Feature request: Add a description in network ACL

Question

Greetings all,

When working on complex network ACL, we sometimes have to enter IP Addresses - Looking back at the network ACL months later, I can't figure out who owns the IP Address what what is it for. It would be great if we could have a Description field available, identically to the Security ACL which has one.

Please UPVOTE (thumb up) this feature request!
Thank you

re:Post Agent · Answer

Currently, AWS does not provide a way to add descriptions to network ACLs or their rules, unlike security groups which do have description fields. This is a notable difference between these two network security components.

Security groups allow you to set descriptions when creating them and for their rules, making them more easily identifiable later. Network ACLs, which operate at the subnet level rather than the instance level, don't have this capability.

For your use case of documenting IP addresses in network ACL rules, you might need to use alternative approaches such as:

1. Using AWS tagging for the network ACL itself (though this doesn't help with individual rules)
2. Maintaining external documentation that maps IP addresses to their purposes
3. Using naming conventions in other resources that help identify the purpose of specific network ACL rules

This is a valid feature request that would improve the manageability of complex network configurations, especially when revisiting them after some time has passed.  
**Sources**  
[In Amazon EC2, how can I set/change the "security group name" and "description" | AWS re:Post](https://repost.aws/questions/QUh98aURowSLG0WXwE8b71rQ/in-amazon-ec2-how-can-i-set-change-the-security-group-name-and-description)  
[Example: Control access to instances in a subnet - Amazon Virtual Private Cloud](https://docs.aws.amazon.com/vpc/latest/userguide/nacl-examples.html)

Feature request: Add a description in network ACL

Add your answer

Relevant content