O'Reilly logo

Cloud Native Architectures by Piyum Zonooz, Erik Farr, Kamal Arora, Tom Laszewski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Network firewalls

Security groups (SGs) and NACLs act as firewalls for virtual machines in your cloud network plane. SGs act at the machine network interface (NI) and are generally more flexible and useful in day-to-day deployments. SGs can be modified on the fly and rules cascade down to all NIs within the group. SGs by default restrict all incoming traffic (except from other machines in the same SG) and allow all outbound traffic. NACLs are similar, but are applied across a whole subnet and by default allow all traffic.

A detailed comparison between SGs and NACLs is made in the following table:

SGs

NACLs

Operates at the instance level (first layer of defense)

Operates at the subnet level (second layer of defense)

Supports ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required