ICMP "Echo Reply". How to validate in aws?

Question

I have added the inbound rule for ICMP Echo Reply in my security group. But, I want to visualize the effect of adding and removing this rule from Security Group on my ec2 instance. How can I see that thing making any impact?

I initially added both "Echo Request" and "Echo Reply" to my security group to allow ping from:

Instance A-- > Instance B
Instance B-- > Instance A
Instance A-- > Instance A
Instance B-- > Instance B

But, later when I removed the "Echo Reply" from my security group it didn't make any impact on the behavior of ping commands I listed above.

If adding ICMP "Echo Request" is sufficient? What is the purpose of "Echo Reply" and how can I see that rule making an impact on pings I listed above.

Thanks

score 1 · Answer 1 · answered Apr 05 '21 at 18:53

Security Groups are stateful, i.e. they keep track of incoming connections and allow the response traffic automatically.

Security groups are stateful — if you send a request from your instance, the response traffic for that request is allowed to flow in regardless of inbound security group rules. Responses to allowed inbound traffic are allowed to flow out, regardless of outbound rules.

— docs

That's why allowing "ECHO Request" is sufficient.

I can't think of a scenario where you'd need to add echo reply for inbound rules.

Thanks for providing the doc reference and your reply. – Jaraws Apr 06 '21 at 08:40 — Jaraws, Apr 06 '21 at 08:40

ICMP "Echo Reply". How to validate in aws?

1 Answers1