<ul>
<li>outline</li>
</ul>
<blockquote>
On Cloud environment, ip based ACL is common way for security.
</blockquote>
<ol>
<li>WAF</li>
</ol>
<blockquote>
Pros. : Various policy and features. Con. : Paid, Only ALB or CLB. <a target="_blank" href="https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html">https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html</a>
</blockquote>
<ol>
<li>Network ACL, VPC and Subnet</li>
</ol>
<blockquote>
Pros. : Free, easy to set up and intuitive. Cons. : Designing VPCs and Subnets are based on ENV, IP limitation. <a target="_blank" href="https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html">https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html</a>
</blockquote>
<ol>
<li>Security Group</li>
</ol>
<blockquote>
Pros. : ACL for almost all AWS Services. Con. : hassle to config Note : Recently, NLB starts using Securty Group.
</blockquote>
<ol>
<li>CloudFront can access contol by country. (allow or deny)</li>
</ol>
<blockquote>
Pros. : Free, easy to set up. Con. : Only for CloudFront and only by country.
</blockquote>
<ul>
<li>note</li>
</ul>
<blockquote>
Unspecified access attempts from abroad can be blocked from these four actions.
</blockquote>

* outline
    

> On Cloud environment, ip based ACL is common way for security.

1. WAF
    

> Pros. : Various policy and features.  
> Con. : Paid, Only ALB or CLB.  
> [https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html](https://docs.aws.amazon.com/waf/latest/developerguide/classic-web-acl-ip-conditions.html)

1. Network ACL, VPC and Subnet
    

> Pros. : Free, easy to set up and intuitive.  
> Cons. : Designing VPCs and Subnets are based on ENV, IP limitation.  
> [https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html](https://docs.aws.amazon.com/vpc/latest/userguide/vpc-network-acls.html)

1. Security Group
    

> Pros. : ACL for almost all AWS Services.  
> Con. : hassle to config  
> Note : Recently, NLB starts using Securty Group.

1. CloudFront can access contol by country. (allow or deny)
    

> Pros. : Free, easy to set up.  
> Con. : Only for CloudFront and only by country.

* note
    

> Unspecified access attempts from abroad can be blocked from these four actions.

access control for aws resources and server(IP Based ACL)

AWS/Security

Jesus, Love, Family, Happy Life, Linux, Cloud, SRE, DevOps Engineer, FinOps, System Engineer, Problem Solver
