Region Type I: A network ACL is a virtual private cloud security service. It controls access to subnets and supports blacklists and whitelists (allow rules and deny rules). Based on the inbound and outbound Access Control List (ACL) rules associated with subnets, the network ACL determines whether data packets can flow into or out of the subnets.