A note on Network ACLs

When dealing with Network ACLs on AWS, two things are worth noting.

1. Rule number matters. Rules are applied in order of rule number from lowest to highest.
2. The first rule matters more. This is the slightly confusing bit. The first rule that applies to the traffic type gets immediately applied & executed, regardless of rules that follow.

A good way to think about this coneceptually is as follows: As your traffic enters (or exits) your subnet, it hits the network access control list. It works its way down the list and the first rule that it comes across that applies, that rule executes and exits.