Lightsail IP/Port Quota Increase


We are trying to add whitelisted ports to any of our Lightsail servers, but we're getting the following Quota error:

You can't create a new set of open network ports and IP addresses because you have reached the quota for your account in this AWS Region

I've looked at the increasing the quota in the Service Quotas panel in the AWS Console, but there's not a quote that seems applicable to what we are wanting to increase. Has any one go any suggestions on what to do here?

asked a month ago459 views
2 Answers


Lightsail can set up to 60 source IP addresses in firewall rules.
Are you trying to configure more than 60 IP addresses?

13. Number of Lightsail firewall rules: You can add up to 60 firewall rules for a Lightsail instance. Each source IP address is considered a different rule. IPv6 rules are counted towards this quota of 60. The maximum number of source IP addresses that can be added in a rule using the Lightsail console is 30. To add more, you can use the AWS CLI.

If the error occurs with fewer than 60 rules, there may be a problem with your AWS account, so please contact AWS Support by opening a case under "Account and billing".
Inquiries under "Account and billing" can be made free of charge.

profile picture
answered a month ago
  • No, we're nowhere near that limit - we do have a lot of Lightsail instances which each have their own firewall rules/port restriction on - but at most there's about 8 IPs on a single instance.

    And we're using the CLI for the majority of the time when we're whitelisting IPs, but we're seeing the error there too.

  • And I've tried whitelisting an IP on a different instance, and still have the same issue.

  • I recommend contacting AWS Support as there may be some restrictions on your AWS account.

  • Thanks Riku - I have done so, and am waiting for a reply.

Accepted Answer

I have had a response back from AWS support who have investigated issues with the account. They have mentioned that we have reached a limit of 2500 Security Groups per Region.

We currently have CI/CD pipelines setup in GitHub Actions that whitelists the IP if that given GitHub runner server using the AWS CLI (then removes it after the deployment is complete) - I was under the impression that modifying the firewall rules would just overwrite the existing one (Security Group), and not create a completely new one. But it turns out that this doesn't seem to be the case - seems very flawed if you ask me.

answered a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions