Table of Contents |
---|
...
Excerpt |
---|
This network ACL is is the recommended baseline for AWS VPC subnets in Cornell AWS accounts. It should be configured and used on all AWS VPC subnets. You are welcome to make your NACL more stringent, but we recommend careful consideration before making it less stringent. |
...
A CloudFormation template to create a Network ACL for with the baseline rules can be found here: https://github.com/CU-CommunityApps/cu-aws-cloudformation/tree/master/baseline-nacl
Terraform
A Terraform module to create a Network ACL with these baseline rules can be found here: https://github.com/CU-CommunityApps/tf-module-cornell-util/tree/main/modules/aws/baseline-nacl
Manual Configuration
Inbound Rules
Add an additional ALLOW rule 1600 to allows allow all traffic from source 100.64.0.0/10 if your VPC includes any CIDR blocks in 100.64.0.0/10.
...
Add an additional ALLOW rule 2000 to allows allow all traffic to destination 100.64.0.0/10 if your VPC includes any CIDR blocks in 100.64.0.0/10.
...