How to capture ALL internet-bound network traffic?

My team and I are using AWS Network Firewall and trying to gather a list of ALL internet-bound traffic (every single domain our AWS accounts reach out to) using Suricata alert rules. These are the rules we are using to capture all network traffic:

alert ip $HOME any -> any 53 (msg:"DNS LOOKUP logged"; flow:to_server, established; sid:1000001; rev:1; metadata:updated_at 2022_05_20;)
alert tls $HOME any -> any any ( msg:"INITIAL TLS egress to collect all outgoing traffic"; flow:to_server, established; sid:1000002; rev:1; metadata:updated_at 2022_05_20;)
alert http $HOME any -> any any ( msg:"INITIAL http egress to collect all outgoing traffic"; flow:to_server, established; sid:1000003; rev:1; metadata:updated_at 2022_05_20;)

Will this capture all possible internet-bound traffic we could have in AWS? Or are we missing anything? Thank you in advance.

Probably change the dns rule to
alert dns .... w/o a port.

This will not capture “all” traffic in most networks, usually there is more than just dns/tls/http.

Not sure if AWS exposes flow logs, but that seems to be what you’re trying to approximate here.