I have defined and been using AWS Interface VPC Endpoint, but I have one question. The question is about why inbound rules in the security group of Interface VPC Endpoint are sufficient for communication. For example, if I define an Interface VPC Endpoint for AWS Glue, I can call Glue from my EC2 instance using the private IP even if only inbound rules in the Interface VPC Endpoint's security group are allowed. I don't understand why outbound rules in the Interface VPC Endpoint's security group are unnecessary. Is there anyone who knows the reason for this?
Asked
Active
Viewed 68 times
1 Answers
0
Security groups are stateful, meaning they tag traffic. So if you specify one, the other isn’t necessary since it has already been tagged.
charles uneze
- 123
- 7