From ff0dc051b314a60d54c125d092505b2888dd541d Mon Sep 17 00:00:00 2001
From: "Stuart Green [Check Point]"
 <71756633+chkp-stuartgreen@users.noreply.github.com>
Date: Thu, 5 Jun 2025 10:55:42 +0100
Subject: [PATCH] Update main.tf

AWS security group ingress and egress rules should not specify -1 for protocols and from/to ports at the same time. protocol -1 implies all ports.
---
 modules/autoscale_gwlb/main.tf | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/modules/autoscale_gwlb/main.tf b/modules/autoscale_gwlb/main.tf
index 97ebdd2..c488af1 100755
--- a/modules/autoscale_gwlb/main.tf
+++ b/modules/autoscale_gwlb/main.tf
@@ -18,35 +18,35 @@ resource "aws_security_group" "permissive_sg" {
 resource "aws_vpc_security_group_ingress_rule" "ingress_rule_ipv4" {
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv4         = "0.0.0.0/0"
-        from_port    = 0
+        #from_port    = 0
   ip_protocol       = "-1"
-        to_port      = 0
+        #to_port      = 0
     }
 
 resource "aws_vpc_security_group_egress_rule" "egress_rule_ipv4" {
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv4         = "0.0.0.0/0"
-    from_port = 0
+    #from_port = 0
   ip_protocol       = "-1"
-    to_port = 0
+    #to_port = 0
   }
 
 resource "aws_vpc_security_group_ingress_rule" "ingress_rule_ipv6" {
   count = var.enable_ipv6 ? 1 : 0
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv6         = "::/0"
-  from_port         = 0
+  #from_port         = 0
   ip_protocol       = "-1"
-  to_port           = 0
+  #to_port           = 0
   }  
 
 resource "aws_vpc_security_group_egress_rule" "egress_rule_ipv6" {
   count = var.enable_ipv6 ? 1 : 0
   security_group_id = aws_security_group.permissive_sg.id
   cidr_ipv6         = "::/0"
-        from_port    = 0
+        #from_port    = 0
   ip_protocol       = "-1"
-        to_port      = 0
+        #to_port      = 0
 }
 
 resource "aws_launch_template" "asg_launch_template" {