Cloud Formation overload "ports" parameters for icmp protocol

stelligent / cfn_nag

Linting tool for CloudFormation templates

MIT License

1.26k stars 212 forks source link

Cloud Formation overload "ports" parameters for icmp protocol #629

Open vchepkov opened 1 month ago

vchepkov commented 1 month ago

cfn_nags generates W27 warning for a code fragment:

    SecurityGroupIngress:
        - Description: Allow ICMP ping
          IpProtocol: icmp
          FromPort: 8
          ToPort: 0
          CidrIp: "10.0.0.0/8"

Cloud Formation repurposed ports attributes as "type and code" for icmp protocol, so the warning about port ranges should be suppressed