AWS Fundamentals Logo
AWS Fundamentals
L1 ConstructAWS::EC2::NetworkAclEntry

CfnNetworkAclEntry

Specifies an entry, known as a rule, in a network ACL with a rule number you specify. Each network ACL has a set of numbered ingress rules and a separate set of numbered egress rules. To create the network ACL, see [AWS::EC2::NetworkAcl](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkacl.html) . For information about the protocol value, see [Protocol Numbers](https://docs.aws.amazon.com/https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml) on the Internet Assigned Numbers Authority (IANA) website.

Import

import { CfnNetworkAclEntry } from 'aws-cdk-lib/aws-ec2';

Or use the module namespace:

import * as ec2 from 'aws-cdk-lib/aws-ec2';
// ec2.CfnNetworkAclEntry

Properties

Configuration passed to the constructor as CfnNetworkAclEntryProps.

networkAclIdRequired
string

The ID of the ACL for the entry.

protocolRequired
number

The IP protocol that the rule applies to. You must specify -1 or a protocol number. You can specify -1 for all protocols. > If you specify -1, all ports are opened and the `PortRange` property is ignored.

ruleActionRequired
string

Whether to allow or deny traffic that matches the rule; valid values are "allow" or "deny".

ruleNumberRequired
number

Rule number to assign to the entry, such as 100. ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule.

cidrBlockOptional
string

The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). You must specify an IPv4 CIDR block or an IPv6 CIDR block.

egressOptional
boolean | IResolvable

Whether this rule applies to egress traffic from the subnet ( `true` ) or ingress traffic to the subnet ( `false` ). By default, AWS CloudFormation specifies `false` .

icmpOptional
IResolvable | IcmpProperty

The Internet Control Message Protocol (ICMP) code and type. Required if specifying 1 (ICMP) for the protocol parameter.

ipv6CidrBlockOptional
string

The IPv6 network range to allow or deny, in CIDR notation. You must specify an IPv4 CIDR block or an IPv6 CIDR block.

portRangeOptional
IResolvable | PortRangeProperty

The range of port numbers for the UDP/TCP protocol. Required if specifying 6 (TCP) or 17 (UDP) for the protocol parameter.

CloudFormation Resource

This L1 construct maps directly to the following CloudFormation resource type.

AWS::EC2::NetworkAclEntryView in CloudFormation Explorer

Get the Amazon EC2 Cheat Sheet

Everything you need to know about Amazon EC2 on one page. HD quality, print-friendly.

Download Free Infographic

Quick Facts

LevelL1 (CloudFormation)
Moduleaws-ec2
CFN TypeAWS::EC2::NetworkAclEntry
Properties9

Related Constructs

Explore This Service

External Links