diff --git a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts index 1aae45389a5ee..96ddbd5dbefae 100644 --- a/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts +++ b/packages/@aws-cdk/aws-ec2/lib/security-group-rule.ts @@ -350,6 +350,7 @@ export class IcmpPing implements IPortRange { return { ipProtocol: Protocol.Icmp, fromPort: 8, + toPort: -1 }; } diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json b/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json index 7ac8bc19f1ffb..fc6f104af9b79 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpc.expected.json @@ -67,9 +67,6 @@ }, "MyVpcPublicSubnet1DefaultRoute95FDF9EB": { "Type": "AWS::EC2::Route", - "DependsOn": [ - "MyVpcVPCGW488ACE0D" - ], "Properties": { "RouteTableId": { "Ref": "MyVpcPublicSubnet1RouteTableC46AB2F4" @@ -78,7 +75,10 @@ "GatewayId": { "Ref": "MyVpcIGW5C4A4F63" } - } + }, + "DependsOn": [ + "MyVpcVPCGW488ACE0D" + ] }, "MyVpcPublicSubnet1EIP096967CB": { "Type": "AWS::EC2::EIP", @@ -158,9 +158,6 @@ }, "MyVpcPublicSubnet2DefaultRoute052936F6": { "Type": "AWS::EC2::Route", - "DependsOn": [ - "MyVpcVPCGW488ACE0D" - ], "Properties": { "RouteTableId": { "Ref": "MyVpcPublicSubnet2RouteTable1DF17386" @@ -169,7 +166,10 @@ "GatewayId": { "Ref": "MyVpcIGW5C4A4F63" } - } + }, + "DependsOn": [ + "MyVpcVPCGW488ACE0D" + ] }, "MyVpcPublicSubnet2EIP8CCBA239": { "Type": "AWS::EC2::EIP", @@ -249,9 +249,6 @@ }, "MyVpcPublicSubnet3DefaultRoute3A83AB36": { "Type": "AWS::EC2::Route", - "DependsOn": [ - "MyVpcVPCGW488ACE0D" - ], "Properties": { "RouteTableId": { "Ref": "MyVpcPublicSubnet3RouteTable15028F08" @@ -260,7 +257,10 @@ "GatewayId": { "Ref": "MyVpcIGW5C4A4F63" } - } + }, + "DependsOn": [ + "MyVpcVPCGW488ACE0D" + ] }, "MyVpcPublicSubnet3EIPC5ACADAB": { "Type": "AWS::EC2::EIP", @@ -495,6 +495,66 @@ "Ref": "MyVpcIGW5C4A4F63" } } + }, + "SGADB53937": { + "Type": "AWS::EC2::SecurityGroup", + "Properties": { + "GroupDescription": "aws-cdk-ec2-vpc/SG", + "SecurityGroupEgress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "Allow all outbound traffic by default", + "IpProtocol": "-1" + } + ], + "SecurityGroupIngress": [ + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:ICMP PING", + "FromPort": 8, + "IpProtocol": "icmp", + "ToPort": -1 + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:ICMP Type 128", + "FromPort": 128, + "IpProtocol": "icmp", + "ToPort": -1 + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:ALL ICMP", + "FromPort": -1, + "IpProtocol": "icmp", + "ToPort": -1 + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:UDP ALL PORTS", + "FromPort": 0, + "IpProtocol": "udp", + "ToPort": 65535 + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:UDP 123", + "FromPort": 123, + "IpProtocol": "udp", + "ToPort": 123 + }, + { + "CidrIp": "0.0.0.0/0", + "Description": "from 0.0.0.0/0:UDP 800-801", + "FromPort": 800, + "IpProtocol": "udp", + "ToPort": 801 + } + ], + "VpcId": { + "Ref": "MyVpcF9F0CA6F" + } + } } } } \ No newline at end of file diff --git a/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts b/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts index 201a5619b46b4..fe66412cd50de 100644 --- a/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts +++ b/packages/@aws-cdk/aws-ec2/test/integ.vpc.ts @@ -1,10 +1,25 @@ -import { App, Stack } from '@aws-cdk/cdk'; -import { VpcNetwork } from '../lib'; +import cdk = require('@aws-cdk/cdk'); +import ec2 = require('../lib'); -const app = new App(); +const app = new cdk.App(); +const stack = new cdk.Stack(app, 'aws-cdk-ec2-vpc'); -const stack = new Stack(app, 'aws-cdk-ec2-vpc'); +const vpc = new ec2.VpcNetwork(stack, 'MyVpc'); -new VpcNetwork(stack, 'MyVpc'); +// Test Security Group Rules +const sg = new ec2.SecurityGroup(stack, 'SG', { vpc }); + +const rules = [ + new ec2.IcmpPing(), + new ec2.IcmpAllTypeCodes(128), + new ec2.IcmpAllTypesAndCodes(), + new ec2.UdpAllPorts(), + new ec2.UdpPort(123), + new ec2.UdpPortRange(800, 801), +]; + +for (const rule of rules) { + sg.addIngressRule(new ec2.AnyIPv4(), rule); +} app.run();