Please enable JavaScript.
Coggle requires JavaScript to display documents.
ACL / NACL (associated with subnets (subnet needs an ACL (default if not…
ACL / NACL
associated with subnets
subnet needs an ACL (default if not explicitly assigned
ACL can be associated with multiple ACLs
SG
: associated with resources
Stateful: inbound rule creates same as outbound and vice versa
if subnet is not associated with an ACL
SN get the default ACL
beware: default ACL all traffic in/out allowed
stateless
inbound / outbound separated
create
VPC
ACL
create Rule
will deny all traffic by default
ephemeral ports
open via ACL
ports to open to allow communication to be continued once established over well known ports
OS dependent
windows 1024-6xxxx
linux 31xxx-6xxxx
open tcp 1024 - 64000 will work
acts as firewall for inbound outbound rules before traffic ends in private subnet
rules evaluated in order (number, lowest first)
ACL always before SG
Can further restrict SGs
First ACL then SG
remember ephemeral ports for outbound
see [
https://coggle.it/diagram/XLHvGemriIT0ysck/t/security-group
| Security Groups]