AWS Security Groups and Network Access Control List - A Comparison - AWS Certification Cheat Sheet


In this read, we will take a good look at some of the differences between Security Groups (SG) and Network Access Control List (NACL) in AWS. Let’s get started.

Security Groups (SG) Network Access Control List (NACL)
Acts as a firewall for ec2 instances Acts as a firewall for the associated subnets
Controls both inbound and outbound traffic at instance Controls both inbound and outbound traffic at the subnet level
Secures virtual private cloud instances using only security groups Acts as an additional layer of defense
Supports allow rules only Supports both allow and deny rules
Stateful in nature (i.e. return traffic automatically allowed regardless of any rules) Stateless in nature (i.e. return traffic must be explicitly allowed by the rules)
Evaluates all rules before deciding whether to allow traffic Evaluates rules in number order when deciding whether to allow traffic (starting with the lowest numbered rule)
Applies only to the instance that is associated with it Applies to all the instances in a subnet it is associated with
Can assign up to 5 security groups to an ec2 instance A subnet can be associated with 1 NACL at a time
Security Groups are associated with the network interfaces NACL is associated with multiple subnets
In default Security Group - the inbound rule is allowed for the same SG and the outbound rule is all allow In default NACL - the inbound and outbound rule are all allowed
In custom Security Group - the inbound rule is denied and the outbound rule all allows In custom NACL - the inbound and outbound rule is all denied

Good luck and Happy learning!

Feel free to share it with your friends/colleagues.

Certification - Recommended Reading

Cloud Certifications - AWS, Azure and Google Cloud - Top 8 FAQ For Me

Google Cloud For Beginners - How to choose a Database Service?

Teaching Cloud Certifications - Top 6 Learnings

Google Cloud For Beginners - How to choose a Compute Service?

Important Kubernetes Concepts Made Easy

Introduction to Google Cloud - For AWS Professionals

Getting Started with Docker - 5 Easy Steps

GCP PubSub - GCP Certification Cheat Sheet

GCP IAM - GCP Certification Cheat Sheet

GCP App Engine - GCP Certification Cheat Sheet

WHAT NEXT?

Congratulations on reading this article!

Wondering what to learn next?

MY RECOMMENDATIONS

Keep Learning Every Day

Check Out Our Amazing ROADMAPS