View a markdown version of this page

UpdateNetworkConnector - AWS Lambda Core

UpdateNetworkConnector

Updates the VPC configuration or operator role of an existing network connector. You can modify the subnet IDs, security group IDs, network protocol, or operator role. The connector must be in ACTIVE state to accept updates.

This operation is asynchronous. The connector remains in ACTIVE state during the update — existing workloads that reference this connector are not disrupted. Use GetNetworkConnector to monitor the LastUpdateStatus field, which transitions through InProgress to Successful or Failed. If the update fails, the LastUpdateStatusReasonCode field provides a specific error code for troubleshooting. This operation is idempotent when you provide a ClientToken.

Request Syntax

PUT /2026-04-04/network-connectors/Identifier HTTP/1.1 Content-type: application/json { "ClientToken": "string", "Configuration": { ... }, "OperatorRole": "string" }

URI Request Parameters

The request uses the following URI parameters.

Identifier

The identifier of the network connector to update. You can specify the connector ID, name, or full ARN.

Length Constraints: Minimum length of 1. Maximum length of 140.

Required: Yes

Request Body

The request accepts the following data in JSON format.

ClientToken

A unique, case-sensitive identifier to ensure idempotency of the update request.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Required: No

Configuration

The updated network configuration for the connector. Provide the full VpcEgressConfiguration including all subnet IDs and security group IDs — this replaces the existing configuration.

Type: NetworkConnectorConfiguration object

Note: This object is a Union. Only one member of this object can be specified or returned.

Required: No

OperatorRole

The updated ARN of the IAM role that Lambda assumes to manage ENIs. Use this to change the operator role without recreating the connector.

Type: String

Length Constraints: Minimum length of 0. Maximum length of 10000.

Pattern: arn:(aws[a-zA-Z-]*)?:iam::\d{12}:role/?[a-zA-Z_0-9+=,.@\-_/]+

Required: No

Response Syntax

HTTP/1.1 202 Content-type: application/json { "Id": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 202 response.

The following data is returned in JSON format by the service.

Id

The unique identifier of the network connector.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 140.

Errors

For information about the errors that are common to all actions, see Common Error Types.

InvalidParameterValueException

One of the parameters in the request is not valid. Check the error message for details about which parameter failed validation.

Type

The exception type.

HTTP Status Code: 400

ResourceConflictException

The request could not be completed due to a conflict with the current state of the resource. For example, attempting to update a connector that is not in ACTIVE state.

Type

The exception type.

HTTP Status Code: 409

ResourceNotFoundException

The specified network connector does not exist. Verify the identifier (ID, name, or ARN) and Region.

Type

The exception type.

HTTP Status Code: 404

ServiceException

An internal service error occurred. Retry the request with exponential backoff.

Type

The exception type.

HTTP Status Code: 500

TooManyRequestsException

The request was throttled due to exceeding the allowed request rate. Retry the request after a brief wait using exponential backoff.

Reason

The reason for the throttling.

retryAfterSeconds

The number of seconds to wait before retrying the request.

Type

The exception type.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: