_peering_connections (ec2.Service attribute), 221
VpcPeeringConnection() (ec2.Service method), 220
vpcs (ec2.Service attribute), 221
W
Waiter (class in boto3.resources.model), 672
waiter_name (boto3.resources.model.Waiter attribute),
673
waiters (boto3.resources.model.ResourceModel at-
tribute), 672
website_redirect_location (s3.Object attribute), 566
708 Index

Boto 3

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

Boto 3

Încărcat de

Drepturi de autor:

Formate disponibile

Boto3 Documentation

December 04, 2014

3 Indices and tables 679

Python Module Index 681

1.1 Whats New

1.1.1 Major Features

Boto 3 consists of the following major features:

Boto 3 is currently in developer preview. A full migration guide is coming soon.

Getting started with Boto 3 is easy, but requires a few steps.

Install the latest Boto 3 release via pip:

You may also install a specific version:

Note: The latest development version can always be found on GitHub.

1.2.3 Using Boto 3

# Lets use Amazon S3

4 Chapter 1. User Guide

1.3.2 Identifiers & Attributes

# S3 Object (bucket_name and key are identifiers)

# Raises exception, missing identifier: key!

Identifiers may also be passed as positional arguments:

# Raises exception, missing key!

>>> bucket1 == bucket2

6 Chapter 1. User Guide

Examples of sending additional parameters:

# SQS list all queues

When Collections Make Requests

# Note, this does NOT modify the filters in filtered1!

8 Chapter 1. User Guide

for instance in base:

print(Dedicated micro instances:)

1.4.4 Limiting Results

# Keyword argument example

1.4.5 Controlling Page Size

# Keyword argument example

1.4.6 Batch Actions

1.5.1 Creating a Queue

# Create the queue. This returns an SQS.Queue instance

# You can now access identifiers and attributes

1.5.2 Using an Existing Queue

# Get the queue. This returns an SQS.Queue instance

# You can now access identifiers and attributes

It is also possible to list all of our existing queues:

Reference: sqs.ServiceResource.get_queue_by_name(), sqs.ServiceResource.queues

10 Chapter 1. User Guide

1.5.3 Sending Messages

Sending a message adds it to the end of the queue:

# Get the queue

# Create a new message

You can also create messages with custom attributes:

# Print out any failures

1.5.4 Processing Messages

Messages are processed in batches:

# Get the service resource

# Get the queue

# Process messages by printing out body and optional author name

# Print out the body and author (if set)

# Let the queue know that the message is processed

Reference: sqs.Queue.receive_messages(), sqs.Message.delete()

1.6 Low-level Clients

1.6.1 Creating Clients

Clients are created in a similar fashion to resources:

# Create a low-level client with the service name

It is also possible to access the low-level client from an existing resource:

# Get the client from the resource