NetworkAclEntries

Provides a network acl entries resource to create ingress and egress entries.

NOTE: Available in 1.45.0+. Currently, the resource are only available in Hongkong(cn-hongkong), India(ap-south-1), and Indonesia(ap-southeast-1) regions.
NOTE: It doesn’t support concurrency and the order of the ingress and egress entries determines the priority.
NOTE: Using this resource need to open a whitelist.

Example Usage

using Pulumi;
using AliCloud = Pulumi.AliCloud;

class MyStack : Stack
{
    public MyStack()
    {
        var config = new Config();
        var name = config.Get("name") ?? "NetworkAclEntries";
        var defaultZones = Output.Create(AliCloud.GetZones.InvokeAsync(new AliCloud.GetZonesArgs
        {
            AvailableResourceCreation = "VSwitch",
        }));
        var defaultNetwork = new AliCloud.Vpc.Network("defaultNetwork", new AliCloud.Vpc.NetworkArgs
        {
            CidrBlock = "172.16.0.0/12",
        });
        var defaultNetworkAcl = new AliCloud.Vpc.NetworkAcl("defaultNetworkAcl", new AliCloud.Vpc.NetworkAclArgs
        {
            VpcId = defaultNetwork.Id,
        });
        var defaultSwitch = new AliCloud.Vpc.Switch("defaultSwitch", new AliCloud.Vpc.SwitchArgs
        {
            AvailabilityZone = defaultZones.Apply(defaultZones => defaultZones.Zones[0].Id),
            CidrBlock = "172.16.0.0/21",
            VpcId = defaultNetwork.Id,
        });
        var defaultNetworkAclAttachment = new AliCloud.Vpc.NetworkAclAttachment("defaultNetworkAclAttachment", new AliCloud.Vpc.NetworkAclAttachmentArgs
        {
            NetworkAclId = defaultNetworkAcl.Id,
            Resources = 
            {
                new AliCloud.Vpc.Inputs.NetworkAclAttachmentResourceArgs
                {
                    ResourceId = defaultSwitch.Id,
                    ResourceType = "VSwitch",
                },
            },
        });
        var defaultNetworkAclEntries = new AliCloud.Vpc.NetworkAclEntries("defaultNetworkAclEntries", new AliCloud.Vpc.NetworkAclEntriesArgs
        {
            Egresses = 
            {
                new AliCloud.Vpc.Inputs.NetworkAclEntriesEgressArgs
                {
                    Description = name,
                    DestinationCidrIp = "0.0.0.0/32",
                    EntryType = "custom",
                    Name = name,
                    Policy = "accept",
                    Port = "-1/-1",
                    Protocol = "all",
                },
            },
            Ingresses = 
            {
                new AliCloud.Vpc.Inputs.NetworkAclEntriesIngressArgs
                {
                    Description = name,
                    EntryType = "custom",
                    Name = name,
                    Policy = "accept",
                    Port = "-1/-1",
                    Protocol = "all",
                    SourceCidrIp = "0.0.0.0/32",
                },
            },
            NetworkAclId = defaultNetworkAcl.Id,
        });
    }

}

Coming soon!

import pulumi
import pulumi_alicloud as alicloud

config = pulumi.Config()
name = config.get("name")
if name is None:
    name = "NetworkAclEntries"
default_zones = alicloud.get_zones(available_resource_creation="VSwitch")
default_network = alicloud.vpc.Network("defaultNetwork", cidr_block="172.16.0.0/12")
default_network_acl = alicloud.vpc.NetworkAcl("defaultNetworkAcl", vpc_id=default_network.id)
default_switch = alicloud.vpc.Switch("defaultSwitch",
    availability_zone=default_zones.zones[0]["id"],
    cidr_block="172.16.0.0/21",
    vpc_id=default_network.id)
default_network_acl_attachment = alicloud.vpc.NetworkAclAttachment("defaultNetworkAclAttachment",
    network_acl_id=default_network_acl.id,
    resources=[{
        "resourceId": default_switch.id,
        "resourceType": "VSwitch",
    }])
default_network_acl_entries = alicloud.vpc.NetworkAclEntries("defaultNetworkAclEntries",
    egresses=[{
        "description": name,
        "destinationCidrIp": "0.0.0.0/32",
        "entryType": "custom",
        "name": name,
        "policy": "accept",
        "port": "-1/-1",
        "protocol": "all",
    }],
    ingresses=[{
        "description": name,
        "entryType": "custom",
        "name": name,
        "policy": "accept",
        "port": "-1/-1",
        "protocol": "all",
        "source_cidr_ip": "0.0.0.0/32",
    }],
    network_acl_id=default_network_acl.id)

import * as pulumi from "@pulumi/pulumi";
import * as alicloud from "@pulumi/alicloud";

const config = new pulumi.Config();
const name = config.get("name") || "NetworkAclEntries";

const defaultZones = pulumi.output(alicloud.getZones({
    availableResourceCreation: "VSwitch",
}, { async: true }));
const defaultNetwork = new alicloud.vpc.Network("default", {
    cidrBlock: "172.16.0.0/12",
});
const defaultNetworkAcl = new alicloud.vpc.NetworkAcl("default", {
    vpcId: defaultNetwork.id,
});
const defaultSwitch = new alicloud.vpc.Switch("default", {
    availabilityZone: defaultZones.zones[0].id,
    cidrBlock: "172.16.0.0/21",
    vpcId: defaultNetwork.id,
});
const defaultNetworkAclAttachment = new alicloud.vpc.NetworkAclAttachment("default", {
    networkAclId: defaultNetworkAcl.id,
    resources: [{
        resourceId: defaultSwitch.id,
        resourceType: "VSwitch",
    }],
});
const defaultNetworkAclEntries = new alicloud.vpc.NetworkAclEntries("default", {
    egresses: [{
        description: name,
        destinationCidrIp: "0.0.0.0/32",
        entryType: "custom",
        name: name,
        policy: "accept",
        port: "-1/-1",
        protocol: "all",
    }],
    ingresses: [{
        description: name,
        entryType: "custom",
        name: name,
        policy: "accept",
        port: "-1/-1",
        protocol: "all",
        sourceCidrIp: "0.0.0.0/32",
    }],
    networkAclId: defaultNetworkAcl.id,
});

Create a NetworkAclEntries Resource

new NetworkAclEntries(name: string, args: NetworkAclEntriesArgs, opts?: CustomResourceOptions);

def NetworkAclEntries(resource_name, opts=None, egresses=None, ingresses=None, network_acl_id=None, __props__=None);

func NewNetworkAclEntries(ctx *Context, name string, args NetworkAclEntriesArgs, opts ...ResourceOption) (*NetworkAclEntries, error)

public NetworkAclEntries(string name, NetworkAclEntriesArgs args, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args NetworkAclEntriesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args NetworkAclEntriesArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args NetworkAclEntriesArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

NetworkAclEntries Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The NetworkAclEntries resource accepts the following input properties:

NetworkAclId string: The id of the network acl, the field can’t be changed.
Egresses List<Pulumi.AliCloud.Vpc.Inputs.NetworkAclEntriesEgressArgs>: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
Ingresses List<Pulumi.AliCloud.Vpc.Inputs.NetworkAclEntriesIngressArgs>: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.

NetworkAclId string: The id of the network acl, the field can’t be changed.
Egresses []NetworkAclEntriesEgress: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
Ingresses []NetworkAclEntriesIngress: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.

networkAclId string: The id of the network acl, the field can’t be changed.
egresses NetworkAclEntriesEgress[]: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
ingresses NetworkAclEntriesIngress[]: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.

network_acl_id str: The id of the network acl, the field can’t be changed.
egresses List[NetworkAclEntriesEgress]: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
ingresses List[NetworkAclEntriesIngress]: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.

Outputs

All input properties are implicitly available as output properties. Additionally, the NetworkAclEntries resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.

Id string: The provider-assigned unique ID for this managed resource.

id string: The provider-assigned unique ID for this managed resource.

id str: The provider-assigned unique ID for this managed resource.

Look up an Existing NetworkAclEntries Resource

Get an existing NetworkAclEntries resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: NetworkAclEntriesState, opts?: CustomResourceOptions): NetworkAclEntries

static get(resource_name, id, opts=None, egresses=None, ingresses=None, network_acl_id=None, __props__=None);

func GetNetworkAclEntries(ctx *Context, name string, id IDInput, state *NetworkAclEntriesState, opts ...ResourceOption) (*NetworkAclEntries, error)

public static NetworkAclEntries Get(string name, Input<string> id, NetworkAclEntriesState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Egresses List<Pulumi.AliCloud.Vpc.Inputs.NetworkAclEntriesEgressArgs>: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
Ingresses List<Pulumi.AliCloud.Vpc.Inputs.NetworkAclEntriesIngressArgs>: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.
NetworkAclId string: The id of the network acl, the field can’t be changed.

Egresses []NetworkAclEntriesEgress: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
Ingresses []NetworkAclEntriesIngress: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.
NetworkAclId string: The id of the network acl, the field can’t be changed.

egresses NetworkAclEntriesEgress[]: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
ingresses NetworkAclEntriesIngress[]: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.
networkAclId string: The id of the network acl, the field can’t be changed.

egresses List[NetworkAclEntriesEgress]: List of the egress entries of the network acl. The order of the egress entries determines the priority. The details see Block Egress.
ingresses List[NetworkAclEntriesIngress]: List of the ingress entries of the network acl. The order of the ingress entries determines the priority. The details see Block Ingress.
network_acl_id str: The id of the network acl, the field can’t be changed.

Supporting Types

NetworkAclEntriesEgress

See the input and output API doc for this type.

Description string: The description of the egress entry.
DestinationCidrIp string: The destination ip of the egress entry.
EntryType string: The entry type of the egress entry. It must be custom or system. Default value is custom.
Name string: The name of the egress entry.
Policy string: The policy of the egress entry. It must be accept or drop.
Port string: The port of the egress entry.
Protocol string: The protocol of the egress entry.

Description string: The description of the egress entry.
DestinationCidrIp string: The destination ip of the egress entry.
EntryType string: The entry type of the egress entry. It must be custom or system. Default value is custom.
Name string: The name of the egress entry.
Policy string: The policy of the egress entry. It must be accept or drop.
Port string: The port of the egress entry.
Protocol string: The protocol of the egress entry.

description string: The description of the egress entry.
destinationCidrIp string: The destination ip of the egress entry.
entryType string: The entry type of the egress entry. It must be custom or system. Default value is custom.
name string: The name of the egress entry.
policy string: The policy of the egress entry. It must be accept or drop.
port string: The port of the egress entry.
protocol string: The protocol of the egress entry.

description str: The description of the egress entry.
destinationCidrIp str: The destination ip of the egress entry.
entryType str: The entry type of the egress entry. It must be custom or system. Default value is custom.
name str: The name of the egress entry.
policy str: The policy of the egress entry. It must be accept or drop.
port str: The port of the egress entry.
protocol str: The protocol of the egress entry.

NetworkAclEntriesIngress

See the input and output API doc for this type.

Description string: The description of the egress entry.
EntryType string: The entry type of the egress entry. It must be custom or system. Default value is custom.
Name string: The name of the egress entry.
Policy string: The policy of the egress entry. It must be accept or drop.
Port string: The port of the egress entry.
Protocol string: The protocol of the egress entry.
SourceCidrIp string: The source ip of the ingress entry.

Description string: The description of the egress entry.
EntryType string: The entry type of the egress entry. It must be custom or system. Default value is custom.
Name string: The name of the egress entry.
Policy string: The policy of the egress entry. It must be accept or drop.
Port string: The port of the egress entry.
Protocol string: The protocol of the egress entry.
SourceCidrIp string: The source ip of the ingress entry.

description string: The description of the egress entry.
entryType string: The entry type of the egress entry. It must be custom or system. Default value is custom.
name string: The name of the egress entry.
policy string: The policy of the egress entry. It must be accept or drop.
port string: The port of the egress entry.
protocol string: The protocol of the egress entry.
sourceCidrIp string: The source ip of the ingress entry.

description str: The description of the egress entry.
entryType str: The entry type of the egress entry. It must be custom or system. Default value is custom.
name str: The name of the egress entry.
policy str: The policy of the egress entry. It must be accept or drop.
port str: The port of the egress entry.
protocol str: The protocol of the egress entry.
source_cidr_ip str: The source ip of the ingress entry.

Package Details

Repository: https://github.com/pulumi/pulumi-alicloud
License: Apache-2.0
Notes: This Pulumi package is based on the alicloud Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud