0

I have an app that requires connecting to port 587 of Google's stmp servers in the domain stmp.gmail.com.

I want to create an outbound security rule that allow that specific traffic and nothing else, but the problem is AWS security rules only allow CIDR filtering (i.e. static IP address).

What is the combination of AWS services and configurations to make this happen?

Jorge Vázquez Acevedo
  • 21
  • 5
  • Since this is not exactly an answer I will just put it as a comment. You could use a third party solution to filter egress traffic out of your VPC with, for example, https://aws.amazon.com/quickstart/architecture/aviatrix-fqdn-egress-filtering/ (Aviatrix FQDN Egress Filtering) – Aleksander Wons Feb 16 '20 at 19:10

1 Answers1

0

I think you'll need to allow traffic to all the IPs; by default security groups allow ALL outgoing traffic - 0.0.0.0/0 destination: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-security-groups.html

You can restrict this to allow only 587 port but you cannot use DNS name directly. You can check these resources to find more info:

Juraj Martinka
  • 3,991
  • 2
  • 23
  • 25