pulumi-aws-kotlin/com.pulumi.aws.ec2.kotlin/NetworkAclRule

NetworkAclRule

class NetworkAclRule : KotlinCustomResource

Creates an entry (a rule) in a network ACL with the specified rule number.

NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

Example Usage

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.NetworkAcl;
import com.pulumi.aws.ec2.NetworkAclArgs;
import com.pulumi.aws.ec2.NetworkAclRule;
import com.pulumi.aws.ec2.NetworkAclRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var barNetworkAcl = new NetworkAcl("barNetworkAcl", NetworkAclArgs.builder()
            .vpcId(aws_vpc.foo().id())
            .build());
        var barNetworkAclRule = new NetworkAclRule("barNetworkAclRule", NetworkAclRuleArgs.builder()
            .networkAclId(barNetworkAcl.id())
            .ruleNumber(200)
            .egress(false)
            .protocol("tcp")
            .ruleAction("allow")
            .cidrBlock(aws_vpc.foo().cidr_block())
            .fromPort(22)
            .toPort(22)
            .build());
    }
}

Import

Individual rules can be imported using NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS, where PROTOCOL can be a decimal (e.g., 6) or string (e.g., tcp) value. If importing a rule previously provisioned by the provider, the PROTOCOL must be the input value used at creation time. For more information on protocol numbers and keywords, see herehttps://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml For example, import a network ACL Rule with an argument like thisconsole

$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:tcp:false

Or by the procotol's decimal valueconsole

$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:6:false

Properties

cidrBlock

val cidrBlock: Output<String>?

The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).

egress

val egress: Output<Boolean>?

Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.

fromPort

val fromPort: Output<Int>?

The from port to match.

icmpCode

val icmpCode: Output<Int>?

ICMP protocol: The ICMP code. Required if specifying ICMP for the protocolE.g., -1

icmpType

val icmpType: Output<Int>?

ICMP protocol: The ICMP type. Required if specifying ICMP for the protocolE.g., -1

val id: Output<String>

ipv6CidrBlock

val ipv6CidrBlock: Output<String>?

The IPv6 CIDR block to allow or deny.

networkAclId

val networkAclId: Output<String>

The ID of the network ACL.

protocol

val protocol: Output<String>

The protocol. A value of -1 means all protocols.

pulumiChildResources

val pulumiChildResources: Set<KotlinResource>

pulumiResourceName

val pulumiResourceName: String

pulumiResourceType

val pulumiResourceType: String

ruleAction

val ruleAction: Output<String>

Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny

ruleNumber

val ruleNumber: Output<Int>

The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.

toPort

val toPort: Output<Int>?

The to port to match.

urn

val urn: Output<String>