In alignment with the documentation, I see that the default ACL on AWS allows all inbound traffic (rule no. 100, allowing all trafic any protocol, all ports).
How is that safe? Why is that a meaningful default?
I am interested in minimal permissinos to enable a Fargate tasks: The tasks apparently need a public IP address to be able to fetch a private repo from ECR (unless I want to set up my own NAT). Now, does the default ACL still keep the Fargte task secure, or open it up to 3rd-party inbound access?