VPC Contd..

• Create one public and one private subnet
  
• Lets create two ec2 instances one in public and other in private subnets.
  
• AWS has two security checks to filter out network traffic
  • At network interface level => Security Group
  • At subnet level => Network ACL
    
• Incoming/Inbound/Ingress refers to packet entering your vpc & Outgoing/Outbound/Egress refres to packets leaving your vpc.
• When we create a vpc, a default NACL is created which will allow all incoming and outgoing traffic.
  
• The security filters of AWS i.e. both NACL and SG will search the packet
  • Incoming:
    • Protocol => TCP/UDP/ICMP
    • Port
    • Source IP Address
  • Outgoing:
    • Protocol => TCP/UDP/ICMP
    • Port
    • Destination Ip Address
• NACL:
  • Allows us to write rules for the packets to be allowed or denied
  • Support the security filters mentioned above.
  • Rules are processed based on priority => Priority is mentioned by using a number
• Security Group:
  • Allows us to write rules for the packets to be allowed. If not specified it will be denied
  • Support the security filters mentioned above.
  • No Priority

Activity – 1

• Create an NACL and attach this to any subnet
  • Allow all the traffic with in vpc
  • Allow all the traffic from anywhere if is ssh (22), http (80), https (443) and also ICMP
• Create a NACL