aws_lightsail provider should support open port management

[hashibot]

This issue was originally opened by @sean-brandt as hashicorp/terraform#13759. It was migrated here as part of the provider split. The original body of the issue is below.

---

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Terraform v0.9.3

Affected Resource(s)

Please list the resources as a list, for example:

• aws_lightsail

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Expected Behavior

What should have happened?

aws_lightsail provider should allow for managing open ports

[xeraa]

https://docs.aws.amazon.com/cli/latest/reference/lightsail/put-instance-public-ports.html should be the API to use for this

[PlugIN73]

Hi! Will this be done?

[alambike]

👍
@radeksimko, is there any plan to acomplish this? or any other aws resource that can be used to this? Thanks

[n3integration]

@radeksimko - are there plans to address this anytime in the near future? i could take a stab at implementing it and submit a pr if we can agree on a schema.

resource "aws_lightsail_firewall" "www" {
  instance_name = "${aws_lightsail_instance.app.name}"
  port_rules = [{
     fromPort = 443
     toPort      = 443
     protocol  = "tcp | all | udp"
  }]
}

thoughts?

[steve-gray]

@n3integration - Did you ever build on this? I'm using a local-exec with aws CLI to solve for now, but this pretty royally sucks as it relies on local tooling.

[blckct]

There's a PR #8611 open for this currently.

[hieuhtr]

So far the latest terraform-provider-aws 2.50.0 does not support us to create firewall rule for lightsail instance. We can wait for PR.

But we can cheat it by using local-exec with built-in aws cli put-instance-public-ports. It will be executed after provisioned instance, in the machine that run terraform:

resource "aws_lightsail_instance" "worker" {
  ...
  name              = "worker-${count.index+1}"
  availability_zone = "ap-southeast-1a"
  blueprint_id      = "ubuntu_18_04"
  bundle_id         = "nano_2_0"
  ...
  provisioner "local-exec" {
    command = "aws lightsail put-instance-public-ports --instance-name=worker-${count.index+1} --port-infos fromPort=22,toPort=22,protocol=tcp fromPort=5601,toPort=5601,protocol=tcp"
  }
}

[leacollaboro]

What's the latest on this? Using terraform cloud means that we'd also need to install and setup the aws command. I didn't think we needed to as yesterday it was working fine but it seems like today the runners don't have the command installed. Merging this PR would be a godsend.

[samyak-jain]

There seem to be 2 PRs for this #8611 and #14905. Are both the same or is there a difference?

[zicklag]

Yay, thanks @YakDriver and @mavericknsk !

[ghost]

This has been released in version 3.34.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!