VPC - Access Control Lists (ACLs) Flashcards
Can Subnets / Availability Zones span multiple Network ACLs?
No, but the reverse is possible.
What traffic does the default Network ACL allow?
All traffic inbound and outbound.
What traffic does a new Network ACL allow?
No traffic inbound or outbound.
When you create a standard Network ACL for connecting to the Internet, why might it not connect right away?
You will need another rule that opens up ephemeral ports in order to cover the different types of clients that might initiate traffic to the public-facing instances in your VPC
T/F: Each subnet in your VPC must be associated with a Network ACL.
True
If you don’t explicitly associate a subnet with a network ACL…
…the subnet is automatically associated with the default network ACL
When you associate a network ACL with a subnet…
…the previous association is removed.
How are the rules in a Network ACL evaluated?
Numerical order starting with the lowest number
When blocking specific IPs…
…use network ACLs not security groups