Do network acls block inter-subnet traffic as well?
I have VMs placed in different AZs on AWS. In order to be able to do this, you need a subnet in each AZ.
If I'm creating a network acl for the entire setup (ie to be associated with all subnets) do I need to specify allow rules from all the subnet CIDR ranges? If I don't, will the network acl block inter-subnet traffic based on my port rules?
I'm assuming they will...but want confirmation.
Solution 1:
Network ACLs DO NOT block intra-subnet traffic. You can consider them as if they were applied to the router interface on that subnet. So the ACL only affects traffic in and out of the subnet.