aws-cdk-lib.aws_ec2.CfnNetworkAclEntryProps

interface CfnNetworkAclEntryProps

LanguageType name
.NETAmazon.CDK.AWS.EC2.CfnNetworkAclEntryProps
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#CfnNetworkAclEntryProps
Javasoftware.amazon.awscdk.services.ec2.CfnNetworkAclEntryProps
Pythonaws_cdk.aws_ec2.CfnNetworkAclEntryProps
TypeScript aws-cdk-lib » aws_ec2 » CfnNetworkAclEntryProps

Properties for defining a CfnNetworkAclEntry.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ec2 as ec2 } from 'aws-cdk-lib';
const cfnNetworkAclEntryProps: ec2.CfnNetworkAclEntryProps = {
  networkAclId: 'networkAclId',
  protocol: 123,
  ruleAction: 'ruleAction',
  ruleNumber: 123,

  // the properties below are optional
  cidrBlock: 'cidrBlock',
  egress: false,
  icmp: {
    code: 123,
    type: 123,
  },
  ipv6CidrBlock: 'ipv6CidrBlock',
  portRange: {
    from: 123,
    to: 123,
  },
};

Properties

NameTypeDescription
networkAclIdstringThe ID of the ACL for the entry.
protocolnumberThe IP protocol that the rule applies to.
ruleActionstringWhether to allow or deny traffic that matches the rule;
ruleNumbernumberRule number to assign to the entry, such as 100.
cidrBlock?stringThe IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional: You must specify the CidrBlock or Ipv6CidrBlock property.
egress?boolean | IResolvableWhether this rule applies to egress traffic from the subnet ( true ) or ingress traffic to the subnet ( false ).
icmp?IResolvable | IcmpPropertyThe Internet Control Message Protocol (ICMP) code and type.
ipv6CidrBlock?stringThe IPv6 network range to allow or deny, in CIDR notation.
portRange?IResolvable | PortRangePropertyThe range of port numbers for the UDP/TCP protocol.

networkAclId

Type: string

The ID of the ACL for the entry.


protocol

Type: number

The IP protocol that the rule applies to.

You must specify -1 or a protocol number. You can specify -1 for all protocols.

If you specify -1, all ports are opened and the PortRange property is ignored.


ruleAction

Type: string

Whether to allow or deny traffic that matches the rule;

valid values are "allow" or "deny".


ruleNumber

Type: number

Rule number to assign to the entry, such as 100.

ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.


cidrBlock?

Type: string (optional)

The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional: You must specify the CidrBlock or Ipv6CidrBlock property.


egress?

Type: boolean | IResolvable (optional)

Whether this rule applies to egress traffic from the subnet ( true ) or ingress traffic to the subnet ( false ).

By default, AWS CloudFormation specifies false .


icmp?

Type: IResolvable | IcmpProperty (optional)

The Internet Control Message Protocol (ICMP) code and type.

Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter.


ipv6CidrBlock?

Type: string (optional)

The IPv6 network range to allow or deny, in CIDR notation.

Requirement is conditional: You must specify the CidrBlock or Ipv6CidrBlock property.


portRange?

Type: IResolvable | PortRangeProperty (optional)

The range of port numbers for the UDP/TCP protocol.

Conditional required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.