AWS Security Groups and Network Access Control List - A Comparison - AWS Certification


In this read, we will take a good look at some of the differences between Security Groups (SG) and Network Access Control List (NACL) in AWS. Let’s get started.

Security Groups (SG) Network Access Control List (NACL)
Acts as a firewall for ec2 instances Acts as a firewall for the associated subnets
Controls both inbound and outbound traffic at instance Controls both inbound and outbound traffic at the subnet level
Secures virtual private cloud instances using only security groups Acts as an additional layer of defense
Supports allow rules only Supports both allow and deny rules
Stateful in nature (i.e. return traffic automatically allowed regardless of any rules) Stateless in nature (i.e. return traffic must be explicitly allowed by the rules)
Evaluates all rules before deciding whether to allow traffic Evaluates rules in number order when deciding whether to allow traffic (starting with the lowest numbered rule)
Applies only to the instance that is associated with it Applies to all the instances in a subnet it is associated with
Can assign up to 5 security groups to an ec2 instance A subnet can be associated with 1 NACL at a time
Security Groups are associated with the network interfaces NACL is associated with multiple subnets
In default Security Group - the inbound rule is allowed for the same SG and the outbound rule is all allow In default NACL - the inbound and outbound rule are all allowed
In custom Security Group - the inbound rule is denied and the outbound rule all allows In custom NACL - the inbound and outbound rule is all denied

Good luck and Happy learning!

Feel free to share it with your friends/colleagues.


Search


Certification - Recommended Reading

AWS VPN vs AWS Direct Connect vs Software VPN vs CloudHub - AWS Certification

VPC and Subnet Route Tables - Routing in AWS

Moving Data between AWS and On-premises - Snowball vs Snowmobile vs DataSync

AWS Storage Gateway - File vs Tape vs Volume - Stored vs Cached

Security Groups vs NACL - A Comparison

Public Subnet vs Private Subnet - Routing and Internet Gateway

Private Subnets - NAT Gateway vs NAT Instance

VPC Endpoints - Gateway vs Interface, VPC Peering and VPC Flow Logs

Virtual Private Cloud and Subnet Fundamentals - VPC

AWS CloudFormation

Free Videos - Get Started with AWS Certification

Complete Course - AWS Certified Solutions Architect Associate

Get our amazing course pursued by thousands of learners

  • 400+ Lectures
  • 28 hours on-demand video
  • 18 articles
  • 2 downloadable resources
  • Full lifetime access

Image


Search