Hi folks how do I setup a SecurityGroupRule to allow all ICM

Question

Hi folks how do I setup a SecurityGroupRule to allow all ICMP IPv4 traffic from a specific prefix list

little-cartoon-10569 · Answer

`protocol icmp cidrBlocks prefixList` Afaik you shouldn t need fromPort and toPort for all ICMP traffic only certain ICMP traffic cares about those

enough-leather-70274 · Answer

Yeah <https www pulumi com docs reference pkg aws ec2 securitygrouprule |Docs say> if protocol is icmp I need to provide ICMP type number in `from port` and ICMP code in the `to port` both of which are required but that doesn t make sense as ICMP codes are error type indicators

little-cartoon-10569 · Answer

Hmm I ll see if I can find the code

enough-leather-70274 · Answer

Thanks < little cartoon 10569> unfortunately pulumi throws errors if I don t specify from and to ports

enough-leather-70274 · Answer

using python

little-cartoon-10569 · Answer

Looks like all types are in the range 0 to 254 try those

enough-leather-70274 · Answer

Nope that results in the following ```Type Protocol Port range Custom ICMP IPv4 Echo Reply 254```

enough-leather-70274 · Answer

I m looking for ```Type Protocol Port range All ICMP IPv4 ICMP All```

little-cartoon-10569 · Answer

1 Though as far as I know All is used only when protocol = 1 and that means all protocols and ports

little-cartoon-10569 · Answer

But the protocol should definitely read ICMP not Echo Reply

enough-leather-70274 · Answer

So 1 in `from port`

enough-leather-70274 · Answer

Well type 0 is echo reply

little-cartoon-10569 · Answer

I d try 1 in both ports I can t find AWS docs on this though I m just guessing

little-cartoon-10569 · Answer

Ah found it in CloudFormation docs <https docs aws amazon com AWSCloudFormation latest UserGuide aws resource ec2 security group egress html>

little-cartoon-10569 · Answer

gt For the ICMP protocol you must also specify the ICMP type and code You can use 1 for the type or code to mean all types or all codes

enough-leather-70274 · Answer

Yup that s got it

enough-leather-70274 · Answer

Pulumi doesn t use CF tho right Be boto I imagine

enough-leather-70274 · Answer

Got it <https boto3 amazonaws com v1 documentation api latest reference services ec2 html EC2 SecurityGroup ip permissions>

enough-leather-70274 · Answer

gt ToPort A value of 1 indicates all ICMP ICMPv6 codes If you specify all ICMP ICMPv6 types you must specify all codes

enough-leather-70274 · Answer

Thanks for your help < little cartoon 10569>

little-cartoon-10569 · Answer

Yep doesn t use CF but they both use the same server side API so the values for properties should be identical unless the client libraries do extra things to the values

little-cartoon-10569 · Answer

Doesn t use boto either Uses the API that boto uses though slightly smiling face

enough-leather-70274 · Answer

Gotcha so <https docs aws amazon com AWSEC2 latest APIReference API AuthorizeSecurityGroupIngress html|this one>

little-cartoon-10569 · Answer

Yep looks good Didn t know about that site of course it had to exist didn t it Bookmarked now