AWS Security ChangesHomeSearch

AWS prescriptive-guidance documentation change

Service: prescriptive-guidance · 2026-07-10 · Documentation low

File: prescriptive-guidance/latest/secure-outbound-network-traffic/restricting-outbound-traffic.md

Summary

Updated documentation with typographical fixes (apostrophe normalization), improved section hierarchy (adding ### headers), and corrected image path. Content remains focused on securing outbound traffic through security groups and Network Firewall.

Security assessment

Changes are primarily editorial/formatting improvements without introducing new security concepts or addressing specific vulnerabilities. The core security guidance about restricting outbound traffic remains unchanged.

Diff

diff --git a/prescriptive-guidance/latest/secure-outbound-network-traffic/restricting-outbound-traffic.md b/prescriptive-guidance/latest/secure-outbound-network-traffic/restricting-outbound-traffic.md
index e5adf2e88..80630c2f8 100644
--- a//prescriptive-guidance/latest/secure-outbound-network-traffic/restricting-outbound-traffic.md
+++ b//prescriptive-guidance/latest/secure-outbound-network-traffic/restricting-outbound-traffic.md
@@ -5 +5 @@
-[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Secure your VPC’s outbound network traffic in the AWS Cloud](welcome.html)
+[Documentation](/index.html)[AWS Prescriptive Guidance](https://aws.amazon.com/prescriptive-guidance/)[Secure your VPC’s outbound network traffic in the AWS Cloud](introduction.html)
@@ -7 +7 @@
-Restricting a VPC’s outbound traffic by using security groupsRestricting a VPC’s outbound traffic by using AWS Network Firewall and DNS hostnames
+Restricting a VPC's outbound traffic by using security groupsRestricting a VPC's outbound traffic by using AWS Network Firewall and DNS hostnames
@@ -9 +9 @@ Restricting a VPC’s outbound traffic by using security groupsRestricting a VPC
-# Restricting a VPC’s outbound traffic
+# Restricting a VPC's outbound traffic
@@ -11 +11 @@ Restricting a VPC’s outbound traffic by using security groupsRestricting a VPC
-## Restricting a VPC’s outbound traffic by using security groups
+## Restricting a VPC's outbound traffic by using security groups
@@ -13 +13 @@ Restricting a VPC’s outbound traffic by using security groupsRestricting a VPC
-After you assess your architecture's outbound traffic requirements, start modifying your VPC’s security group rules to meet your organization’s security needs. Make sure that you add all of the necessary ports, protocols, and destination IP addresses to your security groups’ allow lists.
+After you assess your architecture's outbound traffic requirements, start modifying your VPC's security group rules to meet your organization's security needs. Make sure that you add all of the necessary ports, protocols, and destination IP addresses to your security groups' allow lists.
@@ -19 +19 @@ For instructions, see [Control traffic to resources using security groups](https
-After updating your VPC’s security group rules in your test environment, make sure that you confirm your application is still operating as expected. For more information, see the **Best practices for analyzing your VPC’s outbound traffic when using VPC Flow Logs** section of this guide.
+After updating your VPC's security group rules in your test environment, make sure that you confirm your application is still operating as expected. For more information, see the **Best practices for analyzing your VPC's outbound traffic when using VPC Flow Logs** section of this guide.
@@ -21 +21 @@ After updating your VPC’s security group rules in your test environment, make
-_Key security group considerations for specific AWS services_
+### Key security group considerations for specific AWS services
@@ -29 +29 @@ When you create a VPC, it comes with a [default security group](https://docs.aws
-To mitigate the risk of your Amazon EC2 instance using the default security group unintentionally, remove all the group’s outbound rules. For more information, see **Delete security group rules** in the [Work with security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#working-with-security-group-rules) section of the _Amazon VPC User Guide_.
+To mitigate the risk of your Amazon EC2 instance using the default security group unintentionally, remove all the group's outbound rules. For more information, see **Delete security group rules** in the [Work with security group rules](https://docs.aws.amazon.com/vpc/latest/userguide/VPC_SecurityGroups.html#working-with-security-group-rules) section of the _Amazon VPC User Guide_.
@@ -46 +46 @@ All outbound security group rules for Amazon ElastiCache (Redis OSS) and Amazon
-## Restricting a VPC’s outbound traffic by using AWS Network Firewall and DNS hostnames
+## Restricting a VPC's outbound traffic by using AWS Network Firewall and DNS hostnames
@@ -48 +48 @@ All outbound security group rules for Amazon ElastiCache (Redis OSS) and Amazon
-When an application uses dynamic IP addresses, it’s a best practice to filter its VPC’s outbound traffic by using DNS hostnames instead of IP addresses. For example, if an application is using an Application Load Balancer, the application’s associated IP addresses will change because the nodes continually scale. In this type of situation, it’s more secure to use DNS hostnames to filter outbound network traffic than static IP addresses.
+When an application uses dynamic IP addresses, it's a best practice to filter its VPC's outbound traffic by using DNS hostnames instead of IP addresses. For example, if an application is using an Application Load Balancer, the application's associated IP addresses will change because the nodes continually scale. In this type of situation, it's more secure to use DNS hostnames to filter outbound network traffic than static IP addresses.
@@ -50 +50 @@ When an application uses dynamic IP addresses, it’s a best practice to filter
-You can use [AWS Network Firewall](https://aws.amazon.com/network-firewall/) to restrict your VPC’s outbound internet access to a set of hostnames provided by the [Server Name Indication (SNI)](https://https.cio.gov/sni/) in the HTTPS traffic.
+You can use [AWS Network Firewall](https://aws.amazon.com/network-firewall/) to restrict your VPC's outbound internet access to a set of hostnames provided by the [Server Name Indication (SNI)](https://https.cio.gov/sni/) in the HTTPS traffic.
@@ -62 +62 @@ After updating the Network Firewall stateful rules in your test environment, mak
-_Architecture example_
+### Architecture example
@@ -64 +64 @@ _Architecture example_
-The following diagram shows an example architecture for using AWS Network Firewall to filter a VPC’s outbound traffic using DNS hostnames:
+The following diagram shows an example architecture for using AWS Network Firewall to filter a VPC's outbound traffic using DNS hostnames:
@@ -66 +66 @@ The following diagram shows an example architecture for using AWS Network Firewa
-![Example architecture for using AWS Network Firewall to filter a VPC’s outbound traffic using DNS hostnames](/images/prescriptive-guidance/latest/secure-outbound-network-traffic/images/network-firewall-architecture-dns-hostnames.png)
+![](/images/prescriptive-guidance/latest/secure-outbound-network-traffic/images/guide-img/bce22483-dc0a-4eb3-b027-d2b6a2a1a92a/images/32feaac9-8496-4718-86c8-3ea25291597d.png)
@@ -89 +89 @@ To use the Amazon Web Services Documentation, Javascript must be enabled. Please
-Determining your VPC’s security requirements
+Determining your VPC's security requirements