In the nat instance lab, the inbound https rule isn’t necessary. The internal instance can still connect out to the internet and run yum update just fine without adding https to the security group. That being said, thanks for the great content
You’re quite right, neither HTTP nor HTTPS is required inbound for a NAT instance since the NAT is handled at Layer 3 (Network), and never reaches Layer 4 (Transport) where Security groups are evaluated. And for sure, we don’t want that instance having any ports open unless absolutely necessary. We’ve recorded this as something to be amended. Thanks for letting us know!
Feedback can also be submitted directly to us through our Contact Support form, where one of our technical team members will respond and assess what we need to do to update our content