[Verse 1] Picture castles with two different guards Security groups watch the entry cards Stateful sentries remember each face Track conversations, keep hackers at pace When you knock once, they open the door Remember your visit, don't check anymore [Chorus] Groups are smart, NACLs are not Stateful memory versus forgot Layer by layer, defense runs deep Inbound and outbound rules to keep Groups remember, NACLs forget Double protection is your best bet [Verse 2] Network Access Lists patrol the subnet Stateless soldiers that easily forget Check every packet like it's brand new Inbound allowed but outbound blocked too Ephemeral ports need explicit permission Or your traffic dies in transmission [Chorus] Groups are smart, NACLs are not Stateful memory versus forgot Layer by layer, defense runs deep Inbound and outbound rules to keep Groups remember, NACLs forget Double protection is your best bet [Bridge] Instance level, subnet wide Security groups and NACLs collide Deny trumps allow every single time Two checkpoints in the security climb [Verse 3] Groups say "yes" to established flows NACLs question wherever it goes Return traffic needs its own rule In the stateless NACL security tool While groups just wave the packets through If the conversation they already knew [Chorus] Groups are smart, NACLs forget Stateful memory serves you yet Layer by layer, defense runs deep Inbound and outbound rules to keep Groups remember, NACLs reset Double protection is your safest bet [Outro] Two guardians at different gates Stateful wisdom, stateless waits Your network fortress stands secure When both defenders stay mature
← Cloud Networks: VPCs and Subnets | VPC Connectivity: Peering and Transit Gateways →