diff --git a/builtin/providers/aws/network_acl_entry.go b/builtin/providers/aws/network_acl_entry.go
new file mode 100644
index 000000000..f692c3f6a
--- /dev/null
+++ b/builtin/providers/aws/network_acl_entry.go
@@ -0,0 +1,71 @@
+package aws
+
+import (
+
+	"github.com/mitchellh/goamz/ec2"
+)
+
+func expandNetworkAclEntries(configured []interface{}) ([]ec2.NetworkAclEntry) {
+	entries := make([]ec2.NetworkAclEntry, 0, len(configured))
+
+	for _, eRaw := range configured {
+		data := eRaw.(map[string]interface{})
+		p := extractProtocolInteger(data["protocol"].(string))
+		e := ec2.NetworkAclEntry{
+			Protocol:  p,
+			PortRange: ec2.PortRange{
+				From:  data["from_port"].(int),
+				To:    data["to_port"].(int),
+			},
+			Egress: false,
+			RuleAction: data["action"].(string),
+			RuleNumber: data["rule_no"].(int),
+			CidrBlock: data["cidr_block"].(string),
+		}
+		entries = append(entries, e)
+	}
+
+	return entries
+
+}
+
+func flattenNetworkAclEntries(list []ec2.NetworkAclEntry) []map[string]interface{} {
+	entries := make([]map[string]interface{}, 0, len(list))
+
+		for _, entry := range list {
+		entries = append(entries, map[string]interface{}{
+				"from_port": entry.PortRange.From,
+				"to_port": entry.PortRange.To,
+				"action": entry.RuleAction,
+				"rule_no": entry.RuleNumber,
+				"protocol":  extractProtocolString(entry.Protocol),
+				"cidr_block":  entry.CidrBlock,
+			})
+		}
+	return entries
+
+}
+
+func extractProtocolInteger(protocol string) int {
+	return protocolIntegers()[protocol]
+}
+
+func extractProtocolString(protocol int) string {
+	for key, value := range protocolIntegers() {
+		if value == protocol{
+			return key
+		}
+	}
+	return ""
+}
+
+
+func protocolIntegers() map[string]int{
+	var protocolIntegers =  make(map[string]int)
+	protocolIntegers = map[string]int{
+		 "udp": 17,
+		 "tcp": 6,
+		 "icmp": 1,
+	}
+	return protocolIntegers
+}
diff --git a/builtin/providers/aws/network_acl_entry_test.go b/builtin/providers/aws/network_acl_entry_test.go
new file mode 100644
index 000000000..c3f8405a4
--- /dev/null
+++ b/builtin/providers/aws/network_acl_entry_test.go
@@ -0,0 +1,120 @@
+package aws
+
+import (
+	"reflect"
+	"testing"
+
+	"github.com/mitchellh/goamz/ec2"
+)
+
+func Test_expandNetworkAclEntryJoJo(t *testing.T) {
+	input := []interface{}{
+		map[string]interface{}{
+			"protocol":    "tcp",
+			"from_port":   22,
+			"to_port":     22,
+			"cidr_block": "0.0.0.0/0",
+			"action": "deny",
+			"rule_no": 1,
+		},
+		map[string]interface{}{
+			"protocol":    "tcp",
+			"from_port":   443,
+			"to_port":     443,
+			"cidr_block": "0.0.0.0/0",
+			"action": "deny",
+			"rule_no": 2,
+		},
+	}
+	expanded := expandNetworkAclEntries(input)
+
+	expected := []ec2.NetworkAclEntry{
+		ec2.NetworkAclEntry{
+			Protocol:  6,
+			PortRange: ec2.PortRange{
+				From:  22,
+				To:    22,
+			},
+			RuleAction: "deny",
+			RuleNumber: 1,
+			CidrBlock: "0.0.0.0/0",
+			Egress: false,
+			IcmpCode:ec2.IcmpCode{Code:0, Type:0},
+		},
+		ec2.NetworkAclEntry{
+			Protocol:  6,
+			PortRange: ec2.PortRange{
+				From:  443,
+				To:    443,
+				},
+			RuleAction: "deny",
+			RuleNumber: 2,
+			CidrBlock: "0.0.0.0/0",
+			Egress: false,
+			IcmpCode:	ec2.IcmpCode{Code:0, Type:0},
+		},
+	}	
+
+	if !reflect.DeepEqual(expanded, expected) {
+		t.Fatalf(
+			"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
+			expanded[0],
+			expected)
+	}
+
+}
+
+func Test_flattenNetworkAclEntryJoJo(t *testing.T) {
+	
+	apiInput := []ec2.NetworkAclEntry{
+		ec2.NetworkAclEntry{
+			Protocol:  6,
+			PortRange: ec2.PortRange{
+				From:  22,
+				To:    22,
+			},
+			RuleAction: "deny",
+			RuleNumber: 1,
+			CidrBlock: "0.0.0.0/0",
+		},
+		ec2.NetworkAclEntry{
+			Protocol:  6,
+			PortRange: ec2.PortRange{
+				From:  443,
+				To:    443,
+				},
+			RuleAction: "deny",
+			RuleNumber: 2,
+			CidrBlock: "0.0.0.0/0",
+		},
+	}
+	flattened := flattenNetworkAclEntries(apiInput)
+
+	expected := []map[string]interface{}{
+				map[string]interface{}{
+			"protocol":    "tcp",
+			"from_port":   22,
+			"to_port":     22,
+			"cidr_block": "0.0.0.0/0",
+			"action": "deny",
+			"rule_no": 1,
+		},
+		map[string]interface{}{
+			"protocol":    "tcp",
+			"from_port":   443,
+			"to_port":     443,
+			"cidr_block": "0.0.0.0/0",
+			"action": "deny",
+			"rule_no": 2,
+		},
+	}
+
+
+	if !reflect.DeepEqual(flattened, expected) {
+		t.Fatalf(
+			"Got:\n\n%#v\n\nExpected:\n\n%#v\n",
+			flattened,
+			expected)
+	}
+
+}