:doc:`DirectoryService <../../ds>` / Client / add_ip_routes

*************
add_ip_routes
*************



.. py:method:: DirectoryService.Client.add_ip_routes(**kwargs)

  

  If the DNS server for your self-managed domain uses a publicly addressable IP address, you must add a CIDR address block to correctly route traffic to and from your Microsoft AD on Amazon Web Services. *AddIpRoutes* adds this address block. You can also use *AddIpRoutes* to facilitate routing traffic that uses public IP ranges from your Microsoft AD on Amazon Web Services to a peer VPC.

   

  Before you call *AddIpRoutes*, ensure that all of the required permissions have been explicitly granted through a policy. For details about what permissions are required to run the *AddIpRoutes* operation, see `Directory Service API Permissions\: Actions, Resources, and Conditions Reference <http://docs.aws.amazon.com/directoryservice/latest/admin-guide/UsingWithDS_IAM_ResourcePermissions.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ds-2015-04-16/AddIpRoutes>`_  


  **Request Syntax**
  ::

    response = client.add_ip_routes(
        DirectoryId='string',
        IpRoutes=[
            {
                'CidrIp': 'string',
                'CidrIpv6': 'string',
                'Description': 'string'
            },
        ],
        UpdateSecurityGroupForDirectoryControllers=True|False
    )
    
  :type DirectoryId: string
  :param DirectoryId: **[REQUIRED]** 

    Identifier (ID) of the directory to which to add the address block.

    

  
  :type IpRoutes: list
  :param IpRoutes: **[REQUIRED]** 

    IP address blocks, using CIDR format, of the traffic to route. This is often the IP address block of the DNS server used for your self-managed domain.

    

  
    - *(dict) --* 

      Contains the IP address block. This is often the address block of the DNS server used for your self-managed domain.

      

    
      - **CidrIp** *(string) --* 

        IP address block in CIDR format, such as 10.0.0.0/24. This is often the address block of the DNS server used for your self-managed domain. For a single IP address, use a CIDR address block with /32. For example, 10.0.0.0/32.

        

      
      - **CidrIpv6** *(string) --* 

        IPv6 address block in CIDR format, such as 2001:db8::/32. This is often the address block of the DNS server used for your self-managed domain. For a single IPv6 address, use a CIDR address block with /128. For example, 2001:db8::1/128.

        

      
      - **Description** *(string) --* 

        Description of the address block.

        

      
    

  :type UpdateSecurityGroupForDirectoryControllers: boolean
  :param UpdateSecurityGroupForDirectoryControllers: 

    If set to true, updates the inbound and outbound rules of the security group that has the description: "Amazon Web Services created security group for *directory ID* directory controllers." Following are the new rules:

     

    Inbound:

     

    
    * Type: Custom UDP Rule, Protocol: UDP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom UDP Rule, Protocol: UDP, Range: 123, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom UDP Rule, Protocol: UDP, Range: 138, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom UDP Rule, Protocol: UDP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom UDP Rule, Protocol: UDP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom UDP Rule, Protocol: UDP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom TCP Rule, Protocol: TCP, Range: 88, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom TCP Rule, Protocol: TCP, Range: 135, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom TCP Rule, Protocol: TCP, Range: 445, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom TCP Rule, Protocol: TCP, Range: 464, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom TCP Rule, Protocol: TCP, Range: 636, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom TCP Rule, Protocol: TCP, Range: 1024-65535, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: Custom TCP Rule, Protocol: TCP, Range: 3268-33269, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: DNS (UDP), Protocol: UDP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: DNS (TCP), Protocol: TCP, Range: 53, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: LDAP, Protocol: TCP, Range: 389, Source: Managed Microsoft AD VPC IPv4 CIDR
     
    * Type: All ICMP, Protocol: All, Range: N/A, Source: Managed Microsoft AD VPC IPv4 CIDR
    

     

    

     

    Outbound:

     

    
    * Type: All traffic, Protocol: All, Range: All, Destination: 0.0.0.0/0
    

     

    These security rules impact an internal network interface that is not exposed publicly.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {}
      
    **Response Structure**

    

    - *(dict) --* 
  
  **Exceptions**
  
  *   :py:class:`DirectoryService.Client.exceptions.EntityDoesNotExistException`

  
  *   :py:class:`DirectoryService.Client.exceptions.EntityAlreadyExistsException`

  
  *   :py:class:`DirectoryService.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`DirectoryService.Client.exceptions.DirectoryUnavailableException`

  
  *   :py:class:`DirectoryService.Client.exceptions.IpRouteLimitExceededException`

  
  *   :py:class:`DirectoryService.Client.exceptions.ClientException`

  
  *   :py:class:`DirectoryService.Client.exceptions.ServiceException`

  