:doc:`NetworkFirewall <../../network-firewall>` / Client / describe_flow_operation

***********************
describe_flow_operation
***********************



.. py:method:: NetworkFirewall.Client.describe_flow_operation(**kwargs)

  

  Returns key information about a specific flow operation.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/network-firewall-2020-11-12/DescribeFlowOperation>`_  


  **Request Syntax**
  ::

    response = client.describe_flow_operation(
        FirewallArn='string',
        AvailabilityZone='string',
        VpcEndpointAssociationArn='string',
        VpcEndpointId='string',
        FlowOperationId='string'
    )
    
  :type FirewallArn: string
  :param FirewallArn: **[REQUIRED]** 

    The Amazon Resource Name (ARN) of the firewall.

    

  
  :type AvailabilityZone: string
  :param AvailabilityZone: 

    The ID of the Availability Zone where the firewall is located. For example, ``us-east-2a``.

     

    Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

    

  
  :type VpcEndpointAssociationArn: string
  :param VpcEndpointAssociationArn: 

    The Amazon Resource Name (ARN) of a VPC endpoint association.

    

  
  :type VpcEndpointId: string
  :param VpcEndpointId: 

    A unique identifier for the primary endpoint associated with a firewall.

    

  
  :type FlowOperationId: string
  :param FlowOperationId: **[REQUIRED]** 

    A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'FirewallArn': 'string',
          'AvailabilityZone': 'string',
          'VpcEndpointAssociationArn': 'string',
          'VpcEndpointId': 'string',
          'FlowOperationId': 'string',
          'FlowOperationType': 'FLOW_FLUSH'|'FLOW_CAPTURE',
          'FlowOperationStatus': 'COMPLETED'|'IN_PROGRESS'|'FAILED'|'COMPLETED_WITH_ERRORS',
          'StatusMessage': 'string',
          'FlowRequestTimestamp': datetime(2015, 1, 1),
          'FlowOperation': {
              'MinimumFlowAgeInSeconds': 123,
              'FlowFilters': [
                  {
                      'SourceAddress': {
                          'AddressDefinition': 'string'
                      },
                      'DestinationAddress': {
                          'AddressDefinition': 'string'
                      },
                      'SourcePort': 'string',
                      'DestinationPort': 'string',
                      'Protocols': [
                          'string',
                      ]
                  },
              ]
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **FirewallArn** *(string) --* 

        The Amazon Resource Name (ARN) of the firewall.

        
      

      - **AvailabilityZone** *(string) --* 

        The ID of the Availability Zone where the firewall is located. For example, ``us-east-2a``.

         

        Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

        
      

      - **VpcEndpointAssociationArn** *(string) --* 

        The Amazon Resource Name (ARN) of a VPC endpoint association.

        
      

      - **VpcEndpointId** *(string) --* 

        A unique identifier for the primary endpoint associated with a firewall.

        
      

      - **FlowOperationId** *(string) --* 

        A unique identifier for the flow operation. This ID is returned in the responses to start and list commands. You provide to describe commands.

        
      

      - **FlowOperationType** *(string) --* 

        Defines the type of ``FlowOperation``.

        
      

      - **FlowOperationStatus** *(string) --* 

        Returns the status of the flow operation. This string is returned in the responses to start, list, and describe commands.

         

        If the status is ``COMPLETED_WITH_ERRORS``, results may be returned with any number of ``Flows`` missing from the response. If the status is ``FAILED``, ``Flows`` returned will be empty.

        
      

      - **StatusMessage** *(string) --* 

        If the asynchronous operation fails, Network Firewall populates this with the reason for the error or failure. Options include ``Flow operation error`` and ``Flow timeout``.

        
      

      - **FlowRequestTimestamp** *(datetime) --* 

        A timestamp indicating when the Suricata engine identified flows impacted by an operation.

        
      

      - **FlowOperation** *(dict) --* 

        Returns key information about a flow operation, such as related statuses, unique identifiers, and all filters defined in the operation.

        
        

        - **MinimumFlowAgeInSeconds** *(integer) --* 

          The reqested ``FlowOperation`` ignores flows with an age (in seconds) lower than ``MinimumFlowAgeInSeconds``. You provide this for start commands.

          
        

        - **FlowFilters** *(list) --* 

          Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

          
          

          - *(dict) --* 

            Defines the scope a flow operation. You can use up to 20 filters to configure a single flow operation.

            
            

            - **SourceAddress** *(dict) --* 

              A single IP address specification. This is used in the  MatchAttributes source and destination specifications.

              
              

              - **AddressDefinition** *(string) --* 

                Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

                 

                Examples:

                 

                
                * To configure Network Firewall to inspect for the IP address 192.0.2.44, specify ``192.0.2.44/32``.
                 
                * To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify ``192.0.2.0/24``.
                 
                * To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify ``1111:0000:0000:0000:0000:0000:0000:0111/128``.
                 
                * To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify ``1111:0000:0000:0000:0000:0000:0000:0000/64``.
                

                 

                For more information about CIDR notation, see the Wikipedia entry `Classless Inter-Domain Routing <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__.

                
          
            

            - **DestinationAddress** *(dict) --* 

              A single IP address specification. This is used in the  MatchAttributes source and destination specifications.

              
              

              - **AddressDefinition** *(string) --* 

                Specify an IP address or a block of IP addresses in Classless Inter-Domain Routing (CIDR) notation. Network Firewall supports all address ranges for IPv4 and IPv6.

                 

                Examples:

                 

                
                * To configure Network Firewall to inspect for the IP address 192.0.2.44, specify ``192.0.2.44/32``.
                 
                * To configure Network Firewall to inspect for IP addresses from 192.0.2.0 to 192.0.2.255, specify ``192.0.2.0/24``.
                 
                * To configure Network Firewall to inspect for the IP address 1111:0000:0000:0000:0000:0000:0000:0111, specify ``1111:0000:0000:0000:0000:0000:0000:0111/128``.
                 
                * To configure Network Firewall to inspect for IP addresses from 1111:0000:0000:0000:0000:0000:0000:0000 to 1111:0000:0000:0000:ffff:ffff:ffff:ffff, specify ``1111:0000:0000:0000:0000:0000:0000:0000/64``.
                

                 

                For more information about CIDR notation, see the Wikipedia entry `Classless Inter-Domain Routing <https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing>`__.

                
          
            

            - **SourcePort** *(string) --* 

              The source port to inspect for. You can specify an individual port, for example ``1994`` and you can specify a port range, for example ``1990:1994``. To match with any port, specify ``ANY``.

              
            

            - **DestinationPort** *(string) --* 

              The destination port to inspect for. You can specify an individual port, for example ``1994`` and you can specify a port range, for example ``1990:1994``. To match with any port, specify ``ANY``.

              
            

            - **Protocols** *(list) --* 

              The protocols to inspect for, specified using the assigned internet protocol number (IANA) for each protocol. If not specified, this matches with any protocol.

              
              

              - *(string) --* 
          
        
      
    
  
  **Exceptions**
  
  *   :py:class:`NetworkFirewall.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`NetworkFirewall.Client.exceptions.InternalServerError`

  
  *   :py:class:`NetworkFirewall.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`NetworkFirewall.Client.exceptions.ThrottlingException`

  