How to specify all ports in Security group - CloudFormation

amazon-web-services amazon-ec2 amazon-cloudformation amazon-vpc

30,487

Solution 1

The original solution I posted (and accepted by the original poster) stopped working as AWS no longer supports it. To avoid the barrage of downvotes, I deleted the answer. The alternatives are:

Specify the ports 0 and 65535

Open all ports for all protocols not just TCP (as suggested by thewire247 below)

"SecurityGroupIngress" : [{
  "IpProtocol" : "-1",
  "CidrIp" : "0.0.0.0/0"
}]

Solution 2

If you are looking to allow all protocols and all ports, then you can do the following

{
  "IpProtocol" : "-1"
  "CidrIp" : "0.0.0.0/0"
}

Solution 3

FromPort
Start of port range for the TCP and UDP protocols, or an ICMP type number. If you specify icmp for the IpProtocol property, you can specify -1 as a wildcard (i.e., any ICMP type number).

ToPort
End of port range for the TCP and UDP protocols, or an ICMP code. If you specify icmp for the IpProtocol property, you can specify -1 as a wildcard (i.e., any ICMP code).

ex.
{ "IpProtocol" : "icmp", "FromPort" : "8", "ToPort" : "-1", "CidrIp" : "10.0.0.0/24" }

ref:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html

30,487

Steven Yong

Updated on February 16, 2020

Comments

Steven Yong about 4 years
I have my CloudFormation script like this now:
```
    "SecurityGroupIngress" : [{
      "IpProtocol" : "tcp",
      "FromPort" : "0",
      "ToPort" : "65535",
      "CidrIp" : "0.0.0.0/0"
    }]
```
and it looks like this, which is fine:

But I am wondering how to I update the template to get this:

Notice the Ports say All. I also wonder if they are different?
geerlingguy over 6 years

Unfortunately, this seems not to work (at least not anymore). I tried this and got TCP/UDP (from) port (-1) out of range. I had to specify 0 and 65535 explicitly :(
Sam Hammamy over 5 years

Please change this to the accepted answer, the current accepted answer no longer works