aws-cdk-lib.aws_ec2.NetworkAclEntry

class NetworkAclEntry (construct)

LanguageType name
.NETAmazon.CDK.AWS.EC2.NetworkAclEntry
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awsec2#NetworkAclEntry
Javasoftware.amazon.awscdk.services.ec2.NetworkAclEntry
Pythonaws_cdk.aws_ec2.NetworkAclEntry
TypeScript (source)aws-cdk-lib » aws_ec2 » NetworkAclEntry

Implements IConstruct, IDependable, IResource, INetworkAclEntry

Define an entry in a Network ACL table.

Example

// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_ec2 as ec2 } from 'aws-cdk-lib';

declare const aclCidr: ec2.AclCidr;
declare const aclTraffic: ec2.AclTraffic;
declare const networkAcl: ec2.NetworkAcl;
const networkAclEntry = new ec2.NetworkAclEntry(this, 'MyNetworkAclEntry', {
  cidr: aclCidr,
  networkAcl: networkAcl,
  ruleNumber: 123,
  traffic: aclTraffic,

  // the properties below are optional
  direction: ec2.TrafficDirection.EGRESS,
  networkAclEntryName: 'networkAclEntryName',
  ruleAction: ec2.Action.ALLOW,
});

Initializer

new NetworkAclEntry(scope: Construct, id: string, props: NetworkAclEntryProps)

Parameters

  • scope Construct
  • id string
  • props NetworkAclEntryProps

Construct Props

NameTypeDescription
cidrAclCidrThe CIDR range to allow or deny.
networkAclINetworkAclThe network ACL this entry applies to.
ruleNumbernumberRule number to assign to the entry, such as 100.
trafficAclTrafficWhat kind of traffic this ACL rule applies to.
direction?TrafficDirectionTraffic direction, with respect to the subnet, this rule applies to.
networkAclEntryName?stringThe name of the NetworkAclEntry.
ruleAction?ActionWhether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".

cidr

Type: AclCidr

The CIDR range to allow or deny.


networkAcl

Type: INetworkAcl

The network ACL this entry applies to.


ruleNumber

Type: number

Rule number to assign to the entry, such as 100.

ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.


traffic

Type: AclTraffic

What kind of traffic this ACL rule applies to.


direction?

Type: TrafficDirection (optional, default: TrafficDirection.INGRESS)

Traffic direction, with respect to the subnet, this rule applies to.


networkAclEntryName?

Type: string (optional, default: If you don't specify a NetworkAclName, AWS CloudFormation generates a unique physical ID and uses that ID for the group name.)

The name of the NetworkAclEntry.

It is not recommended to use an explicit group name.


ruleAction?

Type: Action (optional, default: ALLOW)

Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".

Any traffic that is not explicitly allowed is automatically denied in a custom ACL, all traffic is automatically allowed in a default ACL.

Properties

NameTypeDescription
envResourceEnvironmentThe environment this resource belongs to.
networkAclINetworkAclThe network ACL.
nodeNodeThe tree node.
stackStackThe stack in which this resource is defined.

env

Type: ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed by the CDK (generally, those created by creating new class instances like Role, Bucket, etc.), this is always the same as the environment of the stack they belong to; however, for imported resources (those obtained from static methods like fromRoleArn, fromBucketName, etc.), that might be different than the stack they were imported into.


networkAcl

Type: INetworkAcl

The network ACL.


node

Type: Node

The tree node.


stack

Type: Stack

The stack in which this resource is defined.

Methods

NameDescription
applyRemovalPolicy(policy)Apply the given removal policy to this resource.
toString()Returns a string representation of this construct.

applyRemovalPolicy(policy)

public applyRemovalPolicy(policy: RemovalPolicy): void

Parameters

  • policy RemovalPolicy

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).


toString()

public toString(): string

Returns

  • string

Returns a string representation of this construct.