ℹ️ What are VPC Security Controls?
Amazon VPC provides multiple security features that function as virtual firewalls, allowing you to precisely control network traffic at different layers of your infrastructure. The two primary security mechanisms are Security Groups and Network Access Control Lists (NACLs).
ℹ️ What is a Security Group?
A Security Group acts as a virtual firewall at the instance level, controlling inbound and outbound traffic for your Amazon EC2 instances. Security Groups provide stateful filtering, meaning return traffic is automatically allowed regardless of outbound rules.
⚠️ Important Considerations
🔒 Security Note
Security Groups are stateful, meaning if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules.
ℹ️ What is a Network ACL?
A Network ACL functions as an optional security layer for your VPC that acts as a firewall controlling traffic in and out of one or more subnets. Unlike Security Groups, NACLs operate at the subnet level and provide stateless filtering.
💡 Pro Tip
While Security Groups and NACLs can have similar rules, they work best together as complementary controls. Use Security Groups for fine-grained instance-level control and NACLs for broader subnet-level protection.
⚠️ Important Considerations