Updates the listener rules in a batch.

You can use this operation to change the priority of listener rules. This can be useful when bulk updating or swapping rule priority.

Enables access logs to be sent to Amazon CloudWatch, Amazon S3, and Amazon Kinesis Data Firehose.

The service network owner can use the access logs to audit the services in the network. The service network owner will only see access logs from clients and services that are associated with their service network. Access log entries represent traffic originated from VPCs associated with that network. For more information, see Access logs in the Amazon VPC Lattice User Guide.

Creates a listener for a service.

Before you start using your Amazon VPC Lattice service, you must add one or more listeners. A listener is a process that checks for connection requests to your services. For more information, see Listeners in the Amazon VPC Lattice User Guide.

Creates a listener rule.

Each listener has a default rule for checking connection requests, but you can define additional rules. Each rule consists of a priority, one or more actions, and one or more conditions. For more information, see Listener rules in the Amazon VPC Lattice User Guide.

Creates a service.

A service is any software application that can run on instances containers, or serverless functions within an account or virtual private cloud (VPC).

For more information, see Services in the Amazon VPC Lattice User Guide.

Creates a service network.

A service network is a logical boundary for a collection of services. You can associate services and VPCs with a service network.

For more information, see Service networks in the Amazon VPC Lattice User Guide.

Associates a service with a service network.

You can't use this operation if the service and service network are already associated or if there is a disassociation or deletion in progress. If the association fails, you can retry the operation by deleting the association and recreating it.

You cannot associate a service and service network that are shared with a caller. The caller must own either the service or the service network.

As a result of this operation, the association is created in the service network account and the association owner account.

Associates a VPC with a service network.

When you associate a VPC with the service network, it enables all the resources within that VPC to be clients and communicate with other services in the service network. For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.

You can't use this operation if there is a disassociation in progress. If the association fails, retry by deleting the association and recreating it.

As a result of this operation, the association gets created in the service network account and the VPC owner account.

Once a security group is added to the VPC association it cannot be removed. You can add or update the security groups being used for the VPC association once a security group is attached. To remove all security groups you must reassociate the VPC.

Creates a target group.

A target group is a collection of targets, or compute resources, that run your application or service. A target group can only be used by a single service.

For more information, see Target groups in the Amazon VPC Lattice User Guide.

Deletes the specified access log subscription.

Deletes the specified auth policy.

If an auth is set to Amazon Web Services_IAM and the auth policy is deleted, all requests will be denied by default. If you are trying to remove the auth policy completely, you must set the auth_type to NONE. If auth is enabled on the resource, but no auth policy is set, all requests will be denied.

Deletes the specified listener.

Deletes the specified resource policy.

Deletes a listener rule.

Each listener has a default rule for checking connection requests, but you can define additional rules. Each rule consists of a priority, one or more actions, and one or more conditions. You can delete additional listener rules, but you cannot delete the default rule.

For more information, see Listener rules in the Amazon VPC Lattice User Guide.

Deletes a service.

A service can't be deleted if it's associated with a service network. If you delete a service, all resources related to the service, such as the resource policy, auth policy, listeners, listener rules, and access log subscriptions, are also deleted. For more information, see Delete a service in the Amazon VPC Lattice User Guide.

Deletes a service network.

You can only delete the service network if there is no service or VPC associated with it. If you delete a service network, all resources related to the service network, such as the resource policy, auth policy, and access log subscriptions, are also deleted. For more information, see Delete a service network in the Amazon VPC Lattice User Guide.

Deletes the association between a specified service and the specific service network.

This request will fail if an association is still in progress.

Disassociates the VPC from the service network.

You can't disassociate the VPC if there is a create or update association in progress.

Deletes a target group.

You can't delete a target group if it is used in a listener rule or if the target group creation is in progress.

Deregisters the specified targets from the specified target group.

Retrieves information about the specified access log subscription.

Retrieves information about the auth policy for the specified service or service network.

Retrieves information about the specified listener for the specified service.

Retrieves information about the resource policy.

The resource policy is an IAM policy created by AWS RAM on behalf of the resource owner when they share a resource.

Retrieves information about listener rules.

You can also retrieve information about the default listener rule. For more information, see Listener rules in the Amazon VPC Lattice User Guide.

Retrieves information about the specified service.

Retrieves information about the specified service network.

Retrieves information about the specified association between a service network and a service.

Retrieves information about the association between a service network and a VPC.

Retrieves information about the specified target group.

Lists all access log subscriptions for the specified service network or service.

Lists the listeners for the specified service.

Lists the rules for the listener.

Lists the associations between the service network and the service.

You can filter the list either by service or service network. You must provide either the service network identifier or the service identifier.

Every association in Amazon VPC Lattice is given a unique Amazon Resource Name (ARN), such as when a service network is associated with a VPC or when a service is associated with a service network. If the association is for a resource that is shared with another account, the association will include the local account ID as the prefix in the ARN for each account the resource is shared with.

Lists the service network and VPC associations.

You can filter the list either by VPC or service network. You must provide either the service network identifier or the VPC identifier.

Lists the service networks owned by the caller account or shared with the caller account.

Also includes the account ID in the ARN to show which account owns the service network.

Lists the services owned by the caller account or shared with the caller account.

Lists the tags for the specified resource.

Lists your target groups.

You can narrow your search by using the filters below in your request.

Lists the targets for the target group.

By default, all targets are included. You can use this API to check the health status of targets. You can also filter the results by target.

Creates or updates the auth policy.

Attaches a resource-based permission policy to a service or service network.

The policy must contain the same actions and condition statements as the Amazon Web Services Resource Access Manager permission for sharing services and service networks.

Registers the targets with the target group.

If it's a Lambda target, you can only have one target in a target group.

Adds the specified tags to the specified resource.

Removes the specified tags from the specified resource.

Updates the specified access log subscription.

Updates the specified listener for the specified service.

Updates a rule for the listener.

You can't modify a default listener rule. To modify a default listener rule, use UpdateListener.

Updates the specified service.

Updates the specified service network.

Updates the service network and VPC association.

Once you add a security group, it cannot be removed.

Updates the specified target group.