问题
I have a server(Java/Tomcat running) which was creating huge outbound traffic. This server can not be accessed from outside world only internal network server can access it. i.e. inbound is allowed only from internal network.
To solve huge outbound traffic we have blocked all outbound traffic via aws security group except internal network servers.
But now it has also stopped aws custom monitoring scripts to send data to cloudwatch.
So what is the ip range that I need to open in outbound rules to send traffic to cloudwatch?
回答1:
For Singapore region:
The Cloudwatch IP can be found if you ping the end point
monitoring.ap-southeast-1.amazonaws.com
via any AWS server.
For any other region in AWS please refer to the link below. http://docs.aws.amazon.com/general/latest/gr/rande.html#cw_region
The above page lists the endpoints of All the AWS services.
来源:https://stackoverflow.com/questions/32437103/deny-all-outbound-traffic-except-cloudwatch-on-aws