0

Is it possible to allow a Network ACL by a hostname? Not IP address.

For a certain subnet, I want to allow all outbound traffic to host.example.com (port 443) but deny everything else.

Andre
  • 1,341
  • 4
  • 19
  • 34
  • 1
    no. AWS ACL's only support IP's. For the use case you've presented you will need another third party control system... Iptables can do that, a proxy is a option too. – BANJOSA Nov 17 '20 at 16:30

1 Answers1

0

You can't.

NACLs only allow for IP addresses.

You could modify the outbound rule(s) in your security group to only allow traffic to port 443/tcp, but you also won't be able to set it by host name; it's probably better than using a NACL since it won't apply to every other EC2 instance (ENI, actually) in the subnet and it will also apply to the other subnets in the VPN where you might move this host (quicker than changing all the subnets).

Oscar De León
  • 241
  • 1
  • 2
  • 6