Can you specify the SSM parameter store as a target in an AWS Security Group egress rule?

Prof Von Lemongargle

3/3/24, 9:10 PM

I would like to tightly restrict outbound network level access from groups of EC2 instances. For these instances, I need to allow access to the Parameter Store. I also need to allow access to S3. For S3, AWS provides a Prefix List and I can use that Prefix List as the target of a Egress Rule. However, I cannot find a similar Prefix List for the SSM parameter store.

So, currently to allow this access I am allowing HTTPS Egress to 0.0.0.0/0.

My question is - Is there any way to allow traffic to SSM's Parameter Store without allowing access everywhere?

0 + 0

security-groups

aws-ec2

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Can you specify the SSM parameter store as a target in an AWS Security Group egress rule?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.