NetworkFirewall / Client / list_flow_operation_results

list_flow_operation_results

NetworkFirewall.Client.list_flow_operation_results(**kwargs)

Returns the results of a specific flow operation.

Flow operations let you manage the flows tracked in the flow table, also known as the firewall table.

A flow is network traffic that is monitored by a firewall, either by stateful or stateless rules. For traffic to be considered part of a flow, it must share Destination, DestinationPort, Direction, Protocol, Source, and SourcePort.

See also: AWS API Documentation

Request Syntax

response = client.list_flow_operation_results(
    FirewallArn='string',
    FlowOperationId='string',
    NextToken='string',
    MaxResults=123,
    AvailabilityZone='string',
    VpcEndpointId='string',
    VpcEndpointAssociationArn='string'
)
Parameters:

  • FirewallArn (string) –

    [REQUIRED]

    The Amazon Resource Name (ARN) of the firewall.

  • FlowOperationId (string) –

    [REQUIRED]

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

  • NextToken (string) – When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

  • MaxResults (integer) – The maximum number of objects that you want Network Firewall to return for this request. If more objects are available, in the response, Network Firewall provides a NextToken value that you can use in a subsequent call to get the next batch of objects.

  • AvailabilityZone (string) –

    The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

  • VpcEndpointId (string) – A unique identifier for the primary endpoint associated with a firewall.

  • VpcEndpointAssociationArn (string) – The Amazon Resource Name (ARN) of a VPC endpoint association.

Return type:

dict

Returns:

Response Syntax

{
    'FirewallArn': 'string',
    'AvailabilityZone': 'string',
    'VpcEndpointAssociationArn': 'string',
    'VpcEndpointId': 'string',
    'FlowOperationId': 'string',
    'FlowOperationStatus': 'COMPLETED'|'IN_PROGRESS'|'FAILED'|'COMPLETED_WITH_ERRORS',
    'StatusMessage': 'string',
    'FlowRequestTimestamp': datetime(2015, 1, 1),
    'Flows': [
        {
            'SourceAddress': {
                'AddressDefinition': 'string'
            },
            'DestinationAddress': {
                'AddressDefinition': 'string'
            },
            'SourcePort': 'string',
            'DestinationPort': 'string',
            'Protocol': 'string',
            'Age': 123,
            'PacketCount': 123,
            'ByteCount': 123
        },
    ],
    'NextToken': 'string'
}

Response Structure

  • (dict) –

    • FirewallArn (string) –

      The Amazon Resource Name (ARN) of the firewall.

    • AvailabilityZone (string) –

      The ID of the Availability Zone where the firewall is located. For example, us-east-2a.

      Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    • VpcEndpointAssociationArn (string) –

    • VpcEndpointId (string) –

    • FlowOperationId (string) –

      A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    • FlowOperationStatus (string) –

      Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

      If the status is COMPLETED_WITH_ERRORS, results may be returned with any number of Flows missing from the response. If the status is FAILED, Flows returned will be empty.

    • StatusMessage (string) –

      If the asynchronous operation fails, Network Firewall populates this with the reason for the error or failure. Options include Flow operation error and Flow timeout.

    • FlowRequestTimestamp (datetime) –

      A timestamp indicating when the Suricata engine identified flows impacted by an operation.

    • Flows (list) –

      Any number of arrays, where each array is a single flow identified in the scope of the operation. If multiple flows were in the scope of the operation, multiple Flows arrays are returned.

      • (dict) –

        Any number of arrays, where each array is a single flow identified in the scope of the operation. If multiple flows were in the scope of the operation, multiple Flows arrays are returned.

        • SourceAddress (dict) –

          A single IP address specification. This is used in the MatchAttributes source and destination specifications.

          • AddressDefinition (string) –

            Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

            Examples:

            • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32.

            • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

            • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.

            • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

            For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

        • DestinationAddress (dict) –

          A single IP address specification. This is used in the MatchAttributes source and destination specifications.

          • AddressDefinition (string) –

            Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

            Examples:

            • To configure Network Firewall to inspect for the IP address 192.0.2.44, specify 192.0.2.44/32.

            • To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify 192.0.2.0/24.

            • To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify 1111:0000:0000:0000:0000:0000:0000:0111/128.

            • To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify 1111:0000:0000:0000:0000:0000:0000:0000/64.

            For more information about CIDR notation, see the Wikipedia entry Classless Inter-Domain Routing.

        • SourcePort (string) –

          The source port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

        • DestinationPort (string) –

          The destination port to inspect for. You can specify an individual port, for example 1994 and you can specify a port range, for example 1990:1994. To match with any port, specify ANY.

        • Protocol (string) –

          The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

        • Age (integer) –

          Returned as info about age of the flows identified by the flow operation.

        • PacketCount (integer) –

          Returns the total number of data packets received or transmitted in a flow.

        • ByteCount (integer) –

          Returns the number of bytes received or transmitted in a specific flow.

    • NextToken (string) –

      When you request a list of objects with a MaxResults setting, if the number of objects that are still available for retrieval exceeds the maximum you requested, Network Firewall returns a NextToken value in the response. To retrieve the next batch of objects, use the token returned from the prior request in your next request.

Exceptions