Bulk import ACL entries into a Fastly ACL

How to automate adding large amounts of ACL entries to a Fastly ACL

Bulk import ACL entries into a Fastly ACL

This came up recently, when a customer supplied a text file with several hundred CIDRs, and wanted these inputted into Fastly as an ACL (to control access to a certain site).

This was beyond my ability to do by hand, so here is a simple script to help automate this.

Step 1 - Setup Fastly CLI

This tool is invaluable for dealing with Fastly on the command line. Installation instructions can be found on Fastly's website.

I then configure the CLI tool with environment variables in my ~/.zshrc:

FASTLY_API_TOKEN=notarealtokenyo
export FASTLY_API_TOKEN
FASTLY_SERVICE_ID=banana
export FASTLY_SERVICE_ID
Environment variables to configure the Fastly CLI.

Step 2 - Add entries to the ACL

You first need to actually create the ACL, you can use the Fastly UI for this, or the CLI. Once you have done that, you need to find the ID of the newly created ACL:

fastly acl list --version=latest
Find your ACL IDs with this Fastly CLI command.

To actually input the ACL entries, here is a small bash script to loop over each line in a text file, split by the / and then add the ACL entries with the subnet one at a time:

cat /tmp/ip.txt | while read LINE; do \
  IP=$(echo $LINE | cut -d '/' -f1)
  SUBNET=$(echo $LINE | cut -d '/' -f2)
  fastly acl-entry create --acl-id=$ACL_ID --ip=$IP --subnet=$SUBNET
done
Bulk import ACL entries with this simple script.

This yields something like:

Output of the script (with redactions).

Duplicate ACL entries are ignored, so you can run this script multiple times (if say you get an updated version with additional entries).

Hope you find this of some value.