from_port and to_port values for icmp protocol ingress rule aws_security_group resource?

terraform terraform-provider-aws

I want to setup an ingress "Custome ICMP (IPv4)" rule for a security group, and the aws_security_group page isn't clear on what I need to put for the from_port and to_port values. It says (similar for the to_port)

from_port - (Required) The start port (or ICMP type number if protocol is "icmp" or "icmpv6")

What is ICMP type number? If I do this manually in the AWS console, the port is defaulted to N/A.


Solution 1:

You can get the ICMP type number from this site

https://www.iana.org/assignments/icmp-parameters/icmp-parameters.xhtml

Assuming you want to allow a ping (Echo) to your server you can use the following terraform configuration

from_port = 8
to_port = 0
protocol = "icmp"

If you want to allow all ICMP you can use the following configuration:

from_port = -1
to_port = -1
protocol = "icmp"

Which was sourced from this blog:

https://blog.jwr.io/terraform/icmp/ping/security/groups/2018/02/02/terraform-icmp-rules.html

Related

How do I convert this XML to KML?
Error: require() of ES modules is not supported when importing node-fetch
pecl fails installing mongodb driver on Apple Silicon (M1)
How do I make an array with unique elements (i.e. remove duplicates)?
Vuesjs/Nuxtjs: Modification to one of the v-model Node reflects the changes in other Nodes v-models as well [duplicate]
ES6 - Finding data in nested arrays
Getting "Cannot deserialize the contract state" when calling Rust init function
What's the build order of product-am and carbon-apimgt?
How to use if/else condition on Django Templates?
Loading initial data with Django 1.7 and data migrations
failed to find target with hash string android-23
Enabling IntelliJ's fancy ≠ (not equal to) operator