Reviving my question from yesterday: how can I read NACL rules (not managed by Pulumi)? The getNetworkAcls function seems to hide the "Entries" part of what's returned from the SDK's DescribeNetworkAcls, so I can inspect the rules programmatically.
I tried used the SDK directly, but this is problematic because I don't have any creds available to get a client, I only have the Pulumi provider, which doesn't expose the creds.