{"id":"security-groups-do-not-filter-dns-dhcp-metadata","text":"Security groups do not filter traffic to/from Amazon DNS, DHCP, EC2 instance metadata (169.254.169.254), ECS task metadata, Windows license activation, Time Sync Service, or default VPC router reserved IPs.","truth_value":"IN","source":"entries/2026/03/08/vpc-security-groups.md","source_url":"","source_hash":"13933c4c65c21983","justifications":[],"dependents":[],"metadata":{},"explanation":{"steps":[{"node":"security-groups-do-not-filter-dns-dhcp-metadata","truth_value":"IN","reason":"premise"}]}}