diff --git a/src/services/nacl/connections.ts b/src/services/nacl/connections.ts
index 82365d55..23efe0fe 100644
--- a/src/services/nacl/connections.ts
+++ b/src/services/nacl/connections.ts
@@ -2,6 +2,7 @@ import { ServiceConnection } from '@cloudgraph/sdk'
 import isEmpty from 'lodash/isEmpty'
 
 import services from '../../enums/services'
+import { RawAwsSubnet } from '../subnet/data'
 import { RawAwsVpc } from '../vpc/data'
 import { RawAwsNetworkAcl } from './data'
 
@@ -19,9 +20,40 @@ export default ({
   service: RawAwsNetworkAcl
 }): { [key: string]: ServiceConnection[] } => {
   const connections: ServiceConnection[] = []
-  const { NetworkAclId: id, VpcId: NaclVpcId } = nacl
+  const {
+    NetworkAclId: id,
+    VpcId: NaclVpcId,
+    Associations: naclSubnetAssociations = [],
+  } = nacl
 
-  // TODO: Add subnet connection
+  const subnetIds = naclSubnetAssociations.map(({ SubnetId }) => SubnetId)
+
+  /**
+   * Find related Subnets
+   */
+  const subnets: {
+    name: string
+    data: { [property: string]: RawAwsSubnet[] }
+  } = data.find(({ name }) => name === services.subnet)
+  if (subnets?.data?.[region]) {
+    const dataAtRegion: RawAwsSubnet[] = subnets.data[region].filter(
+      ({ SubnetId }: RawAwsSubnet) =>
+        !isEmpty(subnetIds) &&
+        subnetIds.filter(str =>
+          str.toLowerCase().includes(SubnetId.toLowerCase())
+        ).length > 0
+    )
+    if (!isEmpty(dataAtRegion)) {
+      for (const subnet of dataAtRegion) {
+        connections.push({
+          id: subnet.SubnetId,
+          resourceType: services.subnet,
+          relation: 'child',
+          field: 'subnets',
+        })
+      }
+    }
+  }
 
   /**
    * Find related Vpc
diff --git a/src/services/nacl/schema.graphql b/src/services/nacl/schema.graphql
index 56b1a6ef..9432fc25 100644
--- a/src/services/nacl/schema.graphql
+++ b/src/services/nacl/schema.graphql
@@ -5,7 +5,7 @@ type awsNetworkAcl implements awsBaseService @key(fields: "id") {
   associatedSubnets: [awsNetworkAclAssociatedSubnet]
   tags: [awsRawTag]
   vpc: [awsVpc] @hasInverse(field: nacl)
-  # subnet: [awsSubnet] @hasInverse(field: nacl) #change to plural
+  subnets: [awsSubnet] @hasInverse(field: nacls)
   vpcId: String @search(by: [hash, regexp])
 }
 
diff --git a/src/services/subnet/schema.graphql b/src/services/subnet/schema.graphql
index 6502bdfd..9ba9902e 100644
--- a/src/services/subnet/schema.graphql
+++ b/src/services/subnet/schema.graphql
@@ -13,6 +13,7 @@ type awsSubnet implements awsBaseService @key(fields: "id") {
   ec2Instances: [awsEc2] @hasInverse(field: subnets) #change to plural
   elb: [awsElb] @hasInverse(field: subnet) #change to plural
   lambda: [awsLambda] @hasInverse(field: subnet) #change to plural
+  nacls: [awsNetworkAcl] @hasInverse(field: subnets)
   natGateway: [awsNatGateway] @hasInverse(field: subnet) #change to plural
   networkInterface: [awsNetworkInterface] @hasInverse(field: subnet) #change to plural
   routeTable: [awsRouteTable] @hasInverse(field: subnet)
diff --git a/src/types/generated.ts b/src/types/generated.ts
index 42af53b3..8c53a954 100644
--- a/src/types/generated.ts
+++ b/src/types/generated.ts
@@ -3392,6 +3392,7 @@ export type AwsNetworkAcl = AwsBaseService & {
   default?: Maybe<Scalars['Boolean']>;
   inboundRules?: Maybe<Array<Maybe<AwsNetworkAclRule>>>;
   outboundRules?: Maybe<Array<Maybe<AwsNetworkAclRule>>>;
+  subnets?: Maybe<Array<Maybe<AwsSubnet>>>;
   tags?: Maybe<Array<Maybe<AwsRawTag>>>;
   vpc?: Maybe<Array<Maybe<AwsVpc>>>;
   vpcId?: Maybe<Scalars['String']>;
@@ -3919,6 +3920,7 @@ export type AwsSubnet = AwsBaseService & {
   ipV6Cidr?: Maybe<Scalars['String']>;
   lambda?: Maybe<Array<Maybe<AwsLambda>>>;
   managedAirflows?: Maybe<Array<Maybe<AwsManagedAirflow>>>;
+  nacls?: Maybe<Array<Maybe<AwsNetworkAcl>>>;
   natGateway?: Maybe<Array<Maybe<AwsNatGateway>>>;
   networkInterface?: Maybe<Array<Maybe<AwsNetworkInterface>>>;
   rdsDbInstance?: Maybe<Array<Maybe<AwsRdsDbInstance>>>;