There are certain policies to be adopted ir order to use the mac service as a sponsored service by AWS.

ssh connections

• We need to change the default port

To try this we can use https://github.com/aws/ec2-macos-init/blob/master/README.md#userdata to try to change the ssh port, we still need to see how this will impact / affect the replace root volume action.

Other option would be to create specific policy to allow ssh connections from a ciddr block, currently request and release operation typically are invoked from an external entity so control the IPs is almost impossible, a possible solution to this is move full serverless the service...then all ssh invocation will be done from the container being executed on Fargate (knonw ciddr block, or may we can use security groups to meet the requirement)