Creates an entry (i.e., rule) in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. When determining whether a packet should be allowed in or out of a subnet associated with the ACL, Amazon VPC processes the entries in the ACL according to the rule numbers, in ascending order.
Important: We recommend that you leave room between the rules (e.g., 100, 110, 120, etc.), and not number them sequentially (101, 102, 103, etc.). This allows you to easily add a new rule between existing ones without having to renumber the rules.
After you add an entry, you can’t modify it; you must either replace it, or create a new entry and delete the old one.
For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide.
Access
public
Parameters
Parameter |
Type |
Required |
Description |
---|---|---|---|
|
Required |
ID of the ACL where the entry will be created. |
|
|
Required |
Rule number to assign to the entry (e.g., 100). ACL entries are processed in ascending order by rule number. |
|
|
Required |
IP protocol the rule applies to. Valid Values: |
|
|
Required |
Whether to allow or deny traffic that matches the rule. [Allowed values: |
|
|
Required |
Whether this rule applies to egress traffic from the subnet ( |
|
|
Required |
The CIDR range to allow or deny, in CIDR notation (e.g., |
|
|
Optional |
An associative array of parameters that can have the following keys:
|
Returns
Type |
Description |
---|---|
A |
Examples
Create a new entry in the Network Access Control List (ACL).
$ec2 = new AmazonEC2(); $tcp = 6; $response = $ec2->create_network_acl_entry('acl-4abf3f23', 1, $tcp, 'allow', 'true', '172.16.0.0/24', array( 'PortRange' => array( 'From' => 80, 'To' => 80 ) )); var_dump($response->isOK());Result:
bool(true)
Related Methods
Source
Method defined in services/ec2.class.php | Toggle source view (30 lines) | View on GitHub