Which AWS security component is a stateless filter?

The correct answer is NACL, or Network Access Control List. NACLs are designed to provide a stateless filtering mechanism for controlling inbound and outbound traffic at the subnet level in an Amazon Virtual Private Cloud (VPC). Being stateless means that they examine each packet individually and do not keep track of connections. Thus, rules need to be defined for both inbound and outbound traffic for a response to be allowed through the network.

NACLs allow for both allow and deny rules to be specified, giving administrators fine-grained control over which traffic to allow or deny based on criteria such as protocols, IP addresses, and ports. This characteristic is crucial for maintaining security within a VPC and is distinctly different from other components like Security Groups, which are stateful and automatically allow the response traffic for requests that have been initiated.

In contrast, Security Groups operate as stateful firewalls associated with your instances, which means they track and allow return traffic for outgoing requests without the need for explicit rules. The Internet Gateway, on the other hand, serves as a connection point for public subnets in a VPC and doesn't provide direct filtering capabilities by itself. Network Security Groups are specific to Azure and provide a similar functionality to AWS Security Groups but are not relevant