CreateServiceNetworkVpcAssociation - Amazon VPC Lattice
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

CreateServiceNetworkVpcAssociation

Associates a VPC with a service network. When you associate a VPC with the service network, it enables all the resources within that VPC to be clients and communicate with other services in the service network. For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.

You can't use this operation if there is a disassociation in progress. If the association fails, retry by deleting the association and recreating it.

As a result of this operation, the association gets created in the service network account and the VPC owner account.

If you add a security group to the service network and VPC association, the association must continue to always have at least one security group. You can add or edit security groups at any time. However, to remove all security groups, you must first delete the association and recreate it without security groups.

Request Syntax

POST /servicenetworkvpcassociations HTTP/1.1
Content-type: application/json

{
   "clientToken": "string",
   "securityGroupIds": [ "string" ],
   "serviceNetworkIdentifier": "string",
   "tags": { 
      "string" : "string" 
   },
   "vpcIdentifier": "string"
}

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

clientToken

A unique, case-sensitive identifier that you provide to ensure the idempotency of the request. If you retry a request that completed successfully using the same client token and parameters, the retry succeeds without performing any actions. If the parameters aren't identical, the retry fails.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [!-~]+

Required: No

securityGroupIds

The IDs of the security groups. Security groups aren't added by default. You can add a security group to apply network level controls to control which resources in a VPC are allowed to access the service network and its services. For more information, see Control traffic to resources using security groups in the Amazon VPC User Guide.

Type: Array of strings

Array Members: Minimum number of 0 items. Maximum number of 5 items.

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: ^sg-(([0-9a-z]{8})|([0-9a-z]{17}))$

Required: No

serviceNetworkIdentifier

The ID or Amazon Resource Name (ARN) of the service network. You must use the ARN when the resources specified in the operation are in different accounts.

Type: String

Length Constraints: Minimum length of 3. Maximum length of 2048.

Pattern: ^((sn-[0-9a-z]{17})|(arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetwork/sn-[0-9a-z]{17}))$

Required: Yes

tags

The tags for the association.

Type: String to string map

Map Entries: Minimum number of 0 items. Maximum number of 200 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Required: No

vpcIdentifier

The ID of the VPC.

Type: String

Length Constraints: Minimum length of 5. Maximum length of 50.

Pattern: ^vpc-(([0-9a-z]{8})|([0-9a-z]{17}))$

Required: Yes

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "arn": "string",
   "createdBy": "string",
   "id": "string",
   "securityGroupIds": [ "string" ],
   "status": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

arn

The Amazon Resource Name (ARN) of the association.

Type: String

Length Constraints: Minimum length of 20. Maximum length of 2048.

Pattern: ^arn:[a-z0-9\-]+:vpc-lattice:[a-zA-Z0-9\-]+:\d{12}:servicenetworkvpcassociation/snva-[0-9a-z]{17}$

createdBy

The account that created the association.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 12.

Pattern: ^[0-9]{12}$

id

The ID of the association.

Type: String

Length Constraints: Fixed length of 22.

Pattern: ^snva-[0-9a-z]{17}$

securityGroupIds

The IDs of the security groups.

Type: Array of strings

Length Constraints: Minimum length of 5. Maximum length of 200.

Pattern: ^sg-(([0-9a-z]{8})|([0-9a-z]{17}))$

status

The association status.

Type: String

Valid Values: CREATE_IN_PROGRESS | ACTIVE | UPDATE_IN_PROGRESS | DELETE_IN_PROGRESS | CREATE_FAILED | DELETE_FAILED | UPDATE_FAILED

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

The user does not have sufficient access to perform this action.

HTTP Status Code: 403

ConflictException

The request conflicts with the current state of the resource. Updating or deleting a resource can cause an inconsistent state.

HTTP Status Code: 409

InternalServerException

An unexpected error occurred while processing the request.

HTTP Status Code: 500

ResourceNotFoundException

The request references a resource that does not exist.

HTTP Status Code: 404

ServiceQuotaExceededException

The request would cause a service quota to be exceeded.

HTTP Status Code: 402

ThrottlingException

The limit on the number of requests per second was exceeded.

HTTP Status Code: 429

ValidationException

The input does not satisfy the constraints specified by an AWS service.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: