AWS AWSCloudFormation documentation change
Summary
Clarified security group egress rules behavior when rules are modified post-creation
Security assessment
Documents critical security configuration behavior regarding network traffic control
Diff
diff --git a/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.md b/AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.md index 06a9052ad..d558c98da 100644 --- a//AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.md +++ b//AWSCloudFormation/latest/UserGuide/aws-resource-ec2-securitygroup.md @@ -11 +11 @@ You must specify ingress rules to allow inbound traffic. By default, no inbound -If you do not specify an egress rule, we add egress rules that allow outbound IPv4 and IPv6 traffic on all ports and protocols to any destination. We do not add these rules if you specify your own egress rules. +When you create a security group, if you do not add egress rules, we add egress rules that allow all outbound IPv4 and IPv6 traffic. Otherwise, we do not add them. After the security group is created, if you remove all egress rules that you added, we do not add egress rules, so no outbound traffic is allowed.