AWS CloudFormation
User Guide (API Version 2010-05-15)
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

AWS::EC2::NetworkAclEntry

Creates an entry (i.e., rule) in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules.

Syntax

{
   "Type" : "AWS::EC2::NetworkAclEntry",
   "Properties" : {
      "CidrBlock" : String,
      "Egress" : Boolean,
      "Icmp" : EC2 ICMP,
      "NetworkAclId" : String,
      "PortRange" : EC2 PortRange,
      "Protocol" : Integer,
      "RuleAction" : String,
      "RuleNumber" : Integer
   }
}     

Properties

CidrBlock

The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

Required: Yes

Type: String

Egress

Whether this rule applies to egress traffic from the subnet ("true") or ingress traffic to the subnet ("false").

Required: Yes

Type: Boolean

Icmp

The Internet Control Message Protocol (ICMP) code and type.

Required: Conditional required if specifying 1 (ICMP) for the protocol parameter.

Type: EC2 ICMP Property Type

NetworkAclId

ID of the ACL where the entry will be created.

Required: Yes

Type: String

PortRange

The range of port numbers for the UDP/TCP protocol.

Required: Conditional Required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.

Type: EC2 PortRange Property Type

Protocol

IP protocol the rule applies to. You can use -1 to mean all protocols. This must be -1 or a protocol number (go to Protocol Numbers at iana.org).

Required: Yes

Type: Number

RuleAction

Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".

Required: Yes

Type: String

RuleNumber

Rule number to assign to the entry (e.g., 100). This must be a positive integer from 1 to 32766.

Required: Yes

Type: Number

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, it returns the resource name.

For more information about using the Ref function, see Ref.

Example

{
   "AWSTemplateFormatVersion" : "2010-09-09",
   "Resources" : {
      "myNetworkAclEntry" : {
         "Type" : "AWS::EC2::NetworkAclEntry",
         "Properties" : {
            "NetworkAclId" : { "Ref" : "myNetworkAcl" },
            "RuleNumber" : "100",
            "Protocol" : "-1",
            "RuleAction" : "allow",
            "Egress" : "true",
            "CidrBlock" : "172.16.0.0/24",
            "Icmp" : { "Code" : "-1", "Type" : "-1" },
            "PortRange" : { "From" : "53", "To" : "53" }
         }
      }
   }
}     

See Also