VpcBlockPublicAccessOptions - Amazon Elastic Compute Cloud
ContentsSee Also
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

VpcBlockPublicAccessOptions

VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.

Contents

awsAccountId

An Amazon account ID.

Type: String

Required: No

awsRegion

An Amazon Region.

Type: String

Required: No

exclusionsAllowed

Determines if exclusions are allowed. If you have enabled VPC BPA at the Organization level, exclusions may be not-allowed. Otherwise, they are allowed.

Type: String

Valid Values: allowed | not-allowed

Required: No

internetGatewayBlockMode

The current mode of VPC BPA.

  • off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.

  • block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).

  • block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.

Type: String

Valid Values: off | block-bidirectional | block-ingress

Required: No

lastUpdateTimestamp

The last time the VPC BPA mode was updated.

Type: Timestamp

Required: No

managedBy

The entity that manages the state of VPC BPA. Possible values include:

  • account - The state is managed by the account.

  • declarative-policy - The state is managed by a declarative policy and can't be modified by the account.

Type: String

Valid Values: account | declarative-policy

Required: No

reason

The reason for the current state.

Type: String

Required: No

state

The current state of VPC BPA.

Type: String

Valid Values: default-state | update-in-progress | update-complete

Required: No

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: