Minimizing Open Egress Ports in a New VPC Setup

C.

When setting up an application in a new VPC behind a firewall, it is essential to ensure that data egress is secure. The user is concerned about data egress, so it is important to configure the fewest open egress ports. This can be achieved by setting up appropriate firewall rules. Let's review the options:

A. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports. This option is a good choice because it blocks all egress traffic by default, and only allows traffic on the ports that are required. The low-priority rule blocks all traffic, while the high-priority rule allows traffic on the appropriate ports. This option minimizes the number of open egress ports, which makes it a secure configuration.

B. Set up a high-priority (1000) rule that pairs both ingress and egress ports. This option is not a good choice because it pairs both ingress and egress ports. Pairing ingress and egress ports may not be necessary for the application and would result in unnecessary open egress ports, which increases the risk of data egress.

C. Set up a high-priority (1000) rule that blocks all egress and a low-priority (65534) rule that allows only the appropriate ports. This option is similar to option A, but it reverses the priority of the rules. It is still a valid option because it blocks all egress traffic by default, and only allows traffic on the appropriate ports.

D. Set up a high-priority (1000) rule to allow the appropriate ports. This option is not a good choice because it allows all egress traffic on the appropriate ports, which is not as secure as blocking all egress traffic by default.

Therefore, the best option is A. Set up a low-priority (65534) rule that blocks all egress and a high-priority rule (1000) that allows only the appropriate ports.