1VM::EC2::VPC::NetworkAcUls(e3r)Contributed Perl DocumentVaMt:i:oEnC2::VPC::NetworkAcl(3)
2
3
4
6 VM::EC2::VPC::NetworkAcl - Virtual Private Cloud network ACL
7
9 use VM::EC2;
10
11 my $ec2 = VM::EC2->new(...);
12 my @acls = $ec2->describe_network_acls(-network_acl_id=>'acl-12345678');
13 foreach my $acl (@acls) {
14 my $vpc_id = $acl->vpcId;
15 my $default = $acl->default;
16 my @entries = $acl->entries;
17 my @assoc = $acl->associations;
18 ...
19 }
20
21 my $acl = $ec2->create_network_acl_entry(...);
22
24 This object represents an Amazon EC2 VPC network ACL, and is returned
25 by VM::EC2->describe_network_acls() and ->create_network_acl()
26
28 These object methods are supported:
29
30 networkAclId -- The network ACL's ID.
31 vpcId -- The ID of the VPC the network ACL is in.
32 default -- Whether this is the default network ACL in the VPC.
33 entrySet -- A list of entries (rules) in the network ACL.
34 associationSet -- A list of associations between the network ACL and
35 one or more subnets.
36 tagSet -- Tags assigned to the resource.
37 associations -- Alias for associationSet.
38 entries -- Alias for entrySet.
39
40 The object also supports the tags() method described in
41 VM::EC2::Generic:
42
44 $success = $acl->create_entry(%args) =head2 $success =
45 $acl->create_entry($acl_entry)
46 Creates an entry (i.e., rule) in a network ACL with the rule number you
47 specified. Each network ACL has a set of numbered ingress rules and a
48 separate set of numbered egress rules. When determining whether a
49 packet should be allowed in or out of a subnet associated with the ACL,
50 Amazon VPC processes the entries in the ACL according to the rule
51 numbers, in ascending order.
52
53 Arguments:
54
55 -rule_number -- Rule number to assign to the entry (e.g., 100).
56 ACL entries are processed in ascending order by
57 rule number. Positive integer from 1 to 32766.
58 (Required)
59 -protocol -- The IP protocol the rule applies to. You can use
60 -1 to mean all protocols. See
61 http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
62 for a list of protocol numbers. (Required)
63 -rule_action -- Indicates whether to allow or deny traffic that
64 matches the rule. allow | deny (Required)
65 -egress -- Indicates whether this rule applies to egress
66 traffic from the subnet (true) or ingress traffic
67 to the subnet (false). Default is false.
68 -cidr_block -- The CIDR range to allow or deny, in CIDR notation
69 (e.g., 172.16.0.0/24). (Required)
70 -icmp_code -- For the ICMP protocol, the ICMP code. You can use
71 -1 to specify all ICMP codes for the given ICMP
72 type. Required if specifying 1 (ICMP) for protocol.
73 -icmp_type -- For the ICMP protocol, the ICMP type. You can use
74 -1 to specify all ICMP types. Required if
75 specifying 1 (ICMP) for the protocol
76 -port_from -- The first port in the range. Required if specifying
77 6 (TCP) or 17 (UDP) for the protocol.
78 -port_to -- The last port in the range. Required if specifying
79 6 (TCP) or 17 (UDP) for the protocol.
80
81 Alternately, can pass an existing ACL entry object
82 VM::EC2::VPC::NetworkAcl::Entry as the only argument for ease in
83 copying entries from one ACL to another.
84
85 Returns true on successful creation.
86
87 $success = $acl->delete_entry(%args) =head2 $success =
88 $acl->delete_entry($acl_entry)
89 Deletes an ingress or egress entry (i.e., rule) from a network ACL.
90
91 Arguments:
92
93 -network_acl_id -- ID of the ACL where the entry will be created
94
95 -rule_number -- Rule number of the entry (e.g., 100).
96
97 Optional arguments:
98
99 -egress -- Whether the rule to delete is an egress rule (true) or ingress
100 rule (false). Default is false.
101
102 Alternately, can pass an existing ACL entry object
103 VM::EC2::VPC::NetworkAcl::Entry as the only argument to ease deletion
104 of entries.
105
106 Returns true on successful deletion.
107
108 $success = replace_entry(%args) =head2 $success = replace_entry($acl_entry)
109 Replaces an entry (i.e., rule) in a network ACL.
110
111 Arguments:
112
113 -network_acl_id -- ID of the ACL where the entry will be created
114 (Required)
115 -rule_number -- Rule number of the entry to replace. (Required)
116 -protocol -- The IP protocol the rule applies to. You can use
117 -1 to mean all protocols. See
118 http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
119 for a list of protocol numbers. (Required)
120 -rule_action -- Indicates whether to allow or deny traffic that
121 matches the rule. allow | deny (Required)
122 -egress -- Indicates whether this rule applies to egress
123 traffic from the subnet (true) or ingress traffic
124 to the subnet (false). Default is false.
125 -cidr_block -- The CIDR range to allow or deny, in CIDR notation
126 (e.g., 172.16.0.0/24). (Required)
127 -icmp_code -- For the ICMP protocol, the ICMP code. You can use
128 -1 to specify all ICMP codes for the given ICMP
129 type. Required if specifying 1 (ICMP) for protocol.
130 -icmp_type -- For the ICMP protocol, the ICMP type. You can use
131 -1 to specify all ICMP types. Required if
132 specifying 1 (ICMP) for the protocol
133 -port_from -- The first port in the range. Required if specifying
134 6 (TCP) or 17 (UDP) for the protocol.
135 -port_to -- The last port in the range. Only required if
136 specifying 6 (TCP) or 17 (UDP) for the protocol and
137 is a different port than -port_from.
138
139 Alternately, can pass an existing ACL entry object
140 VM::EC2::VPC::NetworkAcl::Entry as the only argument for ease in
141 replacing entries from one ACL to another. The rule number in the
142 passed entry object must already exist in the ACL.
143
144 Returns true on successful replacement.
145
146 $association_id = $acl->associate($subnet_id)
147 Associates the ACL with a subnet in the same VPC. Replaces whatever
148 ACL the subnet was associated with previously.
149
150 $association_id = $acl->disassociate($subnet_id)
151 Disassociates the ACL with a subnet in the same VPC. The subnet will
152 then be associated with the default ACL.
153
155 When used in a string context, this object will interpolate the
156 networkAclId.
157
159 VM::EC2 VM::EC2::Generic VM::EC2::Tag VM::EC2::VPC
160 VM::EC2::VPC::NetworkAcl::Entry VM::EC2::VPC::NetworkAcl::Association
161
163 Lance Kinley <lkinley@loyaltymethods.com>.
164
165 Copyright (c) 2012 Loyalty Methods, Inc.
166
167 This package and its accompanying libraries is free software; you can
168 redistribute it and/or modify it under the terms of the GPL (either
169 version 1, or at your option, any later version) or the Artistic
170 License 2.0. Refer to LICENSE for the full license text. In addition,
171 please see DISCLAIMER.txt for disclaimers of warranty.
172
173
174
175perl v5.34.0 2022-01-21 VM::EC2::VPC::NetworkAcl(3)