In this article we’ll compare and contrast network access control lists (nacl) and security groups.And explain when you might want to choose one over the other. A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets. This is an advanced resource, and has special caveats to be aware of when using it. » Resource: aws_network_acl You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. However, ACL rules include an additional field called ‘Rule #’, which allows you to number your rules.This is important, because ACL rules are read in ascending order, with each rule applied against matching packets regardless of whether a later rule might also match. You will notice that the AWS Network ACL rule base works much the same way as the rules within security groups. Welcome to part 11 of a multiple part course on passing your AWS Architect, Developer & Sysops Associate exams.
Each VPC created in AWS comes with a Default Network ACL that can be managed, but not destroyed. VPC Only. You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC. » Resource: aws_default_network_acl Provides a resource to manage the default AWS Network ACL. Security Groups and Network ACLs TL;DR: Security group is the firewall of EC2 Instances whereas Network ACL is the firewall of the Subnet. The best part…this course is totally free of charge! NOTE on Network ACLs and Network ACL Rules: Terraform currently provides both a standalone Network ACL Rule resource and a Network ACL resource with rules defined in-line.