[Enhancement]: `aws_lightsail_instance_public_ports` to allow closing all ports

[kva1966]

Description

I wish to say: close all public ports, when an instance is created.

Or put differently: don't open any public ports when an instance is created.

Thus, possibly, this could be implemented by aws_lightsail_instance instead.

However, assuming the issue is here:

1. At least one port_info block is always required in an aws_lightsail_instance_public_ports block.
2. And if I don't have a aws_lightsail_instance_public_port block at all, LightSail will create rules for the SSH and HTTP port by default, instead of having no public ports open on the instance.

Error example for case (1):

╷
│ Error: Insufficient port_info blocks
│
│   on app-servers.tf line 49, in resource "aws_lightsail_instance_public_ports" "app1-ports":
│   49: resource "aws_lightsail_instance_public_ports" "app1-ports" {
│
│ At least 1 "port_info" blocks are required.

Affected Resource(s) and/or Data Source(s)

• aws_lightsail_instance_public_ports

Potential Terraform Configuration

# A couple of approaches come to mind.

# 1. Implicit, allow no port_info blocks to mean: no public open ports.
# In a sense, having the top-level `aws_lightsail_instance_public_ports` is already
# more explicit than not having it at all (meaning just do defaults)!
resource "aws_lightsail_instance_public_ports" "appserv1-ports" {
  instance_name = aws_lightsail_instance.xxx.name
}

# 2. Explicit, make `port_info` blocks optional if a new parameter/argument
# `no_open_ports = true` is supplied
resource "aws_lightsail_instance_public_ports" "appserv1-ports" {
  instance_name = aws_lightsail_instance.xxx.name
  no_open_ports = true
}

References

• https://docs.aws.amazon.com/cli/latest/reference/lightsail/close-instance-public-ports.html

Would you like to implement a fix?

Yes

[github-actions[bot]]

Community Note

Voting for Prioritization

• Please vote on this issue by adding a 👍 reaction to the original post to help the community and maintainers prioritize this request.
• Please see our prioritization guide for information on how we prioritize.
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.

Volunteering to Work on This Issue

• If you are interested in working on this issue, please leave a comment.
• If this would be your first contribution, please review the contribution guide.

[kva1966]

If I understand correctly, then, no_open_ports or whatever no-ports approach used would imply issuing a: close ports 22 and 80 post-instance creation, to close the defaults. Or, be more deterministic: deliberately open one port, overriding the defaults, then close that port that we know. In case defaults change. Comes down to the API calls underneath.

I don't mind implementing a fix with some guidance, quite new to Terraform, though I've played with parts of the AWS CLI.