Policy: AWS > VPC > Network ACL > Ingress Rules > Approved > Rules
An Object Control List (OCL) with a list of filter rules to approve or reject network ACL rules.
Note that the Approved control does not operate directly from this policy, but from the Approved > Compiled Rules. The rules are processed in order, and any built-in Turbot rules will appear first in the list of compiled rules.
Examples: # Allow HTTP and HTTPS rules for RFC1918 private space APPROVE $.turbot.fromPort:=80 $.turbot.toPort:=80 $.turbot.cidr:<=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16 APPROVE $.turbot.fromPort:=443 $.turbot.toPort:=443 $.turbot.cidr:<=10.0.0.0/8,172.16.0.0/12,192.168.0.0/16<br /><br /> # Reject any rule from 0.0.0.0/0 REJECT $.turbot.cidr:0.0.0.0/0<br /><br /> # Reject any rule using specific protocols like TCP(6), UDP(17) and All(-1) REJECT $.IpProtocol:tcp,udp,-1
Resource Types
This policy targets the following resource types:
Primary Policy
This policy is used with the following primary policy:
Controls
Policy Packs
This policy setting is used by the following policy packs:
Policy Specification
Schema Type | |
|---|---|
Default | |
Category
In Your Workspace
Developers
- tmod:@turbot/turbot#/control/categories/resourceApproved
- tmod:@turbot/aws-vpc-security#/policy/types/networkAclIngressRulesApprovedRules
- turbot graphql policy-type --id "tmod:@turbot/aws-vpc-security#/policy/types/networkAclIngressRulesApprovedRules"
- turbot graphql policy-settings --filter "policyTypeId:tmod:@turbot/aws-vpc-security#/policy/types/networkAclIngressRulesApprovedRules"
Get Policy TypeGet Policy Settings