- AWS Certified Advanced Networking:Specialty Exam Guide
- Marko Sluga
- 215字
- 2021-06-24 14:14:54
NACLs
The second layer of defense is our NACLs. NACLs allow or deny traffic that's coming in or out of the subnet, and are defined as stateless rules that work in exactly one direction. An ACL can be used to define strict rules on network access and provide protection at the network level. The NACLs reside at the entry point to the subnet, and each subnet has a default NACL that is modifiable and can be used to control the traffic when it goes in and out. We can also create additional NACLs, but a subnet in a VPC can only be assigned to one NACL at a time.
NACLs protect subnets within our VPCs in a very similar way to how security groups protect instances. Unlike security groups, NACLs allow all traffic between subnets and gateways by default, so that the security approach that needs to be implemented with NACLs is closing the ports instead of opening them. Also, ACLs can be used when a certain set of IP addresses need to be prevented from accessing our networks; for example, if we need to block certain geographies or a certain set of IPs that have been determined to be malicious.
The following diagram shows how security groups and network ACLs apply within a VPC:

- Natural Language Processing Fundamentals
- 數據挖掘實用案例分析
- 人工智能工程化:應用落地與中臺構建
- Data Wrangling with Python
- 軟件工程及實踐
- 水晶石影視動畫精粹:After Effects & Nuke 影視后期合成
- MATLAB-Simulink系統仿真超級學習手冊
- 基于RPA技術財務機器人的應用與研究
- PostgreSQL High Performance Cookbook
- 傳感技術基礎與技能實訓
- PVCBOT零基礎機器人制作(第2版)
- Microsoft Power BI Complete Reference
- 谷物干燥節能供熱技術與裝備
- 中文版Photoshop CS6數碼照片處理高手速成
- MATLAB寶典