aws-cdk-lib.aws_ec2.NetworkAclEntryProps

interface NetworkAclEntryProps

LanguageType name
.NETAmazon.CDK.AWS.EC2.NetworkAclEntryProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#NetworkAclEntryProps
Javasoftware.amazon.awscdk.services.ec2.NetworkAclEntryProps
Pythonaws_cdk.aws_ec2.NetworkAclEntryProps
TypeScript (source)aws-cdk-lib » aws_ec2 » NetworkAclEntryProps

Properties to create NetworkAclEntry.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ec2 as ec2 } from 'aws-cdk-lib';

declare const aclCidr: ec2.AclCidr;
declare const aclTraffic: ec2.AclTraffic;
declare const networkAcl: ec2.NetworkAcl;
const networkAclEntryProps: ec2.NetworkAclEntryProps = {
  cidr: aclCidr,
  networkAcl: networkAcl,
  ruleNumber: 123,
  traffic: aclTraffic,

  // the properties below are optional
  direction: ec2.TrafficDirection.EGRESS,
  networkAclEntryName: 'networkAclEntryName',
  ruleAction: ec2.Action.ALLOW,
};

Properties

NameTypeDescription
cidrAclCidrThe CIDR range to allow or deny.
networkAclINetworkAclThe network ACL this entry applies to.
ruleNumbernumberRule number to assign to the entry, such as 100.
trafficAclTrafficWhat kind of traffic this ACL rule applies to.
direction?TrafficDirectionTraffic direction, with respect to the subnet, this rule applies to.
networkAclEntryName?stringThe name of the NetworkAclEntry.
ruleAction?ActionWhether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".

cidr

Type: AclCidr

The CIDR range to allow or deny.


networkAcl

Type: INetworkAcl

The network ACL this entry applies to.


ruleNumber

Type: number

Rule number to assign to the entry, such as 100.

ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.


traffic

Type: AclTraffic

What kind of traffic this ACL rule applies to.


direction?

Type: TrafficDirection (optional, default: TrafficDirection.INGRESS)

Traffic direction, with respect to the subnet, this rule applies to.


networkAclEntryName?

Type: string (optional, default: If you don't specify a NetworkAclName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.)

The name of the NetworkAclEntry.

It is not recommended to use an explicit group name.


ruleAction?

Type: Action (optional, default: ALLOW)

Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".

Any traffic that is not explicitly allowed is automatically denied in a custom ACL, all traffic is automatically allowed in a default ACL.