I noticed that you added outbound rules for http and https in the Web NACL. However this is not necessary as you added the Ephemeral port rule allowing all TCP out on ports 1024 -65535. I set it up this way and it works. Any comments?
The same module is used in other courses, and this has already been ticketed for review by the ACG content team.
So actually it is worth noting that a lot of people would add the outbound rules purely for readability, as not everyone in the company may know that all outbound rules are allowed (especially for SGs) 🙂