DescribeNetworkAcls

class EC2.Paginator.DescribeNetworkAcls
paginator = client.get_paginator('describe_network_acls')
paginate(**kwargs)

Creates an iterator that will paginate through responses from EC2.Client.describe_network_acls().

See also: AWS API Documentation

Request Syntax

response_iterator = paginator.paginate(
    Filters=[
        {
            'Name': 'string',
            'Values': [
                'string',
            ]
        },
    ],
    DryRun=True|False,
    NetworkAclIds=[
        'string',
    ],
    PaginationConfig={
        'MaxItems': 123,
        'PageSize': 123,
        'StartingToken': 'string'
    }
)
Parameters
  • Filters (list) --

    One or more filters.

    • association.association-id - The ID of an association ID for the ACL.
    • association.network-acl-id - The ID of the network ACL involved in the association.
    • association.subnet-id - The ID of the subnet involved in the association.
    • default - Indicates whether the ACL is the default network ACL for the VPC.
    • entry.cidr - The IPv4 CIDR range specified in the entry.
    • entry.icmp.code - The ICMP code specified in the entry, if any.
    • entry.icmp.type - The ICMP type specified in the entry, if any.
    • entry.ipv6-cidr - The IPv6 CIDR range specified in the entry.
    • entry.port-range.from - The start of the port range specified in the entry.
    • entry.port-range.to - The end of the port range specified in the entry.
    • entry.protocol - The protocol specified in the entry ( tcp | udp | icmp or a protocol number).
    • entry.rule-action - Allows or denies the matching traffic ( allow | deny ).
    • entry.egress - A Boolean that indicates the type of rule. Specify true for egress rules, or false for ingress rules.
    • entry.rule-number - The number of an entry (in other words, rule) in the set of ACL entries.
    • network-acl-id - The ID of the network ACL.
    • owner-id - The ID of the Amazon Web Services account that owns the network ACL.
    • tag :<key> - The key/value combination of a tag assigned to the resource. Use the tag key in the filter name and the tag value as the filter value. For example, to find all resources that have a tag with the key Owner and the value TeamA , specify tag:Owner for the filter name and TeamA for the filter value.
    • tag-key - The key of a tag assigned to the resource. Use this filter to find all resources assigned a tag with a specific key, regardless of the tag value.
    • vpc-id - The ID of the VPC for the network ACL.
    • (dict) --

      A filter name and value pair that is used to return a more specific list of results from a describe operation. Filters can be used to match a set of resources by specific criteria, such as tags, attributes, or IDs.

      If you specify multiple filters, the filters are joined with an AND , and the request returns only results that match all of the specified filters.

      • Name (string) --

        The name of the filter. Filter names are case-sensitive.

      • Values (list) --

        The filter values. Filter values are case-sensitive. If you specify multiple values for a filter, the values are joined with an OR , and the request returns all results that match any of the specified values.

        • (string) --
  • DryRun (boolean) -- Checks whether you have the required permissions for the action, without actually making the request, and provides an error response. If you have the required permissions, the error response is DryRunOperation . Otherwise, it is UnauthorizedOperation .
  • NetworkAclIds (list) --

    One or more network ACL IDs.

    Default: Describes all your network ACLs.

    • (string) --
  • PaginationConfig (dict) --

    A dictionary that provides parameters to control pagination.

    • MaxItems (integer) --

      The total number of items to return. If the total number of items available is more than the value specified in max-items then a NextToken will be provided in the output that you can use to resume pagination.

    • PageSize (integer) --

      The size of each page.

    • StartingToken (string) --

      A token to specify where to start paginating. This is the NextToken from a previous response.

Return type

dict

Returns

Response Syntax

{
    'NetworkAcls': [
        {
            'Associations': [
                {
                    'NetworkAclAssociationId': 'string',
                    'NetworkAclId': 'string',
                    'SubnetId': 'string'
                },
            ],
            'Entries': [
                {
                    'CidrBlock': 'string',
                    'Egress': True|False,
                    'IcmpTypeCode': {
                        'Code': 123,
                        'Type': 123
                    },
                    'Ipv6CidrBlock': 'string',
                    'PortRange': {
                        'From': 123,
                        'To': 123
                    },
                    'Protocol': 'string',
                    'RuleAction': 'allow'|'deny',
                    'RuleNumber': 123
                },
            ],
            'IsDefault': True|False,
            'NetworkAclId': 'string',
            'Tags': [
                {
                    'Key': 'string',
                    'Value': 'string'
                },
            ],
            'VpcId': 'string',
            'OwnerId': 'string'
        },
    ],

}

Response Structure

  • (dict) --

    • NetworkAcls (list) --

      Information about one or more network ACLs.

      • (dict) --

        Describes a network ACL.

        • Associations (list) --

          Any associations between the network ACL and one or more subnets

          • (dict) --

            Describes an association between a network ACL and a subnet.

            • NetworkAclAssociationId (string) --

              The ID of the association between a network ACL and a subnet.

            • NetworkAclId (string) --

              The ID of the network ACL.

            • SubnetId (string) --

              The ID of the subnet.

        • Entries (list) --

          One or more entries (rules) in the network ACL.

          • (dict) --

            Describes an entry in a network ACL.

            • CidrBlock (string) --

              The IPv4 network range to allow or deny, in CIDR notation.

            • Egress (boolean) --

              Indicates whether the rule is an egress rule (applied to traffic leaving the subnet).

            • IcmpTypeCode (dict) --

              ICMP protocol: The ICMP type and code.

              • Code (integer) --

                The ICMP code. A value of -1 means all codes for the specified ICMP type.

              • Type (integer) --

                The ICMP type. A value of -1 means all types.

            • Ipv6CidrBlock (string) --

              The IPv6 network range to allow or deny, in CIDR notation.

            • PortRange (dict) --

              TCP or UDP protocols: The range of ports the rule applies to.

              • From (integer) --

                The first port in the range.

              • To (integer) --

                The last port in the range.

            • Protocol (string) --

              The protocol number. A value of "-1" means all protocols.

            • RuleAction (string) --

              Indicates whether to allow or deny the traffic that matches the rule.

            • RuleNumber (integer) --

              The rule number for the entry. ACL entries are processed in ascending order by rule number.

        • IsDefault (boolean) --

          Indicates whether this is the default network ACL for the VPC.

        • NetworkAclId (string) --

          The ID of the network ACL.

        • Tags (list) --

          Any tags assigned to the network ACL.

          • (dict) --

            Describes a tag.

            • Key (string) --

              The key of the tag.

              Constraints: Tag keys are case-sensitive and accept a maximum of 127 Unicode characters. May not begin with aws: .

            • Value (string) --

              The value of the tag.

              Constraints: Tag values are case-sensitive and accept a maximum of 256 Unicode characters.

        • VpcId (string) --

          The ID of the VPC for the network ACL.

        • OwnerId (string) --

          The ID of the Amazon Web Services account that owns the network ACL.