This is an extension of the last article where we learnt basics of AWS VPC.
In this article, we will be learning about Security Groups and NACLs and we will do a hands-on demo as well.
Security Groups
Security Groups are like virtual firewalls that control inbound and outbound traffic for instances in your AWS Virtual Private Cloud (VPC). It is applied at the instance level.
Each EC2 instance is associated with one or more Security Groups, providing security at the instance level.
Security Groups are stateful, meaning if you allow inbound traffic, the corresponding outbound traffic is automatically allowed.
By default, all inbound and outbound traffic is denied. You explicitly specify what traffic is allowed.
You can apply a single Security Group to multiple instances, simplifying management.
NACLs
NACL stands for Network Access Control Lists. They are a set of rules that act as a security layer for subnets in your AWS Virtual Private Cloud (VPC).
Applied at the subnet level, controlling traffic in and out of the entire subnet.
Rules are processed in numerical order. The first rule that matches a packet's characteristics is applied.
Each rule specifies whether to allow or deny traffic. If there is no matching rule, the default is to deny.
NACLs come with default rules that allow all outbound traffic and deny all inbound traffic. You can customize these defaults.
NACLs are often used to add an extra layer of security beyond Security Groups, providing control at the subnet level.
Creating Security Groups and NACLs using AWS management console
It is a tedious to explain here how to create Security Groups and NACLs. Follow this tutorial to have a complete hands-on demo.
Outro
So those were all the topics related to AWS VPC. However there is much more to it, which we will look into in our future articles.
Stay tuned.