NetworkFirewall / Client / delete_vpc_endpoint_association
delete_vpc_endpoint_association¶
- NetworkFirewall.Client.delete_vpc_endpoint_association(**kwargs)¶
Deletes the specified VpcEndpointAssociation.
You can check whether an endpoint association is in use by reviewing the route tables for the Availability Zones where you have the endpoint subnet mapping. You can retrieve the subnet mapping by calling DescribeVpcEndpointAssociation. You define and update the route tables through Amazon VPC. As needed, update the route tables for the Availability Zone to remove the firewall endpoint for the association. When the route tables no longer use the firewall endpoint, you can remove the endpoint association safely.
See also: AWS API Documentation
Request Syntax
response = client.delete_vpc_endpoint_association( VpcEndpointAssociationArn='string' )
- Parameters:
VpcEndpointAssociationArn (string) –
[REQUIRED]
The Amazon Resource Name (ARN) of a VPC endpoint association.
- Return type:
dict
- Returns:
Response Syntax
{ 'VpcEndpointAssociation': { 'VpcEndpointAssociationId': 'string', 'VpcEndpointAssociationArn': 'string', 'FirewallArn': 'string', 'VpcId': 'string', 'SubnetMapping': { 'SubnetId': 'string', 'IPAddressType': 'DUALSTACK'|'IPV4'|'IPV6' }, 'Description': 'string', 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ] }, 'VpcEndpointAssociationStatus': { 'Status': 'PROVISIONING'|'DELETING'|'READY', 'AssociationSyncState': { 'string': { 'Attachment': { 'SubnetId': 'string', 'EndpointId': 'string', 'Status': 'CREATING'|'DELETING'|'FAILED'|'ERROR'|'SCALING'|'READY', 'StatusMessage': 'string' } } } } }
Response Structure
(dict) –
VpcEndpointAssociation (dict) –
The configuration settings for the VPC endpoint association. These settings include the firewall and the VPC and subnet to use for the firewall endpoint.
VpcEndpointAssociationId (string) –
The unique identifier of the VPC endpoint association.
VpcEndpointAssociationArn (string) –
The Amazon Resource Name (ARN) of a VPC endpoint association.
FirewallArn (string) –
The Amazon Resource Name (ARN) of the firewall.
VpcId (string) –
The unique identifier of the VPC for the endpoint association.
SubnetMapping (dict) –
The ID for a subnet that’s used in an association with a firewall. This is used in CreateFirewall, AssociateSubnets, and CreateVpcEndpointAssociation. Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet’s Availability Zone.
SubnetId (string) –
The unique identifier for the subnet.
IPAddressType (string) –
The subnet’s IP address type. You can’t change the IP address type after you create the subnet.
Description (string) –
A description of the VPC endpoint association.
Tags (list) –
The key:value pairs to associate with the resource.
(dict) –
A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each Amazon Web Services resource.
Key (string) –
The part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as “customer.” Tag keys are case-sensitive.
Value (string) –
The part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as “companyA” or “companyB.” Tag values are case-sensitive.
VpcEndpointAssociationStatus (dict) –
Detailed information about the current status of a VpcEndpointAssociation. You can retrieve this by calling DescribeVpcEndpointAssociation and providing the VPC endpoint association ARN.
Status (string) –
The readiness of the configured firewall endpoint to handle network traffic.
AssociationSyncState (dict) –
The list of the Availability Zone sync states for all subnets that are defined by the firewall.
(string) –
(dict) –
The status of the firewall endpoint defined by a
VpcEndpointAssociation
.Attachment (dict) –
The definition and status of the firewall endpoint for a single subnet. In each configured subnet, Network Firewall instantiates a firewall endpoint to handle network traffic.
This data type is used for any firewall endpoint type:
For
Firewall.SubnetMappings
, thisAttachment
is part of theFirewallStatus
sync states information. You define firewall subnets usingCreateFirewall
andAssociateSubnets
.For
VpcEndpointAssociation
, thisAttachment
is part of theVpcEndpointAssociationStatus
sync states information. You define these subnets usingCreateVpcEndpointAssociation
.
SubnetId (string) –
The unique identifier of the subnet that you’ve specified to be used for a firewall endpoint.
EndpointId (string) –
The identifier of the firewall endpoint that Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.
Status (string) –
The current status of the firewall endpoint instantiation in the subnet.
When this value is
READY
, the endpoint is available to handle network traffic. Otherwise, this value reflects its state, for exampleCREATING
orDELETING
.StatusMessage (string) –
If Network Firewall fails to create or delete the firewall endpoint in the subnet, it populates this with the reason for the error or failure and how to resolve it. A
FAILED
status indicates a non-recoverable state, and aERROR
status indicates an issue that you can fix. Depending on the error, it can take as many as 15 minutes to populate this field. For more information about the causes for failiure or errors and solutions available for this field, see Troubleshooting firewall endpoint failures in the Network Firewall Developer Guide.
Exceptions