1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
1
Hello,
I don't have the answer for ElastiCache and EFS, however for RDS you don't need to allow any outbound connections by default. All the communication the service itself needs to function is done over a different networking path (a separate internal networking interface not impacted by the security group).
Regards
답변함 2년 전
관련 콘텐츠
- 질문됨 4달 전
AWS 공식업데이트됨 2년 전- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 8달 전
Thanks for your answer. Since, you mentioned the separate network interface, I hope it's ok to ask an extended question: Does AWS require any specific network ACL inbound/outbound rules to maintain services such as RDS? We would like to adapt the network ACLs to our particular applications running on AWS infrastructure, too. In case we would create a custom network ACL only allowing HTTPS for a specific source/destination IPv4 address, is it still possible that AWS can maintain the managed services? Can AWS then still install updates for RDS or ElastiCache even if the network ACLs do not allow any inbound/outbound connections for that? If not, which protocol, ports and destinations need to be allowed?