interface CfnNetworkAclEntryProps
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.EC2.CfnNetworkAclEntryProps |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awsec2#CfnNetworkAclEntryProps |
 Java | software.amazon.awscdk.services.ec2.CfnNetworkAclEntryProps |
 Python | aws_cdk.aws_ec2.CfnNetworkAclEntryProps |
 TypeScript | aws-cdk-lib » aws_ec2 » CfnNetworkAclEntryProps |
Properties for defining a CfnNetworkAclEntry.
See also: http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ec2 as ec2 } from 'aws-cdk-lib';
const cfnNetworkAclEntryProps: ec2.CfnNetworkAclEntryProps = {
networkAclId: 'networkAclId',
protocol: 123,
ruleAction: 'ruleAction',
ruleNumber: 123,
// the properties below are optional
cidrBlock: 'cidrBlock',
egress: false,
icmp: {
code: 123,
type: 123,
},
ipv6CidrBlock: 'ipv6CidrBlock',
portRange: {
from: 123,
to: 123,
},
};
Properties
| Name | Type | Description |
|---|---|---|
| network | string | The ID of the ACL for the entry. |
| protocol | number | The IP protocol that the rule applies to. |
| rule | string | Whether to allow or deny traffic that matches the rule; |
| rule | number | Rule number to assign to the entry, such as 100. |
| cidr | string | The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). You must specify an IPv4 CIDR block or an IPv6 CIDR block. |
| egress? | boolean | IResolvable | Whether this rule applies to egress traffic from the subnet ( true ) or ingress traffic to the subnet ( false ). |
| icmp? | IResolvable | Icmp | The Internet Control Message Protocol (ICMP) code and type. |
| ipv6 | string | The IPv6 network range to allow or deny, in CIDR notation. |
| port | IResolvable | Port | The range of port numbers for the UDP/TCP protocol. |
networkAclId
Type:
string
The ID of the ACL for the entry.
protocol
Type:
number
The IP protocol that the rule applies to.
You must specify -1 or a protocol number. You can specify -1 for all protocols.
If you specify -1, all ports are opened and the
PortRangeproperty is ignored.
ruleAction
Type:
string
Whether to allow or deny traffic that matches the rule;
valid values are "allow" or "deny".
ruleNumber
Type:
number
Rule number to assign to the entry, such as 100.
ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.
cidrBlock?
Type:
string
(optional)
The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). You must specify an IPv4 CIDR block or an IPv6 CIDR block.
egress?
Type:
boolean | IResolvable
(optional)
Whether this rule applies to egress traffic from the subnet ( true ) or ingress traffic to the subnet ( false ).
By default, AWS CloudFormation specifies false .
icmp?
Type:
IResolvable | Icmp
(optional)
The Internet Control Message Protocol (ICMP) code and type.
Required if specifying 1 (ICMP) for the protocol parameter.
ipv6CidrBlock?
Type:
string
(optional)
The IPv6 network range to allow or deny, in CIDR notation.
You must specify an IPv4 CIDR block or an IPv6 CIDR block.
portRange?
Type:
IResolvable | Port
(optional)
The range of port numbers for the UDP/TCP protocol.
Required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.