What AWS security groups for Cockpit?

We have a functioning Camunda Sprig Boot and Cockpit installation running on the same ECS Cluster as two different services. Everything runs fine. Except now our org is asking us to redact the the large 10.0.0.0/8 INGRESS security group on our ECS Cluster.

As soon as I redact it…though there is no change to the Spring Boot Webservices call from POSTMAN or our Web based UI to the same Webservices, the Cockpit UI stopped functioning.

Could someone let me know what SGs should I open up selectively for Cockpit UI to work?