O'Reilly logo

Designing AWS Environments by Wayde Gilchrist, Mitesh Soni

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

NACLs

While security groups surround our instances, network ACLs allow and deny traffic at the subnet boundary, both inbound and outbound.

Since we already have security groups, it may seem that network ACLs are a bit redundant. However, best practice is to back up critical firewall rules, by including them in both security groups and network ACLs. By default, every subnet already has a network ACL, but they're configured with just one rule, allow all traffic. So technically, you could consider adding any other rules to them, to deny traffic as optional. Or you can just rely on your security group rules. While this might be okay for low-security environments, consider what would happen if someone misconfigures a security group. It opens up ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required