A Network Access Control List (NACL) changes alarm is a security alert that is triggered when there are changes made to the network ACL configuration in AWS. Network ACLs act as a firewall for controlling traffic flow to and from subnets in a VPC. Any unauthorized or unnecessary changes to the network ACL configuration can result in a security breach. The alarm helps to detect any changes to the network ACL rules that could potentially compromise the security of the VPC.


When a Network ACL changes alarm is triggered, the following remediation steps can be taken:

  1. Review the changes: Review the changes made to the network ACL rules and identify any unauthorized or unnecessary changes.
  2. Determine the impact: Assess the potential impact of the changes on the VPC and any associated resources.
  3. Rollback the changes: If the changes are unauthorized or unnecessary, rollback the changes immediately to restore the previous network ACL configuration.
  4. Investigate the root cause: Investigate the root cause of the changes and identify any security gaps or vulnerabilities that need to be addressed.
  5. Update the network ACL rules: If the changes are legitimate, ensure that they comply with the organization's security policies and best practices. Update the network ACL rules accordingly to maintain a secure network environment.
  6. Monitor the network ACL configuration: Implement a process to monitor any future changes to the network ACL configuration and ensure that they are authorized and necessary.
  7. Educate users: Educate users who have access to the VPC about the importance of maintaining a secure network environment and the potential impact of unauthorized changes to the network ACL configuration.
Enforced Resources
Note: Remediation steps provided by Lightlytics are meant to be suggestions and guidelines only. It is crucial to thoroughly verify and test any remediation steps before applying them to production environments. Each organization's infrastructure and security needs may differ, and blindly applying suggested remediation steps without proper testing could potentially cause unforeseen issues or vulnerabilities. Therefore, it is strongly recommended that you validate and customize any remediation steps to meet your organization's specific requirements and ensure that they align with your security policies and best practices.