NetworkFlowMonitor / Client / create_scope

create_scope

NetworkFlowMonitor.Client.create_scope(**kwargs)

In Network Flow Monitor, you specify a scope for the service to generate metrics for. By using the scope, Network Flow Monitor can generate a topology of all the resources to measure performance metrics for. When you create a scope, you enable permissions for Network Flow Monitor.

A scope is a Region-account pair or multiple Region-account pairs. Network Flow Monitor uses your scope to determine all the resources (the topology) where Network Flow Monitor will gather network flow performance metrics for you. To provide performance metrics, Network Flow Monitor uses the data that is sent by the Network Flow Monitor agents you install on the resources.

To define the Region-account pairs for your scope, the Network Flow Monitor API uses the following constucts, which allow for future flexibility in defining scopes:

  • Targets, which are arrays of targetResources.

  • Target resources, which are Region-targetIdentifier pairs.

  • Target identifiers, made up of a targetID (currently always an account ID) and a targetType (currently always an account).

See also: AWS API Documentation

Request Syntax

response = client.create_scope(
    targets=[
        {
            'targetIdentifier': {
                'targetId': {
                    'accountId': 'string'
                },
                'targetType': 'ACCOUNT'
            },
            'region': 'string'
        },
    ],
    clientToken='string',
    tags={
        'string': 'string'
    }
)
Parameters:

  • targets (list) –

    [REQUIRED]

    The targets to define the scope to be monitored. A target is an array of targetResources, which are currently Region-account pairs, defined by targetResource constructs.

    • (dict) –

      A target resource in a scope. The resource is identified by a Region and an account, defined by a target identifier. A target identifier is made up of a target ID (currently always an account ID) and a target type (currently always ACCOUNT).

      • targetIdentifier (dict) – [REQUIRED]

        A target identifier is a pair of identifying information for a scope. A target identifier is made up of a targetID (currently always an account ID) and a targetType (currently always an account).

        • targetId (dict) – [REQUIRED]

          The identifier for a target, which is currently always an account ID .

          Note

          This is a Tagged Union structure. Only one of the following top level keys can be set: accountId.

          • accountId (string) –

            The identifier for the account for a target.

        • targetType (string) – [REQUIRED]

          The type of a target. A target type is currently always ACCOUNT.

      • region (string) – [REQUIRED]

        The Amazon Web Services Region for the scope.

  • clientToken (string) –

    A unique, case-sensitive string of up to 64 ASCII characters that you specify to make an idempotent API request. Don’t reuse the same client token for other API requests.

    This field is autopopulated if not provided.

  • tags (dict) –

    The tags for a scope. You can add a maximum of 200 tags.

    • (string) –

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'scopeId': 'string',
    'status': 'SUCCEEDED'|'IN_PROGRESS'|'FAILED'|'DEACTIVATING'|'DEACTIVATED',
    'scopeArn': 'string',
    'tags': {
        'string': 'string'
    }
}

Response Structure

  • (dict) –

    • scopeId (string) –

      The identifier for the scope that includes the resources you want to get metrics for. A scope ID is an internally-generated identifier that includes all the resources for a specific root account.

    • status (string) –

      The status for a scope. The status can be one of the following: SUCCEEDED, IN_PROGRESS, FAILED, DEACTIVATING, or DEACTIVATED.

      A status of DEACTIVATING means that you’ve requested a scope to be deactivated and Network Flow Monitor is in the process of deactivating the scope. A status of DEACTIVATED means that the deactivating process is complete.

    • scopeArn (string) –

      The Amazon Resource Name (ARN) of the scope.

    • tags (dict) –

      The tags for a scope.

      • (string) –

        • (string) –

Exceptions

  • NetworkFlowMonitor.Client.exceptions.ServiceQuotaExceededException

  • NetworkFlowMonitor.Client.exceptions.ConflictException

  • NetworkFlowMonitor.Client.exceptions.ValidationException

  • NetworkFlowMonitor.Client.exceptions.ThrottlingException

  • NetworkFlowMonitor.Client.exceptions.AccessDeniedException

  • NetworkFlowMonitor.Client.exceptions.InternalServerException