- 新しい順
- 投票が多い順
- コメントが多い順
If you want to use ec2_client.describe_network_interfaces using filters, the attribute interface-type equals to gateway_load_balancer_endpoint can give you the data you are looking for, the reason is because under the hood the AWS Network Firewall uses the Gateway Load balancer technology.
To verify if you have Network firewall enabled for your VPC, you can follow the steps listed below:
import boto3 client = boto3.client('network-firewall')
response = client.list_firewalls( ... VpcIds=[ ... '<Vpc-id>' << replace it with your vpc-id ... ], ... ) print(response) {'Firewalls': [{'FirewallName': 'AnfwDemo-InspectionFirewall', 'FirewallArn': 'arn:aws:network-firewall:us-west-2:<account-id>:firewall/AnfwDemo-InspectionFirewall'}], 'ResponseMetadata': {'RequestId': '4bbc7362-8599-4560-9e8e-1deb5b803fff', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '4bbc7362-8599-4560-9e8e-1deb5b803fff', 'content-type': 'application/x-amz-json-1.0', 'content-length': '163', 'date': 'Thu, 29 Dec 2022 21:37:32 GMT'}, 'RetryAttempts': 0}}
Further, to get more details about the network firewall(attachments in different AZ/subnets), you can do the following :
results = client.describe_firewall( FirewallName='<FirewallName>' )
results = client.describe_firewall( ... FirewallName='AnfwDemo-InspectionFirewall' ... ) print(results) {'UpdateToken': 'c04834dc-de15-4dfe-b51b-351328d99776', 'Firewall': {'FirewallName': 'AnfwDemo-InspectionFirewall', 'FirewallArn': 'arn:aws:network-firewall:us-west-2:189034602712:firewall/AnfwDemo-InspectionFirewall', 'FirewallPolicyArn': 'arn:aws:network-firewall:us-west-2:<account-id>:firewall-policy/AnfwDemo-InspectionFirewall-Policy', 'VpcId': '<vpc-id>', 'SubnetMappings': [{'SubnetId': 'subnet-0ccc82a0220362a8a'}, {'SubnetId': 'subnet-0bdd04cfd7eb3ee92'}], 'DeleteProtection': False, 'SubnetChangeProtection': False, 'FirewallPolicyChangeProtection': False, 'FirewallId': '1104c7d4-3728-48c3-9b20-d6c2b39ac2ff', 'Tags': [{'Key': 'Name', 'Value': 'AnfwDemo-InspectionFirewall'}]}, 'FirewallStatus': {'Status': 'READY', 'ConfigurationSyncStateSummary': 'IN_SYNC', 'SyncStates': {'us-west-2a': {****'Attachment': {'SubnetId': 'subnet-0ccc82a0220362a8a', 'EndpointId': 'vpce-08debf1b05c888c9f', 'Status': 'READY**'},** 'Config': {'arn:aws:network-firewall:us-west-2:189034602712:firewall-policy/AnfwDemo-InspectionFirewall-Policy': {'SyncStatus': 'IN_SYNC', 'UpdateToken': 'beee8f07-af50-489b-90ce-00f92069ae41'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-DomainAllow-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '5ef67647-0bb4-401c-9f38-f1891bdc2523'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-IcmpAlert-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '4ff812a7-ffce-4bfb-90a4-388b631867ab'}}}, 'us-west-2b': {'Attachment': {'SubnetId': 'subnet-0bdd04cfd7eb3ee92', 'EndpointId': 'vpce-00e085a50f28a8628', 'Status': 'READY'}, 'Config': {'arn:aws:network-firewall:us-west-2:<account-id>:firewall-policy/AnfwDemo-InspectionFirewall-Policy': {'SyncStatus': 'IN_SYNC', 'UpdateToken': 'beee8f07-af50-489b-90ce-00f92069ae41'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-DomainAllow-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '5ef67647-0bb4-401c-9f38-f1891bdc2523'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-IcmpAlert-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '4ff812a7-ffce-4bfb-90a4-388b631867ab'}}}}}, 'ResponseMetadata': {'RequestId': '5878b078-a551-4c5a-9b8a-a172ceb76b9a', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '5878b078-a551-4c5a-9b8a-a172ceb76b9a', 'content-type': 'application/x-amz-json-1.0', 'content-length': '2230', 'date': 'Thu, 29 Dec 2022 21:38:10 GMT'}, 'RetryAttempts': 0}}
For more details, you can reference this doc: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/network-firewall.html#NetworkFirewall.Client.list_firewalls
関連するコンテンツ
- AWS公式更新しました 1年前
- AWS公式更新しました 1年前