Learn AWS Network ACL and Security Groups in under 5 minutes
The purpose of this article is to give a quick overview of Network ACLs and Security Groups in the AWS cloud. After you understand this, you'll have an easy time going through technical, in-depth documents and tutorials.
Concepts
In AWS both Network ACLs (Access Control List) and Security Groups work like firewalls. But they secure different levels of the AWS stack.
- Network ACL = a "firewall" securing VPCs and Subnets
- Security Group = a "firewall" securing Instances
VPCs (Virtual Private Cloud), Subnets and Instances can be though of as boxes that store something.
- VPC = a "box" storing Subnets
- Subnet = a "box" storing Instances
- Instance = a "box" storing a service (e.g. EC2, RDS)
Example usage
Let's say you have a website that uses a database.
- Website = port 80 (HTTP)
- Database = port 5432 (Postgres)
You want your visitors to reach the Website on port 80. You want your Website to reach the Database on port 5432. But you DON'T want your visitors to reach the Database on port 5432 because you don't want your data stolen.
To the rescue!
To do that setup on AWS you would go about this way:
- Create a VPC
- Create two Subnets on the VPC (let's say A and B)
- On Subnet A, launch an EC2 Instance for the Website
- On Subnet B, launch an RDS Instance for the Database
- To the VPC, assign a Network ACL allowing traffic on port 80
- To EC2, assign a Security Group allowing port 80
- To RDS, assign a Security Group allowing port 5432
Conclusion
I wrote this article because I am getting started with VPCs on AWS and wanted to share my learnings in hope of helping other newcomers out there.
Did you find it useful? Is it clear? Did you find some mistake on these concepts? Please leave some feedback. And thank you for reading!
I recommend this Udemy course for those getting started with AWS essentials, including VPCs, Subnets, Network ACLs and Security Groups.
