Sunday, January 2, 2022

Security group and NACL


What are AWS Security Groups? 

An AWS security group acts as a virtual firewall for your EC2 instances to control incoming and outgoing traffic. Both inbound and outbound rules control the flow of traffic to and traffic from your instance, respectively.


- security group on instance level

- security group on database level


 














REf:
https://www.youtube.com/watch?v=fpxDGU2KdkA  (from 33 min)





What is a Security Group?

It adds a security layer to EC2 instances that control both inbound and outbound traffic at the instance level.

What is NACL?

NACL also adds an additional layer of security associated with subnets that control both inbound and outbound traffic at the subnet level.

Combining Security Group and NACL

Maximum number of rules that exist per NACL: 20

Maximum number of rules that can exist per Security Group: 50

How to find Nth Highest Salary in SQL

Maximum number of Security Groups that can exist per instance: 5

Maximum number of rules that can exist per instance: 5*50 + 20 = 270

Differences b/w Security Group and NACL

What is a Security Group
Security GroupNACL (Network Access Control List)
It supports only allow rules, and by default, all the rules are denied. You cannot deny the rule for establishing a connection.It supports both allow and deny rules, and by default, all the rules are denied. You need to add the rule which you can either allow or deny it.
It is a stateful means that any changes made in the inbound rule will be automatically reflected in the outbound rule. For example, If you are allowing an incoming port 80, then you also have to add the outbound rule explicitly.It is a stateless means that any changes made in the inbound rule will not reflect the outbound rule, i.e., you need to add the outbound rule separately. For example, if you add an inbound rule port number 80, then you also have to explicitly add the outbound rule.
It is associated with an EC2 instance.It is associated with a subnet.
All the rules are evaluated before deciding whether to allow the traffic.Rules are evaluated in order, starting from the lowest number.
Security Group is applied to an instance only when you specify a security group while launching an instance.NACL has applied automatically to all the instances which are associated with an instance.
It is the first layer of defense.It is the second layer of defense.
-
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Autoboxing and Unboxing

  Autoboxing  is the automatic conversion that the Java compiler makes between the primitive types and their corresponding object wrapper cl...

  • new Date(); manupulation in JS
    let today = new Date (); let dd = String ( today . getDate ()). padStart ( 2 , '0' ); let m...
  • HostBinding, HostListener
    A quick tip that helps me remember what they do - HostBinding('value') myValue;  is exactly the same as  [value]="myValue...
  • VPC peering
      What is VPC Take a small piece of AWS network and call it your own, control IP address ranges, routing patterns, tighten security etc. AWS...