
create-network-acl-entry
************************


DESCRIPTION
===========

Creates an entry (i.e., rule) in a network ACL with a rule number you
specify. Each network ACL has a set of numbered ingress rules and a
separate set of numbered egress rules. When determining whether a
packet should be allowed in or out of a subnet associated with the
ACL, Amazon VPC processes the entries in the ACL according to the rule
numbers, in ascending order.

**Important:** We recommend that you leave room between the rules
(e.g., 100, 110, 120, etc.), and not number them sequentially (101,
102, 103, etc.). This allows you to easily add a new rule between
existing ones without having to renumber the rules.

After you add an entry, you can't modify it; you must either replace
it, or create a new entry and delete the old one.

For more information about network ACLs, go to Network ACLs in the
Amazon Virtual Private Cloud User Guide.


SYNOPSIS
========

   aws ec2 create-network-acl-entry
     --network-acl-id <value>
     --rule-number <value>
     --protocol <value>
     --egress
     --no-egress
     --rule-action <value>
     --cidr-block <value>
     [--icmp-type-code <value>]
     [--port-range <value>]


REQUIRED PARAMETERS
===================

"--network-acl-id"  (string)
   ID of the ACL where the entry will be created.

"--rule-number"  (integer)
   Rule number to assign to the entry (e.g., 100). ACL entries are
   processed in ascending order by rule number.

"--protocol"  (string)
   IP protocol the rule applies to. Valid Values: "tcp" , "udp" ,
   "icmp" or an IP protocol number.

"--egress"  | "--no-egress"  (boolean)
   Whether this rule applies to egress traffic from the subnet (
   "true" ) or ingress traffic to the subnet ( "false" ).

"--rule-action"  (string)
   Whether to allow or deny traffic that matches the rule.

"--cidr-block"  (string)
   The CIDR range to allow or deny, in CIDR notation (e.g.,
   "172.16.0.0/24" ).


OPTIONAL PARAMETERS
===================

"--icmp-type-code"  (structure)
   ICMP values.

   "code"  (integer)
      For the ICMP protocol, the ICMP code. A value of "-1" is a
      wildcard meaning all codes. Required if specifying "icmp" for
      the protocol.

   "type"  (integer)
      For the ICMP protocol, the ICMP type. A value of "-1" is a
      wildcard meaning all types. Required if specifying "icmp" for
      the protocol.

   *Parameter Syntax*

      {
        "code": integer,
        "type": integer
      }

"--port-range"  (structure)
   Port ranges.

   "to"  (integer)
      The last port in the range. Required if specifying "tcp" or
      "udp" for the protocol.

   "from"  (integer)
      The first port in the range. Required if specifying "tcp" or
      "udp" for the protocol.

   *Parameter Syntax*

      {
        "to": integer,
        "from": integer
      }
