Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

...


Excerpt

This network ACL is is the recommended baseline for AWS VPC subnets in Cornell AWS accounts. It should be configured and used on all AWS VPC subnets. You are welcome to make your NACL more stringent, but we recommend careful consideration before making it less stringent.

...

A CloudFormation template to create a Network ACL for with the baseline rules can be found here: https://github.com/CU-CommunityApps/cu-aws-cloudformation/tree/master/baseline-nacl


Terraform

A Terraform module to create a Network ACL with these baseline rules can be found here: https://github.com/CU-CommunityApps/tf-module-cornell-util/tree/main/modules/aws/baseline-nacl

Manual Configuration

Inbound Rules

(warning) Add an additional ALLOW rule 1600 to allows allow all traffic from source 100.64.0.0/10 if your VPC includes any CIDR blocks in 100.64.0.0/10.

...

(warning) Add an additional ALLOW rule 2000 to allows allow all traffic to destination 100.64.0.0/10 if your VPC includes any CIDR blocks in 100.64.0.0/10.

...