Network ACL

• vpc_id - (Required) The ID of the associated VPC.
• subnet_ids - (Optional) A list of Subnet IDs to apply the ACL to
• ingress - (Optional) Specifies an ingress rule. Parameters defined below. This argument is processed in attribute-as-blocks mode.
• egress - (Optional) Specifies an egress rule. Parameters defined below. This argument is processed in attribute-as-blocks mode.
• tags - (Optional) A map of tags to assign to the resource. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

egress and ingress

Both arguments are processed in attribute-as-blocks mode.

Both egress and ingress support the following keys:

• from_port - (Required) The from port to match.
• to_port - (Required) The to port to match.
• rule_no - (Required) The rule number. Used for ordering.
• action - (Required) The action to take.
• protocol - (Required) The protocol to match. If using the -1 'all' protocol, you must specify a from and to port of 0.
• cidr_block - (Optional) The CIDR block to match. This must be a valid network mask.
• ipv6_cidr_block - (Optional) The IPv6 CIDR block.
• icmp_type - (Optional) The ICMP type to be used. Default 0.
• icmp_code - (Optional) The ICMP type code to be used. Default 0.

‍