This section shows which subnet is associated with this NACL, and as I mentioned when discussing subnets, you can have multiple subnets associated with a single NACL, but only a single NACL can be associated with a subnet:
If you fail to associate your NACLs with the correct subnets, then your subnet might not have the correct security safeguards in place and could allow unwanted network traffic to be processed. Otherwise, your NACLs would be created and configured, but not associated with any subnet, and therefore would provide no security measures.
The Tags tab, just as we discussed previously, helps you create key-value pairs that can be associated with your NACL.
Now we have looked at controlling security at the subnet/network level, let's move on to a layer of security that operates at the instance level, security groups.