NetworkFirewall / Client / describe_vpc_endpoint_association

describe_vpc_endpoint_association

NetworkFirewall.Client.describe_vpc_endpoint_association(**kwargs)

Returns the data object for the specified VPC endpoint association.

See also: AWS API Documentation

Request Syntax

response = client.describe_vpc_endpoint_association(
    VpcEndpointAssociationArn='string'
)
Parameters:

VpcEndpointAssociationArn (string) –

[REQUIRED]

The Amazon Resource Name (ARN) of a VPC endpoint association.

Return type:

dict

Returns:

Response Syntax

{
    'VpcEndpointAssociation': {
        'VpcEndpointAssociationId': 'string',
        'VpcEndpointAssociationArn': 'string',
        'FirewallArn': 'string',
        'VpcId': 'string',
        'SubnetMapping': {
            'SubnetId': 'string',
            'IPAddressType': 'DUALSTACK'|'IPV4'|'IPV6'
        },
        'Description': 'string',
        'Tags': [
            {
                'Key': 'string',
                'Value': 'string'
            },
        ]
    },
    'VpcEndpointAssociationStatus': {
        'Status': 'PROVISIONING'|'DELETING'|'READY',
        'AssociationSyncState': {
            'string': {
                'Attachment': {
                    'SubnetId': 'string',
                    'EndpointId': 'string',
                    'Status': 'CREATING'|'DELETING'|'FAILED'|'ERROR'|'SCALING'|'READY',
                    'StatusMessage': 'string'
                }
            }
        }
    }
}

Response Structure

  • (dict) –

    • VpcEndpointAssociation (dict) –

      The configuration settings for the VPC endpoint association. These settings include the firewall and the VPC and subnet to use for the firewall endpoint.

      • VpcEndpointAssociationId (string) –

        The unique identifier of the VPC endpoint association.

      • VpcEndpointAssociationArn (string) –

        The Amazon Resource Name (ARN) of a VPC endpoint association.

      • FirewallArn (string) –

        The Amazon Resource Name (ARN) of the firewall.

      • VpcId (string) –

        The unique identifier of the VPC for the endpoint association.

      • SubnetMapping (dict) –

        The ID for a subnet that’s used in an association with a firewall. This is used in CreateFirewall, AssociateSubnets, and CreateVpcEndpointAssociation. Network Firewall creates an instance of the associated firewall in each subnet that you specify, to filter traffic in the subnet’s Availability Zone.

        • SubnetId (string) –

          The unique identifier for the subnet.

        • IPAddressType (string) –

          The subnet’s IP address type. You can’t change the IP address type after you create the subnet.

      • Description (string) –

        A description of the VPC endpoint association.

      • Tags (list) –

        The key:value pairs to associate with the resource.

        • (dict) –

          A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each Amazon Web Services resource.

          • Key (string) –

            The part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as “customer.” Tag keys are case-sensitive.

          • Value (string) –

            The part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as “companyA” or “companyB.” Tag values are case-sensitive.

    • VpcEndpointAssociationStatus (dict) –

      Detailed information about the current status of a VpcEndpointAssociation. You can retrieve this by calling DescribeVpcEndpointAssociation and providing the VPC endpoint association ARN.

      • Status (string) –

        The readiness of the configured firewall endpoint to handle network traffic.

      • AssociationSyncState (dict) –

        The list of the Availability Zone sync states for all subnets that are defined by the firewall.

        • (string) –

          • (dict) –

            The status of the firewall endpoint defined by a VpcEndpointAssociation.

            • Attachment (dict) –

              The definition and status of the firewall endpoint for a single subnet. In each configured subnet, Network Firewall instantiates a firewall endpoint to handle network traffic.

              This data type is used for any firewall endpoint type:

              • For Firewall.SubnetMappings, this Attachment is part of the FirewallStatus sync states information. You define firewall subnets using CreateFirewall and AssociateSubnets.

              • For VpcEndpointAssociation, this Attachment is part of the VpcEndpointAssociationStatus sync states information. You define these subnets using CreateVpcEndpointAssociation.

              • SubnetId (string) –

                The unique identifier of the subnet that you’ve specified to be used for a firewall endpoint.

              • EndpointId (string) –

                The identifier of the firewall endpoint that Network Firewall has instantiated in the subnet. You use this to identify the firewall endpoint in the VPC route tables, when you redirect the VPC traffic through the endpoint.

              • Status (string) –

                The current status of the firewall endpoint instantiation in the subnet.

                When this value is READY, the endpoint is available to handle network traffic. Otherwise, this value reflects its state, for example CREATING or DELETING.

              • StatusMessage (string) –

                If Network Firewall fails to create or delete the firewall endpoint in the subnet, it populates this with the reason for the error or failure and how to resolve it. A FAILED status indicates a non-recoverable state, and a ERROR status indicates an issue that you can fix. Depending on the error, it can take as many as 15 minutes to populate this field. For more information about the causes for failiure or errors and solutions available for this field, see Troubleshooting firewall endpoint failures in the Network Firewall Developer Guide.

Exceptions