EC2 outbound ports for SES, SNS, Cloudwatch

Question

I have an EC2 running Node.js.  Using the `aws-sdk` + `winston-cloudwatch` + `nodemailer` dependencies, I am using AWS SES, SNS, and Cloudwatch.

In my EC2 security group, my outbound is currently setup for All-traffic; however, I would limit them to a few ports required for the services mentioned above.

What outbound ports in my EC2 security group do I need to enable to use the following AWS services:
SES
SNS
Cloudwatch?

Thanks!

Answer

The only port you need is 443.

But a better (although there are cost involved) solution is to create service endpoint for these services in your VPC.

https://docs.aws.amazon.com/vpc/latest/privatelink/create-interface-endpoint.html

This way the urls for the services are resolving inside your vpc. (way faster and efficient).

You need one per service

EC2 outbound ports for SES, SNS, Cloudwatch

相关内容