Ensure each VPC NACL does not allow all traffic outbound

Ensure that your VPCs Network Access Control List (NACLs) do not allow outbound traffic on all ports. This helps implement the policy of least privilege and is considered a security best practice and should always be done. Ensuring this is enabled will help with NIST and PCI-DSS compliance.

Audit & Remediation

  • Login into your AWS account
  • Navigate to the VPC service at: https://console.aws.amazon.com/vpc
  • On the left hand panel select Your VPCs.
  • select the hyperlink under VPC ID for the VPC you would like to examine.



  • Select the tab Details and locate the Network ACL hyperlink and select.



  • with the Network ACL ID selected, below select the Outbound Rules tab.
  • if your Allow rule currently has Port Range set to ALL, then select the Edit outbound rules in order to add specific ports to your inbound rule.



  • Once rules have been added that allows required ports, it is safe to remove the initial rul.
  • Repeat this process for each VPC that you have in each region.
See all of your AWS VPCs in a single place!

Do you want to see all VPCs in once place for all regions and all accounts?
Login to our online demo to see exactly what this looks like.


Other Key Features


Consolidate your inventory management with consistent and frequent security logs, inventories, and change logs. Dashboard reporting for extensive analytical value.

learn more +

Cost & Usage

Access consolidated capacity, cost, and volume tools in a scaling environment without impacting production or breaking the bank.

learn more +