github.com/armen/terraform@v0.5.2-0.20150529052519-caa8117a08f1/website/source/docs/providers/aws/r/network_acl.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_network_acl" 4 sidebar_current: "docs-aws-resource-network-acl" 5 description: |- 6 Provides an network ACL resource. 7 --- 8 9 # aws\_network\_acl 10 11 Provides an network ACL resource. You might set up network ACLs with rules similar 12 to your security groups in order to add an additional layer of security to your VPC. 13 14 ## Example Usage 15 16 ``` 17 resource "aws_network_acl" "main" { 18 vpc_id = "${aws_vpc.main.id}" 19 egress { 20 protocol = "tcp" 21 rule_no = 2 22 action = "allow" 23 cidr_block = "10.3.0.0/18" 24 from_port = 443 25 to_port = 443 26 } 27 28 ingress { 29 protocol = "tcp" 30 rule_no = 1 31 action = "allow" 32 cidr_block = "10.3.0.0/18" 33 from_port = 80 34 to_port = 80 35 } 36 37 tags { 38 Name = "main" 39 } 40 } 41 ``` 42 43 ## Argument Reference 44 45 The following arguments are supported: 46 47 * `vpc_id` - (Required) The ID of the associated VPC. 48 * `subnet_ids` - (Optional) A list of Subnet IDs to apply the ACL to 49 * `subnet_id` - (Optional, Deprecated) The ID of the associated Subnet. This 50 attribute is deprecated, please use the `subnet_ids` attribute instead 51 * `ingress` - (Optional) Specifies an ingress rule. Parameters defined below. 52 * `egress` - (Optional) Specifies an egress rule. Parameters defined below. 53 * `tags` - (Optional) A mapping of tags to assign to the resource. 54 55 Both `egress` and `ingress` support the following keys: 56 57 * `from_port` - (Required) The from port to match. 58 * `to_port` - (Required) The to port to match. 59 * `rule_no` - (Required) The rule number. Used for ordering. 60 * `action` - (Required) The action to take. 61 * `protocol` - (Required) The protocol to match. If using the -1 'all' 62 protocol, you must specify a from and to port of 0. 63 * `cidr_block` - (Optional) The CIDR block to match. This must be a 64 valid network mask. 65 66 ## Attributes Reference 67 68 The following attributes are exported: 69 70 * `id` - The ID of the network ACL 71