AWS CloudFormation
User Guide (API Version 2010-05-15)
AWS Documentation » AWS CloudFormation » User Guide » Template Reference » AWS Resource Types Reference » AWS::EC2::NetworkAclEntry
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Go to the Kindle Store to download this guide in Kindle format.Did this page help you?  Yes | No |  Tell us about it...

AWS::EC2::NetworkAclEntry

Creates an entry (i.e., rule) in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules.

Syntax

{
   "Type" : "AWS::EC2::NetworkAclEntry",
   "Properties" : {
      "CidrBlock" : String,
      "Egress" : Boolean,
      "Icmp" : EC2 ICMP,
      "NetworkAclId" : String,
      "PortRange" : EC2 PortRange,
      "Protocol" : Integer,
      "RuleAction" : String,
      "RuleNumber" : Integer
   }
}

Properties

CidrBlock

The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

Required: Yes.

Type: String.

Egress

Whether this rule applies to egress traffic from the subnet ("true") or ingress traffic to the subnet ("false").

Required: Yes.

Type: Boolean.

Icmp

The Internet Control Message Protocol (ICMP) code and type.

Required: Conditional. required if specifying 1 (ICMP) for the protocol parameter.

Type: EC2 ICMP Property Type

NetworkAclId

ID of the ACL where the entry will be created.

Required: Yes.

Type: String.

PortRange

The range of port numbers for the UDP/TCP protocol.

Required: Conditional. Required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.

Type: EC2 PortRange Property Type

Protocol

IP protocol the rule applies to. You can use -1 to mean all protocols. This must be -1 or a protocol number (go to Protocol Numbers at iana.org).

Required: Yes.

Type: Number.

RuleAction

Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".

Required: Yes.

Type: String.

RuleNumber

Rule number to assign to the entry (e.g., 100). This must be a postive integer from 1 to 32766.

Required: Yes.

Type: Number.

Return Values

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, it returns the resource name.

For more information about using the Ref function, see Ref.

Example

{
   "AWSTemplateFormatVersion" : "2010-09-09",
   "Resources" : {
      "myNetworkAclEntry" : {
         "Type" : "AWS::EC2::NetworkAclEntry",
         "Properties" : {
            "NetworkAclId" : { "Ref" : "myNetworkAcl" },
            "RuleNumber" : "100",
            "Protocol" : "-1",
            "RuleAction" : "allow",
            "Egress" : "true",
            "CidrBlock" : "172.16.0.0/24",
            "Icmp" : { "Code" : "-1", "Type" : "-1" },
            "PortRange" : { "From" : "53", "To" : "53" },
         }
      }
   }
}

See Also

Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...