Simple Notification Service (SNS)
Kinesis + MQ
Databases & Analytics
NACLs vs Security Groups
Security group
Network ACL
  • At the instance level.
  • At the subnet level
  • Only allow rules.
  • Allow rules and deny rules.
  • Stateful - Return traffic is automatically allowed, regardless of any rules.
  • Stateless - Return traffic must be explicitly allowed by rules.
  • AWS evaluate all rules before deciding whether to allow traffic.
  • AWS process rules in order, starting with the lowest numbered rule, when deciding whether to allow traffic
  • Applies to an instance only if someone specifies the security group when launching the instance, or associates the security group with the instance later on
  • Automatically applies to all instances in the subnets that it's associated with (therefore, it provides an additional layer of defense if the security group rules are too permissive)
Copy link