Help Center/ NAT Gateway/ FAQs/ Public NAT Gateways/ What Security Policies Can I Configure to Implement Access Control If I Use a Public NAT Gateway?

Updated on 2026-03-24 GMT+08:00

View PDF

What Security Policies Can I Configure to Implement Access Control If I Use a Public NAT Gateway?

There are two types of security policies you can configure: security groups and network ACLs:

A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted. After a security group is created, you can add rules for the security group, and these rules will apply to all ECSs added to this security group.
A network ACL is an optional layer of security for your subnets. You can associate one or more subnets with a network ACL to control traffic in and out of the subnets.

Security groups operate at the ECS level, whereas network ACLs operate at the subnet level. You can use network ACLs together with security groups for fine-grained access control.

For details about security groups and network ACLs, see section "Access Control" in the Virtual Private Cloud User Guide.

Parent topic: Public NAT Gateways

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.

The system is busy. Please try again later.

Which of the following issues have you encountered?

Content is inconsistent with the product UI

Unclear descriptions

Lack of examples or code

Incorrect steps

Can't find what I need

Lack of best practices

Feedback (optional)

0/500

Select at least one type of issue, and enter your comments or suggestions.

Enter a maximum of 500 characters.

Submit Cancel