:doc:`EC2 <../../ec2>` / Client / modify_vpc_block_public_access_options

**************************************
modify_vpc_block_public_access_options
**************************************



.. py:method:: EC2.Client.modify_vpc_block_public_access_options(**kwargs)

  

  Modify VPC Block Public Access (BPA) options. VPC Block Public Access (BPA) enables you to block resources in VPCs and subnets that you own in a Region from reaching or being reached from the internet through internet gateways and egress-only internet gateways. To learn more about VPC BPA, see `Block public access to VPCs and subnets <https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html>`__ in the *Amazon VPC User Guide*.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/ModifyVpcBlockPublicAccessOptions>`_  


  **Request Syntax**
  ::

    response = client.modify_vpc_block_public_access_options(
        DryRun=True|False,
        InternetGatewayBlockMode='off'|'block-bidirectional'|'block-ingress'
    )
    
  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  :type InternetGatewayBlockMode: string
  :param InternetGatewayBlockMode: **[REQUIRED]** 

    The mode of VPC BPA.

     

    
    * ``off``: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
     
    * ``block-bidirectional``: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
     
    * ``block-ingress``: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
    

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'VpcBlockPublicAccessOptions': {
              'AwsAccountId': 'string',
              'AwsRegion': 'string',
              'State': 'default-state'|'update-in-progress'|'update-complete',
              'InternetGatewayBlockMode': 'off'|'block-bidirectional'|'block-ingress',
              'Reason': 'string',
              'LastUpdateTimestamp': datetime(2015, 1, 1),
              'ManagedBy': 'account'|'declarative-policy',
              'ExclusionsAllowed': 'allowed'|'not-allowed'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **VpcBlockPublicAccessOptions** *(dict) --* 

        Details related to the VPC Block Public Access (BPA) options.

        
        

        - **AwsAccountId** *(string) --* 

          An Amazon Web Services account ID.

          
        

        - **AwsRegion** *(string) --* 

          An Amazon Web Services Region.

          
        

        - **State** *(string) --* 

          The current state of VPC BPA.

          
        

        - **InternetGatewayBlockMode** *(string) --* 

          The current mode of VPC BPA.

           

          
          * ``off``: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.
           
          * ``block-bidirectional``: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).
           
          * ``block-ingress``: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.
          

          
        

        - **Reason** *(string) --* 

          The reason for the current state.

          
        

        - **LastUpdateTimestamp** *(datetime) --* 

          The last time the VPC BPA mode was updated.

          
        

        - **ManagedBy** *(string) --* 

          The entity that manages the state of VPC BPA. Possible values include:

           

          
          * ``account`` - The state is managed by the account.
           
          * ``declarative-policy`` - The state is managed by a declarative policy and can't be modified by the account.
          

          
        

        - **ExclusionsAllowed** *(string) --* 

          Determines if exclusions are allowed. If you have `enabled VPC BPA at the Organization level <https://docs.aws.amazon.com/vpc/latest/userguide/security-vpc-bpa.html#security-vpc-bpa-exclusions-orgs>`__, exclusions may be ``not-allowed``. Otherwise, they are ``allowed``.

          
    
  