class Fog::AWS::Compute::NetworkAcl

Constants

ICMP
TCP
UDP

Public Instance Methods

add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) click to toggle source

Add an inbound rule, shortcut method for add_rule

# File lib/fog/aws/models/compute/network_acl.rb, line 17
def add_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end
add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) click to toggle source

Add an outbound rule, shortcut method for add_rule

# File lib/fog/aws/models/compute/network_acl.rb, line 22
def add_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  add_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end
add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) click to toggle source

Add a new rule

network_acl.add_rule(100, Fog::AWS::Compute::NetworkAcl::TCP, 'allow', '0.0.0.0/0', true, 'PortRange.From' => 22, 'PortRange.To' => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • 'Icmp.Code' - ICMP code, required if protocol is 1

  • 'Icmp.Type' - ICMP type, required if protocol is 1

  • 'PortRange.From' - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • 'PortRange.To' - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result

# File lib/fog/aws/models/compute/network_acl.rb, line 46
def add_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.create_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end
associate_with(subnet) click to toggle source

Associate a subnet with this network ACL

network_acl.associate_with(subnet)

Parameters

  • subnet<~Subnet> - Subnet object to associate with this network ACL

Returns

True or false depending on the result

# File lib/fog/aws/models/compute/network_acl.rb, line 130
def associate_with(subnet)
  requires :network_acl_id

  # We have to manually find out the network ACL the subnet is currently associated with
  old_id = service.network_acls.all('association.subnet-id' => subnet.subnet_id).first.associations.find { |a| a['subnetId'] == subnet.subnet_id }['networkAclAssociationId']
  service.replace_network_acl_association(old_id, network_acl_id)
  true
end
destroy() click to toggle source

Removes an existing network ACL

network_acl.destroy

Returns

True or false depending on the result

# File lib/fog/aws/models/compute/network_acl.rb, line 147
def destroy
  requires :network_acl_id

  service.delete_network_acl(network_acl_id)
  true
end
remove_inbound_rule(rule_number) click to toggle source

Remove an inbound rule, shortcut method for remove_rule

# File lib/fog/aws/models/compute/network_acl.rb, line 54
def remove_inbound_rule(rule_number)
  remove_rule(rule_number, false)
end
remove_outbound_rule(rule_number) click to toggle source

Remove an outbound rule, shortcut method for remove_rule

# File lib/fog/aws/models/compute/network_acl.rb, line 59
def remove_outbound_rule(rule_number)
  remove_rule(rule_number, true)
end
remove_rule(rule_number, egress) click to toggle source

Update a specific rule number

network_acl.remove_rule(100, true)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

Returns

True or false depending on the result

# File lib/fog/aws/models/compute/network_acl.rb, line 75
def remove_rule(rule_number, egress)
  requires :network_acl_id

  service.delete_network_acl_entry(network_acl_id, rule_number, egress)
  true
end
save() click to toggle source

Create a network ACL

>> g = AWS.network_acls.new(:vpc_id => 'vpc-abcdefgh')
>> g.save
# File lib/fog/aws/models/compute/network_acl.rb, line 158
def save
  requires :vpc_id
  data = service.create_network_acl(vpc_id).body['networkAcl']
  new_attributes = data.reject { |key,value| key == 'tagSet' }
  merge_attributes(new_attributes)

  if tags = self.tags
    # expect eventual consistency
    Fog.wait_for { self.reload rescue nil }
    service.create_tags(
      self.identity,
      tags
    )
  end

  true
end
update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) click to toggle source

Update an inbound rule, shortcut method for update_rule

# File lib/fog/aws/models/compute/network_acl.rb, line 83
def update_inbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, false, options)
end
update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {}) click to toggle source

Update an outbound rule, shortcut method for update_rule

# File lib/fog/aws/models/compute/network_acl.rb, line 88
def update_outbound_rule(rule_number, protocol, rule_action, cidr_block, options = {})
  update_rule(rule_number, protocol, rule_action, cidr_block, true, options)
end
update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {}) click to toggle source

Update a specific rule number

network_acl.update_rule(100, Fog::AWS::Compute::NetworkAcl::TCP, 'allow', '0.0.0.0/0', true, 'PortRange.From' => 22, 'PortRange.To' => 22)

Parameters

  • rule_number<~Integer> - The rule number for the entry, between 100 and 32766

  • protocol<~Integer> - The IP protocol to which the rule applies. You can use -1 to mean all protocols.

  • rule_action<~String> - Allows or denies traffic that matches the rule. (either allow or deny)

  • cidr_block<~String> - The CIDR range to allow or deny

  • egress<~Boolean> - Indicates whether this rule applies to egress traffic from the subnet (true) or ingress traffic to the subnet (false).

  • options<~Hash>:

  • 'Icmp.Code' - ICMP code, required if protocol is 1

  • 'Icmp.Type' - ICMP type, required if protocol is 1

  • 'PortRange.From' - The first port in the range, required if protocol is 6 (TCP) or 17 (UDP)

  • 'PortRange.To' - The last port in the range, required if protocol is 6 (TCP) or 17 (UDP)

Returns

True or false depending on the result

# File lib/fog/aws/models/compute/network_acl.rb, line 112
def update_rule(rule_number, protocol, rule_action, cidr_block, egress, options = {})
  requires :network_acl_id

  service.replace_network_acl_entry(network_acl_id, rule_number, protocol, rule_action, cidr_block, egress, options)
  true
end