Class CfnNetworkAclEntry
- All Implemented Interfaces:
IConstruct
,IDependable
,IInspectable
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
AWS::EC2::NetworkAclEntry
.
Specifies an entry, known as a rule, in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules.
For information about the protocol value, see Protocol Numbers on the Internet Assigned Numbers Authority (IANA) website.
Example:
// The code below shows an example of how to instantiate this type. // The values are placeholders you should change. import software.amazon.awscdk.services.ec2.*; CfnNetworkAclEntry cfnNetworkAclEntry = CfnNetworkAclEntry.Builder.create(this, "MyCfnNetworkAclEntry") .networkAclId("networkAclId") .protocol(123) .ruleAction("ruleAction") .ruleNumber(123) // the properties below are optional .cidrBlock("cidrBlock") .egress(false) .icmp(IcmpProperty.builder() .code(123) .type(123) .build()) .ipv6CidrBlock("ipv6CidrBlock") .portRange(PortRangeProperty.builder() .from(123) .to(123) .build()) .build();
-
Nested Class Summary
Modifier and TypeClassDescriptionstatic final class
A fluent builder forCfnNetworkAclEntry
.static interface
Describes the ICMP type and code.static interface
Describes a range of ports.Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct
IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IInspectable
IInspectable.Jsii$Default, IInspectable.Jsii$Proxy
-
Field Summary
Modifier and TypeFieldDescriptionstatic final String
The CloudFormation resource type name for this resource class. -
Constructor Summary
ModifierConstructorDescriptionCfnNetworkAclEntry
(Construct scope, String id, CfnNetworkAclEntryProps props) Create a newAWS::EC2::NetworkAclEntry
.protected
CfnNetworkAclEntry
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
CfnNetworkAclEntry
(software.amazon.jsii.JsiiObjectRef objRef) -
Method Summary
Modifier and TypeMethodDescriptionThe ID of the network ACL entry.The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24).Whether this rule applies to egress traffic from the subnet (true
) or ingress traffic to the subnet (false
).getIcmp()
The Internet Control Message Protocol (ICMP) code and type.The IPv6 network range to allow or deny, in CIDR notation.The ID of the ACL for the entry.The range of port numbers for the UDP/TCP protocol.The IP protocol that the rule applies to.Whether to allow or deny traffic that matches the rule;Rule number to assign to the entry, such as 100.void
inspect
(TreeInspector inspector) Examines the CloudFormation resource and discloses attributes.renderProperties
(Map<String, Object> props) void
setCidrBlock
(String value) The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24).void
Whether this rule applies to egress traffic from the subnet (true
) or ingress traffic to the subnet (false
).void
setEgress
(IResolvable value) Whether this rule applies to egress traffic from the subnet (true
) or ingress traffic to the subnet (false
).void
setIcmp
(IResolvable value) The Internet Control Message Protocol (ICMP) code and type.void
The Internet Control Message Protocol (ICMP) code and type.void
setIpv6CidrBlock
(String value) The IPv6 network range to allow or deny, in CIDR notation.void
setNetworkAclId
(String value) The ID of the ACL for the entry.void
setPortRange
(IResolvable value) The range of port numbers for the UDP/TCP protocol.void
The range of port numbers for the UDP/TCP protocol.void
setProtocol
(Number value) The IP protocol that the rule applies to.void
setRuleAction
(String value) Whether to allow or deny traffic that matches the rule;void
setRuleNumber
(Number value) Rule number to assign to the entry, such as 100.Methods inherited from class software.amazon.awscdk.core.CfnResource
addDeletionOverride, addDependsOn, addMetadata, addOverride, addPropertyDeletionOverride, addPropertyOverride, applyRemovalPolicy, applyRemovalPolicy, applyRemovalPolicy, getAtt, getCfnOptions, getCfnResourceType, getMetadata, getUpdatedProperites, isCfnResource, shouldSynthesize, toString, validateProperties
Methods inherited from class software.amazon.awscdk.core.CfnRefElement
getRef
Methods inherited from class software.amazon.awscdk.core.CfnElement
getCreationStack, getLogicalId, getStack, isCfnElement, overrideLogicalId
Methods inherited from class software.amazon.awscdk.core.Construct
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Field Details
-
CFN_RESOURCE_TYPE_NAME
The CloudFormation resource type name for this resource class.
-
-
Constructor Details
-
CfnNetworkAclEntry
protected CfnNetworkAclEntry(software.amazon.jsii.JsiiObjectRef objRef) -
CfnNetworkAclEntry
protected CfnNetworkAclEntry(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
CfnNetworkAclEntry
@Stability(Stable) public CfnNetworkAclEntry(@NotNull Construct scope, @NotNull String id, @NotNull CfnNetworkAclEntryProps props) Create a newAWS::EC2::NetworkAclEntry
.- Parameters:
scope
-- scope in which this resource is defined.
id
-- scoped id of the resource.
props
-- resource properties.
-
-
Method Details
-
inspect
Examines the CloudFormation resource and discloses attributes.- Specified by:
inspect
in interfaceIInspectable
- Parameters:
inspector
-- tree inspector to collect and process attributes.
-
renderProperties
@Stability(Stable) @NotNull protected Map<String,Object> renderProperties(@NotNull Map<String, Object> props) - Overrides:
renderProperties
in classCfnResource
- Parameters:
props
- This parameter is required.
-
getAttrId
The ID of the network ACL entry. -
getCfnProperties
- Overrides:
getCfnProperties
in classCfnResource
-
getNetworkAclId
The ID of the ACL for the entry. -
setNetworkAclId
The ID of the ACL for the entry. -
getProtocol
The IP protocol that the rule applies to.You must specify -1 or a protocol number. You can specify -1 for all protocols.
If you specify -1, all ports are opened and the
PortRange
property is ignored. -
setProtocol
The IP protocol that the rule applies to.You must specify -1 or a protocol number. You can specify -1 for all protocols.
If you specify -1, all ports are opened and the
PortRange
property is ignored. -
getRuleAction
Whether to allow or deny traffic that matches the rule;valid values are "allow" or "deny".
-
setRuleAction
Whether to allow or deny traffic that matches the rule;valid values are "allow" or "deny".
-
getRuleNumber
Rule number to assign to the entry, such as 100.ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.
-
setRuleNumber
Rule number to assign to the entry, such as 100.ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.
-
getCidrBlock
The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional: You must specify theCidrBlock
orIpv6CidrBlock
property. -
setCidrBlock
The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional: You must specify theCidrBlock
orIpv6CidrBlock
property. -
getEgress
Whether this rule applies to egress traffic from the subnet (true
) or ingress traffic to the subnet (false
).By default, AWS CloudFormation specifies
false
. -
setEgress
Whether this rule applies to egress traffic from the subnet (true
) or ingress traffic to the subnet (false
).By default, AWS CloudFormation specifies
false
. -
setEgress
Whether this rule applies to egress traffic from the subnet (true
) or ingress traffic to the subnet (false
).By default, AWS CloudFormation specifies
false
. -
getIcmp
The Internet Control Message Protocol (ICMP) code and type.Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.
-
setIcmp
The Internet Control Message Protocol (ICMP) code and type.Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.
-
setIcmp
The Internet Control Message Protocol (ICMP) code and type.Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.
-
getIpv6CidrBlock
The IPv6 network range to allow or deny, in CIDR notation.Requirement is conditional: You must specify the
CidrBlock
orIpv6CidrBlock
property. -
setIpv6CidrBlock
The IPv6 network range to allow or deny, in CIDR notation.Requirement is conditional: You must specify the
CidrBlock
orIpv6CidrBlock
property. -
getPortRange
The range of port numbers for the UDP/TCP protocol.Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.
-
setPortRange
The range of port numbers for the UDP/TCP protocol.Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.
-
setPortRange
The range of port numbers for the UDP/TCP protocol.Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.
-