CloudRaya Documentation
Networking ServicesVirtual Private Cloud (VPC)

Access Control List (ACL)

Access Control Lists (ACL) define how network traffic is allowed or denied inside a VPC.

Every subnet in a VPC is associated with an ACL, and all Virtual Machines inside that subnet inherit its rules.

ACLs act as a network-level firewall, controlling traffic before it reaches the VM.

What You Can Control with ACLs

With ACL rules, you can control traffic based on:

  • Direction
    • Ingress - traffic entering resources in the subnet
    • Egress - traffic leaving resources in the subnet
  • Protocol
    • TCP
    • UDP
  • Source CIDR
    • Specific IP ranges (for example, 203.0.113.0/24)
    • Allow all (0.0.0.0/0)
  • Port Range
    • Single ports (e.g. 22, 443)
    • Port ranges (e.g. 3000–4000)
  • Action
    • Allow
    • Deny

These rules apply uniformly to all VMs within the subnet.

Default ACL Behavior

When a new VPC is created, CloudRaya automatically applies default ACL rules to ensure basic connectivity.

By default, commonly used ports such as:

  • SSH (22)
  • HTTP (80)
  • HTTPS (443)
  • RDP (3389)

are allowed for ingress traffic.

You can:

  • Modify existing rules
  • Add new rules
  • Remove unnecessary rules

to match your security requirements.

How ACLs Work with Virtual Machines

ACLs operate at the VPC subnet level, not at the individual VM level.

This means:

  • VMs do not have their own ACLs
  • All VMs in the same subnet share the same ACL rules
  • Changing an ACL affects all VMs attached to that subnet

For VM-specific firewall configuration (such as application ports or OS-level filtering), you should configure firewall rules inside the operating system.

📄 See: VM Networking Basics

Ingress vs Egress Rules

Rule TypeControlsExample
IngressTraffic entering the subnetAllow HTTP (80) from the internet
EgressTraffic leaving the subnetAllow outbound access to external APIs

Best practice is to:

  • Keep ingress rules restrictive
  • Allow only the ports your application actually needs
  • Monitor and tighten egress rules when required

Common Use Cases

  • Allow SSH access only from a specific office IP
  • Expose web applications using ports 80 and 443
  • Block unnecessary outbound traffic
  • Separate public-facing and internal workloads using different subnets and ACLs

Important Notes

  • ACL rules are evaluated at the network level
  • Incorrect rules may block access to all VMs in a subnet
  • Always review ACL changes carefully before applying them in production environments

Virtual Private Cloud (VPC)

Creating and Managing VPCs

© 2026 CloudRaya Product Team. All rights reserved.

On this page

What You Can Control with ACLsDefault ACL BehaviorHow ACLs Work with Virtual MachinesIngress vs Egress RulesCommon Use CasesImportant Notes