AWS AWSEC2 medium security documentation change
Summary
Clarified port 25 restrictions to explicitly block traffic to public IPv4/IPv6 addresses by default
Security assessment
Explicitly documents a security control (port 25 traffic blocking to public IPs) that could prevent unintended email traffic or abuse. The change clarifies existing security posture.
Diff
diff --git a/AWSEC2/latest/UserGuide/ec2-resource-limits.md b/AWSEC2/latest/UserGuide/ec2-resource-limits.md index f91af6c5e..12a2d4874 100644 --- a//AWSEC2/latest/UserGuide/ec2-resource-limits.md +++ b//AWSEC2/latest/UserGuide/ec2-resource-limits.md @@ -61 +61 @@ For more information, including how to use the AWS CLI or SDKs to request a quot -On all instances, Amazon EC2 restricts outbound traffic to public IP addresses over port 25 by default. You can request that this restriction be removed. For more information, see [How do I remove the restriction on port 25 from my Amazon EC2 instance or Lambda function?](https://repost.aws/knowledge-center/ec2-port-25-throttle) +By default, Amazon EC2 allows outbound traffic over port 25 only to private IPv4 addresses. Traffic over port 25 is blocked to public IPv4 addresses and IPv6 addresses. @@ -63 +63 @@ On all instances, Amazon EC2 restricts outbound traffic to public IP addresses o -###### Note +You can request that this restriction be removed. For more information, see [How do I remove the restriction on port 25 from my Amazon EC2 instance or Lambda function?](https://repost.aws/knowledge-center/ec2-port-25-throttle) @@ -65 +65 @@ On all instances, Amazon EC2 restricts outbound traffic to public IP addresses o -This restriction does not apply to outbound traffic sent over port 25 to: +This restriction does not apply to outbound traffic over port 25 destined for: