Hello, everybody. And welcome to this lecture and this lecture We're gonna be talking about Network A C L's or as I like to call them nak als, which is a funny little name to remember the term there's different types of access control this out there with eight of us. Nak als is a very popular one, especially if you're gonna be dealing with architect ing and securing your architectures
So, yeah, that that should help you remember that. So Nichols air stateless, they operate at the sub net level and ah, you're we'll get into a little bit about the difference between nickels and security groups and all that. But before we dive into that, I wanna talk about what
the security group does and what the network A sealed us. So
basically, what they do is they allow inbound or outbound traffic into, in this case, the instance, or in this case, the sudden that, um and what I mean by that is let's say you have here a web server out on a public sub net
and you need to be able to have inbound traffic on poor 80 which is http or port 443 which is https.
Maybe you wanna have ah allowed access for SS H as well. You can enable that using a security group those settings you can also enable and a network a seal. The only difference between the two is that this is intended for a single instance. Maybe you have a small accounts. You only have a small
number of instances in that account.
Security groups is It's an easy way to manage all that. But when you start dealing with large corporate enterprises, we have 500 servers and multiple sub nets. Network A sales will be much more convenience and much more efficient for you to manage all those
instances and allow the correct traffic inbound and outbound to those instances. And we'll get to talking about that here in a second.
But like I said, every sub net and your V p. C. Is going to have a knack A ll, um you know, the Jackal's operated the Southern it level, and then the security groups operate at the instance level. So when you first went up your AWS account, you're given it a default VPC
that which is your virtual private cloud you could to create Maura's. You go. But
just off the bat you're gonna given you're gonna be given 11 1st vpc and you're gonna get be given a natural with that that jackal is gonna have explicit permissions to allow all inbound and outbound traffic to any easy to insistence that you spent up within that sub net. As you're developing a more secure
architecture, more secure network, you want to make sure that you go in there and on Lee explicitly allow
the necessary protocols the necessary communications inbound and outbound to those instances in and block out anything else that we you limits the potential for any types of attacks. All right, we're gonna go ahead and switch over and dive into the AWS counsel if you want. Please join me and we can follow along