Hi everyone. New to this forum and to setting up agent runtimes. I’m trying to lock down network access for my local LLM setup, following the principle of minimal allowlists.

My runtime (text-generation-webui) and some agents try to call out to a lot of AWS endpoints by default. I know I need to allow my specific S3 bucket for model downloads. But if I just block all `*.amazonaws.com` except that one bucket, am I going to break something basic or cause weird failures later? For example, do some inference libraries or agents use other AWS services for essential tasks I might not know about?

I want to be safe, but also not leave a huge hole open. Appreciate any guidance from folks who have done this.