Add rules for security group validation (aws-cloudformation#3026)

* Add rule E3687 to validate ToPort and FromPort
* Add rule W3687 to validate ToPort and FromPort
* Add rule E3688 to validate both ToPort,FromPort are -1
* Apply the rules to Ingress and Egress resources

scripts/update_schemas_manually.py

@@ -733,6 +733,34 @@
                         ],
                     },
                 ),
+                Patch(
+                    path="/definitions/Ingress/properties/FromPort",
+                    values={"minimum": -1},
+                ),
+                Patch(
+                    path="/definitions/Ingress/properties/ToPort",
+                    values={"minimum": -1},
+                ),
+                Patch(
+                    path="/definitions/Egress/properties/FromPort",
+                    values={"minimum": -1},
+                ),
+                Patch(
+                    path="/definitions/Egress/properties/ToPort", values={"minimum": -1}
+                ),
+            ],
+        ),
+        ResourcePatch(
+            resource_type="AWS::EC2::SecurityGroupEgress",
+            patches=[
+                Patch(
+                    path="/properties/FromPort",
+                    values={"minimum": -1},
+                ),
+                Patch(
+                    path="/properties/ToPort",
+                    values={"minimum": -1},
+                ),
             ],
         ),
         ResourcePatch(
@@ -747,9 +775,17 @@
                             "SourcePrefixListId",
                             "SourceSecurityGroupId",
                             "SourceSecurityGroupName",
-                        ]
+                        ],
                     },
                 ),
+                Patch(
+                    path="/properties/FromPort",
+                    values={"minimum": -1},
+                ),
+                Patch(
+                    path="/properties/ToPort",
+                    values={"minimum": -1},
+                ),
             ],
         ),
         ResourcePatch(

src/cfnlint/data/DownloadsMetadata/123ba181485ae293d5bd09722af0c19d5a0d14c62111ff864923fc7b7960dda6.meta.json

@@ -1 +1 @@
-{"etag": "\"effc1836f7a966083fbdb4e0f81a2d47\"", "url": "https://schema.cloudformation.eu-south-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"364b242dff2cf31f2046839c5ab2d57c\"", "url": "https://schema.cloudformation.eu-south-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/164e1bfc2823fbd49d8d0e7163ebf32b2b6653d7edfe98a64577daae0b481c38.meta.json

@@ -1 +1 @@
-{"etag": "\"751107f951b161baf464053c90900355\"", "url": "https://schema.cloudformation.cn-north-1.amazonaws.com.cn/CloudformationSchema.zip"}
+{"etag": "\"a36011ffbc897753ae0d68841d110e2d\"", "url": "https://schema.cloudformation.cn-north-1.amazonaws.com.cn/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/18624fcc4a1c571691d10b2508e6be565e4752bbc10d9552de8df8f81348c42b.meta.json

@@ -1 +1 @@
-{"etag": "\"6d1c4c89817c4d396ebe429ea8cfce90\"", "url": "https://schema.cloudformation.us-gov-east-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"fbdc4050d28c3ced1d6c9541632c9ace\"", "url": "https://schema.cloudformation.us-gov-east-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/227d6e59c86482f7153466759080e65963a1bf4413531ad420ff60a5a0d7965d.meta.json

@@ -1 +1 @@
-{"etag": "\"12a6baebe508a08bf1b9b0eafe66141f\"", "url": "https://schema.cloudformation.me-south-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"b90f4b4902026e5f95b38954998863ff\"", "url": "https://schema.cloudformation.me-south-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/23be708e675cb6098b08969e4dbbc3f54cfc32461d10e077e7e5de1fc25d8b8f.meta.json

@@ -1 +1 @@
-{"etag": "\"947ff4e5ab8acdc4fcf74a8480b3e0e2\"", "url": "https://schema.cloudformation.us-gov-west-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"176f4e2894ec2acb6290a05a269e6140\"", "url": "https://schema.cloudformation.us-gov-west-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/26cf4521b683d3267844178a6bcd1d0ad3fe2e7838c23f6acd054944cb2b1618.meta.json

@@ -1 +1 @@
-{"etag": "\"f84b13a790b6c533e1d4289dc4a745ac\"", "url": "https://schema.cloudformation.me-central-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"0f9432630056521ac617613aad1be09a\"", "url": "https://schema.cloudformation.me-central-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/276cecfeb1ec5e608e2aaa06925a2da57e9907e4a512c10ddae70b98b4dada43.meta.json

@@ -1 +1 @@
-{"etag": "\"2c3ed748f499ca6b639ef716d97acac7\"", "url": "https://schema.cloudformation.eu-west-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"54bd5eae10cee4adb4566d26485ff7a3\"", "url": "https://schema.cloudformation.eu-west-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/371e40c90b2e47c99f6e275e060ee83a3fbf0a0fb76625ba46dbe42abd34333c.meta.json

@@ -1 +1 @@
-{"etag": "\"47f12b87550e918969e60a40727dd190\"", "url": "https://schema.cloudformation.cn-northwest-1.amazonaws.com.cn/CloudformationSchema.zip"}
+{"etag": "\"7e931cf80bce968198825b517a866a7e\"", "url": "https://schema.cloudformation.cn-northwest-1.amazonaws.com.cn/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/42155835f382d82337be3d2bf832bada376aa3fe15197e3bb0e9290ff8719b4e.meta.json

@@ -1 +1 @@
-{"etag": "\"31d58468f833cbdbc868acba7bf63035\"", "url": "https://schema.cloudformation.af-south-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"3de828380e11418b68b5f34399142410\"", "url": "https://schema.cloudformation.af-south-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/42e9df95722b6524cd001503b6750b86f60a7b5acfc406ebb10d5748cbb8ed41.meta.json

@@ -1 +1 @@
-{"etag": "\"45b27dc6f4f9a7af15585ca2d23c2646\"", "url": "https://schema.cloudformation.us-west-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"adbc25e9e3f06fc434de4680f517c8f6\"", "url": "https://schema.cloudformation.us-west-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/4fbb29b69678acdd32c5758ed43ead9bf35136af536e92a84ccbaf062c315066.meta.json

@@ -1 +1 @@
-{"etag": "\"72ca384b3911b66c57ce88bc0ae4b529\"", "url": "https://schema.cloudformation.eu-central-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"0ee63cb2c95b7e841cedcc84f5269a21\"", "url": "https://schema.cloudformation.eu-central-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/56584c7d00e444de640bef01fc2c630804470222e5e4c690bacef5312891581d.meta.json

@@ -1 +1 @@
-{"etag": "\"63d1de10881d250eca51a9ac7b231b42\"", "url": "https://schema.cloudformation.ap-south-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"952c8778af65cda47b52ff0faefa3b97\"", "url": "https://schema.cloudformation.ap-south-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/583721567eccd1d5855daa623819df1a646b563d773e34b020d0ddeab2fe195b.meta.json

@@ -1 +1 @@
-{"etag": "\"c7acdf78bff0113d040a0a7828298b17\"", "url": "https://schema.cloudformation.ap-southeast-4.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"c0c6be40c29fdab9fd7ac2ecfde5ebbb\"", "url": "https://schema.cloudformation.ap-southeast-4.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/6316ae24f21cb620947aa250bebbee69548d44cc32e246ec9d7742088a2c17f8.meta.json

@@ -1 +1 @@
-{"etag": "\"6fd6a23bf9b72793460590b1460ce11a\"", "url": "https://schema.cloudformation.us-east-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"df0e0152fe8259730c1fd6fe9d83ce26\"", "url": "https://schema.cloudformation.us-east-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/81e1cc73ff2daf7d1e1eca393c2d1fdd98ac34d4109512e0e0947ef752dcb9c9.meta.json

@@ -1 +1 @@
-{"etag": "\"b14f647c22ed1c53e926654a836665cb\"", "url": "https://schema.cloudformation.ap-southeast-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"fa7b5a5b0e188fd287b5a9463e23f8d7\"", "url": "https://schema.cloudformation.ap-southeast-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/8adeabf0a09b37a8ed924aea799005947e4a4542365d35fd75466abcf306eeca.meta.json

@@ -1 +1 @@
-{"etag": "\"54a78961187dc4bafbf85e79189fdc3f\"", "url": "https://schema.cloudformation.ap-northeast-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"7aab0400c131f31315e6b365531f22eb\"", "url": "https://schema.cloudformation.ap-northeast-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/8b8b0cee4df1ef0947a8289e8ec0c67869b7533eabab32ecfc0a00cb19e55a5f.meta.json

@@ -1 +1 @@
-{"etag": "\"73eb84789e3f47a2ce8a8d0e2a7fa6ca\"", "url": "https://schema.cloudformation.ap-southeast-3.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"77ca3e0f61d4e8280912652d497260c7\"", "url": "https://schema.cloudformation.ap-southeast-3.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/b1f069477cd577cde04dfe1b323c0bb0e783fe32b6bb6b13774c32fcca1d303a.meta.json

@@ -1 +1 @@
-{"etag": "\"97827b39bd31296f6c3c69fb1e24553e\"", "url": "https://schema.cloudformation.ap-east-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"f18d01d79d409a1ff8dd99954565a1cb\"", "url": "https://schema.cloudformation.ap-east-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/c7ada205073390b33b7593ef8f304b9705f2567698dfdfa979bf0ccdb68cb856.meta.json

@@ -1 +1 @@
-{"etag": "\"a40b97e29d258ba3613c6eb982d5d134\"", "url": "https://schema.cloudformation.sa-east-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"42f10982ba2782e11f403c0910f448be\"", "url": "https://schema.cloudformation.sa-east-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/d24ce9a45a014b1ff04d479422ea956e92030ae5c03d7451980a15735e557edb.meta.json

@@ -1 +1 @@
-{"etag": "\"282d72e523a8ffcd280570382ff4b126\"", "url": "https://schema.cloudformation.ap-southeast-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"9a608de28d171727447147e3e6415f48\"", "url": "https://schema.cloudformation.ap-southeast-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/d85e2e061cacfcffe4902adb1074a04e6bb7f975b606f8db57532faddfcdd8c8.meta.json

@@ -1 +1 @@
-{"etag": "\"bfb34c90ce8436ce9714869ed81302be\"", "url": "https://schema.cloudformation.ca-west-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"3772c841d6df593f46af09d64d6fbbae\"", "url": "https://schema.cloudformation.ca-west-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/d8e41d35f4f8922b66525dea2c66d72a73ff097c685cda0a63c08a6416dc58ed.meta.json

@@ -1 +1 @@
-{"etag": "\"5f4551de59a16a6fa0f8253ca25fa1a1\"", "url": "https://schema.cloudformation.eu-central-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"6651380dd64c2ffb40e6373b0588b44b\"", "url": "https://schema.cloudformation.eu-central-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/dd98171253ebc36f5b78e247f3132b5f25c8d66a1f84939600616bab42579541.meta.json

@@ -1 +1 @@
-{"etag": "\"ad23ee5cf0745852dbce5435d8fd1871\"", "url": "https://schema.cloudformation.eu-north-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"9d999e6c25138e457453682331190c48\"", "url": "https://schema.cloudformation.eu-north-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/df4945435575c690a2651bb31e7a9b48972142778e1ff452383ede2ad4bac3d7.meta.json

@@ -1 +1 @@
-{"etag": "\"a167957542beaf48f0c31b1ebdd74bc2\"", "url": "https://schema.cloudformation.eu-south-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"bbd26a245b2a825b5a1ed3baf1c49fa3\"", "url": "https://schema.cloudformation.eu-south-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/e5301e07e25fa2c35d2c7e1f9dcf720826b315ef6f38515840537c02de23abe2.meta.json

@@ -1 +1 @@
-{"etag": "\"8b09632a0a5c67bd3c4d0309c8719689\"", "url": "https://schema.cloudformation.ca-central-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"8a4abf7e85cb235600054f091077ea72\"", "url": "https://schema.cloudformation.ca-central-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/e8b3dacc1675b478e8c7392b51f41467cf908a34e6b4c3fb3e97e2b584f651ca.meta.json

@@ -1 +1 @@
-{"etag": "\"c423efe97526abee358744098383d975\"", "url": "https://schema.cloudformation.eu-west-3.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"6628d7949c2c24b6ddab9745da6dcaca\"", "url": "https://schema.cloudformation.eu-west-3.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/ea0f7b8f144feb225afe73a24dfdf993318c41c71c21b0a17d4f68d82c5aee21.meta.json

@@ -1 +1 @@
-{"etag": "\"3269ce7119ccc620b09b2021b4ffe69c\"", "url": "https://schema.cloudformation.ap-northeast-3.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"600db79e43526641cf88b116db6aba2b\"", "url": "https://schema.cloudformation.ap-northeast-3.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/f1896c9151984eec294af1eddf64260f6cd7e4ced378cacdb93f76ed227b5c5d.meta.json

@@ -1 +1 @@
-{"etag": "\"38638c728c53e779b2f23826b0e02ae1\"", "url": "https://schema.cloudformation.us-west-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"267704ad1d3389f342ec29b202442666\"", "url": "https://schema.cloudformation.us-west-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/f49718b210ea89ff182ae51cb7004366b9e2e4d5e38136a5be83b6a55e7a82a1.meta.json

@@ -1 +1 @@
-{"etag": "\"25d4ba336b243267d351bf1085371fa6\"", "url": "https://schema.cloudformation.ap-south-2.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"09c1047eb5be4d6c57d38c96ae190d2b\"", "url": "https://schema.cloudformation.ap-south-2.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/f54eee6f8ad9619f41835b700369cdbb41c64a9c91b2fa5b4928c0d9b2f780b0.meta.json

@@ -1 +1 @@
-{"etag": "\"d3c7824cf546908c5964ff0a246885d3\"", "url": "https://schema.cloudformation.us-east-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"5bc916b17e9a3f8bbfdbb8a393f0d4fe\"", "url": "https://schema.cloudformation.us-east-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/fa657351d8e89c40ba6b82c4b1f5e1b5e50a1638ffe0a5dba0d8805c190a05f8.meta.json

@@ -1 +1 @@
-{"etag": "\"10287f4b65af7d6e5c741b54035f3aa3\"", "url": "https://schema.cloudformation.eu-west-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"ed54aa1102fc48ca113d2ddbc8fcbfff\"", "url": "https://schema.cloudformation.eu-west-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/DownloadsMetadata/ff02b7d808c1c00053f09aa43a50addf3b69878d351cffd417dc9a457df808af.meta.json

@@ -1 +1 @@
-{"etag": "\"2a91304be4e2f581a998679218a81b98\"", "url": "https://schema.cloudformation.ap-northeast-1.amazonaws.com/CloudformationSchema.zip"}
+{"etag": "\"5fa4c1b8dfa49446bd1440422a814828\"", "url": "https://schema.cloudformation.ap-northeast-1.amazonaws.com/CloudformationSchema.zip"}

src/cfnlint/data/schemas/extensions/aws_ec2_securitygroup/all_to_and_from_ports.json

@@ -0,0 +1,60 @@
+{
+ "allOf": [
+  {
+   "if": {
+    "properties": {
+     "ToPort": {
+      "enum": [
+       -1,
+       "-1"
+      ]
+     }
+    },
+    "required": [
+     "ToPort"
+    ]
+   },
+   "then": {
+    "properties": {
+     "FromPort": {
+      "enum": [
+       -1,
+       "-1"
+      ]
+     }
+    },
+    "required": [
+     "FromPort"
+    ]
+   }
+  },
+  {
+   "if": {
+    "properties": {
+     "FromPort": {
+      "enum": [
+       -1,
+       "-1"
+      ]
+     }
+    },
+    "required": [
+     "FromPort"
+    ]
+   },
+   "then": {
+    "properties": {
+     "ToPort": {
+      "enum": [
+       -1,
+       "-1"
+      ]
+     }
+    },
+    "required": [
+     "ToPort"
+    ]
+   }
+  }
+ ]
+}

src/cfnlint/data/schemas/extensions/aws_ec2_securitygroup/protocols_and_port_ranges_exclude.json

@@ -0,0 +1,35 @@
+{
+ "if": {
+  "properties": {
+   "IpProtocol": {
+    "not": {
+     "enum": [
+      1,
+      "1",
+      "icmp",
+      6,
+      "6",
+      "tcp",
+      17,
+      "17",
+      "udp"
+     ]
+    },
+    "type": [
+     "string",
+     "integer"
+    ]
+   }
+  },
+  "required": [
+   "IpProtocol"
+  ],
+  "type": "object"
+ },
+ "then": {
+  "properties": {
+   "FromPort": false,
+   "ToPort": false
+  }
+ }
+}

src/cfnlint/data/schemas/extensions/aws_ec2_securitygroup/protocols_and_port_ranges_include.json

@@ -0,0 +1,33 @@
+{
+ "if": {
+  "properties": {
+   "IpProtocol": {
+    "enum": [
+     1,
+     "1",
+     "icmp",
+     6,
+     "6",
+     "tcp",
+     17,
+     "17",
+     "udp"
+    ],
+    "type": [
+     "string",
+     "integer"
+    ]
+   }
+  },
+  "required": [
+   "IpProtocol"
+  ],
+  "type": "object"
+ },
+ "then": {
+  "required": [
+   "FromPort",
+   "ToPort"
+  ]
+ }
+}

src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroup/cfn_schemas.json

@@ -0,0 +1,20 @@
+[
+ {
+  "op": "add",
+  "path": "/definitions/Ingress/cfnSchema",
+  "value": [
+   "aws_ec2_securitygroup/protocols_and_port_ranges_include",
+   "aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
+   "aws_ec2_securitygroup/all_to_and_from_ports"
+  ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/Egress/cfnSchema",
+  "value": [
+   "aws_ec2_securitygroup/protocols_and_port_ranges_include",
+   "aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
+   "aws_ec2_securitygroup/all_to_and_from_ports"
+  ]
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroup/manual.json

@@ -43,5 +43,25 @@
    "SourceSecurityGroupId",
    "SourceSecurityGroupName"
   ]
+ },
+ {
+  "op": "add",
+  "path": "/definitions/Ingress/properties/FromPort/minimum",
+  "value": -1
+ },
+ {
+  "op": "add",
+  "path": "/definitions/Ingress/properties/ToPort/minimum",
+  "value": -1
+ },
+ {
+  "op": "add",
+  "path": "/definitions/Egress/properties/FromPort/minimum",
+  "value": -1
+ },
+ {
+  "op": "add",
+  "path": "/definitions/Egress/properties/ToPort/minimum",
+  "value": -1
  }
 ]

src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupegress/cfn_schemas.json

@@ -0,0 +1,11 @@
+[
+ {
+  "op": "add",
+  "path": "/cfnSchema",
+  "value": [
+   "aws_ec2_securitygroup/protocols_and_port_ranges_include",
+   "aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
+   "aws_ec2_securitygroup/all_to_and_from_ports"
+  ]
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupegress/manual.json

@@ -0,0 +1,12 @@
+[
+ {
+  "op": "add",
+  "path": "/properties/FromPort/minimum",
+  "value": -1
+ },
+ {
+  "op": "add",
+  "path": "/properties/ToPort/minimum",
+  "value": -1
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupingress/cfn_schemas.json

@@ -0,0 +1,11 @@
+[
+ {
+  "op": "add",
+  "path": "/cfnSchema",
+  "value": [
+   "aws_ec2_securitygroup/protocols_and_port_ranges_include",
+   "aws_ec2_securitygroup/protocols_and_port_ranges_exclude",
+   "aws_ec2_securitygroup/all_to_and_from_ports"
+  ]
+ }
+]

src/cfnlint/data/schemas/patches/extensions/all/aws_ec2_securitygroupingress/manual.json

@@ -9,5 +9,15 @@
    "SourceSecurityGroupId",
    "SourceSecurityGroupName"
   ]
+ },
+ {
+  "op": "add",
+  "path": "/properties/FromPort/minimum",
+  "value": -1
+ },
+ {
+  "op": "add",
+  "path": "/properties/ToPort/minimum",
+  "value": -1
  }
 ]