class AWS::EC2::NetworkACL


network ACL.
@attr_reader [Boolean] default Returns true if this is the default
@attr_reader [String] vpc_id
Represents a network ACL in EC2.

def associations

Returns:
  • (Array) - Returns an array of 
def associations
  association_set.map do |assoc|
    subnet = Subnet.new(assoc.subnet_id, 
      :vpc_id => vpc_id, 
      :config => config)
    Association.new(assoc.network_acl_association_id, self, subnet)
    
  end
end

def create_entry options = {}

Returns:
  • (nil) -

Options Hash: (**options)
  • :icmp_type (Integer) -- For the ICMP protocol,
  • :icmp_code (Integer) -- For the ICMP protocol, the
  • :port_range (Range) -- A numeric range
  • :egress (Boolean) --
  • :cidr_block (required, String) -- The CIDR range to
  • :protocol (required, Integer) -- IP protocol the rule
  • :action (required, :allow, :deny) -- Whether to
  • :rule_number (required, Integer) -- Rule number to

Parameters:
  • options (Hash) -- 
def create_entry options = {}
  client.create_network_acl_entry(entry_options(options))
  nil
end

def delete

Returns:
  • (nil) - 
def delete
  client.delete_network_acl(:network_acl_id => network_acl_id)
  nil
end

def delete_entry egress_or_ingress, rule_number

Returns:
  • (nil) -

Parameters:
  • rule_number (Integer) -- Which rule to delete.
  • egress_or_ingress (:ingress, :egress) -- Specifies if you want to 
def delete_entry egress_or_ingress, rule_number
  unless [:ingress, :egress].include?(egress_or_ingress)
    msg = "expected :ingress or :egress for egress_or_ingress param"
    raise ArgumentError, msg
  end
  client_opts = {}
  client_opts[:network_acl_id] = network_acl_id
  client_opts[:egress] = egress_or_ingress == :egress
  client_opts[:rule_number] = rule_number
  client.delete_network_acl_entry(client_opts)
  nil
end

def entries

Returns:
  • (Array) - Returns an array of 
def entries
  entry_set.map do |entry_details|
    Entry.new(self, entry_details)
  end
end

def entry_options options 

def entry_options options
  unless [true,false].include?(options[:egress])
    msg = "expected :egress option to be set to true or false"
    raise ArgumentError, msg
  end
  entry_opts = {}
  entry_opts[:network_acl_id] = network_acl_id
  entry_opts[:rule_number] = options[:rule_number]
  entry_opts[:protocol] = options[:protocol].to_s.downcase
  entry_opts[:rule_action] = options[:action].to_s
  entry_opts[:egress] = options[:egress] if options.key?(:egress)
  entry_opts[:cidr_block] = options[:cidr_block]
  if options[:icmp_code] or options[:icmp_type]
    entry_opts[:icmp_type_code] = {}
    entry_opts[:icmp_type_code][:type] = options[:icmp_type]
    entry_opts[:icmp_type_code][:code] = options[:icmp_code]
  end
  if options[:port_range]
    entry_opts[:port_range] = {}
    entry_opts[:port_range][:from] = options[:port_range].first
    entry_opts[:port_range][:to] = options[:port_range].last
  end
  entry_opts
end

def initialize network_acl_id, options = {} 

def initialize network_acl_id, options = {}
  @network_acl_id = network_acl_id
  super
end

def replace_entry options = {}

Returns:
  • (nil) -

Options Hash: (**options)
  • :icmp_type (Integer) -- For the ICMP protocol,
  • :icmp_code (Integer) -- For the ICMP protocol, the
  • :port_range (Range) -- A numeric range
  • :egress (Boolean) --
  • :cidr_block (required, String) -- The CIDR range to
  • :protocol (required, Integer) -- IP protocol the rule
  • :action (required, :allow, :deny) -- Whether to
  • :rule_number (required, Integer) -- Rule number to

Parameters:
  • options (Hash) -- 
def replace_entry options = {}
  client.replace_network_acl_entry(entry_options(options))
  nil
end

def subnets

Returns:
  • (Array) - Returns an array of subnets ({Subnet}) 
def subnets
  associations.map(&:subnet)
end

def vpc

Returns:
  • (VPC) - Returns the VPC this network ACL belongs to. 
def vpc
  VPC.new(vpc_id, :config => config)
end