1. Packages
  2. AWS Classic
  3. API Docs
  4. ec2
  5. NetworkAclRule

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

aws.ec2.NetworkAclRule

Explore with Pulumi AI

aws logo

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi

    Creates an entry (a rule) in a network ACL with the specified rule number.

    NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as aws from "@pulumi/aws";
    
    const bar = new aws.ec2.NetworkAcl("bar", {vpcId: foo.id});
    const barNetworkAclRule = new aws.ec2.NetworkAclRule("bar", {
        networkAclId: bar.id,
        ruleNumber: 200,
        egress: false,
        protocol: "tcp",
        ruleAction: "allow",
        cidrBlock: foo.cidrBlock,
        fromPort: 22,
        toPort: 22,
    });
    
    import pulumi
    import pulumi_aws as aws
    
    bar = aws.ec2.NetworkAcl("bar", vpc_id=foo["id"])
    bar_network_acl_rule = aws.ec2.NetworkAclRule("bar",
        network_acl_id=bar.id,
        rule_number=200,
        egress=False,
        protocol="tcp",
        rule_action="allow",
        cidr_block=foo["cidrBlock"],
        from_port=22,
        to_port=22)
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		bar, err := ec2.NewNetworkAcl(ctx, "bar", &ec2.NetworkAclArgs{
    			VpcId: pulumi.Any(foo.Id),
    		})
    		if err != nil {
    			return err
    		}
    		_, err = ec2.NewNetworkAclRule(ctx, "bar", &ec2.NetworkAclRuleArgs{
    			NetworkAclId: bar.ID(),
    			RuleNumber:   pulumi.Int(200),
    			Egress:       pulumi.Bool(false),
    			Protocol:     pulumi.String("tcp"),
    			RuleAction:   pulumi.String("allow"),
    			CidrBlock:    pulumi.Any(foo.CidrBlock),
    			FromPort:     pulumi.Int(22),
    			ToPort:       pulumi.Int(22),
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using Aws = Pulumi.Aws;
    
    return await Deployment.RunAsync(() => 
    {
        var bar = new Aws.Ec2.NetworkAcl("bar", new()
        {
            VpcId = foo.Id,
        });
    
        var barNetworkAclRule = new Aws.Ec2.NetworkAclRule("bar", new()
        {
            NetworkAclId = bar.Id,
            RuleNumber = 200,
            Egress = false,
            Protocol = "tcp",
            RuleAction = "allow",
            CidrBlock = foo.CidrBlock,
            FromPort = 22,
            ToPort = 22,
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.aws.ec2.NetworkAcl;
    import com.pulumi.aws.ec2.NetworkAclArgs;
    import com.pulumi.aws.ec2.NetworkAclRule;
    import com.pulumi.aws.ec2.NetworkAclRuleArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var bar = new NetworkAcl("bar", NetworkAclArgs.builder()
                .vpcId(foo.id())
                .build());
    
            var barNetworkAclRule = new NetworkAclRule("barNetworkAclRule", NetworkAclRuleArgs.builder()
                .networkAclId(bar.id())
                .ruleNumber(200)
                .egress(false)
                .protocol("tcp")
                .ruleAction("allow")
                .cidrBlock(foo.cidrBlock())
                .fromPort(22)
                .toPort(22)
                .build());
    
        }
    }
    
    resources:
      bar:
        type: aws:ec2:NetworkAcl
        properties:
          vpcId: ${foo.id}
      barNetworkAclRule:
        type: aws:ec2:NetworkAclRule
        name: bar
        properties:
          networkAclId: ${bar.id}
          ruleNumber: 200
          egress: false
          protocol: tcp
          ruleAction: allow
          cidrBlock: ${foo.cidrBlock}
          fromPort: 22
          toPort: 22
    

    Note: One of either cidr_block or ipv6_cidr_block is required.

    Create NetworkAclRule Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new NetworkAclRule(name: string, args: NetworkAclRuleArgs, opts?: CustomResourceOptions);
    @overload
    def NetworkAclRule(resource_name: str,
                       args: NetworkAclRuleArgs,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def NetworkAclRule(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       network_acl_id: Optional[str] = None,
                       protocol: Optional[str] = None,
                       rule_action: Optional[str] = None,
                       rule_number: Optional[int] = None,
                       cidr_block: Optional[str] = None,
                       egress: Optional[bool] = None,
                       from_port: Optional[int] = None,
                       icmp_code: Optional[int] = None,
                       icmp_type: Optional[int] = None,
                       ipv6_cidr_block: Optional[str] = None,
                       to_port: Optional[int] = None)
    func NewNetworkAclRule(ctx *Context, name string, args NetworkAclRuleArgs, opts ...ResourceOption) (*NetworkAclRule, error)
    public NetworkAclRule(string name, NetworkAclRuleArgs args, CustomResourceOptions? opts = null)
    public NetworkAclRule(String name, NetworkAclRuleArgs args)
    public NetworkAclRule(String name, NetworkAclRuleArgs args, CustomResourceOptions options)
    
    type: aws:ec2:NetworkAclRule
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args NetworkAclRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args NetworkAclRuleArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args NetworkAclRuleArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args NetworkAclRuleArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args NetworkAclRuleArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Example

    The following reference example uses placeholder values for all input properties.

    var networkAclRuleResource = new Aws.Ec2.NetworkAclRule("networkAclRuleResource", new()
    {
        NetworkAclId = "string",
        Protocol = "string",
        RuleAction = "string",
        RuleNumber = 0,
        CidrBlock = "string",
        Egress = false,
        FromPort = 0,
        IcmpCode = 0,
        IcmpType = 0,
        Ipv6CidrBlock = "string",
        ToPort = 0,
    });
    
    example, err := ec2.NewNetworkAclRule(ctx, "networkAclRuleResource", &ec2.NetworkAclRuleArgs{
    	NetworkAclId:  pulumi.String("string"),
    	Protocol:      pulumi.String("string"),
    	RuleAction:    pulumi.String("string"),
    	RuleNumber:    pulumi.Int(0),
    	CidrBlock:     pulumi.String("string"),
    	Egress:        pulumi.Bool(false),
    	FromPort:      pulumi.Int(0),
    	IcmpCode:      pulumi.Int(0),
    	IcmpType:      pulumi.Int(0),
    	Ipv6CidrBlock: pulumi.String("string"),
    	ToPort:        pulumi.Int(0),
    })
    
    var networkAclRuleResource = new NetworkAclRule("networkAclRuleResource", NetworkAclRuleArgs.builder()
        .networkAclId("string")
        .protocol("string")
        .ruleAction("string")
        .ruleNumber(0)
        .cidrBlock("string")
        .egress(false)
        .fromPort(0)
        .icmpCode(0)
        .icmpType(0)
        .ipv6CidrBlock("string")
        .toPort(0)
        .build());
    
    network_acl_rule_resource = aws.ec2.NetworkAclRule("networkAclRuleResource",
        network_acl_id="string",
        protocol="string",
        rule_action="string",
        rule_number=0,
        cidr_block="string",
        egress=False,
        from_port=0,
        icmp_code=0,
        icmp_type=0,
        ipv6_cidr_block="string",
        to_port=0)
    
    const networkAclRuleResource = new aws.ec2.NetworkAclRule("networkAclRuleResource", {
        networkAclId: "string",
        protocol: "string",
        ruleAction: "string",
        ruleNumber: 0,
        cidrBlock: "string",
        egress: false,
        fromPort: 0,
        icmpCode: 0,
        icmpType: 0,
        ipv6CidrBlock: "string",
        toPort: 0,
    });
    
    type: aws:ec2:NetworkAclRule
    properties:
        cidrBlock: string
        egress: false
        fromPort: 0
        icmpCode: 0
        icmpType: 0
        ipv6CidrBlock: string
        networkAclId: string
        protocol: string
        ruleAction: string
        ruleNumber: 0
        toPort: 0
    

    NetworkAclRule Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The NetworkAclRule resource accepts the following input properties:

    NetworkAclId string
    The ID of the network ACL.
    Protocol string
    The protocol. A value of -1 means all protocols.
    RuleAction string
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    RuleNumber int
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    CidrBlock string
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    Egress bool
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    FromPort int
    The from port to match.
    IcmpCode int

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    IcmpType int
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    Ipv6CidrBlock string
    The IPv6 CIDR block to allow or deny.
    ToPort int
    The to port to match.
    NetworkAclId string
    The ID of the network ACL.
    Protocol string
    The protocol. A value of -1 means all protocols.
    RuleAction string
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    RuleNumber int
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    CidrBlock string
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    Egress bool
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    FromPort int
    The from port to match.
    IcmpCode int

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    IcmpType int
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    Ipv6CidrBlock string
    The IPv6 CIDR block to allow or deny.
    ToPort int
    The to port to match.
    networkAclId String
    The ID of the network ACL.
    protocol String
    The protocol. A value of -1 means all protocols.
    ruleAction String
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    ruleNumber Integer
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    cidrBlock String
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress Boolean
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    fromPort Integer
    The from port to match.
    icmpCode Integer

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmpType Integer
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6CidrBlock String
    The IPv6 CIDR block to allow or deny.
    toPort Integer
    The to port to match.
    networkAclId string
    The ID of the network ACL.
    protocol string
    The protocol. A value of -1 means all protocols.
    ruleAction string
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    ruleNumber number
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    cidrBlock string
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress boolean
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    fromPort number
    The from port to match.
    icmpCode number

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmpType number
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6CidrBlock string
    The IPv6 CIDR block to allow or deny.
    toPort number
    The to port to match.
    network_acl_id str
    The ID of the network ACL.
    protocol str
    The protocol. A value of -1 means all protocols.
    rule_action str
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    rule_number int
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    cidr_block str
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress bool
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    from_port int
    The from port to match.
    icmp_code int

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmp_type int
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6_cidr_block str
    The IPv6 CIDR block to allow or deny.
    to_port int
    The to port to match.
    networkAclId String
    The ID of the network ACL.
    protocol String
    The protocol. A value of -1 means all protocols.
    ruleAction String
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    ruleNumber Number
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    cidrBlock String
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress Boolean
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    fromPort Number
    The from port to match.
    icmpCode Number

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmpType Number
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6CidrBlock String
    The IPv6 CIDR block to allow or deny.
    toPort Number
    The to port to match.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the NetworkAclRule resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing NetworkAclRule Resource

    Get an existing NetworkAclRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: NetworkAclRuleState, opts?: CustomResourceOptions): NetworkAclRule
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            cidr_block: Optional[str] = None,
            egress: Optional[bool] = None,
            from_port: Optional[int] = None,
            icmp_code: Optional[int] = None,
            icmp_type: Optional[int] = None,
            ipv6_cidr_block: Optional[str] = None,
            network_acl_id: Optional[str] = None,
            protocol: Optional[str] = None,
            rule_action: Optional[str] = None,
            rule_number: Optional[int] = None,
            to_port: Optional[int] = None) -> NetworkAclRule
    func GetNetworkAclRule(ctx *Context, name string, id IDInput, state *NetworkAclRuleState, opts ...ResourceOption) (*NetworkAclRule, error)
    public static NetworkAclRule Get(string name, Input<string> id, NetworkAclRuleState? state, CustomResourceOptions? opts = null)
    public static NetworkAclRule get(String name, Output<String> id, NetworkAclRuleState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    CidrBlock string
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    Egress bool
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    FromPort int
    The from port to match.
    IcmpCode int

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    IcmpType int
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    Ipv6CidrBlock string
    The IPv6 CIDR block to allow or deny.
    NetworkAclId string
    The ID of the network ACL.
    Protocol string
    The protocol. A value of -1 means all protocols.
    RuleAction string
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    RuleNumber int
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    ToPort int
    The to port to match.
    CidrBlock string
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    Egress bool
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    FromPort int
    The from port to match.
    IcmpCode int

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    IcmpType int
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    Ipv6CidrBlock string
    The IPv6 CIDR block to allow or deny.
    NetworkAclId string
    The ID of the network ACL.
    Protocol string
    The protocol. A value of -1 means all protocols.
    RuleAction string
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    RuleNumber int
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    ToPort int
    The to port to match.
    cidrBlock String
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress Boolean
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    fromPort Integer
    The from port to match.
    icmpCode Integer

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmpType Integer
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6CidrBlock String
    The IPv6 CIDR block to allow or deny.
    networkAclId String
    The ID of the network ACL.
    protocol String
    The protocol. A value of -1 means all protocols.
    ruleAction String
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    ruleNumber Integer
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    toPort Integer
    The to port to match.
    cidrBlock string
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress boolean
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    fromPort number
    The from port to match.
    icmpCode number

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmpType number
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6CidrBlock string
    The IPv6 CIDR block to allow or deny.
    networkAclId string
    The ID of the network ACL.
    protocol string
    The protocol. A value of -1 means all protocols.
    ruleAction string
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    ruleNumber number
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    toPort number
    The to port to match.
    cidr_block str
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress bool
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    from_port int
    The from port to match.
    icmp_code int

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmp_type int
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6_cidr_block str
    The IPv6 CIDR block to allow or deny.
    network_acl_id str
    The ID of the network ACL.
    protocol str
    The protocol. A value of -1 means all protocols.
    rule_action str
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    rule_number int
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    to_port int
    The to port to match.
    cidrBlock String
    The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    egress Boolean
    Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
    fromPort Number
    The from port to match.
    icmpCode Number

    ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

    NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.

    NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).

    Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

    icmpType Number
    ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
    ipv6CidrBlock String
    The IPv6 CIDR block to allow or deny.
    networkAclId String
    The ID of the network ACL.
    protocol String
    The protocol. A value of -1 means all protocols.
    ruleAction String
    Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
    ruleNumber Number
    The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    toPort Number
    The to port to match.

    Import

    Using the procotol’s decimal value:

    Using pulumi import to import individual rules using NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS, where PROTOCOL can be a decimal (such as “6”) or string (such as “tcp”) value. For example:

    Using the procotol’s string value:

    $ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:tcp:false
    

    Using the procotol’s decimal value:

    $ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:6:false
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    AWS Classic pulumi/pulumi-aws
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the aws Terraform Provider.
    aws logo

    Try AWS Native preview for resources not in the classic version.

    AWS Classic v6.41.0 published on Tuesday, Jun 18, 2024 by Pulumi