EC2 Security group connection tracking adds support for configurable idle timeouts

Today, AWS announced a new EC2 capability to configure idle timeouts for instance connection tracking. This will allow customers to manage their instance’s connection tracking resources and providing them the ability to configure optimal timeouts to manage connection scale. EC2 utilizes Connection Tracking (conntrack) to implement Security Groups and to enforce rules. With this new feature, idle timeouts for connections in the TCP Established, UDP stream and UDP unidirectional sessions on EC2 instances are now configurable on a per Elastic Network Interface (ENI) basis and can be edited from their default timeout settings. Prior to today, all idle connections in TCP and UDP states were tracked for a pre-defined default period or until they were closed. 

Source:: Amazon AWS