AWS Security Groups and Network Access Control List - A Comparison - AWS Certification Cheat Sheet


In this read, we will take a good look at some of the differences between Security Groups (SG) and Network Access Control List (NACL) in AWS. Let’s get started.

Security Groups (SG) Network Access Control List (NACL)
Acts as a firewall for ec2 instances Acts as a firewall for the associated subnets
Controls both inbound and outbound traffic at instance Controls both inbound and outbound traffic at the subnet level
Secures virtual private cloud instances using only security groups Acts as an additional layer of defense
Supports allow rules only Supports both allow and deny rules
Stateful in nature (i.e. return traffic automatically allowed regardless of any rules) Stateless in nature (i.e. return traffic must be explicitly allowed by the rules)
Evaluates all rules before deciding whether to allow traffic Evaluates rules in number order when deciding whether to allow traffic (starting with the lowest numbered rule)
Applies only to the instance that is associated with it Applies to all the instances in a subnet it is associated with
Can assign up to 5 security groups to an ec2 instance A subnet can be associated with 1 NACL at a time
Security Groups are associated with the network interfaces NACL is associated with multiple subnets
In default Security Group - the inbound rule is allowed for the same SG and the outbound rule is all allow In default NACL - the inbound and outbound rule are all allowed
In custom Security Group - the inbound rule is denied and the outbound rule all allows In custom NACL - the inbound and outbound rule is all denied

Good luck and Happy learning!

Feel free to share it with your friends/colleagues.


Search


Certification - Recommended Reading

Elastic Load Balancer (ELB) vs Network Load Balancer (NLB) - A Difference

Elastic Beanstalk vs Cloudformation vs Opswork vs Codedeploy - A Difference

EBS HDD Storages - A Difference

AWS Shield vs AWS WAF vs AWS Macie - Protect Resources and Data Cheat Sheet

Managing Multiple AWS Accounts - Organizations, Trusted Advisor and more Cheat Sheet

Amazon CloudWatch - Logs, Events, Alarms and Dashboards Cheat Sheet

AWS CloudTrail vs Config vs CloudWatch Cheat Sheet

EBS SSD Storages - A Difference

NAT Gateway vs Instance - A Comparison

AWS VPN vs AWS Direct Connect vs Software VPN vs CloudHub Cheat Sheet

Free Videos - Get Started with AWS Certification

Amazing AWS Certification Courses

Get our amazing courses pursued by thousands of learners

Image

Image

Image


Search