Class: AWS::EC2::NetworkACL::Entry

Inherits:

Object

• Object
• AWS::EC2::NetworkACL::Entry

Defined in:

lib/aws/ec2/network_acl/entry.rb

Overview

Represents a single entry (rule) for an EC2 network ACL.

Instance Attribute Summary

• #action ⇒ :allow, :deny readonly

  Whether to allow or deny the traffic that matches the rule.

• #cidr_block ⇒ String readonly

  The network range to allow or deny, in CIDR notation.

• #egress ⇒ Boolean readonly

  Indicate the rule is an egress rule (rule is applied to traffic leaving the subnet).

• #icmp_code ⇒ nil, Integer readonly

  A value of -1 means all codes for the given ICMP type.

• #icmp_type ⇒ nil, Integer readonly

  A value of -1 means all codes for the given ICMP type.

• #ingress ⇒ Boolean readonly

  Indicate the rule is an ingress rule (rule is applied to traffic entering the subnet).

• #network_acl ⇒ NetworkACL readonly
• #port_range ⇒ nil, Range<Integer> readonly

  For the TCP or UDP protocols, the range of ports the rule applies to.

• #protocol ⇒ Integer readonly

  Returns the protocol number.

• #rule_number ⇒ Integer readonly

Instance Method Summary

• #allow? ⇒ Boolean

  Returns true if traffic matching this rule is allowed.

• #delete ⇒ nil

  Deletes the current network ACL entry.

• #deny? ⇒ Boolean

  Returns true if traffic matching this rule is denied.

• #egress? ⇒ Boolean

  Returns true if the rule is applied to traffic leaving the subnet.

• #ingress? ⇒ Boolean

  Returns true if the rule is applied to traffic entering the subnet.

• #initialize(network_acl, details) ⇒ Entry constructor

  A new instance of Entry.

• #replace(options = {}) ⇒ nil

  Replaces the current network ACL entry with the options passed.

Constructor Details

#initialize(network_acl, details) ⇒ Entry

Returns a new instance of Entry.

# File 'lib/aws/ec2/network_acl/entry.rb', line 21

def initialize network_acl, details
  @network_acl = network_acl
  @rule_number = details[:rule_number]
  @protocol = details[:protocol].to_i
  @action = details[:rule_action].to_sym
  @egress = details[:egress]
  @ingress = !@egress
  @cidr_block = details[:cidr_block]
  if type_code = details[:icmp_type_code]
    @icmp_type = type_code[:type]
    @icmp_code = type_code[:code]
  end
  if range = details[:port_range]
    @port_range = (range[:from]..range[:to])
  end
end

Instance Attribute Details

#action ⇒ :allow, :deny (readonly)

Returns Whether to allow or deny the traffic that matches the rule.

Returns:

• (:allow, :deny) —

  Whether to allow or deny the traffic that matches the rule.

# File 'lib/aws/ec2/network_acl/entry.rb', line 52

def action
  @action
end

#cidr_block ⇒ String (readonly)

Returns The network range to allow or deny, in CIDR notation.

Returns:

• (String) —

  The network range to allow or deny, in CIDR notation.

# File 'lib/aws/ec2/network_acl/entry.rb', line 63

def cidr_block
  @cidr_block
end

#egress ⇒ Boolean (readonly)

Returns Indicate the rule is an egress rule (rule is applied to traffic leaving the subnet).

Returns:

• (Boolean) —

  Indicate the rule is an egress rule (rule is applied to traffic leaving the subnet).

# File 'lib/aws/ec2/network_acl/entry.rb', line 56

def egress
  @egress
end

#icmp_code ⇒ nil, Integer (readonly)

Returns A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.

Returns:

• (nil, Integer) —

  A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.

# File 'lib/aws/ec2/network_acl/entry.rb', line 71

def icmp_code
  @icmp_code
end

#icmp_type ⇒ nil, Integer (readonly)

Returns A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.

Returns:

• (nil, Integer) —

  A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.

# File 'lib/aws/ec2/network_acl/entry.rb', line 75

def icmp_type
  @icmp_type
end

#ingress ⇒ Boolean (readonly)

Returns Indicate the rule is an ingress rule (rule is applied to traffic entering the subnet).

Returns:

• (Boolean) —

  Indicate the rule is an ingress rule (rule is applied to traffic entering the subnet).

# File 'lib/aws/ec2/network_acl/entry.rb', line 60

def ingress
  @ingress
end

#network_acl ⇒ NetworkACL (readonly)

Returns:

• (NetworkACL)

# File 'lib/aws/ec2/network_acl/entry.rb', line 39

def network_acl
  @network_acl
end

#port_range ⇒ nil, Range<Integer> (readonly)

Returns For the TCP or UDP protocols, the range of ports the rule applies to.

Returns:

• (nil, Range<Integer>) —

  For the TCP or UDP protocols, the range of ports the rule applies to.

# File 'lib/aws/ec2/network_acl/entry.rb', line 67

def port_range
  @port_range
end

#protocol ⇒ Integer (readonly)

Returns the protocol number. A value of -1 means all protocols. See www.iana.org/assignments/protocol-numbers/protocol-numbers.xml for a list of protocol numbers to names.

Returns:

• (Integer) —

  Returns the protocol number. A value of -1 means all protocols. See www.iana.org/assignments/protocol-numbers/protocol-numbers.xml for a list of protocol numbers to names.

# File 'lib/aws/ec2/network_acl/entry.rb', line 48

def protocol
  @protocol
end

#rule_number ⇒ Integer (readonly)

Returns:

• (Integer)

# File 'lib/aws/ec2/network_acl/entry.rb', line 42

def rule_number
  @rule_number
end

Instance Method Details

#allow? ⇒ Boolean

Returns true if traffic matching this rule is allowed.

Returns:

• (Boolean) —

  Returns true if traffic matching this rule is allowed.

# File 'lib/aws/ec2/network_acl/entry.rb', line 79

def allow?
  @action == :allow
end

#delete ⇒ nil

Deletes the current network ACL entry.

Returns:

• (nil)

# File 'lib/aws/ec2/network_acl/entry.rb', line 139

def delete
  network_acl.delete_entry(egress? ? :egress : :ingress, rule_number)
end

#deny? ⇒ Boolean

Returns true if traffic matching this rule is denied.

Returns:

• (Boolean) —

  Returns true if traffic matching this rule is denied.

# File 'lib/aws/ec2/network_acl/entry.rb', line 85

def deny?
  @action == :deny
end

#egress? ⇒ Boolean

Returns true if the rule is applied to traffic leaving the subnet.

Returns:

• (Boolean) —

  Returns true if the rule is applied to traffic leaving the subnet.

# File 'lib/aws/ec2/network_acl/entry.rb', line 97

def egress?
  @egress
end

#ingress? ⇒ Boolean

Returns true if the rule is applied to traffic entering the subnet.

Returns:

• (Boolean) —

  Returns true if the rule is applied to traffic entering the subnet.

# File 'lib/aws/ec2/network_acl/entry.rb', line 91

def ingress?
  @ingress
end

#replace(options = {}) ⇒ nil

Replaces the current network ACL entry with the options passed.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :rule_action (required, :allow, :deny) —

  Whether to allow or deny traffic that matches the rule.

• :protocol (required, Integer) —

  IP protocol the rule applies to. You can use -1 to mean all protocols. You can see a list of # supported protocol numbers here: www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

• :cidr_block (required, String) —

  The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

• :egress (Boolean) — default: false —

  Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

• :port_range (Range<Integer>) —

  A numeric range of ports. Required if specifying TCP (6) or UDP (17) for the :protocol.

• :icmp_code (Integer) —

  For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.

• :icmp_type (Integer) —

  For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types.

Returns:

• (nil)

# File 'lib/aws/ec2/network_acl/entry.rb', line 133

def replace options = {}
  network_acl.replace_entry(options.merge(:rule_number => rule_number))
end