What are the differences between AWS Security Group and NACLs (Network Access Control List)?
Security Group NACL
Security Groups: A security group in AWS act as a virtual firewall which controls the traffic that is allowed to reach or leave the associated resources.
The main characteristics of a security group are as listed below:
1. Security group operates at the instance level
2. This is stateful: return traffic is automatically allowed, once the incoming traffic is already trusted
3. All rules are evaluated every time before deciding whether to allow the traffic
4. It supports allow rules only
5. Applies to an EC2 instance, only when someone do it manually
NACL (Network Access Control List): A network access control list (NACL) in AWS act as an additional layer of security that controls traffic (in and out) at VPC level for one or more subnets associated with the respective VPC (Virtual Private Cloud).
The main characteristics of a NACL are as listed below:
1. NACL operates at the subnet level
2. This is stateless: return traffic must be explicitly allowed by rules else the return traffic will be denied
3. Rules are evaluated in order (lowest to highest) when deciding whether to allow traffic, the lowest number has the highest priority
4. It supports both allow and deny rules
5. It applies automatically to all EC2 instances in the subnet associated with the respective VPC
Cheers! Write me back if you have any queries or feedback.