NetworkFirewall / Client / describe_flow_operation
describe_flow_operation¶
- NetworkFirewall.Client.describe_flow_operation(**kwargs)¶
- Returns key information about a specific flow operation. - See also: AWS API Documentation - Request Syntax- response = client.describe_flow_operation( FirewallArn='string', AvailabilityZone='string', VpcEndpointAssociationArn='string', VpcEndpointId='string', FlowOperationId='string' ) - Parameters:
- FirewallArn (string) – - [REQUIRED] - The Amazon Resource Name (ARN) of the firewall. 
- AvailabilityZone (string) – - The ID of the Availability Zone where the firewall is located. For example, - us-east-2a.- Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation. 
- VpcEndpointAssociationArn (string) – The Amazon Resource Name (ARN) of a VPC endpoint association. 
- VpcEndpointId (string) – A unique identifier for the primary endpoint associated with a firewall. 
- FlowOperationId (string) – - [REQUIRED] - A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands. 
 
- Return type:
- dict 
- Returns:
- Response Syntax- { 'FirewallArn': 'string', 'AvailabilityZone': 'string', 'VpcEndpointAssociationArn': 'string', 'VpcEndpointId': 'string', 'FlowOperationId': 'string', 'FlowOperationType': 'FLOW_FLUSH'|'FLOW_CAPTURE', 'FlowOperationStatus': 'COMPLETED'|'IN_PROGRESS'|'FAILED'|'COMPLETED_WITH_ERRORS', 'StatusMessage': 'string', 'FlowRequestTimestamp': datetime(2015, 1, 1), 'FlowOperation': { 'MinimumFlowAgeInSeconds': 123, 'FlowFilters': [ { 'SourceAddress': { 'AddressDefinition': 'string' }, 'DestinationAddress': { 'AddressDefinition': 'string' }, 'SourcePort': 'string', 'DestinationPort': 'string', 'Protocols': [ 'string', ] }, ] } } - Response Structure- (dict) – - FirewallArn (string) – - The Amazon Resource Name (ARN) of the firewall. 
- AvailabilityZone (string) – - The ID of the Availability Zone where the firewall is located. For example, - us-east-2a.- Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation. 
- VpcEndpointAssociationArn (string) – - The Amazon Resource Name (ARN) of a VPC endpoint association. 
- VpcEndpointId (string) – - A unique identifier for the primary endpoint associated with a firewall. 
- FlowOperationId (string) – - A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands. 
- FlowOperationType (string) – - Defines the type of - FlowOperation.
- FlowOperationStatus (string) – - Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands. - If the status is - COMPLETED_WITH_ERRORS, results may be returned with any number of- Flowsmissing from the response. If the status is- FAILED,- Flowsreturned will be empty.
- StatusMessage (string) – - If the asynchronous operation fails, Network Firewall populates this with the reason for the error or failure. Options include - Flow operation errorand- Flow timeout.
- FlowRequestTimestamp (datetime) – - A timestamp indicating when the Suricata engine identified flows impacted by an operation. 
- FlowOperation (dict) – - Returns key information about a flow operation, such as related statuses, unique identifiers, and all filters defined in the operation. - MinimumFlowAgeInSeconds (integer) – - The reqested - FlowOperationignores flows with an age (in seconds) lower than- MinimumFlowAgeInSeconds. You provide this for start commands.
- FlowFilters (list) – - Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation. - (dict) – - Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation. - SourceAddress (dict) – - A single IP address specification. This is used in the MatchAttributes source and destination specifications. - AddressDefinition (string) – - Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6. - Examples: - To configure Network Firewall to inspect for the IP address 192.0.2.44, specify - 192.0.2.44/32.
- To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify - 192.0.2.0/24.
- To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify - 1111:0000:0000:0000:0000:0000:0000:0111/128.
- To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify - 1111:0000:0000:0000:0000:0000:0000:0000/64.
 - For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing. 
 
- DestinationAddress (dict) – - A single IP address specification. This is used in the MatchAttributes source and destination specifications. - AddressDefinition (string) – - Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6. - Examples: - To configure Network Firewall to inspect for the IP address 192.0.2.44, specify - 192.0.2.44/32.
- To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify - 192.0.2.0/24.
- To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify - 1111:0000:0000:0000:0000:0000:0000:0111/128.
- To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify - 1111:0000:0000:0000:0000:0000:0000:0000/64.
 - For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing. 
 
- SourcePort (string) – - The source port to inspect for. You can specify an individual port, for example - 1994and you can specify a port range, for example- 1990:1994. To match with any port, specify- ANY.
- DestinationPort (string) – - The destination port to inspect for. You can specify an individual port, for example - 1994and you can specify a port range, for example- 1990:1994. To match with any port, specify- ANY.
- Protocols (list) – - The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol. - (string) – 
 
 
 
 
 
 
 - Exceptions- NetworkFirewall.Client.exceptions.InvalidRequestException
- NetworkFirewall.Client.exceptions.InternalServerError
- NetworkFirewall.Client.exceptions.ResourceNotFoundException
- NetworkFirewall.Client.exceptions.ThrottlingException