» Resource: aws_network_acl_rule

Creates an entry (a rule) in a network ACL with the specified rule number.

» Example Usage

resource "aws_network_acl" "bar" {
  vpc_id = aws_vpc.foo.id
}

resource "aws_network_acl_rule" "bar" {
  network_acl_id = aws_network_acl.bar.id
  rule_number    = 200
  egress         = false
  protocol       = "tcp"
  rule_action    = "allow"
  cidr_block     = aws_vpc.foo.cidr_block
  from_port      = 22
  to_port        = 22
}

» Argument Reference

The following arguments are supported:

  • network_acl_id - (Required) The ID of the network ACL.
  • rule_number - (Required) The rule number for the entry (for example, 100). ACL entries are processed in ascending order by rule number.
  • egress - (Optional, bool) Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet). Default false.
  • protocol - (Required) The protocol. A value of -1 means all protocols.
  • rule_action - (Required) Indicates whether to allow or deny the traffic that matches the rule. Accepted values: allow | deny
  • cidr_block - (Optional) The network range to allow or deny, in CIDR notation (for example 172.16.0.0/24 ).
  • ipv6_cidr_block - (Optional) The IPv6 CIDR block to allow or deny.
  • from_port - (Optional) The from port to match.
  • to_port - (Optional) The to port to match.
  • icmp_type - (Optional) ICMP protocol: The ICMP type. Required if specifying ICMP for the protocol. e.g. -1
  • icmp_code - (Optional) ICMP protocol: The ICMP code. Required if specifying ICMP for the protocol. e.g. -1

» Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the network ACL Rule

» Import

Individual rules can be imported using NETWORK_ACL_ID:RULE_NUMBER:PROTOCOL:EGRESS, where PROTOCOL can be a decimal (e.g. 6) or string (e.g. tcp) value. If importing a rule previously provisioned by Terraform, the PROTOCOL must be the input value used at creation time. For more information on protocol numbers and keywords, see here: https://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml

For example, import a network ACL Rule with an argument like this:

$ terraform import aws_network_acl_rule.my_rule acl-7aaabd18:100:tcp:false

Or by the procotol's decimal value:

$ terraform import aws_network_acl_rule.my_rule acl-7aaabd18:100:6:false