:doc:`EC2 <../../ec2>` / Client / create_traffic_mirror_filter_rule

*********************************
create_traffic_mirror_filter_rule
*********************************



.. py:method:: EC2.Client.create_traffic_mirror_filter_rule(**kwargs)

  

  Creates a Traffic Mirror filter rule.

   

  A Traffic Mirror rule defines the Traffic Mirror source traffic to mirror.

   

  You need the Traffic Mirror filter ID when you create the rule.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/ec2-2016-11-15/CreateTrafficMirrorFilterRule>`_  


  **Request Syntax**
  ::

    response = client.create_traffic_mirror_filter_rule(
        TrafficMirrorFilterId='string',
        TrafficDirection='ingress'|'egress',
        RuleNumber=123,
        RuleAction='accept'|'reject',
        DestinationPortRange={
            'FromPort': 123,
            'ToPort': 123
        },
        SourcePortRange={
            'FromPort': 123,
            'ToPort': 123
        },
        Protocol=123,
        DestinationCidrBlock='string',
        SourceCidrBlock='string',
        Description='string',
        DryRun=True|False,
        ClientToken='string',
        TagSpecifications=[
            {
                'ResourceType': 'capacity-reservation'|'client-vpn-endpoint'|'customer-gateway'|'carrier-gateway'|'coip-pool'|'declarative-policies-report'|'dedicated-host'|'dhcp-options'|'egress-only-internet-gateway'|'elastic-ip'|'elastic-gpu'|'export-image-task'|'export-instance-task'|'fleet'|'fpga-image'|'host-reservation'|'image'|'image-usage-report'|'import-image-task'|'import-snapshot-task'|'instance'|'instance-event-window'|'internet-gateway'|'ipam'|'ipam-pool'|'ipam-scope'|'ipv4pool-ec2'|'ipv6pool-ec2'|'key-pair'|'launch-template'|'local-gateway'|'local-gateway-route-table'|'local-gateway-virtual-interface'|'local-gateway-virtual-interface-group'|'local-gateway-route-table-vpc-association'|'local-gateway-route-table-virtual-interface-group-association'|'natgateway'|'network-acl'|'network-interface'|'network-insights-analysis'|'network-insights-path'|'network-insights-access-scope'|'network-insights-access-scope-analysis'|'outpost-lag'|'placement-group'|'prefix-list'|'replace-root-volume-task'|'reserved-instances'|'route-table'|'security-group'|'security-group-rule'|'service-link-virtual-interface'|'snapshot'|'spot-fleet-request'|'spot-instances-request'|'subnet'|'subnet-cidr-reservation'|'traffic-mirror-filter'|'traffic-mirror-session'|'traffic-mirror-target'|'transit-gateway'|'transit-gateway-attachment'|'transit-gateway-connect-peer'|'transit-gateway-multicast-domain'|'transit-gateway-policy-table'|'transit-gateway-metering-policy'|'transit-gateway-route-table'|'transit-gateway-route-table-announcement'|'volume'|'vpc'|'vpc-endpoint'|'vpc-endpoint-connection'|'vpc-endpoint-service'|'vpc-endpoint-service-permission'|'vpc-peering-connection'|'vpn-connection'|'vpn-gateway'|'vpc-flow-log'|'capacity-reservation-fleet'|'traffic-mirror-filter-rule'|'vpc-endpoint-connection-device-type'|'verified-access-instance'|'verified-access-group'|'verified-access-endpoint'|'verified-access-policy'|'verified-access-trust-provider'|'vpn-connection-device-type'|'vpc-block-public-access-exclusion'|'vpc-encryption-control'|'route-server'|'route-server-endpoint'|'route-server-peer'|'ipam-resource-discovery'|'ipam-resource-discovery-association'|'instance-connect-endpoint'|'verified-access-endpoint-target'|'ipam-external-resource-verification-token'|'capacity-block'|'mac-modification-task'|'ipam-prefix-list-resolver'|'ipam-policy'|'ipam-prefix-list-resolver-target'|'secondary-interface'|'secondary-network'|'secondary-subnet'|'capacity-manager-data-export'|'vpn-concentrator',
                'Tags': [
                    {
                        'Key': 'string',
                        'Value': 'string'
                    },
                ]
            },
        ]
    )
    
  :type TrafficMirrorFilterId: string
  :param TrafficMirrorFilterId: **[REQUIRED]** 

    The ID of the filter that this rule is associated with.

    

  
  :type TrafficDirection: string
  :param TrafficDirection: **[REQUIRED]** 

    The type of traffic.

    

  
  :type RuleNumber: integer
  :param RuleNumber: **[REQUIRED]** 

    The number of the Traffic Mirror rule. This number must be unique for each Traffic Mirror rule in a given direction. The rules are processed in ascending order by rule number.

    

  
  :type RuleAction: string
  :param RuleAction: **[REQUIRED]** 

    The action to take on the filtered traffic.

    

  
  :type DestinationPortRange: dict
  :param DestinationPortRange: 

    The destination port range.

    

  
    - **FromPort** *(integer) --* 

      The first port in the Traffic Mirror port range. This applies to the TCP and UDP protocols.

      

    
    - **ToPort** *(integer) --* 

      The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols.

      

    
  
  :type SourcePortRange: dict
  :param SourcePortRange: 

    The source port range.

    

  
    - **FromPort** *(integer) --* 

      The first port in the Traffic Mirror port range. This applies to the TCP and UDP protocols.

      

    
    - **ToPort** *(integer) --* 

      The last port in the Traffic Mirror port range. This applies to the TCP and UDP protocols.

      

    
  
  :type Protocol: integer
  :param Protocol: 

    The protocol, for example UDP, to assign to the Traffic Mirror rule.

     

    For information about the protocol value, see `Protocol Numbers <https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml>`__ on the Internet Assigned Numbers Authority (IANA) website.

    

  
  :type DestinationCidrBlock: string
  :param DestinationCidrBlock: **[REQUIRED]** 

    The destination CIDR block to assign to the Traffic Mirror rule.

    

  
  :type SourceCidrBlock: string
  :param SourceCidrBlock: **[REQUIRED]** 

    The source CIDR block to assign to the Traffic Mirror rule.

    

  
  :type Description: string
  :param Description: 

    The description of the Traffic Mirror rule.

    

  
  :type DryRun: boolean
  :param DryRun: 

    Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is ``DryRunOperation``. Otherwise, it is ``UnauthorizedOperation``.

    

  
  :type ClientToken: string
  :param ClientToken: 

    Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see `How to ensure idempotency <https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html>`__.

    This field is autopopulated if not provided.

  
  :type TagSpecifications: list
  :param TagSpecifications: 

    Traffic Mirroring tags specifications.

    

  
    - *(dict) --* 

      The tags to apply to a resource when the resource is being created. When you specify a tag, you must specify the resource type to tag, otherwise the request will fail.

       

      .. note::

        

        The ``Valid Values`` lists all the resource types that can be tagged. However, the action you're using might not support tagging all of these resource types. If you try to tag a resource type that is unsupported for the action you're using, you'll get an error.

        

      

    
      - **ResourceType** *(string) --* 

        The type of resource to tag on creation.

        

      
      - **Tags** *(list) --* 

        The tags to apply to the resource.

        

      
        - *(dict) --* 

          Describes a tag.

          

        
          - **Key** *(string) --* 

            The key of the tag.

             

            Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

            

          
          - **Value** *(string) --* 

            The value of the tag.

             

            Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

            

          
        
    
    

  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'TrafficMirrorFilterRule': {
              'TrafficMirrorFilterRuleId': 'string',
              'TrafficMirrorFilterId': 'string',
              'TrafficDirection': 'ingress'|'egress',
              'RuleNumber': 123,
              'RuleAction': 'accept'|'reject',
              'Protocol': 123,
              'DestinationPortRange': {
                  'FromPort': 123,
                  'ToPort': 123
              },
              'SourcePortRange': {
                  'FromPort': 123,
                  'ToPort': 123
              },
              'DestinationCidrBlock': 'string',
              'SourceCidrBlock': 'string',
              'Description': 'string',
              'Tags': [
                  {
                      'Key': 'string',
                      'Value': 'string'
                  },
              ]
          },
          'ClientToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **TrafficMirrorFilterRule** *(dict) --* 

        The Traffic Mirror rule.

        
        

        - **TrafficMirrorFilterRuleId** *(string) --* 

          The ID of the Traffic Mirror rule.

          
        

        - **TrafficMirrorFilterId** *(string) --* 

          The ID of the Traffic Mirror filter that the rule is associated with.

          
        

        - **TrafficDirection** *(string) --* 

          The traffic direction assigned to the Traffic Mirror rule.

          
        

        - **RuleNumber** *(integer) --* 

          The rule number of the Traffic Mirror rule.

          
        

        - **RuleAction** *(string) --* 

          The action assigned to the Traffic Mirror rule.

          
        

        - **Protocol** *(integer) --* 

          The protocol assigned to the Traffic Mirror rule.

          
        

        - **DestinationPortRange** *(dict) --* 

          The destination port range assigned to the Traffic Mirror rule.

          
          

          - **FromPort** *(integer) --* 

            The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

            
          

          - **ToPort** *(integer) --* 

            The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

            
      
        

        - **SourcePortRange** *(dict) --* 

          The source port range assigned to the Traffic Mirror rule.

          
          

          - **FromPort** *(integer) --* 

            The start of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

            
          

          - **ToPort** *(integer) --* 

            The end of the Traffic Mirror port range. This applies to the TCP and UDP protocols.

            
      
        

        - **DestinationCidrBlock** *(string) --* 

          The destination CIDR block assigned to the Traffic Mirror rule.

          
        

        - **SourceCidrBlock** *(string) --* 

          The source CIDR block assigned to the Traffic Mirror rule.

          
        

        - **Description** *(string) --* 

          The description of the Traffic Mirror rule.

          
        

        - **Tags** *(list) --* 

          Tags on Traffic Mirroring filter rules.

          
          

          - *(dict) --* 

            Describes a tag.

            
            

            - **Key** *(string) --* 

              The key of the tag.

               

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with ``aws:``.

              
            

            - **Value** *(string) --* 

              The value of the tag.

               

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

              
        
      
    
      

      - **ClientToken** *(string) --* 

        Unique, case-sensitive identifier that you provide to ensure the idempotency of the request. For more information, see `How to ensure idempotency <https://docs.aws.amazon.com/ec2/latest/devguide/ec2-api-idempotency.html>`__.

        
  