NACL is defined at the VPC level. It's stateless in nature. It is an optional security layer in a VPC, which basically works as a firewall to control incoming and outgoing traffic for one or more subnets in a VPC.
When we define a VPC in AWS and create subnets, a default NACL is automatically created. You can see it from the AWS Management Console, under the VPC section:
In the preceding screenshot, we can see that NACL rules are defined by the following:
- Rule #: All the rules are defined by a number. NACL processes the rules on the basis of sequence, where the rule with the lowest number is applied first. In the preceding screenshot, ...