VPC Lattice examples using AWS CLI
The following code examples show you how to perform actions and implement common scenarios by using the AWS Command Line Interface with VPC Lattice.
Actions are code excerpts from larger programs and must be run in context. While actions show you how to call individual service functions, you can see actions in context in their related scenarios.
Each example includes a link to the complete source code, where you can find instructions on how to set up and run the code in context.
Topics
Actions
The following code example shows how to use create-listener
.
- AWS CLI
-
To create a listener
The following
create-listener
example creates an HTTPS listener with a default rule that forwards traffic to the specified VPC Lattice target group.aws vpc-lattice create-listener \ --name
my-service-listener
\ --protocolHTTPS
\ --port443
\ --service-identifiersvc-0285b53b2eEXAMPLE
\ --default-actionfile://listener-config.json
Contents of
listener-config.json
:{ "forward": { "targetGroups": [ { "targetGroupIdentifier": "tg-0eaa4b9ab4EXAMPLE" } ] } }
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE/listener/listener-07cc7fb0abEXAMPLE", "defaultAction": { "forward": { "targetGroups": [ { "targetGroupIdentifier": "tg-0eaa4b9ab4EXAMPLE", "weight": 100 } ] } }, "id": "listener-07cc7fb0abEXAMPLE", "name": "my-service-listener", "port": 443, "protocol": "HTTPS", "serviceArn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE", "serviceId": "svc-0285b53b2eEXAMPLE" }
For more information, see Listeners in the Amazon VPC Lattice User Guide.
-
For API details, see CreateListener
in AWS CLI Command Reference.
-
The following code example shows how to use create-service-network-service-association
.
- AWS CLI
-
To create a service association
The following
create-service-network-service-association
example associates the specified service with the specified service network.aws vpc-lattice create-service-network-service-association \ --service-identifier
svc-0285b53b2eEXAMPLE
\ --service-network-identifiersn-080ec7dc93EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetworkserviceassociation/snsa-0e16955a8cEXAMPLE", "createdBy": "123456789012", "dnsEntry": { "domainName": "my-lattice-service-0285b53b2eEXAMPLE.7d67968.vpc-lattice-svcs.us-east-2.on.aws", "hostedZoneId": "Z09127221KTH2CEXAMPLE" }, "id": "snsa-0e16955a8cEXAMPLE", "status": "CREATE_IN_PROGRESS" }
For more information, see Manage service associations in the Amazon VPC Lattice User Guide.
-
For API details, see CreateServiceNetworkServiceAssociation
in AWS CLI Command Reference.
-
The following code example shows how to use create-service-network-vpc-association
.
- AWS CLI
-
To create a VPC association
The following
create-service-network-vpc-association
example associates the specified vpc with the specified service network. The specified security group controls which resources in the VPC can access the service network and its services.aws vpc-lattice create-service-network-vpc-association \ --vpc-identifier
vpc-0a1b2c3d4eEXAMPLE
\ --service-network-identifiersn-080ec7dc93EXAMPLE
\ --security-group-idssg-0aee16bc6cEXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetworkvpcassociation/snva-0821fc8631EXAMPLE", "createdBy": "123456789012", "id": "snva-0821fc8631EXAMPLE", "securityGroupIds": [ "sg-0aee16bc6cEXAMPLE" ], "status": "CREATE_IN_PROGRESS" }
For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.
-
For API details, see CreateServiceNetworkVpcAssociation
in AWS CLI Command Reference.
-
The following code example shows how to use create-service-network
.
- AWS CLI
-
To create a service network
The following
create-service-network
example creates a service network with the specified name.aws vpc-lattice create-service-network \ --name
my-service-network
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetwork/sn-080ec7dc93EXAMPLE", "authType": "NONE", "id": "sn-080ec7dc93EXAMPLE", "name": "my-service-network" }
For more information, see Service networks in the Amazon VPC Lattice User Guide.
-
For API details, see CreateServiceNetwork
in AWS CLI Command Reference.
-
The following code example shows how to use create-service
.
- AWS CLI
-
To create a service
The following
create-service
example creates a service with the specified name.aws vpc-lattice create-service \ --name
my-lattice-service
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE", "authType": "NONE", "dnsEntry": { "domainName": "my-lattice-service-0285b53b2eEXAMPLE.1a2b3c4.vpc-lattice-svcs.us-east-2.on.aws", "hostedZoneId": "Z09127221KTH2CEXAMPLE" }, "id": "svc-0285b53b2eEXAMPLE", "name": "my-lattice-service", "status": "CREATE_IN_PROGRESS" }
For more information, see Services in VPC Lattice in the Amazon VPC Lattice User Guide.
-
For API details, see CreateService
in AWS CLI Command Reference.
-
The following code example shows how to use create-target-group
.
- AWS CLI
-
Example 1: To create a target group of type INSTANCE
The following
create-target-group
example creates a target group with the specified name, type, and configuration.aws vpc-lattice create-target-group \ --name
my-lattice-target-group-instance
\ --typeINSTANCE
\ --configfile://tg-config.json
Contents of
tg-config.json
:{ "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-0eaa4b9ab4EXAMPLE", "config": { "healthCheck": { "enabled": true, "healthCheckIntervalSeconds": 30, "healthCheckTimeoutSeconds": 5, "healthyThresholdCount": 5, "matcher": { "httpCode": "200" }, "path": "/", "protocol": "HTTPS", "protocolVersion": "HTTP1", "unhealthyThresholdCount": 2 }, "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }, "id": "tg-0eaa4b9ab4EXAMPLE", "name": "my-lattice-target-group-instance", "status": "CREATE_IN_PROGRESS", "type": "INSTANCE" }
Example 2: To create a target group of type IP
The following
create-target-group
example creates a target group with the specified name, type, and configuration.aws vpc-lattice create-target-group \ --name
my-lattice-target-group-ip
\ --typeIP
\ --configfile://tg-config.json
Contents of
tg-config.json
:{ "ipAddressType": "IPV4", "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-0eaa4b9ab4EXAMPLE", "config": { "healthCheck": { "enabled": true, "healthCheckIntervalSeconds": 30, "healthCheckTimeoutSeconds": 5, "healthyThresholdCount": 5, "matcher": { "httpCode": "200" }, "path": "/", "protocol": "HTTPS", "protocolVersion": "HTTP1", "unhealthyThresholdCount": 2 }, "ipAddressType": "IPV4", "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }, "id": "tg-0eaa4b9ab4EXAMPLE", "name": "my-lattice-target-group-ip", "status": "CREATE_IN_PROGRESS", "type": "IP" }
Example 3: To create a target group of type LAMBDA
The following
create-target-group
example creates a target group with the specified name, type, and configuration.aws vpc-lattice create-target-group \ --name
my-lattice-target-group-lambda
\ --typeLAMBDA
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-0eaa4b9ab4EXAMPLE", "id": "tg-0eaa4b9ab4EXAMPLE", "name": "my-lattice-target-group-lambda", "status": "CREATE_IN_PROGRESS", "type": "LAMBDA" }
Example 4: To create a target group of type ALB
The following
create-target-group
example creates a target group with the specified name, type, and configuration.aws vpc-lattice create-target-group \ --name
my-lattice-target-group-alb
\ --typeALB
\ --configfile://tg-config.json
Contents of
tg-config.json
:{ "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-0eaa4b9ab4EXAMPLE", "config": { "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }, "id": "tg-0eaa4b9ab4EXAMPLE", "name": "my-lattice-target-group-alb", "status": "CREATE_IN_PROGRESS", "type": "ALB" }
For more information, see Target groups in the Amazon VPC Lattice User Guide.
-
For API details, see CreateTargetGroup
in AWS CLI Command Reference.
-
The following code example shows how to use delete-auth-policy
.
- AWS CLI
-
To delete an auth policy
The following
delete-auth-policy
example deletes the auth policy for the specified service.aws vpc-lattice delete-auth-policy \ --resource-identifier
svc-0285b53b2eEXAMPLE
This command produces no output.
For more information, see Auth policies in the Amazon VPC Lattice User Guide.
-
For API details, see DeleteAuthPolicy
in AWS CLI Command Reference.
-
The following code example shows how to use delete-listener
.
- AWS CLI
-
To delete a listener
The following
delete-listener
example deletes the specified listener.aws vpc-lattice delete-listener \ --listener-identifier
listener-07cc7fb0abEXAMPLE
\ --service-identifiersvc-0285b53b2eEXAMPLE
This command produces no output.
For more information, see Listeners in the Amazon VPC Lattice User Guide.
-
For API details, see DeleteListener
in AWS CLI Command Reference.
-
The following code example shows how to use delete-service-network-service-association
.
- AWS CLI
-
To delete a service association
The following
delete-service-network-service-association
example disassociates the specified service association.aws vpc-lattice delete-service-network-service-association \ --service-network-service-association-identifier
snsa-031fabb4d8EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetworkserviceassociation/snsa-031fabb4d8EXAMPLE", "id": "snsa-031fabb4d8EXAMPLE", "status": "DELETE_IN_PROGRESS" }
For more information, see Manage service associations in the Amazon VPC Lattice User Guide.
-
For API details, see DeleteServiceNetworkServiceAssociation
in AWS CLI Command Reference.
-
The following code example shows how to use delete-service-network-vpc-association
.
- AWS CLI
-
To delete a VPC association
The following
delete-service-network-vpc-association
example disassociates the specified VPC association.aws vpc-lattice delete-service-network-vpc-association \ --service-network-vpc-association-identifier
snva-0821fc8631EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetworkvpcassociation/snva-0821fc8631EXAMPLE", "id": "snva-0821fc8631EXAMPLE", "status": "DELETE_IN_PROGRESS" }
For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.
-
For API details, see DeleteServiceNetworkVpcAssociation
in AWS CLI Command Reference.
-
The following code example shows how to use delete-service-network
.
- AWS CLI
-
To delete a service network
The following
delete-service-network
example deletes the specified service network.aws vpc-lattice delete-service-network \ --service-network-identifier
sn-080ec7dc93EXAMPLE
This command produces no output.
For more information, see Service networks in the Amazon VPC Lattice User Guide.
-
For API details, see DeleteServiceNetwork
in AWS CLI Command Reference.
-
The following code example shows how to use delete-service
.
- AWS CLI
-
To delete a service
The following
delete-service
example deletes the specified service.aws vpc-lattice delete-service \ --service-identifier
svc-0285b53b2eEXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-west-2:123456789012:service/svc-0285b53b2eEXAMPLE", "id": "svc-0285b53b2eEXAMPLE", "name": "my-lattice-service", "status": "DELETE_IN_PROGRESS" }
For more information, see Services in VPC Lattice in the Amazon VPC Lattice User Guide.
-
For API details, see DeleteService
in AWS CLI Command Reference.
-
The following code example shows how to use delete-target-group
.
- AWS CLI
-
To delete a target group
The following
delete-target-group
example deletes the specified target group.aws vpc-lattice delete-target-group \ --target-group-identifier
tg-0eaa4b9ab4EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-0eaa4b9ab4EXAMPLE", "id": "tg-0eaa4b9ab4EXAMPLE", "status": "DELETE_IN_PROGRESS" }
For more information, see Target groups in the Amazon VPC Lattice User Guide.
-
For API details, see DeleteTargetGroup
in AWS CLI Command Reference.
-
The following code example shows how to use deregister-targets
.
- AWS CLI
-
To deregister a target
The following
deregister-targets
example deregisters the specified target from the specified target group.aws vpc-lattice deregister-targets \ --targets
i-07dd579bc5EXAMPLE
\ --target-group-identifiertg-0eaa4b9ab4EXAMPLE
Output:
{ "successful": [ { "id": "i-07dd579bc5EXAMPLE", "port": 443 } ], "unsuccessful": [] }
For more information, see Register targets in the Amazon VPC Lattice User Guide.
-
For API details, see DeregisterTargets
in AWS CLI Command Reference.
-
The following code example shows how to use get-auth-policy
.
- AWS CLI
-
To get information about an auth policy
The following
get-auth-policy
example gets information about the auth policy for the specified service.aws vpc-lattice get-auth-policy \ --resource-identifier
svc-0285b53b2eEXAMPLE
Output:
{ "createdAt": "2023-06-07T03:51:20.266Z", "lastUpdatedAt": "2023-06-07T04:39:27.082Z", "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:role/my-clients\"},\"Action\":\"vpc-lattice-svcs:Invoke\",\"Resource\":\"arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE\"}]}", "state": "Active" }
For more information, see Auth policies in the Amazon VPC Lattice User Guide.
-
For API details, see GetAuthPolicy
in AWS CLI Command Reference.
-
The following code example shows how to use get-listener
.
- AWS CLI
-
To get information about a service listener
The following
get-listener
example gets information about the specified listener for the specified service.aws vpc-lattice get-listener \ --listener-identifier
listener-0ccf55918cEXAMPLE
\ --service-identifiersvc-0285b53b2eEXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE/listener/listener-0ccf55918cEXAMPLE", "createdAt": "2023-05-07T05:08:45.192Z", "defaultAction": { "forward": { "targetGroups": [ { "targetGroupIdentifier": "tg-0ff213abb6EXAMPLE", "weight": 1 } ] } }, "id": "listener-0ccf55918cEXAMPLE", "lastUpdatedAt": "2023-05-07T05:08:45.192Z", "name": "http-80", "port": 80, "protocol": "HTTP", "serviceArn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE", "serviceId": "svc-0285b53b2eEXAMPLE" }
For more information, see Define routing in the Amazon VPC Lattice User Guide.
-
For API details, see GetListener
in AWS CLI Command Reference.
-
The following code example shows how to use get-service-network-service-association
.
- AWS CLI
-
To get information about a service association
The following
get-service-network-service-association
example gets information about the specified service association.aws vpc-lattice get-service-network-service-association \ --service-network-service-association-identifier
snsa-031fabb4d8EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetworkserviceassociation/snsa-031fabb4d8EXAMPLE", "createdAt": "2023-05-05T21:48:16.076Z", "createdBy": "123456789012", "dnsEntry": { "domainName": "my-lattice-service-0285b53b2eEXAMPLE.7d67968.vpc-lattice-svcs.us-east-2.on.aws", "hostedZoneId": "Z09127221KTH2CEXAMPLE" }, "id": "snsa-031fabb4d8EXAMPLE", "serviceArn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE", "serviceId": "svc-0285b53b2eEXAMPLE", "serviceName": "my-lattice-service", "serviceNetworkArn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetwork/sn-080ec7dc93EXAMPLE", "serviceNetworkId": "sn-080ec7dc93EXAMPLE", "serviceNetworkName": "my-service-network", "status": "ACTIVE" }
For more information, see Manage service associations in the Amazon VPC Lattice User Guide.
-
For API details, see GetServiceNetworkServiceAssociation
in AWS CLI Command Reference.
-
The following code example shows how to use get-service-network-vpc-association
.
- AWS CLI
-
To get information about a VPC association
The following
get-service-network-vpc-association
example gets information about the specified VPC association.aws vpc-lattice get-service-network-vpc-association \ --service-network-vpc-association-identifier
snva-0821fc8631EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetworkvpcassociation/snva-0821fc8631EXAMPLE", "createdAt": "2023-06-06T23:41:08.421Z", "createdBy": "123456789012", "id": "snva-0c5dcb60d6EXAMPLE", "lastUpdatedAt": "2023-06-06T23:41:08.421Z", "securityGroupIds": [ "sg-0aee16bc6cEXAMPLE" ], "serviceNetworkArn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetwork/sn-080ec7dc93EXAMPLE", "serviceNetworkId": "sn-080ec7dc93EXAMPLE", "serviceNetworkName": "my-service-network", "status": "ACTIVE", "vpcId": "vpc-0a1b2c3d4eEXAMPLE" }
For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.
-
For API details, see GetServiceNetworkVpcAssociation
in AWS CLI Command Reference.
-
The following code example shows how to use get-service-network
.
- AWS CLI
-
To get information about a service network
The following
get-service-network
example gets information about the specified service network.aws vpc-lattice get-service-network \ --service-network-identifier
sn-080ec7dc93EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetwork/sn-080ec7dc93EXAMPLE", "authType": "AWS_IAM", "createdAt": "2023-05-05T15:26:08.417Z", "id": "sn-080ec7dc93EXAMPLE", "lastUpdatedAt": "2023-05-05T15:26:08.417Z", "name": "my-service-network", "numberOfAssociatedServices": 2, "numberOfAssociatedVPCs": 3 }
For more information, see Service networks in the Amazon VPC Lattice User Guide.
-
For API details, see GetServiceNetwork
in AWS CLI Command Reference.
-
The following code example shows how to use get-service
.
- AWS CLI
-
To get information about a service
The following
get-service
example gets information about the specified service.aws vpc-lattice get-service \ --service-identifier
svc-0285b53b2eEXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE", "authType": "AWS_IAM", "createdAt": "2023-05-05T21:35:29.339Z", "dnsEntry": { "domainName": "my-lattice-service-0285b53b2eEXAMPLE.7d67968.vpc-lattice-svcs.us-east-2.on.aws", "hostedZoneId": "Z09127221KTH2CFUOHIZH" }, "id": "svc-0285b53b2eEXAMPLE", "lastUpdatedAt": "2023-05-05T21:35:29.339Z", "name": "my-lattice-service", "status": "ACTIVE" }
For more information, see Services in the Amazon VPC Lattice User Guide.
-
For API details, see GetService
in AWS CLI Command Reference.
-
The following code example shows how to use get-target-group
.
- AWS CLI
-
To get information about a target group
The following
get-target-group
example gets information about the specified target group, which has a target type ofINSTANCE
.aws vpc-lattice get-target-group \ --target-group-identifier
tg-0eaa4b9ab4EXAMPLE
Output:
{ "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-0eaa4b9ab4EXAMPLE", "config": { "healthCheck": { "enabled": true, "healthCheckIntervalSeconds": 30, "healthCheckTimeoutSeconds": 5, "healthyThresholdCount": 5, "matcher": { "httpCode": "200" }, "path": "/", "protocol": "HTTPS", "protocolVersion": "HTTP1", "unhealthyThresholdCount": 2 }, "port": 443, "protocol": "HTTPS", "protocolVersion": "HTTP1", "vpcIdentifier": "vpc-f1663d9868EXAMPLE" }, "createdAt": "2023-05-06T04:41:04.122Z", "id": "tg-0eaa4b9ab4EXAMPLE", "lastUpdatedAt": "2023-05-06T04:41:04.122Z", "name": "my-target-group", "serviceArns": [ "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE" ], "status": "ACTIVE", "type": "INSTANCE" }
For more information, see Target groups in the Amazon VPC Lattice User Guide.
-
For API details, see GetTargetGroup
in AWS CLI Command Reference.
-
The following code example shows how to use list-listeners
.
- AWS CLI
-
To list service listeners
The following
list-listeners
example lists the listeners for the specified service.aws vpc-lattice list-listeners \ --service-identifier
svc-0285b53b2eEXAMPLE
Output:
{ "items": [ { "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE/listener/listener-0ccf55918cEXAMPLE", "createdAt": "2023-05-07T05:08:45.192Z", "id": "listener-0ccf55918cEXAMPLE", "lastUpdatedAt": "2023-05-07T05:08:45.192Z", "name": "http-80", "port": 80, "protocol": "HTTP" } ] }
For more information, see Define routing in the Amazon VPC Lattice User Guide.
-
For API details, see ListListeners
in AWS CLI Command Reference.
-
The following code example shows how to use list-service-network-service-associations
.
- AWS CLI
-
To list service associations
The following
list-service-network-service-associations
example lists the service associations for the specified service network. The--query
option scopes the output to the IDs of the service associations.aws vpc-lattice list-service-network-service-associations \ --service-network-identifier
sn-080ec7dc93EXAMPLE
\ --queryitems[*].id
Output:
[ "snsa-031fabb4d8EXAMPLE", "snsa-0e16955a8cEXAMPLE" ]
For more information, see Manage service associations in the Amazon VPC Lattice User Guide.
-
For API details, see ListServiceNetworkServiceAssociations
in AWS CLI Command Reference.
-
The following code example shows how to use list-service-network-vpc-associations
.
- AWS CLI
-
To list VPC associations
The following
list-service-network-vpc-associations
example lists the VPC associations for the specified service network. The--query
option scopes the output to the IDs of the VPC associations.aws vpc-lattice list-service-network-vpc-associations \ --service-network-identifier
sn-080ec7dc93EXAMPLE
\ --queryitems[*].id
Output:
[ "snva-0821fc8631EXAMPLE", "snva-0c5dcb60d6EXAMPLE" ]
For more information, see Manage VPC associations in the Amazon VPC Lattice User Guide.
-
For API details, see ListServiceNetworkVpcAssociations
in AWS CLI Command Reference.
-
The following code example shows how to use list-service-networks
.
- AWS CLI
-
To list your service networks
The following
list-service-networks
example lists the service networks owned or shared with the calling account. The--query
option scopes the results to the Amazon Resource Names (ARN) of the service networks.aws vpc-lattice list-service-networks \ --query
items[*].arn
Output:
[ "arn:aws:vpc-lattice:us-east-2:123456789012:servicenetwork/sn-080ec7dc93EXAMPLE", "arn:aws:vpc-lattice:us-east-2:111122223333:servicenetwork/sn-0ec4d436cfEXAMPLE" ]
For more information, see Service networks in the Amazon VPC Lattice User Guide.
-
For API details, see ListServiceNetworks
in AWS CLI Command Reference.
-
The following code example shows how to use list-services
.
- AWS CLI
-
To list your services
The following
list-services
example lists the servies owned or shared with the calling account. The--query
option scopes the results to the Amazon Resource Names (ARN) of the services.aws vpc-lattice list-services \ --query
items[*].arn
Output:
[ "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE", "arn:aws:vpc-lattice:us-east-2:111122223333:service/svc-0b8ac96550EXAMPLE" ]
For more information, see Services in the Amazon VPC Lattice User Guide.
-
For API details, see ListServices
in AWS CLI Command Reference.
-
The following code example shows how to use list-target-groups
.
- AWS CLI
-
To list your target groups
The following
list-target-groups
example lists the target groups with a target type ofLAMBDA
.aws vpc-lattice list-target-groups \ --target-group-type
LAMBDA
Output:
{ "items": [ { "arn": "arn:aws:vpc-lattice:us-east-2:123456789012:targetgroup/tg-045c1b7d9dEXAMPLE", "createdAt": "2023-05-06T05:22:16.637Z", "id": "tg-045c1b7d9dEXAMPLE", "lastUpdatedAt": "2023-05-06T05:22:16.637Z", "name": "my-target-group-lam", "serviceArns": [ "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE" ], "status": "ACTIVE", "type": "LAMBDA" } ] }
For more information, see Target groups in the Amazon VPC Lattice User Guide.
-
For API details, see ListTargetGroups
in AWS CLI Command Reference.
-
The following code example shows how to use list-targets
.
- AWS CLI
-
To list the targets for a target group
The following
list-targets
example lists the targets for the specified target group.aws vpc-lattice list-targets \ --target-group-identifier
tg-0eaa4b9ab4EXAMPLE
Output:
{ "items": [ { "id": "i-07dd579bc5EXAMPLE", "port": 443, "status": "HEALTHY" }, { "id": "i-047b3c9078EXAMPLE", "port": 443, "reasonCode": "HealthCheckFailed", "status": "UNHEALTHY" } ] }
For more information, see Target groups in the Amazon VPC Lattice User Guide.
-
For API details, see ListTargets
in AWS CLI Command Reference.
-
The following code example shows how to use put-auth-policy
.
- AWS CLI
-
To create an auth policy for a service
The following
put-auth-policy
example grants access to requests from any authenticated principal that uses the specified IAM role. The resource is the ARN of the service to which the policy is attached.aws vpc-lattice put-auth-policy \ --resource-identifier
svc-0285b53b2eEXAMPLE
\ --policyfile://auth-policy.json
Contents of
auth-policy.json
:{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::123456789012:role/my-clients" }, "Action": "vpc-lattice-svcs:Invoke", "Resource": "arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE" } ] }
Output:
{ "policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::123456789012:role/my-clients\"},\"Action\":\"vpc-lattice-svcs:Invoke\",\"Resource\":\"arn:aws:vpc-lattice:us-east-2:123456789012:service/svc-0285b53b2eEXAMPLE\"}]}", "state": "Active" }
For more information, see Auth policies in the Amazon VPC Lattice User Guide.
-
For API details, see PutAuthPolicy
in AWS CLI Command Reference.
-
The following code example shows how to use register-targets
.
- AWS CLI
-
To register a target
The following
register-targets
example registers the specified targets with the specified target group.aws vpc-lattice register-targets \ --targets
id=i-047b3c9078EXAMPLE
id=i-07dd579bc5EXAMPLE
\ --target-group-identifiertg-0eaa4b9ab4EXAMPLE
Output:
{ "successful": [ { "id": "i-07dd579bc5EXAMPLE", "port": 443 } ], "unsuccessful": [ { "failureCode": "UnsupportedTarget", "failureMessage": "Instance targets must be in the same VPC as their target group", "id": "i-047b3c9078EXAMPLE", "port": 443 } ] }
For more information, see Register targets in the Amazon VPC Lattice User Guide.
-
For API details, see RegisterTargets
in AWS CLI Command Reference.
-