Comment 5 for bug 1709312

At the moment, we're using the AWS CLI to work around this. The commands are:

| aws ec2 describe-instances --filters "Name=tag:juju-units-deployed,Values=content-cache/*" --query 'Reservations[*].Instances[*].SecurityGroups[*]' --output table | awk '/juju-.*-[[:digit:]]*[[:space:]]/ { print $2 }'

These are for units deployed as 'content-cache'. It will then give a list of secgroup IDs which you iterate through and add the missing rules:

| aws ec2 authorize-security-group-ingress --group-id $SECGROUP_ID --ip-permissions IpProtocol=tcp,FromPort=80,ToPort=80,Ipv6Ranges='[{CidrIpv6=::/0,Description="Work around LP:1709312"}]'

You'll need to re-run these commands after each environment change, such as adding or removing of units and applications.