A network ACL that blacklist inbound and outbound traffic based on Port(s).
The template creates the network access list (NACL) into an existing VPC, and requires the following details:
See Related Items section for configuration templates to create a new VPC.
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
NetworkAcl:
Type: 'AWS::EC2::NetworkAcl'
Properties:
VpcId: ''
IngressRule0:
Type: 'AWS::EC2::NetworkAclEntry'
Properties:
Egress: false
NetworkAclId:
Ref: NetworkAcl
CidrBlock: 0.0.0.0/0
Protocol: tcp
PortRange:
From: ''
To: ''
RuleNumber: '100'
RuleAction: deny
IngressRule1:
Type: 'AWS::EC2::NetworkAclEntry'
Properties:
Egress: false
NetworkAclId:
Ref: NetworkAcl
CidrBlock: 0.0.0.0/0
Protocol: '-1'
RuleNumber: '200'
RuleAction: allow
EgressRule0:
Type: 'AWS::EC2::NetworkAclEntry'
Properties:
Egress: true
NetworkAclId:
Ref: NetworkAcl
CidrBlock: 0.0.0.0/0
Protocol: tcp
PortRange:
From: ''
To: ''
RuleNumber: '100'
RuleAction: deny
EgressRule1:
Type: 'AWS::EC2::NetworkAclEntry'
Properties:
Egress: true
NetworkAclId:
Ref: NetworkAcl
CidrBlock: 0.0.0.0/0
Protocol: '-1'
RuleNumber: '200'
RuleAction: allow
Parameters: {}
Metadata: {}
Conditions: {}
Configuration Source: Native Feature