Amazon Elastic Compute Cloud
API Reference (API Version 2013-02-01)
AWS Documentation » Amazon EC2 » API Reference » Actions » ReplaceNetworkAclEntry
« PreviousNext »
View the PDF for this guide.Go to the AWS Discussion Forum for this product.Did this page help you?  Yes | No |  Tell us about it...

ReplaceNetworkAclEntry

Description

Replaces an entry (i.e., rule) in a network ACL. For more information about network ACLs, see Network ACLs in the Amazon Virtual Private Cloud User Guide.

Request Parameters

NetworkAclId

The ID of the ACL.

Type: String

Default: None

Required: Yes

RuleNumber

The rule number of the entry to replace.

Type: Integer

Default: None

Required: Yes

Protocol

The IP protocol the rule applies to. You can use -1 to mean all protocols.

Type: Integer

Valid values: -1 or a protocol number (see Protocol Numbers).

Required: Yes

RuleAction

Indicates whether to allow or deny traffic that matches the rule.

Type: String

Default: None

Valid values: allow | deny

Required: Yes

Egress

Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

Type: Boolean

Default: false

Valid values: true | false

Required: No

CidrBlock

The CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24).

Type: String

Default: None

Required: Yes

Icmp.Code

For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.

Type: Integer

Default: None

Required: Conditional

Condition: Required if specifying 1 (ICMP) for the protocol.

Icmp.Type

For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types.

Type: Integer

Default: None

Required: Conditional

Condition: Required if specifying 1 (ICMP) for the protocol.

PortRange.From

The first port in the range.

Type: Integer

Default: None

Required: Conditional

Condition: Required if specifying 6 (TCP) or 17 (UDP) for the protocol.

PortRange.To

The last port in the range.

Type: Integer

Default: None

Required: Conditional

Condition: Required if specifying 6 (TCP) or 17 (UDP) for the protocol.

Response Elements

The following elements are returned in a ReplaceNetworkAclEntryResponse element.

requestId

The ID of the request.

Type: xsd:string

return

Returns true if the request succeeds. Otherwise, returns an error.

Type: xsd:boolean

Examples

Example Request

This example replaces the egress entry numbered 110 in the network ACL with ID acl-2cb85d45. The new rule denies egress traffic destined for anywhere (0.0.0.0/0) on TCP port 139. 

https://ec2.amazonaws.com/?Action=ReplaceNetworkAclEntry
&NetworkAclId=acl-2cb85d45
&RuleNumber=110
&Protocol=tcp
&RuleAction=deny
&Egress=true
&CidrBlock=0.0.0.0/0
&PortRange.From=139
&PortRange.To=139
&AUTHPARAMS

Example Response

<ReplaceNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2013-02-01/">
   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 
   <return>true</return>
</ReplaceNetworkAclEntryResponse>
Document Conventions« PreviousNext »
Terms of UseDid this page help you?  Yes | No |  Tell us about it...