You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Next »


 This network ACL is the recommended baseline for AWS VPC subnets. It should be configured and used on all AWS VPC subnets. You are welcome to make your NACL more stringent, but we recommend careful consideration before making it less stringent.

Important IPs and CIDR Blocks

These IPs and CIDR blocks are referenced in the Baseline NACL:

CIDRDNS NameDescription
52.200.35.38/32kerberos-aws.login.cornell.eduAWS-based Cornell Kerberos Server
52.201.66.104/32kerberos-aws2.login.cornell.eduAWS-based Cornell Kerberos Server
128.84.0.0/16 Cornell campus public IPs
128.253.0.0/16 Cornell campus public IPs
132.236.0.0/16 Cornell campus public IPs
192.35.82.0/24 Cornell campus public IPs
192.122.235.0/24 Cornell campus public IPs
192.122.236.0/24 Cornell campus public IPs
35.170.14.255/32test.directory.cornell.eduAWS-based TEST directory
3.229.3.150/32test.directory.cornell.eduAWS-based TEST directory
3.228.209.25/32query.directory.cornell.eduAWS-based PROD directory
3.218.140.210/32query.directory.cornell.eduAWS-based PROD directory

 

CloudFormation

A CloudFormation template to create a Network ACL for with the baseline rules can be found here: https://github.com/CU-CommunityApps/cu-aws-cloudformation/tree/master/baseline-nacl

Manual Configuration

Inbound Rules

Outbound Rules

  • No labels