我了解AWS安全组的egress属性控制出站流量,但有人知道-1的协议是什么意思吗?
resource "aws_security_group" "elb" {
name = "example-elb”
ingress {
from_port = 80
to_port = 80
protocol = "tcp”
cidr_blocks = [" 0.0.0.0/ 0”]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [" 0.0.0.0/ 0"] }
}
答案 0 :(得分:4)
It's in the documentation:
The IP protocol name (tcp, udp, icmp) or number (see Protocol Numbers). (VPC only) Use -1 to specify all protocols. If you specify -1, or a protocol number other than tcp, udp, icmp, or 58 (ICMPv6), traffic on all ports is allowed, regardless of any ports you specify. For tcp, udp, and icmp, you must specify a port range. For protocol 58 (ICMPv6), you can optionally specify a port range; if you don't, traffic for all types and codes is allowed.