I would like to know the necessary Outbound Rules for Security Groups of VPC Endpoints

Problem

I'm planning about Security Group. Could you please tell me if the Security Group configured for a VPC Endpoint of Interface type needs to have an Outbound Rule?

Solution

The answer is that an Outbound Rule is not necessary.

How do I configure security groups and network ACLs when creating a VPC interface endpoint for endpoint services? (English)

Note: You don't need to create a rule in the outbound direction of the security group associated with the interface endpoint.

Thai translation

หมายเหตุ: คุณไม่จำเป็นต้องสร้าง rule ใน outbound ของ security group ที่เชื่อมโยงกับ interface endpoint

You can associate a Security Group with a VPC Endpoint of Interface type. In the Rules section of the associated Security Group, you need to set up Inbound Rules to allow access from EC2 and other sources, but for Outbound Rules, there's no need to configure them.

Reference Articles

Access an AWS service using an interface VPC endpoint (English)

Original Article

VPC エンドポイントのセキュリティーグループで必要なアウトバウンドルールを教えてください (Japanese)