NACL refers to Network Access Control List, which helps provide a layer of security to the Amazon Web Services stack.
NACL helps in providing a firewall thereby helping secure the VPCs and subnets. It helps provide a security layer which controls and efficiently manages the traffic that moves around in the subnets. It is an optional layer for VPC, which adds another security layer to the Amazon service.
VPC refers to Virtual private Cloud, which can be visualized as a container that stores subnets. Subnets can be considered as a container, which helps store data.
Following are the components of Network Access Control List (NACL):
Rules are created with specific increments, like the difference between 2 rules is either 1,10, 100 and all the rules created have this same difference.
There are two types of NaCl:
Let us consider the below use case:
When a website needs to be accessed, the request from the user has to hit the right port, and the website has to access the database and by extracting the appropriate data, it has to give back a response to the user.
The VPC comes in-built with a default NACL, which applies to ipv4 traffic. A custom NACL can be created, which can be associated with a subnet. This customized NACL’s default behaviour is to deny incoming and outgoing ipv4 traffic. It has to be specified rules, so as to behave in a certain way when it receives a request.
Multiple subnets can be bound with a single NACL, but one subnet can be bound with a single NACL only, at a time.
In this post, we saw how a network ACL can be used to secure amazon services.