vpc _firewall _rules _update
The maximum number of rules per VPC is 1024.
Targets are used to specify the set of instances to which a firewall rule applies. You can target instances directly by name, or specify a VPC, VPC subnet, IP, or IP subnet, which will apply the rule to traffic going to all matching instances. Targets are additive: the rule applies to instances matching ANY target. The maximum number of targets is 256.
Filters reduce the scope of a firewall rule. Without filters, the rule applies to all packets to the targets (or from the targets, if it's an outbound rule). With multiple filters, the rule applies only to packets matching ALL filters. The maximum number of each type of filter is 256.
Query Parameters
Request Body
Updated list of firewall rules. Will replace all existing rules.
A single rule in a VPC firewall
Whether traffic matching the rule should be allowed or dropped
Human-readable free-form text about a resource
Whether this rule is for incoming or outgoing traffic
Reductions on the scope of the rule
Filters reduce the scope of a firewall rule. Without filters, the rule applies to all packets to the targets (or from the targets, if it's an outbound rule). With multiple filters, the rule applies only to packets matching ALL filters. The maximum number of each type of filter is 256.
If present, host filters match the "other end" of traffic from the target’s perspective: for an inbound rule, they match the source of traffic. For an outbound rule, they match the destination.
The VpcFirewallRuleHostFilter
is used to filter traffic on the basis of its source or destination host.
If present, the destination ports or port ranges this rule applies to.
An inclusive-inclusive range of IP ports. The second port may be omitted to represent a single port.
If present, the networking protocols this rule applies to.
The protocols that may be specified in a firewall rule's filter
Name of the rule, unique to this VPC
Names must begin with a lower case ASCII letter, be composed exclusively of lowercase ASCII, uppercase ASCII, numbers, and '-', and may not end with a '-'. Names cannot be a UUID, but they may contain a UUID. They can be at most 63 characters long.
The relative priority of this rule
Whether this rule is in effect
Determine the set of instances that the rule applies to
A VpcFirewallRuleTarget
is used to specify the set of instances to which a firewall rule applies. You can target instances directly by name, or specify a VPC, VPC subnet, IP, or IP subnet, which will apply the rule to traffic going to all matching instances. Targets are additive: the rule applies to instances matching ANY target.
Responses
A single rule in a VPC firewall
Whether traffic matching the rule should be allowed or dropped
human-readable free-form text about a resource
Whether this rule is for incoming or outgoing traffic
Reductions on the scope of the rule
Filters reduce the scope of a firewall rule. Without filters, the rule applies to all packets to the targets (or from the targets, if it's an outbound rule). With multiple filters, the rule applies only to packets matching ALL filters. The maximum number of each type of filter is 256.
If present, host filters match the "other end" of traffic from the target’s perspective: for an inbound rule, they match the source of traffic. For an outbound rule, they match the destination.
The VpcFirewallRuleHostFilter
is used to filter traffic on the basis of its source or destination host.
If present, the destination ports or port ranges this rule applies to.
An inclusive-inclusive range of IP ports. The second port may be omitted to represent a single port.
If present, the networking protocols this rule applies to.
The protocols that may be specified in a firewall rule's filter
unique, immutable, system-controlled identifier for each resource
unique, mutable, user-controlled identifier for each resource
Names must begin with a lower case ASCII letter, be composed exclusively of lowercase ASCII, uppercase ASCII, numbers, and '-', and may not end with a '-'. Names cannot be a UUID, but they may contain a UUID. They can be at most 63 characters long.
The relative priority of this rule
Whether this rule is in effect
Determine the set of instances that the rule applies to
A VpcFirewallRuleTarget
is used to specify the set of instances to which a firewall rule applies. You can target instances directly by name, or specify a VPC, VPC subnet, IP, or IP subnet, which will apply the rule to traffic going to all matching instances. Targets are additive: the rule applies to instances matching ANY target.
timestamp when this resource was created
timestamp when this resource was last modified
The VPC to which this rule belongs