1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package ec2 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/aws-sdk-go-v2/service/ec2/types" 10 "github.com/aws/smithy-go/middleware" 11 smithyhttp "github.com/aws/smithy-go/transport/http" 12) 13 14// Creates an entry (a rule) in a network ACL with the specified rule number. Each 15// network ACL has a set of numbered ingress rules and a separate set of numbered 16// egress rules. When determining whether a packet should be allowed in or out of a 17// subnet associated with the ACL, we process the entries in the ACL according to 18// the rule numbers, in ascending order. Each network ACL has a set of ingress 19// rules and a separate set of egress rules. We recommend that you leave room 20// between the rule numbers (for example, 100, 110, 120, ...), and not number them 21// one right after the other (for example, 101, 102, 103, ...). This makes it 22// easier to add a rule between existing ones without having to renumber the rules. 23// After you add an entry, you can't modify it; you must either replace it, or 24// create an entry and delete the old one. For more information about network ACLs, 25// see Network ACLs 26// (https://docs.aws.amazon.com/vpc/latest/userguide/VPC_ACLs.html) in the Amazon 27// Virtual Private Cloud User Guide. 28func (c *Client) CreateNetworkAclEntry(ctx context.Context, params *CreateNetworkAclEntryInput, optFns ...func(*Options)) (*CreateNetworkAclEntryOutput, error) { 29 if params == nil { 30 params = &CreateNetworkAclEntryInput{} 31 } 32 33 result, metadata, err := c.invokeOperation(ctx, "CreateNetworkAclEntry", params, optFns, addOperationCreateNetworkAclEntryMiddlewares) 34 if err != nil { 35 return nil, err 36 } 37 38 out := result.(*CreateNetworkAclEntryOutput) 39 out.ResultMetadata = metadata 40 return out, nil 41} 42 43type CreateNetworkAclEntryInput struct { 44 45 // Indicates whether this is an egress rule (rule is applied to traffic leaving the 46 // subnet). 47 // 48 // This member is required. 49 Egress bool 50 51 // The ID of the network ACL. 52 // 53 // This member is required. 54 NetworkAclId *string 55 56 // The protocol number. A value of "-1" means all protocols. If you specify "-1" or 57 // a protocol number other than "6" (TCP), "17" (UDP), or "1" (ICMP), traffic on 58 // all ports is allowed, regardless of any ports or ICMP types or codes that you 59 // specify. If you specify protocol "58" (ICMPv6) and specify an IPv4 CIDR block, 60 // traffic for all ICMP types and codes allowed, regardless of any that you 61 // specify. If you specify protocol "58" (ICMPv6) and specify an IPv6 CIDR block, 62 // you must specify an ICMP type and code. 63 // 64 // This member is required. 65 Protocol *string 66 67 // Indicates whether to allow or deny the traffic that matches the rule. 68 // 69 // This member is required. 70 RuleAction types.RuleAction 71 72 // The rule number for the entry (for example, 100). ACL entries are processed in 73 // ascending order by rule number. Constraints: Positive integer from 1 to 32766. 74 // The range 32767 to 65535 is reserved for internal use. 75 // 76 // This member is required. 77 RuleNumber int32 78 79 // The IPv4 network range to allow or deny, in CIDR notation (for example 80 // 172.16.0.0/24). We modify the specified CIDR block to its canonical form; for 81 // example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18. 82 CidrBlock *string 83 84 // Checks whether you have the required permissions for the action, without 85 // actually making the request, and provides an error response. If you have the 86 // required permissions, the error response is DryRunOperation. Otherwise, it is 87 // UnauthorizedOperation. 88 DryRun bool 89 90 // ICMP protocol: The ICMP or ICMPv6 type and code. Required if specifying protocol 91 // 1 (ICMP) or protocol 58 (ICMPv6) with an IPv6 CIDR block. 92 IcmpTypeCode *types.IcmpTypeCode 93 94 // The IPv6 network range to allow or deny, in CIDR notation (for example 95 // 2001:db8:1234:1a00::/64). 96 Ipv6CidrBlock *string 97 98 // TCP or UDP protocols: The range of ports the rule applies to. Required if 99 // specifying protocol 6 (TCP) or 17 (UDP). 100 PortRange *types.PortRange 101} 102 103type CreateNetworkAclEntryOutput struct { 104 // Metadata pertaining to the operation's result. 105 ResultMetadata middleware.Metadata 106} 107 108func addOperationCreateNetworkAclEntryMiddlewares(stack *middleware.Stack, options Options) (err error) { 109 err = stack.Serialize.Add(&awsEc2query_serializeOpCreateNetworkAclEntry{}, middleware.After) 110 if err != nil { 111 return err 112 } 113 err = stack.Deserialize.Add(&awsEc2query_deserializeOpCreateNetworkAclEntry{}, middleware.After) 114 if err != nil { 115 return err 116 } 117 if err = addSetLoggerMiddleware(stack, options); err != nil { 118 return err 119 } 120 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 121 return err 122 } 123 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 124 return err 125 } 126 if err = addResolveEndpointMiddleware(stack, options); err != nil { 127 return err 128 } 129 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 130 return err 131 } 132 if err = addRetryMiddlewares(stack, options); err != nil { 133 return err 134 } 135 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 136 return err 137 } 138 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 139 return err 140 } 141 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 142 return err 143 } 144 if err = addClientUserAgent(stack); err != nil { 145 return err 146 } 147 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 148 return err 149 } 150 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 151 return err 152 } 153 if err = addOpCreateNetworkAclEntryValidationMiddleware(stack); err != nil { 154 return err 155 } 156 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateNetworkAclEntry(options.Region), middleware.Before); err != nil { 157 return err 158 } 159 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 160 return err 161 } 162 if err = addResponseErrorMiddleware(stack); err != nil { 163 return err 164 } 165 if err = addRequestResponseLogging(stack, options); err != nil { 166 return err 167 } 168 return nil 169} 170 171func newServiceMetadataMiddleware_opCreateNetworkAclEntry(region string) *awsmiddleware.RegisterServiceMetadata { 172 return &awsmiddleware.RegisterServiceMetadata{ 173 Region: region, 174 ServiceID: ServiceID, 175 SigningName: "ec2", 176 OperationName: "CreateNetworkAclEntry", 177 } 178} 179