To create an NACL for the public subnet, follow these steps:
- Navigate to the VPC service within the Management Console.
- Select Network ACLs from the menu on the left and select the blue Create network ACL button.
- Configure the NACL as shown in the following screenshot by selecting your VPC:
- Now select the newly created NACL in the list that appears and it will display its configuration at the bottom of the screen.
- Select the Inbound Rules tab. By default, a newly created NACL will DENY all traffic:
- Select Edit inbound rules and configure the NACL as shown here:
- Click Create. By default, an explicit DENY will be added at the bottom of the NACL when you click Create, as shown here:
- Select the Outbound Rules tab and configure the outbound rules as shown here. Once done, select Create:
- Much like the route tables, we now need to associate this NACL with a subnet. Select the Subnet Associations tab | Edit...