github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/network_acl_rule.html.markdown

github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/network_acl_rule.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_network_acl_rule"
     4  sidebar_current: "docs-aws-resource-network-acl-rule"
     5  description: |-
     6    Provides an network ACL Rule resource.
     7  ---
     8  
     9  # aws\_network\_acl\_rule
    10  
    11  Creates an entry (a rule) in a network ACL with the specified rule number.
    12  
    13  ## Example Usage
    14  
    15  ```hcl
    16  resource "aws_network_acl" "bar" {
    17    vpc_id = "${aws_vpc.foo.id}"
    18  }
    19  
    20  resource "aws_network_acl_rule" "bar" {
    21    network_acl_id = "${aws_network_acl.bar.id}"
    22    rule_number    = 200
    23    egress         = false
    24    protocol       = "tcp"
    25    rule_action    = "allow"
    26    cidr_block     = "0.0.0.0/0"
    27    from_port      = 22
    28    to_port        = 22
    29  }
    30  ```
    31  
    32  ~> **Note:** One of either `cidr_block` or `ipv6_cidr_block` is required.
    33  
    34  ## Argument Reference
    35  
    36  The following arguments are supported:
    37  
    38  * `network_acl_id` - (Required) The ID of the network ACL.
    39  * `rule_number` - (Required) The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
    40  * `egress` - (Optional, bool) Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default `false`.
    41  * `protocol` - (Required) The protocol. A value of -1 means all protocols.
    42  * `rule_action` - (Required) Indicates whether to allow or deny the traffic that matches the rule. Accepted values: `allow` | `deny`
    43  * `cidr_block` - (Optional) The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
    44  * `ipv6_cidr_block` - (Optional) The IPv6 CIDR block to allow or deny.
    45  * `from_port` - (Optional) The from port to match.
    46  * `to_port` - (Optional) The to port to match.
    47  * `icmp_type` - (Optional) ICMP protocol: The ICMP type. Required if specifying ICMP for the protocol. e.g. -1
    48  * `icmp_code` - (Optional) ICMP protocol: The ICMP code. Required if specifying ICMP for the protocol. e.g. -1
    49  
    50  ~> **NOTE:** If the value of `protocol` is `-1` or `all`, the `from_port` and `to_port` values will be ignored and the rule will apply to all ports.
    51  
    52  ~> **NOTE:** If the value of `icmp_type` is `-1` (which results in a wildcard ICMP type), the `icmp_code` must also be set to `-1` (wildcard ICMP code).
    53  
    54  ~> Note: For more information on ICMP types and codes, see here: http://www.nthelp.com/icmp.html
    55  
    56  ## Attributes Reference
    57  
    58  The following attributes are exported:
    59  
    60  * `id` - The ID of the network ACL Rule