1 Answer
- Newest
- Most votes
- Most comments
0
Hi Mehandra,
Here you need use two CloudFormation resources : AWS::EC2::NetworkAcl and AWS::EC2::NetworkAclEntry. First create NetworkAcl and in NetworkAclEntry you allow/deny specific IPs/CIDR.
You can find good example here : https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-networkaclentry.html#aws-resource-ec2-networkaclentry--examples
BUT before implementing it please note that NetworkACLs are associated with subnets so if you run any resource under that subnet then only IP which is allowed in NetworkACL will able to access resource. **If your goal is protect only specific resource I would still recommend Security Group because with NetworkACL you are restricting access for whole subnet. **
Relevant content
- asked 2 years ago
- asked a year ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago