Skip to content
Alchemy
GitHubXDiscord

NetworkAclEntry

The NetworkAclEntry resource allows you to manage AWS EC2 Network ACL Entries for configuring firewall rules for your Virtual Private Clouds (VPC).

Minimal Example

Section titled “Minimal Example”

Create a basic Network ACL entry allowing inbound traffic on port 80 for HTTP.

import AWS from "alchemy/aws/control";


const httpAclEntry = await AWS.EC2.NetworkAclEntry("httpAclEntry", {
  NetworkAclId: "acl-12345678",
  RuleAction: "allow",
  RuleNumber: 100,
  Protocol: 6, // TCP
  PortRange: {
    From: 80,
    To: 80
  },
  CidrBlock: "0.0.0.0/0"
});

Advanced Configuration

Section titled “Advanced Configuration”

Configure a Network ACL entry to deny all inbound ICMP traffic.

const icmpAclEntry = await AWS.EC2.NetworkAclEntry("icmpAclEntry", {
  NetworkAclId: "acl-12345678",
  RuleAction: "deny",
  RuleNumber: 200,
  Protocol: 1, // ICMP
  Icmp: {
    Type: -1, // All types
    Code: -1  // All codes
  },
  CidrBlock: "0.0.0.0/0"
});

Egress Configuration

Section titled “Egress Configuration”

Create an egress rule to allow outbound SSH traffic.

const sshEgressAclEntry = await AWS.EC2.NetworkAclEntry("sshEgressAclEntry", {
  NetworkAclId: "acl-12345678",
  RuleAction: "allow",
  RuleNumber: 300,
  Protocol: 6, // TCP
  PortRange: {
    From: 22,
    To: 22
  },
  Egress: true,
  CidrBlock: "0.0.0.0/0"
});

IPv6 Configuration

Section titled “IPv6 Configuration”

Add an entry for allowing inbound HTTPS traffic on IPv6.

const httpsIPv6AclEntry = await AWS.EC2.NetworkAclEntry("httpsIPv6AclEntry", {
  NetworkAclId: "acl-12345678",
  RuleAction: "allow",
  RuleNumber: 400,
  Protocol: 6, // TCP
  PortRange: {
    From: 443,
    To: 443
  },
  Ipv6CidrBlock: "2001:db8::/32"
});