- Network ACL is used to control traffic to the subnets.
- When we create a vpc we get a default Network acl which allows all inbound (incoming/ingress) and outbound connections
- Each Subnet must be associated with a network ACL
- One Network ACL can be associated with multiple subnets in a vpc
- Network ACLs contains number list of rules
- These rules are evaluated from the lowest number rule to the highest number rule
- Lowest Rule number is 1 and highest is 32766
- We have inbound ACL Rules and outbound ACL Rules
- Each Network ACL Rule has
- Rule Number
- Type: The type of traffic
- Port Range:
- Source: this is for inbound rules
- Destination: this is for outbound rules
- Allow/Deny: Whether to allow or deny the specified traffic.
* Lets create a NACL which allows all the tcp from our ip address and all traffic from with in vpc and denies the rest
Multiple VPC Scenario
- Create the following vpcs and ec2 instances
- open tcp 22 & icmp in security group for both ec2 instances
- We need private connectivity between two vpcs in AWS (in same region/different region)
- Establishing private connectivity between two networks is done by using Virtual Private Network (VPN) more specifically we call this as site-to-site VPN.
- We need to explore on how to connect
- between two VPCs
- between VPC and your organization (on-premises) network.