AWS Certified Solutions Architect - Professional 2020

Sign Up Free or Log In to participate!

Security Groups are stateful

Hi Scott,

Security Groups are stateful – is this yet needed to add ephemeral ports to outbound?

Once port 80 is open for inbound, I expect the response traffic will be allowed regardless of outbound rules.

1 Answers

Hi Gabor,

You are absolutely correct that there is no need to add ephemerals as an outbound rule on security groups with TCP Port 80 inbound.  The stateful nature of SGs will let the ephemeral ports out no problem.  You don’t even need any outbound rule at all. 

I’m going to edit this out so others won’t get confused.  I originally had the explicit ephemerals on the NACL but changed it to SGs where…it doesn’t apply.




Hi Scott, thanks for the fast response. Anyway, I like the training pretty much, motivating, well-structured and gives the right perspective.

Scott Pletcher

Thanks Gabor!

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?