Do network acls block inter-subnet traffic as well?

subnet amazon-web-services network-security

I have VMs placed in different AZs on AWS. In order to be able to do this, you need a subnet in each AZ.

If I'm creating a network acl for the entire setup (ie to be associated with all subnets) do I need to specify allow rules from all the subnet CIDR ranges? If I don't, will the network acl block inter-subnet traffic based on my port rules?

I'm assuming they will...but want confirmation.


Solution 1:

Network ACLs DO NOT block intra-subnet traffic. You can consider them as if they were applied to the router interface on that subnet. So the ACL only affects traffic in and out of the subnet.

Related

Azure VPN TTL expired in transit
Why don't Windows domain machines periodically query security group membership, like other things? [closed]
I need to create a group a group of pseudo admins in AD to manage users at a remote location, but I'm not sure how this should be done
Capacity Estimation for Physical Machines Hosting Simplified Nextcloud Instances [duplicate]
how to do 301 redirects from old site to new
I just had to increase our timeout from 30s to 60s because I can't figure out why our biggest request is so slow. (Nginx + Php-fpm running on gke)
Why DSCP tag does not work on TCP in Windows 10? [closed]
Apache reverse proxy not working and generates a 404 error
504 error and understanding PHP logs
systemctl complains about no installation config, but it exists
GCP service account permissions
Exchange database corruptions - Regular occurance