update_firewall_encryption_configuration

update_firewall_encryption_configuration(**kwargs)

A complex type that contains settings for encryption of your firewall resources.

See also: AWS API Documentation

Request Syntax

response = client.update_firewall_encryption_configuration(
    UpdateToken='string',
    FirewallArn='string',
    FirewallName='string',
    EncryptionConfiguration={
        'KeyId': 'string',
        'Type': 'CUSTOMER_KMS'|'AWS_OWNED_KMS_KEY'
    }
)
Parameters
  • UpdateToken (string) --

    An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

    To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

    To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException . If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

  • FirewallArn (string) -- The Amazon Resource Name (ARN) of the firewall.
  • FirewallName (string) -- The descriptive name of the firewall. You can't change the name of a firewall after you create it.
  • EncryptionConfiguration (dict) --

    A complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service in the Network Firewall Developer Guide .

    • KeyId (string) --

      The ID of the Amazon Web Services Key Management Service (KMS) customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. For more information, see Key ID in the Amazon Web Services KMS Developer Guide .

    • Type (string) -- [REQUIRED]

      The type of Amazon Web Services KMS key to use for encryption of your Network Firewall resources.

Return type

dict

Returns

Response Syntax

{
    'FirewallArn': 'string',
    'FirewallName': 'string',
    'UpdateToken': 'string',
    'EncryptionConfiguration': {
        'KeyId': 'string',
        'Type': 'CUSTOMER_KMS'|'AWS_OWNED_KMS_KEY'
    }
}

Response Structure

  • (dict) --

    • FirewallArn (string) --

      The Amazon Resource Name (ARN) of the firewall.

    • FirewallName (string) --

      The descriptive name of the firewall. You can't change the name of a firewall after you create it.

    • UpdateToken (string) --

      An optional token that you can use for optimistic locking. Network Firewall returns a token to your requests that access the firewall. The token marks the state of the firewall resource at the time of the request.

      To make an unconditional change to the firewall, omit the token in your update request. Without the token, Network Firewall performs your updates regardless of whether the firewall has changed since you last retrieved it.

      To make a conditional change to the firewall, provide the token in your update request. Network Firewall uses the token to ensure that the firewall hasn't changed since you last retrieved it. If it has changed, the operation fails with an InvalidTokenException . If this happens, retrieve the firewall again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.

    • EncryptionConfiguration (dict) --

      A complex type that contains optional Amazon Web Services Key Management Service (KMS) encryption settings for your Network Firewall resources. Your data is encrypted by default with an Amazon Web Services owned key that Amazon Web Services owns and manages for you. You can use either the Amazon Web Services owned key, or provide your own customer managed key. To learn more about KMS encryption of your Network Firewall resources, see Encryption at rest with Amazon Web Services Key Managment Service in the Network Firewall Developer Guide .

      • KeyId (string) --

        The ID of the Amazon Web Services Key Management Service (KMS) customer managed key. You can use any of the key identifiers that KMS supports, unless you're using a key that's managed by another account. If you're using a key managed by another account, then specify the key ARN. For more information, see Key ID in the Amazon Web Services KMS Developer Guide .

      • Type (string) --

        The type of Amazon Web Services KMS key to use for encryption of your Network Firewall resources.

Exceptions

  • NetworkFirewall.Client.exceptions.InvalidRequestException
  • NetworkFirewall.Client.exceptions.InternalServerError
  • NetworkFirewall.Client.exceptions.ResourceNotFoundException
  • NetworkFirewall.Client.exceptions.ThrottlingException
  • NetworkFirewall.Client.exceptions.InvalidTokenException
  • NetworkFirewall.Client.exceptions.ResourceOwnerCheckException