Network Acl

---

Resource Icon

Resource Overview

A network access control list (ACL) controls whether specific inbound or outbound traffic is allowed or denied at the subnet level. You can use the default network ACL for your VPC or create a custom network ACL with rules similar to those of security groups to add an additional layer of security to your VPC. There are no additional charges for using network ACLs.

Associated Resources

Parent Resources

• Vpc

Connected Resources

• Vpc Subnet

Resource Setting Values

• included_vpc_name: The name of the VPC with the Network ACL
• linked_subnet_names: Subnet names to apply Network ACL to
• ingress: Ingress rule name in Network ACL
  • protocol: Protocol in Ingress Rule - tcp, udp, ssh, icmp, all
  • action: Action to be applied to the protocol of the Ingress rule - allow, deny
  • cidr_block: CIDR to apply the Ingress rule to
  • from_port: Port number coming into the Ingress rule
  • to_port: Outgoing port number through the Ingress rule
• egress: Ingress rule name in Network ACL
  • protocol: Protocol in Egress Rule - tcp, udp, ssh, icmp, all
  • action: Action to be applied to the protocol of the Egress rule - allow, deny
  • cidr_block: CIDR to apply the Egress rule to
  • from_port: Port number coming into the Egress rule
  • to_port: Outgoing port number through the Egress rule

---

Reference Materials

• Controlling Traffic to Subnets Using Network ACLs(AWS)
• aws_network_acl(Terraform)