1. Packages
  2. AWS
  3. API Docs
  4. ec2
  5. DefaultNetworkAcl
AWS v6.61.0 published on Tuesday, Nov 26, 2024 by Pulumi

aws.ec2.DefaultNetworkAcl

Explore with Pulumi AI

aws logo
AWS v6.61.0 published on Tuesday, Nov 26, 2024 by Pulumi

    Provides a resource to manage a VPC’s default network ACL. This resource can manage the default network ACL of the default or a non-default VPC.

    NOTE: This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The aws.ec2.DefaultNetworkAcl behaves differently from normal resources. This provider does not create this resource but instead attempts to “adopt” it into management.

    Every VPC has a default network ACL that can be managed but not destroyed. When the provider first adopts the Default Network ACL, it immediately removes all rules in the ACL. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.

    This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the aws.ec2.NetworkAclRule resource.

    For more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].

    Example Usage

    Basic Example

    The following config gives the Default Network ACL the same rules that AWS includes but pulls the resource under management by this provider. This means that any ACL rules added or changed will be detected as drift.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
    const _default = new aws.ec2.DefaultNetworkAcl("default", {
        defaultNetworkAclId: mainvpc.defaultNetworkAclId,
        ingress: [{
            protocol: "-1",
            ruleNo: 100,
            action: "allow",
            cidrBlock: "0.0.0.0/0",
            fromPort: 0,
            toPort: 0,
        }],
        egress: [{
            protocol: "-1",
            ruleNo: 100,
            action: "allow",
            cidrBlock: "0.0.0.0/0",
            fromPort: 0,
            toPort: 0,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
    default = aws.ec2.DefaultNetworkAcl("default",
        default_network_acl_id=mainvpc.default_network_acl_id,
        ingress=[{
            "protocol": "-1",
            "rule_no": 100,
            "action": "allow",
            "cidr_block": "0.0.0.0/0",
            "from_port": 0,
            "to_port": 0,
        }],
        egress=[{
            "protocol": "-1",
            "rule_no": 100,
            "action": "allow",
            "cidr_block": "0.0.0.0/0",
            "from_port": 0,
            "to_port": 0,
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.1.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
    			DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
    			Ingress: ec2.DefaultNetworkAclIngressArray{
    				&ec2.DefaultNetworkAclIngressArgs{
    					Protocol:  pulumi.String("-1"),
    					RuleNo:    pulumi.Int(100),
    					Action:    pulumi.String("allow"),
    					CidrBlock: pulumi.String("0.0.0.0/0"),
    					FromPort:  pulumi.Int(0),
    					ToPort:    pulumi.Int(0),
    				},
    			},
    			Egress: ec2.DefaultNetworkAclEgressArray{
    				&ec2.DefaultNetworkAclEgressArgs{
    					Protocol:  pulumi.String("-1"),
    					RuleNo:    pulumi.Int(100),
    					Action:    pulumi.String("allow"),
    					CidrBlock: pulumi.String("0.0.0.0/0"),
    					FromPort:  pulumi.Int(0),
    					ToPort:    pulumi.Int(0),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
        {
            CidrBlock = "10.1.0.0/16",
        });
    
        var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
        {
            DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
                {
                    Protocol = "-1",
                    RuleNo = 100,
                    Action = "allow",
                    CidrBlock = "0.0.0.0/0",
                    FromPort = 0,
                    ToPort = 0,
                },
            },
            Egress = new[]
            {
                new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs
                {
                    Protocol = "-1",
                    RuleNo = 100,
                    Action = "allow",
                    CidrBlock = "0.0.0.0/0",
                    FromPort = 0,
                    ToPort = 0,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Vpc;
    import com.pulumi.aws.ec2.VpcArgs;
    import com.pulumi.aws.ec2.DefaultNetworkAcl;
    import com.pulumi.aws.ec2.DefaultNetworkAclArgs;
    import com.pulumi.aws.ec2.inputs.DefaultNetworkAclIngressArgs;
    import com.pulumi.aws.ec2.inputs.DefaultNetworkAclEgressArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
                .cidrBlock("10.1.0.0/16")
                .build());
    
            var default_ = new DefaultNetworkAcl("default", DefaultNetworkAclArgs.builder()
                .defaultNetworkAclId(mainvpc.defaultNetworkAclId())
                .ingress(DefaultNetworkAclIngressArgs.builder()
                    .protocol(-1)
                    .ruleNo(100)
                    .action("allow")
                    .cidrBlock("0.0.0.0/0")
                    .fromPort(0)
                    .toPort(0)
                    .build())
                .egress(DefaultNetworkAclEgressArgs.builder()
                    .protocol(-1)
                    .ruleNo(100)
                    .action("allow")
                    .cidrBlock("0.0.0.0/0")
                    .fromPort(0)
                    .toPort(0)
                    .build())
                .build());
    
        }
    }
    
    resources:
      mainvpc:
        type: aws:ec2:Vpc
        properties:
          cidrBlock: 10.1.0.0/16
      default:
        type: aws:ec2:DefaultNetworkAcl
        properties:
          defaultNetworkAclId: ${mainvpc.defaultNetworkAclId}
          ingress:
            - protocol: -1
              ruleNo: 100
              action: allow
              cidrBlock: 0.0.0.0/0
              fromPort: 0
              toPort: 0
          egress:
            - protocol: -1
              ruleNo: 100
              action: allow
              cidrBlock: 0.0.0.0/0
              fromPort: 0
              toPort: 0
    

    Example: Deny All Egress Traffic, Allow Ingress

    The following denies all Egress traffic by omitting any egress rules, while including the default ingress rule to allow all traffic.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
    const _default = new aws.ec2.DefaultNetworkAcl("default", {
        defaultNetworkAclId: mainvpc.defaultNetworkAclId,
        ingress: [{
            protocol: "-1",
            ruleNo: 100,
            action: "allow",
            cidrBlock: mainvpcAwsDefaultVpc.cidrBlock,
            fromPort: 0,
            toPort: 0,
        }],
    });
    
    import pulumi
    import pulumi_aws as aws
    
    mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
    default = aws.ec2.DefaultNetworkAcl("default",
        default_network_acl_id=mainvpc.default_network_acl_id,
        ingress=[{
            "protocol": "-1",
            "rule_no": 100,
            "action": "allow",
            "cidr_block": mainvpc_aws_default_vpc["cidrBlock"],
            "from_port": 0,
            "to_port": 0,
        }])
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.1.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
    			DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
    			Ingress: ec2.DefaultNetworkAclIngressArray{
    				&ec2.DefaultNetworkAclIngressArgs{
    					Protocol:  pulumi.String("-1"),
    					RuleNo:    pulumi.Int(100),
    					Action:    pulumi.String("allow"),
    					CidrBlock: pulumi.Any(mainvpcAwsDefaultVpc.CidrBlock),
    					FromPort:  pulumi.Int(0),
    					ToPort:    pulumi.Int(0),
    				},
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
        {
            CidrBlock = "10.1.0.0/16",
        });
    
        var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
        {
            DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
            Ingress = new[]
            {
                new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
                {
                    Protocol = "-1",
                    RuleNo = 100,
                    Action = "allow",
                    CidrBlock = mainvpcAwsDefaultVpc.CidrBlock,
                    FromPort = 0,
                    ToPort = 0,
                },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Vpc;
    import com.pulumi.aws.ec2.VpcArgs;
    import com.pulumi.aws.ec2.DefaultNetworkAcl;
    import com.pulumi.aws.ec2.DefaultNetworkAclArgs;
    import com.pulumi.aws.ec2.inputs.DefaultNetworkAclIngressArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
                .cidrBlock("10.1.0.0/16")
                .build());
    
            var default_ = new DefaultNetworkAcl("default", DefaultNetworkAclArgs.builder()
                .defaultNetworkAclId(mainvpc.defaultNetworkAclId())
                .ingress(DefaultNetworkAclIngressArgs.builder()
                    .protocol(-1)
                    .ruleNo(100)
                    .action("allow")
                    .cidrBlock(mainvpcAwsDefaultVpc.cidrBlock())
                    .fromPort(0)
                    .toPort(0)
                    .build())
                .build());
    
        }
    }
    
    resources:
      mainvpc:
        type: aws:ec2:Vpc
        properties:
          cidrBlock: 10.1.0.0/16
      default:
        type: aws:ec2:DefaultNetworkAcl
        properties:
          defaultNetworkAclId: ${mainvpc.defaultNetworkAclId}
          ingress:
            - protocol: -1
              ruleNo: 100
              action: allow
              cidrBlock: ${mainvpcAwsDefaultVpc.cidrBlock}
              fromPort: 0
              toPort: 0
    

    Example: Deny All Traffic To Any Subnet In The Default Network ACL

    This config denies all traffic in the Default ACL. This can be useful if you want to lock down the VPC to force all resources to assign a non-default ACL.

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
    const _default = new aws.ec2.DefaultNetworkAcl("default", {defaultNetworkAclId: mainvpc.defaultNetworkAclId});
    
    import pulumi
    import pulumi_aws as aws
    
    mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
    default = aws.ec2.DefaultNetworkAcl("default", default_network_acl_id=mainvpc.default_network_acl_id)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
    			CidrBlock: pulumi.String("10.1.0.0/16"),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
    			DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
        {
            CidrBlock = "10.1.0.0/16",
        });
    
        var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
        {
            DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.Vpc;
    import com.pulumi.aws.ec2.VpcArgs;
    import com.pulumi.aws.ec2.DefaultNetworkAcl;
    import com.pulumi.aws.ec2.DefaultNetworkAclArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var mainvpc = new Vpc("mainvpc", VpcArgs.builder()
                .cidrBlock("10.1.0.0/16")
                .build());
    
            var default_ = new DefaultNetworkAcl("default", DefaultNetworkAclArgs.builder()
                .defaultNetworkAclId(mainvpc.defaultNetworkAclId())
                .build());
    
        }
    }
    
    resources:
      mainvpc:
        type: aws:ec2:Vpc
        properties:
          cidrBlock: 10.1.0.0/16
      default:
        type: aws:ec2:DefaultNetworkAcl
        properties:
          defaultNetworkAclId: ${mainvpc.defaultNetworkAclId}
    

    Managing Subnets In A Default Network ACL

    Within a VPC, all Subnets must be associated with a Network ACL. In order to “delete” the association between a Subnet and a non-default Network ACL, the association is destroyed by replacing it with an association between the Subnet and the Default ACL instead.

    When managing the Default Network ACL, you cannot “remove” Subnets. Instead, they must be reassigned to another Network ACL, or the Subnet itself must be destroyed. Because of these requirements, removing the subnet_ids attribute from the configuration of a aws.ec2.DefaultNetworkAcl resource may result in a reoccurring plan, until the Subnets are reassigned to another Network ACL or are destroyed.

    Because Subnets are by default associated with the Default Network ACL, any non-explicit association will show up as a plan to remove the Subnet. For example: if you have a custom aws.ec2.NetworkAcl with two subnets attached, and you remove the aws.ec2.NetworkAcl resource, after successfully destroying this resource future plans will show a diff on the managed aws.ec2.DefaultNetworkAcl, as those two Subnets have been orphaned by the now destroyed network acl and thus adopted by the Default Network ACL. In order to avoid a reoccurring plan, they will need to be reassigned, destroyed, or added to the subnet_ids attribute of the aws.ec2.DefaultNetworkAcl entry.

    As an alternative to the above, you can also specify the following lifecycle configuration in your aws.ec2.DefaultNetworkAcl resource:

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const _default = new aws.ec2.DefaultNetworkAcl("default", {});
    
    import pulumi
    import pulumi_aws as aws
    
    default = aws.ec2.DefaultNetworkAcl("default")
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		_, err := ec2.NewDefaultNetworkAcl(ctx, "default", nil)
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var @default = new Aws.Ec2.DefaultNetworkAcl("default");
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.DefaultNetworkAcl;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var default_ = new DefaultNetworkAcl("default");
    
        }
    }
    
    resources:
      default:
        type: aws:ec2:DefaultNetworkAcl
    

    Removing aws.ec2.DefaultNetworkAcl From Your Configuration

    Each AWS VPC comes with a Default Network ACL that cannot be deleted. The aws.ec2.DefaultNetworkAcl allows you to manage this Network ACL, but the provider cannot destroy it. Removing this resource from your configuration will remove it from your statefile and management, but will not destroy the Network ACL. All Subnets associations and ingress or egress rules will be left as they are at the time of removal. You can resume managing them via the AWS Console.

    Create DefaultNetworkAcl Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new DefaultNetworkAcl(name: string, args: DefaultNetworkAclArgs, opts?: CustomResourceOptions);
    @overload
    def DefaultNetworkAcl(resource_name: str,
                          args: DefaultNetworkAclArgs,
                          opts: Optional[ResourceOptions] = None)
    
    @overload
    def DefaultNetworkAcl(resource_name: str,
                          opts: Optional[ResourceOptions] = None,
                          default_network_acl_id: Optional[str] = None,
                          egress: Optional[Sequence[DefaultNetworkAclEgressArgs]] = None,
                          ingress: Optional[Sequence[DefaultNetworkAclIngressArgs]] = None,
                          subnet_ids: Optional[Sequence[str]] = None,
                          tags: Optional[Mapping[str, str]] = None)
    func NewDefaultNetworkAcl(ctx *Context, name string, args DefaultNetworkAclArgs, opts ...ResourceOption) (*DefaultNetworkAcl, error)
    public DefaultNetworkAcl(string name, DefaultNetworkAclArgs args, CustomResourceOptions? opts = null)
    public DefaultNetworkAcl(String name, DefaultNetworkAclArgs args)
    public DefaultNetworkAcl(String name, DefaultNetworkAclArgs args, CustomResourceOptions options)
    
    type: aws:ec2:DefaultNetworkAcl
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args DefaultNetworkAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args DefaultNetworkAclArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args DefaultNetworkAclArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args DefaultNetworkAclArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args DefaultNetworkAclArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var defaultNetworkAclResource = new Aws.Ec2.DefaultNetworkAcl("defaultNetworkAclResource", new()
    {
        DefaultNetworkAclId = "string",
        Egress = new[]
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs
            {
                Action = "string",
                FromPort = 0,
                Protocol = "string",
                RuleNo = 0,
                ToPort = 0,
                CidrBlock = "string",
                IcmpCode = 0,
                IcmpType = 0,
                Ipv6CidrBlock = "string",
            },
        },
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
            {
                Action = "string",
                FromPort = 0,
                Protocol = "string",
                RuleNo = 0,
                ToPort = 0,
                CidrBlock = "string",
                IcmpCode = 0,
                IcmpType = 0,
                Ipv6CidrBlock = "string",
            },
        },
        SubnetIds = new[]
        {
            "string",
        },
        Tags = 
        {
            { "string", "string" },
        },
    });
    
    example, err := ec2.NewDefaultNetworkAcl(ctx, "defaultNetworkAclResource", &ec2.DefaultNetworkAclArgs{
    	DefaultNetworkAclId: pulumi.String("string"),
    	Egress: ec2.DefaultNetworkAclEgressArray{
    		&ec2.DefaultNetworkAclEgressArgs{
    			Action:        pulumi.String("string"),
    			FromPort:      pulumi.Int(0),
    			Protocol:      pulumi.String("string"),
    			RuleNo:        pulumi.Int(0),
    			ToPort:        pulumi.Int(0),
    			CidrBlock:     pulumi.String("string"),
    			IcmpCode:      pulumi.Int(0),
    			IcmpType:      pulumi.Int(0),
    			Ipv6CidrBlock: pulumi.String("string"),
    		},
    	},
    	Ingress: ec2.DefaultNetworkAclIngressArray{
    		&ec2.DefaultNetworkAclIngressArgs{
    			Action:        pulumi.String("string"),
    			FromPort:      pulumi.Int(0),
    			Protocol:      pulumi.String("string"),
    			RuleNo:        pulumi.Int(0),
    			ToPort:        pulumi.Int(0),
    			CidrBlock:     pulumi.String("string"),
    			IcmpCode:      pulumi.Int(0),
    			IcmpType:      pulumi.Int(0),
    			Ipv6CidrBlock: pulumi.String("string"),
    		},
    	},
    	SubnetIds: pulumi.StringArray{
    		pulumi.String("string"),
    	},
    	Tags: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    })
    
    var defaultNetworkAclResource = new DefaultNetworkAcl("defaultNetworkAclResource", DefaultNetworkAclArgs.builder()
        .defaultNetworkAclId("string")
        .egress(DefaultNetworkAclEgressArgs.builder()
            .action("string")
            .fromPort(0)
            .protocol("string")
            .ruleNo(0)
            .toPort(0)
            .cidrBlock("string")
            .icmpCode(0)
            .icmpType(0)
            .ipv6CidrBlock("string")
            .build())
        .ingress(DefaultNetworkAclIngressArgs.builder()
            .action("string")
            .fromPort(0)
            .protocol("string")
            .ruleNo(0)
            .toPort(0)
            .cidrBlock("string")
            .icmpCode(0)
            .icmpType(0)
            .ipv6CidrBlock("string")
            .build())
        .subnetIds("string")
        .tags(Map.of("string", "string"))
        .build());
    
    default_network_acl_resource = aws.ec2.DefaultNetworkAcl("defaultNetworkAclResource",
        default_network_acl_id="string",
        egress=[{
            "action": "string",
            "from_port": 0,
            "protocol": "string",
            "rule_no": 0,
            "to_port": 0,
            "cidr_block": "string",
            "icmp_code": 0,
            "icmp_type": 0,
            "ipv6_cidr_block": "string",
        }],
        ingress=[{
            "action": "string",
            "from_port": 0,
            "protocol": "string",
            "rule_no": 0,
            "to_port": 0,
            "cidr_block": "string",
            "icmp_code": 0,
            "icmp_type": 0,
            "ipv6_cidr_block": "string",
        }],
        subnet_ids=["string"],
        tags={
            "string": "string",
        })
    
    const defaultNetworkAclResource = new aws.ec2.DefaultNetworkAcl("defaultNetworkAclResource", {
        defaultNetworkAclId: "string",
        egress: [{
            action: "string",
            fromPort: 0,
            protocol: "string",
            ruleNo: 0,
            toPort: 0,
            cidrBlock: "string",
            icmpCode: 0,
            icmpType: 0,
            ipv6CidrBlock: "string",
        }],
        ingress: [{
            action: "string",
            fromPort: 0,
            protocol: "string",
            ruleNo: 0,
            toPort: 0,
            cidrBlock: "string",
            icmpCode: 0,
            icmpType: 0,
            ipv6CidrBlock: "string",
        }],
        subnetIds: ["string"],
        tags: {
            string: "string",
        },
    });
    
    type: aws:ec2:DefaultNetworkAcl
    properties:
        defaultNetworkAclId: string
        egress:
            - action: string
              cidrBlock: string
              fromPort: 0
              icmpCode: 0
              icmpType: 0
              ipv6CidrBlock: string
              protocol: string
              ruleNo: 0
              toPort: 0
        ingress:
            - action: string
              cidrBlock: string
              fromPort: 0
              icmpCode: 0
              icmpType: 0
              ipv6CidrBlock: string
              protocol: string
              ruleNo: 0
              toPort: 0
        subnetIds:
            - string
        tags:
            string: string
    

    DefaultNetworkAcl Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The DefaultNetworkAcl resource accepts the following input properties:

    DefaultNetworkAclId string

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    Egress List<DefaultNetworkAclEgress>
    Configuration block for an egress rule. Detailed below.
    Ingress List<DefaultNetworkAclIngress>
    Configuration block for an ingress rule. Detailed below.
    SubnetIds List<string>
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    DefaultNetworkAclId string

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    Egress []DefaultNetworkAclEgressArgs
    Configuration block for an egress rule. Detailed below.
    Ingress []DefaultNetworkAclIngressArgs
    Configuration block for an ingress rule. Detailed below.
    SubnetIds []string
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    defaultNetworkAclId String

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress List<DefaultNetworkAclEgress>
    Configuration block for an egress rule. Detailed below.
    ingress List<DefaultNetworkAclIngress>
    Configuration block for an ingress rule. Detailed below.
    subnetIds List<String>
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    defaultNetworkAclId string

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress DefaultNetworkAclEgress[]
    Configuration block for an egress rule. Detailed below.
    ingress DefaultNetworkAclIngress[]
    Configuration block for an ingress rule. Detailed below.
    subnetIds string[]
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    default_network_acl_id str

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress Sequence[DefaultNetworkAclEgressArgs]
    Configuration block for an egress rule. Detailed below.
    ingress Sequence[DefaultNetworkAclIngressArgs]
    Configuration block for an ingress rule. Detailed below.
    subnet_ids Sequence[str]
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    defaultNetworkAclId String

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress List<Property Map>
    Configuration block for an egress rule. Detailed below.
    ingress List<Property Map>
    Configuration block for an ingress rule. Detailed below.
    subnetIds List<String>
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the DefaultNetworkAcl resource produces the following output properties:

    Arn string
    ARN of the Default Network ACL
    Id string
    The provider-assigned unique ID for this managed resource.
    OwnerId string
    ID of the AWS account that owns the Default Network ACL
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcId string
    ID of the associated VPC
    Arn string
    ARN of the Default Network ACL
    Id string
    The provider-assigned unique ID for this managed resource.
    OwnerId string
    ID of the AWS account that owns the Default Network ACL
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcId string
    ID of the associated VPC
    arn String
    ARN of the Default Network ACL
    id String
    The provider-assigned unique ID for this managed resource.
    ownerId String
    ID of the AWS account that owns the Default Network ACL
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId String
    ID of the associated VPC
    arn string
    ARN of the Default Network ACL
    id string
    The provider-assigned unique ID for this managed resource.
    ownerId string
    ID of the AWS account that owns the Default Network ACL
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId string
    ID of the associated VPC
    arn str
    ARN of the Default Network ACL
    id str
    The provider-assigned unique ID for this managed resource.
    owner_id str
    ID of the AWS account that owns the Default Network ACL
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpc_id str
    ID of the associated VPC
    arn String
    ARN of the Default Network ACL
    id String
    The provider-assigned unique ID for this managed resource.
    ownerId String
    ID of the AWS account that owns the Default Network ACL
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId String
    ID of the associated VPC

    Look up Existing DefaultNetworkAcl Resource

    Get an existing DefaultNetworkAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: DefaultNetworkAclState, opts?: CustomResourceOptions): DefaultNetworkAcl
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            arn: Optional[str] = None,
            default_network_acl_id: Optional[str] = None,
            egress: Optional[Sequence[DefaultNetworkAclEgressArgs]] = None,
            ingress: Optional[Sequence[DefaultNetworkAclIngressArgs]] = None,
            owner_id: Optional[str] = None,
            subnet_ids: Optional[Sequence[str]] = None,
            tags: Optional[Mapping[str, str]] = None,
            tags_all: Optional[Mapping[str, str]] = None,
            vpc_id: Optional[str] = None) -> DefaultNetworkAcl
    func GetDefaultNetworkAcl(ctx *Context, name string, id IDInput, state *DefaultNetworkAclState, opts ...ResourceOption) (*DefaultNetworkAcl, error)
    public static DefaultNetworkAcl Get(string name, Input<string> id, DefaultNetworkAclState? state, CustomResourceOptions? opts = null)
    public static DefaultNetworkAcl get(String name, Output<String> id, DefaultNetworkAclState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Arn string
    ARN of the Default Network ACL
    DefaultNetworkAclId string

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    Egress List<DefaultNetworkAclEgress>
    Configuration block for an egress rule. Detailed below.
    Ingress List<DefaultNetworkAclIngress>
    Configuration block for an ingress rule. Detailed below.
    OwnerId string
    ID of the AWS account that owns the Default Network ACL
    SubnetIds List<string>
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    Tags Dictionary<string, string>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll Dictionary<string, string>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcId string
    ID of the associated VPC
    Arn string
    ARN of the Default Network ACL
    DefaultNetworkAclId string

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    Egress []DefaultNetworkAclEgressArgs
    Configuration block for an egress rule. Detailed below.
    Ingress []DefaultNetworkAclIngressArgs
    Configuration block for an ingress rule. Detailed below.
    OwnerId string
    ID of the AWS account that owns the Default Network ACL
    SubnetIds []string
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    Tags map[string]string
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    TagsAll map[string]string
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    VpcId string
    ID of the associated VPC
    arn String
    ARN of the Default Network ACL
    defaultNetworkAclId String

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress List<DefaultNetworkAclEgress>
    Configuration block for an egress rule. Detailed below.
    ingress List<DefaultNetworkAclIngress>
    Configuration block for an ingress rule. Detailed below.
    ownerId String
    ID of the AWS account that owns the Default Network ACL
    subnetIds List<String>
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags Map<String,String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String,String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId String
    ID of the associated VPC
    arn string
    ARN of the Default Network ACL
    defaultNetworkAclId string

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress DefaultNetworkAclEgress[]
    Configuration block for an egress rule. Detailed below.
    ingress DefaultNetworkAclIngress[]
    Configuration block for an ingress rule. Detailed below.
    ownerId string
    ID of the AWS account that owns the Default Network ACL
    subnetIds string[]
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags {[key: string]: string}
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll {[key: string]: string}
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId string
    ID of the associated VPC
    arn str
    ARN of the Default Network ACL
    default_network_acl_id str

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress Sequence[DefaultNetworkAclEgressArgs]
    Configuration block for an egress rule. Detailed below.
    ingress Sequence[DefaultNetworkAclIngressArgs]
    Configuration block for an ingress rule. Detailed below.
    owner_id str
    ID of the AWS account that owns the Default Network ACL
    subnet_ids Sequence[str]
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags Mapping[str, str]
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tags_all Mapping[str, str]
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpc_id str
    ID of the associated VPC
    arn String
    ARN of the Default Network ACL
    defaultNetworkAclId String

    Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

    The following arguments are optional:

    egress List<Property Map>
    Configuration block for an egress rule. Detailed below.
    ingress List<Property Map>
    Configuration block for an ingress rule. Detailed below.
    ownerId String
    ID of the AWS account that owns the Default Network ACL
    subnetIds List<String>
    List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL
    tags Map<String>
    Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.
    tagsAll Map<String>
    A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

    Deprecated: Please use tags instead.

    vpcId String
    ID of the associated VPC

    Supporting Types

    DefaultNetworkAclEgress, DefaultNetworkAclEgressArgs

    Action string
    The action to take.
    FromPort int
    The from port to match.
    Protocol string
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    RuleNo int
    The rule number. Used for ordering.
    ToPort int

    The to port to match.

    The following arguments are optional:

    CidrBlock string
    The CIDR block to match. This must be a valid network mask.
    IcmpCode int
    The ICMP type code to be used. Default 0.
    IcmpType int
    The ICMP type to be used. Default 0.
    Ipv6CidrBlock string

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    Action string
    The action to take.
    FromPort int
    The from port to match.
    Protocol string
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    RuleNo int
    The rule number. Used for ordering.
    ToPort int

    The to port to match.

    The following arguments are optional:

    CidrBlock string
    The CIDR block to match. This must be a valid network mask.
    IcmpCode int
    The ICMP type code to be used. Default 0.
    IcmpType int
    The ICMP type to be used. Default 0.
    Ipv6CidrBlock string

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action String
    The action to take.
    fromPort Integer
    The from port to match.
    protocol String
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    ruleNo Integer
    The rule number. Used for ordering.
    toPort Integer

    The to port to match.

    The following arguments are optional:

    cidrBlock String
    The CIDR block to match. This must be a valid network mask.
    icmpCode Integer
    The ICMP type code to be used. Default 0.
    icmpType Integer
    The ICMP type to be used. Default 0.
    ipv6CidrBlock String

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action string
    The action to take.
    fromPort number
    The from port to match.
    protocol string
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    ruleNo number
    The rule number. Used for ordering.
    toPort number

    The to port to match.

    The following arguments are optional:

    cidrBlock string
    The CIDR block to match. This must be a valid network mask.
    icmpCode number
    The ICMP type code to be used. Default 0.
    icmpType number
    The ICMP type to be used. Default 0.
    ipv6CidrBlock string

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action str
    The action to take.
    from_port int
    The from port to match.
    protocol str
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    rule_no int
    The rule number. Used for ordering.
    to_port int

    The to port to match.

    The following arguments are optional:

    cidr_block str
    The CIDR block to match. This must be a valid network mask.
    icmp_code int
    The ICMP type code to be used. Default 0.
    icmp_type int
    The ICMP type to be used. Default 0.
    ipv6_cidr_block str

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action String
    The action to take.
    fromPort Number
    The from port to match.
    protocol String
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    ruleNo Number
    The rule number. Used for ordering.
    toPort Number

    The to port to match.

    The following arguments are optional:

    cidrBlock String
    The CIDR block to match. This must be a valid network mask.
    icmpCode Number
    The ICMP type code to be used. Default 0.
    icmpType Number
    The ICMP type to be used. Default 0.
    ipv6CidrBlock String

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    DefaultNetworkAclIngress, DefaultNetworkAclIngressArgs

    Action string
    The action to take.
    FromPort int
    The from port to match.
    Protocol string
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    RuleNo int
    The rule number. Used for ordering.
    ToPort int

    The to port to match.

    The following arguments are optional:

    CidrBlock string
    The CIDR block to match. This must be a valid network mask.
    IcmpCode int
    The ICMP type code to be used. Default 0.
    IcmpType int
    The ICMP type to be used. Default 0.
    Ipv6CidrBlock string

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    Action string
    The action to take.
    FromPort int
    The from port to match.
    Protocol string
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    RuleNo int
    The rule number. Used for ordering.
    ToPort int

    The to port to match.

    The following arguments are optional:

    CidrBlock string
    The CIDR block to match. This must be a valid network mask.
    IcmpCode int
    The ICMP type code to be used. Default 0.
    IcmpType int
    The ICMP type to be used. Default 0.
    Ipv6CidrBlock string

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action String
    The action to take.
    fromPort Integer
    The from port to match.
    protocol String
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    ruleNo Integer
    The rule number. Used for ordering.
    toPort Integer

    The to port to match.

    The following arguments are optional:

    cidrBlock String
    The CIDR block to match. This must be a valid network mask.
    icmpCode Integer
    The ICMP type code to be used. Default 0.
    icmpType Integer
    The ICMP type to be used. Default 0.
    ipv6CidrBlock String

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action string
    The action to take.
    fromPort number
    The from port to match.
    protocol string
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    ruleNo number
    The rule number. Used for ordering.
    toPort number

    The to port to match.

    The following arguments are optional:

    cidrBlock string
    The CIDR block to match. This must be a valid network mask.
    icmpCode number
    The ICMP type code to be used. Default 0.
    icmpType number
    The ICMP type to be used. Default 0.
    ipv6CidrBlock string

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action str
    The action to take.
    from_port int
    The from port to match.
    protocol str
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    rule_no int
    The rule number. Used for ordering.
    to_port int

    The to port to match.

    The following arguments are optional:

    cidr_block str
    The CIDR block to match. This must be a valid network mask.
    icmp_code int
    The ICMP type code to be used. Default 0.
    icmp_type int
    The ICMP type to be used. Default 0.
    ipv6_cidr_block str

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    action String
    The action to take.
    fromPort Number
    The from port to match.
    protocol String
    The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
    ruleNo Number
    The rule number. Used for ordering.
    toPort Number

    The to port to match.

    The following arguments are optional:

    cidrBlock String
    The CIDR block to match. This must be a valid network mask.
    icmpCode Number
    The ICMP type code to be used. Default 0.
    icmpType Number
    The ICMP type to be used. Default 0.
    ipv6CidrBlock String

    The IPv6 CIDR block.

    For more information on ICMP types and codes, see Internet Control Message Protocol (ICMP) Parameters.

    Import

    Using pulumi import, import Default Network ACLs using the id. For example:

    $ pulumi import aws:ec2/defaultNetworkAcl:DefaultNetworkAcl sample acl-7aaabd18
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo
    AWS v6.61.0 published on Tuesday, Nov 26, 2024 by Pulumi