pulumi-aws-kotlin/com.pulumi.aws.ec2.kotlin/NetworkAclArgs

NetworkAclArgs

data class NetworkAclArgs(val egress: Output<List<NetworkAclEgressArgs>>? = null, val ingress: Output<List<NetworkAclIngressArgs>>? = null, val subnetIds: Output<List<String>>? = null, val tags: Output<Map<String, String>>? = null, val vpcId: Output<String>? = null) : ConvertibleToJava<NetworkAclArgs>

Provides an network ACL resource. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules. NOTE on Network ACLs and Network ACL Associations: the provider provides both a standalone network ACL association resource and a network ACL resource with a subnet_ids attribute. Do not use the same subnet ID in both a network ACL resource and a network ACL association resource. Doing so will cause a conflict of associations and will overwrite the association.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.NetworkAcl;
import com.pulumi.aws.ec2.NetworkAclArgs;
import com.pulumi.aws.ec2.inputs.NetworkAclEgressArgs;
import com.pulumi.aws.ec2.inputs.NetworkAclIngressArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var main = new NetworkAcl("main", NetworkAclArgs.builder()
            .vpcId(aws_vpc.main().id())
            .egress(NetworkAclEgressArgs.builder()
                .protocol("tcp")
                .ruleNo(200)
                .action("allow")
                .cidrBlock("10.3.0.0/18")
                .fromPort(443)
                .toPort(443)
                .build())
            .ingress(NetworkAclIngressArgs.builder()
                .protocol("tcp")
                .ruleNo(100)
                .action("allow")
                .cidrBlock("10.3.0.0/18")
                .fromPort(80)
                .toPort(80)
                .build())
            .tags(Map.of("Name", "main"))
            .build());
    }
}
Content copied to clipboard

Import

Network ACLs can be imported using the id, e.g.,

$ pulumi import aws:ec2/networkAcl:NetworkAcl main acl-7aaabd18
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(egress: Output<List<NetworkAclEgressArgs>>? = null, ingress: Output<List<NetworkAclIngressArgs>>? = null, subnetIds: Output<List<String>>? = null, tags: Output<Map<String, String>>? = null, vpcId: Output<String>? = null)

Properties

Link copied to clipboard
val egress: Output<List<NetworkAclEgressArgs>>? = null

Specifies an egress rule. Parameters defined below.

Link copied to clipboard
val ingress: Output<List<NetworkAclIngressArgs>>? = null

Specifies an ingress rule. Parameters defined below.

Link copied to clipboard
val subnetIds: Output<List<String>>? = null

A list of Subnet IDs to apply the ACL to

Link copied to clipboard
val tags: Output<Map<String, String>>? = null

A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Link copied to clipboard
val vpcId: Output<String>? = null

The ID of the associated VPC.

Functions

Link copied to clipboard
open override fun toJava(): NetworkAclArgs