Here’re the differences between AWS Network ACL and security group. This is the best interview question.
AWS Security group
- It’s an instance level
- It’s a basic security layer
- it’s Stateful. That means – return traffic is automatically allowed regardless of rules.
- The security of Security group level is the responsibility of AWS
- AWS validates all rules whether to allow traffic
Security group is a first level of security at instance level.
AWS Network ACL
- it’s also called Network Access Control Layer
- It’s an additional security layer at the subnet level (important interview question)
- It acts as a firewall to the entire subnet.
- Since it’s the top layer over the Security group, the first priority goes to ACL.
- Once created the ACL, it applies to all the instances in that subnet.
- It’s Stateless; return traffic must be allowed explicitly.
- With this, you can allow the traffic or deny the traffic.
Network ACL is additional security layer at Subnet Level
Schematic Diagram of Subnet and Instances
Simple explanation is, a subnet is having multiple instances. Security group is at instance level and ACL is at subnet level. Here, VPC means Virtual private cloud.
Get new content delivered directly to your inbox.