Friday 3 June 2022

Difference between AWS Security Groups and NACLs

What are the differences between AWS Security Group and NACLs (Network Access Control List)?

Security Group NACL

Security Groups: A security group in AWS act as a virtual firewall which controls the traffic that is allowed to reach or leave the associated resources.

The main characteristics of a security group are as listed below:

1. Security group operates at the instance level

2. This is stateful: return traffic is automatically allowed, once the incoming traffic is already trusted

3. All rules are evaluated every time before deciding whether to allow the traffic

4. It supports allow rules only

5. Applies to an EC2 instance, only when someone do it manually


NACL (Network Access Control List): A network access control list (NACL) in AWS act as an additional layer of security that controls traffic (in and out) at VPC level for one or more subnets associated with the respective VPC (Virtual Private Cloud).

The main characteristics of a NACL are as listed below:

1. NACL operates at the subnet level

2. This is stateless: return traffic must be explicitly allowed by rules else the return traffic will be denied

3. Rules are evaluated in order (lowest to highest) when deciding whether to allow traffic, the lowest number has the highest priority

4. It supports both allow and deny rules

5. It applies automatically to all EC2 instances in the subnet associated with the respective VPC


Cheers! Write me back if you have any queries or feedback.

1 comment:

  1. You have worked nicely with your insights that makes our work easy. The information you have provided is really factual and significant for us. Keep sharing these types of article. aws cloud administrator