:doc:`EC2 <../../ec2>` / Client / create_verified_access_instance

*******************************
create_verified_access_instance
*******************************



.. py:method:: EC2.Client.create_verified_access_instance(**kwargs)

  

  An Amazon Web Services Verified Access instance is a regional entity that evaluates application requests and grants access only when your security requirements are met.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateVerifiedAccessInstance>`_  


  **Request Syntax**
  ::

    response = client.create_verified_access_instance(
        Description='string',
        TagSpecifications=[
            {
                'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-metering-policy'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'secondary-interface'|'secondary-network'|'secondary-subnet'|'capacity-manager-data-export'|'vpn-concentrator',
                'Tags': [
                    {
                        'Key': 'string',
                        'Value': 'string'
                    },
                ]
            },
        ],
        ClientToken='string',
        DryRun=True|False,
        FIPSEnabled=True|False,
        CidrEndpointsCustomSubDomain='string'
    )
    
  :type Description: string
  :param Description: 

    A description for the Verified Access instance.

    

  
  :type TagSpecifications: list
  :param TagSpecifications: 

    The tags to assign to the Verified Access instance.

    

  
    - *(dict) --* 

      The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

       

      .. note::

        

        The ``Valid Values`` lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.

        

      

    
      - **ResourceType** *(string) --* 

        The type of resource to tag on creation.

        

      
      - **Tags** *(list) --* 

        The tags to apply to the resource.

        

      
        - *(dict) --* 

          Describes a tag.

          

        
          - **Key** *(string) --* 

            The key of the tag.

             

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

            

          
          - **Value** *(string) --* 

            The value of the tag.

             

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

            

          
        
    
    

  :type ClientToken: string
  :param ClientToken: 

    A unique, case-sensitive token that you provide to ensure idempotency of your modification request. For more information, see `Ensuring idempotency <https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html>`__.

    This field is autopopulated if not provided.

  
  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  :type FIPSEnabled: boolean
  :param FIPSEnabled: 

    Enable or disable support for Federal Information Processing Standards (FIPS) on the instance.

    

  
  :type CidrEndpointsCustomSubDomain: string
  :param CidrEndpointsCustomSubDomain: 

    The custom subdomain.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'VerifiedAccessInstance': {
              'VerifiedAccessInstanceId': 'string',
              'Description': 'string',
              'VerifiedAccessTrustProviders': [
                  {
                      'VerifiedAccessTrustProviderId': 'string',
                      'Description': 'string',
                      'TrustProviderType': 'user'|'device',
                      'UserTrustProviderType': 'iam-identity-center'|'oidc',
                      'DeviceTrustProviderType': 'jamf'|'crowdstrike'|'jumpcloud'
                  },
              ],
              'CreationTime': 'string',
              'LastUpdatedTime': 'string',
              'Tags': [
                  {
                      'Key': 'string',
                      'Value': 'string'
                  },
              ],
              'FipsEnabled': True|False,
              'CidrEndpointsCustomSubDomain': {
                  'SubDomain': 'string',
                  'Nameservers': [
                      'string',
                  ]
              }
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **VerifiedAccessInstance** *(dict) --* 

        Details about the Verified Access instance.

        
        

        - **VerifiedAccessInstanceId** *(string) --* 

          The ID of the Amazon Web Services Verified Access instance.

          
        

        - **Description** *(string) --* 

          A description for the Amazon Web Services Verified Access instance.

          
        

        - **VerifiedAccessTrustProviders** *(list) --* 

          The IDs of the Amazon Web Services Verified Access trust providers.

          
          

          - *(dict) --* 

            Condensed information about a trust provider.

            
            

            - **VerifiedAccessTrustProviderId** *(string) --* 

              The ID of the trust provider.

              
            

            - **Description** *(string) --* 

              The description of trust provider.

              
            

            - **TrustProviderType** *(string) --* 

              The type of trust provider (user- or device-based).

              
            

            - **UserTrustProviderType** *(string) --* 

              The type of user-based trust provider.

              
            

            - **DeviceTrustProviderType** *(string) --* 

              The type of device-based trust provider.

              
        
      
        

        - **CreationTime** *(string) --* 

          The creation time.

          
        

        - **LastUpdatedTime** *(string) --* 

          The last updated time.

          
        

        - **Tags** *(list) --* 

          The tags.

          
          

          - *(dict) --* 

            Describes a tag.

            
            

            - **Key** *(string) --* 

              The key of the tag.

               

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

              
            

            - **Value** *(string) --* 

              The value of the tag.

               

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

              
        
      
        

        - **FipsEnabled** *(boolean) --* 

          Indicates whether support for Federal Information Processing Standards (FIPS) is enabled on the instance.

          
        

        - **CidrEndpointsCustomSubDomain** *(dict) --* 

          The custom subdomain.

          
          

          - **SubDomain** *(string) --* 

            The subdomain.

            
          

          - **Nameservers** *(list) --* 

            The name servers.

            
            

            - *(string) --* 
        
      
    
  