How to do it...

1. Log in to your AWS account and open the VPC Dashboard.

1. Click on Network ACLs from the left menu bar under the Security menu. Default NACLs created with a default VPC and other VPCs that we created in Chapter 1, Getting Started with AWS Networking Components, appear on the screen. If you click on Inbound Rules and Outbound Rules, you will see that there is a rule number 100 which allows all traffic with all protocols from all ports. So effectively, the firewall is all open and traffic from any source, protocol, and port can connect to resources in this NACL. In the Subnet Associations tab, you can see that both subnets in the VPC are associated with NACL:

1. Click on Create Network ACL for creating a new NACL. Provide the Name tag and select the VPC for which you want to create an NACL. Click on Yes, Create:

1. You can see that the Default column is No for the NACL that we just created. Click on Inbound Rules or Outbound Rules:

1. Click on the Edit button in the Inbound Rules tab. Click on Add another rule. You can add multiple rules. Here I am allowing all traffic for simplicity. Click on the Save button:

1. Click on the Edit button in the Outbound Rules tab. Click on Add another rule. You can add multiple rules. Here I am allowing all traffic for simplicity. Click on the Save button:

1. Click on Subnet Associations. Select the subnet that we created earlier. Click on the Save button:

1. We can go and select the subnet menu and see that the NACL associated with the subnet has changed:

1. If a custom NACL is not associated with any subnet, it can be deleted by selecting the Delete button in the console. However, we can't delete the NACL that we created now as it is attached to a subnet. First we need to replace the subnet association, as given in step 7, and then can delete it if required.