I have a lambda and my script in running on it, it's connecting to a database, I have attached a security group to this lambda, the outbound rules is allow all Protocol and all ports, it seems a bit too permissive, but I'm not sure how to change it to the setting I need, is there any suggestions?
How should I narrow down the permission range and my lambda will also work? Or is it safe to keep it like this?
You can use security_groups in egress to limit outgoing traffic to the SG of your database:
egress {
from_port = 0
protocol = -1
to_port = 0
security_groups = [database_security_group_id]
}