pulumi-aws-kotlin/com.pulumi.aws.ec2.kotlin/NetworkAclRuleArgs

NetworkAclRuleArgs

data class NetworkAclRuleArgs(val cidrBlock: Output<String>? = null, val egress: Output<Boolean>? = null, val fromPort: Output<Int>? = null, val icmpCode: Output<Int>? = null, val icmpType: Output<Int>? = null, val ipv6CidrBlock: Output<String>? = null, val networkAclId: Output<String>? = null, val protocol: Output<String>? = null, val ruleAction: Output<String>? = null, val ruleNumber: Output<Int>? = null, val toPort: Output<Int>? = null) : ConvertibleToJava<NetworkAclRuleArgs>

Creates an entry (a rule) in a network ACL with the specified rule number.

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.NetworkAcl;
import com.pulumi.aws.ec2.NetworkAclArgs;
import com.pulumi.aws.ec2.NetworkAclRule;
import com.pulumi.aws.ec2.NetworkAclRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var barNetworkAcl = new NetworkAcl("barNetworkAcl", NetworkAclArgs.builder()
            .vpcId(aws_vpc.foo().id())
            .build());
        var barNetworkAclRule = new NetworkAclRule("barNetworkAclRule", NetworkAclRuleArgs.builder()
            .networkAclId(barNetworkAcl.id())
            .ruleNumber(200)
            .egress(false)
            .protocol("tcp")
            .ruleAction("allow")
            .cidrBlock(aws_vpc.foo().cidr_block())
            .fromPort(22)
            .toPort(22)
            .build());
    }
}
Content copied to clipboard

Import

Individual rules can be imported using NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS, where PROTOCOL can be a decimal (e.g., 6) or string (e.g., tcp) value. If importing a rule previously provisioned by the provider, the PROTOCOL must be the input value used at creation time. For more information on protocol numbers and keywords, see herehttps://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml For example, import a network ACL Rule with an argument like thisconsole

$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:tcp:false
Content copied to clipboard

Or by the procotol's decimal valueconsole

$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:6:false
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(cidrBlock: Output<String>? = null, egress: Output<Boolean>? = null, fromPort: Output<Int>? = null, icmpCode: Output<Int>? = null, icmpType: Output<Int>? = null, ipv6CidrBlock: Output<String>? = null, networkAclId: Output<String>? = null, protocol: Output<String>? = null, ruleAction: Output<String>? = null, ruleNumber: Output<Int>? = null, toPort: Output<Int>? = null)

Properties

Link copied to clipboard
val cidrBlock: Output<String>? = null

The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).

Link copied to clipboard
val egress: Output<Boolean>? = null

Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.

Link copied to clipboard
val fromPort: Output<Int>? = null

The from port to match.

Link copied to clipboard
val icmpCode: Output<Int>? = null

ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

Link copied to clipboard
val icmpType: Output<Int>? = null

ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1

Link copied to clipboard
val ipv6CidrBlock: Output<String>? = null

The IPv6 CIDR block to allow or deny.

Link copied to clipboard
val networkAclId: Output<String>? = null

The ID of the network ACL.

Link copied to clipboard
val protocol: Output<String>? = null

The protocol. A value of -1 means all protocols.

Link copied to clipboard
val ruleAction: Output<String>? = null

Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny

Link copied to clipboard
val ruleNumber: Output<Int>? = null

The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.

Link copied to clipboard
val toPort: Output<Int>? = null

The to port to match.

Functions

Link copied to clipboard
open override fun toJava(): NetworkAclRuleArgs