VPC Contd..
- Create one public and one private subnet
- Lets create two ec2 instances one in public and other in private subnets.
- AWS has two security checks to filter out network traffic
- At network interface level => Security Group
- At subnet level => Network ACL
- Incoming/Inbound/Ingress refers to packet entering your vpc & Outgoing/Outbound/Egress refres to packets leaving your vpc.
- When we create a vpc, a default NACL is created which will allow all incoming and outgoing traffic.
- The security filters of AWS i.e. both NACL and SG will search the packet
- Incoming:
- Protocol => TCP/UDP/ICMP
- Port
- Source IP Address
- Outgoing:
- Protocol => TCP/UDP/ICMP
- Port
- Destination Ip Address
- Incoming:
- NACL:
- Allows us to write rules for the packets to be allowed or denied
- Support the security filters mentioned above.
- Rules are processed based on priority => Priority is mentioned by using a number
- Security Group:
- Allows us to write rules for the packets to be allowed. If not specified it will be denied
- Support the security filters mentioned above.
- No Priority
Activity – 1
- Create an NACL and attach this to any subnet
- Allow all the traffic with in vpc
- Allow all the traffic from anywhere if is ssh (22), http (80), https (443) and also ICMP
- Create a NACL