Updating SecurityGroup / Ingress Spec

[bjsemrad]

Updating SecurityGroup / Ingress Spec to allow From/To to be conditional per AWS CFT Specs. Resolved submitted issue #25.

Supporting Documentation:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-ec2-security-group-ingress.html

See IP protocol on:
https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_AuthorizeSecurityGroupIngress.html

-1 is a valid IP protocol which then makes from/to no longer required on security group ingress and egress configuration.

[bjsemrad]

@erickascic can this be merged?

[ghost]

promise to work through it tomorrow morning. wanted to review this weekend but the Parameter eval took up all my available time.

[bjsemrad]

@erickascic Thanks, I merged due to conflicts from Parameter eval, let me know if something doesn't look right, I ran all unit tests again, looks good to me.

[ghost]

Special thanks for the example templates... I think the CloudFormation specs are still saying ports are required required for the standalone xgress rules but.... it's definitely accepting these and opening things up in a way that cfn-nag should flag them.

[bjsemrad]

@erickascic Thanks for merging, for standalone ingress its not required when IPProtocol is -1, we use it a lot for one of our VPC's. For egress the documentation is less clear, but we also use this model for one or two things and From/To are not required (or at least cloud formation accepts it).