You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: website/docs/r/is_network_acl_rule.html.markdown
+8-1Lines changed: 8 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -119,6 +119,13 @@ Review the argument references that you can specify for your resource.
119
119
120
120
-`action` - (Required, String) Whether to **allow** or **deny** matching traffic.
121
121
-`before` - (Optional, String) The unique identifier of the rule that this rule is immediately before. If unspecified, this rule will be inserted after all existing rules. While modifying the resource, specify **"null"** (within double quotes) to move this rule after all existing rules.
122
+
123
+
~> **NOTE:** When using the `before` attribute to specify rule ordering:</br>
124
+
1. Adding a new rule with the `before` attribute will change the position of that rule in the ACL rule list, which may affect the evaluation order of other rules.</br>
125
+
2. Updating the `before` attribute of an existing rule will reposition that rule, potentially causing changes to other rules' relative positions in the evaluation sequence.</br>
126
+
3. Setting `before = "null"` will move the rule to the end of the ACL rule list.</br>
127
+
These position changes are expected and reflect the actual state of your network ACL ruleset, however, they may cause Terraform to show additional changes in other rules during subsequent plan/apply operations.
128
+
122
129
-`destination` - (Required, String) The destination IP address or CIDR block.
123
130
-`direction` - (Required, String) Whether the traffic to be matched is **inbound** or **outbound**.
124
131
-`icmp` - (Optional, List) The protocol ICMP.
@@ -144,7 +151,7 @@ Review the argument references that you can specify for your resource.
144
151
-`source_port_max` - (Optional, Integer) The highest port in the range of ports to be matched; if unspecified, **65535** is used.
145
152
-`source_port_min` - (Optional, Integer) The lowest port in the range of ports to be matched; if unspecified, **1** is used.
146
153
147
-
~> **NOTE:**: Only one type of protocol out of **icmp**, **tcp**, or **udp** can be used to create a new rule. If none is provided, **all** is selected.
154
+
~> **NOTE:** Only one type of protocol out of **icmp**, **tcp**, or **udp** can be used to create a new rule. If none is provided, **all** is selected.
148
155
149
156
## Attribute reference
150
157
In addition to all argument reference list, you can access the following attribute reference after your resource is created.
0 commit comments