A company operates a workload in a single VPC on AWS, utilizing interface VPC endpoints for services such as Amazon CloudWatch Logs and AWS Key Management Service (AWS KMS). These endpoints share a security group that is not used by any other workloads or resources. Following a security review, the company identified that the shared security group is overly permissive and aims to tighten its rules without disrupting access to AWS services through the interface VPC endpoints, while eliminating unnecessary access.

The current security group rules are as follows:

• Inbound - Rule 1
  Protocol: TCP
  Port: 443
  Source: 0.0.0.0/0

• Inbound - Rule 2
  Protocol: TCP
  Port: 443
  Source: VPC CIDR

• Outbound - Rule 1
  Protocol: All
  Port: All
  Destination: 0.0.0.0/0

Which rule or rules should the company remove to meet these requirements?