Network ACLs

NACL stands for Network Access Control List

  • It is a function performed on the implied router.
  • NACL is a optional layer of security for your VPC that acts  as a firewall for controlling traffic in and out of one or more subnet.
  • Your VPC automatically comes with a modifiable default network ACL. By default it allows all inbound and outbound IPv4 traffic and if applicable, IPv6 traffic. 
  • You can create a custom network ACL and associate it with a subnet. By default, each custom NACL denies all inbound and outbound traffic.
  • Each subnet in your VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a NACL. The subnet is automatically associate with the default network ACL.