def set_alarm_state(self, alarm_name, state_reason, state_value, state_reason_data=None): """ Temporarily sets the state of an alarm. When the updated StateValue differs from the previous value, the action configured for the appropriate state is invoked. This is not a permanent change. The next periodic alarm check (in about a minute) will set the alarm to its actual state. :type alarm_name: string :param alarm_name: Descriptive name for alarm. :type state_reason: string :param state_reason: Human readable reason. :type state_value: string :param state_value: OK | ALARM | INSUFFICIENT_DATA :type state_reason_data: string :param state_reason_data: Reason string (will be jsonified). """ params = { 'AlarmName': alarm_name, 'StateReason': state_reason, 'StateValue': state_value } if state_reason_data: params['StateReasonData'] = json.dumps(state_reason_data) return self.get_status('SetAlarmState', params)
def refresh_trusted_advisor_check(self, check_id): """ Requests a refresh of the Trusted Advisor check that has the specified check ID. Check IDs can be obtained by calling DescribeTrustedAdvisorChecks. The response contains a RefreshTrustedAdvisorCheckResult object, which contains these fields: + **Status.** The refresh status of the check: "none", "enqueued", "processing", "success", or "abandoned". + **MillisUntilNextRefreshable.** The amount of time, in milliseconds, until the check is eligible for refresh. + **CheckId.** The unique identifier for the check. :type check_id: string :param check_id: The unique identifier for the Trusted Advisor check. """ params = { 'checkId': check_id, } return self.make_request(action='RefreshTrustedAdvisorCheck', body=json.dumps(params))
def delete_stream(self, stream_name): """ Deletes a stream and all its shards and data. You must shut down any applications that are operating on the stream before you delete the stream. If an application attempts to operate on a deleted stream, it will receive the exception `ResourceNotFoundException`. If the stream is in the `ACTIVE` state, you can delete it. After a `DeleteStream` request, the specified stream is in the `DELETING` state until Amazon Kinesis completes the deletion. **Note:** Amazon Kinesis might continue to accept data read and write operations, such as PutRecord, PutRecords, and GetRecords, on a stream in the `DELETING` state until the stream deletion is complete. When you delete a stream, any shards in that stream are also deleted, and any tags are dissociated from the stream. You can use the DescribeStream operation to check the state of the stream, which is returned in `StreamStatus`. `DeleteStream` has a limit of 5 transactions per second per account. :type stream_name: string :param stream_name: The name of the stream to delete. """ params = { 'StreamName': stream_name, } return self.make_request(action='DeleteStream', body=json.dumps(params))
def set_status(self, object_ids, status, pipeline_id): """ Requests that the status of an array of physical or logical pipeline objects be updated in the pipeline. This update may not occur immediately, but is eventually consistent. The status that can be set depends on the type of object. :type pipeline_id: string :param pipeline_id: Identifies the pipeline that contains the objects. :type object_ids: list :param object_ids: Identifies an array of objects. The corresponding objects can be either physical or components, but not a mix of both types. :type status: string :param status: Specifies the status to be set on all the objects in `objectIds`. For components, this can be either `PAUSE` or `RESUME`. For instances, this can be either `CANCEL`, `RERUN`, or `MARK_FINISHED`. """ params = { 'pipelineId': pipeline_id, 'objectIds': object_ids, 'status': status, } return self.make_request(action='SetStatus', body=json.dumps(params))
def describe_services(self, service_code_list=None, language=None): """ Returns the current list of AWS services and a list of service categories that applies to each one. You then use service names and categories in your CreateCase requests. Each AWS service has its own set of categories. The service codes and category codes correspond to the values that are displayed in the **Service** and **Category** drop- down lists on the AWS Support Center `Open a new case`_ page. The values in those fields, however, do not necessarily match the service codes and categories returned by the `DescribeServices` request. Always use the service codes and categories obtained programmatically. This practice ensures that you always have the most recent set of service and category codes. :type service_code_list: list :param service_code_list: A JSON-formatted list of service codes available for AWS services. :type language: string :param language: The ISO 639-1 code for the language in which AWS provides support. AWS Support currently supports English ("en") and Japanese ("ja"). Language parameters must be passed explicitly for operations that take them. """ params = {} if service_code_list is not None: params['serviceCodeList'] = service_code_list if language is not None: params['language'] = language return self.make_request(action='DescribeServices', body=json.dumps(params))
def set_identity_pool_configuration(self, identity_pool_id, push_sync=None): """ Sets the necessary configuration for push sync. :type identity_pool_id: string :param identity_pool_id: A name-spaced GUID (for example, us- east-1:23EC4050-6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. This is the ID of the pool to modify. :type push_sync: dict :param push_sync: Configuration options to be applied to the identity pool. """ uri = '/identitypools/{0}/configuration'.format(identity_pool_id) params = {} headers = {} query_params = {} if push_sync is not None: params['PushSync'] = push_sync return self.make_request('POST', uri, expected_status=200, data=json.dumps(params), headers=headers, params=query_params)
def describe_pipelines(self, pipeline_ids): """ Retrieve metadata about one or more pipelines. The information retrieved includes the name of the pipeline, the pipeline identifier, its current state, and the user account that owns the pipeline. Using account credentials, you can retrieve metadata about pipelines that you or your IAM users have created. If you are using an IAM user account, you can retrieve metadata about only those pipelines you have read permission for. To retrieve the full pipeline definition instead of metadata about the pipeline, call the GetPipelineDefinition action. :type pipeline_ids: list :param pipeline_ids: Identifiers of the pipelines to describe. You can pass as many as 25 identifiers in a single call to DescribePipelines. You can obtain pipeline identifiers by calling ListPipelines. """ params = { 'pipelineIds': pipeline_ids, } return self.make_request(action='DescribePipelines', body=json.dumps(params))
def create_log_group(self, log_group_name): """ Creates a new log group with the specified name. The name of the log group must be unique within a region for an AWS account. You can create up to 100 log groups per account. You must use the following guidelines when naming a log group: + Log group names can be between 1 and 512 characters long. + Allowed characters are az, AZ, 09, '_' (underscore), '-' (hyphen), '/' (forward slash), and '.' (period). Log groups are created with a default retention of 14 days. The retention attribute allow you to configure the number of days you want to retain log events in the specified log group. See the `SetRetention` operation on how to modify the retention of your log groups. :type log_group_name: string :param log_group_name: """ params = { 'logGroupName': log_group_name, } return self.make_request(action='CreateLogGroup', body=json.dumps(params))
def create_log_stream(self, log_group_name, log_stream_name): """ Creates a new log stream in the specified log group. The name of the log stream must be unique within the log group. There is no limit on the number of log streams that can exist in a log group. You must use the following guidelines when naming a log stream: + Log stream names can be between 1 and 512 characters long. + The ':' colon character is not allowed. :type log_group_name: string :param log_group_name: :type log_stream_name: string :param log_stream_name: """ params = { 'logGroupName': log_group_name, 'logStreamName': log_stream_name, } return self.make_request(action='CreateLogStream', body=json.dumps(params))
def create_private_virtual_interface(self, connection_id, new_private_virtual_interface): """ Creates a new private virtual interface. A virtual interface is the VLAN that transports AWS Direct Connect traffic. A private virtual interface supports sending traffic to a single virtual private cloud (VPC). :type connection_id: string :param connection_id: ID of the connection. Example: dxcon-fg5678gh Default: None :type new_private_virtual_interface: dict :param new_private_virtual_interface: Detailed information for the private virtual interface to be created. Default: None """ params = { 'connectionId': connection_id, 'newPrivateVirtualInterface': new_private_virtual_interface, } return self.make_request(action='CreatePrivateVirtualInterface', body=json.dumps(params))
def create_public_virtual_interface(self, connection_id, new_public_virtual_interface): """ Creates a new public virtual interface. A virtual interface is the VLAN that transports AWS Direct Connect traffic. A public virtual interface supports sending traffic to public services of AWS such as Amazon Simple Storage Service (Amazon S3). :type connection_id: string :param connection_id: ID of the connection. Example: dxcon-fg5678gh Default: None :type new_public_virtual_interface: dict :param new_public_virtual_interface: Detailed information for the public virtual interface to be created. Default: None """ params = { 'connectionId': connection_id, 'newPublicVirtualInterface': new_public_virtual_interface, } return self.make_request(action='CreatePublicVirtualInterface', body=json.dumps(params))
def confirm_private_virtual_interface(self, virtual_interface_id, virtual_gateway_id): """ Accept ownership of a private virtual interface created by another customer. After the virtual interface owner calls this function, the virtual interface will be created and attached to the given virtual private gateway, and will be available for handling traffic. :type virtual_interface_id: string :param virtual_interface_id: ID of the virtual interface. Example: dxvif-123dfg56 Default: None :type virtual_gateway_id: string :param virtual_gateway_id: ID of the virtual private gateway that will be attached to the virtual interface. A virtual private gateway can be managed via the Amazon Virtual Private Cloud (VPC) console or the `EC2 CreateVpnGateway`_ action. Default: None """ params = { 'virtualInterfaceId': virtual_interface_id, 'virtualGatewayId': virtual_gateway_id, } return self.make_request(action='ConfirmPrivateVirtualInterface', body=json.dumps(params))
def create_table(self, table_name, schema, provisioned_throughput): """ Add a new table to your account. The table name must be unique among those associated with the account issuing the request. This request triggers an asynchronous workflow to begin creating the table. When the workflow is complete, the state of the table will be ACTIVE. :type table_name: str :param table_name: The name of the table to create. :type schema: dict :param schema: A Python version of the KeySchema data structure as defined by DynamoDB :type provisioned_throughput: dict :param provisioned_throughput: A Python version of the ProvisionedThroughput data structure defined by DynamoDB. """ data = { 'TableName': table_name, 'KeySchema': schema, 'ProvisionedThroughput': provisioned_throughput } json_input = json.dumps(data) response_dict = self.make_request('CreateTable', json_input) return response_dict
def list_tables(self, limit=None, start_table=None): """ Returns a dictionary of results. The dictionary contains a **TableNames** key whose value is a list of the table names. The dictionary could also contain a **LastEvaluatedTableName** key whose value would be the last table name returned if the complete list of table names was not returned. This value would then be passed as the ``start_table`` parameter on a subsequent call to this method. :type limit: int :param limit: The maximum number of tables to return. :type start_table: str :param start_table: The name of the table that starts the list. If you ran a previous list_tables and not all results were returned, the response dict would include a LastEvaluatedTableName attribute. Use that value here to continue the listing. """ data = {} if limit: data['Limit'] = limit if start_table: data['ExclusiveStartTableName'] = start_table json_input = json.dumps(data) return self.make_request('ListTables', json_input)
def list_identity_pool_usage(self, next_token=None, max_results=None): """ Gets a list of identity pools registered with Cognito. :type next_token: string :param next_token: A pagination token for obtaining the next page of results. :type max_results: integer :param max_results: The maximum number of results to be returned. """ uri = '/identitypools' params = {} headers = {} query_params = {} if next_token is not None: query_params['nextToken'] = next_token if max_results is not None: query_params['maxResults'] = max_results return self.make_request('GET', uri, expected_status=200, data=json.dumps(params), headers=headers, params=query_params)
def put_metric_filter(self, log_group_name, filter_name, filter_pattern, metric_transformations): """ Creates or updates a metric filter and associates it with the specified log group. Metric filters allow you to configure rules to extract metric data from log events ingested through `PutLogEvents` requests. :type log_group_name: string :param log_group_name: :type filter_name: string :param filter_name: The name of the metric filter. :type filter_pattern: string :param filter_pattern: :type metric_transformations: list :param metric_transformations: """ params = { 'logGroupName': log_group_name, 'filterName': filter_name, 'filterPattern': filter_pattern, 'metricTransformations': metric_transformations, } return self.make_request(action='PutMetricFilter', body=json.dumps(params))
def register_device(self, identity_pool_id, identity_id, platform, token): """ Registers a device to receive push sync notifications. :type identity_pool_id: string :param identity_pool_id: A name-spaced GUID (for example, us- east-1:23EC4050-6AEA-7089-A2DD-08002EXAMPLE) created by Amazon Cognito. Here, the ID of the pool that the identity belongs to. :type identity_id: string :param identity_id: The unique ID for this identity. :type platform: string :param platform: The SNS platform type (e.g. GCM, SDM, APNS, APNS_SANDBOX). :type token: string :param token: The push token. """ uri = '/identitypools/{0}/identity/{1}/device'.format( identity_pool_id, identity_id) params = { 'Platform': platform, 'Token': token, } headers = {} query_params = {} return self.make_request('POST', uri, expected_status=200, data=json.dumps(params), headers=headers, params=query_params)
def _custom_policy(resource, expires=None, valid_after=None, ip_address=None): """ Creates a custom policy string based on the supplied parameters. """ condition = {} # SEE: http://docs.amazonwebservices.com/AmazonCloudFront/latest/DeveloperGuide/RestrictingAccessPrivateContent.html#CustomPolicy # The 'DateLessThan' property is required. if not expires: # Defaults to ONE day expires = int(time.time()) + 86400 condition["DateLessThan"] = {"AWS:EpochTime": expires} if valid_after: condition["DateGreaterThan"] = {"AWS:EpochTime": valid_after} if ip_address: if '/' not in ip_address: ip_address += "/32" condition["IpAddress"] = {"AWS:SourceIp": ip_address} policy = { "Statement": [{ "Resource": resource, "Condition": condition }] } return json.dumps(policy, separators=(",", ":"))
def register_application_revision(self, application_name, revision, description=None): """ Registers with AWS CodeDeploy a revision for the specified application. :type application_name: string :param application_name: The name of an existing AWS CodeDeploy application within the AWS user account. :type description: string :param description: A comment about the revision. :type revision: dict :param revision: Information about the application revision to register, including the revision's type and its location. """ params = { 'applicationName': application_name, 'revision': revision, } if description is not None: params['description'] = description return self.make_request(action='RegisterApplicationRevision', body=json.dumps(params))
def add_attachments_to_set(self, attachments, attachment_set_id=None): """ Adds one or more attachments to an attachment set. If an `AttachmentSetId` is not specified, a new attachment set is created, and the ID of the set is returned in the response. If an `AttachmentSetId` is specified, the attachments are added to the specified set, if it exists. An attachment set is a temporary container for attachments that are to be added to a case or case communication. The set is available for one hour after it is created; the `ExpiryTime` returned in the response indicates when the set expires. The maximum number of attachments in a set is 3, and the maximum size of any attachment in the set is 5 MB. :type attachment_set_id: string :param attachment_set_id: The ID of the attachment set. If an `AttachmentSetId` is not specified, a new attachment set is created, and the ID of the set is returned in the response. If an `AttachmentSetId` is specified, the attachments are added to the specified set, if it exists. :type attachments: list :param attachments: One or more attachments to add to the set. The limit is 3 attachments per set, and the size limit is 5 MB per attachment. """ params = { 'attachments': attachments, } if attachment_set_id is not None: params['attachmentSetId'] = attachment_set_id return self.make_request(action='AddAttachmentsToSet', body=json.dumps(params))
def report_task_progress(self, task_id): """ Updates the AWS Data Pipeline service on the progress of the calling task runner. When the task runner is assigned a task, it should call ReportTaskProgress to acknowledge that it has the task within 2 minutes. If the web service does not recieve this acknowledgement within the 2 minute window, it will assign the task in a subsequent PollForTask call. After this initial acknowledgement, the task runner only needs to report progress every 15 minutes to maintain its ownership of the task. You can change this reporting time from 15 minutes by specifying a `reportProgressTimeout` field in your pipeline. If a task runner does not report its status after 5 minutes, AWS Data Pipeline will assume that the task runner is unable to process the task and will reassign the task in a subsequent response to PollForTask. task runners should call ReportTaskProgress every 60 seconds. :type task_id: string :param task_id: Identifier of the task assigned to the task runner. This value is provided in the TaskObject that the service returns with the response for the PollForTask action. """ params = { 'taskId': task_id, } return self.make_request(action='ReportTaskProgress', body=json.dumps(params))
def list_tags_for_stream(self, stream_name, exclusive_start_tag_key=None, limit=None): """ Lists the tags for the specified Amazon Kinesis stream. :type stream_name: string :param stream_name: The name of the stream. :type exclusive_start_tag_key: string :param exclusive_start_tag_key: The key to use as the starting point for the list of tags. If this parameter is set, `ListTagsForStream` gets all tags that occur after `ExclusiveStartTagKey`. :type limit: integer :param limit: The number of tags to return. If this number is less than the total number of tags associated with the stream, `HasMoreTags` is set to `True`. To list additional tags, set `ExclusiveStartTagKey` to the last key in the response. """ params = { 'StreamName': stream_name, } if exclusive_start_tag_key is not None: params['ExclusiveStartTagKey'] = exclusive_start_tag_key if limit is not None: params['Limit'] = limit return self.make_request(action='ListTagsForStream', body=json.dumps(params))
def disable_domain_transfer_lock(self, domain_name): """ This operation removes the transfer lock on the domain (specifically the `clientTransferProhibited` status) to allow domain transfers. We recommend you refrain from performing this action unless you intend to transfer the domain to a different registrar. Successful submission returns an operation ID that you can use to track the progress and completion of the action. If the request is not completed successfully, the domain registrant will be notified by email. :type domain_name: string :param domain_name: The name of a domain. Type: String Default: None Constraints: The domain name can contain only the letters a through z, the numbers 0 through 9, and hyphen (-). Internationalized Domain Names are not supported. Required: Yes """ params = {'DomainName': domain_name, } return self.make_request(action='DisableDomainTransferLock', body=json.dumps(params))
def check_domain_availability(self, domain_name, idn_lang_code=None): """ This operation checks the availability of one domain name. You can access this API without authenticating. Note that if the availability status of a domain is pending, you must submit another request to determine the availability of the domain name. :type domain_name: string :param domain_name: The name of a domain. Type: String Default: None Constraints: The domain name can contain only the letters a through z, the numbers 0 through 9, and hyphen (-). Internationalized Domain Names are not supported. Required: Yes :type idn_lang_code: string :param idn_lang_code: Reserved for future use. """ params = {'DomainName': domain_name, } if idn_lang_code is not None: params['IdnLangCode'] = idn_lang_code return self.make_request(action='CheckDomainAvailability', body=json.dumps(params))
def list_key_policies(self, key_id, limit=None, marker=None): """ Retrieves a list of policies attached to a key. :type key_id: string :param key_id: Unique identifier of the key. This can be an ARN, an alias, or a globally unique identifier. :type limit: integer :param limit: Specify this parameter only when paginating results to indicate the maximum number of policies you want listed in the response. If there are additional policies beyond the maximum you specify, the `Truncated` response element will be set to `true.` :type marker: string :param marker: Use this parameter only when paginating results, and only in a subsequent request after you've received a response where the results are truncated. Set it to the value of the `NextMarker` in the response you just received. """ params = {'KeyId': key_id, } if limit is not None: params['Limit'] = limit if marker is not None: params['Marker'] = marker return self.make_request(action='ListKeyPolicies', body=json.dumps(params))
def create_key(self, policy=None, description=None, key_usage=None): """ Creates a customer master key. Customer master keys can be used to encrypt small amounts of data (less than 4K) directly, but they are most commonly used to encrypt or envelope data keys that are then used to encrypt customer data. For more information about data keys, see GenerateDataKey and GenerateDataKeyWithoutPlaintext. :type policy: string :param policy: Policy to be attached to the key. This is required and delegates back to the account. The key is the root of trust. :type description: string :param description: Description of the key. We recommend that you choose a description that helps your customer decide whether the key is appropriate for a task. :type key_usage: string :param key_usage: Specifies the intended use of the key. Currently this defaults to ENCRYPT/DECRYPT, and only symmetric encryption and decryption are supported. """ params = {} if policy is not None: params['Policy'] = policy if description is not None: params['Description'] = description if key_usage is not None: params['KeyUsage'] = key_usage return self.make_request(action='CreateKey', body=json.dumps(params))
def create_alias(self, alias_name, target_key_id): """ Creates a display name for a customer master key. An alias can be used to identify a key and should be unique. The console enforces a one-to-one mapping between the alias and a key. An alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An alias must start with the word "alias" followed by a forward slash (alias/). An alias that begins with "aws" after the forward slash (alias/aws...) is reserved by Amazon Web Services (AWS). :type alias_name: string :param alias_name: String that contains the display name. Aliases that begin with AWS are reserved. :type target_key_id: string :param target_key_id: An identifier of the key for which you are creating the alias. This value cannot be another alias. """ params = { 'AliasName': alias_name, 'TargetKeyId': target_key_id, } return self.make_request(action='CreateAlias', body=json.dumps(params))
def subscribe_sqs_queue(self, topic, queue): """ Subscribe an SQS queue to a topic. This is convenience method that handles most of the complexity involved in using an SQS queue as an endpoint for an SNS topic. To achieve this the following operations are performed: * The correct ARN is constructed for the SQS queue and that ARN is then subscribed to the topic. * A JSON policy document is contructed that grants permission to the SNS topic to send messages to the SQS queue. * This JSON policy is then associated with the SQS queue using the queue's set_attribute method. If the queue already has a policy associated with it, this process will add a Statement to that policy. If no policy exists, a new policy will be created. :type topic: string :param topic: The ARN of the new topic. :type queue: A boto Queue object :param queue: The queue you wish to subscribe to the SNS Topic. """ t = queue.id.split('/') q_arn = queue.arn sid = hashlib.md5((topic + q_arn).encode('utf-8')).hexdigest() sid_exists = False resp = self.subscribe(topic, 'sqs', q_arn) attr = queue.get_attributes('Policy') if 'Policy' in attr: policy = json.loads(attr['Policy']) else: policy = {} if 'Version' not in policy: policy['Version'] = '2008-10-17' if 'Statement' not in policy: policy['Statement'] = [] # See if a Statement with the Sid exists already. for s in policy['Statement']: if s['Sid'] == sid: sid_exists = True if not sid_exists: statement = { 'Action': 'SQS:SendMessage', 'Effect': 'Allow', 'Principal': { 'AWS': '*' }, 'Resource': q_arn, 'Sid': sid, 'Condition': { 'StringLike': { 'aws:SourceArn': topic } } } policy['Statement'].append(statement) queue.set_attribute('Policy', json.dumps(policy)) return resp
def get_resource_config_history(self, resource_type, resource_id, later_time=None, earlier_time=None, chronological_order=None, limit=None, next_token=None): """ Returns a list of configuration items for the specified resource. The list contains details about each state of the resource during the specified time interval. You can specify a `limit` on the number of results returned on the page. If a limit is specified, a `nextToken` is returned as part of the result that you can use to continue this request. :type resource_type: string :param resource_type: The resource type. :type resource_id: string :param resource_id: The ID of the resource (for example., `sg-xxxxxx`). :type later_time: timestamp :param later_time: The time stamp that indicates a later time. If not specified, current time is taken. :type earlier_time: timestamp :param earlier_time: The time stamp that indicates an earlier time. If not specified, the action returns paginated results that contain configuration items that start from when the first configuration item was recorded. :type chronological_order: string :param chronological_order: The chronological order for configuration items listed. By default the results are listed in reverse chronological order. :type limit: integer :param limit: The maximum number of configuration items returned in each page. The default is 10. You cannot specify a limit greater than 100. :type next_token: string :param next_token: An optional parameter used for pagination of the results. """ params = { 'resourceType': resource_type, 'resourceId': resource_id, } if later_time is not None: params['laterTime'] = later_time if earlier_time is not None: params['earlierTime'] = earlier_time if chronological_order is not None: params['chronologicalOrder'] = chronological_order if limit is not None: params['limit'] = limit if next_token is not None: params['nextToken'] = next_token return self.make_request(action='GetResourceConfigHistory', body=json.dumps(params))
def create_hsm(self, subnet_id, ssh_key, iam_role_arn, subscription_type, eni_ip=None, external_id=None, client_token=None, syslog_ip=None): """ Creates an uninitialized HSM instance. Running this command provisions an HSM appliance and will result in charges to your AWS account for the HSM. :type subnet_id: string :param subnet_id: The identifier of the subnet in your VPC in which to place the HSM. :type ssh_key: string :param ssh_key: The SSH public key to install on the HSM. :type eni_ip: string :param eni_ip: The IP address to assign to the HSM's ENI. :type iam_role_arn: string :param iam_role_arn: The ARN of an IAM role to enable the AWS CloudHSM service to allocate an ENI on your behalf. :type external_id: string :param external_id: The external ID from **IamRoleArn**, if present. :type subscription_type: string :param subscription_type: The subscription type. :type client_token: string :param client_token: A user-defined token to ensure idempotence. Subsequent calls to this action with the same token will be ignored. :type syslog_ip: string :param syslog_ip: The IP address for the syslog monitoring server. """ params = { 'SubnetId': subnet_id, 'SshKey': ssh_key, 'IamRoleArn': iam_role_arn, 'SubscriptionType': subscription_type, } if eni_ip is not None: params['EniIp'] = eni_ip if external_id is not None: params['ExternalId'] = external_id if client_token is not None: params['ClientToken'] = client_token if syslog_ip is not None: params['SyslogIp'] = syslog_ip return self.make_request(action='CreateHsm', body=json.dumps(params))