:doc:`finspace <../../finspace>` / Client / update_kx_environment_network

*****************************
update_kx_environment_network
*****************************



.. py:method:: finspace.Client.update_kx_environment_network(**kwargs)

  

  Updates environment network to connect to your internal network by using a transit gateway. This API supports request to create a transit gateway attachment from FinSpace VPC to your transit gateway ID and create a custom Route-53 outbound resolvers.

   

  Once you send a request to update a network, you cannot change it again. Network update might require termination of any clusters that are running in the existing network.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/finspace-2021-03-12/UpdateKxEnvironmentNetwork>`_  


  **Request Syntax**
  ::

    response = client.update_kx_environment_network(
        environmentId='string',
        transitGatewayConfiguration={
            'transitGatewayID': 'string',
            'routableCIDRSpace': 'string',
            'attachmentNetworkAclConfiguration': [
                {
                    'ruleNumber': 123,
                    'protocol': 'string',
                    'ruleAction': 'allow'|'deny',
                    'portRange': {
                        'from': 123,
                        'to': 123
                    },
                    'icmpTypeCode': {
                        'type': 123,
                        'code': 123
                    },
                    'cidrBlock': 'string'
                },
            ]
        },
        customDNSConfiguration=[
            {
                'customDNSServerName': 'string',
                'customDNSServerIP': 'string'
            },
        ],
        clientToken='string'
    )
    
  :type environmentId: string
  :param environmentId: **[REQUIRED]** 

    A unique identifier for the kdb environment.

    

  
  :type transitGatewayConfiguration: dict
  :param transitGatewayConfiguration: 

    Specifies the transit gateway and network configuration to connect the kdb environment to an internal network.

    

  
    - **transitGatewayID** *(string) --* **[REQUIRED]** 

      The identifier of the transit gateway created by the customer to connect outbound traffics from kdb network to your internal network.

      

    
    - **routableCIDRSpace** *(string) --* **[REQUIRED]** 

      The routing CIDR on behalf of kdb environment. It could be any "/26 range in the 100.64.0.0 CIDR space. After providing, it will be added to the customer's transit gateway routing table so that the traffics could be routed to kdb network.

      

    
    - **attachmentNetworkAclConfiguration** *(list) --* 

      The rules that define how you manage the outbound traffic from kdb network to your internal network.

      

    
      - *(dict) --* 

        The network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. The entry is a set of numbered ingress and egress rules that determine whether a packet should be allowed in or out of a subnet associated with the ACL. We process the entries in the ACL according to the rule numbers, in ascending order.

        

      
        - **ruleNumber** *(integer) --* **[REQUIRED]** 

          The rule number for the entry. For example *100*. All the network ACL entries are processed in ascending order by rule number.

          

        
        - **protocol** *(string) --* **[REQUIRED]** 

          The protocol number. A value of *-1* means all the protocols.

          

        
        - **ruleAction** *(string) --* **[REQUIRED]** 

          Indicates whether to allow or deny the traffic that matches the rule.

          

        
        - **portRange** *(dict) --* 

          The range of ports the rule applies to.

          

        
          - **from** *(integer) --* **[REQUIRED]** 

            The first port in the range.

            

          
          - **to** *(integer) --* **[REQUIRED]** 

            The last port in the range.

            

          
        
        - **icmpTypeCode** *(dict) --* 

          Defines the ICMP protocol that consists of the ICMP type and code.

          

        
          - **type** *(integer) --* **[REQUIRED]** 

            The ICMP type. A value of *-1* means all types.

            

          
          - **code** *(integer) --* **[REQUIRED]** 

            The ICMP code. A value of *-1* means all codes for the specified ICMP type.

            

          
        
        - **cidrBlock** *(string) --* **[REQUIRED]** 

          The IPv4 network range to allow or deny, in CIDR notation. For example, ``172.16.0.0/24``. We modify the specified CIDR block to its canonical form. For example, if you specify ``100.68.0.18/18``, we modify it to ``100.68.0.0/18``.

          

        
      
  
  
  :type customDNSConfiguration: list
  :param customDNSConfiguration: 

    A list of DNS server name and server IP. This is used to set up Route-53 outbound resolvers.

    

  
    - *(dict) --* 

      A list of DNS server name and server IP. This is used to set up Route-53 outbound resolvers.

      

    
      - **customDNSServerName** *(string) --* **[REQUIRED]** 

        The name of the DNS server.

        

      
      - **customDNSServerIP** *(string) --* **[REQUIRED]** 

        The IP address of the DNS server.

        

      
    

  :type clientToken: string
  :param clientToken: 

    A token that ensures idempotency. This token expires in 10 minutes.

    This field is autopopulated if not provided.

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'name': 'string',
          'environmentId': 'string',
          'awsAccountId': 'string',
          'status': 'CREATE_REQUESTED'|'CREATING'|'CREATED'|'DELETE_REQUESTED'|'DELETING'|'DELETED'|'FAILED_CREATION'|'RETRY_DELETION'|'FAILED_DELETION'|'UPDATE_NETWORK_REQUESTED'|'UPDATING_NETWORK'|'FAILED_UPDATING_NETWORK'|'SUSPENDED',
          'tgwStatus': 'NONE'|'UPDATE_REQUESTED'|'UPDATING'|'FAILED_UPDATE'|'SUCCESSFULLY_UPDATED',
          'dnsStatus': 'NONE'|'UPDATE_REQUESTED'|'UPDATING'|'FAILED_UPDATE'|'SUCCESSFULLY_UPDATED',
          'errorMessage': 'string',
          'description': 'string',
          'environmentArn': 'string',
          'kmsKeyId': 'string',
          'dedicatedServiceAccountId': 'string',
          'transitGatewayConfiguration': {
              'transitGatewayID': 'string',
              'routableCIDRSpace': 'string',
              'attachmentNetworkAclConfiguration': [
                  {
                      'ruleNumber': 123,
                      'protocol': 'string',
                      'ruleAction': 'allow'|'deny',
                      'portRange': {
                          'from': 123,
                          'to': 123
                      },
                      'icmpTypeCode': {
                          'type': 123,
                          'code': 123
                      },
                      'cidrBlock': 'string'
                  },
              ]
          },
          'customDNSConfiguration': [
              {
                  'customDNSServerName': 'string',
                  'customDNSServerIP': 'string'
              },
          ],
          'creationTimestamp': datetime(2015, 1, 1),
          'updateTimestamp': datetime(2015, 1, 1),
          'availabilityZoneIds': [
              'string',
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **name** *(string) --* 

        The name of the kdb environment.

        
      

      - **environmentId** *(string) --* 

        A unique identifier for the kdb environment.

        
      

      - **awsAccountId** *(string) --* 

        The unique identifier of the AWS account that is used to create the kdb environment.

        
      

      - **status** *(string) --* 

        The status of the kdb environment.

        
      

      - **tgwStatus** *(string) --* 

        The status of the network configuration.

        
      

      - **dnsStatus** *(string) --* 

        The status of DNS configuration.

        
      

      - **errorMessage** *(string) --* 

        Specifies the error message that appears if a flow fails.

        
      

      - **description** *(string) --* 

        The description of the environment.

        
      

      - **environmentArn** *(string) --* 

        The ARN identifier of the environment.

        
      

      - **kmsKeyId** *(string) --* 

        The KMS key ID to encrypt your data in the FinSpace environment.

        
      

      - **dedicatedServiceAccountId** *(string) --* 

        A unique identifier for the AWS environment infrastructure account.

        
      

      - **transitGatewayConfiguration** *(dict) --* 

        The structure of the transit gateway and network configuration that is used to connect the kdb environment to an internal network.

        
        

        - **transitGatewayID** *(string) --* 

          The identifier of the transit gateway created by the customer to connect outbound traffics from kdb network to your internal network.

          
        

        - **routableCIDRSpace** *(string) --* 

          The routing CIDR on behalf of kdb environment. It could be any "/26 range in the 100.64.0.0 CIDR space. After providing, it will be added to the customer's transit gateway routing table so that the traffics could be routed to kdb network.

          
        

        - **attachmentNetworkAclConfiguration** *(list) --* 

          The rules that define how you manage the outbound traffic from kdb network to your internal network.

          
          

          - *(dict) --* 

            The network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. The entry is a set of numbered ingress and egress rules that determine whether a packet should be allowed in or out of a subnet associated with the ACL. We process the entries in the ACL according to the rule numbers, in ascending order.

            
            

            - **ruleNumber** *(integer) --* 

              The rule number for the entry. For example *100*. All the network ACL entries are processed in ascending order by rule number.

              
            

            - **protocol** *(string) --* 

              The protocol number. A value of *-1* means all the protocols.

              
            

            - **ruleAction** *(string) --* 

              Indicates whether to allow or deny the traffic that matches the rule.

              
            

            - **portRange** *(dict) --* 

              The range of ports the rule applies to.

              
              

              - **from** *(integer) --* 

                The first port in the range.

                
              

              - **to** *(integer) --* 

                The last port in the range.

                
          
            

            - **icmpTypeCode** *(dict) --* 

              Defines the ICMP protocol that consists of the ICMP type and code.

              
              

              - **type** *(integer) --* 

                The ICMP type. A value of *-1* means all types.

                
              

              - **code** *(integer) --* 

                The ICMP code. A value of *-1* means all codes for the specified ICMP type.

                
          
            

            - **cidrBlock** *(string) --* 

              The IPv4 network range to allow or deny, in CIDR notation. For example, ``172.16.0.0/24``. We modify the specified CIDR block to its canonical form. For example, if you specify ``100.68.0.18/18``, we modify it to ``100.68.0.0/18``.

              
        
      
    
      

      - **customDNSConfiguration** *(list) --* 

        A list of DNS server name and server IP. This is used to set up Route-53 outbound resolvers.

        
        

        - *(dict) --* 

          A list of DNS server name and server IP. This is used to set up Route-53 outbound resolvers.

          
          

          - **customDNSServerName** *(string) --* 

            The name of the DNS server.

            
          

          - **customDNSServerIP** *(string) --* 

            The IP address of the DNS server.

            
      
    
      

      - **creationTimestamp** *(datetime) --* 

        The timestamp at which the kdb environment was created in FinSpace.

        
      

      - **updateTimestamp** *(datetime) --* 

        The timestamp at which the kdb environment was updated.

        
      

      - **availabilityZoneIds** *(list) --* 

        The identifier of the availability zones where subnets for the environment are created.

        
        

        - *(string) --* 
    
  
  **Exceptions**
  
  *   :py:class:`finspace.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`finspace.Client.exceptions.InternalServerException`

  
  *   :py:class:`finspace.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`finspace.Client.exceptions.ThrottlingException`

  
  *   :py:class:`finspace.Client.exceptions.ValidationException`

  
  *   :py:class:`finspace.Client.exceptions.ConflictException`

  