AWS network ACL deny rule
To block full access from an list of IP’s within AWS:
$ count=0; for i in `cat ips.txt` count=$((count + 1)) && aws ec2 create-network-acl-entry --network-acl-id acl-XXXXXXXX --ingress --rule-number $count --protocol all --port-range From=0,To=65535 --cidr-block $i/32 --rule-action deny
ips.txt is a file containing the IP addresses, for example:
169.254.2.2 169.254.1.2 ...
The default limit for a single network ACL rules set by AWS is 20 for ingress and 20 for egress rules including the default rules. The network ACL should not be used as a Firewall, depending on the use case is better to use a CDN, WAF, vm-firewall, etc.