I need to set up an AWS instance that is closed from the Internet. I created such an instance, but it cannot connect to external network resources (for example, using the apt get update command)
I have tried to allow all inbound and outbound trafik in security group but it didnot help
Desired result: My private instance should be able to connect to other insternet resources
It appears that you want to prevent traffic going from the Internet to your Amazon EC2 instance, but you want it to be able to have outbound connections to the Internet (and receive the response back).
There are two ways to restrict access between an Amazon EC2 instance and the Internet:
One way is to use a Security Group that restricts Inbound access. You might still want to allow access on port 22 (SSH) from your IP address, but otherwise remove all other Inbound rules. This will prevent any connections that are initiated from the Internet. Keep the Outbound rules with their default "Allow All" setting. This will permit Outbound connections to the Internet and the responses to these connections will be permitted to return.
Another way is to put the instance in a private subnet. This will automatically prevent the instance from being able to receive traffic from the Internet. You will need a NAT Gateway configured in a public subnet to permit Outbound traffic (charges apply). Putting the instance in a private subnet will also prevent inbound SSH connections, but you can use AWS Systems Manager Session Manager to connect to the instance.
In both cases you should NOT modify the Network Access Control Lists (NACLs). These should generally be left at their default "Allow all" settings.