The problem:
The number of inbound or outbound rules per security group in amazon is 60. Reference.
From the inbound perspective, this is not a big issue because if your instances are serving customers on the internet, then your security group is wide open; on the other hand, if you want to allow access only from a few internal IPs, then the 60 IP limit is sufficient.
However, outbound or egress traffic is a different discussion. Let's say you have a production instance that needs updates from updates.ubuntu.com ( 15 IPs) and a few other repositories like GitHub (12 IPs), and perhaps a third party partner. You can quickly realize that 60 IPs are not enough.
The solution:
Aviatrix solution to this problem is the Secure Cloud Egress with FQDN that allows you to specify filters using Fully Qualified Domain Name of the destinations that your instances are allowed to reach. This simplifies the management as you only introduce FQDN such as update.ubuntu.com or github.com to allow access to such services, and not deal with third-party domain name resolution nor any updates to those domain IPs.
Aviatrix AVX Gateway, deployed in your public VPC/VNet using the AVX Multi-Cloud Networking Platform, is required to filter the traffic outbound to the internet. For more details on how to implement Aviatrix Multi-Cloud Secure Egress with FQDN Filtering, check out docs.aviatrix.com.