NACL stands for Network Access Control List
- It is a function performed on the implied router.
- NACL is a optional layer of security for your VPC that acts as a firewall for controlling traffic in and out of one or more subnet.
- Your VPC automatically comes with a modifiable default network ACL. By default it allows all inbound and outbound IPv4 traffic and if applicable, IPv6 traffic.
- You can create a custom network ACL and associate it with a subnet. By default, each custom NACL denies all inbound and outbound traffic.
- Each subnet in your VPC must be associated with a network ACL. If you don’t explicitly associate a subnet with a NACL. The subnet is automatically associate with the default network ACL.