Network ACL

  • A network access control list (ACL) is an optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnets.

  • You might set up network ACLs with rules similar to your security groups in order to add an additional layer of security to your VPC.

  • By default, a default NACL allows all inbound and outbound IPv4 traffic and, if applicable, IPv6 traffic.

  • By default, each custom network ACL denies all inbound and outbound traffic until you add rules.

  • Each subnet can and must be associated with only one NACL per VPC, if you don't specify a NACL, the subnet is automatically associated with the default network ACL. However, you can associate a network ACL with multiple subnets.

  • A network ACL contains a numbered list of rules. AWS evaluate the rules in order, starting with the lowest numbered rule.

  • Network ACLs are stateless, which means that responses to allowed inbound traffic are subject to the rules for outbound traffic (and vice versa).

PreviousVPC EndpointsNextFirewall vs IPS vs IDS

Last updated

Was this helpful?