github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/website/source/docs/providers/aws/r/network_acl.html.markdown

github.com/nathanielks/terraform@v0.6.1-0.20170509030759-13e1a62319dc/website/source/docs/providers/aws/r/network_acl.html.markdown (about)

     1  ---
     2  layout: "aws"
     3  page_title: "AWS: aws_network_acl"
     4  sidebar_current: "docs-aws-resource-network-acl"
     5  description: |-
     6    Provides an network ACL resource.
     7  ---
     8  
     9  # aws\_network\_acl
    10  
    11  Provides an network ACL resource. You might set up network ACLs with rules similar
    12  to your security groups in order to add an additional layer of security to your VPC.
    13  
    14  ## Example Usage
    15  
    16  ```hcl
    17  resource "aws_network_acl" "main" {
    18    vpc_id = "${aws_vpc.main.id}"
    19  
    20    egress {
    21      protocol   = "tcp"
    22      rule_no    = 2
    23      action     = "allow"
    24      cidr_block = "10.3.0.0/18"
    25      from_port  = 443
    26      to_port    = 443
    27    }
    28  
    29    ingress {
    30      protocol   = "tcp"
    31      rule_no    = 1
    32      action     = "allow"
    33      cidr_block = "10.3.0.0/18"
    34      from_port  = 80
    35      to_port    = 80
    36    }
    37  
    38    tags {
    39      Name = "main"
    40    }
    41  }
    42  ```
    43  
    44  ## Argument Reference
    45  
    46  The following arguments are supported:
    47  
    48  * `vpc_id` - (Required) The ID of the associated VPC.
    49  * `subnet_ids` - (Optional) A list of Subnet IDs to apply the ACL to
    50  * `subnet_id` - (Optional, Deprecated) The ID of the associated Subnet. This
    51  attribute is deprecated, please use the `subnet_ids` attribute instead
    52  * `ingress` - (Optional) Specifies an ingress rule. Parameters defined below.
    53  * `egress` - (Optional) Specifies an egress rule. Parameters defined below.
    54  * `tags` - (Optional) A mapping of tags to assign to the resource.
    55  
    56  Both `egress` and `ingress` support the following keys:
    57  
    58  * `from_port` - (Required) The from port to match.
    59  * `to_port` - (Required) The to port to match.
    60  * `rule_no` - (Required) The rule number. Used for ordering.
    61  * `action` - (Required) The action to take.
    62  * `protocol` - (Required) The protocol to match. If using the -1 'all'
    63  protocol, you must specify a from and to port of 0.
    64  * `cidr_block` - (Optional) The CIDR block to match. This must be a
    65  valid network mask.
    66  * `ipv6_cidr_block` - (Optional) The IPv6 CIDR block.
    67  * `icmp_type` - (Optional) The ICMP type to be used. Default 0.
    68  * `icmp_code` - (Optional) The ICMP type code to be used. Default 0.
    69  
    70  ~> Note: For more information on ICMP types and codes, see here: http://www.nthelp.com/icmp.html
    71  
    72  ## Attributes Reference
    73  
    74  The following attributes are exported:
    75  
    76  * `id` - The ID of the network ACL
    77  
    78  
    79  ## Import
    80  
    81  Network ACLs can be imported using the `id`, e.g.
    82  
    83  ```
    84  $ terraform import aws_network_acl.main acl-7aaabd18
    85  ```