diff --git a/examples/pnpm-lock.yaml b/examples/pnpm-lock.yaml
index 90cceda..7e0f435 100644
--- a/examples/pnpm-lock.yaml
+++ b/examples/pnpm-lock.yaml
@@ -7029,7 +7029,7 @@ packages:
     dev: false
 
   file:../lib/dist/cdk-practical-constructs-0.0.1.tgz:
-    resolution: {integrity: sha512-Q+EEuBbNauhKpltwO7OMmKpyewfAPkJBIz9RQeTwz3NKEw9H2SBYxBLw4UDVR7kxaHPIYkHyNvNjSrqALNIoEg==, tarball: file:../lib/dist/cdk-practical-constructs-0.0.1.tgz}
+    resolution: {integrity: sha512-/i9W8DzDoRXpJJLw+dXU5VxYq+ASClgV2d3Kfmd9eneEAcC/YQV3nB9DvTKe2buuUzWnPFsjGuJjIqyrKK4wUQ==, tarball: file:../lib/dist/cdk-practical-constructs-0.0.1.tgz}
     name: cdk-practical-constructs
     version: 0.0.1
     dependencies:
diff --git a/lib/src/wso2/wso2-api/wso2-api.ts b/lib/src/wso2/wso2-api/wso2-api.ts
index c6aa911..b7bc5bd 100644
--- a/lib/src/wso2/wso2-api/wso2-api.ts
+++ b/lib/src/wso2/wso2-api/wso2-api.ts
@@ -4,7 +4,6 @@ import { Construct } from 'constructs';
 import { CustomResource, Duration, RemovalPolicy, ScopedAws } from 'aws-cdk-lib/core';
 import { IFunction, Runtime } from 'aws-cdk-lib/aws-lambda';
 import { PolicyStatement } from 'aws-cdk-lib/aws-iam';
-import { Peer, Port } from 'aws-cdk-lib/aws-ec2';
 import { OpenAPIObject } from 'openapi3-ts/oas30';
 import { RetentionDays } from 'aws-cdk-lib/aws-logs';
 import { Provider } from 'aws-cdk-lib/custom-resources';
@@ -75,14 +74,10 @@ export class Wso2Api extends Construct {
         }),
       ],
       logGroupRetention,
+      allowAllOutbound: !props.customResourceConfig?.allowTLSOutboundTo,
       ...props.customResourceConfig,
     });
 
-    // add default outbound rule for connecting to any host
-    if (!props.customResourceConfig?.allowTLSOutboundTo) {
-      customResourceFunction.defaultSecurityGroup?.addEgressRule(Peer.anyIpv4(), Port.allTraffic());
-    }
-
     const customResourceProvider = new Provider(this, `${id}-wso2api-custom-provider`, {
       onEventHandler: customResourceFunction.nodeJsFunction,
     });