From 8bba3d4e6e1159f9600a5fdae657777226de35f1 Mon Sep 17 00:00:00 2001
From: ldanz <econerd4ever@gmail.com>
Date: Wed, 10 Aug 2016 12:32:18 -0700
Subject: [PATCH] Documentation: explain the role of to_port in a security
 group rule when protocol is "icmp" (#8093)

---
 .../docs/providers/aws/r/security_group.html.markdown       | 6 +++---
 .../docs/providers/aws/r/security_group_rule.html.markdown  | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/website/source/docs/providers/aws/r/security_group.html.markdown b/website/source/docs/providers/aws/r/security_group.html.markdown
index 15e5a9ed8c..aa8fe2f2b6 100644
--- a/website/source/docs/providers/aws/r/security_group.html.markdown
+++ b/website/source/docs/providers/aws/r/security_group.html.markdown
@@ -92,7 +92,7 @@ The `ingress` block supports:
     EC2-Classic, or Group IDs if using a VPC.
 * `self` - (Optional) If true, the security group itself will be added as
      a source to this ingress rule.
-* `to_port` - (Required) The end range port.
+* `to_port` - (Required) The end range port (or ICMP code if protocol is "icmp").
 
 The `egress` block supports:
 
@@ -105,7 +105,7 @@ The `egress` block supports:
     EC2-Classic, or Group IDs if using a VPC.
 * `self` - (Optional) If true, the security group itself will be added as
      a source to this egress rule.
-* `to_port` - (Required) The end range port.
+* `to_port` - (Required) The end range port (or ICMP code if protocol is "icmp").
 
 ~> **NOTE on Egress rules:** By default, AWS creates an `ALLOW ALL` egress rule when creating a
 new Security Group inside of a VPC. When creating a new Security
@@ -160,4 +160,4 @@ Security Groups can be imported using the `security group id`, e.g.
 
 ```
 $ terraform import aws_security_group.elb_sg sg-903004f8
-```
\ No newline at end of file
+```
diff --git a/website/source/docs/providers/aws/r/security_group_rule.html.markdown b/website/source/docs/providers/aws/r/security_group_rule.html.markdown
index 7ae1aba517..f10aedd1a2 100644
--- a/website/source/docs/providers/aws/r/security_group_rule.html.markdown
+++ b/website/source/docs/providers/aws/r/security_group_rule.html.markdown
@@ -51,7 +51,7 @@ Only valid with `egress`.
      depending on the `type`. Cannot be specified with `cidr_blocks`.
 * `self` - (Optional) If true, the security group itself will be added as
      a source to this ingress rule.
-* `to_port` - (Required) The end range port.
+* `to_port` - (Required) The end range port (or ICMP code if protocol is "icmp").
 
 ## Usage with prefix list IDs