AWS Classroom Series – 23/Feb/2020

Security Groups and NACL

  • AWS has a layered security. One layer at the network interface level and other at the subnet level
  • Security at the network interface level is Security Group
  • Security at the subnet level is Network ACL

Security Groups

  • They have inbound and outbound rules
  • You can enter only ALLOW Rules
  • For any network packet
    • Source ( is checked for inbound)
    • Destination (is checked for outbound rules)
    • Protocol
    • Port
  • For every VPC created we have a default security group

Network ACLs (NACL)

  • They have inbound and outbound rules
  • They have ALLOW and DENY Rules
  • They have priority also
  • For any network packet
    • Source ( is checked for inbound)
    • Destination (is checked for outbound rules)
    • Protocol
    • Port
  • For every VPC created we get a default NACL
  • Best Practices:
    • Donot write rules with consecutive number. Ensure there is atleast a gap of 10 numbers b/w
    • Try to write deny rules for specific ip address on the top

Preview

Exercise:

  • Create a VPC with two public subnets
  • All traffic should be allowed to ec2 machine in subnet1 (security group)
  • Create a NACL for Subnet 2
    • It allows http and ssh connections from subnet1
    • No other connections from internet

Preview

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About learningthoughtsadmin