replace_network_acl_entry ( $network_acl_id, $rule_number, $protocol, $rule_action, $egress, $cidr_block, $opt )

Replaces an entry (i.e., rule) in a network ACL. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide.

Access

public

Parameters

Parameter

Type

Required

Description

$network_acl_id

string

Required

ID of the ACL where the entry will be replaced.

$rule_number

integer

Required

Rule number of the entry to replace.

$protocol

string

Required

IP protocol the rule applies to. Valid Values: tcp, udp, icmp or an IP protocol number.

$rule_action

string

Required

Whether to allow or deny traffic that matches the rule. [Allowed values: allow, deny]

$egress

boolean

Required

Whether this rule applies to egress traffic from the subnet (true) or ingress traffic (false).

$cidr_block

string

Required

The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

$opt

array

Optional

An associative array of parameters that can have the following keys:

  • Icmp - array - Optional - ICMP values.
    • x - array - Optional - This represents a simple array index.
      • Type - integer - Optional - For the ICMP protocol, the ICMP type. A value of -1 is a wildcard meaning all types. Required if specifying icmp for the protocol.
      • Code - integer - Optional - For the ICMP protocol, the ICMP code. A value of -1 is a wildcard meaning all codes. Required if specifying icmp for the protocol.
  • PortRange - array - Optional - Port ranges.
    • x - array - Optional - This represents a simple array index.
      • From - integer - Optional - The first port in the range. Required if specifying tcp or udp for the protocol.
      • To - integer - Optional - The last port in the range. Required if specifying tcp or udp for the protocol.
  • curlopts - array - Optional - A set of values to pass directly into curl_setopt(), where the key is a pre-defined CURLOPT_* constant.
  • returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests.

Returns

Type

Description

CFResponse

A CFResponse object containing a parsed HTTP response.

Examples

Replace an existing entry in the Network Access Control List (ACL).

$ec2 = new AmazonEC2();

$tcp = 6;
$response = $ec2->replace_network_acl_entry('acl-4abf3f23', 1, $tcp, 'allow', 'true', '172.16.0.0/24', array(
	'PortRange' => array(
		'From' => 443,
		'To' => 443
	)
));

var_dump($response->isOK());
Result:
bool(true)

Related Methods

Source

Method defined in services/ec2.class.php | Toggle source view (30 lines) | View on GitHub

public function replace_network_acl_entry($network_acl_id, $rule_number, $protocol, $rule_action, $egress, $cidr_block, $opt = null)
{
    if (!$opt) $opt = array();
    $opt['NetworkAclId'] = $network_acl_id;
    $opt['RuleNumber'] = $rule_number;
    $opt['Protocol'] = $protocol;
    $opt['RuleAction'] = $rule_action;
    $opt['Egress'] = $egress;
    $opt['CidrBlock'] = $cidr_block;
    
    // Optional map (non-list)
    if (isset($opt['Icmp']))
    {
        $opt = array_merge($opt, CFComplexType::map(array(
            'Icmp' => $opt['Icmp']
        )));
        unset($opt['Icmp']);
    }
    
    // Optional map (non-list)
    if (isset($opt['PortRange']))
    {
        $opt = array_merge($opt, CFComplexType::map(array(
            'PortRange' => $opt['PortRange']
        )));
        unset($opt['PortRange']);
    }

    return $this->authenticate('ReplaceNetworkAclEntry', $opt);
}

Copyright © 2010–2013 Amazon Web Services, LLC


Feedback