I have two droplets that make a small number of calls to external servers, but those servers are on AWS with dynamic addresses. If traffic leaving either droplet is blocked at the network layer, the software trying to connect to those external servers fail open on my two droplets. At the moment, I'm using the json file provided by Amazon to identify allowed addresses and I feel like it's a good solution for me. I was wondering if rules that filter on AWS region/service tags would be useful for anyone else. Thank you for your product.