We are considering deploying an AWS outpost rack at one of our sites in the western United States. I know the ports that I need to have opened on our firewalls, but I need clarification regarding the AWS regional IP ranges for our firewall policies.
The Outpost connectivity guide just states "Outpost Region's public routes" - from the AWS IP Address JSON database, which "Service" would this be? There are 19 possible services for the region:
"amazon, route53_resolver, api_gateway, cloud9, ec2_instance_connect, codebuild, amazon_connect, cloudfront, ebs, s3, amazon_appflow, workspaces_gateways, kinesis_video_streams, route53_healthchecks, ec2, globalaccelerator, route53_healthchecks_publishing, dynamodb, chime_voiceconnector."*
Our cyber security team is already cringing at the ports that have to be allowed, so the fewer remote IP address ranges I specify, the more likely we are to not end up with a half million dollar paperweight due to security restrictions!