It's not written clearly in the documentation. For "Type" select "Destination Unreachable", and for "Port range" select "fragmentation required, and DF flag set".
When editing a Security Group you can select
Custom ICMP in the
Type column. That then allows you to select
Destination Unreachable in the
Protocol column. From there you can select
Fragmentation needed in the
Port range column.
The reason this is a little odd is because most other protocols use a port to determine the application that is being allowed. With ICMP it is a
Type and a
Sub-type so the ICMP sub-types (of which
Fragmentation needed but DF bit set) is one.
AWS Client VPN - my systems are in different subnets that are in different VPCsasked 7 months ago
API Gateway: Difference between "Maximum integration timeout" and "TimeoutInMillis"Accepted Answerasked 2 years ago
Working around AWS VPN MTU limitsAccepted Answerasked 2 years ago
How to configure subnets for an ECS cluster so it can access a database in the same VPC?asked 5 months ago
Network ACLs settings for VPC EndpointsAccepted Answerasked 8 months ago
EFS upport in IPv6-only VPC subnetsasked 7 months ago
Does AWS Transit Gateway peering supports Jumbo frames (MTU)?Accepted Answerasked 2 years ago
VPC ACLS - ICMP Rules vs DocumentationAccepted Answerasked 2 months ago
What is the maximum number of alb rules available on requestasked 4 months ago
data transfer cost between two AZs in the same VPC same accountAccepted Answerasked 2 years ago