Custom network ACLs and other Amazon services - Amazon Virtual Private Cloud
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Custom network ACLs and other Amazon services

If you create a custom network ACL, be aware of how it might affect resources that you create using other Amazon services.

With Elastic Load Balancing, if the subnet for your backend instances has a network ACL in which you've added a deny rule for all traffic with a source of either 0.0.0.0/0 or the subnet's CIDR, your load balancer can't carry out health checks on the instances. For more information about the recommended network ACL rules for your load balancers and backend instances, see Network ACLs for Load Balancers in a VPC in the User Guide for Classic Load Balancers.