Core networking

Internet Gateway & NAT Gateways

• Internet Gateways helps our VPC instances connect with the internet

• Public Subnets have a route to the internet gateway.

• NAT Gateways (AWS-managed) & NAT Instances (self-managed) allow your instances in your Private Subnets to access the internet while remaining private

Network ACL & Security Groups

• NACL (Network ACL)

  • A firewall that controls traffic from and to the subnet

  • Can have ALLOW and DENY rules

  • Are attached at the Subnet level

  • Rules only include IP addresses

• Security Groups

  • A firewall that controls traffic to and from an ENI/EC2 Instance

  • Can have only ALLOW rules

  • Rules include IP addresses and other security groups