How do I use describe_network_interfaces to return a network firewall?

If you want to use ec2_client.describe_network_interfaces using filters, the attribute interface-type equals to gateway_load_balancer_endpoint can give you the data you are looking for, the reason is because under the hood the AWS Network Firewall uses the Gateway Load balancer technology.

To verify if you have Network firewall enabled for your VPC, you can follow the steps listed below:

import boto3 client = boto3.client('network-firewall')

response = client.list_firewalls( ... VpcIds=[ ... '<Vpc-id>' << replace it with your vpc-id ... ], ... ) print(response) {'Firewalls': [{'FirewallName': 'AnfwDemo-InspectionFirewall', 'FirewallArn': 'arn:aws:network-firewall:us-west-2:<account-id>:firewall/AnfwDemo-InspectionFirewall'}], 'ResponseMetadata': {'RequestId': '4bbc7362-8599-4560-9e8e-1deb5b803fff', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '4bbc7362-8599-4560-9e8e-1deb5b803fff', 'content-type': 'application/x-amz-json-1.0', 'content-length': '163', 'date': 'Thu, 29 Dec 2022 21:37:32 GMT'}, 'RetryAttempts': 0}}

Further, to get more details about the network firewall(attachments in different AZ/subnets), you can do the following :

results = client.describe_firewall( FirewallName='<FirewallName>' )

results = client.describe_firewall( ... FirewallName='AnfwDemo-InspectionFirewall' ... ) print(results) {'UpdateToken': 'c04834dc-de15-4dfe-b51b-351328d99776', 'Firewall': {'FirewallName': 'AnfwDemo-InspectionFirewall', 'FirewallArn': 'arn:aws:network-firewall:us-west-2:189034602712:firewall/AnfwDemo-InspectionFirewall', 'FirewallPolicyArn': 'arn:aws:network-firewall:us-west-2:<account-id>:firewall-policy/AnfwDemo-InspectionFirewall-Policy', 'VpcId': '<vpc-id>', 'SubnetMappings': [{'SubnetId': 'subnet-0ccc82a0220362a8a'}, {'SubnetId': 'subnet-0bdd04cfd7eb3ee92'}], 'DeleteProtection': False, 'SubnetChangeProtection': False, 'FirewallPolicyChangeProtection': False, 'FirewallId': '1104c7d4-3728-48c3-9b20-d6c2b39ac2ff', 'Tags': [{'Key': 'Name', 'Value': 'AnfwDemo-InspectionFirewall'}]}, 'FirewallStatus': {'Status': 'READY', 'ConfigurationSyncStateSummary': 'IN_SYNC', 'SyncStates': {'us-west-2a': {****'Attachment': {'SubnetId': 'subnet-0ccc82a0220362a8a', 'EndpointId': 'vpce-08debf1b05c888c9f', 'Status': 'READY**'},** 'Config': {'arn:aws:network-firewall:us-west-2:189034602712:firewall-policy/AnfwDemo-InspectionFirewall-Policy': {'SyncStatus': 'IN_SYNC', 'UpdateToken': 'beee8f07-af50-489b-90ce-00f92069ae41'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-DomainAllow-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '5ef67647-0bb4-401c-9f38-f1891bdc2523'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-IcmpAlert-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '4ff812a7-ffce-4bfb-90a4-388b631867ab'}}}, 'us-west-2b': {'Attachment': {'SubnetId': 'subnet-0bdd04cfd7eb3ee92', 'EndpointId': 'vpce-00e085a50f28a8628', 'Status': 'READY'}, 'Config': {'arn:aws:network-firewall:us-west-2:<account-id>:firewall-policy/AnfwDemo-InspectionFirewall-Policy': {'SyncStatus': 'IN_SYNC', 'UpdateToken': 'beee8f07-af50-489b-90ce-00f92069ae41'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-DomainAllow-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '5ef67647-0bb4-401c-9f38-f1891bdc2523'}, 'arn:aws:network-firewall:us-west-2:189034602712:stateful-rulegroup/AnfwDemo-IcmpAlert-RuleGroup': {'SyncStatus': 'IN_SYNC', 'UpdateToken': '4ff812a7-ffce-4bfb-90a4-388b631867ab'}}}}}, 'ResponseMetadata': {'RequestId': '5878b078-a551-4c5a-9b8a-a172ceb76b9a', 'HTTPStatusCode': 200, 'HTTPHeaders': {'x-amzn-requestid': '5878b078-a551-4c5a-9b8a-a172ceb76b9a', 'content-type': 'application/x-amz-json-1.0', 'content-length': '2230', 'date': 'Thu, 29 Dec 2022 21:38:10 GMT'}, 'RetryAttempts': 0}}

For more details, you can reference this doc: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/network-firewall.html#NetworkFirewall.Client.list_firewalls