{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--aws-ec2-networkaclentry.json",
  "title": "AWSEC2NetworkAclEntryProperties",
  "description": "Resource Type definition for AWS::EC2::NetworkAclEntry. Source:- <https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2.git>",
  "x-lintel": {
    "source": "https://raw.githubusercontent.com/lalcebo/json-schema/master/serverless/resources/cloudformation-modified/aws-ec2-networkaclentry.json",
    "sourceSha256": "d8aa3c644cbe86bdad353337bf6b455f88cf03031dfdf2c9e49ae3456c126ad9"
  },
  "type": "object",
  "properties": {
    "PortRange": {
      "description": "The IPv4 network range to allow or deny, in CIDR notation (for example 172.16.0.0/24). We modify the specified CIDR block to its canonical form; for example, if you specify 100.68.0.18/18, we modify it to 100.68.0.0/18",
      "$ref": "#/$defs/PortRange"
    },
    "NetworkAclId": {
      "oneOf": [
        {
          "type": "string"
        },
        {
          "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
        }
      ],
      "description": "The ID of the network ACL"
    },
    "RuleAction": {
      "oneOf": [
        {
          "type": "string"
        },
        {
          "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
        }
      ],
      "description": "Indicates whether to allow or deny the traffic that matches the rule"
    },
    "CidrBlock": {
      "oneOf": [
        {
          "type": "string"
        },
        {
          "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
        }
      ],
      "description": "The IPv4 CIDR range to allow or deny, in CIDR notation (for example, 172.16.0.0/24). Requirement is conditional: You must specify the CidrBlock or Ipv6CidrBlock property"
    },
    "Egress": {
      "description": "Indicates whether this is an egress rule (rule is applied to traffic leaving the subnet)",
      "type": "boolean"
    },
    "RuleNumber": {
      "description": "Rule number to assign to the entry, such as 100. ACL entries are processed in ascending order by rule number. Entries can't use the same rule number unless one is an egress rule and the other is an ingress rule",
      "type": "integer"
    },
    "Ipv6CidrBlock": {
      "oneOf": [
        {
          "type": "string"
        },
        {
          "$ref": "https://catalog.lintel.tools/schemas/schemastore/serverless-framework-configuration/_shared/latest--cf.functions.json#/Aws_CF_FunctionString"
        }
      ],
      "description": "The IPv6 network range to allow or deny, in CIDR notation (for example 2001:db8:1234:1a00::/64)"
    },
    "Protocol": {
      "description": "The protocol number. A value of \"-1\" means all protocols. If you specify \"-1\" or a protocol number other than \"6\" (TCP), \"17\" (UDP), or \"1\" (ICMP), traffic on all ports is allowed, regardless of any ports or ICMP types or codes that you specify. If you specify protocol \"58\" (ICMPv6) and specify an IPv4 CIDR block, traffic for all ICMP types and codes allowed, regardless of any that you specify. If you specify protocol \"58\" (ICMPv6) and specify an IPv6 CIDR block, you must specify an ICMP type and code",
      "type": "integer"
    },
    "Icmp": {
      "description": "The Internet Control Message Protocol (ICMP) code and type. Requirement is conditional: Required if specifying 1 (ICMP) for the protocol parameter",
      "$ref": "#/$defs/Icmp"
    }
  },
  "typeName": "AWS::EC2::NetworkAclEntry",
  "primaryIdentifier": [
    "/properties/Id"
  ],
  "sourceUrl": "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-ec2.git",
  "$defs": {
    "PortRange": {
      "type": "object",
      "title": "AWSEC2NetworkAclEntryPortRangeDefinition",
      "properties": {
        "From": {
          "type": "integer"
        },
        "To": {
          "type": "integer"
        }
      },
      "additionalProperties": false
    },
    "Icmp": {
      "type": "object",
      "title": "AWSEC2NetworkAclEntryIcmpDefinition",
      "properties": {
        "Code": {
          "type": "integer"
        },
        "Type": {
          "type": "integer"
        }
      },
      "additionalProperties": false
    }
  },
  "readOnlyProperties": [
    "/properties/Id"
  ],
  "additionalProperties": false,
  "taggable": false,
  "required": [
    "NetworkAclId",
    "RuleAction",
    "RuleNumber",
    "Protocol"
  ],
  "createOnlyProperties": [
    "/properties/Egress",
    "/properties/RuleNumber",
    "/properties/NetworkAclId"
  ]
}