Simple Notification Service (SNS)
Kinesis + MQ
Databases & Analytics
NACLs vs Security Groups
Security group
Network ACL
  • At the instance level.
  • At the subnet level
  • Only allow rules.
  • Allow rules and deny rules.
  • Stateful - Return traffic is automatically allowed, regardless of any rules.
  • Stateless - Return traffic must be explicitly allowed by rules.
  • AWS evaluate all rules before deciding whether to allow traffic.
  • AWS process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic
  • Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on
  • Automatically applies to all instances in the subnets that it's associated with (therefore, it provides an additional layer of defense if the security group rules are too permissive)
Last modified 10mo ago
Copy link