How can I create a security rule to limit the source of a ping request?

Question

I found this question (very helpful) Cannot ping AWS EC2 instance So I'm setting up my EC2 instance so I can ping it.

But I don't want to allow ping requests from anyone on the Internet. I want to limit the source to my current location's subnet.

When I setup ssh, I also limited who can ssh to my EC2 instance but don't recall how I set it up.

Searching for a solution

I found this: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-rules-reference.html#sg-rules-ping which was helpful to only allow ICMP Echo Requests (protocol 1).

Later I found this command which helped me find the one I created earlier.

aws ec2 describe-security-groups
{
    "SecurityGroups": [
        {
            "Description": "launch-wizard-2 created 2021-07-16T14:45:19.317-04:00",
            "GroupName": "launch-wizard-2",
            "IpPermissions": [
                {
                    "FromPort": 80,
                    "IpProtocol": "tcp",
                    "IpRanges": [
                        {
                            "CidrIp": "192.168.1.0/24" // NOTE THIS IS NOT REAL
                        }
                    ],
                    "Ipv6Ranges": [],
                    "PrefixListIds": [],
                    "ToPort": 80,
                    "UserIdGroupPairs": []
                },

So now I realize the one that was previously created is only setup for TCP (not ICMP) so it won't work for me.

Still searching for how specify a source CIDR block to limit who can ping my EC2 instance. For the sake of discussion, lets say my CIDR block was 123.321/16 I'm trying to figure out how to enter that when creating the inbound rule.

Answer 1

Well, 123.321 cannot exist as a CIDR as the number 321 is too big. However, if it could, your inbound security group rule would need to look like the following:

You could also specify 123.321.123.12/32 for the exact IP of whatever is trying to ping it.