I would like to tightly restrict outbound network level access from groups of EC2 instances. For these instances, I need to allow access to the Parameter Store. I also need to allow access to S3. For S3, AWS provides a Prefix List and I can use that Prefix List as the target of a Egress Rule. However, I cannot find a similar Prefix List for the SSM parameter store.
So, currently to allow this access I am allowing HTTPS Egress to 0.0.0.0/0.
My question is - Is there any way to allow traffic to SSM's Parameter Store without allowing access everywhere?
