Class: AWS::EC2::NetworkACL

Inherits:

Resource

• Object
• Core::Resource
• Resource
• AWS::EC2::NetworkACL

Includes:

TaggedItem

Defined in:

lib/aws/ec2/network_acl.rb,
lib/aws/ec2/network_acl/entry.rb,
lib/aws/ec2/network_acl/association.rb

Overview

Represents a network ACL in EC2.

Defined Under Namespace

Classes: Association, Entry

Instance Attribute Summary

• #default ⇒ Boolean (also: #default?) readonly

  Returns true if this is the default network ACL.

• #network_acl_id ⇒ String (also: #id) readonly
• #vpc_id ⇒ String readonly

  The current value of vpc_id.

Instance Method Summary

• #associations ⇒ Array<NetworkACL::Association>

  Returns an array of Association objects (association to subnets).

• #create_entry(options = {}) ⇒ nil

  Adds an entry to this network ACL.

• #delete ⇒ nil

  Deletes the current network ACL.

• #delete_entry(egress_or_ingress, rule_number) ⇒ nil

  Deletes an entry from this network ACL.

• #entries ⇒ Array<NetworkACL::Entry>

  Returns an array of all entries for this network ACL.

• #initialize(network_acl_id, options = {}) ⇒ NetworkACL constructor

  A new instance of NetworkACL.

• #replace_entry(options = {}) ⇒ nil

  Replaces the network ACL entry with the given :rule_number.

• #subnets ⇒ Array<Subnet>

  Returns an array of subnets (Subnet) that currently use this network ACL.

• #vpc ⇒ VPC

  Returns the VPC this network ACL belongs to.

Methods included from TaggedItem

#add_tag, #clear_tags, #tags

Constructor Details

#initialize(network_acl_id, options = {}) ⇒ NetworkACL

Returns a new instance of NetworkACL.

# File 'lib/aws/ec2/network_acl.rb', line 31

def initialize network_acl_id, options = {}
  @network_acl_id = network_acl_id
  super
end

Instance Attribute Details

#default ⇒ Boolean (readonly) Also known as: default?

Returns true if this is the default network ACL.

Returns:

• (Boolean) —

  the current value of default

# File 'lib/aws/ec2/network_acl.rb', line 27

def default
  @default
end

#network_acl_id ⇒ String (readonly) Also known as: id

Returns:

• (String)

# File 'lib/aws/ec2/network_acl.rb', line 37

def network_acl_id
  @network_acl_id
end

#vpc_id ⇒ String (readonly)

Returns the current value of vpc_id.

Returns:

• (String) —

  the current value of vpc_id

# File 'lib/aws/ec2/network_acl.rb', line 27

def vpc_id
  @vpc_id
end

Instance Method Details

#associations ⇒ Array<NetworkACL::Association>

Returns an array of Association objects (association to subnets).

Returns:

• (Array<NetworkACL::Association>) —

  Returns an array of Association objects (association to subnets).

# File 'lib/aws/ec2/network_acl.rb', line 76

def associations
  association_set.map do |assoc|

    subnet = Subnet.new(assoc.subnet_id,
      :vpc_id => vpc_id,
      :config => config)

    Association.new(assoc.network_acl_association_id, self, subnet)

  end
end

#create_entry(options = {}) ⇒ nil

Adds an entry to this network ACL.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :rule_number (required, Integer) —

  Rule number to assign to the entry (e.g., 100). ACL entries are processed in ascending order by rule number.

• :action (required, :allow, :deny) —

  Whether to allow or deny traffic that matches the rule.

• :protocol (required, Integer) —

  IP protocol the rule applies to. You can use -1 to mean all protocols. You can see a list of # supported protocol numbers here: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

• :cidr_block (required, String) —

  The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

• :egress (Boolean) — default: false —

  Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

• :port_range (Range<Integer>) —

  A numeric range of ports. Required if specifying TCP (6) or UDP (17) for the :protocol.

• :icmp_code (Integer) —

  For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.

• :icmp_type (Integer) —

  For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types.

Returns:

• (nil)

# File 'lib/aws/ec2/network_acl.rb', line 132

def create_entry options = {}
  client.create_network_acl_entry(entry_options(options))
  nil
end

#delete ⇒ nil

Deletes the current network ACL. You can not delete the default network ACL.

Returns:

• (nil)

# File 'lib/aws/ec2/network_acl.rb', line 216

def delete
  client.delete_network_acl(:network_acl_id => network_acl_id)
  nil
end

#delete_entry(egress_or_ingress, rule_number) ⇒ nil

Deletes an entry from this network ACL. To delete an entry you need to know its rule number and if it is an egress or ingress rule.

# delete ingress rule 10
network_acl.delete_entry :egress, 10

# delete egress rules 5
network_acl.delete_entry :ingress, 5

Parameters:

• egress_or_ingress (:ingress, :egress) —

  Specifies if you want to delete an ingress or an egress rule.

• rule_number (Integer) —

  Which rule to delete.

Returns:

• (nil)

# File 'lib/aws/ec2/network_acl.rb', line 195

def delete_entry egress_or_ingress, rule_number

  unless [:ingress, :egress].include?(egress_or_ingress)
    msg = "expected :ingress or :egress for egress_or_ingress param"
    raise ArgumentError, msg
  end

  client_opts = {}
  client_opts[:network_acl_id] = network_acl_id
  client_opts[:egress] = egress_or_ingress == :egress
  client_opts[:rule_number] = rule_number

  client.delete_network_acl_entry(client_opts)

  nil

end

#entries ⇒ Array<NetworkACL::Entry>

Returns an array of all entries for this network ACL.

Returns:

• (Array<NetworkACL::Entry>) —

  Returns an array of all entries for this network ACL.

# File 'lib/aws/ec2/network_acl.rb', line 90

def entries
  entry_set.map do |entry_details|
    Entry.new(self, entry_details)
  end
end

#replace_entry(options = {}) ⇒ nil

Replaces the network ACL entry with the given :rule_number.

Parameters:

• options (Hash) (defaults to: {})

Options Hash (options):

• :rule_number (required, Integer) —

  Rule number to assign to the entry (e.g., 100). ACL entries are processed in ascending order by rule number.

• :action (required, :allow, :deny) —

  Whether to allow or deny traffic that matches the rule.

• :protocol (required, Integer) —

  IP protocol the rule applies to. You can use -1 to mean all protocols. You can see a list of # supported protocol numbers here: http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

• :cidr_block (required, String) —

  The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

• :egress (Boolean) — default: false —

  Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

• :port_range (Range<Integer>) —

  A numeric range of ports. Required if specifying TCP (6) or UDP (17) for the :protocol.

• :icmp_code (Integer) —

  For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.

• :icmp_type (Integer) —

  For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types.

Returns:

• (nil)

# File 'lib/aws/ec2/network_acl.rb', line 173

def replace_entry options = {}
  client.replace_network_acl_entry(entry_options(options))
  nil
end

#subnets ⇒ Array<Subnet>

Returns an array of subnets (Subnet) that currently use this network ACL.

Returns:

• (Array<Subnet>) —

  Returns an array of subnets (Subnet) that currently use this network ACL.

# File 'lib/aws/ec2/network_acl.rb', line 70

def subnets
  associations.map(&:subnet)
end

#vpc ⇒ VPC

Returns the VPC this network ACL belongs to.

Returns:

• (VPC) —

  Returns the VPC this network ACL belongs to.

# File 'lib/aws/ec2/network_acl.rb', line 64

def vpc
  VPC.new(vpc_id, :config => config)
end