Security Groups are stateful – is this yet needed to add ephemeral ports to outbound?
Once port 80 is open for inbound, I expect the response traffic will be allowed regardless of outbound rules.
You are absolutely correct that there is no need to add ephemerals as an outbound rule on security groups with TCP Port 80 inbound. The stateful nature of SGs will let the ephemeral ports out no problem. You don’t even need any outbound rule at all.
I’m going to edit this out so others won’t get confused. I originally had the explicit ephemerals on the NACL but changed it to SGs where…it doesn’t apply.