'Minimally-permissive outbound security rule for Ubuntu EC2

Clients are asking aggressive questions about Data Loss Prevention.

One obvious way to limit the effects of a system being compromised is to do something a bit more restrictive than 0.0.0.0/0 for the outbound security rule. Numerous security guides also recommend limiting these rules, but I don't see any examples about what actually needs to be allowed.

Many instances only need to access package repos, but in experimentation, allowing access to the us-west-2.ec2.archive.ubuntu.com IP addresses on 80 is NOT enough. (For my us-west-2 instance.) What else is required? The apt logs aren't being very helpful.

aws-security-group


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function