Securing an AWS Virtual Private Cloud (VPC) is an important cloud security skill. In this lab scenario, it’s your responsibility to implement two network access control lists (NACLs) for the VPC’s public and private subnets. By controlling network access of the two subnets, you can ensure that unused protocols are denied access to properly secure the VPC.
Successfully complete this lab by achieving the following learning objectives:
- Create NACL for Public Subnet
- Create a NACL called Public.
- Allow inbound and outbound traffic for the following protocols: SSH, DNS, HTTP, and HTTPS.
- Deny all other traffic.
- Associate Public NACL with the public subnet.
- Create NACL for Private Subnet
- Create a NACL called Private.
- Deny inbound and outbound traffic for the following protocols: FTP (port 21), SMB, and RDP.
- Allow all other traffic.
- Associate Private NACL with private subnet.