CfnNetworkAclEntryProps
- class aws_cdk.aws_ec2.CfnNetworkAclEntryProps(*, network_acl_id, protocol, rule_action, rule_number, cidr_block=None, egress=None, icmp=None, ipv6_cidr_block=None, port_range=None)
Bases:
objectProperties for defining a
CfnNetworkAclEntry.- Parameters:
network_acl_id (
str) – The ID of the ACL for the entry.protocol (
Union[int,float]) – The IP protocol that the rule applies to. You must specify -1 or a protocol number. You can specify -1 for all protocols. .. epigraph:: If you specify -1, all ports are opened and thePortRangeproperty is ignored.rule_action (
str) – Whether to allow or deny traffic that matches the rule; valid values are “allow” or “deny”.rule_number (
Union[int,float]) – Rule number to assign to the entry, such as 100. ACL entries are processed in ascending order by rule number. Entries can’t use the same rule number unless one is an egress rule and the other is an ingress rule.cidr_block (
Optional[str]) – The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional: You must specify theCidrBlockorIpv6CidrBlockproperty.egress (
Union[bool,IResolvable,None]) – Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false). By default, AWS CloudFormation specifiesfalse.icmp (
Union[IResolvable,IcmpProperty,Dict[str,Any],None]) – The Internet Control Message Protocol (ICMP) code and type. Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.ipv6_cidr_block (
Optional[str]) – The IPv6 network range to allow or deny, in CIDR notation. Requirement is conditional: You must specify theCidrBlockorIpv6CidrBlockproperty.port_range (
Union[IResolvable,PortRangeProperty,Dict[str,Any],None]) – The range of port numbers for the UDP/TCP protocol. Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.
- Link:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. import aws_cdk.aws_ec2 as ec2 cfn_network_acl_entry_props = ec2.CfnNetworkAclEntryProps( network_acl_id="networkAclId", protocol=123, rule_action="ruleAction", rule_number=123, # the properties below are optional cidr_block="cidrBlock", egress=False, icmp=ec2.CfnNetworkAclEntry.IcmpProperty( code=123, type=123 ), ipv6_cidr_block="ipv6CidrBlock", port_range=ec2.CfnNetworkAclEntry.PortRangeProperty( from=123, to=123 ) )
Attributes
- cidr_block
You must specify the
CidrBlockorIpv6CidrBlockproperty.- Link:
- Type:
The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional
- egress
Whether this rule applies to egress traffic from the subnet (
true) or ingress traffic to the subnet (false).By default, AWS CloudFormation specifies
false.
- icmp
The Internet Control Message Protocol (ICMP) code and type.
Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.
- ipv6_cidr_block
The IPv6 network range to allow or deny, in CIDR notation.
Requirement is conditional: You must specify the
CidrBlockorIpv6CidrBlockproperty.
- network_acl_id
The ID of the ACL for the entry.
- port_range
The range of port numbers for the UDP/TCP protocol.
Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.
- protocol
The IP protocol that the rule applies to.
You must specify -1 or a protocol number. You can specify -1 for all protocols. .. epigraph:
If you specify -1, all ports are opened and the ``PortRange`` property is ignored.
- rule_action
Whether to allow or deny traffic that matches the rule;
valid values are “allow” or “deny”.
- rule_number
Rule number to assign to the entry, such as 100.
ACL entries are processed in ascending order by rule number. Entries can’t use the same rule number unless one is an egress rule and the other is an ingress rule.