Security Groups vs Network ACLs

What I Learned

• - Security groups protect elastic network interfaces and track return traffic.
• - Network ACLs apply at subnet level and need explicit inbound and outbound rules.

Why It Matters

Knowing where traffic is allowed or blocked helps prevent exposed services and shortens incident response.

Mistakes and Challenges

• - Remembering rule evaluation order required a diagram.
• - Stateless outbound rules were easy to miss during testing.

Next Steps

• - Build a VPC lab with public and private subnets.
• - Document packet flow from browser to EC2.