Security groups, NACLs, and the operating system firewall offer us the ability to control the traffic to the OS, ENI, and the subnet with great flexibility. The control mechanisms provided by these three features rely on proven industry-standard stateless layer 3 firewall rules with NACLs, whereas security groups and the OS firewall allow for a stateful layer 4 firewall mechanism in the setup.
However, modern applications require that we maintain security at all the levels of the OSI layer. There are numerous commercial devices that are able to inspect and control traffic, as well as AWS's own features, such as the AWS WAF and AWS Shield, which provide us with the right tools.
In this section, we will take a look at the types of attacks and the advanced network security tools in AWS that will allow us to protect our environment...