:doc:`WAFRegional <../../waf-regional>` / Client / update_ip_set

*************
update_ip_set
*************



.. py:method:: WAFRegional.Client.update_ip_set(**kwargs)

  

  .. note::

    

    This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

     

    **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

    

   

  Inserts or deletes  IPSetDescriptor objects in an ``IPSet``. For each ``IPSetDescriptor`` object, you specify the following values:

   

  
  * Whether to insert or delete the object from the array. If you want to change an ``IPSetDescriptor`` object, you delete the existing object and add a new one.
   
  * The IP address version, ``IPv4`` or ``IPv6``.
   
  * The IP address in CIDR notation, for example, ``192.0.2.0/24`` (for the range of IP addresses from ``192.0.2.0`` to ``192.0.2.255``) or ``192.0.2.44/32`` (for the individual IP address ``192.0.2.44``).
  

   

  AWS WAF supports IPv4 address ranges: /8 and any range between /16 through /32. AWS WAF supports IPv6 address ranges: /24, /32, /48, /56, /64, and /128. For more information about CIDR notation, see the Wikipedia entry `Classless Inter-Domain Routing <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__.

   

  IPv6 addresses can be represented using any of the following formats:

   

  
  * 1111:0000:0000:0000:0000:0000:0000:0111/128
   
  * 1111:0:0:0:0:0:0:0111/128
   
  * 1111::0111/128
   
  * 1111::111/128
  

   

  You use an ``IPSet`` to specify which web requests you want to allow or block based on the IP addresses that the requests originated from. For example, if you're receiving a lot of requests from one or a small number of IP addresses and you want to block the requests, you can create an ``IPSet`` that specifies those IP addresses, and then configure AWS WAF to block the requests.

   

  To create and configure an ``IPSet``, perform the following steps:

   

   
  * Submit a  CreateIPSet request.
   
  * Use  GetChangeToken to get the change token that you provide in the ``ChangeToken`` parameter of an  UpdateIPSet request.
   
  * Submit an ``UpdateIPSet`` request to specify the IP addresses that you want AWS WAF to watch for.
   

   

  When you update an ``IPSet``, you specify the IP addresses that you want to add and/or the IP addresses that you want to delete. If you want to change an IP address, you delete the existing IP address and add the new one.

   

  You can insert a maximum of 1000 addresses in a single request.

   

  For more information about how to use the AWS WAF API to allow or block HTTP requests, see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/waf-regional-2016-11-28/UpdateIPSet>`_  


  **Request Syntax**
  ::

    response = client.update_ip_set(
        IPSetId='string',
        ChangeToken='string',
        Updates=[
            {
                'Action': 'INSERT'|'DELETE',
                'IPSetDescriptor': {
                    'Type': 'IPV4'|'IPV6',
                    'Value': 'string'
                }
            },
        ]
    )
    
  :type IPSetId: string
  :param IPSetId: **[REQUIRED]** 

    The ``IPSetId`` of the  IPSet that you want to update. ``IPSetId`` is returned by  CreateIPSet and by  ListIPSets.

    

  
  :type ChangeToken: string
  :param ChangeToken: **[REQUIRED]** 

    The value returned by the most recent call to  GetChangeToken.

    

  
  :type Updates: list
  :param Updates: **[REQUIRED]** 

    An array of ``IPSetUpdate`` objects that you want to insert into or delete from an  IPSet. For more information, see the applicable data types:

     

    
    *  IPSetUpdate: Contains ``Action`` and ``IPSetDescriptor``
     
    *  IPSetDescriptor: Contains ``Type`` and ``Value``
    

     

    You can insert a maximum of 1000 addresses in a single request.

    

  
    - *(dict) --* 

      .. note::

        

        This is **AWS WAF Classic** documentation. For more information, see `AWS WAF Classic <https://docs.aws.amazon.com/waf/latest/developerguide/classic-waf-chapter.html>`__ in the developer guide.

         

        **For the latest version of AWS WAF**, use the AWS WAFV2 API and see the `AWS WAF Developer Guide <https://docs.aws.amazon.com/waf/latest/developerguide/waf-chapter.html>`__. With the latest version, AWS WAF has a single set of endpoints for regional and global use.

        

       

      Specifies the type of update to perform to an  IPSet with  UpdateIPSet.

      

    
      - **Action** *(string) --* **[REQUIRED]** 

        Specifies whether to insert or delete an IP address with  UpdateIPSet.

        

      
      - **IPSetDescriptor** *(dict) --* **[REQUIRED]** 

        The IP address type ( ``IPV4`` or ``IPV6``) and the IP address range (in CIDR notation) that web requests originate from.

        

      
        - **Type** *(string) --* **[REQUIRED]** 

          Specify ``IPV4`` or ``IPV6``.

          

        
        - **Value** *(string) --* **[REQUIRED]** 

          Specify an IPv4 address by using CIDR notation. For example:

           

          
          * To configure AWS WAF to allow, block, or count requests that originated from the IP address 192.0.2.44, specify ``192.0.2.44/32``.
           
          * To configure AWS WAF to allow, block, or count requests that originated from IP addresses from 192.0.2.0 to 192.0.2.255, specify ``192.0.2.0/24``.
          

           

          For more information about CIDR notation, see the Wikipedia entry `Classless Inter-Domain Routing <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__.

           

          Specify an IPv6 address by using CIDR notation. For example:

           

          
          * To configure AWS WAF to allow, block, or count requests that originated from the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify ``1111:0000:0000:0000:0000:0000:0000:0111/128``.
           
          * To configure AWS WAF to allow, block, or count requests that originated from IP addresses 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify ``1111:0000:0000:0000:0000:0000:0000:0000/64``.
          

          

        
      
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ChangeToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ChangeToken** *(string) --* 

        The ``ChangeToken`` that you used to submit the ``UpdateIPSet`` request. You can also use this value to query the status of the request. For more information, see  GetChangeTokenStatus.

        
  
  **Exceptions**
  
  *   :py:class:`WAFRegional.Client.exceptions.WAFStaleDataException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInternalErrorException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInvalidAccountException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInvalidOperationException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFInvalidParameterException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFNonexistentContainerException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFNonexistentItemException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFReferencedItemException`

  
  *   :py:class:`WAFRegional.Client.exceptions.WAFLimitsExceededException`

  

  **Examples**

  The following example deletes an IPSetDescriptor object in an IP match set with the ID example1ds3t-46da-4fdb-b8d5-abc321j569j5.
  ::

    response = client.update_ip_set(
        ChangeToken='abcd12f2-46da-4fdb-b8d5-fbd4c466928f',
        IPSetId='example1ds3t-46da-4fdb-b8d5-abc321j569j5',
        Updates=[
            {
                'Action': 'DELETE',
                'IPSetDescriptor': {
                    'Type': 'IPV4',
                    'Value': '192.0.2.44/32',
                },
            },
        ],
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'ChangeToken': 'abcd12f2-46da-4fdb-b8d5-fbd4c466928f',
        'ResponseMetadata': {
            '...': '...',
        },
    }

  