How to use CloudFormation to edit the default ACL ACL?

Question

How to use CloudFormation to edit the default ACL ACL?

If I declare the following resource in a CloudFormation template,

"CoolVpc": {
  "Type": "AWS::EC2::VPC",
  "Properties": {
    "CidrBlock": "10.10.0.0/16",
    "Tags": [
      {"Key": "Name", "Value": "cool-vpc"},
    ]
  }
}

... CloudFormation will dutifully obey and create my VPC, and as part of the process, it will automatically create a default ACL to go with it. I could easily reference this ACL using a function GetAtt, for example:

"TestSubnetAcl": {
  "Type": "AWS::EC2::SubnetNetworkAclAssociation",
  "Properties": {
    "NetworkAclId": {"Fn::GetAtt" : ["CoolVpc" , "DefaultNetworkAcl"]},
    "SubnetId": {"Ref": "TestSubnet"}
  }
}

or

"AclRule100": {
  "Type": "AWS::EC2::NetworkAclEntry",
  "Properties": {
    "CidrBlock": "0.0.0.0/0",
    "Egress": "true",
    "Protocol": "-1",
    "RuleAction": "allow",
    "RuleNumber": "100",
    "NetworkAclId": {"Fn::GetAtt" : ["CoolVpc" , "DefaultNetworkAcl"]}
  }
}

... but what if I would like to edit the default ACL? (Yes, I know that the only thing that can be changed is Tags, but that is exactly what I want to change.)

I tried to add a new NetworkAcl template to the template and only with this, but unnamed default keeps hanging out, and it offends me that I have no way to assign tags to it that make it clear what its purpose is.

+4

amazon-ec2 amazon-vpc amazon-cloudformation

smitelli 20 . '15 21:38

1

gilles · Answer 1 · 2016-10-04T10:34:00+0000

: " "

, . , , /.

, nACLs nACL , RuleNumber, 100.

Rgds

How to use CloudFormation to edit the default ACL ACL?

More articles: