What Security Policies Can I Configure to Implement Access Control If I Use a Public NAT Gateway?
There are two types of security policies you can configure: security groups and Access Control Lists (ACLs):
- A security group is a collection of access control rules for ECSs that have the same security protection requirements and are mutually trusted. After a security group is created, you can create various access rules for the security group, and these rules will apply to all ECSs added to this security group.
- A network ACL is an optional layer of security for your subnets. You can associate one or more subnets with a network ACL to control traffic in and out of the subnets.
Security groups operate at the ECS level, whereas network ACLs operate at the subnet level. You can use network ACLs together with security groups to implement access control that is both comprehensive and fine-grained.
For details about security groups and network ACLs, see section "Security" in the Virtual Private Cloud User Guide.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.