ec2-replace-network-acl-entry

Description

Replaces an entry (i.e., rule) in a network ACL. For more information about network ACLs, go to Network ACLs in the Amazon Virtual Private Cloud User Guide.

The short version of this command is ec2repnae.

Syntax

ec2-replace-network-acl-entry acl_id -n rule_number [--egress] -P protocol -r cidr [-p port_range] [-t icmp_type_code] { --allow | --deny }

Options

Name	Description	Required
`acl_id`	ID of the ACL where the entry will be replaced. Type: String Default: None Example: acl-5fb85d36	Yes
`-n, --rule-number` `rule_number`	Rule number of the entry to replace. Type: Number Default: None Example: -n 100	Yes
`--egress`	Optional flag to indicate to replace the egress rule. Default: If no value is specified, we replace the ingress rule	No
`-P, --protocol` `protocol`	IP protocol. You can specify `all` or `-1` to mean all protocols. Type: String Valid Values: `all` \| `-1` \| `tcp` \| `udp` \| `icmp` or any protocol number (for a list, go to Protocol Numbers). Example: -P 6	Yes
`-r, --cidr` `cidr`	The CIDR range to allow or deny, in CIDR notation. Type: String Default: None Example: -r 172.16.0.0/24	Yes
`-p, --port-range` `port_range`	For the TCP or UDP protocols, this specifies the range of ports to allow. Type: String Default: None Valid Values: A single integer or a range (min-max). You can specify -1 to mean all ports (i.e. port range 0-65535). Condition: Required if specifying `tcp` or `udp` (or the equivalent number) for the protocol. Example: -p 80-84	Conditional
`-t, --icmp-type-code` `icmp_type_code`	For the ICMP protocol, this specifies the ICMP type and code using format `type:code`, where both are integers. You can use -1 for the type or code to mean all types or all codes Type: String Default: None Condition: Required if specifying `icmp` (or the equivalent number) for the protocol. Example: -t -1:-1	Conditional
`--allow`	Specifies that any traffic matching the rule is allowed. Condition: Either --allow or --deny must be specified, but not both.	Conditional
`--deny`	Specifies that any traffic matching the rule is denied. Condition: Either --allow or --deny must be specified, but not both.	Conditional

Common Options

Option	Description
`--region` `REGION`	Overrides the Region specified in the `EC2_URL` environment variable and the URL specified by the `-U` option. Default: The `EC2_URL` environment variable, or `us-east-1` if the environment variable is not set. Example: `--region eu-west-1`
`-U, --url` `URL`	`URL` is the uniform resource locator of the Amazon EC2 web service entry point. Default: The `EC2_URL` environment variable, or https://ec2.amazonaws.com if the environment variable is not set. Example: `-U https://ec2.amazonaws.com`
`-K, --private-key` `EC2-PRIVATE-KEY`	The private key to use when constructing requests to Amazon EC2. Default: The value of the `EC2_PRIVATE_KEY` environment variable. Example: `-K pk-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem`
`-C, --cert` `EC2-CERT`	The X.509 certificate to use when constructing requests to Amazon EC2. Default: The value of the `EC2_CERT` environment variable. Example: `-C cert-HKZYKTAIG2ECMXYIBH3HXV4ZBEXAMPLE.pem`
`--connection-timeout` `TIMEOUT`	Specifies a connection timeout (in seconds). Example: --connection-timeout 30
`--request-timeout` `TIMEOUT`	Specifies a request timeout (in seconds). Example: --request-timeout 45
`-v, --verbose`	Displays verbose output by showing the SOAP request and response on the command line. This is particularly useful if you are building tools to talk directly to our SOAP API.
`-H, --headers`	Displays column headers in the output.
`--show-empty-fields`	Shows empty columns as `(nil)`.
`--hide-tags`	Do not display tags for tagged resources.
`--debug`	Prints internal debugging information. This is useful to assist us when troubleshooting problems.
`-?, --help, -h`	Displays Help.
`-`	If `-` is specified as an argument to one of the parameters, a list of arguments is read from standard input. This is useful for piping the output of one command into the input of another. Example: `ec2-describe-instances \| grep stopped \| cut -f 2 \| ec2-start-instances -`

Output

The command returns a table that contains the following information:

Boolean true or false

Amazon EC2 command line tools display errors on stderr.

Examples

Example Request

This example replaces the egress entry numbered 110 in the network ACL with ID acl-2cb85d45. The new rule denies egress traffic destined for anywhere (0.0.0.0/0) on TCP port 139.

PROMPT> ec2-replace-network-acl-entry acl-2cb85d45 -n 110 --egress -r 0.0.0.0/0 -P tcp -p 139 --deny
RETURN   true