replace_network_acl_entry ( $network_acl_id, $rule_number, $protocol, $rule_action, $egress, $cidr_block, $opt )
Replaces an entry (i.e., rule) in a network ACL. For more information about network ACLs, go to
Network ACLs in the Amazon Virtual Private Cloud User Guide.
Access
Parameters
Parameter |
Type |
Required |
Description |
$network_acl_id
|
string
|
Required
|
ID of the ACL where the entry will be replaced. |
$rule_number
|
integer
|
Required
|
Rule number of the entry to replace. |
$protocol
|
string
|
Required
|
IP protocol the rule applies to. Valid Values: tcp , udp , icmp or an IP protocol number. |
$rule_action
|
string
|
Required
|
Whether to allow or deny traffic that matches the rule. [Allowed values: allow , deny ] |
$egress
|
boolean
|
Required
|
Whether this rule applies to egress traffic from the subnet (true ) or ingress traffic (false ). |
$cidr_block
|
string
|
Required
|
The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24 ). |
$opt
|
array
|
Optional
|
An associative array of parameters that can have the following keys:
Icmp - array - Optional - ICMP values. x - array - Optional - This represents a simple array index. Type - integer - Optional - For the ICMP protocol, the ICMP type. A value of -1 is a wildcard meaning all types. Required if specifying icmp for the protocol.Code - integer - Optional - For the ICMP protocol, the ICMP code. A value of -1 is a wildcard meaning all codes. Required if specifying icmp for the protocol.
PortRange - array - Optional - Port ranges. x - array - Optional - This represents a simple array index. From - integer - Optional - The first port in the range. Required if specifying tcp or udp for the protocol.To - integer - Optional - The last port in the range. Required if specifying tcp or udp for the protocol.
curlopts - array - Optional - A set of values to pass directly into curl_setopt() , where the key is a pre-defined CURLOPT_* constant.returnCurlHandle - boolean - Optional - A private toggle specifying that the cURL handle be returned rather than actually completing the request. This toggle is useful for manually managed batch requests. |
Returns
Examples
Replace an existing entry in the Network Access Control List (ACL).
$ec2 = new AmazonEC2();
$tcp = 6;
$response = $ec2->replace_network_acl_entry('acl-4abf3f23', 1, $tcp, 'allow', 'true', '172.16.0.0/24', array(
'PortRange' => array(
'From' => 443,
'To' => 443
)
));
var_dump($response->isOK());
Result:
bool(true)
Related Methods
Source
Method defined in services/ec2.class.php | Toggle source view (30 lines) | View on GitHub
public function replace_network_acl_entry($network_acl_id, $rule_number, $protocol, $rule_action, $egress, $cidr_block, $opt = null)
{
if (!$opt) $opt = array();
$opt['NetworkAclId'] = $network_acl_id;
$opt['RuleNumber'] = $rule_number;
$opt['Protocol'] = $protocol;
$opt['RuleAction'] = $rule_action;
$opt['Egress'] = $egress;
$opt['CidrBlock'] = $cidr_block;
// Optional map (non-list)
if (isset($opt['Icmp']))
{
$opt = array_merge($opt, CFComplexType::map(array(
'Icmp' => $opt['Icmp']
)));
unset($opt['Icmp']);
}
// Optional map (non-list)
if (isset($opt['PortRange']))
{
$opt = array_merge($opt, CFComplexType::map(array(
'PortRange' => $opt['PortRange']
)));
unset($opt['PortRange']);
}
return $this->authenticate('ReplaceNetworkAclEntry', $opt);
}