Greetings, Given the deny-by-default nature of security groups I think it makes sense to disable firewalld in the AMI's. I haven't seen any other AMI's that have a firewall enabled by default and we probably shouldn't break that pattern IMO. Thoughts? -Sam