拒绝除AWS上的CloudWatch以外的所有出站流量 [英] Deny all outbound traffic except cloudwatch on AWS

问题描述

我有一台正在运行巨大出站流量的服务器(正在运行Java/Tomcat).不能从外部访问此服务器，只有内部网络服务器可以访问它.也就是说，仅允许从内部网络入站.

I have a server(Java/Tomcat running) which was creating huge outbound traffic. This server can not be accessed from outside world only internal network server can access it. i.e. inbound is allowed only from internal network.

为解决巨大的出站流量，我们已通过aws安全组阻止了所有出站流量，但内部网络服务器除外.

To solve huge outbound traffic we have blocked all outbound traffic via aws security group except internal network servers.

但是现在它也停止了aws自定义监视脚本，以将数据发送到cloudwatch.

But now it has also stopped aws custom monitoring scripts to send data to cloudwatch.

那么 我需要在出站规则中打开以将流量发送到cloudwatch的ip范围 是什么?

So what is the ip range that I need to open in outbound rules to send traffic to cloudwatch?

推荐答案

在新加坡地区:

如果您对端点执行ping操作，则可以找到Cloudwatch IPmonitoring.ap-southeast-1.amazonaws.com
通过任何AWS服务器.

The Cloudwatch IP can be found if you ping the end point monitoring.ap-southeast-1.amazonaws.com
via any AWS server.

对于AWS中的任何其他区域，请参考下面的链接. http://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region

For any other region in AWS please refer to the link below. http://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region

以上页面列出了所有AWS服务的终端节点.

The above page lists the endpoints of All the AWS services.

这篇关于拒绝除AWS上的CloudWatch以外的所有出站流量的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！