turbot/alicloud

steampipe plugin install alicloudsteampipe plugin install alicloud
On This Page
Get Involved

Table: alicloud_vpc_network_acl

A Network Access Control List (ACL) is an optional layer of security for traffic control in your VPC. You can associate a network ACL with a VSwitch to regulate access for one or more subnets. Similar to the rules of security groups, a user can configure custom rules for network ACLs.

Network ACLs are stateless. After you configure the inbound rules, you need to configure the corresponding outbound rules for certain requests to have a response.

Examples

Basic info

select
name,
network_acl_id,
status,
vpc_id,
description,
region
from
alicloud_vpc_network_acl;

List the VSwitches associated with each network ACL

select
network_acl_id,
vpc_id,
association ->> 'ResourceId' as vswitch_id,
association ->> 'Status' as association_status
from
alicloud_vpc_network_acl,
jsonb_array_elements(resources) as association
where
association ->> 'ResourceType' = 'VSwitch';

Get inbound rule info for each network ACL

select
name,
network_acl_id,
vpc_id,
i ->> 'NetworkAclEntryId' as network_acl_entry_id,
i ->> 'NetworkAclEntryName' as network_acl_entry_name,
i ->> 'Description' as description,
i ->> 'EntryType' as entry_type,
i ->> 'Policy' as policy,
i ->> 'Port' as port,
i ->> 'Protocol' as protocol,
i ->> 'SourceCidrIp' as source_cidr_ip
from
alicloud_vpc_network_acl,
jsonb_array_elements(ingress_acl_entries) as i;

Get outbound rule info for each network ACL

select
name,
network_acl_id,
vpc_id,
i ->> 'NetworkAclEntryId' as network_acl_entry_id,
i ->> 'NetworkAclEntryName' as network_acl_entry_name,
i ->> 'Description' as description,
i ->> 'EntryType' as entry_type,
i ->> 'Policy' as policy,
i ->> 'Port' as port,
i ->> 'Protocol' as protocol,
i ->> 'DestinationCidrIp' as destination_cidr_ip
from
alicloud_vpc_network_acl,
jsonb_array_elements(egress_acl_entries) as i;

.inspect alicloud_vpc_network_acl

Alicloud VPC Network ACL

NameTypeDescription
account_idtextThe Alicloud Account ID in which the resource is located.
akasjsonbArray of globally unique identifier strings (also known as) for the resource.
creation_timetimestamp without time zoneThe time when the network ACL was created.
descriptiontextThe description of the network ACL.
egress_acl_entriesjsonbA list of outbound rules of the network ACL.
ingress_acl_entriesjsonbA list of inbound rules of the network ACL.
nametextThe name of the network ACL.
network_acl_idtextThe ID of the network ACL.
owner_idbigintThe ID of the owner of the resource.
regiontextThe Alicloud region in which the resource is located.
region_idtextThe name of the region where the resource resides.
resourcesjsonbA list of associated resources.
statustextThe status of the network ACL.
titletextTitle of the resource.
vpc_idtextThe ID of the VPC associated with the network ACL.