Did this page help you? Yes No Tell us about it...

ReplaceNetworkAclEntry

Description

Replaces an entry (i.e., rule) in a network ACL. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide.

Request Parameters

Name	Description	Required
`NetworkAclId`	ID of the ACL where the entry will be replaced. Type: String Default: None	Yes
`RuleNumber`	Rule number of the entry to replace. Type: Integer Default: None	Yes
`Protocol`	IP protocol the rule applies to. You can use -1 to mean all protocols. Type: Integer Valid Values: `-1` or a protocol number (go to Protocol Numbers).	Yes
`RuleAction`	Whether to allow or deny traffic that matches the rule. Type: String Default: None Valid Values: `allow` \| `deny`	Yes
`Egress`	Whether this rule applies to egress traffic from the subnet (`true`) or ingress traffic to the subnet (`false`). Type: Boolean Default: `false` Valid Values: `true` \| `false`	No
`CidrBlock`	The CIDR range to allow or deny, in CIDR notation (e.g., 172.16.0.0/24). Type: String Default: None	Yes
`Icmp.Code`	For the ICMP protocol, the ICMP code. You can use -1 to specify all ICMP codes for the given ICMP type. Type: Integer Default: None Condition: Required if specifying `1` (ICMP) for the protocol.	Conditional
`Icmp.Type`	For the ICMP protocol, the ICMP type. You can use -1 to specify all ICMP types. Type: Integer Default: None Condition: Required if specifying `1` (ICMP) for the protocol.	Conditional
`PortRange.From`	The first port in the range. Type: Integer Default: None Condition: Required if specifying `6` (TCP) or `17` (UDP) for the protocol.	Conditional
`PortRange.To`	The last port in the range. Type: Integer Default: None Condition: Required if specifying `6` (TCP) or `17` (UDP) for the protocol.	Conditional

Response Elements

The elements in the following table are wrapped in a ReplaceNetworkAclEntryResponse structure.

Name Description

Name	Description
`requestId`	The ID of the request. Type: String
`return`	Returns true if the request succeeds. Otherwise, returns an error. Type: xsd:boolean

requestId

The ID of the request.

Type: String

return

Returns true if the request succeeds. Otherwise, returns an error.

Type: xsd:boolean

Examples

Example Request

This example replaces the egress entry numbered 110 in the network ACL with ID acl-2cb85d45. The new rule denies egress traffic destined for anywhere (0.0.0.0/0) on TCP port 139.

https://ec2.amazonaws.com/?Action=ReplaceNetworkAclEntry
&NetworkAclId=acl-2cb85d45
&RuleNumber=110
&Protocol=tcp
&RuleAction=deny
&Egress=true
&CidrBlock=0.0.0.0/0
&PortRange.From=139
&PortRange.To=139
&AUTHPARAMS

Example Response

<ReplaceNetworkAclEntryResponse xmlns="http://ec2.amazonaws.com/doc/2012-04-01/">
   <requestId>59dbff89-35bd-4eac-99ed-be587EXAMPLE</requestId> 
   <return>true</return>
</ReplaceNetworkAclEntryResponse>

Document Conventions
Terms of Use