AWS Classic v5.41.0, May 15 23
AWS Classic v5.41.0, May 15 23
aws.ec2.DefaultNetworkAcl
Explore with Pulumi AI
Provides a resource to manage a VPC’s default network ACL. This resource can manage the default network ACL of the default or a non-default VPC.
NOTE: This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The
aws.ec2.DefaultNetworkAcl
behaves differently from normal resources. This provider does not create this resource but instead attempts to “adopt” it into management.
Every VPC has a default network ACL that can be managed but not destroyed. When the provider first adopts the Default Network ACL, it immediately removes all rules in the ACL. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.
This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the aws.ec2.NetworkAclRule
resource.
For more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].
Example Usage
Basic Example
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
{
DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
Ingress = new[]
{
new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
{
Protocol = "-1",
RuleNo = 100,
Action = "allow",
CidrBlock = "0.0.0.0/0",
FromPort = 0,
ToPort = 0,
},
},
Egress = new[]
{
new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs
{
Protocol = "-1",
RuleNo = 100,
Action = "allow",
CidrBlock = "0.0.0.0/0",
FromPort = 0,
ToPort = 0,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.1.0.0/16"),
})
if err != nil {
return err
}
_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
Ingress: ec2.DefaultNetworkAclIngressArray{
&ec2.DefaultNetworkAclIngressArgs{
Protocol: pulumi.String("-1"),
RuleNo: pulumi.Int(100),
Action: pulumi.String("allow"),
CidrBlock: pulumi.String("0.0.0.0/0"),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
},
},
Egress: ec2.DefaultNetworkAclEgressArray{
&ec2.DefaultNetworkAclEgressArgs{
Protocol: pulumi.String("-1"),
RuleNo: pulumi.Int(100),
Action: pulumi.String("allow"),
CidrBlock: pulumi.String("0.0.0.0/0"),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
},
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws as aws
mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultNetworkAcl("default",
default_network_acl_id=mainvpc.default_network_acl_id,
ingress=[aws.ec2.DefaultNetworkAclIngressArgs(
protocol="-1",
rule_no=100,
action="allow",
cidr_block="0.0.0.0/0",
from_port=0,
to_port=0,
)],
egress=[aws.ec2.DefaultNetworkAclEgressArgs(
protocol="-1",
rule_no=100,
action="allow",
cidr_block="0.0.0.0/0",
from_port=0,
to_port=0,
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {
defaultNetworkAclId: mainvpc.defaultNetworkAclId,
ingress: [{
protocol: "-1",
ruleNo: 100,
action: "allow",
cidrBlock: "0.0.0.0/0",
fromPort: 0,
toPort: 0,
}],
egress: [{
protocol: "-1",
ruleNo: 100,
action: "allow",
cidrBlock: "0.0.0.0/0",
fromPort: 0,
toPort: 0,
}],
});
Coming soon!
Example: Deny All Egress Traffic, Allow Ingress
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
{
DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
Ingress = new[]
{
new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
{
Protocol = "-1",
RuleNo = 100,
Action = "allow",
CidrBlock = aws_default_vpc.Mainvpc.Cidr_block,
FromPort = 0,
ToPort = 0,
},
},
});
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.1.0.0/16"),
})
if err != nil {
return err
}
_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
Ingress: ec2.DefaultNetworkAclIngressArray{
&ec2.DefaultNetworkAclIngressArgs{
Protocol: pulumi.String("-1"),
RuleNo: pulumi.Int(100),
Action: pulumi.String("allow"),
CidrBlock: pulumi.Any(aws_default_vpc.Mainvpc.Cidr_block),
FromPort: pulumi.Int(0),
ToPort: pulumi.Int(0),
},
},
})
if err != nil {
return err
}
return nil
})
}
Coming soon!
import pulumi
import pulumi_aws as aws
mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultNetworkAcl("default",
default_network_acl_id=mainvpc.default_network_acl_id,
ingress=[aws.ec2.DefaultNetworkAclIngressArgs(
protocol="-1",
rule_no=100,
action="allow",
cidr_block=aws_default_vpc["mainvpc"]["cidr_block"],
from_port=0,
to_port=0,
)])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {
defaultNetworkAclId: mainvpc.defaultNetworkAclId,
ingress: [{
protocol: "-1",
ruleNo: 100,
action: "allow",
cidrBlock: aws_default_vpc.mainvpc.cidr_block,
fromPort: 0,
toPort: 0,
}],
});
Coming soon!
Example: Deny All Traffic To Any Subnet In The Default Network ACL
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
{
CidrBlock = "10.1.0.0/16",
});
var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
{
DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
});
// no rules defined, deny all traffic in this ACL
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
CidrBlock: pulumi.String("10.1.0.0/16"),
})
if err != nil {
return err
}
_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
})
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.DefaultNetworkAcl;
import com.pulumi.aws.ec2.DefaultNetworkAclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
.cidrBlock("10.1.0.0/16")
.build());
var default_ = new DefaultNetworkAcl("default", DefaultNetworkAclArgs.builder()
.defaultNetworkAclId(mainvpc.defaultNetworkAclId())
.build());
}
}
import pulumi
import pulumi_aws as aws
mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultNetworkAcl("default", default_network_acl_id=mainvpc.default_network_acl_id)
# no rules defined, deny all traffic in this ACL
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {defaultNetworkAclId: mainvpc.defaultNetworkAclId});
// no rules defined, deny all traffic in this ACL
resources:
mainvpc:
type: aws:ec2:Vpc
properties:
cidrBlock: 10.1.0.0/16
default:
type: aws:ec2:DefaultNetworkAcl
properties:
defaultNetworkAclId: ${mainvpc.defaultNetworkAclId}
Managing Subnets In A Default Network ACL
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
// ... other configuration ...
var @default = new Aws.Ec2.DefaultNetworkAcl("default");
});
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := ec2.NewDefaultNetworkAcl(ctx, "default", nil)
if err != nil {
return err
}
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.DefaultNetworkAcl;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var default_ = new DefaultNetworkAcl("default");
}
}
import pulumi
import pulumi_aws as aws
# ... other configuration ...
default = aws.ec2.DefaultNetworkAcl("default")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// ... other configuration ...
const _default = new aws.ec2.DefaultNetworkAcl("default", {});
resources:
default:
type: aws:ec2:DefaultNetworkAcl
Create DefaultNetworkAcl Resource
new DefaultNetworkAcl(name: string, args: DefaultNetworkAclArgs, opts?: CustomResourceOptions);
@overload
def DefaultNetworkAcl(resource_name: str,
opts: Optional[ResourceOptions] = None,
default_network_acl_id: Optional[str] = None,
egress: Optional[Sequence[DefaultNetworkAclEgressArgs]] = None,
ingress: Optional[Sequence[DefaultNetworkAclIngressArgs]] = None,
subnet_ids: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None)
@overload
def DefaultNetworkAcl(resource_name: str,
args: DefaultNetworkAclArgs,
opts: Optional[ResourceOptions] = None)
func NewDefaultNetworkAcl(ctx *Context, name string, args DefaultNetworkAclArgs, opts ...ResourceOption) (*DefaultNetworkAcl, error)
public DefaultNetworkAcl(string name, DefaultNetworkAclArgs args, CustomResourceOptions? opts = null)
public DefaultNetworkAcl(String name, DefaultNetworkAclArgs args)
public DefaultNetworkAcl(String name, DefaultNetworkAclArgs args, CustomResourceOptions options)
type: aws:ec2:DefaultNetworkAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefaultNetworkAclArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args DefaultNetworkAclArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args DefaultNetworkAclArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args DefaultNetworkAclArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args DefaultNetworkAclArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
DefaultNetworkAcl Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
The DefaultNetworkAcl resource accepts the following input properties:
- Default
Network stringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- Egress
List<Pulumi.
Aws. Ec2. Inputs. Default Network Acl Egress Args> Configuration block for an egress rule. Detailed below.
- Ingress
List<Pulumi.
Aws. Ec2. Inputs. Default Network Acl Ingress Args> Configuration block for an ingress rule. Detailed below.
- Subnet
Ids List<string> List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Dictionary<string, string>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- Default
Network stringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- Egress
[]Default
Network Acl Egress Args Configuration block for an egress rule. Detailed below.
- Ingress
[]Default
Network Acl Ingress Args Configuration block for an ingress rule. Detailed below.
- Subnet
Ids []string List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- map[string]string
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- default
Network StringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress
List<Default
Network Acl Egress Args> Configuration block for an egress rule. Detailed below.
- ingress
List<Default
Network Acl Ingress Args> Configuration block for an ingress rule. Detailed below.
- subnet
Ids List<String> List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Map<String,String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- default
Network stringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress
Default
Network Acl Egress Args[] Configuration block for an egress rule. Detailed below.
- ingress
Default
Network Acl Ingress Args[] Configuration block for an ingress rule. Detailed below.
- subnet
Ids string[] List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- {[key: string]: string}
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- default_
network_ stracl_ id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress
Sequence[Default
Network Acl Egress Args] Configuration block for an egress rule. Detailed below.
- ingress
Sequence[Default
Network Acl Ingress Args] Configuration block for an ingress rule. Detailed below.
- subnet_
ids Sequence[str] List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Mapping[str, str]
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
- default
Network StringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress List<Property Map>
Configuration block for an egress rule. Detailed below.
- ingress List<Property Map>
Configuration block for an ingress rule. Detailed below.
- subnet
Ids List<String> List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Map<String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.
Outputs
All input properties are implicitly available as output properties. Additionally, the DefaultNetworkAcl resource produces the following output properties:
- Arn string
ARN of the Default Network ACL
- Id string
The provider-assigned unique ID for this managed resource.
- Owner
Id string ID of the AWS account that owns the Default Network ACL
- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- Vpc
Id string ID of the associated VPC
- Arn string
ARN of the Default Network ACL
- Id string
The provider-assigned unique ID for this managed resource.
- Owner
Id string ID of the AWS account that owns the Default Network ACL
- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- Vpc
Id string ID of the associated VPC
- arn String
ARN of the Default Network ACL
- id String
The provider-assigned unique ID for this managed resource.
- owner
Id String ID of the AWS account that owns the Default Network ACL
- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc
Id String ID of the associated VPC
- arn string
ARN of the Default Network ACL
- id string
The provider-assigned unique ID for this managed resource.
- owner
Id string ID of the AWS account that owns the Default Network ACL
- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc
Id string ID of the associated VPC
- arn str
ARN of the Default Network ACL
- id str
The provider-assigned unique ID for this managed resource.
- owner_
id str ID of the AWS account that owns the Default Network ACL
- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc_
id str ID of the associated VPC
- arn String
ARN of the Default Network ACL
- id String
The provider-assigned unique ID for this managed resource.
- owner
Id String ID of the AWS account that owns the Default Network ACL
- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc
Id String ID of the associated VPC
Look up Existing DefaultNetworkAcl Resource
Get an existing DefaultNetworkAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: DefaultNetworkAclState, opts?: CustomResourceOptions): DefaultNetworkAcl
@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
arn: Optional[str] = None,
default_network_acl_id: Optional[str] = None,
egress: Optional[Sequence[DefaultNetworkAclEgressArgs]] = None,
ingress: Optional[Sequence[DefaultNetworkAclIngressArgs]] = None,
owner_id: Optional[str] = None,
subnet_ids: Optional[Sequence[str]] = None,
tags: Optional[Mapping[str, str]] = None,
tags_all: Optional[Mapping[str, str]] = None,
vpc_id: Optional[str] = None) -> DefaultNetworkAcl
func GetDefaultNetworkAcl(ctx *Context, name string, id IDInput, state *DefaultNetworkAclState, opts ...ResourceOption) (*DefaultNetworkAcl, error)
public static DefaultNetworkAcl Get(string name, Input<string> id, DefaultNetworkAclState? state, CustomResourceOptions? opts = null)
public static DefaultNetworkAcl get(String name, Output<String> id, DefaultNetworkAclState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Arn string
ARN of the Default Network ACL
- Default
Network stringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- Egress
List<Pulumi.
Aws. Ec2. Inputs. Default Network Acl Egress Args> Configuration block for an egress rule. Detailed below.
- Ingress
List<Pulumi.
Aws. Ec2. Inputs. Default Network Acl Ingress Args> Configuration block for an ingress rule. Detailed below.
- Owner
Id string ID of the AWS account that owns the Default Network ACL
- Subnet
Ids List<string> List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Dictionary<string, string>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Dictionary<string, string>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- Vpc
Id string ID of the associated VPC
- Arn string
ARN of the Default Network ACL
- Default
Network stringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- Egress
[]Default
Network Acl Egress Args Configuration block for an egress rule. Detailed below.
- Ingress
[]Default
Network Acl Ingress Args Configuration block for an ingress rule. Detailed below.
- Owner
Id string ID of the AWS account that owns the Default Network ACL
- Subnet
Ids []string List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- map[string]string
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- map[string]string
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- Vpc
Id string ID of the associated VPC
- arn String
ARN of the Default Network ACL
- default
Network StringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress
List<Default
Network Acl Egress Args> Configuration block for an egress rule. Detailed below.
- ingress
List<Default
Network Acl Ingress Args> Configuration block for an ingress rule. Detailed below.
- owner
Id String ID of the AWS account that owns the Default Network ACL
- subnet
Ids List<String> List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Map<String,String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String,String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc
Id String ID of the associated VPC
- arn string
ARN of the Default Network ACL
- default
Network stringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress
Default
Network Acl Egress Args[] Configuration block for an egress rule. Detailed below.
- ingress
Default
Network Acl Ingress Args[] Configuration block for an ingress rule. Detailed below.
- owner
Id string ID of the AWS account that owns the Default Network ACL
- subnet
Ids string[] List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- {[key: string]: string}
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- {[key: string]: string}
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc
Id string ID of the associated VPC
- arn str
ARN of the Default Network ACL
- default_
network_ stracl_ id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress
Sequence[Default
Network Acl Egress Args] Configuration block for an egress rule. Detailed below.
- ingress
Sequence[Default
Network Acl Ingress Args] Configuration block for an ingress rule. Detailed below.
- owner_
id str ID of the AWS account that owns the Default Network ACL
- subnet_
ids Sequence[str] List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Mapping[str, str]
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Mapping[str, str]
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc_
id str ID of the associated VPC
- arn String
ARN of the Default Network ACL
- default
Network StringAcl Id Network ACL ID to manage. This attribute is exported from
aws.ec2.Vpc
, or manually found via the AWS Console.- egress List<Property Map>
Configuration block for an egress rule. Detailed below.
- ingress List<Property Map>
Configuration block for an ingress rule. Detailed below.
- owner
Id String ID of the AWS account that owns the Default Network ACL
- subnet
Ids List<String> List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
- Map<String>
Map of tags to assign to the resource. If configured with a provider
default_tags
configuration block present, tags with matching keys will overwrite those defined at the provider-level.- Map<String>
A map of tags assigned to the resource, including those inherited from the provider
default_tags
configuration block.- vpc
Id String ID of the associated VPC
Supporting Types
DefaultNetworkAclEgress
- Action string
The action to take.
- From
Port int The from port to match.
- Protocol string
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- Rule
No int The rule number. Used for ordering.
- To
Port int The to port to match.
- Cidr
Block string The CIDR block to match. This must be a valid network mask.
- Icmp
Code int The ICMP type code to be used. Default 0.
- Icmp
Type int The ICMP type to be used. Default 0.
- Ipv6Cidr
Block string The IPv6 CIDR block.
- Action string
The action to take.
- From
Port int The from port to match.
- Protocol string
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- Rule
No int The rule number. Used for ordering.
- To
Port int The to port to match.
- Cidr
Block string The CIDR block to match. This must be a valid network mask.
- Icmp
Code int The ICMP type code to be used. Default 0.
- Icmp
Type int The ICMP type to be used. Default 0.
- Ipv6Cidr
Block string The IPv6 CIDR block.
- action String
The action to take.
- from
Port Integer The from port to match.
- protocol String
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule
No Integer The rule number. Used for ordering.
- to
Port Integer The to port to match.
- cidr
Block String The CIDR block to match. This must be a valid network mask.
- icmp
Code Integer The ICMP type code to be used. Default 0.
- icmp
Type Integer The ICMP type to be used. Default 0.
- ipv6Cidr
Block String The IPv6 CIDR block.
- action string
The action to take.
- from
Port number The from port to match.
- protocol string
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule
No number The rule number. Used for ordering.
- to
Port number The to port to match.
- cidr
Block string The CIDR block to match. This must be a valid network mask.
- icmp
Code number The ICMP type code to be used. Default 0.
- icmp
Type number The ICMP type to be used. Default 0.
- ipv6Cidr
Block string The IPv6 CIDR block.
- action str
The action to take.
- from_
port int The from port to match.
- protocol str
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule_
no int The rule number. Used for ordering.
- to_
port int The to port to match.
- cidr_
block str The CIDR block to match. This must be a valid network mask.
- icmp_
code int The ICMP type code to be used. Default 0.
- icmp_
type int The ICMP type to be used. Default 0.
- ipv6_
cidr_ strblock The IPv6 CIDR block.
- action String
The action to take.
- from
Port Number The from port to match.
- protocol String
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule
No Number The rule number. Used for ordering.
- to
Port Number The to port to match.
- cidr
Block String The CIDR block to match. This must be a valid network mask.
- icmp
Code Number The ICMP type code to be used. Default 0.
- icmp
Type Number The ICMP type to be used. Default 0.
- ipv6Cidr
Block String The IPv6 CIDR block.
DefaultNetworkAclIngress
- Action string
The action to take.
- From
Port int The from port to match.
- Protocol string
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- Rule
No int The rule number. Used for ordering.
- To
Port int The to port to match.
- Cidr
Block string The CIDR block to match. This must be a valid network mask.
- Icmp
Code int The ICMP type code to be used. Default 0.
- Icmp
Type int The ICMP type to be used. Default 0.
- Ipv6Cidr
Block string The IPv6 CIDR block.
- Action string
The action to take.
- From
Port int The from port to match.
- Protocol string
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- Rule
No int The rule number. Used for ordering.
- To
Port int The to port to match.
- Cidr
Block string The CIDR block to match. This must be a valid network mask.
- Icmp
Code int The ICMP type code to be used. Default 0.
- Icmp
Type int The ICMP type to be used. Default 0.
- Ipv6Cidr
Block string The IPv6 CIDR block.
- action String
The action to take.
- from
Port Integer The from port to match.
- protocol String
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule
No Integer The rule number. Used for ordering.
- to
Port Integer The to port to match.
- cidr
Block String The CIDR block to match. This must be a valid network mask.
- icmp
Code Integer The ICMP type code to be used. Default 0.
- icmp
Type Integer The ICMP type to be used. Default 0.
- ipv6Cidr
Block String The IPv6 CIDR block.
- action string
The action to take.
- from
Port number The from port to match.
- protocol string
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule
No number The rule number. Used for ordering.
- to
Port number The to port to match.
- cidr
Block string The CIDR block to match. This must be a valid network mask.
- icmp
Code number The ICMP type code to be used. Default 0.
- icmp
Type number The ICMP type to be used. Default 0.
- ipv6Cidr
Block string The IPv6 CIDR block.
- action str
The action to take.
- from_
port int The from port to match.
- protocol str
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule_
no int The rule number. Used for ordering.
- to_
port int The to port to match.
- cidr_
block str The CIDR block to match. This must be a valid network mask.
- icmp_
code int The ICMP type code to be used. Default 0.
- icmp_
type int The ICMP type to be used. Default 0.
- ipv6_
cidr_ strblock The IPv6 CIDR block.
- action String
The action to take.
- from
Port Number The from port to match.
- protocol String
The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
- rule
No Number The rule number. Used for ordering.
- to
Port Number The to port to match.
- cidr
Block String The CIDR block to match. This must be a valid network mask.
- icmp
Code Number The ICMP type code to be used. Default 0.
- icmp
Type Number The ICMP type to be used. Default 0.
- ipv6Cidr
Block String The IPv6 CIDR block.
Import
Default Network ACLs can be imported using the id
, e.g.,
$ pulumi import aws:ec2/defaultNetworkAcl:DefaultNetworkAcl sample acl-7aaabd18
Package Details
- Repository
- AWS Classic pulumi/pulumi-aws
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
aws
Terraform Provider.