- Newest
- Most votes
- Most comments
Hello.
Lightsail can set up to 60 source IP addresses in firewall rules.
Are you trying to configure more than 60 IP addresses?
https://repost.aws/knowledge-center/lightsail-considerations-for-use
13. Number of Lightsail firewall rules: You can add up to 60 firewall rules for a Lightsail instance. Each source IP address is considered a different rule. IPv6 rules are counted towards this quota of 60. The maximum number of source IP addresses that can be added in a rule using the Lightsail console is 30. To add more, you can use the AWS CLI.
If the error occurs with fewer than 60 rules, there may be a problem with your AWS account, so please contact AWS Support by opening a case under "Account and billing".
Inquiries under "Account and billing" can be made free of charge.
https://docs.aws.amazon.com/awssupport/latest/user/case-management.html
I have had a response back from AWS support who have investigated issues with the account. They have mentioned that we have reached a limit of 2500 Security Groups per Region.
We currently have CI/CD pipelines setup in GitHub Actions that whitelists the IP if that given GitHub runner server using the AWS CLI (then removes it after the deployment is complete) - I was under the impression that modifying the firewall rules would just overwrite the existing one (Security Group), and not create a completely new one. But it turns out that this doesn't seem to be the case - seems very flawed if you ask me.
Relevant content
- asked 9 months ago
- asked a year ago
- asked 2 years ago
- AWS OFFICIALUpdated 24 days ago
- AWS OFFICIALUpdated 6 days ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 3 years ago
No, we're nowhere near that limit - we do have a lot of Lightsail instances which each have their own firewall rules/port restriction on - but at most there's about 8 IPs on a single instance.
And we're using the CLI for the majority of the time when we're whitelisting IPs, but we're seeing the error there too.
And I've tried whitelisting an IP on a different instance, and still have the same issue.
I recommend contacting AWS Support as there may be some restrictions on your AWS account.
Thanks Riku - I have done so, and am waiting for a reply.