Docs
PackagesTry AWS Native preview for resources not in the classic version.
aws.ec2.NetworkAclRule
Explore with Pulumi AI
Try AWS Native preview for resources not in the classic version.
Creates an entry (a rule) in a network ACL with the specified rule number.
NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bar = new aws.ec2.NetworkAcl("bar", {vpcId: foo.id});
const barNetworkAclRule = new aws.ec2.NetworkAclRule("bar", {
networkAclId: bar.id,
ruleNumber: 200,
egress: false,
protocol: "tcp",
ruleAction: "allow",
cidrBlock: foo.cidrBlock,
fromPort: 22,
toPort: 22,
});
import pulumi
import pulumi_aws as aws
bar = aws.ec2.NetworkAcl("bar", vpc_id=foo["id"])
bar_network_acl_rule = aws.ec2.NetworkAclRule("bar",
network_acl_id=bar.id,
rule_number=200,
egress=False,
protocol="tcp",
rule_action="allow",
cidr_block=foo["cidrBlock"],
from_port=22,
to_port=22)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
bar, err := ec2.NewNetworkAcl(ctx, "bar", &ec2.NetworkAclArgs{
VpcId: pulumi.Any(foo.Id),
})
if err != nil {
return err
}
_, err = ec2.NewNetworkAclRule(ctx, "bar", &ec2.NetworkAclRuleArgs{
NetworkAclId: bar.ID(),
RuleNumber: pulumi.Int(200),
Egress: pulumi.Bool(false),
Protocol: pulumi.String("tcp"),
RuleAction: pulumi.String("allow"),
CidrBlock: pulumi.Any(foo.CidrBlock),
FromPort: pulumi.Int(22),
ToPort: pulumi.Int(22),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bar = new Aws.Ec2.NetworkAcl("bar", new()
{
VpcId = foo.Id,
});
var barNetworkAclRule = new Aws.Ec2.NetworkAclRule("bar", new()
{
NetworkAclId = bar.Id,
RuleNumber = 200,
Egress = false,
Protocol = "tcp",
RuleAction = "allow",
CidrBlock = foo.CidrBlock,
FromPort = 22,
ToPort = 22,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.NetworkAcl;
import com.pulumi.aws.ec2.NetworkAclArgs;
import com.pulumi.aws.ec2.NetworkAclRule;
import com.pulumi.aws.ec2.NetworkAclRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bar = new NetworkAcl("bar", NetworkAclArgs.builder()
.vpcId(foo.id())
.build());
var barNetworkAclRule = new NetworkAclRule("barNetworkAclRule", NetworkAclRuleArgs.builder()
.networkAclId(bar.id())
.ruleNumber(200)
.egress(false)
.protocol("tcp")
.ruleAction("allow")
.cidrBlock(foo.cidrBlock())
.fromPort(22)
.toPort(22)
.build());
}
}
resources:
bar:
type: aws:ec2:NetworkAcl
properties:
vpcId: ${foo.id}
barNetworkAclRule:
type: aws:ec2:NetworkAclRule
name: bar
properties:
networkAclId: ${bar.id}
ruleNumber: 200
egress: false
protocol: tcp
ruleAction: allow
cidrBlock: ${foo.cidrBlock}
fromPort: 22
toPort: 22
Note: One of either
cidr_blockoripv6_cidr_blockis required.
Create NetworkAclRule Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new NetworkAclRule(name: string, args: NetworkAclRuleArgs, opts?: CustomResourceOptions);@overload
def NetworkAclRule(resource_name: str,
args: NetworkAclRuleArgs,
opts: Optional[ResourceOptions] = None)
@overload
def NetworkAclRule(resource_name: str,
opts: Optional[ResourceOptions] = None,
network_acl_id: Optional[str] = None,
protocol: Optional[str] = None,
rule_action: Optional[str] = None,
rule_number: Optional[int] = None,
cidr_block: Optional[str] = None,
egress: Optional[bool] = None,
from_port: Optional[int] = None,
icmp_code: Optional[int] = None,
icmp_type: Optional[int] = None,
ipv6_cidr_block: Optional[str] = None,
to_port: Optional[int] = None)func NewNetworkAclRule(ctx *Context, name string, args NetworkAclRuleArgs, opts ...ResourceOption) (*NetworkAclRule, error)public NetworkAclRule(string name, NetworkAclRuleArgs args, CustomResourceOptions? opts = null)
public NetworkAclRule(String name, NetworkAclRuleArgs args)
public NetworkAclRule(String name, NetworkAclRuleArgs args, CustomResourceOptions options)
type: aws:ec2:NetworkAclRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args NetworkAclRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args NetworkAclRuleArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args NetworkAclRuleArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args NetworkAclRuleArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args NetworkAclRuleArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Example
The following reference example uses placeholder values for all input properties.
var networkAclRuleResource = new Aws.Ec2.NetworkAclRule("networkAclRuleResource", new()
{
NetworkAclId = "string",
Protocol = "string",
RuleAction = "string",
RuleNumber = 0,
CidrBlock = "string",
Egress = false,
FromPort = 0,
IcmpCode = 0,
IcmpType = 0,
Ipv6CidrBlock = "string",
ToPort = 0,
});
example, err := ec2.NewNetworkAclRule(ctx, "networkAclRuleResource", &ec2.NetworkAclRuleArgs{
NetworkAclId: pulumi.String("string"),
Protocol: pulumi.String("string"),
RuleAction: pulumi.String("string"),
RuleNumber: pulumi.Int(0),
CidrBlock: pulumi.String("string"),
Egress: pulumi.Bool(false),
FromPort: pulumi.Int(0),
IcmpCode: pulumi.Int(0),
IcmpType: pulumi.Int(0),
Ipv6CidrBlock: pulumi.String("string"),
ToPort: pulumi.Int(0),
})
var networkAclRuleResource = new NetworkAclRule("networkAclRuleResource", NetworkAclRuleArgs.builder()
.networkAclId("string")
.protocol("string")
.ruleAction("string")
.ruleNumber(0)
.cidrBlock("string")
.egress(false)
.fromPort(0)
.icmpCode(0)
.icmpType(0)
.ipv6CidrBlock("string")
.toPort(0)
.build());
network_acl_rule_resource = aws.ec2.NetworkAclRule("networkAclRuleResource",
network_acl_id="string",
protocol="string",
rule_action="string",
rule_number=0,
cidr_block="string",
egress=False,
from_port=0,
icmp_code=0,
icmp_type=0,
ipv6_cidr_block="string",
to_port=0)
const networkAclRuleResource = new aws.ec2.NetworkAclRule("networkAclRuleResource", {
networkAclId: "string",
protocol: "string",
ruleAction: "string",
ruleNumber: 0,
cidrBlock: "string",
egress: false,
fromPort: 0,
icmpCode: 0,
icmpType: 0,
ipv6CidrBlock: "string",
toPort: 0,
});
type: aws:ec2:NetworkAclRule
properties:
cidrBlock: string
egress: false
fromPort: 0
icmpCode: 0
icmpType: 0
ipv6CidrBlock: string
networkAclId: string
protocol: string
ruleAction: string
ruleNumber: 0
toPort: 0
NetworkAclRule Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The NetworkAclRule resource accepts the following input properties:
- Network
Acl stringId - The ID of the network ACL.
- Protocol string
- The protocol. A value of -1 means all protocols.
- Rule
Action string - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - Rule
Number int - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- Cidr
Block string - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- Egress bool
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - From
Port int - The from port to match.
- Icmp
Code int ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- Icmp
Type int - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- Ipv6Cidr
Block string - The IPv6 CIDR block to allow or deny.
- To
Port int - The to port to match.
- Network
Acl stringId - The ID of the network ACL.
- Protocol string
- The protocol. A value of -1 means all protocols.
- Rule
Action string - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - Rule
Number int - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- Cidr
Block string - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- Egress bool
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - From
Port int - The from port to match.
- Icmp
Code int ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- Icmp
Type int - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- Ipv6Cidr
Block string - The IPv6 CIDR block to allow or deny.
- To
Port int - The to port to match.
- network
Acl StringId - The ID of the network ACL.
- protocol String
- The protocol. A value of -1 means all protocols.
- rule
Action String - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule
Number Integer - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- cidr
Block String - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress Boolean
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from
Port Integer - The from port to match.
- icmp
Code Integer ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp
Type Integer - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6Cidr
Block String - The IPv6 CIDR block to allow or deny.
- to
Port Integer - The to port to match.
- network
Acl stringId - The ID of the network ACL.
- protocol string
- The protocol. A value of -1 means all protocols.
- rule
Action string - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule
Number number - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- cidr
Block string - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress boolean
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from
Port number - The from port to match.
- icmp
Code number ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp
Type number - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6Cidr
Block string - The IPv6 CIDR block to allow or deny.
- to
Port number - The to port to match.
- network_
acl_ strid - The ID of the network ACL.
- protocol str
- The protocol. A value of -1 means all protocols.
- rule_
action str - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule_
number int - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- cidr_
block str - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress bool
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from_
port int - The from port to match.
- icmp_
code int ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp_
type int - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6_
cidr_ strblock - The IPv6 CIDR block to allow or deny.
- to_
port int - The to port to match.
- network
Acl StringId - The ID of the network ACL.
- protocol String
- The protocol. A value of -1 means all protocols.
- rule
Action String - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule
Number Number - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- cidr
Block String - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress Boolean
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from
Port Number - The from port to match.
- icmp
Code Number ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp
Type Number - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6Cidr
Block String - The IPv6 CIDR block to allow or deny.
- to
Port Number - The to port to match.
Outputs
All input properties are implicitly available as output properties. Additionally, the NetworkAclRule resource produces the following output properties:
- Id string
- The provider-assigned unique ID for this managed resource.
- Id string
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
- id string
- The provider-assigned unique ID for this managed resource.
- id str
- The provider-assigned unique ID for this managed resource.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing NetworkAclRule Resource
Get an existing NetworkAclRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: NetworkAclRuleState, opts?: CustomResourceOptions): NetworkAclRule@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
cidr_block: Optional[str] = None,
egress: Optional[bool] = None,
from_port: Optional[int] = None,
icmp_code: Optional[int] = None,
icmp_type: Optional[int] = None,
ipv6_cidr_block: Optional[str] = None,
network_acl_id: Optional[str] = None,
protocol: Optional[str] = None,
rule_action: Optional[str] = None,
rule_number: Optional[int] = None,
to_port: Optional[int] = None) -> NetworkAclRulefunc GetNetworkAclRule(ctx *Context, name string, id IDInput, state *NetworkAclRuleState, opts ...ResourceOption) (*NetworkAclRule, error)public static NetworkAclRule Get(string name, Input<string> id, NetworkAclRuleState? state, CustomResourceOptions? opts = null)public static NetworkAclRule get(String name, Output<String> id, NetworkAclRuleState state, CustomResourceOptions options)Resource lookup is not supported in YAML- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Cidr
Block string - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- Egress bool
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - From
Port int - The from port to match.
- Icmp
Code int ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- Icmp
Type int - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- Ipv6Cidr
Block string - The IPv6 CIDR block to allow or deny.
- Network
Acl stringId - The ID of the network ACL.
- Protocol string
- The protocol. A value of -1 means all protocols.
- Rule
Action string - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - Rule
Number int - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- To
Port int - The to port to match.
- Cidr
Block string - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- Egress bool
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - From
Port int - The from port to match.
- Icmp
Code int ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- Icmp
Type int - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- Ipv6Cidr
Block string - The IPv6 CIDR block to allow or deny.
- Network
Acl stringId - The ID of the network ACL.
- Protocol string
- The protocol. A value of -1 means all protocols.
- Rule
Action string - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - Rule
Number int - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- To
Port int - The to port to match.
- cidr
Block String - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress Boolean
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from
Port Integer - The from port to match.
- icmp
Code Integer ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp
Type Integer - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6Cidr
Block String - The IPv6 CIDR block to allow or deny.
- network
Acl StringId - The ID of the network ACL.
- protocol String
- The protocol. A value of -1 means all protocols.
- rule
Action String - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule
Number Integer - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- to
Port Integer - The to port to match.
- cidr
Block string - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress boolean
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from
Port number - The from port to match.
- icmp
Code number ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp
Type number - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6Cidr
Block string - The IPv6 CIDR block to allow or deny.
- network
Acl stringId - The ID of the network ACL.
- protocol string
- The protocol. A value of -1 means all protocols.
- rule
Action string - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule
Number number - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- to
Port number - The to port to match.
- cidr_
block str - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress bool
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from_
port int - The from port to match.
- icmp_
code int ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp_
type int - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6_
cidr_ strblock - The IPv6 CIDR block to allow or deny.
- network_
acl_ strid - The ID of the network ACL.
- protocol str
- The protocol. A value of -1 means all protocols.
- rule_
action str - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule_
number int - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- to_
port int - The to port to match.
- cidr
Block String - The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
- egress Boolean
- Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default
false. - from
Port Number - The from port to match.
- icmp
Code Number ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of
protocolis-1orall, thefrom_portandto_portvalues will be ignored and the rule will apply to all ports.NOTE: If the value of
icmp_typeis-1(which results in a wildcard ICMP type), theicmp_codemust also be set to-1(wildcard ICMP code).Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
- icmp
Type Number - ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
- ipv6Cidr
Block String - The IPv6 CIDR block to allow or deny.
- network
Acl StringId - The ID of the network ACL.
- protocol String
- The protocol. A value of -1 means all protocols.
- rule
Action String - Indicates whether to allow or deny the traffic that matches the rule. Accepted values:
allow|deny - rule
Number Number - The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
- to
Port Number - The to port to match.
Import
Using the procotol’s decimal value:
Using pulumi import to import individual rules using NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS, where PROTOCOL can be a decimal (such as “6”) or string (such as “tcp”) value. For example:
Using the procotol’s string value:
$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:tcp:false
Using the procotol’s decimal value:
$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:6:false
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
awsTerraform Provider.
Try AWS Native preview for resources not in the classic version.