Posted On: May 7, 2020

Amazon Lightsail now supports source-IP based firewall rules, allowing you to allow or restrict the network traffic to your instances based on the source IP, port and protocol of the traffic flowing in. Lightsail firewall rules already supported port and protocol. Addition of the source-IP condition gives you more granularity in controlling who can access your instances or the applications hosted on it.  

Each instance that you create in Lightsail will automatically have its own firewall, pre-configured with a set of default rules that allow the basic access to your instance. However, you can edit your instance's firewall, at any time, by adding and deleting rules to allow more traffic, or restrict it. You can create IP based rules by adding the IP addresses either to the predefined protocol-port combinations or by configuring the protocol and port ranges manually. Individual IP addresses, IP ranges and CIDRs are supported.  

With this launch, firewall supports ICMP protocol in addition to the already available TCP and UDP. This enables you to setup firewall rules to allow PING to your instances. This launch also adds convenient one-click controls on the firewall to restrict SSH or RDP from only the Lightsail web-console.  

Lightsail firewall is provided free of cost with all Lightsail instance bundles.  

You can manage the firewall using the Lightsail console or API in all regions where Lightsail is available. To learn more about firewall on Lightsail, click here.