2024/12/02 - Network Flow Monitor - 25 new api methods
Changes This release adds documentation for a new feature in Amazon CloudWatch called Network Flow Monitor. You can use Network Flow Monitor to get near real-time metrics, including retransmissions and data transferred, for your actual workloads.
List all monitors in an account. Optionally, you can list only monitors that have a specific status, by using the STATUS parameter.
See also: AWS API Documentation
Request Syntax
client.list_monitors(
nextToken='string',
maxResults=123,
monitorStatus='PENDING'|'ACTIVE'|'INACTIVE'|'ERROR'|'DELETING'
)
string
The token for the next set of results. You receive this token from a previous call.
integer
The number of query results that you want to return with this call.
string
The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
dict
Response Syntax
{
'monitors': [
{
'monitorArn': 'string',
'monitorName': 'string',
'monitorStatus': 'PENDING'|'ACTIVE'|'INACTIVE'|'ERROR'|'DELETING'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
monitors (list) --
The monitors that are in an account.
(dict) --
A summary of information about a monitor, includ the ARN, the name, and the status.
monitorArn (string) --
The Amazon Resource Name (ARN) of the monitor.
monitorName (string) --
The name of the monitor.
monitorStatus (string) --
The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
nextToken (string) --
The token for the next set of results. You receive this token from a previous call.
Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for workload insights.
When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
See also: AWS API Documentation
Request Syntax
client.get_query_status_workload_insights_top_contributors(
scopeId='string',
queryId='string'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
dict
Response Syntax
{
'status': 'QUEUED'|'RUNNING'|'SUCCEEDED'|'FAILED'|'CANCELED'
}
Response Structure
(dict) --
status (string) --
When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.
QUEUED: The query is scheduled to run.
RUNNING: The query is in progress but not complete.
SUCCEEDED: The query completed sucessfully.
FAILED: The query failed due to an error.
CANCELED: The query was canceled.
Start a query to return the data with the Network Flow Monitor query interface. Specify the query that you want to start by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
See also: AWS API Documentation
Request Syntax
client.start_query_workload_insights_top_contributors(
scopeId='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
metricName='TIMEOUTS'|'RETRANSMISSIONS'|'DATA_TRANSFERRED',
destinationCategory='INTRA_AZ'|'INTER_AZ'|'INTER_VPC'|'UNCLASSIFIED'|'AMAZON_S3'|'AMAZON_DYNAMODB',
limit=123
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
datetime
[REQUIRED]
The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.
datetime
[REQUIRED]
The timestamp that is the date and time end of the period that you want to retrieve results for with your query.
string
[REQUIRED]
The metric that you want to query top contributors for. That is, you can specify this metric to return the top contributor network flows, for this type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.
string
[REQUIRED]
The destination category for a top contributors row. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
integer
The maximum number of top contributors to return.
dict
Response Syntax
{
'queryId': 'string'
}
Response Structure
(dict) --
queryId (string) --
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.
Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData. Use the scope ID that was returned for your account by CreateScope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
See also: AWS API Documentation
Request Syntax
client.get_query_results_workload_insights_top_contributors_data(
scopeId='string',
queryId='string',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
string
The token for the next set of results. You receive this token from a previous call.
integer
The number of query results that you want to return with this call.
dict
Response Syntax
{
'unit': 'Seconds'|'Microseconds'|'Milliseconds'|'Bytes'|'Kilobytes'|'Megabytes'|'Gigabytes'|'Terabytes'|'Bits'|'Kilobits'|'Megabits'|'Gigabits'|'Terabits'|'Percent'|'Count'|'Bytes/Second'|'Kilobytes/Second'|'Megabytes/Second'|'Gigabytes/Second'|'Terabytes/Second'|'Bits/Second'|'Kilobits/Second'|'Megabits/Second'|'Gigabits/Second'|'Terabits/Second'|'Count/Second'|'None',
'datapoints': [
{
'timestamps': [
datetime(2015, 1, 1),
],
'values': [
123.0,
],
'label': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
unit (string) --
The units for a metric returned by the query.
datapoints (list) --
The datapoints returned by the query.
(dict) --
A data point for a top contributor network flow in a scope. Network Flow Monitor returns information about the network flows with the top values for each metric type, which are called top contributors.
timestamps (list) --
An array of the timestamps for the data point.
(datetime) --
values (list) --
The values for the data point.
(float) --
label (string) --
The label identifying the data point.
nextToken (string) --
The token for the next set of results. You receive this token from a previous call.
Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Create a query ID for this call by calling the corresponding API call to start the query, StartQueryMonitorTopContributors. Use the scope ID that was returned for your account by CreateScope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
See also: AWS API Documentation
Request Syntax
client.get_query_results_monitor_top_contributors(
monitorName='string',
queryId='string',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
The name of the monitor.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
string
The token for the next set of results. You receive this token from a previous call.
integer
The number of query results that you want to return with this call.
dict
Response Syntax
{
'unit': 'Seconds'|'Microseconds'|'Milliseconds'|'Bytes'|'Kilobytes'|'Megabytes'|'Gigabytes'|'Terabytes'|'Bits'|'Kilobits'|'Megabits'|'Gigabits'|'Terabits'|'Percent'|'Count'|'Bytes/Second'|'Kilobytes/Second'|'Megabytes/Second'|'Gigabytes/Second'|'Terabytes/Second'|'Bits/Second'|'Kilobits/Second'|'Megabits/Second'|'Gigabits/Second'|'Terabits/Second'|'Count/Second'|'None',
'topContributors': [
{
'localIp': 'string',
'snatIp': 'string',
'localInstanceId': 'string',
'localVpcId': 'string',
'localRegion': 'string',
'localAz': 'string',
'localSubnetId': 'string',
'targetPort': 123,
'destinationCategory': 'INTRA_AZ'|'INTER_AZ'|'INTER_VPC'|'UNCLASSIFIED'|'AMAZON_S3'|'AMAZON_DYNAMODB',
'remoteVpcId': 'string',
'remoteRegion': 'string',
'remoteAz': 'string',
'remoteSubnetId': 'string',
'remoteInstanceId': 'string',
'remoteIp': 'string',
'dnatIp': 'string',
'value': 123,
'traversedConstructs': [
{
'componentId': 'string',
'componentType': 'string',
'componentArn': 'string',
'serviceName': 'string'
},
],
'kubernetesMetadata': {
'localServiceName': 'string',
'localPodName': 'string',
'localPodNamespace': 'string',
'remoteServiceName': 'string',
'remotePodName': 'string',
'remotePodNamespace': 'string'
},
'localInstanceArn': 'string',
'localSubnetArn': 'string',
'localVpcArn': 'string',
'remoteInstanceArn': 'string',
'remoteSubnetArn': 'string',
'remoteVpcArn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
unit (string) --
The units for a metric returned by the query.
topContributors (list) --
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
(dict) --
A set of information for a top contributor network flow in a monitor. In a monitor, Network Flow Monitor returns information about the network flows for top contributors for each metric. Top contributors are network flows with the top values for each metric type.
localIp (string) --
The IP address of the local resource for a top contributor network flow.
snatIp (string) --
The secure network address translation (SNAT) IP address for a top contributor network flow.
localInstanceId (string) --
The instance identifier for the local resource for a top contributor network flow.
localVpcId (string) --
The VPC ID for a top contributor network flow for the local resource.
localRegion (string) --
The Amazon Web Services Region for the local resource for a top contributor network flow.
localAz (string) --
The Availability Zone for the local resource for a top contributor network flow.
localSubnetId (string) --
The subnet ID for the local resource for a top contributor network flow.
targetPort (integer) --
The target port.
destinationCategory (string) --
The destination category for a top contributors row. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
remoteVpcId (string) --
The VPC ID for a top contributor network flow for the remote resource.
remoteRegion (string) --
The Amazon Web Services Region for the remote resource for a top contributor network flow.
remoteAz (string) --
The Availability Zone for the remote resource for a top contributor network flow.
remoteSubnetId (string) --
The subnet ID for the remote resource for a top contributor network flow.
remoteInstanceId (string) --
The instance identifier for the remote resource for a top contributor network flow.
remoteIp (string) --
The IP address of the remote resource for a top contributor network flow.
dnatIp (string) --
The destination network address translation (DNAT) IP address for a top contributor network flow.
value (integer) --
The value of the metric for a top contributor network flow.
traversedConstructs (list) --
The constructs traversed by a network flow.
(dict) --
A section of the network that a network flow has traveled through.
componentId (string) --
The identifier for the traversed component.
componentType (string) --
The type of component that was traversed.
componentArn (string) --
The Amazon Resource Name (ARN) of a tranversed component.
serviceName (string) --
The service name for the traversed component.
kubernetesMetadata (dict) --
Meta data about Kubernetes resources.
localServiceName (string) --
The service name for a local resource.
localPodName (string) --
The name of the pod for a local resource.
localPodNamespace (string) --
The namespace of the pod for a local resource.
remoteServiceName (string) --
The service name for a remote resource.
remotePodName (string) --
The name of the pod for a remote resource.
remotePodNamespace (string) --
The namespace of the pod for a remote resource.
localInstanceArn (string) --
The Amazon Resource Name (ARN) of a local resource.
localSubnetArn (string) --
The Amazon Resource Name (ARN) of a local subnet.
localVpcArn (string) --
The Amazon Resource Name (ARN) of a local VPC.
remoteInstanceArn (string) --
The Amazon Resource Name (ARN) of a remote resource.
remoteSubnetArn (string) --
The Amazon Resource Name (ARN) of a remote subnet.
remoteVpcArn (string) --
The Amazon Resource Name (ARN) of a remote VPC.
nextToken (string) --
The token for the next set of results. You receive this token from a previous call.
Deletes a monitor in Network Flow Monitor.
See also: AWS API Documentation
Request Syntax
client.delete_monitor(
monitorName='string'
)
string
[REQUIRED]
The name of the monitor to delete.
dict
Response Syntax
{}
Response Structure
(dict) --
Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors for a monitor.
When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryMonitorTopContributors.
When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.
See also: AWS API Documentation
Request Syntax
client.get_query_status_monitor_top_contributors(
monitorName='string',
queryId='string'
)
string
[REQUIRED]
The name of the monitor.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
dict
Response Syntax
{
'status': 'QUEUED'|'RUNNING'|'SUCCEEDED'|'FAILED'|'CANCELED'
}
Response Structure
(dict) --
status (string) --
When you run a query, use this call to check the status of the query to make sure that the query has SUCCEEDED before you review the results.
QUEUED: The query is scheduled to run.
RUNNING: The query is in progress but not complete.
SUCCEEDED: The query completed sucessfully.
FAILED: The query failed due to an error.
CANCELED: The query was canceled.
Update a monitor to add or remove local or remote resources.
See also: AWS API Documentation
Request Syntax
client.update_monitor(
monitorName='string',
localResourcesToAdd=[
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet',
'identifier': 'string'
},
],
localResourcesToRemove=[
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet',
'identifier': 'string'
},
],
remoteResourcesToAdd=[
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet'|'AWS::AWSService',
'identifier': 'string'
},
],
remoteResourcesToRemove=[
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet'|'AWS::AWSService',
'identifier': 'string'
},
],
clientToken='string'
)
string
[REQUIRED]
The name of the monitor.
list
The local resources to add, as an array of resources with identifiers and types.
(dict) --
A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.
type (string) -- [REQUIRED]
The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.
identifier (string) -- [REQUIRED]
The identifier of the local resource, such as an ARN.
list
The local resources to remove, as an array of resources with identifiers and types.
(dict) --
A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.
type (string) -- [REQUIRED]
The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.
identifier (string) -- [REQUIRED]
The identifier of the local resource, such as an ARN.
list
The remove resources to add, as an array of resources with identifiers and types.
(dict) --
A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
type (string) -- [REQUIRED]
The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.
identifier (string) -- [REQUIRED]
The identifier of the remote resource, such as an ARN.
list
The remove resources to remove, as an array of resources with identifiers and types.
(dict) --
A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
type (string) -- [REQUIRED]
The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.
identifier (string) -- [REQUIRED]
The identifier of the remote resource, such as an ARN.
string
A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.
This field is autopopulated if not provided.
dict
Response Syntax
{
'monitorArn': 'string',
'monitorName': 'string',
'monitorStatus': 'PENDING'|'ACTIVE'|'INACTIVE'|'ERROR'|'DELETING',
'localResources': [
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet',
'identifier': 'string'
},
],
'remoteResources': [
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet'|'AWS::AWSService',
'identifier': 'string'
},
],
'createdAt': datetime(2015, 1, 1),
'modifiedAt': datetime(2015, 1, 1),
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
monitorArn (string) --
The Amazon Resource Name (ARN) of the monitor.
monitorName (string) --
The name of the monitor.
monitorStatus (string) --
The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
localResources (list) --
The local resources updated for a monitor, as an array of resources with identifiers and types.
(dict) --
A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.
type (string) --
The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.
identifier (string) --
The identifier of the local resource, such as an ARN.
remoteResources (list) --
The remote resources updated for a monitor, as an array of resources with identifiers and types.
(dict) --
A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
type (string) --
The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.
identifier (string) --
The identifier of the remote resource, such as an ARN.
createdAt (datetime) --
The date and time when the monitor was created.
modifiedAt (datetime) --
The last date and time that the monitor was modified.
tags (dict) --
The tags for a monitor.
(string) --
(string) --
Gets information about a monitor in Network Flow Monitor based on a monitor name. The information returned includes the Amazon Resource Name (ARN), create time, modified time, resources included in the monitor, and status information.
See also: AWS API Documentation
Request Syntax
client.get_monitor(
monitorName='string'
)
string
[REQUIRED]
The name of the monitor.
dict
Response Syntax
{
'monitorArn': 'string',
'monitorName': 'string',
'monitorStatus': 'PENDING'|'ACTIVE'|'INACTIVE'|'ERROR'|'DELETING',
'localResources': [
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet',
'identifier': 'string'
},
],
'remoteResources': [
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet'|'AWS::AWSService',
'identifier': 'string'
},
],
'createdAt': datetime(2015, 1, 1),
'modifiedAt': datetime(2015, 1, 1),
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
monitorArn (string) --
The Amazon Resource Name (ARN) of the monitor.
monitorName (string) --
The name of the monitor.
monitorStatus (string) --
The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
localResources (list) --
The local resources for this monitor.
(dict) --
A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.
type (string) --
The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.
identifier (string) --
The identifier of the local resource, such as an ARN.
remoteResources (list) --
The remote resources for this monitor.
(dict) --
A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
type (string) --
The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.
identifier (string) --
The identifier of the remote resource, such as an ARN.
createdAt (datetime) --
The date and time when the monitor was created.
modifiedAt (datetime) --
The date and time when the monitor was last modified.
tags (dict) --
The tags for a monitor.
(string) --
(string) --
Adds a tag to a resource.
See also: AWS API Documentation
Request Syntax
client.tag_resource(
resourceArn='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the resource.
dict
[REQUIRED]
The tags for a resource.
(string) --
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Returns all the tags for a resource.
See also: AWS API Documentation
Request Syntax
client.list_tags_for_resource(
resourceArn='string'
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the resource.
dict
Response Syntax
{
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
tags (dict) --
The tags for a resource.
(string) --
(string) --
Update a scope to add or remove resources that you want to be available for Network Flow Monitor to generate metrics for, when you have active agents on those resources sending metrics reports to the Network Flow Monitor backend.
See also: AWS API Documentation
Request Syntax
client.update_scope(
scopeId='string',
resourcesToAdd=[
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
],
resourcesToDelete=[
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
]
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
list
A list of resources to add to a scope.
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) -- [REQUIRED]
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) -- [REQUIRED]
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) -- [REQUIRED]
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) -- [REQUIRED]
The Amazon Web Services Region where the target resource is located.
list
A list of resources to delete from a scope.
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) -- [REQUIRED]
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) -- [REQUIRED]
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) -- [REQUIRED]
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) -- [REQUIRED]
The Amazon Web Services Region where the target resource is located.
dict
Response Syntax
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED',
'scopeArn': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
scopeId (string) --
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
status (string) --
The status for a call to update a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
tags (dict) --
The tags for a scope.
(string) --
(string) --
Create a scope of resources that you want to be available for Network Flow Monitor to generate metrics for, when you have active agents on those resources sending metrics reports to the Network Flow Monitor backend. This call returns a scope ID to identify the scope.
When you create a scope, you enable permissions for Network Flow Monitor. The scope is set to the resources for the Amazon Web Services that enables the feature.
See also: AWS API Documentation
Request Syntax
client.create_scope(
targets=[
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
],
clientToken='string',
tags={
'string': 'string'
}
)
list
[REQUIRED]
The targets to define the scope to be monitored. Currently, a target is an Amazon Web Services account.
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) -- [REQUIRED]
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) -- [REQUIRED]
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) -- [REQUIRED]
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) -- [REQUIRED]
The Amazon Web Services Region where the target resource is located.
string
A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.
This field is autopopulated if not provided.
dict
The tags for a scope. You can add a maximum of 200 tags.
(string) --
(string) --
dict
Response Syntax
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED',
'scopeArn': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
scopeId (string) --
The identifier for the scope that includes the resources you want to get metrics for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
status (string) --
The status for a call to create a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
tags (dict) --
The tags for a scope.
(string) --
(string) --
Return the data for a query with the Network Flow Monitor query interface. You specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Create a query ID for this call by calling the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributors. Use the scope ID that was returned for your account by CreateScope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
See also: AWS API Documentation
Request Syntax
client.get_query_results_workload_insights_top_contributors(
scopeId='string',
queryId='string',
nextToken='string',
maxResults=123
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
string
The token for the next set of results. You receive this token from a previous call.
integer
The number of query results that you want to return with this call.
dict
Response Syntax
{
'topContributors': [
{
'accountId': 'string',
'localSubnetId': 'string',
'localAz': 'string',
'localVpcId': 'string',
'localRegion': 'string',
'remoteIdentifier': 'string',
'value': 123,
'localSubnetArn': 'string',
'localVpcArn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
topContributors (list) --
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
(dict) --
A row for a top contributor for a scope.
accountId (string) --
The account ID for a specific row of data.
localSubnetId (string) --
The subnet identifier for the local resource.
localAz (string) --
The identifier for the Availability Zone where the local resource is located.
localVpcId (string) --
The identifier for the VPC for the local resource.
localRegion (string) --
The Amazon Web Services Region where the local resource is located.
remoteIdentifier (string) --
The identifier of a remote resource.
value (integer) --
The value for a metric.
localSubnetArn (string) --
The Amazon Resource Name (ARN) of a local subnet.
localVpcArn (string) --
The Amazon Resource Name (ARN) of a local VPC.
nextToken (string) --
The token for the next set of results. You receive this token from a previous call.
Create a monitor for specific network flows between local and remote resources, so that you can monitor network performance for one or several of your workloads. For each monitor, Network Flow Monitor publishes detailed end-to-end performance metrics and a network health indicators (NHI) that informs you whether there were Amazon Web Services network issues for one or more of the network flows tracked by a monitor, during a time period that you choose.
See also: AWS API Documentation
Request Syntax
client.create_monitor(
monitorName='string',
localResources=[
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet',
'identifier': 'string'
},
],
remoteResources=[
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet'|'AWS::AWSService',
'identifier': 'string'
},
],
scopeArn='string',
clientToken='string',
tags={
'string': 'string'
}
)
string
[REQUIRED]
The name of the monitor.
list
[REQUIRED]
The local resources to monitor. A local resource, in a bi-directional flow of a workload, is the host where the agent is installed. For example, if a workload consists of an interaction between a web service and a backend database (for example, Amazon Relational Database Service (RDS)), the EC2 instance hosting the web service, which also runs the agent, is the local resource.
(dict) --
A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.
type (string) -- [REQUIRED]
The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.
identifier (string) -- [REQUIRED]
The identifier of the local resource, such as an ARN.
list
The remote resources to monitor. A remote resource is the other endpoint in the bi-directional flow of a workload, with a local resource. For example, Amazon Relational Database Service (RDS) can be a remote resource.
(dict) --
A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
type (string) -- [REQUIRED]
The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.
identifier (string) -- [REQUIRED]
The identifier of the remote resource, such as an ARN.
string
[REQUIRED]
The Amazon Resource Name (ARN) of the scope for the monitor.
string
A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.
This field is autopopulated if not provided.
dict
The tags for a monitor. You can add a maximum of 200 tags.
(string) --
(string) --
dict
Response Syntax
{
'monitorArn': 'string',
'monitorName': 'string',
'monitorStatus': 'PENDING'|'ACTIVE'|'INACTIVE'|'ERROR'|'DELETING',
'localResources': [
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet',
'identifier': 'string'
},
],
'remoteResources': [
{
'type': 'AWS::EC2::VPC'|'AWS::AvailabilityZone'|'AWS::EC2::Subnet'|'AWS::AWSService',
'identifier': 'string'
},
],
'createdAt': datetime(2015, 1, 1),
'modifiedAt': datetime(2015, 1, 1),
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
monitorArn (string) --
The Amazon Resource Name (ARN) of the monitor.
monitorName (string) --
The name of the monitor.
monitorStatus (string) --
The status of a monitor. The status can be one of the following
PENDING: The monitor is in the process of being created.
ACTIVE: The monitor is active.
INACTIVE: The monitor is inactive.
ERROR: Monitor creation failed due to an error.
DELETING: The monitor is in the process of being deleted.
localResources (list) --
The local resources to monitor. A local resource, in a bi-directional flow of a workload, is the host where the agent is installed.
(dict) --
A local resource is the host where the agent is installed. Local resources can be a a subnet, a VPC, or an Availability Zone.
type (string) --
The type of the local resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone or AWS::EC2::Subnet.
identifier (string) --
The identifier of the local resource, such as an ARN.
remoteResources (list) --
The remote resources to monitor. A remote resource is the other endpoint in the bi-directional flow of a workload, with a local resource. For example, Amazon Relational Database Service (RDS) can be a remote resource. The remote resource is identified by its ARN or an identifier.
(dict) --
A remote resource is the other endpoint in a network flow. That is, one endpoint is the local resource and the other is the remote resource. Remote resources can be a a subnet, a VPC, an Availability Zone, or an Amazon Web Services service.
type (string) --
The type of the remote resource. Valid values are AWS::EC2::VPC AWS::AvailabilityZone, AWS::EC2::Subnet, or AWS::AWSService.
identifier (string) --
The identifier of the remote resource, such as an ARN.
createdAt (datetime) --
The date and time when the monitor was created.
modifiedAt (datetime) --
The last date and time that the monitor was modified.
tags (dict) --
The tags for a monitor.
(string) --
(string) --
Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.
A query ID is returned from an API call to start a query of a specific type; for example
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
See also: AWS API Documentation
Request Syntax
client.start_query_workload_insights_top_contributors_data(
scopeId='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
metricName='TIMEOUTS'|'RETRANSMISSIONS'|'DATA_TRANSFERRED',
destinationCategory='INTRA_AZ'|'INTER_AZ'|'INTER_VPC'|'UNCLASSIFIED'|'AMAZON_S3'|'AMAZON_DYNAMODB'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
datetime
[REQUIRED]
The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.
datetime
[REQUIRED]
The timestamp that is the date and time end of the period that you want to retrieve results for with your query.
string
[REQUIRED]
The metric that you want to query top contributors for. That is, you can specify this metric to return the top contributor network flows, for this type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.
string
[REQUIRED]
The destination category for a top contributors. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
dict
Response Syntax
{
'queryId': 'string'
}
Response Structure
(dict) --
queryId (string) --
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
Gets information about a scope, including the name, status, tags, and target details. The scope in Network Flow Monitor is an account.
See also: AWS API Documentation
Request Syntax
client.get_scope(
scopeId='string'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
dict
Response Syntax
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED',
'scopeArn': 'string',
'targets': [
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
],
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
scopeId (string) --
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
status (string) --
The status of a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, or FAILED.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
targets (list) --
The targets for a scope
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) --
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) --
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) --
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) --
The Amazon Web Services Region where the target resource is located.
tags (dict) --
The tags for a scope.
(string) --
(string) --
Start a query to return the data with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
See also: AWS API Documentation
Request Syntax
client.start_query_monitor_top_contributors(
monitorName='string',
startTime=datetime(2015, 1, 1),
endTime=datetime(2015, 1, 1),
metricName='ROUND_TRIP_TIME'|'TIMEOUTS'|'RETRANSMISSIONS'|'DATA_TRANSFERRED',
destinationCategory='INTRA_AZ'|'INTER_AZ'|'INTER_VPC'|'UNCLASSIFIED'|'AMAZON_S3'|'AMAZON_DYNAMODB',
limit=123
)
string
[REQUIRED]
The name of the monitor.
datetime
[REQUIRED]
The timestamp that is the date and time beginning of the period that you want to retrieve results for with your query.
datetime
[REQUIRED]
The timestamp that is the date and time end of the period that you want to retrieve results for with your query.
string
[REQUIRED]
The metric that you want to query top contributors for. That is, you can specify this metric to return the top contributor network flows, for this type of metric, for a monitor and (optionally) within a specific category, such as network flows between Availability Zones.
string
[REQUIRED]
The category that you want to query top contributors for, for a specific monitor. Destination categories can be one of the following:
INTRA_AZ: Top contributor network flows within a single Availability Zone
INTER_AZ: Top contributor network flows between Availability Zones
INTER_VPC: Top contributor network flows between VPCs
AWS_SERVICES: Top contributor network flows to or from Amazon Web Services services
UNCLASSIFIED: Top contributor network flows that do not have a bucket classification
integer
The maximum number of top contributors to return.
dict
Response Syntax
{
'queryId': 'string'
}
Response Structure
(dict) --
queryId (string) --
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
Stop a query with the Network Flow Monitor query interface. Specify the query that you want to stop by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
See also: AWS API Documentation
Request Syntax
client.stop_query_monitor_top_contributors(
monitorName='string',
queryId='string'
)
string
[REQUIRED]
The name of the monitor.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
dict
Response Syntax
{}
Response Structure
(dict) --
Returns the current status of a query for the Network Flow Monitor query interface, for a specified query ID and monitor. This call returns the query status for the top contributors data for workload insights.
When you start a query, use this call to check the status of the query to make sure that it has has SUCCEEDED before you review the results. Use the same query ID that you used for the corresponding API call to start the query, StartQueryWorkloadInsightsTopContributorsData.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
See also: AWS API Documentation
Request Syntax
client.get_query_status_workload_insights_top_contributors_data(
scopeId='string',
queryId='string'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
dict
Response Syntax
{
'status': 'QUEUED'|'RUNNING'|'SUCCEEDED'|'FAILED'|'CANCELED'
}
Response Structure
(dict) --
status (string) --
The status of a query for top contributors data.
QUEUED: The query is scheduled to run.
RUNNING: The query is in progress but not complete.
SUCCEEDED: The query completed sucessfully.
FAILED: The query failed due to an error.
CANCELED: The query was canceled.
List all the scopes for an account.
See also: AWS API Documentation
Request Syntax
client.list_scopes(
nextToken='string',
maxResults=123
)
string
The token for the next set of results. You receive this token from a previous call.
integer
The number of query results that you want to return with this call.
dict
Response Syntax
{
'scopes': [
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED',
'scopeArn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
scopes (list) --
The scopes returned by the call.
(dict) --
A summary of information about a scope, including the ARN, target ID, and Amazon Web Services Region.
scopeId (string) --
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
status (string) --
The status of a scope. The status can be one of the following, depending on the state of scope creation: SUCCEEDED, IN_PROGRESS, or FAILED.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
nextToken (string) --
The token for the next set of results. You receive this token from a previous call.
Return the data for a query with the Network Flow Monitor query interface. Specify the query that you want to return results for by providing a query ID and a scope ID. This query returns data for the top contributors for workload insights. Workload insights provide a high level view of network flow performance data collected by agents for a scope.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
The top contributor network flows overall for a specific metric type, for example, the number of retransmissions.
See also: AWS API Documentation
Request Syntax
client.stop_query_workload_insights_top_contributors_data(
scopeId='string',
queryId='string'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
dict
Response Syntax
{}
Response Structure
(dict) --
Removes a tag from a resource.
See also: AWS API Documentation
Request Syntax
client.untag_resource(
resourceArn='string',
tagKeys=[
'string',
]
)
string
[REQUIRED]
The Amazon Resource Name (ARN) of the resource.
list
[REQUIRED]
Keys that you specified when you tagged a resource.
(string) --
dict
Response Syntax
{}
Response Structure
(dict) --
Stop a query with the Network Flow Monitor query interface. Specify the query that you want to stop by providing a query ID and a monitor name. This query returns the top contributors for a specific monitor.
Top contributors in Network Flow Monitor are network flows with the highest values for a specific metric type, related to a scope (for workload insights) or a monitor.
See also: AWS API Documentation
Request Syntax
client.stop_query_workload_insights_top_contributors(
scopeId='string',
queryId='string'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
string
[REQUIRED]
The identifier for the query. A query ID is an internally-generated identifier for a specific query returned from an API call to start a query.
dict
Response Syntax
{}
Response Structure
(dict) --
Deletes a scope that has been defined.
See also: AWS API Documentation
Request Syntax
client.delete_scope(
scopeId='string'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
dict
Response Syntax
{}
Response Structure
(dict) --