A webapp is hosted on public subnet in a vpc. This webapp will be accessed by external users. What are the security related best practice to be followed in case of user facing web applications. The users may access the webapp from company intranet. I understand that Security groups and NACLS can be used for security configurations. What are related best practices? Can Security groups/NACL be used to control which range of IPs can access the webapp? What other best practices can be applied to make it secure. Also, if the app is to be accessed from internet users(instead of intranet) what are best practices recommended to ensure secure access?