Class: AWS::EC2::NetworkACL::Entry

Inherits:
Object
  • Object
show all
Defined in:
lib/aws/ec2/network_acl/entry.rb

Overview

Represents a single entry (rule) for an EC2 network ACL.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(network_acl, details) ⇒ Entry

Returns a new instance of Entry.


21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
# File 'lib/aws/ec2/network_acl/entry.rb', line 21

def initialize network_acl, details
  @network_acl = network_acl
  @rule_number = details[:rule_number]
  @protocol = details[:protocol].to_i
  @action = details[:rule_action].to_sym
  @egress = details[:egress]
  @ingress = !@egress
  @cidr_block = details[:cidr_block]
  if type_code = details[:icmp_type_code]
    @icmp_type = type_code[:type]
    @icmp_code = type_code[:code]
  end
  if range = details[:port_range]
    @port_range = (range[:from]..range[:to])
  end
end

Instance Attribute Details

#action:allow, :deny (readonly)

Returns Whether to allow or deny the traffic that matches the rule.

Returns:

  • (:allow, :deny)

    Whether to allow or deny the traffic that matches the rule.


52
53
54
# File 'lib/aws/ec2/network_acl/entry.rb', line 52

def action
  @action
end

#cidr_blockString (readonly)

Returns The network range to allow or deny, in CIDR notation.

Returns:

  • (String)

    The network range to allow or deny, in CIDR notation.


63
64
65
# File 'lib/aws/ec2/network_acl/entry.rb', line 63

def cidr_block
  @cidr_block
end

#egressBoolean (readonly)

Returns Indicate the rule is an egress rule (rule is applied to traffic leaving the subnet).

Returns:

  • (Boolean)

    Indicate the rule is an egress rule (rule is applied to traffic leaving the subnet).


56
57
58
# File 'lib/aws/ec2/network_acl/entry.rb', line 56

def egress
  @egress
end

#icmp_codenil, Integer (readonly)

Returns A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.

Returns:

  • (nil, Integer)

    A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.


71
72
73
# File 'lib/aws/ec2/network_acl/entry.rb', line 71

def icmp_code
  @icmp_code
end

#icmp_typenil, Integer (readonly)

Returns A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.

Returns:

  • (nil, Integer)

    A value of -1 means all codes for the given ICMP type. Returns nil unless the protocol is ICMP.


75
76
77
# File 'lib/aws/ec2/network_acl/entry.rb', line 75

def icmp_type
  @icmp_type
end

#ingressBoolean (readonly)

Returns Indicate the rule is an ingress rule (rule is applied to traffic entering the subnet).

Returns:

  • (Boolean)

    Indicate the rule is an ingress rule (rule is applied to traffic entering the subnet).


60
61
62
# File 'lib/aws/ec2/network_acl/entry.rb', line 60

def ingress
  @ingress
end

#network_aclNetworkACL (readonly)

Returns:


39
40
41
# File 'lib/aws/ec2/network_acl/entry.rb', line 39

def network_acl
  @network_acl
end

#port_rangenil, Range<Integer> (readonly)

Returns For the TCP or UDP protocols, the range of ports the rule applies to.

Returns:

  • (nil, Range<Integer>)

    For the TCP or UDP protocols, the range of ports the rule applies to.


67
68
69
# File 'lib/aws/ec2/network_acl/entry.rb', line 67

def port_range
  @port_range
end

#protocolInteger (readonly)

Returns the protocol number. A value of -1 means all protocols. See www.iana.org/assignments/protocol-numbers/protocol-numbers.xml for a list of protocol numbers to names.

Returns:


48
49
50
# File 'lib/aws/ec2/network_acl/entry.rb', line 48

def protocol
  @protocol
end

#rule_numberInteger (readonly)

Returns:

  • (Integer)

42
43
44
# File 'lib/aws/ec2/network_acl/entry.rb', line 42

def rule_number
  @rule_number
end

Instance Method Details

#allow?Boolean

Returns true if traffic matching this rule is allowed.

Returns:

  • (Boolean)

    Returns true if traffic matching this rule is allowed.


79
80
81
# File 'lib/aws/ec2/network_acl/entry.rb', line 79

def allow?
  @action == :allow
end

#deletenil

Deletes the current network ACL entry.

Returns:

  • (nil)

139
140
141
# File 'lib/aws/ec2/network_acl/entry.rb', line 139

def delete
  network_acl.delete_entry(egress? ? :egress : :ingress, rule_number)
end

#deny?Boolean

Returns true if traffic matching this rule is denied.

Returns:

  • (Boolean)

    Returns true if traffic matching this rule is denied.


85
86
87
# File 'lib/aws/ec2/network_acl/entry.rb', line 85

def deny?
  @action == :deny
end

#egress?Boolean

Returns true if the rule is applied to traffic leaving the subnet.

Returns:

  • (Boolean)

    Returns true if the rule is applied to traffic leaving the subnet.


97
98
99
# File 'lib/aws/ec2/network_acl/entry.rb', line 97

def egress?
  @egress
end

#ingress?Boolean

Returns true if the rule is applied to traffic entering the subnet.

Returns:

  • (Boolean)

    Returns true if the rule is applied to traffic entering the subnet.


91
92
93
# File 'lib/aws/ec2/network_acl/entry.rb', line 91

def ingress?
  @ingress
end

#replace(options = {}) ⇒ nil

Replaces the current network ACL entry with the options passed.

Parameters:

  • options (Hash) (defaults to: {})

Options Hash (options):

  • :rule_action (required, :allow, :deny)

    Whether to allow or deny traffic that matches the rule.

  • :protocol (required, Integer)

    IP protocol the rule applies to. You can use -1 to mean all protocols. You can see a list of # supported protocol numbers here: www.iana.org/assignments/protocol-numbers/protocol-numbers.xml

  • :cidr_block (required, String)

    The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24).

  • :egress (Boolean) — default: false

    Whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • :port_range (Range<Integer>)

    A numeric range of ports. Required if specifying TCP (6) or UDP (17) for the :protocol.

  • :icmp_code (Integer)

    For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type.

  • :icmp_type (Integer)

    For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types.

Returns:

  • (nil)

133
134
135
# File 'lib/aws/ec2/network_acl/entry.rb', line 133

def replace options = {}
  network_acl.replace_entry(options.merge(:rule_number => rule_number))
end