1 回答
- 最新
- 投票最多
- 评论最多
0
I'm guessing you mean port 80 outbound, so the host can connect to the repo and and download the packages? (Also do you mean port 443, since you mention HTTPS?) If allowing outbound traffic from your hosts to the internet isn't acceptable for your security compliance, you might be able to work around this by setting up a web proxy host in your VPC (e.g. running Squid). You can configure rules on the host to only allow clients to connect to trusted URLs, such as Ubuntu's repos, and then configure the clients to connect via that proxy.
You don't need port 80 open inbound (or any ports open inbound) for any component of SSM to operate, assuming that your firewall is stateful and allows return packets for connections which are created outbound.
相关内容
- AWS 官方已更新 1 年前
- AWS 官方已更新 2 年前