Block communication by domain name

Can you tell me if there is a way to stop communication to a specific destination in the communication for the Internet starting from within the VPC?

Specifically, I would like to stop communication for China and communication for Alibaba Cloud.

Communication for other Internet is fine.

Answer:

When controlling by URL / domain name, use a Proxy server [1] or UTM product [2] provided by a third party in the VPC. Or if you implement it in AWS, configure AWS Network Firewall [3] with VPC and outbound, it is possible to block communication by domain name.

The AWS Network Firewall can be controlled by URL / domain name, but the control of “communication for China” is not possible.

Since it is not provided, please register the domain / IP address individually or have such a function. We would like you to consider using Proxy server / UTM products.

Reference:

How to set up an outbound VPC proxy with domain whitelisting and content filtering

https://aws.amazon.com/blogs/security/how-to-set-up-an-outbound-vpc-proxy-with-domain-whitelisting-and-content-filtering/

Filter cloud network traffic, help prevent advanced threats

https://aws.amazon.com/mp/security/filter-traffic-threats/

AWS Network Firewall

https://aws.amazon.com/network-firewall/?whats-new-cards.sort-by=item.additionalFields.postDateTime&whats-new-cards.sort-order=desc

AWS Network Firewall has a highly flexible rules engine that supports thousands of custom rules, so you can define firewall rules to protect your unique workloads. AWS Network Firewall rules can be based on IP, port, protocol, domain, and pattern matching and are written in common open source rule formats.