How to whitelist VPC outbound traffic
Question
How can we restrict outbound traffic from AWS VPC to the inte.net, for example limiting outbound traffic to certain trusted domains (URL “whitelisting”). I was thinking on AWS WAF but it seems it filter trrafic traffic traveling to the web application not from web application. Any thoughts, suggestions, Thanks in advance.
2 answers
solution1
3 2020-12-31 00:39:14
It seems to be that you're looking for a proxy solution. As I know there aren't any managed proxy AWS services offered yet but you can use cloudformation, terraform or similar to setup it your own way with open source solutions fe.
There is a good blog post on AWS about exactly your issue: https://aws.amazon.com/de/blogs/security/how-to-set-up-an-outbound-vpc-proxy-with-domain-whitelisting-and-content-filtering/
Maybe there is something useful for you on AWS Marketplace: https://aws.amazon.com/marketplace/search/results?x=0&y=0&searchTerms=Proxy
solution2
1 2021-01-06 11:28:38
The simplest and easiest way is to implement an Aviatrix FQDN egress filter. It just serves the purpose from a centralized user interface to discover then whitelist/blacklist the URLs/FQDN in every VPC.
Proxy implementation could become complex, esp. when you have to manage it seprately in every VPC. and doesn't provide centralized control, every VPC has to be managed separately.
The easiest way is to get an Aviatrix launch partner like SDxWORx, enable it with discounted PAYG pricing.
https://aws.amazon.com/marketplace/pp/prodview-laruhupdkcpuy/
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.