NetworkFirewall / Client / describe_flow_operation

describe_flow_operation#

NetworkFirewall.Client.describe_flow_operation(**kwargs)#

Returns key information about a specific flow operation.

See also: AWS API Documentation

Request Syntax

response = client.describe_flow_operation(
    FirewallArn='string',
    AvailabilityZone='string',
    FlowOperationId='string'
)
Parameters:

  • FirewallArn (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of the firewall.

  • AvailabilityZone (string) –

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

  • FlowOperationId (string) –

    [REQUIRED]

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

Return type:

dict

Returns:

Response Syntax

{
    'FirewallArn': 'string',
    'AvailabilityZone': 'string',
    'FlowOperationId': 'string',
    'FlowOperationType': 'FLOW_FLUSH'|'FLOW_CAPTURE',
    'FlowOperationStatus': 'COMPLETED'|'IN_PROGRESS'|'FAILED'|'COMPLETED_WITH_ERRORS',
    'StatusMessage': 'string',
    'FlowRequestTimestamp': datetime(2015, 1, 1),
    'FlowOperation': {
        'MinimumFlowAgeInSeconds': 123,
        'FlowFilters': [
            {
                'SourceAddress': {
                    'AddressDefinition': 'string'
                },
                'DestinationAddress': {
                    'AddressDefinition': 'string'
                },
                'SourcePort': 'string',
                'DestinationPort': 'string',
                'Protocols': [
                    'string',
                ]
            },
        ]
    }
}

Response Structure

  • (dict) –

    • FirewallArn (string) –

      The Amazon Resource Name (ARN) of the firewall.

    • AvailabilityZone (string) –

      The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

      Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    • FlowOperationId (string) –

      A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    • FlowOperationType (string) –

      Defines the type of FlowOperation.

    • FlowOperationStatus (string) –

      Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

      If the status is COMPLETED_WITH_ERRORS, results may be returned with any number of Flows missing from the response. If the status is FAILED, Flows returned will be empty.

    • StatusMessage (string) –

      If the asynchronous operation fails, Network Firewall populates this with the reason for the error or failure. Options include Flow operation error and Flow timeout.

    • FlowRequestTimestamp (datetime) –

      A timestamp indicating when the Suricata engine identified flows impacted by an operation.

    • FlowOperation (dict) –

      Returns key information about a flow operation, such as related statuses, unique identifiers, and all filters defined in the operation.

      • MinimumFlowAgeInSeconds (integer) –

        The reqested FlowOperation ignores flows with an age (in seconds) lower than MinimumFlowAgeInSeconds. You provide this for start commands.

      • FlowFilters (list) –

        Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

        • (dict) –

          Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

          • SourceAddress (dict) –

            A single IP address specification. This is used in the MatchAttributes source and destination specifications.

            • AddressDefinition (string) –

              Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

              Examples:

              • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32.

              • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

              • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.

              • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

              For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

          • DestinationAddress (dict) –

            A single IP address specification. This is used in the MatchAttributes source and destination specifications.

            • AddressDefinition (string) –

              Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

              Examples:

              • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32.

              • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

              • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.

              • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

              For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

          • SourcePort (string) –

            The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

          • DestinationPort (string) –

            The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

          • Protocols (list) –

            The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

            • (string) –

Exceptions

  • NetworkFirewall.Client.exceptions.InvalidRequestException

  • NetworkFirewall.Client.exceptions.InternalServerError

  • NetworkFirewall.Client.exceptions.ResourceNotFoundException

  • NetworkFirewall.Client.exceptions.ThrottlingException