Skip to content


About DescribeNetworkAcls

Describes one or more of your network ACLs.

For more information, see Network ACLs in the Amazon VPC User Guide.

Method Signature


Optional arguments:


The filters.

  • association.association-id - The ID of an association ID for the ACL.

  • - The ID of the network ACL involved in the association.

  • association.subnet-id - The ID of the subnet involved in the association.

  • default - Indicates whether the ACL is the default network ACL for the VPC.

  • entry.cidr - The IPv4 CIDR range specified in the entry.

  • entry.icmp.code - The ICMP code specified in the entry, if any.

  • entry.icmp.type - The ICMP type specified in the entry, if any.

  • entry.ipv6-cidr - The IPv6 CIDR range specified in the entry.

  • entry.port-range.from - The start of the port range specified in the entry.

  • - The end of the port range specified in the entry.

  • entry.protocol - The protocol specified in the entry (tcp | udp | icmp or a protocol number).

  • entry.rule-action - Allows or denies the matching traffic (allow | deny).

  • entry.egress - A Boolean that indicates the type of rule. Specify true for egress rules, or false for ingress rules.

  • entry.rule-number - The number of an entry (in other words, rule) in the set of ACL entries.

  • network-acl-id - The ID of the network ACL.

  • owner-id - The ID of the Amazon Web Services account that owns the network ACL.

  • tag: - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA, specify tag:Owner for the filter name and TeamA for the filter value.

  • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.

  • vpc-id - The ID of the VPC for the network ACL.


Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation. Otherwise, it is UnauthorizedOperation.


The IDs of the network ACLs.

Default: Describes all your network ACLs.


The token returned from a previous paginated request. Pagination continues from the end of the items returned by the previous request.


The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. For more information, see Pagination.