1 個回答
- 最新
- 最多得票
- 最多評論
1
Hello,
I don't have the answer for ElastiCache and EFS, however for RDS you don't need to allow any outbound connections by default. All the communication the service itself needs to function is done over a different networking path (a separate internal networking interface not impacted by the security group).
Regards
已回答 2 年前
相關內容
AWS 官方已更新 2 年前- AWS 官方已更新 2 年前
- AWS 官方已更新 3 年前
- AWS 官方已更新 2 年前
Thanks for your answer. Since, you mentioned the separate network interface, I hope it's ok to ask an extended question: Does AWS require any specific network ACL inbound/outbound rules to maintain services such as RDS? We would like to adapt the network ACLs to our particular applications running on AWS infrastructure, too. In case we would create a custom network ACL only allowing HTTPS for a specific source/destination IPv4 address, is it still possible that AWS can maintain the managed services? Can AWS then still install updates for RDS or ElastiCache even if the network ACLs do not allow any inbound/outbound connections for that? If not, which protocol, ports and destinations need to be allowed?