Class: AWS::EC2::NetworkACL

Inherits:
Resource show all
Includes:
TaggedItem
Defined in:
lib/aws/ec2/network_acl.rb,
lib/aws/ec2/network_acl/entry.rb,
lib/aws/ec2/network_acl/association.rb

Overview

Represents a network ACL in EC2.

Defined Under Namespace

Classes: Association, Entry

Instance Attribute Summary collapse

Attributes included from Core::Model

#config

Instance Method Summary collapse

Methods included from TaggedItem

#add_tag, #cached_tags, #clear_tags, #tagging_resource_type, #tags

Methods inherited from Core::Resource

attribute_providers, attribute_providers_for, attributes, #attributes_from_response, define_attribute_type, #eql?, #inspect, new_from

Methods included from Core::Cacheable

included, #retrieve_attribute

Methods included from Core::Model

#client, #config_prefix, #inspect

Constructor Details

#initialize(network_acl_id, options = {}) ⇒ NetworkACL

Returns a new instance of NetworkACL.



31
32
33
34
 
# File 'lib/aws/ec2/network_acl.rb', line 31

def initialize network_acl_id, options = {}
  @network_acl_id = network_acl_id
  super
end

Instance Attribute Details

#defaultBoolean (readonly) Also known as: default?

Returns true if this is the default network ACL.

Returns:

  • (Boolean)

    the current value of default



27
28
29
 
# File 'lib/aws/ec2/network_acl.rb', line 27

def default
  @default
end

#network_acl_idString (readonly) Also known as: id

Returns:

  • (String) 


37
38
39
 
# File 'lib/aws/ec2/network_acl.rb', line 37

def network_acl_id
  @network_acl_id
end

#vpc_idString (readonly)

Returns the current value of vpc_id.

Returns:

  • (String)

    the current value of vpc_id



27
28
29
 
# File 'lib/aws/ec2/network_acl.rb', line 27

def vpc_id
  @vpc_id
end

Instance Method Details

#associationsArray<NetworkACL::Association>

Returns an array of Association objects (association to subnets).

Returns:



76
77
78
79
80
81
82
83
84
85
86
 
# File 'lib/aws/ec2/network_acl.rb', line 76

def associations
  association_set.map do |assoc|

    subnet = Subnet.new(assoc.subnet_id, 
      :vpc_id => vpc_id, 
      :config => config)

    Association.new(assoc.network_acl_association_id, self, subnet)
    
  end
end

#create_entry(options = {}) ⇒ nil

Adds an entry to this network ACL.

Parameters:

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :rule_number (required, Integer)

    Rule number to assign to the entry (e.g., 100). ACL entries are processed in ascending order by rule number.

  • :action (required, :allow, :deny)

    Whether to allow or deny traffic that matches the rule.

  • :protocol (required, Integer)

    IP protocol the rule applies to. You can use -1 to mean all protocols. You can see a list of # supported protocol numbers here: www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

  • :cidr_block (required, String)

    The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

  • :egress (Boolean) — default: false

    Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • :port_range (Range<Integer>)

    A numeric range of ports. Required if specifying TCP (6) or UDP (17) for the :protocol.

  • :icmp_code (Integer)

    For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.

  • :icmp_type (Integer)

    For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types.

Returns:

  • (nil) 


132
133
134
135
 
# File 'lib/aws/ec2/network_acl.rb', line 132

def create_entry options = {}
  client.create_network_acl_entry(entry_options(options))
  nil
end

#deletenil

Deletes the current network ACL. You can not delete the default network ACL.

Returns:

  • (nil) 


216
217
218
219
 
# File 'lib/aws/ec2/network_acl.rb', line 216

def delete
  client.delete_network_acl(:network_acl_id => network_acl_id)
  nil
end

#delete_entry(egress_or_ingress, rule_number) ⇒ nil

Deletes an entry from this network ACL. To delete an entry you need to know its rule number and if it is an egress or ingress rule.

# delete ingress rule 10
network_acl.delete_entry :egress, 10

# delete egress rules 5
network_acl.delete_entry :ingress, 5

Parameters:

  • egress_or_ingress (:ingress, :egress)

    Specifies if you want to delete an ingress or an egress rule.

  • rule_number (Integer)

    Which rule to delete.

Returns:

  • (nil) 


195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
 
# File 'lib/aws/ec2/network_acl.rb', line 195

def delete_entry egress_or_ingress, rule_number

  unless [:ingress, :egress].include?(egress_or_ingress)
    msg = "expected :ingress or :egress for egress_or_ingress param"
    raise ArgumentError, msg
  end

  client_opts = {}
  client_opts[:network_acl_id] = network_acl_id
  client_opts[:egress] = egress_or_ingress == :egress
  client_opts[:rule_number] = rule_number

  client.delete_network_acl_entry(client_opts)

  nil

end

#entriesArray<NetworkACL::Entry>

Returns an array of all entries for this network ACL.

Returns:

  • (Array<NetworkACL::Entry>)

    Returns an array of all entries for this network ACL.



90
91
92
93
94
 
# File 'lib/aws/ec2/network_acl.rb', line 90

def entries
  entry_set.map do |entry_details|
    Entry.new(self, entry_details)
  end
end

#replace_entry(options = {}) ⇒ nil

Replaces the network ACL entry with the given :rule_number.

Parameters:

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :rule_number (required, Integer)

    Rule number to assign to the entry (e.g., 100). ACL entries are processed in ascending order by rule number.

  • :action (required, :allow, :deny)

    Whether to allow or deny traffic that matches the rule.

  • :protocol (required, Integer)

    IP protocol the rule applies to. You can use -1 to mean all protocols. You can see a list of # supported protocol numbers here: www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

  • :cidr_block (required, String)

    The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

  • :egress (Boolean) — default: false

    Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • :port_range (Range<Integer>)

    A numeric range of ports. Required if specifying TCP (6) or UDP (17) for the :protocol.

  • :icmp_code (Integer)

    For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.

  • :icmp_type (Integer)

    For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types.

Returns:

  • (nil) 


173
174
175
176
 
# File 'lib/aws/ec2/network_acl.rb', line 173

def replace_entry options = {}
  client.replace_network_acl_entry(entry_options(options))
  nil
end

#subnetsArray<Subnet>

Returns an array of subnets (Subnet) that currently use this network ACL.

Returns:

  • (Array<Subnet>)

    Returns an array of subnets (Subnet) that currently use this network ACL.



70
71
72
 
# File 'lib/aws/ec2/network_acl.rb', line 70

def subnets
  associations.map(&:subnet)
end

#vpcVPC

Returns the VPC this network ACL belongs to.

Returns:

  • (VPC)

    Returns the VPC this network ACL belongs to.



64
65
66
 
# File 'lib/aws/ec2/network_acl.rb', line 64

def vpc
  VPC.new(vpc_id, :config => config)
end