NACL (Network ACL)

A NACL is a stateless subnet-level rule list that can allow or deny traffic.

Updated: 2026-03-05

Definition

A Network ACL is applied at the subnet level and evaluates rules for inbound and outbound traffic.

Stateless means return traffic must be explicitly allowed in both directions.

Key points

Stateless filtering
Supports explicit allow and deny rules
Order matters (rule evaluation)

Common mistakes

Forgetting to allow ephemeral ports for return traffic.
Overcomplicating rules instead of using security groups appropriately.

Related exams

AWS Certified Solutions Architect – Associate (SAA-C03)

Free SAA-C03 mini test. Continue in the app for offline packs and detailed explanations.

Related terms

Want to practice this in exam-style questions?

Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.