I want to copy firewall rules to multiple Amazon Lightsail instances.
Short description
To use the same firewall rule for multiple Lightsail instances, you must edit the rules for each instance. Use AWS Command Line Interface (AWS CLI) Lightsail commands and API actions to retrieve the current firewall rules. Put them into a .json file, and then use the .json file to copy all rules into other Lightsail instances.
Resolution
Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
-
To retrieve the current configuration that you want to copy from the existing instance, run the get-instance-port-states command:
$ aws lightsail get-instance-port-states --instance-name SourceInstanceName --region RegionName | grep -v "state" > firewall.json
Note: The preceding command generates a .json file with the firewall configuration. Replace SourceInstanceName with your source instance name and RegionName with the AWS Region that your instance is in.
-
Open the .json file, and then replace portStates with portInfos:
{
"portStates": [
{
"fromPort": 80,
"toPort": 80,
"protocol": "tcp",
"cidrs": [
"0.0.0.0/0"
],
"cidrListAliases": []
},
{
"fromPort": 22,
"toPort": 22,
"protocol": "tcp",
"cidrs": [
"0.0.0.0/0"
],
"cidrListAliases": []
},
{
"fromPort": 8080,
"toPort": 8080,
"protocol": "tcp",
"cidrs": [
"11.11.11.0/20",
"22.22.22.0/20"
],
"cidrListAliases": []
}
]
}
-
To add the same configuration to other instances, run the put-instance-public-ports command:
$ aws lightsail put-instance-public-ports --instance-name DestinationInstanceName --cli-input-json file://firewall.json --region
RegionName
Note: Replace DestinationInstanceName with your destination instance, firewall.json with you .json file name, and RegionName with the Region that your instance is in.