| « PreviousNext » | |
  | Did this page help you? Yes | No | Tell us about it... |
CreateNetworkAcl
Description
Creates a network ACL in a VPC. Network ACLs provide an optional layer of security (on top of security groups) for the instances in your VPC. For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.
Request Parameters
VpcIdThe ID of the VPC.
Type: String
Default: None
Required: Yes
Response Elements
The following elements are returned in a
CreateNetworkAclResponse element.
requestIdThe ID of the request.
Type: xsd:string
networkAclInformation about the new network ACL.
Type: NetworkAclType
Examples
Example Request
The example creates a new network ACL in the VPC with ID vpc-11ad4878. Notice that the response includes a default entry for egress, and another for ingress, each with a very high rule number. These are the last entries we process to decide whether traffic is allowed in our out of an associated subnet. If the traffic doesn't match any rules with a lower rule number, then these default entries ultimately deny the traffic.
https://ec2.amazonaws.com/?Action=CreateNetworkAcl &VpcId=vpc-11ad4878 &AUTHPARAMS
Example Response
<CreateNetworkAclResponse xmlns="http://ec2.amazonaws.com/doc/2013-02-01/">
<requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId>
<networkAcl>
<networkAclId>acl-5fb85d36</networkAclId>
<vpcId>vpc-11ad4878</vpcId>
<default>false</default>
<entrySet>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>true</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
<item>
<ruleNumber>32767</ruleNumber>
<protocol>all</protocol>
<ruleAction>deny</ruleAction>
<egress>false</egress>
<cidrBlock>0.0.0.0/0</cidrBlock>
</item>
</entrySet>
<associationSet/>
<tagSet/>
</networkAcl>
</CreateNetworkAclResponse>
