:doc:`EC2 <../../ec2>` / Client / create_traffic_mirror_filter

****************************
create_traffic_mirror_filter
****************************



.. py:method:: EC2.Client.create_traffic_mirror_filter(**kwargs)

  

  Creates a Traffic Mirror filter.

   

  A Traffic Mirror filter is a set of rules that defines the traffic to mirror.

   

  By default, no traffic is mirrored. To mirror traffic, use `CreateTrafficMirrorFilterRule <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_CreateTrafficMirrorFilterRule.htm>`__ to add Traffic Mirror rules to the filter. The rules you add define what traffic gets mirrored. You can also use `ModifyTrafficMirrorFilterNetworkServices <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_ModifyTrafficMirrorFilterNetworkServices.html>`__ to mirror supported network services.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorFilter>`_  


  **Request Syntax**
  ::

    response = client.create_traffic_mirror_filter(
        Description='string',
        TagSpecifications=[
            {
                'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-metering-policy'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'secondary-interface'|'secondary-network'|'secondary-subnet'|'capacity-manager-data-export'|'vpn-concentrator',
                'Tags': [
                    {
                        'Key': 'string',
                        'Value': 'string'
                    },
                ]
            },
        ],
        DryRun=True|False,
        ClientToken='string'
    )
    
  :type Description: string
  :param Description: 

    The description of the Traffic Mirror filter.

    

  
  :type TagSpecifications: list
  :param TagSpecifications: 

    The tags to assign to a Traffic Mirror filter.

    

  
    - *(dict) --* 

      The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

       

      .. note::

        

        The ``Valid Values`` lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.

        

      

    
      - **ResourceType** *(string) --* 

        The type of resource to tag on creation.

        

      
      - **Tags** *(list) --* 

        The tags to apply to the resource.

        

      
        - *(dict) --* 

          Describes a tag.

          

        
          - **Key** *(string) --* 

            The key of the tag.

             

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

            

          
          - **Value** *(string) --* 

            The value of the tag.

             

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

            

          
        
    
    

  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  :type ClientToken: string
  :param ClientToken: 

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see `How to ensure idempotency <https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html>`__.

    This field is autopopulated if not provided.

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'TrafficMirrorFilter': {
              'TrafficMirrorFilterId': 'string',
              'IngressFilterRules': [
                  {
                      'TrafficMirrorFilterRuleId': 'string',
                      'TrafficMirrorFilterId': 'string',
                      'TrafficDirection': 'ingress'|'egress',
                      'RuleNumber': 123,
                      'RuleAction': 'accept'|'reject',
                      'Protocol': 123,
                      'DestinationPortRange': {
                          'FromPort': 123,
                          'ToPort': 123
                      },
                      'SourcePortRange': {
                          'FromPort': 123,
                          'ToPort': 123
                      },
                      'DestinationCidrBlock': 'string',
                      'SourceCidrBlock': 'string',
                      'Description': 'string',
                      'Tags': [
                          {
                              'Key': 'string',
                              'Value': 'string'
                          },
                      ]
                  },
              ],
              'EgressFilterRules': [
                  {
                      'TrafficMirrorFilterRuleId': 'string',
                      'TrafficMirrorFilterId': 'string',
                      'TrafficDirection': 'ingress'|'egress',
                      'RuleNumber': 123,
                      'RuleAction': 'accept'|'reject',
                      'Protocol': 123,
                      'DestinationPortRange': {
                          'FromPort': 123,
                          'ToPort': 123
                      },
                      'SourcePortRange': {
                          'FromPort': 123,
                          'ToPort': 123
                      },
                      'DestinationCidrBlock': 'string',
                      'SourceCidrBlock': 'string',
                      'Description': 'string',
                      'Tags': [
                          {
                              'Key': 'string',
                              'Value': 'string'
                          },
                      ]
                  },
              ],
              'NetworkServices': [
                  'amazon-dns',
              ],
              'Description': 'string',
              'Tags': [
                  {
                      'Key': 'string',
                      'Value': 'string'
                  },
              ]
          },
          'ClientToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **TrafficMirrorFilter** *(dict) --* 

        Information about the Traffic Mirror filter.

        
        

        - **TrafficMirrorFilterId** *(string) --* 

          The ID of the Traffic Mirror filter.

          
        

        - **IngressFilterRules** *(list) --* 

          Information about the ingress rules that are associated with the Traffic Mirror filter.

          
          

          - *(dict) --* 

            Describes the Traffic Mirror rule.

            
            

            - **TrafficMirrorFilterRuleId** *(string) --* 

              The ID of the Traffic Mirror rule.

              
            

            - **TrafficMirrorFilterId** *(string) --* 

              The ID of the Traffic Mirror filter that the rule is associated with.

              
            

            - **TrafficDirection** *(string) --* 

              The traffic direction assigned to the Traffic Mirror rule.

              
            

            - **RuleNumber** *(integer) --* 

              The rule number of the Traffic Mirror rule.

              
            

            - **RuleAction** *(string) --* 

              The action assigned to the Traffic Mirror rule.

              
            

            - **Protocol** *(integer) --* 

              The protocol assigned to the Traffic Mirror rule.

              
            

            - **DestinationPortRange** *(dict) --* 

              The destination port range assigned to the Traffic Mirror rule.

              
              

              - **FromPort** *(integer) --* 

                The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
              

              - **ToPort** *(integer) --* 

                The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
          
            

            - **SourcePortRange** *(dict) --* 

              The source port range assigned to the Traffic Mirror rule.

              
              

              - **FromPort** *(integer) --* 

                The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
              

              - **ToPort** *(integer) --* 

                The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
          
            

            - **DestinationCidrBlock** *(string) --* 

              The destination CIDR block assigned to the Traffic Mirror rule.

              
            

            - **SourceCidrBlock** *(string) --* 

              The source CIDR block assigned to the Traffic Mirror rule.

              
            

            - **Description** *(string) --* 

              The description of the Traffic Mirror rule.

              
            

            - **Tags** *(list) --* 

              Tags on Traffic Mirroring filter rules.

              
              

              - *(dict) --* 

                Describes a tag.

                
                

                - **Key** *(string) --* 

                  The key of the tag.

                   

                  Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

                  
                

                - **Value** *(string) --* 

                  The value of the tag.

                   

                  Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

                  
            
          
        
      
        

        - **EgressFilterRules** *(list) --* 

          Information about the egress rules that are associated with the Traffic Mirror filter.

          
          

          - *(dict) --* 

            Describes the Traffic Mirror rule.

            
            

            - **TrafficMirrorFilterRuleId** *(string) --* 

              The ID of the Traffic Mirror rule.

              
            

            - **TrafficMirrorFilterId** *(string) --* 

              The ID of the Traffic Mirror filter that the rule is associated with.

              
            

            - **TrafficDirection** *(string) --* 

              The traffic direction assigned to the Traffic Mirror rule.

              
            

            - **RuleNumber** *(integer) --* 

              The rule number of the Traffic Mirror rule.

              
            

            - **RuleAction** *(string) --* 

              The action assigned to the Traffic Mirror rule.

              
            

            - **Protocol** *(integer) --* 

              The protocol assigned to the Traffic Mirror rule.

              
            

            - **DestinationPortRange** *(dict) --* 

              The destination port range assigned to the Traffic Mirror rule.

              
              

              - **FromPort** *(integer) --* 

                The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
              

              - **ToPort** *(integer) --* 

                The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
          
            

            - **SourcePortRange** *(dict) --* 

              The source port range assigned to the Traffic Mirror rule.

              
              

              - **FromPort** *(integer) --* 

                The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
              

              - **ToPort** *(integer) --* 

                The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

                
          
            

            - **DestinationCidrBlock** *(string) --* 

              The destination CIDR block assigned to the Traffic Mirror rule.

              
            

            - **SourceCidrBlock** *(string) --* 

              The source CIDR block assigned to the Traffic Mirror rule.

              
            

            - **Description** *(string) --* 

              The description of the Traffic Mirror rule.

              
            

            - **Tags** *(list) --* 

              Tags on Traffic Mirroring filter rules.

              
              

              - *(dict) --* 

                Describes a tag.

                
                

                - **Key** *(string) --* 

                  The key of the tag.

                   

                  Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

                  
                

                - **Value** *(string) --* 

                  The value of the tag.

                   

                  Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

                  
            
          
        
      
        

        - **NetworkServices** *(list) --* 

          The network service traffic that is associated with the Traffic Mirror filter.

          
          

          - *(string) --* 
      
        

        - **Description** *(string) --* 

          The description of the Traffic Mirror filter.

          
        

        - **Tags** *(list) --* 

          The tags assigned to the Traffic Mirror filter.

          
          

          - *(dict) --* 

            Describes a tag.

            
            

            - **Key** *(string) --* 

              The key of the tag.

               

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

              
            

            - **Value** *(string) --* 

              The value of the tag.

               

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

              
        
      
    
      

      - **ClientToken** *(string) --* 

        Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see `How to ensure idempotency <https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html>`__.

        
  