- Amazon VPC - Home
- What is Amazon VPC?
- Amazon VPC - Components
- Creating Your First VPC
- Public vs Private Subnets
- Amazon VPC - Security Groups
- Network Access Control Lists
- Amazon VPC - Flow Logs
- Amazon VPC - Endpoints
- Amazon VPC - Peering
Amazon VPC Useful Resources
Amazon VPC - Network Access Control Lists
Network Access Control Lists (NACLs) provide another layer of security but at the subnet level. Unlike Security Groups, NACLs are stateless, meaning that each request and response must be explicitly allowed by separate rules.
How to Configure Network Access Control Lists?
Given below is a step-by-step guide to configuring NACLs for your VPC −
Step 1: Access the Amazon VPC Console
First, click on the link https://aws.amazon.com/console/ to go to the AWS Console. Login using your credentials to log in to your AWS account and go to VPC dashboard. Under Security, click on Network ACLs.
Step 2: Create a New NACL
Click the Create Network ACL button. First, you need to provide a name for your NACL. Now, choose the VPC where the NACL will be applied. Finally, click Create.
Step 3: Associate NACL with a Subnet
Once your NACL is created, you need to associate it with one or more subnets.
First, select the NACL you just created. Next, click on the Subnet Associations tab, then click Edit Subnet Associations. Finally, select the subnets where you want to apply the NACL and click Save.
Step 4: Configure Inbound Rules
Inbound rules control the traffic that is allowed into the subnet. You need to define the rules for each type of traffic you want to allow or deny.
First, under Inbound Rules, click Edit Inbound Rules. Next, click Add Rule and define the following for each rule:
Rule Number − It is a numerical identifier for the rule.
Type − You need to choose the type of traffic (e.g., HTTP, HTTPS, SSH).
Protocol − Select the protocol (e.g., TCP, UDP, ICMP). You can also select ALL Traffic.
Port Range − It is used to define the specific port range (e.g., 80 for HTTP, 443 for HTTPS, 22 for SSH).
Source − This field is used to specify the allowed source IP range (e.g., 0.0.0.0/0 for all IPs or a specific IP range).
Allow/Deny − You can choose whether to allow or deny the traffic.
Step 5: Configure Outbound Rules
Outbound rules control the traffic that is allowed to leave the subnet.
Under Outbound Rules, click Edit Outbound Rules. Click Add Rule and define the rule parameters −
Rule Number − A unique identifier.
Type − The type of traffic (e.g., HTTP, HTTPS).
Protocol − Select the protocol (TCP, UDP, ICMP).
Port Range − Define the port range.
Destination − Specify the allowed destination IP range.
Allow/Deny − Choose to allow or deny the traffic.
Step 6: Save and Review Rules
Once you have configured your inbound and outbound rules, click the Save button to apply the changes.