Check your AWS Network Access Control Lists (NACLs) for outbound rules that allow traffic from all ports and limit access to the required ports or port ranges only in order to implement the principle of least privilege and reduce the possibility of unauthorized access at the subnet level.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Controlling the outbound traffic of one or more subnets by opening just the ports required by your applications will add an additional layer of security to your VPC (a second layer of defense after security groups).
To determine if your Amazon Network ACLs rules allow outbound traffic to all ports, perform the following:
To update your AWS NACL outbound rules configuration in order to allow traffic to specific destination port or port range only, perform the following: