CfnNetworkAclEntryProps

class aws_cdk.aws_ec2.CfnNetworkAclEntryProps(*, network_acl_id, protocol, rule_action, rule_number, cidr_block=None, egress=None, icmp=None, ipv6_cidr_block=None, port_range=None)

Bases: object

Properties for defining a CfnNetworkAclEntry.

Parameters
  • network_acl_id (str) – The ID of the ACL for the entry.

  • protocol (Union[int, float]) – The IP protocol that the rule applies to. You must specify -1 or a protocol number. You can specify -1 for all protocols. .. epigraph:: If you specify -1, all ports are opened and the PortRange property is ignored.

  • rule_action (str) – Whether to allow or deny traffic that matches the rule; valid values are “allow” or “deny”.

  • rule_number (Union[int, float]) – Rule number to assign to the entry, such as 100. ACL entries are processed in ascending order by rule number. Entries can’t use the same rule number unless one is an egress rule and the other is an ingress rule.

  • cidr_block (Optional[str]) – The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional: You must specify the CidrBlock or Ipv6CidrBlock property.

  • egress (Union[bool, IResolvable, None]) – Whether this rule applies to egress traffic from the subnet ( true ) or ingress traffic to the subnet ( false ). By default, AWS CloudFormation specifies false .

  • icmp (Union[IResolvable, IcmpProperty, None]) – The Internet Control Message Protocol (ICMP) code and type. Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.

  • ipv6_cidr_block (Optional[str]) – The IPv6 network range to allow or deny, in CIDR notation. Requirement is conditional: You must specify the CidrBlock or Ipv6CidrBlock property.

  • port_range (Union[IResolvable, PortRangeProperty, None]) – The range of port numbers for the UDP/TCP protocol. Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html

ExampleMetadata

fixture=_generated

Example:

# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
import aws_cdk.aws_ec2 as ec2

cfn_network_acl_entry_props = ec2.CfnNetworkAclEntryProps(
    network_acl_id="networkAclId",
    protocol=123,
    rule_action="ruleAction",
    rule_number=123,

    # the properties below are optional
    cidr_block="cidrBlock",
    egress=False,
    icmp=ec2.CfnNetworkAclEntry.IcmpProperty(
        code=123,
        type=123
    ),
    ipv6_cidr_block="ipv6CidrBlock",
    port_range=ec2.CfnNetworkAclEntry.PortRangeProperty(
        from=123,
        to=123
    )
)

Attributes

cidr_block

You must specify the CidrBlock or Ipv6CidrBlock property.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-cidrblock

Type

The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24) Requirement is conditional

Return type

Optional[str]

egress

Whether this rule applies to egress traffic from the subnet ( true ) or ingress traffic to the subnet ( false ).

By default, AWS CloudFormation specifies false .

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-egress

Return type

Union[bool, IResolvable, None]

icmp

The Internet Control Message Protocol (ICMP) code and type.

Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-icmp

Return type

Union[IResolvable, IcmpProperty, None]

ipv6_cidr_block

The IPv6 network range to allow or deny, in CIDR notation.

Requirement is conditional: You must specify the CidrBlock or Ipv6CidrBlock property.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-ipv6cidrblock

Return type

Optional[str]

network_acl_id

The ID of the ACL for the entry.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-networkaclid

Return type

str

port_range

The range of port numbers for the UDP/TCP protocol.

Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-portrange

Return type

Union[IResolvable, PortRangeProperty, None]

protocol

The IP protocol that the rule applies to.

You must specify -1 or a protocol number. You can specify -1 for all protocols. .. epigraph:

If you specify -1, all ports are opened and the ``PortRange`` property is ignored.
Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-protocol

Return type

Union[int, float]

rule_action

Whether to allow or deny traffic that matches the rule;

valid values are “allow” or “deny”.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-ruleaction

Return type

str

rule_number

Rule number to assign to the entry, such as 100.

ACL entries are processed in ascending order by rule number. Entries can’t use the same rule number unless one is an egress rule and the other is an ingress rule.

Link

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#cfn-ec2-networkaclentry-rulenumber

Return type

Union[int, float]