Network
data class NetworkAclRuleArgs(val cidrBlock: Output<String>? = null, val egress: Output<Boolean>? = null, val fromPort: Output<Int>? = null, val icmpCode: Output<Int>? = null, val icmpType: Output<Int>? = null, val ipv6CidrBlock: Output<String>? = null, val networkAclId: Output<String>? = null, val protocol: Output<String>? = null, val ruleAction: Output<String>? = null, val ruleNumber: Output<Int>? = null, val toPort: Output<Int>? = null) : ConvertibleToJava<NetworkAclRuleArgs>
Creates an entry (a rule) in a network ACL with the specified rule number.
NOTE on Network ACLs and Network ACL Rules: This provider currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line. At this time you cannot use a Network ACL with in-line rules in conjunction with any Network ACL Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const bar = new aws.ec2.NetworkAcl("bar", {vpcId: foo.id});
const barNetworkAclRule = new aws.ec2.NetworkAclRule("bar", {
networkAclId: bar.id,
ruleNumber: 200,
egress: false,
protocol: "tcp",
ruleAction: "allow",
cidrBlock: foo.cidrBlock,
fromPort: 22,
toPort: 22,
});Content copied to clipboard
import pulumi
import pulumi_aws as aws
bar = aws.ec2.NetworkAcl("bar", vpc_id=foo["id"])
bar_network_acl_rule = aws.ec2.NetworkAclRule("bar",
network_acl_id=bar.id,
rule_number=200,
egress=False,
protocol="tcp",
rule_action="allow",
cidr_block=foo["cidrBlock"],
from_port=22,
to_port=22)Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var bar = new Aws.Ec2.NetworkAcl("bar", new()
{
VpcId = foo.Id,
});
var barNetworkAclRule = new Aws.Ec2.NetworkAclRule("bar", new()
{
NetworkAclId = bar.Id,
RuleNumber = 200,
Egress = false,
Protocol = "tcp",
RuleAction = "allow",
CidrBlock = foo.CidrBlock,
FromPort = 22,
ToPort = 22,
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/ec2"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
bar, err := ec2.NewNetworkAcl(ctx, "bar", &ec2.NetworkAclArgs{
VpcId: pulumi.Any(foo.Id),
})
if err != nil {
return err
}
_, err = ec2.NewNetworkAclRule(ctx, "bar", &ec2.NetworkAclRuleArgs{
NetworkAclId: bar.ID(),
RuleNumber: pulumi.Int(200),
Egress: pulumi.Bool(false),
Protocol: pulumi.String("tcp"),
RuleAction: pulumi.String("allow"),
CidrBlock: pulumi.Any(foo.CidrBlock),
FromPort: pulumi.Int(22),
ToPort: pulumi.Int(22),
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.ec2.NetworkAcl;
import com.pulumi.aws.ec2.NetworkAclArgs;
import com.pulumi.aws.ec2.NetworkAclRule;
import com.pulumi.aws.ec2.NetworkAclRuleArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var bar = new NetworkAcl("bar", NetworkAclArgs.builder()
.vpcId(foo.id())
.build());
var barNetworkAclRule = new NetworkAclRule("barNetworkAclRule", NetworkAclRuleArgs.builder()
.networkAclId(bar.id())
.ruleNumber(200)
.egress(false)
.protocol("tcp")
.ruleAction("allow")
.cidrBlock(foo.cidrBlock())
.fromPort(22)
.toPort(22)
.build());
}
}Content copied to clipboard
resources:
bar:
type: aws:ec2:NetworkAcl
properties:
vpcId: ${foo.id}
barNetworkAclRule:
type: aws:ec2:NetworkAclRule
name: bar
properties:
networkAclId: ${bar.id}
ruleNumber: 200
egress: false
protocol: tcp
ruleAction: allow
cidrBlock: ${foo.cidrBlock}
fromPort: 22
toPort: 22Content copied to clipboard
Note: One of either
cidr_blockoripv6_cidr_blockis required.
Import
Using the procotol's decimal value: Using pulumi import to import individual rules using NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS, where PROTOCOL can be a decimal (such as "6") or string (such as "tcp") value. For example: Using the procotol's string value:
$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:tcp:falseContent copied to clipboard
Using the procotol's decimal value:
$ pulumi import aws:ec2/networkAclRule:NetworkAclRule my_rule acl-7aaabd18:100:6:falseContent copied to clipboard
Constructors
Link copied to clipboard
constructor(cidrBlock: Output<String>? = null, egress: Output<Boolean>? = null, fromPort: Output<Int>? = null, icmpCode: Output<Int>? = null, icmpType: Output<Int>? = null, ipv6CidrBlock: Output<String>? = null, networkAclId: Output<String>? = null, protocol: Output<String>? = null, ruleAction: Output<String>? = null, ruleNumber: Output<Int>? = null, toPort: Output<Int>? = null)
Properties
Link copied to clipboard
The IPv6 CIDR block to allow or deny.
Link copied to clipboard
The ID of the network ACL.
Link copied to clipboard
Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
Link copied to clipboard
The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.