aws logo
AWS Classic v5.41.0, May 15 23

aws.ec2.DefaultNetworkAcl

Explore with Pulumi AI

Provides a resource to manage a VPC’s default network ACL. This resource can manage the default network ACL of the default or a non-default VPC.

NOTE: This is an advanced resource with special caveats. Please read this document in its entirety before using this resource. The aws.ec2.DefaultNetworkAcl behaves differently from normal resources. This provider does not create this resource but instead attempts to “adopt” it into management.

Every VPC has a default network ACL that can be managed but not destroyed. When the provider first adopts the Default Network ACL, it immediately removes all rules in the ACL. It then proceeds to create any rules specified in the configuration. This step is required so that only the rules specified in the configuration are created.

This resource treats its inline rules as absolute; only the rules defined inline are created, and any additions/removals external to this resource will result in diffs being shown. For these reasons, this resource is incompatible with the aws.ec2.NetworkAclRule resource.

For more information about Network ACLs, see the AWS Documentation on [Network ACLs][aws-network-acls].

Example Usage

Basic Example

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
    {
        CidrBlock = "10.1.0.0/16",
    });

    var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
    {
        DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
            {
                Protocol = "-1",
                RuleNo = 100,
                Action = "allow",
                CidrBlock = "0.0.0.0/0",
                FromPort = 0,
                ToPort = 0,
            },
        },
        Egress = new[]
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs
            {
                Protocol = "-1",
                RuleNo = 100,
                Action = "allow",
                CidrBlock = "0.0.0.0/0",
                FromPort = 0,
                ToPort = 0,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
			CidrBlock: pulumi.String("10.1.0.0/16"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
			DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
			Ingress: ec2.DefaultNetworkAclIngressArray{
				&ec2.DefaultNetworkAclIngressArgs{
					Protocol:  pulumi.String("-1"),
					RuleNo:    pulumi.Int(100),
					Action:    pulumi.String("allow"),
					CidrBlock: pulumi.String("0.0.0.0/0"),
					FromPort:  pulumi.Int(0),
					ToPort:    pulumi.Int(0),
				},
			},
			Egress: ec2.DefaultNetworkAclEgressArray{
				&ec2.DefaultNetworkAclEgressArgs{
					Protocol:  pulumi.String("-1"),
					RuleNo:    pulumi.Int(100),
					Action:    pulumi.String("allow"),
					CidrBlock: pulumi.String("0.0.0.0/0"),
					FromPort:  pulumi.Int(0),
					ToPort:    pulumi.Int(0),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws as aws

mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultNetworkAcl("default",
    default_network_acl_id=mainvpc.default_network_acl_id,
    ingress=[aws.ec2.DefaultNetworkAclIngressArgs(
        protocol="-1",
        rule_no=100,
        action="allow",
        cidr_block="0.0.0.0/0",
        from_port=0,
        to_port=0,
    )],
    egress=[aws.ec2.DefaultNetworkAclEgressArgs(
        protocol="-1",
        rule_no=100,
        action="allow",
        cidr_block="0.0.0.0/0",
        from_port=0,
        to_port=0,
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {
    defaultNetworkAclId: mainvpc.defaultNetworkAclId,
    ingress: [{
        protocol: "-1",
        ruleNo: 100,
        action: "allow",
        cidrBlock: "0.0.0.0/0",
        fromPort: 0,
        toPort: 0,
    }],
    egress: [{
        protocol: "-1",
        ruleNo: 100,
        action: "allow",
        cidrBlock: "0.0.0.0/0",
        fromPort: 0,
        toPort: 0,
    }],
});

Coming soon!

Example: Deny All Egress Traffic, Allow Ingress

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
    {
        CidrBlock = "10.1.0.0/16",
    });

    var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
    {
        DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
        Ingress = new[]
        {
            new Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs
            {
                Protocol = "-1",
                RuleNo = 100,
                Action = "allow",
                CidrBlock = aws_default_vpc.Mainvpc.Cidr_block,
                FromPort = 0,
                ToPort = 0,
            },
        },
    });

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
			CidrBlock: pulumi.String("10.1.0.0/16"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
			DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
			Ingress: ec2.DefaultNetworkAclIngressArray{
				&ec2.DefaultNetworkAclIngressArgs{
					Protocol:  pulumi.String("-1"),
					RuleNo:    pulumi.Int(100),
					Action:    pulumi.String("allow"),
					CidrBlock: pulumi.Any(aws_default_vpc.Mainvpc.Cidr_block),
					FromPort:  pulumi.Int(0),
					ToPort:    pulumi.Int(0),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

Coming soon!

import pulumi
import pulumi_aws as aws

mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultNetworkAcl("default",
    default_network_acl_id=mainvpc.default_network_acl_id,
    ingress=[aws.ec2.DefaultNetworkAclIngressArgs(
        protocol="-1",
        rule_no=100,
        action="allow",
        cidr_block=aws_default_vpc["mainvpc"]["cidr_block"],
        from_port=0,
        to_port=0,
    )])
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {
    defaultNetworkAclId: mainvpc.defaultNetworkAclId,
    ingress: [{
        protocol: "-1",
        ruleNo: 100,
        action: "allow",
        cidrBlock: aws_default_vpc.mainvpc.cidr_block,
        fromPort: 0,
        toPort: 0,
    }],
});

Coming soon!

Example: Deny All Traffic To Any Subnet In The Default Network ACL

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var mainvpc = new Aws.Ec2.Vpc("mainvpc", new()
    {
        CidrBlock = "10.1.0.0/16",
    });

    var @default = new Aws.Ec2.DefaultNetworkAcl("default", new()
    {
        DefaultNetworkAclId = mainvpc.DefaultNetworkAclId,
    });

    // no rules defined, deny all traffic in this ACL
});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		mainvpc, err := ec2.NewVpc(ctx, "mainvpc", &ec2.VpcArgs{
			CidrBlock: pulumi.String("10.1.0.0/16"),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewDefaultNetworkAcl(ctx, "default", &ec2.DefaultNetworkAclArgs{
			DefaultNetworkAclId: mainvpc.DefaultNetworkAclId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.Vpc;
import com.pulumi.aws.ec2.VpcArgs;
import com.pulumi.aws.ec2.DefaultNetworkAcl;
import com.pulumi.aws.ec2.DefaultNetworkAclArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var mainvpc = new Vpc("mainvpc", VpcArgs.builder()        
            .cidrBlock("10.1.0.0/16")
            .build());

        var default_ = new DefaultNetworkAcl("default", DefaultNetworkAclArgs.builder()        
            .defaultNetworkAclId(mainvpc.defaultNetworkAclId())
            .build());

    }
}
import pulumi
import pulumi_aws as aws

mainvpc = aws.ec2.Vpc("mainvpc", cidr_block="10.1.0.0/16")
default = aws.ec2.DefaultNetworkAcl("default", default_network_acl_id=mainvpc.default_network_acl_id)
# no rules defined, deny all traffic in this ACL
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const mainvpc = new aws.ec2.Vpc("mainvpc", {cidrBlock: "10.1.0.0/16"});
const _default = new aws.ec2.DefaultNetworkAcl("default", {defaultNetworkAclId: mainvpc.defaultNetworkAclId});
// no rules defined, deny all traffic in this ACL
resources:
  mainvpc:
    type: aws:ec2:Vpc
    properties:
      cidrBlock: 10.1.0.0/16
  default:
    type: aws:ec2:DefaultNetworkAcl
    properties:
      defaultNetworkAclId: ${mainvpc.defaultNetworkAclId}

Managing Subnets In A Default Network ACL

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    // ... other configuration ...
    var @default = new Aws.Ec2.DefaultNetworkAcl("default");

});
package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v5/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := ec2.NewDefaultNetworkAcl(ctx, "default", nil)
		if err != nil {
			return err
		}
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.DefaultNetworkAcl;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var default_ = new DefaultNetworkAcl("default");

    }
}
import pulumi
import pulumi_aws as aws

# ... other configuration ...
default = aws.ec2.DefaultNetworkAcl("default")
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// ... other configuration ...
const _default = new aws.ec2.DefaultNetworkAcl("default", {});
resources:
  default:
    type: aws:ec2:DefaultNetworkAcl

Create DefaultNetworkAcl Resource

new DefaultNetworkAcl(name: string, args: DefaultNetworkAclArgs, opts?: CustomResourceOptions);
@overload
def DefaultNetworkAcl(resource_name: str,
                      opts: Optional[ResourceOptions] = None,
                      default_network_acl_id: Optional[str] = None,
                      egress: Optional[Sequence[DefaultNetworkAclEgressArgs]] = None,
                      ingress: Optional[Sequence[DefaultNetworkAclIngressArgs]] = None,
                      subnet_ids: Optional[Sequence[str]] = None,
                      tags: Optional[Mapping[str, str]] = None)
@overload
def DefaultNetworkAcl(resource_name: str,
                      args: DefaultNetworkAclArgs,
                      opts: Optional[ResourceOptions] = None)
func NewDefaultNetworkAcl(ctx *Context, name string, args DefaultNetworkAclArgs, opts ...ResourceOption) (*DefaultNetworkAcl, error)
public DefaultNetworkAcl(string name, DefaultNetworkAclArgs args, CustomResourceOptions? opts = null)
public DefaultNetworkAcl(String name, DefaultNetworkAclArgs args)
public DefaultNetworkAcl(String name, DefaultNetworkAclArgs args, CustomResourceOptions options)
type: aws:ec2:DefaultNetworkAcl
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string
The unique name of the resource.
args DefaultNetworkAclArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
resource_name str
The unique name of the resource.
args DefaultNetworkAclArgs
The arguments to resource properties.
opts ResourceOptions
Bag of options to control resource's behavior.
ctx Context
Context object for the current deployment.
name string
The unique name of the resource.
args DefaultNetworkAclArgs
The arguments to resource properties.
opts ResourceOption
Bag of options to control resource's behavior.
name string
The unique name of the resource.
args DefaultNetworkAclArgs
The arguments to resource properties.
opts CustomResourceOptions
Bag of options to control resource's behavior.
name String
The unique name of the resource.
args DefaultNetworkAclArgs
The arguments to resource properties.
options CustomResourceOptions
Bag of options to control resource's behavior.

DefaultNetworkAcl Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The DefaultNetworkAcl resource accepts the following input properties:

DefaultNetworkAclId string

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

Egress List<Pulumi.Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs>

Configuration block for an egress rule. Detailed below.

Ingress List<Pulumi.Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs>

Configuration block for an ingress rule. Detailed below.

SubnetIds List<string>

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

DefaultNetworkAclId string

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

Egress []DefaultNetworkAclEgressArgs

Configuration block for an egress rule. Detailed below.

Ingress []DefaultNetworkAclIngressArgs

Configuration block for an ingress rule. Detailed below.

SubnetIds []string

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

defaultNetworkAclId String

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress List<DefaultNetworkAclEgressArgs>

Configuration block for an egress rule. Detailed below.

ingress List<DefaultNetworkAclIngressArgs>

Configuration block for an ingress rule. Detailed below.

subnetIds List<String>

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

defaultNetworkAclId string

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress DefaultNetworkAclEgressArgs[]

Configuration block for an egress rule. Detailed below.

ingress DefaultNetworkAclIngressArgs[]

Configuration block for an ingress rule. Detailed below.

subnetIds string[]

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

default_network_acl_id str

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress Sequence[DefaultNetworkAclEgressArgs]

Configuration block for an egress rule. Detailed below.

ingress Sequence[DefaultNetworkAclIngressArgs]

Configuration block for an ingress rule. Detailed below.

subnet_ids Sequence[str]

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

defaultNetworkAclId String

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress List<Property Map>

Configuration block for an egress rule. Detailed below.

ingress List<Property Map>

Configuration block for an ingress rule. Detailed below.

subnetIds List<String>

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Outputs

All input properties are implicitly available as output properties. Additionally, the DefaultNetworkAcl resource produces the following output properties:

Arn string

ARN of the Default Network ACL

Id string

The provider-assigned unique ID for this managed resource.

OwnerId string

ID of the AWS account that owns the Default Network ACL

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VpcId string

ID of the associated VPC

Arn string

ARN of the Default Network ACL

Id string

The provider-assigned unique ID for this managed resource.

OwnerId string

ID of the AWS account that owns the Default Network ACL

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VpcId string

ID of the associated VPC

arn String

ARN of the Default Network ACL

id String

The provider-assigned unique ID for this managed resource.

ownerId String

ID of the AWS account that owns the Default Network ACL

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId String

ID of the associated VPC

arn string

ARN of the Default Network ACL

id string

The provider-assigned unique ID for this managed resource.

ownerId string

ID of the AWS account that owns the Default Network ACL

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId string

ID of the associated VPC

arn str

ARN of the Default Network ACL

id str

The provider-assigned unique ID for this managed resource.

owner_id str

ID of the AWS account that owns the Default Network ACL

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_id str

ID of the associated VPC

arn String

ARN of the Default Network ACL

id String

The provider-assigned unique ID for this managed resource.

ownerId String

ID of the AWS account that owns the Default Network ACL

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId String

ID of the associated VPC

Look up Existing DefaultNetworkAcl Resource

Get an existing DefaultNetworkAcl resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: DefaultNetworkAclState, opts?: CustomResourceOptions): DefaultNetworkAcl
@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        arn: Optional[str] = None,
        default_network_acl_id: Optional[str] = None,
        egress: Optional[Sequence[DefaultNetworkAclEgressArgs]] = None,
        ingress: Optional[Sequence[DefaultNetworkAclIngressArgs]] = None,
        owner_id: Optional[str] = None,
        subnet_ids: Optional[Sequence[str]] = None,
        tags: Optional[Mapping[str, str]] = None,
        tags_all: Optional[Mapping[str, str]] = None,
        vpc_id: Optional[str] = None) -> DefaultNetworkAcl
func GetDefaultNetworkAcl(ctx *Context, name string, id IDInput, state *DefaultNetworkAclState, opts ...ResourceOption) (*DefaultNetworkAcl, error)
public static DefaultNetworkAcl Get(string name, Input<string> id, DefaultNetworkAclState? state, CustomResourceOptions? opts = null)
public static DefaultNetworkAcl get(String name, Output<String> id, DefaultNetworkAclState state, CustomResourceOptions options)
Resource lookup is not supported in YAML
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
resource_name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
name
The unique name of the resulting resource.
id
The unique provider ID of the resource to lookup.
state
Any extra arguments used during the lookup.
opts
A bag of options that control this resource's behavior.
The following state arguments are supported:
Arn string

ARN of the Default Network ACL

DefaultNetworkAclId string

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

Egress List<Pulumi.Aws.Ec2.Inputs.DefaultNetworkAclEgressArgs>

Configuration block for an egress rule. Detailed below.

Ingress List<Pulumi.Aws.Ec2.Inputs.DefaultNetworkAclIngressArgs>

Configuration block for an ingress rule. Detailed below.

OwnerId string

ID of the AWS account that owns the Default Network ACL

SubnetIds List<string>

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

Tags Dictionary<string, string>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll Dictionary<string, string>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VpcId string

ID of the associated VPC

Arn string

ARN of the Default Network ACL

DefaultNetworkAclId string

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

Egress []DefaultNetworkAclEgressArgs

Configuration block for an egress rule. Detailed below.

Ingress []DefaultNetworkAclIngressArgs

Configuration block for an ingress rule. Detailed below.

OwnerId string

ID of the AWS account that owns the Default Network ACL

SubnetIds []string

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

Tags map[string]string

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

TagsAll map[string]string

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

VpcId string

ID of the associated VPC

arn String

ARN of the Default Network ACL

defaultNetworkAclId String

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress List<DefaultNetworkAclEgressArgs>

Configuration block for an egress rule. Detailed below.

ingress List<DefaultNetworkAclIngressArgs>

Configuration block for an ingress rule. Detailed below.

ownerId String

ID of the AWS account that owns the Default Network ACL

subnetIds List<String>

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags Map<String,String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String,String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId String

ID of the associated VPC

arn string

ARN of the Default Network ACL

defaultNetworkAclId string

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress DefaultNetworkAclEgressArgs[]

Configuration block for an egress rule. Detailed below.

ingress DefaultNetworkAclIngressArgs[]

Configuration block for an ingress rule. Detailed below.

ownerId string

ID of the AWS account that owns the Default Network ACL

subnetIds string[]

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags {[key: string]: string}

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll {[key: string]: string}

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId string

ID of the associated VPC

arn str

ARN of the Default Network ACL

default_network_acl_id str

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress Sequence[DefaultNetworkAclEgressArgs]

Configuration block for an egress rule. Detailed below.

ingress Sequence[DefaultNetworkAclIngressArgs]

Configuration block for an ingress rule. Detailed below.

owner_id str

ID of the AWS account that owns the Default Network ACL

subnet_ids Sequence[str]

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags Mapping[str, str]

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tags_all Mapping[str, str]

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpc_id str

ID of the associated VPC

arn String

ARN of the Default Network ACL

defaultNetworkAclId String

Network ACL ID to manage. This attribute is exported from aws.ec2.Vpc, or manually found via the AWS Console.

egress List<Property Map>

Configuration block for an egress rule. Detailed below.

ingress List<Property Map>

Configuration block for an ingress rule. Detailed below.

ownerId String

ID of the AWS account that owns the Default Network ACL

subnetIds List<String>

List of Subnet IDs to apply the ACL to. See the notes above on Managing Subnets in the Default Network ACL

tags Map<String>

Map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

tagsAll Map<String>

A map of tags assigned to the resource, including those inherited from the provider default_tags configuration block.

vpcId String

ID of the associated VPC

Supporting Types

DefaultNetworkAclEgress

Action string

The action to take.

FromPort int

The from port to match.

Protocol string

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

RuleNo int

The rule number. Used for ordering.

ToPort int

The to port to match.

CidrBlock string

The CIDR block to match. This must be a valid network mask.

IcmpCode int

The ICMP type code to be used. Default 0.

IcmpType int

The ICMP type to be used. Default 0.

Ipv6CidrBlock string

The IPv6 CIDR block.

Action string

The action to take.

FromPort int

The from port to match.

Protocol string

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

RuleNo int

The rule number. Used for ordering.

ToPort int

The to port to match.

CidrBlock string

The CIDR block to match. This must be a valid network mask.

IcmpCode int

The ICMP type code to be used. Default 0.

IcmpType int

The ICMP type to be used. Default 0.

Ipv6CidrBlock string

The IPv6 CIDR block.

action String

The action to take.

fromPort Integer

The from port to match.

protocol String

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

ruleNo Integer

The rule number. Used for ordering.

toPort Integer

The to port to match.

cidrBlock String

The CIDR block to match. This must be a valid network mask.

icmpCode Integer

The ICMP type code to be used. Default 0.

icmpType Integer

The ICMP type to be used. Default 0.

ipv6CidrBlock String

The IPv6 CIDR block.

action string

The action to take.

fromPort number

The from port to match.

protocol string

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

ruleNo number

The rule number. Used for ordering.

toPort number

The to port to match.

cidrBlock string

The CIDR block to match. This must be a valid network mask.

icmpCode number

The ICMP type code to be used. Default 0.

icmpType number

The ICMP type to be used. Default 0.

ipv6CidrBlock string

The IPv6 CIDR block.

action str

The action to take.

from_port int

The from port to match.

protocol str

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

rule_no int

The rule number. Used for ordering.

to_port int

The to port to match.

cidr_block str

The CIDR block to match. This must be a valid network mask.

icmp_code int

The ICMP type code to be used. Default 0.

icmp_type int

The ICMP type to be used. Default 0.

ipv6_cidr_block str

The IPv6 CIDR block.

action String

The action to take.

fromPort Number

The from port to match.

protocol String

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

ruleNo Number

The rule number. Used for ordering.

toPort Number

The to port to match.

cidrBlock String

The CIDR block to match. This must be a valid network mask.

icmpCode Number

The ICMP type code to be used. Default 0.

icmpType Number

The ICMP type to be used. Default 0.

ipv6CidrBlock String

The IPv6 CIDR block.

DefaultNetworkAclIngress

Action string

The action to take.

FromPort int

The from port to match.

Protocol string

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

RuleNo int

The rule number. Used for ordering.

ToPort int

The to port to match.

CidrBlock string

The CIDR block to match. This must be a valid network mask.

IcmpCode int

The ICMP type code to be used. Default 0.

IcmpType int

The ICMP type to be used. Default 0.

Ipv6CidrBlock string

The IPv6 CIDR block.

Action string

The action to take.

FromPort int

The from port to match.

Protocol string

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

RuleNo int

The rule number. Used for ordering.

ToPort int

The to port to match.

CidrBlock string

The CIDR block to match. This must be a valid network mask.

IcmpCode int

The ICMP type code to be used. Default 0.

IcmpType int

The ICMP type to be used. Default 0.

Ipv6CidrBlock string

The IPv6 CIDR block.

action String

The action to take.

fromPort Integer

The from port to match.

protocol String

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

ruleNo Integer

The rule number. Used for ordering.

toPort Integer

The to port to match.

cidrBlock String

The CIDR block to match. This must be a valid network mask.

icmpCode Integer

The ICMP type code to be used. Default 0.

icmpType Integer

The ICMP type to be used. Default 0.

ipv6CidrBlock String

The IPv6 CIDR block.

action string

The action to take.

fromPort number

The from port to match.

protocol string

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

ruleNo number

The rule number. Used for ordering.

toPort number

The to port to match.

cidrBlock string

The CIDR block to match. This must be a valid network mask.

icmpCode number

The ICMP type code to be used. Default 0.

icmpType number

The ICMP type to be used. Default 0.

ipv6CidrBlock string

The IPv6 CIDR block.

action str

The action to take.

from_port int

The from port to match.

protocol str

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

rule_no int

The rule number. Used for ordering.

to_port int

The to port to match.

cidr_block str

The CIDR block to match. This must be a valid network mask.

icmp_code int

The ICMP type code to be used. Default 0.

icmp_type int

The ICMP type to be used. Default 0.

ipv6_cidr_block str

The IPv6 CIDR block.

action String

The action to take.

fromPort Number

The from port to match.

protocol String

The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.

ruleNo Number

The rule number. Used for ordering.

toPort Number

The to port to match.

cidrBlock String

The CIDR block to match. This must be a valid network mask.

icmpCode Number

The ICMP type code to be used. Default 0.

icmpType Number

The ICMP type to be used. Default 0.

ipv6CidrBlock String

The IPv6 CIDR block.

Import

Default Network ACLs can be imported using the id, e.g.,

 $ pulumi import aws:ec2/defaultNetworkAcl:DefaultNetworkAcl sample acl-7aaabd18

Package Details

Repository
AWS Classic pulumi/pulumi-aws
License
Apache-2.0
Notes

This Pulumi package is based on the aws Terraform Provider.