Review networking setup for security groups, VPC, endpoints

[patchwork01]

User Story

As a user deploying Sleeper, I want minimally permissive settings for networking, so that a Sleeper instance is secure by default.

Description / Background

We'd like to investigate changes we could make to our configuration of security groups and VPC endpoints.

Technical Notes / Implementation Details

We currently add VPC endpoints in our "environment" CDK app. We could see what the benefits might be for adding VPC endpoints for further AWS services, e.g. ECR. We'd like to know how this relates to security groups.

We can look at the potential benefits of putting our lambdas in the same VPC as the rest of the instance, and configuring security groups for them.

Issues:

• Create security groups to run ECS tasks #6100
• Restrict default security group in environment setup #6097
• Document networking security approach #6413