The InstanceSecurityGroup currently allows egress access to anywhere over HTTPS.
This is required because:
versions less than v1.4.0 nitro-enclaves-acm require accessing https://iam.amazonaws.com:443 to resolve the IAM role. Once version v1.4.0 is available in the yum repositories, we could consider fix this
access to S3 to download yum packages through the S3 VPC Gateway endpoint
To resolve this, we need to wait until v1.4.0 is available in the yum repositories and change the S3 VPC Gateway endpoint to a S3 VPC Interface endpoint.
The
InstanceSecurityGroup
currently allows egress access to anywhere over HTTPS.This is required because:
nitro-enclaves-acm
require accessinghttps://iam.amazonaws.com:443
to resolve the IAM role. Once version v1.4.0 is available in the yum repositories, we could consider fix thisTo resolve this, we need to wait until v1.4.0 is available in the yum repositories and change the S3 VPC Gateway endpoint to a S3 VPC Interface endpoint.