MemberMay 9, 2021 at 8:27 pm
There is a question that says a company is using ECS + DynamoDB.
However, this company is suffering malicious attacks from a specific set o IP Addresses.
My answer was: Block the incoming traffic using the Security Group of the ECS instance
but the correct answer is: Block the incoming traffic using NACL.
From my understanding, NACL is a layer of protection at the VPC Level…
So why is incorrect to say that the protection via the security group of the ECS instance will not work in this scenario???
Thank you in advance!
AdministratorMay 15, 2021 at 7:40 am
Thank you for posting your question. Both Network ACLs and Security Groups protect your computing resources from unwanted network attacks. The primary difference between them is that a security group can only whitelist the valid network sources. It cannot explicitly block traffic, unlike Network ACL.
You can actually try it on your EC2 console. If you open your default security group, you will see that it doesn’t have the ALLOW/DENY toggle that you usually see in your Network ACL.
Let us know if you need further assistance. The Tutorials Dojo team is dedicated in helping you pass your AWS exam on your first try!
Jon Bonso @ Tutorials Dojo
Log in to reply.