AWS Networking Refresher
- VPC -> Region
- Subnets -> AZ
- More AWS architecure diagrams
- “NACLs keep unwanted traffic out of the subnet, and security groups keep unwanted traffic out of an EC2 instance or AWS service.”
- NACLs are stateless, meaning you have to configure outbound & inbound rules
- In contrary to stateful security groups. These monitor outbound traffic, and what goes out, is allowed to come back in.
- lovely stackoverflow explaining what stateful means in this context.
- NACLs have an implicit deny
This one goes over the services and explains their use cases
This one discusses real life problems that are trying to be solved.
cross region routing, transit gateways, VPNs, storage gateway, and direct connect, to name a few :)