Network access control lists (ACL), are an optional layer of security within the VPC layer. They are stateless (return traffic must be allowed by rules) firewalls for controlling traffic entering and leaving the subnets. Security Groups provide much better security controls at a more granular level with better debug capabilities than Network ACLs and therefore ACLs will not be used beyond the default allow settings.