Short description
-----------------

To use the same firewall rule for multiple Lightsail instances, you must edit the rules for each instance. Use [AWS Command Line Interface (AWS CLI) Lightsail commands](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lightsail/index.html) and [API actions](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_Operations.html) to retrieve the current firewall rules. Put them into a .json file, and then use the .json file to copy all rules into other Lightsail instances.

Resolution
----------

**Note:** If you receive errors when you run AWS CLI commands, then see [Troubleshoot AWS CLI errors](https://docs.aws.amazon.com/cli/latest/userguide/cli-chap-troubleshooting.html). Also, make sure that [you're using the most recent AWS CLI version](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).

1. To retrieve the current configuration that you want to copy from the existing instance, run the [get-instance-port-states](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lightsail/get-instance-port-states.html) command:  
    ```plaintext
    $ aws lightsail get-instance-port-states --instance-name SourceInstanceName --region RegionName | grep -v "state" > firewall.json
    ```
    
    **Note:** The preceding command generates a .json file with the firewall configuration. Replace **SourceInstanceName** with your source instance name and **RegionName** with the AWS Region that your instance is in.
    
2. Open the .json file, and then replace **portStates** with **portInfos**:  
    ```plaintext
    {      
            "portStates": [
            {
                "fromPort": 80,
                "toPort": 80,
                "protocol": "tcp",
                "cidrs": [
                    "0.0.0.0/0"
                ],
                "cidrListAliases": []
            },
            {
                "fromPort": 22,
                "toPort": 22,
                "protocol": "tcp",
                "cidrs": [
                    "0.0.0.0/0"
                ],
                "cidrListAliases": []
            },
            {
                "fromPort": 8080,
                "toPort": 8080,
                "protocol": "tcp",
                "cidrs": [
                    "11.11.11.0/20",
                    "22.22.22.0/20"
                ],
                "cidrListAliases": []
            }
        ]
    }
    ```
    
3. To add the same configuration to other instances, run the [put-instance-public-ports](https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lightsail/put-instance-public-ports.html) command:  
    ```plaintext
    $ aws lightsail put-instance-public-ports --instance-name DestinationInstanceName  --cli-input-json file://firewall.json --region 
    RegionName
    ```
    
    **Note:** Replace **DestinationInstanceName** with your destination instance, **firewall.json** with you .json file name, and **RegionName** with the Region that your instance is in.

I want to copy firewall rules to multiple Amazon Lightsail instances.

Copy Lightsail firewall rules to another instance

How can I copy existing Lightsail firewall rules to different Lightsail instances?

How can I copy existing Lightsail firewall rules to different Lightsail instances?

Short description

Resolution

Relevant content