AWS Classic v6.3.0, Sep 28 23

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-aws

aws.ec2.NetworkAclRule

Explore with Pulumi AI

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-aws

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;

return await Deployment.RunAsync(() => 
{
    var barNetworkAcl = new Aws.Ec2.NetworkAcl("barNetworkAcl", new()
    {
        VpcId = aws_vpc.Foo.Id,
    });

    var barNetworkAclRule = new Aws.Ec2.NetworkAclRule("barNetworkAclRule", new()
    {
        NetworkAclId = barNetworkAcl.Id,
        RuleNumber = 200,
        Egress = false,
        Protocol = "tcp",
        RuleAction = "allow",
        CidrBlock = aws_vpc.Foo.Cidr_block,
        FromPort = 22,
        ToPort = 22,
    });

});

package main

import (
	"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		barNetworkAcl, err := ec2.NewNetworkAcl(ctx, "barNetworkAcl", &ec2.NetworkAclArgs{
			VpcId: pulumi.Any(aws_vpc.Foo.Id),
		})
		if err != nil {
			return err
		}
		_, err = ec2.NewNetworkAclRule(ctx, "barNetworkAclRule", &ec2.NetworkAclRuleArgs{
			NetworkAclId: barNetworkAcl.ID(),
			RuleNumber:   pulumi.Int(200),
			Egress:       pulumi.Bool(false),
			Protocol:     pulumi.String("tcp"),
			RuleAction:   pulumi.String("allow"),
			CidrBlock:    pulumi.Any(aws_vpc.Foo.Cidr_block),
			FromPort:     pulumi.Int(22),
			ToPort:       pulumi.Int(22),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.NetworkAcl;
import com.pulumi.aws.ec2.NetworkAclArgs;
import com.pulumi.aws.ec2.NetworkAclRule;
import com.pulumi.aws.ec2.NetworkAclRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var barNetworkAcl = new NetworkAcl("barNetworkAcl", NetworkAclArgs.builder()        
            .vpcId(aws_vpc.foo().id())
            .build());

        var barNetworkAclRule = new NetworkAclRule("barNetworkAclRule", NetworkAclRuleArgs.builder()        
            .networkAclId(barNetworkAcl.id())
            .ruleNumber(200)
            .egress(false)
            .protocol("tcp")
            .ruleAction("allow")
            .cidrBlock(aws_vpc.foo().cidr_block())
            .fromPort(22)
            .toPort(22)
            .build());

    }
}

import pulumi
import pulumi_aws as aws

bar_network_acl = aws.ec2.NetworkAcl("barNetworkAcl", vpc_id=aws_vpc["foo"]["id"])
bar_network_acl_rule = aws.ec2.NetworkAclRule("barNetworkAclRule",
    network_acl_id=bar_network_acl.id,
    rule_number=200,
    egress=False,
    protocol="tcp",
    rule_action="allow",
    cidr_block=aws_vpc["foo"]["cidr_block"],
    from_port=22,
    to_port=22)

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

const barNetworkAcl = new aws.ec2.NetworkAcl("barNetworkAcl", {vpcId: aws_vpc.foo.id});
const barNetworkAclRule = new aws.ec2.NetworkAclRule("barNetworkAclRule", {
    networkAclId: barNetworkAcl.id,
    ruleNumber: 200,
    egress: false,
    protocol: "tcp",
    ruleAction: "allow",
    cidrBlock: aws_vpc.foo.cidr_block,
    fromPort: 22,
    toPort: 22,
});

resources:
  barNetworkAcl:
    type: aws:ec2:NetworkAcl
    properties:
      vpcId: ${aws_vpc.foo.id}
  barNetworkAclRule:
    type: aws:ec2:NetworkAclRule
    properties:
      networkAclId: ${barNetworkAcl.id}
      ruleNumber: 200
      egress: false
      protocol: tcp
      ruleAction: allow
      cidrBlock: ${aws_vpc.foo.cidr_block}
      fromPort: 22
      toPort: 22

Create NetworkAclRule Resource

new NetworkAclRule(name: string, args: NetworkAclRuleArgs, opts?: CustomResourceOptions);

@overload
def NetworkAclRule(resource_name: str,
                   opts: Optional[ResourceOptions] = None,
                   cidr_block: Optional[str] = None,
                   egress: Optional[bool] = None,
                   from_port: Optional[int] = None,
                   icmp_code: Optional[int] = None,
                   icmp_type: Optional[int] = None,
                   ipv6_cidr_block: Optional[str] = None,
                   network_acl_id: Optional[str] = None,
                   protocol: Optional[str] = None,
                   rule_action: Optional[str] = None,
                   rule_number: Optional[int] = None,
                   to_port: Optional[int] = None)
@overload
def NetworkAclRule(resource_name: str,
                   args: NetworkAclRuleArgs,
                   opts: Optional[ResourceOptions] = None)

func NewNetworkAclRule(ctx *Context, name string, args NetworkAclRuleArgs, opts ...ResourceOption) (*NetworkAclRule, error)

public NetworkAclRule(string name, NetworkAclRuleArgs args, CustomResourceOptions? opts = null)

public NetworkAclRule(String name, NetworkAclRuleArgs args)
public NetworkAclRule(String name, NetworkAclRuleArgs args, CustomResourceOptions options)

type: aws:ec2:NetworkAclRule
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NetworkAclRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args NetworkAclRuleArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NetworkAclRuleArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NetworkAclRuleArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args NetworkAclRuleArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

NetworkAclRule Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The NetworkAclRule resource accepts the following input properties:

NetworkAclId string: The ID of the network ACL.
Protocol string: The protocol. A value of -1 means all protocols.
RuleAction string: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
RuleNumber int: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
CidrBlock string: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
Egress bool: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
FromPort int: The from port to match.
IcmpCode int: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
IcmpType int: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
Ipv6CidrBlock string: The IPv6 CIDR block to allow or deny.
ToPort int: The to port to match.

NetworkAclId string: The ID of the network ACL.
Protocol string: The protocol. A value of -1 means all protocols.
RuleAction string: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
RuleNumber int: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
CidrBlock string: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
Egress bool: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
FromPort int: The from port to match.
IcmpCode int: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
IcmpType int: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
Ipv6CidrBlock string: The IPv6 CIDR block to allow or deny.
ToPort int: The to port to match.

networkAclId String: The ID of the network ACL.
protocol String: The protocol. A value of -1 means all protocols.
ruleAction String: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
ruleNumber Integer: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
cidrBlock String: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress Boolean: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
fromPort Integer: The from port to match.
icmpCode Integer: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmpType Integer: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6CidrBlock String: The IPv6 CIDR block to allow or deny.
toPort Integer: The to port to match.

networkAclId string: The ID of the network ACL.
protocol string: The protocol. A value of -1 means all protocols.
ruleAction string: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
ruleNumber number: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
cidrBlock string: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress boolean: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
fromPort number: The from port to match.
icmpCode number: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmpType number: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6CidrBlock string: The IPv6 CIDR block to allow or deny.
toPort number: The to port to match.

network_acl_id str: The ID of the network ACL.
protocol str: The protocol. A value of -1 means all protocols.
rule_action str: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
rule_number int: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
cidr_block str: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress bool: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
from_port int: The from port to match.
icmp_code int: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmp_type int: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6_cidr_block str: The IPv6 CIDR block to allow or deny.
to_port int: The to port to match.

networkAclId String: The ID of the network ACL.
protocol String: The protocol. A value of -1 means all protocols.
ruleAction String: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
ruleNumber Number: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
cidrBlock String: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress Boolean: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
fromPort Number: The from port to match.
icmpCode Number: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmpType Number: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6CidrBlock String: The IPv6 CIDR block to allow or deny.
toPort Number: The to port to match.

Outputs

All input properties are implicitly available as output properties. Additionally, the NetworkAclRule resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

id String: The provider-assigned unique ID for this managed resource.

Look up Existing NetworkAclRule Resource

Get an existing NetworkAclRule resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NetworkAclRuleState, opts?: CustomResourceOptions): NetworkAclRule

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        cidr_block: Optional[str] = None,
        egress: Optional[bool] = None,
        from_port: Optional[int] = None,
        icmp_code: Optional[int] = None,
        icmp_type: Optional[int] = None,
        ipv6_cidr_block: Optional[str] = None,
        network_acl_id: Optional[str] = None,
        protocol: Optional[str] = None,
        rule_action: Optional[str] = None,
        rule_number: Optional[int] = None,
        to_port: Optional[int] = None) -> NetworkAclRule

func GetNetworkAclRule(ctx *Context, name string, id IDInput, state *NetworkAclRuleState, opts ...ResourceOption) (*NetworkAclRule, error)

public static NetworkAclRule Get(string name, Input<string> id, NetworkAclRuleState? state, CustomResourceOptions? opts = null)

public static NetworkAclRule get(String name, Output<String> id, NetworkAclRuleState state, CustomResourceOptions options)

Resource lookup is not supported in YAML

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

CidrBlock string: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
Egress bool: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
FromPort int: The from port to match.
IcmpCode int: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
IcmpType int: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
Ipv6CidrBlock string: The IPv6 CIDR block to allow or deny.
NetworkAclId string: The ID of the network ACL.
Protocol string: The protocol. A value of -1 means all protocols.
RuleAction string: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
RuleNumber int: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
ToPort int: The to port to match.

CidrBlock string: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
Egress bool: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
FromPort int: The from port to match.
IcmpCode int: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
IcmpType int: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
Ipv6CidrBlock string: The IPv6 CIDR block to allow or deny.
NetworkAclId string: The ID of the network ACL.
Protocol string: The protocol. A value of -1 means all protocols.
RuleAction string: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
RuleNumber int: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
ToPort int: The to port to match.

cidrBlock String: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress Boolean: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
fromPort Integer: The from port to match.
icmpCode Integer: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmpType Integer: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6CidrBlock String: The IPv6 CIDR block to allow or deny.
networkAclId String: The ID of the network ACL.
protocol String: The protocol. A value of -1 means all protocols.
ruleAction String: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
ruleNumber Integer: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
toPort Integer: The to port to match.

cidrBlock string: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress boolean: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
fromPort number: The from port to match.
icmpCode number: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmpType number: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6CidrBlock string: The IPv6 CIDR block to allow or deny.
networkAclId string: The ID of the network ACL.
protocol string: The protocol. A value of -1 means all protocols.
ruleAction string: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
ruleNumber number: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
toPort number: The to port to match.

cidr_block str: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress bool: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
from_port int: The from port to match.
icmp_code int: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmp_type int: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6_cidr_block str: The IPv6 CIDR block to allow or deny.
network_acl_id str: The ID of the network ACL.
protocol str: The protocol. A value of -1 means all protocols.
rule_action str: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
rule_number int: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
to_port int: The to port to match.

cidrBlock String: The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
egress Boolean: Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
fromPort Number: The from port to match.
icmpCode Number: ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1
NOTE: If the value of protocol is -1 or all, the from_port and to_port values will be ignored and the rule will apply to all ports.
NOTE: If the value of icmp_type is -1 (which results in a wildcard ICMP type), the icmp_code must also be set to -1 (wildcard ICMP code).
Note: For more information on ICMP types and codes, see here: https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml
icmpType Number: ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1
ipv6CidrBlock String: The IPv6 CIDR block to allow or deny.
networkAclId String: The ID of the network ACL.
protocol String: The protocol. A value of -1 means all protocols.
ruleAction String: Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
ruleNumber Number: The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
toPort Number: The to port to match.

Import

NOTE: If importing a rule previously provisioned by the provider, the PROTOCOL must be the input value used at creation time. For more information on protocol numbers and keywords, see herehttps://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml.

Using the procotol’s string value:

Using the procotol’s decimal value:

Using pulumi import to import individual rules using NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS, where PROTOCOL can be a decimal (such as “6”) or string (such as “tcp”) value. For example:

Using the procotol’s string value:

 $ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:tcp:false

Using the procotol’s decimal value:

 $ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:6:false

Package Details

Repository: AWS Classic pulumi/pulumi-aws
License: Apache-2.0
Notes: This Pulumi package is based on the aws Terraform Provider.

Try AWS Native preview for resources not in the classic version.

AWS Classic v6.3.0 published on Thursday, Sep 28, 2023 by Pulumi

pulumi/pulumi-aws

aws.ec2.NetworkAclRule

On this page

On this page

Example Usage

Create NetworkAclRule Resource

NetworkAclRule Resource Properties

Inputs

Outputs

Look up Existing NetworkAclRule Resource

Import

Package Details

On this page

On this page