Controlling network traffic to EC2 instances

• Consider the following options for controlling network traffic to your EC2 instances:

  • Restrict access to your instances using security groups - Permit only the minimum required network traffic for the EC2 instances.

  • Leverage security groups as the primary mechanism for controlling network access to EC2 instances - Security groups are more versatile than network ACLs due to their ability to perform stateful packet filtering and create rules that reference other security groups.

  • Use VPC Flow Logs to monitor the traffic that reaches your instances.

  • Use Security Hub to check for unintended network accessibility from your instances.

  • Use Systems Manager Session Manager to access your instances remotely instead of opening inbound RDP ports.

  • Use Systems Manager Run Command to automate common administrative tasks instead of opening inbound RDP ports.