A Subnet is a segment within a VPC that enables you to organize resources. These groupings can cater to different security or operational requirements, and you can create both public and private Subnets.
Public Subnets contain resources that are accessible to the public, such as your company’s website, like code7school.com.
Private Subnets contain resources that are only accessible within the private network, such as databases storing customer data.
Public and Private Subnets can communicate with each other via secure channels. |
Requested data is transmitted as a packet, a bundle of information sent over a network or the internet.
The packet enters the VPC through an Internet Gateway and undergoes a permission check before accessing a Subnet.
Permissions are checked to determine:
Network Access Control Lists (ACLs) act as firewalls that manage both inbound and outbound traffic at the subnet level. ACLs inspect and control the packets. If a packet is on the approved list, it is allowed to pass through; otherwise, access is denied.
ACLs perform stateless packet filtering, meaning they do not retain memory of previous requests once checked. Their function is to inspect packets entering and leaving, using predefined rules to either approve or deny access.
A Security Group is a firewall that manages inbound and outbound traffic, specifically for an AWS EC2 instance.
The default configuration denies all inbound traffic while allowing all outbound traffic. To modify this setup, you need to add new rules. |
Security Groups perform stateful packet filtering, meaning they retain a record of the actions taken on packets in the past.
ACLs and Security Groups can be configured by adding custom rules to manage traffic.