How to add an `egress` rule to a Security Group with `allow all source ports to port 443 on X.X.X.X`

rBell · March 20, 2022, 1:34am

Hi all,
is there any way I can add an egress rule to a Security Group that says:
allow all source ports to port 443 on X.X.X.X
I can see that I have to (?) specify particular source port but didn’t find a way to add all source ports to an egress rule

ronaldM · March 20, 2022, 3:03am

I use:

        - IpProtocol: tcp
          FromPort: 0
          ToPort: 65535
          CidrIp: 0.0.0.0/0```

rBell · March 20, 2022, 3:34am

So FromPort: 0 = from all ports ?

ronaldM · March 20, 2022, 5:00am

There are 65536 total ports, so From 0 to 65535 is the same as saying “all ports”, yes

rBell · March 20, 2022, 5:25am

Wait a sec - I misinterpret that.
I thought the FromPort is the source port and the ToPort is the destination port whereas you are saying that both tell about the source port range. Am I right ?

ronaldM · March 20, 2022, 5:51am

That’s correct, there’s no way you can control the port at the destination, that’s a function of the OS

ronaldM · March 20, 2022, 7:20am

It’s a good example of why they should be more careful when choosing API names, because what you said makes total sense given the names. It should have been MinPort and MaxPort or something

rBell · March 20, 2022, 9:19am

there's no way you can control the port at the destination, that's a function of the OS
well, in most cases you can - I agree this is the OS level function but you specify the list of allowed destination ports