Your firewall configuration is outside the scope of what we can help with, but you can set MultiChain to allow incoming JSON-RPC connections from a wide range of IP addresses using the rpcallowip parameter in the runtime parameters for your chain.
You can have as many rpcallowip lines as you want, using one of these standard forms (fixed IP, mask, CIDR notation).
I found some information about the AWS IP addresses used here:
Of course, this will not be particularly secure, because loads of people use AWS, and your MultiChain instance will only be protected by the password. But maybe that's OK for your use case.