# Core networking

### Internet Gateway & NAT Gateways

* Internet Gateways helps our VPC instances connect with the internet
* Public Subnets have a route to the internet gateway.
* NAT Gateways (AWS-managed) & NAT Instances (self-managed) allow your instances in your Private Subnets to access the internet while remaining private

<figure><img src="https://1722711354-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwNXdoUkfmcozr29fRrfb%2Fuploads%2FCXbnuLbd30Yr0AIW8pVU%2FScreenshot%202023-12-24%20at%2000.54.02.png?alt=media&#x26;token=34ef81ea-ed6b-45b8-a5bc-ad87b812a086" alt=""><figcaption></figcaption></figure>

<figure><img src="https://1722711354-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwNXdoUkfmcozr29fRrfb%2Fuploads%2FOGVJ3lsmutxZW98VSr0K%2FScreenshot%202023-12-24%20at%2000.54.59.png?alt=media&#x26;token=198f3172-31b5-4264-80b3-8b6f42dbb826" alt=""><figcaption></figcaption></figure>

### Network ACL & Security Groups

* NACL (Network ACL)
  * A firewall that controls traffic from and to the subnet
  * Can have ALLOW and DENY rules
  * Are attached at the Subnet level
  * Rules only include IP addresses
* Security Groups

  * A firewall that controls traffic to and from an ENI/EC2 Instance
  * Can have only ALLOW rules
  * Rules include IP addresses and other security groups

  <figure><img src="https://1722711354-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FwNXdoUkfmcozr29fRrfb%2Fuploads%2F5tBPAD72ALuZcFquxQiz%2FScreenshot%202023-12-24%20at%2000.57.30.png?alt=media&#x26;token=cc3d3613-1b54-48a0-851e-6f1a54b76f4c" alt=""><figcaption></figcaption></figure>