2025/07/16 - Network Flow Monitor - 4 updated api methods
Changes Introducing 2 new scope status types - DEACTIVATING and DEACTIVATED.
{'status': {'DEACTIVATED', 'DEACTIVATING'}}
Create a scope of resources that you want to be available for Network Flow Monitor to generate metrics for, when you have active agents on those resources sending metrics reports to the Network Flow Monitor backend. This call returns a scope ID to identify the scope.
When you create a scope, you enable permissions for Network Flow Monitor. The scope is set to the resources for the Amazon Web Services that enables the feature.
See also: AWS API Documentation
Request Syntax
client.create_scope(
targets=[
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
],
clientToken='string',
tags={
'string': 'string'
}
)
list
[REQUIRED]
The targets to define the scope to be monitored. Currently, a target is an Amazon Web Services account.
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) -- [REQUIRED]
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) -- [REQUIRED]
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) -- [REQUIRED]
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) -- [REQUIRED]
The Amazon Web Services Region where the target resource is located.
string
A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don't reuse the same client token for other API requests.
This field is autopopulated if not provided.
dict
The tags for a scope. You can add a maximum of 200 tags.
(string) --
(string) --
dict
Response Syntax
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED'|'DEACTIVATING'|'DEACTIVATED',
'scopeArn': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
scopeId (string) --
The identifier for the scope that includes the resources you want to get metrics for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
status (string) --
The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.
A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
tags (dict) --
The tags for a scope.
(string) --
(string) --
{'status': {'DEACTIVATED', 'DEACTIVATING'}}
Gets information about a scope, including the name, status, tags, and target details. The scope in Network Flow Monitor is an account.
See also: AWS API Documentation
Request Syntax
client.get_scope(
scopeId='string'
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
dict
Response Syntax
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED'|'DEACTIVATING'|'DEACTIVATED',
'scopeArn': 'string',
'targets': [
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
],
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
scopeId (string) --
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account. A scope ID is returned from a CreateScope API call.
status (string) --
The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.
A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
targets (list) --
The targets for a scope
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) --
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) --
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) --
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) --
The Amazon Web Services Region where the target resource is located.
tags (dict) --
The tags for a scope.
(string) --
(string) --
{'scopes': {'status': {'DEACTIVATED', 'DEACTIVATING'}}}
List all the scopes for an account.
See also: AWS API Documentation
Request Syntax
client.list_scopes(
nextToken='string',
maxResults=123
)
string
The token for the next set of results. You receive this token from a previous call.
integer
The number of query results that you want to return with this call.
dict
Response Syntax
{
'scopes': [
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED'|'DEACTIVATING'|'DEACTIVATED',
'scopeArn': 'string'
},
],
'nextToken': 'string'
}
Response Structure
(dict) --
scopes (list) --
The scopes returned by the call.
(dict) --
A summary of information about a scope, including the ARN, target ID, and Amazon Web Services Region.
scopeId (string) --
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
status (string) --
The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.
A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
nextToken (string) --
The token for the next set of results. You receive this token from a previous call.
{'status': {'DEACTIVATED', 'DEACTIVATING'}}
Update a scope to add or remove resources that you want to be available for Network Flow Monitor to generate metrics for, when you have active agents on those resources sending metrics reports to the Network Flow Monitor backend.
See also: AWS API Documentation
Request Syntax
client.update_scope(
scopeId='string',
resourcesToAdd=[
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
],
resourcesToDelete=[
{
'targetIdentifier': {
'targetId': {
'accountId': 'string'
},
'targetType': 'ACCOUNT'
},
'region': 'string'
},
]
)
string
[REQUIRED]
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
list
A list of resources to add to a scope.
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) -- [REQUIRED]
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) -- [REQUIRED]
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) -- [REQUIRED]
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) -- [REQUIRED]
The Amazon Web Services Region where the target resource is located.
list
A list of resources to delete from a scope.
(dict) --
A target resource in a scope. The resource is identified by a Region and a target identifier, which includes a target ID and a target type.
targetIdentifier (dict) -- [REQUIRED]
A target identifier is a pair of identifying information for a resource that is included in a target. A target identifier includes the target ID and the target type.
targetId (dict) -- [REQUIRED]
The identifier for a target.
accountId (string) --
The identifier for the account for a target.
targetType (string) -- [REQUIRED]
The type of a target. A target type is currently always ACCOUNT because a target is currently a single Amazon Web Services account.
region (string) -- [REQUIRED]
The Amazon Web Services Region where the target resource is located.
dict
Response Syntax
{
'scopeId': 'string',
'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED'|'DEACTIVATING'|'DEACTIVATED',
'scopeArn': 'string',
'tags': {
'string': 'string'
}
}
Response Structure
(dict) --
scopeId (string) --
The identifier for the scope that includes the resources you want to get data results for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.
status (string) --
The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.
A status of DEACTIVATING means that you've requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.
scopeArn (string) --
The Amazon Resource Name (ARN) of the scope.
tags (dict) --
The tags for a scope.
(string) --
(string) --