Managing ACLs and security policies

Two of the security features that are built into the VPCs are network ACLs and security groups. A detailed explanation on both can be found in this chapter, under the Network security in the VPC section. To configure network ACLs, we would navigate to the Security section of the VPC Dashboard and select Network ACLs. Here, we can create the network ACLs and modify existing ones. Select the network ACL that is associated with your VPC and explore the inbound and outbound rules and subnet associations. You can see that, by default, the ACL permits all inbound and outbound traffic and is associated with all your subnets.

To manage network traffic, you can create and associate custom NACLs with your subnets here:

Next, let's navigate to the Security Groups section and select the security group that's associated with our VPC. Here, you can see that the security group allows only inbound traffic from itself, effectively denying all traffic to the instances associated with it. To allow traffic to instances, we will be creating new security groups when we spin up EC2 instances in Chapter 5, Managing Servers on AWS with Elastic Compute Cloud. Take your time to explore the Security Groups section and familiarize yourself with the options that are available: