By using AWS re:Post, you agree to the AWS re:Post Terms of Use

How can I copy existing Lightsail firewall rules to different Lightsail instances?

2 minute read
0

I want to copy firewall rules to multiple Amazon Lightsail instances.

Short description

To use the same firewall rule for multiple Lightsail instances, you must edit the rules for each instance. Use AWS Command Line Interface (AWS CLI) Lightsail commands and API actions to retrieve the current firewall rules. Put them into a .json file, and then use the .json file to copy all rules into other Lightsail instances.

Resolution

Note: If you receive errors when you run AWS CLI commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.

  1. To retrieve the current configuration that you want to copy from the existing instance, run the get-instance-port-states command:

    $ aws lightsail get-instance-port-states --instance-name SourceInstanceName --region RegionName | grep -v "state" > firewall.json

    Note: The preceding command generates a .json file with the firewall configuration. Replace SourceInstanceName with your source instance name and RegionName with the AWS Region that your instance is in.

  2. Open the .json file, and then replace portStates with portInfos:

    {      
            "portStates": [
            {
                "fromPort": 80,
                "toPort": 80,
                "protocol": "tcp",
                "cidrs": [
                    "0.0.0.0/0"
                ],
                "cidrListAliases": []
            },
            {
                "fromPort": 22,
                "toPort": 22,
                "protocol": "tcp",
                "cidrs": [
                    "0.0.0.0/0"
                ],
                "cidrListAliases": []
            },
            {
                "fromPort": 8080,
                "toPort": 8080,
                "protocol": "tcp",
                "cidrs": [
                    "11.11.11.0/20",
                    "22.22.22.0/20"
                ],
                "cidrListAliases": []
            }
        ]
    }
  3. To add the same configuration to other instances, run the put-instance-public-ports command:

    $ aws lightsail put-instance-public-ports --instance-name DestinationInstanceName  --cli-input-json file://firewall.json --region 
    RegionName

    Note: Replace DestinationInstanceName with your destination instance, firewall.json with you .json file name, and RegionName with the Region that your instance is in.

AWS OFFICIAL
AWS OFFICIALUpdated 8 months ago