Subnets and Network Access Control Lists Video

Subnets control access to the gateways.

W3schools.com collaborates with Amazon Web Services to deliver digital training content to our students.


Subnets

A Subnet is a section of a VPC.

The Subnet allows you to group resources.

The groupings can have different security or operations needs.

You can have both public and private Subnets.


Public Subnets

Public Subnets have resources that the public can access.

For example, your company page, such as W3Schools.com.


Private Subnets

Private Subnets have resources that can only be accessed through the private network.

For example, databases holding customer data.


Public and Private Subnets can communicate with each other through secure channels.

Network Traffic in a VPC

Requested data are sent as a Packet.

A Packet is a package of data sent over a network or the internet.

It enters the VPC through an Internet Gateway.

Before entering a Subnet it checks for permissions.

Checking permissions such as:

  1. Who sent the Packet?
  2. How will the Packet communicate with the resources in the Subnet

Network Access Control Lists

Network Access Control Lists are called ACLs.

ACL is a firewall that controls the traffic, both inbound and outbound.

It controls the traffic at the subnet level.

The ACL checks and controls the Packets.

If the Packet is on the approved list, it will pass through.

However, if they are not on the list, they will be denied access.

Read more about permissions in a subnet at The AWS Documentation:



Stateless Packet Filtering

The ACLs do Stateless Packet filtering.

They have no memory and will forget the request once checked.

Their job is to check the Packets that go in and out.

It uses the set rules to approve or deny access.

Checking if the traveler is on the list and forgets

Image created by Amazon Web Services


Security Groups

A Security Group is a firewall that controls inbound and outbound traffic.

This feature is specific for an AWS EC2 instance.

The default config denies all inbound traffic and allows all outbound.

You have to add new rules to change this config.

Read more about Security Groups at The AWS Documentation:


Stateful Packet Filtering

Security Groups do stateful Packet filtering.

They remember the actions that they have done with Packets in the past.

Image created by Amazon Web Services


Configuration

ACLs and Security groups can be configured.

Configuration means adding custom rules for the traffic.

Overview of network setup

Image created by Amazon Web Services


AWS Cloud Exercises

Test Yourself With Exercises

Exercise:

What is a subnet?

A subnet is a  of a VPC


AWS Subnet and Access

Login
ADS CODE