I have 100 IPs which need to be blocked using Network ACL. As there is a limit of 20 Rule ( including default asterisk rule ) per ACL. I planned to create 7-8 ACLs to implement 100 Rules. ( According to AWS - Network ACL Quotas 200 NACLs per VPC are allowed.
However as per Network ACL Basics, a subnet can be associated with only one NACL.
You can associate a network ACL with multiple subnets. However, a subnet can be associated with only one network ACL at a time. When you associate a network ACL with a subnet, the previous association is removed.
I am wondering if at a time only one ACL can be associated with a subnet, what is the purpose of allowing 200 ACLs per VPC ? Most likely I am missing some point.
My assumption is Network ACL will not work until it is associated with subnet. Let me know if this assumption is not correct.
CodePudding user response:
I am wondering if at a time only one ACL can be associated with a subnet, what is the purpose of allowing 200 ACLs per VPC ?
You can also have up to 200 subnets per VPC.