Questions and Answers
What is a key difference between Security Groups and Network ACLs?
Security Groups operate at the instance level, while Network ACLs operate at the subnet level.
Security Groups are stateful, which means return traffic is automatically allowed.
True
How do Network ACLs process rules when deciding whether to allow traffic?
Process rules in number order
When do Security Groups apply to an instance?
Signup and view all the answers
Study Notes
Network ACLs vs Security Groups
Key Differences
- Security groups operate at the instance level, whereas network ACLs operate at the subnet level.
- Security groups only support allow rules, whereas network ACLs support both allow and deny rules.
- Security groups are stateful, meaning return traffic is automatically allowed regardless of any rules, whereas network ACLs are stateless and require explicit rules to allow return traffic.
Evaluation of Rules
- Security groups evaluate all rules before deciding whether to allow traffic.
- Network ACLs process rules in numerical order when deciding whether to allow traffic.
Application Scenarios
- Security groups only apply to an instance if specified during launch or associated later on.
- Network ACLs automatically apply to all instances in the subnets they're associated with, eliminating the need for user specification.
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
Compare and contrast Network ACLs and Security Groups in AWS, including their levels of operation, rule types, and traffic evaluation methods.
