0

Is it secure to open inbound Firewall rule from source 0.0.0.0/0 to receive inbound return IPv4 traffic from the internet (I need this only for requests that are originated in the subnet)?

I am creating a private application that works with several API's from websites, I want to be able to receive information on my calls from these API's but the rest of my system and files should not be accesible from the internet.

I created Inbound Custom TCP Rule on the TCP (6) Protocol port range 1024-65535 from source 0.0.0.0/0

Other Firewall settings I have are inbound allowed from SSH from a dedicated IP only (so I can connect with home pc) and outbound HTTP and HTTPS to do the API calls.

I am afraid that I open port for all sorts of traffic and potential intruders with this setting. I derived this rule suggestion from here aws doc #140 inbound and put it in my security group inbound rules. If this is not safe I think I need to build a system with seperated instance to receive this information and then forward to more private instance however I don't want to loose speed and convienance if this is not necessary.

Marco
  • 1,709
  • 3
  • 17
  • 31
Jesper
  • 3
  • 2

1 Answers1

0

The doc you linked is for your VPC network ACL and not your specific instance. You should open the Ephemeral Ports in this ACL. However, your instance only needs ports open for requests that originate externally (such as SSH). If the request originates from your instance you don't need to open any additional security group rules, just make sure your egress rule allows you to make requests to anything.

B. Miller
  • 697
  • 3
  • 9