Aviatrix Answers

This article was written prior to the availability of the AWS Transit Gateway; it assumes use of Aviatrix Gateways in each Spoke VPC. Looking for AWS Transit Gateway? See Transit Gateway Overview or AWS Transit Gateway Quick Reference Guide or Transit Gateway Orchestration Answers.

How do I overcome the 50 IP limit per security group in AWS?

Key Concepts
2 minute read

The problem:

The number of inbound or outbound rules per security groups in amazon is 50. Reference.

From the inbound perspective this is not a big issue because if your instances are serving customers on the internet then your security group will be wide open, on the other hand if your want to allow only access from a few internal IPs then the 50 IP limit is sufficient.

However, outbound or egress traffic is a different discussion. Let's say you have a production instance that needs updates from updates.ubuntu.com (15 IPs) and a few other repos like github (12 IPs), and perhaps a third party partner. You can quickly realize that 50 IPs are not enough.

The solution:

Aviatrix solution to this problem is the FQDN Filter Security Feature that allows you to specify filters using Fully Qualified Domain Name of the destinations that your instances are be allowed to reach. This simplifies the management as you only have to introduce things like update.ubuntu.com or github.com to allow access to such services, and not have to deal with third party domain name resolution nor any updates to those domain IPs.

An Aviatrix NAT gateway, deployed on yout public VPC, is required to support the traffic outbound to the internet. For more information on how to implement check this article on Aviatrix's documentation page.

Get started.

Seven Criteria for Building an AWS Global Transit Network

AWS Bootcamp (40 minutes)

Global Transit Network design is critical to the success of your AWS deployment. This bootcamp covers seven criteria all good designs have in common.

See a Demo

Personalized Walkthrough

Want to see a live demonstration of our cloud-native networking and get answers to your questions about Aviatrix and Global Transit Networks?

Comparing Aviatrix Partner Solution for Global Transit to AWS Solution with CSR

Related Reading

What should you know about your choices for AWS Global Transit Network architecture? This chart provides a point-by-point comparison of features.