Control network access to and from EC2 instances using Security Groups. Security groups whitelist traffic by protocols, ports, and source IP addresses (or security groups). For an additional layer of security, use Network Access Lists (NACLs) to allow or deny traffic on the subnet level.

Choose from one of the following predefined templates to deploy security groups and NACLs (or build custom ones) into an existing VPC :

Common Security Groups and NACL Configuration Templates Collection A repository of common AWS Security Group and network ACL configurations

For new environments, build a secure VPC with separate subnet tiers for public and private resources, and utilize multiple availability zones (AZs) for high availability. Build a custom VPC that fits your environment using the following templates: