hashicorp/terraform-provider-aws

aws_lightsail provider should support open port management

hashibot opened this issue ยท 12 comments

hashibot commented

This issue was originally opened by @sean-brandt as hashicorp/terraform#13759. It was migrated here as part of the provider split. The original body of the issue is below.

Hi there,

Thank you for opening an issue. Please note that we try to keep the Terraform issue tracker reserved for bug reports and feature requests. For general usage questions, please see: https://www.terraform.io/community.html.

Terraform Version

Run terraform -v to show the version. If you are not running the latest version of Terraform, please upgrade because your issue may have already been fixed.

Terraform v0.9.3

Affected Resource(s)

Please list the resources as a list, for example:

  • aws_lightsail

If this issue appears to affect multiple resources, it may be an issue with Terraform's core, so please mention this.

Expected Behavior

What should have happened?

aws_lightsail provider should allow for managing open ports

PlugIN73 commented

Hi! Will this be done?

alambike commented

๐Ÿ‘
@radeksimko, is there any plan to acomplish this? or any other aws resource that can be used to this? Thanks

n3integration commented

@radeksimko - are there plans to address this anytime in the near future? i could take a stab at implementing it and submit a pr if we can agree on a schema.

resource "aws_lightsail_firewall" "www" {
  instance_name = "${aws_lightsail_instance.app.name}"
  port_rules = [{
     fromPort = 443
     toPort      = 443
     protocol  = "tcp | all | udp"
  }]
}

thoughts?

  • ๐Ÿ‘12
steve-gray commented

@n3integration - Did you ever build on this? I'm using a local-exec with aws CLI to solve for now, but this pretty royally sucks as it relies on local tooling.

blckct commented

There's a PR #8611 open for this currently.

  • ๐ŸŽ‰4
  • ๐Ÿš€1
  • ๐Ÿ‘€1
hieuhtr commented

So far the latest terraform-provider-aws 2.50.0 does not support us to create firewall rule for lightsail instance. We can wait for PR.

But we can cheat it by using local-exec with built-in aws cli put-instance-public-ports. It will be executed after provisioned instance, in the machine that run terraform:

resource "aws_lightsail_instance" "worker" {
  ...
  name              = "worker-${count.index+1}"
  availability_zone = "ap-southeast-1a"
  blueprint_id      = "ubuntu_18_04"
  bundle_id         = "nano_2_0"
  ...
  provisioner "local-exec" {
    command = "aws lightsail put-instance-public-ports --instance-name=worker-${count.index+1} --port-infos fromPort=22,toPort=22,protocol=tcp fromPort=5601,toPort=5601,protocol=tcp"
  }
}
  • ๐Ÿ‘2
leacollaboro commented

What's the latest on this? Using terraform cloud means that we'd also need to install and setup the aws command. I didn't think we needed to as yesterday it was working fine but it seems like today the runners don't have the command installed. Merging this PR would be a godsend.

samyak-jain commented

There seem to be 2 PRs for this #8611 and #14905. Are both the same or is there a difference?

zicklag commented

Yay, thanks @YakDriver and @mavericknsk !

  • ๐ŸŽ‰1
Deleted user commented

This has been released in version 3.34.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks!

Deleted user commented

I'm going to lock this issue because it has been closed for 30 days โณ. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!