Reputation: 2123
How to whitelist VPC outbound traffic
How can we restrict outbound traffic from AWS VPC to the internet, for example limiting outbound traffic to certain trusted domains (URL “whitelisting”). I was thinking on AWS WAF but it seems it filter trrafic traffic traveling to the web application not from web application. Any thoughts, suggestions, Thanks in advance.
Upvotes: 2
Views: 1617
Answers (2)
Reputation: 11
The simplest and easiest way is to implement an Aviatrix FQDN egress filter. It just serves the purpose from a centralized user interface to discover then whitelist/blacklist the URLs/FQDN in every VPC.
Proxy implementation could become complex, esp. when you have to manage it seprately in every VPC. and doesn't provide centralized control, every VPC has to be managed separately.
The easiest way is to get an Aviatrix launch partner like SDxWORx, enable it with discounted PAYG pricing.
https://aws.amazon.com/marketplace/pp/prodview-laruhupdkcpuy/
Upvotes: 1
Reputation: 1769
It seems to be that you‘re looking for a proxy solution. As I know there aren‘t any managed proxy AWS services offered yet but you can use cloudformation, terraform or similar to setup it your own way with open source solutions f.e..
There is a good blog post on AWS about exactly your issue: https://aws.amazon.com/de/blogs/security/how-to-set-up-an-outbound-vpc-proxy-with-domain-whitelisting-and-content-filtering/
Maybe there is something useful for you on AWS Marketplace: https://aws.amazon.com/marketplace/search/results?x=0&y=0&searchTerms=Proxy
Upvotes: 3
Related Questions
- How to use NAT Gateway for only outbound traffic
- Whitelisting ec2 instances in a VPC
- IP Whitelisting
- Add inbound rule to security group aws cdk
- AWS VPC - allow outbound traffic to AWS cloudwatch
- AWS VPC Restrict outbound access to certain URL
- How to restrict internet access in a VPC with a nat gateway?
- How to add inbound rule to AWS security group with my default VPC?
- AWS VPC outbound traffic
- Allow traffic from any instance in VPC