AWS::EC2::Subnet BlockPublicAccessStates - Amazon CloudFormation
SyntaxProperties
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

This is the new Amazon CloudFormation Template Reference Guide. Please update your bookmarks and links. For help getting started with CloudFormation, see the Amazon CloudFormation User Guide.

AWS::EC2::Subnet BlockPublicAccessStates

Specifies the state of VPC Block Public Access (BPA).

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

JSON

{
  "InternetGatewayBlockMode" : String
}

Properties

InternetGatewayBlockMode

The mode of VPC BPA.

  • off: VPC BPA is not enabled and traffic is allowed to and from internet gateways and egress-only internet gateways in this Region.

  • block-bidirectional: Block all traffic to and from internet gateways and egress-only internet gateways in this Region (except for excluded VPCs and subnets).

  • block-ingress: Block all internet traffic to the VPCs in this Region (except for VPCs or subnets which are excluded). Only traffic to and from NAT gateways and egress-only internet gateways is allowed because these gateways only allow outbound connections to be established.

Required: No

Type: String

Allowed values: off | block-bidirectional | block-ingress

Update requires: No interruption