What does protocol -1 on AWS security group egress mean?

Question 1

I understand the egress property on an AWS security group controls the outbound traffic, but does anyone know what the protocol of -1 means?

resource "aws_security_group" "elb" {
  name = "example-elb”
  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp”
    cidr_blocks = [" 0.0.0.0/ 0”]
  }
  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = [" 0.0.0.0/ 0"] }
}

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

resource "aws_security_group" "elb" {

name = "example-elb”

ingress {

from_port = 80

to_port = 80

protocol = "tcp”

cidr_blocks = [" 0.0.0.0/ 0”]

}

egress {

from_port = 0

to_port = 0

protocol = "-1"

cidr_blocks = [" 0.0.0.0/ 0"] }

}

Question 2

It’s in the documentation:

The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). (VPC only) Use -1 to specify all protocols. If you specify -1, or a protocol number other than tcp, udp, icmp, or 58 (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For tcp, udp, and icmp, you must specify a port range. For protocol 58 (ICMPv6), you can optionally specify a port range; if you don’t, traffic for all types and codes is allowed.

What does protocol -1 on AWS security group egress mean?

Question:

Answer:

Leave a Reply Cancel reply