NetworkFirewall / Client / create_container_association
create_container_association¶
- NetworkFirewall.Client.create_container_association(**kwargs)¶
Creates a container association for Network Firewall. A container association links container clusters (ECS or EKS) to Network Firewall, enabling dynamic IP resolution for firewall rules based on container attributes.
To manage a container association’s tags, use the standard Amazon Web Services resource tagging operations, ListTagsForResource, TagResource, and UntagResource.
To retrieve information about container associations, use ListContainerAssociations and DescribeContainerAssociation.
See also: AWS API Documentation
Request Syntax
response = client.create_container_association( ContainerAssociationName='string', Description='string', Type='ECS'|'EKS', ContainerMonitoringConfigurations=[ { 'ClusterArn': 'string', 'AttributeFilters': [ { 'Key': 'string', 'Value': 'string' }, ] }, ], Tags=[ { 'Key': 'string', 'Value': 'string' }, ] )
- Parameters:
ContainerAssociationName (string) –
[REQUIRED]
The descriptive name of the container association. You can’t change the name of a container association after you create it.
Description (string) – A description of the container association.
Type (string) –
[REQUIRED]
The type of container orchestration platform for the clusters in this association. Valid values are
ECSandEKS. You can’t change the type after creation.ContainerMonitoringConfigurations (list) –
[REQUIRED]
The list of container monitoring configurations that define which clusters and container attributes to monitor.
(dict) –
Defines a container cluster to monitor, along with optional attribute filters that narrow the scope of monitored containers within the cluster.
ClusterArn (string) – [REQUIRED]
The Amazon Resource Name (ARN) of the container cluster to monitor.
AttributeFilters (list) –
A list of key-value pairs that filter which containers within the cluster are monitored. Only containers that match the specified attributes are included.
(dict) –
A key-value pair that defines a container attribute filter for a container monitoring configuration.
Key (string) – [REQUIRED]
The key of the container attribute to filter on.
Value (string) – [REQUIRED]
The value of the container attribute to filter on.
Tags (list) –
The key:value pairs to associate with the resource.
(dict) –
A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each Amazon Web Services resource.
Key (string) – [REQUIRED]
The part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as “customer.” Tag keys are case-sensitive.
Value (string) – [REQUIRED]
The part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as “companyA” or “companyB.” Tag values are case-sensitive.
- Return type:
dict
- Returns:
Response Syntax
{ 'ContainerAssociationName': 'string', 'ContainerAssociationArn': 'string', 'Description': 'string', 'Type': 'ECS'|'EKS', 'ContainerMonitoringConfigurations': [ { 'ClusterArn': 'string', 'AttributeFilters': [ { 'Key': 'string', 'Value': 'string' }, ] }, ], 'Status': 'ACTIVE'|'CREATING'|'DELETING', 'Tags': [ { 'Key': 'string', 'Value': 'string' }, ], 'UpdateToken': 'string' }
Response Structure
(dict) –
ContainerAssociationName (string) –
The descriptive name of the container association.
ContainerAssociationArn (string) –
The Amazon Resource Name (ARN) of the container association.
Description (string) –
A description of the container association.
Type (string) –
The type of container orchestration platform. Either
ECSorEKS.ContainerMonitoringConfigurations (list) –
The container monitoring configurations for this container association.
(dict) –
Defines a container cluster to monitor, along with optional attribute filters that narrow the scope of monitored containers within the cluster.
ClusterArn (string) –
The Amazon Resource Name (ARN) of the container cluster to monitor.
AttributeFilters (list) –
A list of key-value pairs that filter which containers within the cluster are monitored. Only containers that match the specified attributes are included.
(dict) –
A key-value pair that defines a container attribute filter for a container monitoring configuration.
Key (string) –
The key of the container attribute to filter on.
Value (string) –
The value of the container attribute to filter on.
Status (string) –
The current status of the container association.
Tags (list) –
The key:value pairs associated with the resource.
(dict) –
A key:value pair associated with an Amazon Web Services resource. The key:value pair can be anything you define. Typically, the tag key represents a category (such as “environment”) and the tag value represents a specific value within that category (such as “test,” “development,” or “production”). You can add up to 50 tags to each Amazon Web Services resource.
Key (string) –
The part of the key:value pair that defines a tag. You can use a tag key to describe a category of information, such as “customer.” Tag keys are case-sensitive.
Value (string) –
The part of the key:value pair that defines a tag. You can use a tag value to describe a specific value within a category, such as “companyA” or “companyB.” Tag values are case-sensitive.
UpdateToken (string) –
A token used for optimistic locking. Network Firewall returns a token to your requests that access the container association. The token marks the state of the container association resource at the time of the request. To make an update to the container association, provide the token in your request. Network Firewall uses the token to ensure that the container association hasn’t changed since you last retrieved it. If it has changed, the operation fails with an
InvalidTokenException. If this happens, retrieve the container association again to get a current copy of it with a new token. Reapply your changes as needed, then try the operation again using the new token.
Exceptions