Skip to content

/AWS1/CL_EC2VPCBLOCKPUBACCOPTS

VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see Block public access to VPCs and subnets in the Amazon VPC User Guide.

CONSTRUCTOR

IMPORTING

Optional arguments:

iv_awsaccountid TYPE /AWS1/EC2STRING /AWS1/EC2STRING

An Amazon Web Services account ID.

iv_awsregion TYPE /AWS1/EC2STRING /AWS1/EC2STRING

An Amazon Web Services Region.

iv_state TYPE /AWS1/EC2VPCBLOCKPUBACCSTATE /AWS1/EC2VPCBLOCKPUBACCSTATE

The current state of VPC BPA.

iv_internetgatewayblockmode TYPE /AWS1/EC2INTERNETGWBLOCKMODE /AWS1/EC2INTERNETGWBLOCKMODE

The current mode of VPC BPA.

  • off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.

  • block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).

  • block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.

iv_reason TYPE /AWS1/EC2STRING /AWS1/EC2STRING

The reason for the current state.

iv_lastupdatetimestamp TYPE /AWS1/EC2MILLISECONDDATETIME /AWS1/EC2MILLISECONDDATETIME

The last time the VPC BPA mode was updated.

iv_managedby TYPE /AWS1/EC2MANAGEDBY /AWS1/EC2MANAGEDBY

The entity that manages the state of VPC BPA. Possible values include:

  • account - The state is managed by the account.

  • declarative-policy - The state is managed by a declarative policy and can't be modified by the account.

iv_exclusionsallowed TYPE /AWS1/EC2VPCBLKPUBACCEXCLUSI02 /AWS1/EC2VPCBLKPUBACCEXCLUSI02

Determines if exclusions are allowed. If you have enabled VPC BPA at the Organization level, exclusions may be not-allowed. Otherwise, they are allowed.

Queryable Attributes

AwsAccountId

An Amazon Web Services account ID.

Accessible with the following methods

Method Description
GET_AWSACCOUNTID() Getter for AWSACCOUNTID, with configurable default
ASK_AWSACCOUNTID() Getter for AWSACCOUNTID w/ exceptions if field has no value
HAS_AWSACCOUNTID() Determine if AWSACCOUNTID has a value

AwsRegion

An Amazon Web Services Region.

Accessible with the following methods

Method Description
GET_AWSREGION() Getter for AWSREGION, with configurable default
ASK_AWSREGION() Getter for AWSREGION w/ exceptions if field has no value
HAS_AWSREGION() Determine if AWSREGION has a value

State

The current state of VPC BPA.

Accessible with the following methods

Method Description
GET_STATE() Getter for STATE, with configurable default
ASK_STATE() Getter for STATE w/ exceptions if field has no value
HAS_STATE() Determine if STATE has a value

InternetGatewayBlockMode

The current mode of VPC BPA.

  • off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.

  • block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).

  • block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.

Accessible with the following methods

Method Description
GET_INTERNETGATEWAYBLOCKMODE() Getter for INTERNETGATEWAYBLOCKMODE, with configurable defau
ASK_INTERNETGATEWAYBLOCKMODE() Getter for INTERNETGATEWAYBLOCKMODE w/ exceptions if field h
HAS_INTERNETGATEWAYBLOCKMODE() Determine if INTERNETGATEWAYBLOCKMODE has a value

Reason

The reason for the current state.

Accessible with the following methods

Method Description
GET_REASON() Getter for REASON, with configurable default
ASK_REASON() Getter for REASON w/ exceptions if field has no value
HAS_REASON() Determine if REASON has a value

LastUpdateTimestamp

The last time the VPC BPA mode was updated.

Accessible with the following methods

Method Description
GET_LASTUPDATETIMESTAMP() Getter for LASTUPDATETIMESTAMP, with configurable default
ASK_LASTUPDATETIMESTAMP() Getter for LASTUPDATETIMESTAMP w/ exceptions if field has no
HAS_LASTUPDATETIMESTAMP() Determine if LASTUPDATETIMESTAMP has a value

ManagedBy

The entity that manages the state of VPC BPA. Possible values include:

  • account - The state is managed by the account.

  • declarative-policy - The state is managed by a declarative policy and can't be modified by the account.

Accessible with the following methods

Method Description
GET_MANAGEDBY() Getter for MANAGEDBY, with configurable default
ASK_MANAGEDBY() Getter for MANAGEDBY w/ exceptions if field has no value
HAS_MANAGEDBY() Determine if MANAGEDBY has a value

ExclusionsAllowed

Determines if exclusions are allowed. If you have enabled VPC BPA at the Organization level, exclusions may be not-allowed. Otherwise, they are allowed.

Accessible with the following methods

Method Description
GET_EXCLUSIONSALLOWED() Getter for EXCLUSIONSALLOWED, with configurable default
ASK_EXCLUSIONSALLOWED() Getter for EXCLUSIONSALLOWED w/ exceptions if field has no v
HAS_EXCLUSIONSALLOWED() Determine if EXCLUSIONSALLOWED has a value