An Access Control List (ACL) can manage (that is, it can allow or deny) inbound and outbound traffic for a subnet. An ACL is stateless, which means that inbound and outbound rules must be specified separately and explicitly. Each ACL consists of rules, based on a source IP, source port, destination IP, destination port, and protocol. Every VPC has a default ACL that allows all inbound and outbound traffic. You can edit the default ACL rules, or create a custom ACL and attach it to your subnets. A subnet can only have one ACL attached to it at any time, but one ACL can be attached to multiple subnets. To make your ACLs effective, create rules that determine how to handle your inbound and outbound network traffic. With inbound rules, you can allow or deny traffic from a source IP range, with specified protocols and ports. With outbound rules, you can allow or deny traffic to a destination IP range, with specified protocols and ports. ACL rules are prioritized and considered in sequence. Higher priority rules are evaluated first and override lower priority rules. Inbound rules are separated from outbound rules. If no rules are specified, then implicit deny is the default behavior.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit