问题
I have my CloudFormation script like this now:
"SecurityGroupIngress" : [{
"IpProtocol" : "tcp",
"FromPort" : "0",
"ToPort" : "65535",
"CidrIp" : "0.0.0.0/0"
}]
and it looks like this, which is fine:
But I am wondering how to I update the template to get this:
Notice the Ports say All. I also wonder if they are different?
回答1:
The original solution I posted (and accepted by the original poster) stopped working as AWS no longer supports it. To avoid the barrage of downvotes, I deleted the answer. The alternatives are:
- Specify the ports 0 and 65535
or
Open all ports for all protocols not just TCP (as suggested by thewire247 below)
"SecurityGroupIngress" : [{
"IpProtocol" : "-1",
"CidrIp" : "0.0.0.0/0"
}]
回答2:
If you are looking to allow all protocols and all ports, then you can do the following
{
"IpProtocol" : "-1"
"CidrIp" : "0.0.0.0/0"
}
回答3:
FromPort
Start of port range for the TCP and UDP protocols, or an ICMP type number. If you specify icmp for the IpProtocol property, you can specify -1 as a wildcard (i.e., any ICMP type number).
ToPort
End of port range for the TCP and UDP protocols, or an ICMP code. If you specify icmp for the IpProtocol property, you can specify -1 as a wildcard (i.e., any ICMP code).
ex.{ "IpProtocol" : "icmp", "FromPort" : "8", "ToPort" : "-1", "CidrIp" : "10.0.0.0/24" }
ref:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html
来源:https://stackoverflow.com/questions/39021545/how-to-specify-all-ports-in-security-group-cloudformation