diff --git a/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py b/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py
index 30be54745c..824b3a2956 100644
--- a/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py
@@ -369,7 +369,10 @@ def remove_network_acl(client, module):
 #Boto3 client methods
 def create_network_acl(vpc_id, client, module):
     try:
-        nacl = client.create_network_acl(VpcId=vpc_id)
+        if module.check_mode:
+            nacl = dict(NetworkAcl=dict(NetworkAclId="nacl-00000000"))
+        else:
+            nacl = client.create_network_acl(VpcId=vpc_id)
     except botocore.exceptions.ClientError as e:
         module.fail_json(msg=str(e))
     return nacl
@@ -377,37 +380,41 @@ def create_network_acl(vpc_id, client, module):
 
 def create_network_acl_entry(params, client, module):
     try:
-        result = client.create_network_acl_entry(**params)
+        if not module.check_mode:
+            client.create_network_acl_entry(**params)
     except botocore.exceptions.ClientError as e:
         module.fail_json(msg=str(e))
-    return result
 
 
 def create_tags(nacl_id, client, module):
     try:
         delete_tags(nacl_id, client, module)
-        client.create_tags(Resources=[nacl_id], Tags=load_tags(module))
+        if not module.check_mode:
+            client.create_tags(Resources=[nacl_id], Tags=load_tags(module))
     except botocore.exceptions.ClientError as e:
         module.fail_json(msg=str(e))
 
 
 def delete_network_acl(nacl_id, client, module):
     try:
-        client.delete_network_acl(NetworkAclId=nacl_id)
+        if not module.check_mode:
+            client.delete_network_acl(NetworkAclId=nacl_id)
     except botocore.exceptions.ClientError as e:
         module.fail_json(msg=str(e))
 
 
 def delete_network_acl_entry(params, client, module):
     try:
-        client.delete_network_acl_entry(**params)
+        if not module.check_mode:
+            client.delete_network_acl_entry(**params)
     except botocore.exceptions.ClientError as e:
         module.fail_json(msg=str(e))
 
 
 def delete_tags(nacl_id, client, module):
     try:
-        client.delete_tags(Resources=[nacl_id])
+        if not module.check_mode:
+            client.delete_tags(Resources=[nacl_id])
     except botocore.exceptions.ClientError as e:
         module.fail_json(msg=str(e))
 
@@ -472,7 +479,8 @@ def replace_network_acl_association(nacl_id, subnets, client, module):
     for association in describe_acl_associations(subnets, client, module):
         params['AssociationId'] = association
         try:
-            client.replace_network_acl_association(**params)
+            if not module.check_mode:
+                client.replace_network_acl_association(**params)
         except botocore.exceptions.ClientError as e:
             module.fail_json(msg=str(e))
 
@@ -483,14 +491,16 @@ def replace_network_acl_entry(entries, Egress, nacl_id, client, module):
         params = entry
         params['NetworkAclId'] = nacl_id
         try:
-            client.replace_network_acl_entry(**params)
+            if not module.check_mode:
+                client.replace_network_acl_entry(**params)
         except botocore.exceptions.ClientError as e:
             module.fail_json(msg=str(e))
 
 
 def restore_default_acl_association(params, client, module):
     try:
-        client.replace_network_acl_association(**params)
+        if not module.check_mode:
+            client.replace_network_acl_association(**params)
     except botocore.exceptions.ClientError as e:
         module.fail_json(msg=str(e))
 
@@ -526,7 +536,8 @@ def main():
         state=dict(default='present', choices=['present', 'absent']),
         ),
     )
-    module = AnsibleModule(argument_spec=argument_spec)
+    module = AnsibleModule(argument_spec=argument_spec,
+                           supports_check_mode=True)
 
     if not HAS_BOTO3:
         module.fail_json(msg='json, botocore and boto3 are required.')
diff --git a/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl_facts.py b/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl_facts.py
index abab04e84d..9247b3bc8c 100644
--- a/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl_facts.py
+++ b/lib/ansible/modules/cloud/amazon/ec2_vpc_nacl_facts.py
@@ -103,17 +103,21 @@ nacl:
             type: list of list
 '''
 
+from ansible.module_utils.basic import AnsibleModule
+from ansible.module_utils.ec2 import ec2_argument_spec, boto3_conn, get_aws_connection_info
+from ansible.module_utils.ec2 import ansible_dict_to_boto3_filter_list, HAS_BOTO3
+from ansible.module_utils.ec2 import camel_dict_to_snake_dict, boto3_tag_list_to_ansible_dict
+
 try:
-    import boto3
     from botocore.exceptions import ClientError, NoCredentialsError
-    HAS_BOTO3 = True
 except ImportError:
-    HAS_BOTO3 = False
+    pass  # caught by imported HAS_BOTO3
 
 # VPC-supported IANA protocol numbers
 # http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xhtml
 PROTOCOL_NAMES = {'-1': 'all', '1': 'icmp', '6': 'tcp', '17': 'udp'}
 
+
 def list_ec2_vpc_nacls(connection, module):
 
     nacl_ids = module.params.get("nacl_ids")
@@ -134,10 +138,10 @@ def list_ec2_vpc_nacls(connection, module):
         if 'tags' in nacl:
             nacl['tags'] = boto3_tag_list_to_ansible_dict(nacl['tags'], 'key', 'value')
         if 'entries' in nacl:
-            nacl['egress'] = [nacl_entry_to_list(e) for e in nacl['entries']
-                              if e['rule_number'] != 32767 and e['egress']]
-            nacl['ingress'] = [nacl_entry_to_list(e) for e in nacl['entries']
-                               if e['rule_number'] != 32767 and not e['egress']]
+            nacl['egress'] = [nacl_entry_to_list(entry) for entry in nacl['entries']
+                              if entry['rule_number'] != 32767 and entry['egress']]
+            nacl['ingress'] = [nacl_entry_to_list(e) for entry in nacl['entries']
+                               if entry['rule_number'] != 32767 and not entry['egress']]
             del nacl['entries']
         if 'associations' in nacl:
             nacl['subnets'] = [a['subnet_id'] for a in nacl['associations']]
@@ -148,6 +152,7 @@ def list_ec2_vpc_nacls(connection, module):
 
     module.exit_json(nacls=snaked_nacls)
 
+
 def nacl_entry_to_list(entry):
 
     elist = [entry['rule_number'],
@@ -170,6 +175,7 @@ def nacl_entry_to_list(entry):
 
     return elist
 
+
 def main():
 
     argument_spec = ec2_argument_spec()
@@ -181,10 +187,7 @@ def main():
     )
 
     module = AnsibleModule(argument_spec=argument_spec,
-                           mutually_exclusive=[
-                               ['nacl_ids', 'filters']
-                           ]
-                           )
+                           mutually_exclusive=[['nacl_ids', 'filters']])
 
     if not HAS_BOTO3:
         module.fail_json(msg='boto3 required for this module')
@@ -199,8 +202,5 @@ def main():
 
     list_ec2_vpc_nacls(connection, module)
 
-from ansible.module_utils.basic import *
-from ansible.module_utils.ec2 import *
-
 if __name__ == '__main__':
     main()
diff --git a/test/sanity/pep8/legacy-files.txt b/test/sanity/pep8/legacy-files.txt
index d60e138e34..d3614f2477 100644
--- a/test/sanity/pep8/legacy-files.txt
+++ b/test/sanity/pep8/legacy-files.txt
@@ -32,7 +32,6 @@ lib/ansible/modules/cloud/amazon/ec2_vol.py
 lib/ansible/modules/cloud/amazon/ec2_vol_facts.py
 lib/ansible/modules/cloud/amazon/ec2_vpc_dhcp_options.py
 lib/ansible/modules/cloud/amazon/ec2_vpc_nacl.py
-lib/ansible/modules/cloud/amazon/ec2_vpc_nacl_facts.py
 lib/ansible/modules/cloud/amazon/ec2_vpc_net.py
 lib/ansible/modules/cloud/amazon/ec2_vpc_net_facts.py
 lib/ansible/modules/cloud/amazon/ec2_vpc_peer.py