Difference between revisions of "AWS Lightsail"

From Indie IT Wiki
Line 71: Line 71:
 
You can add a 1GB swap to your instance with these commands:
 
You can add a 1GB swap to your instance with these commands:
  
  sudo fallocate -l 1G /swapfile
+
  sudo dd if=/dev/zero of=/swapfile bs=1M count=1024
 
  sudo chmod 0600 /swapfile
 
  sudo chmod 0600 /swapfile
 
  sudo mkswap /swapfile
 
  sudo mkswap /swapfile

Revision as of 11:31, 23 October 2023

https://aws.amazon.com/lightsail/

Introduction

With Amazon Lightsail, you pay a low, predictable price. Lightsail bundles resources like memory, vCPU, and solid-state drive (SSD) storage into one plan, so budgeting is easy and straightforward. All of Lightsail’s features—from free tier options to those with more compute—are offered in bundled plans.

Pricing

https://aws.amazon.com/lightsail/pricing/

DNS

Creating DNS Entries in Lightsail

Using Route 53 Instead of Lightsail Zone

Create DNS entries in Lightsail using AWS CLI

cat aws_add_dns_entry.sh

#!/bin/bash
/usr/local/bin/aws lightsail --region us-east-1 create-domain-entry --domain-name 'mydomain.co.uk' --domain-entry '{"name":"default._domainkey.mydomain.co.uk","target":"\"v=DKIM1; h=sha256; k=rsa; \" \"p=MIIBIjxxxxxxxxxxxiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurVgfLc8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9cRHBTEOIR4lmIgatpit\" \"t+v7oQzngmfKpBNoTeyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQIDAQAB\"","isAlias":false,"type":"TXT"}'

Installation and Configuration

First Steps

touch .hushlogin
sudo -i
nano /home/ubuntu/{.bashrc,.bash_aliases,.screenrc} /root/{.bashrc,.bash_aliases,.screenrc}
sudo -i
mkdir -p /root/bin
mkdir -p /root/misc
touch --reference=/proc /root/misc/system_installed 
apt-get update
apt-get check
apt-get -y dist-upgrade 
update-grub
update-initramfs -k all -u
touch /root/misc/system_updated
sync
reboot

Initial Update and Release Upgrade and RAM Tweaks

Initial Update

This will make sure you are up-to-date before you do the major upgrade...

sudo apt update
sudo apt dist-upgrade 
sudo reboot

Release Upgrade

Now we upgrade the Ubuntu system from the supplied 18.04 to the latest 20.04 release...

sudo apt install update-manager-core
sudo do-release-upgrade -d
sudo reboot

RAM Tweaks

Now we squeeze every last drop of RAM out of the system because we only have 512Mb...

sudo apt purge landscape-common unattended-upgrades
sudo reboot

Swap File

You can add a 1GB swap to your instance with these commands:

sudo dd if=/dev/zero of=/swapfile bs=1M count=1024
sudo chmod 0600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo swapon --show
sudo free -m
sudo echo "/swapfile swap swap defaults 0 0" >>/etc/fstab

Steps

  1. install vm
  2. static ip
  3. dns zone
  4. ssh keys
  5. ubuntu update
  6. ntp timezone update
  7. wordpress update
  8. ssl certificate
  9. remove bitnami icon
  10. postfix
  11. snapshot backup
  12. web admin

Firewall

  1. SSH / tcp / 22 - already set up, but you can edit it to restrict the source IP address to just you!
  2. HTTP / tcp / 80 - already set up.
  3. HTTPS / tcp / 443 - already set up.
  4. Ping / icmp - go to ADD RULE > Application > ICMP > Save

SSH Keys

Download the Default SSH key pair from the Account page of AWS Lightsail and copy it to your ~/.ssh/ directory, then change the permissions of the file...

chmod 0600 ~/.ssh/lightsail.pem

Add your own public key to the Lightsail server, by using the downloaded key pair...

cat ~/.ssh/my_id_rsa.pub | ssh -i ~/.ssh/lightsail.pem bitnami@1.2.3.4 "cat >> ~/.ssh/authorized_keys"

Login using your SSH public key...

ssh bitnami@1.2.3.4

Ubuntu Update

sudo -i
apt-get update
apt-get check
apt-get upgrade
apt-get dist-upgrade
reboot

NTP Timezone Update

sudo dpkg-reconfigure tzdata
sudo date
sudo reboot
sudo timedatectl status
sudo systemctl status systemd-timesyncd

Hostname

sudo hostnamectl set-hostname myserver.domain.com

WordPress Install

PHP

sudo apt-get -y install php7.4-imagick php7.4-cgi php7.4-cli php7.4-common php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mysql php7.4-readline php7.4-xml php7.4-mbstring php7.4-zip

MySQL

NEW

http://wiki.indie-it.com/wiki/MariaDB

OLD

sudo -i
wget https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb
apt install mysql-server
mysql --version
mysql_secure_installation
mysql -u root -p -e "STATUS;"
mysql -u root -p -e "CREATE DATABASE websitename; CREATE USER 'websitename' IDENTIFIED BY 'goodpassword'; GRANT ALL PRIVILEGES ON websitename.* TO 'websitename'; FLUSH PRIVILEGES;"

NginX

http://wiki.indie-it.com/wiki/NginX#Installation

WP CLI

sudo add-apt-repository ppa:tiagohillebrandt/wp-cli
sudo apt install wp-cli
sudo -u www-data wp --info

WordPress

This is now installed completely via the command line software below.

# create directories and log files
sudo mkdir -p /var/www/www.domain.co.uk/{html,logs,.wp-cli/cache}
sudo touch /var/www/www.domain.co.uk/logs/{access,error}.log
sudo chmod g+w /var/www/www.domain.co.uk/logs/{access,error}.log
sudo chown -R www-data:www-data /var/www/www.domain.co.uk/
# change to working directory
cd /var/www/www.domain.co.uk/html/
# create environment variables
export WP_CLI_CACHE_DIR=/var/www/www.domain.co.uk/.wp-cli/cache
# check wp cli working
sudo -u www-data -E wp --info
# download the core wordpress files
sudo -u www-data -E wp core download --locale=en_GB
# create a wordpress mysql database
sudo mysql -u root -p -e "CREATE DATABASE domainname; CREATE USER 'domainname' IDENTIFIED BY 'password'; GRANT SELECT, INSERT, UPDATE ON domainname.* TO 'domainname'; FLUSH PRIVILEGES;"
# create a wordpress configuration file
sudo -u www-data -E wp core config --dbname='domainname' --dbuser='domainname' --dbpass='password' --dbhost='localhost' --dbprefix='wp_'
# complete the installation process
sudo -u www-data -E wp core install --url='http://www.domain.co.uk' --title='Ball and Bone' --admin_user='joe.bloggs' --admin_password='password' --admin_email='joe.bloggs@domain.co.uk'
# log in to the web browser to check web site working and admin dashboard works
wget http://www.domain.co.uk
# check for updates
sudo -u www-data -E wp core version
sudo -u www-data -E wp core update
sudo -u www-data -E wp core update-db
sudo -u www-data -E wp plugin list
sudo -u www-data -E wp plugin update --all
sudo -u www-data -E wp theme list
sudo -u www-data -E wp theme update --all
sudo -u www-data -E wp language core list --status=active
sudo -u www-data -E wp language core update --all
sudo -u www-data -E wp language plugin list --all --status=active
sudo -u www-data -E wp language plugin update --all
sudo -u www-data -E wp language theme list --all --status=active
sudo -u www-data -E wp language theme update --all
# add new user
sudo -u www-data -E wp user create john.doe john.doe@domain.co.uk --role=administrator --first_name=John --last_name=Doe --nickname=John --display_name=John
# list users
sudo -u www-data -E wp user list

Bitnami WordPress Update

sudo -i
gpasswd -a bitnami daemon
su - bitnami
wp cli info
wp cli version
wp cli check-update
wp cli update
wp core version
wp core check-update
wp core update --locale=en_GB
wp core update-db
wp core verify-checksums
wp theme update --all
wp theme install intentionally-blank
wp theme activate intentionally-blank
exit
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/
exit

Bitnami Stack Update

https://docs.bitnami.com/installer/faq/linux-faq/administration/upgrade-linux-osx/

SSL Certificate

Generation and Auto Renew

sudo -i
cd /opt/bitnami/letsencrypt/scripts/
./generate-certificate.sh -m info@domain.uk -d domain.uk -d www.domain.uk -d mail.domain.uk
(yes to cronjob each month)

https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/

https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-bitnami-renew-ssl-certificate/

Force Redirection To HTTPS

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
...
DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1)
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
/opt/bitnami/ctlscript.sh restart apache

https://docs.bitnami.com/general/apps/wordpress/administration/force-https-apache/

YouTube Video

Load Balanced WordPress Website

Amazon Lightsail is the easiest way to get started on AWS. It offers virtual servers, storage, databases and networking, plus a cost-effective, monthly plan.

This tutorial shows you how to create a load balanced WordPress website in Amazon Lightsail. A load balancer is a server that distributes network traffic over a set of servers. By distributing network traffic to a pool of servers, you can dramatically improve the number of concurrent users your WordPress website can handle. Load balancers also add fault tolerance. The Lightsail load balancer ensures that only healthy WordPress instances attached to the load balancer receive traffic.

https://aws.amazon.com/getting-started/hands-on/launch-load-balanced-wordpress-website/

Email Server Install

Dovecot

Postfix

sudo -i
DEBIAN_PRIORITY=low apt-get install postfix


Virtual Users


Backup to AWS S3

SPF and DKIM

Setup DKIM and SPF

Ubuntu Email with SPF and DKIM

Web Administration

Postfix Dovecot and ViMbAdmin - OLD but good

Mail System Install on Ubuntu

CLI

Access Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "Stmt1482790463251",
      "Action": "lightsail:*",
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
} 

Regions

aws lightsail get-regions
"displayName": "London",
"name": "eu-west-2",

Availability Zones

aws lightsail get-regions --include-availability-zones
{
    "continentCode": "EU",
    "description": "This region is recommended to serve users in Ireland, the United Kingdom, and Iceland",
    "displayName": "London",
    "name": "eu-west-2",
    "availabilityZones": [
        {
            "zoneName": "eu-west-2a",
            "state": "available"
        },
        {
            "zoneName": "eu-west-2b",
            "state": "available"
        },
        {
            "zoneName": "eu-west-2c",
            "state": "available"
        }
    ],
    "relationalDatabaseAvailabilityZones": []
},

Bundles

aws --region eu-west-2 lightsail get-bundles
    "bundles": [
       {
           "price": 3.5,
           "cpuCount": 1,
           "diskSizeInGb": 20,
           "bundleId": "nano_2_0",
           "instanceType": "nano",
           "isActive": true,
           "name": "Nano",
           "power": 300,
           "ramSizeInGb": 0.5,
           "transferPerMonthInGb": 1024,
           "supportedPlatforms": [
               "LINUX_UNIX"
           ]
       },
       {
           "price": 5.0,
           "cpuCount": 1,
           "diskSizeInGb": 40,
           "bundleId": "micro_2_0",
           "instanceType": "micro",
           "isActive": true,
           "name": "Micro",
           "power": 500,
           "ramSizeInGb": 1.0,
           "transferPerMonthInGb": 2048,
           "supportedPlatforms": [
               "LINUX_UNIX"
           ]
       },

So, the cheapest is...

"nano_2_0"

Types

aws --region eu-west-2 lightsail get-blueprints
"blueprintId": "ubuntu_20_04",

Then, you would use this blueprint-id in the command below to create your server with this type and operating system.

Create

Create an Ubuntu 20.04 Server in London using the cheapest tariff of $3.50...

aws --region eu-west-2 lightsail create-instances --instance-names "lightsail-ubuntu-1" --availability-zone "eu-west-2a" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --key-pair-name <value> --ip-address-type ipv4

When launching your instance, you can pass the user-data containing your initial configuration (eg. hostname) as follows:

aws lightsail --region eu-west-2 create-instances --instance-names <value> --availability-zone <value> --blueprint-id <value> --bundle-id <value> --key-pair-name <value> --ip-address-type ipv4 --user-data file:///full/path/to/myconfig

The content of myconfig file should be:

#cloud-config
hostname: test-vm

https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lightsail/create-instances.html

User Data and Commands On Launch

Create a Static IP Address

aws lightsail allocate-static-ip --static-ip-name StaticIp-1

Assign Static IP Address to Instance

aws lightsail attach-static-ip --static-ip-name StaticIp-1 --instance-name Lightsail-1

Create From Snapshot

https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-create-larger-instance-from-snapshot-using-aws-cli

List

aws --profile <value> --region eu-west-2 lightsail get-instances
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}'
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}' | jq
aws --profile <value> --region eu-west-2 lightsail get-instances | jq '.instances[] | {Name: .name, PublicIPAddress: .publicIpAddress}'

Reboot

aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1

@hourly cron script to check a web site and Lightsail instance is running correctly, then reboot the Lightsail if not...

#!/bin/bash
wget_output=$(wget -q "https://www.domain.co.uk")
if [ $? -ne 0 ]
  then echo "Not there" && /usr/local/bin/aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1
  else echo "OK"
fi
exit;

Stop

aws lightsail --region eu-west-2 stop-instance --instance-name Ubuntu-1

Start

aws lightsail --region eu-west-2 start-instance --instance-name Ubuntu-1
aws --profile myprofile --region eu-west-2 lightsail start-instance --instance-name "`aws --profile myprofile --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text`"

Information

aws lightsail --region eu-west-2 get-instance --instance-name Ubuntu-1

Instance State

aws --profile default --region eu-west-2 lightsail get-instance-state --instance-name 'lightsail-ubuntu-01' --query 'state.name' --output text

Snapshot

aws lightsail --region eu-west-2 create-instance-snapshot --instance-snapshot-name Ubuntu-1-2020111001 --instance-name Ubuntu-1

Add Firewall Rule

aws lightsail --region eu-west-2 open-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=123.45.67.89/32" --instance-name Ubuntu-1

Delete Firewall Rule

aws lightsail --region eu-west-2 close-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=123.45.67.89/32" --instance-name Ubuntu-1

List Firewall Rules

aws lightsail --region eu-west-2 get-instance-port-states --instance-name Ubuntu-1

Copy Firewall Rules From One Lightsail Instance To Another Lightsail Instance

Export the existing rules ...

aws --profile myprofile --region eu-west-2 lightsail get-instance-port-states --instance-name "Ubuntu-2" | grep -v "state" > firewall_export.json

Copy the JSON file for editing ...

cp -av firewall_export.json firewall_to_import.json

Edit the JSON file ...

{
   "portInfos": [
       {

Import the JSON file to the new AWS Lightsail instance ...

aws --profile myprofile --region eu-west-2 lightsail put-instance-public-ports --instance-name "Ubuntu-3" --cli-input-json file://firewall_to_import.json

https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-copy-firewall-rules/

COMPLETE Process

Create your Programmatic User in IAM and then edit your ~/.aws/* files accordingly.

This will create the cheapest Linux Ubuntu 20.04 Server Lightsail in London, and the DNS Zone and the Ansible configuration.

Enjoy...

# CLEAR VARIABLES
unset AWS_PROFILE
unset AWS_LIGHTSAIL_NAME
unset AWS_LIGHTSAIL_STATIC_IP_ADDRESS
unset AWS_LIGHTSAIL_STATIC_IP_NAME
unset AWS_LIGHTSAIL_DOMAIN_NAME

# SET VARIABLES
export AWS_PROFILE=client
export AWS_LIGHTSAIL_NAME=client-lightsail-1
export AWS_LIGHTSAIL_STATIC_IP_NAME=client-staticip-1
export AWS_LIGHTSAIL_DOMAIN_NAME=client.com

# TEST CLI ACCESS
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances

# CREATE INSTANCE
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail create-instances --instance-names "${AWS_LIGHTSAIL_NAME}" --availability-zone "eu-west-2c" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --ip-address-type ipv4

# CREATE STATIC IP ADDRESS
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail allocate-static-ip --static-ip-name "${AWS_LIGHTSAIL_STATIC_IP_NAME}"

# ASSIGN STATIC IP ADDRESS
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail attach-static-ip --static-ip-name "${AWS_LIGHTSAIL_STATIC_IP_NAME}" --instance-name "${AWS_LIGHTSAIL_NAME}"

# LIST INSTANCES (SHORT)
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances --query 'instances[*].name'

# LIST INSTANCES (LONG)
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances | jq '.instances[] | {Name: .name, PublicIPAddress: .publicIpAddress}'

# START INSTANCE
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail start-instance --instance-name "${AWS_LIGHTSAIL_NAME}"

# CLOSE SSH PORT FROM ANYWHERE IN FIREWALL
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail close-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=0.0.0.0/0" --instance-name "${AWS_LIGHTSAIL_NAME}"

# ALLOW MY IP ADDRESSES TO SSH IN FIREWALL
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=123.456.78.90/32" --instance-name "${AWS_LIGHTSAIL_NAME}"

# ALLOW BROWSER TO SSH IN FIREWALL
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrListAliases=lightsail-connect" --instance-name "${AWS_LIGHTSAIL_NAME}"

# ALLOW HTTPS IN FIREWALL
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=443,toPort=443,protocol=TCP,cidrs=0.0.0.0/0" --instance-name "${AWS_LIGHTSAIL_NAME}"

# ALLOW PING IN FIREWALL
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=8,toPort=-1,protocol=ICMP,cidrs=0.0.0.0/0" --instance-name "${AWS_LIGHTSAIL_NAME}"

# LIST INSTANCE FIREWALL RULES
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instance-port-states --instance-name "${AWS_LIGHTSAIL_NAME}" | jq

# CREATE DNS ZONE
aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail create-domain --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME}
aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail create-domain-entry --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME} --domain-entry name=${AWS_LIGHTSAIL_DOMAIN_NAME},target=${AWS_LIGHTSAIL_STATIC_IP_ADDRESS},isAlias=false,type=A
aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail create-domain-entry --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME} --domain-entry name=www.${AWS_LIGHTSAIL_DOMAIN_NAME},target=${AWS_LIGHTSAIL_STATIC_IP_ADDRESS},isAlias=false,type=A

# CHECK DNS ZONE
aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail get-domains --output text
aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail get-domain --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME} --output text

# DOWNLOAD DEFAULT SSH KEY PAIR
aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail download-default-key-pair --query 'privateKeyBase64' --output text > ~/.ssh/${AWS_PROFILE}_default_key_pair.pem
chmod --verbose 0600 ~/.ssh/${AWS_PROFILE}_default_key_pair.pem

# GET IP ADDRESS
export AWS_LIGHTSAIL_STATIC_IP_ADDRESS=$( aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances --query 'instances[*].publicIpAddress' --output text )

# PING SERVER
ping "${AWS_LIGHTSAIL_STATIC_IP_ADDRESS}"

# COPY PERSONAL SSH KEY TO SERVER
ssh-copy-id -i ~/.ssh/id_rsa.pub -o 'IdentityFile ~/.ssh/${AWS_PROFILE}_default_key_pair.pem' ubuntu@${AWS_LIGHTSAIL_STATIC_IP_ADDRESS}

# CHECK SSH LOGIN TO SERVER
ssh ubuntu@${AWS_LIGHTSAIL_STATIC_IP_ADDRESS} hostname

# ADD SERVER TO ANSIBLE HOSTS FILE
echo -e "[${AWS_PROFILE}]\n${AWS_LIGHTSAIL_NAME} ansible_ssh_host=${AWS_LIGHTSAIL_STATIC_IP_ADDRESS} ansible_connection=ssh ansible_user=ubuntu ansible_python_interpreter=/usr/bin/python3\n" >> ~/Bin/ansible-homelab/inventory/hosts

# SET UP SERVER USING ANSIBLE
ansible -i ~/Bin/ansible-homelab/inventory/hosts -m ping ${AWS_LIGHTSAIL_NAME}
ansible-playbook -i ~/Bin/ansible-homelab/inventory/hosts ~/Bin/ansible-homelab/playbooks/ubuntu/ALL_ubuntu.yml -l ${AWS_LIGHTSAIL_NAME}

Domains

List

aws --profile myprofile --region us-east-1 lightsail get-domains --query 'domains[*].name' --output text

List Records

aws --profile myprofile --region us-east-1 lightsail get-domain --domain-name example.com --output text

Create Record

aws --profile myprofile --region us-east-1 lightsail create-domain-entry --domain-name example.com --domain-entry name=new.example.com,type=A,target=123.456.78.90

Delete Record

aws --profile myprofile --region us-east-1 lightsail delete-domain-entry --domain-name example.com --domain-entry name=old.example.com,type=A,target=123.456.78.90

CLI Query Examples

https://how.wtf/aws-cli-query-examples.html

Ansible

https://docs.ansible.com/ansible/latest/collections/community/aws/lightsail_module.html

CloudWatch

Install the CloudWatch Agent on the Lightsail ...

Configure for 'cpu_usage_user' ...

Set an alarm for >60% ...

EventBridge

Create a rule in the default bus to track CloudWatch Alarm for state=ALARM ...

{
  "source": ["aws.cloudwatch"],
  "detail-type": ["CloudWatch Alarm State Change"],
  "resources": ["arn:aws:cloudwatch:eu-west-2:292291573537:alarm:Lightsail CPU"],
  "detail": {
    "state": {
      "value": ["ALARM"]
    }
  }
}

Set a target for a Lambda function.

Lambda

Create a trigger for the CloudWatch ALARM state.

Create a Python 3.9 function with the following code ...

import boto3
lightsail = boto3.client('lightsail', region_name='eu-west-2')
def lambda_handler(event, context):
  lightsail.reboot_instance( instanceName='lightsail-ubuntu-01')

... and watch the magic happen :)

Upgrade

  1. Sign in to the Lightsail console.
  2. Choose the Snapshots tab.
  3. Find the Lightsail resource whose snapshot you want to use to create a new, larger resource, and choose the right-arrow to expand the list of snapshots.
  4. Choose the ellipsis icon next to the snapshot you want to use, and choose Create new.
  5. On the Create page, you have a few optional settings to choose from. For example, you can change the Availability Zone. For instances, you can add a launch script, or change the SSH key you use to connect to it. You can accept all the defaults and move on to the next step.
  6. Choose the plan (or bundle) for your new resource. At this point, you can choose a larger bundle size than the original resource, if you'd like.
  7. Enter a name for your instance.
  8. Choose Create. Lightsail takes you to the management page for your new resource, and you can start managing it.

Creating a larger instance, block storage disk, or database from a snapshot in Amazon Lightsail

Additional Disk Storage

Create and attach additional block storage disks to your Linux-based Lightsail instances

Prices per month...

 8GB = £0.80
16GB = £1.60
32GB = £3.20
64GB = £6.40

Videos

Deploying a WordPress VM with AWS Lightsail

Documentation

Overview

Features

Pricing

Amazon Web Services Lightsail How To Articles

Let's Encrypt SSL with WordPress in Amazon Lightsail

Bitnami WordPress

Create Static IP

Create DNS Entry

Boto3

Bitnami

Bitnami WordPress Documentation

On every LightSail WordPress install, there is a bitnami section, which is normally shown by the icon in the bottom right-hand corner of the page.

HOWTO: Hide The Icon and Bitnami Info Page

By default, all Bitnami WordPress installs have an icon in the bottom right-hand corner or every web page that links to the completely insecure Bitnami info page... why oh why is beyond me.

To remove it, and help secure your web site, edit the Apache configuration page and comment out the 'banner' line, then restart Apache...

sudo nano /opt/bitnami/apache2/conf/httpd.conf
#Include "/opt/bitnami/apps/bitnami/banner/conf/banner.conf"
sudo /opt/bitnami/ctlscript.sh restart apache

https://docs.bitnami.com/aws/components/bninfo/

sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
sudo /opt/bitnami/ctlscript.sh restart apache

or

sudo touch /opt/bitnami/apps/bitnami/banner/disable-banner

You will want to hide this icon, but then it's lost, so you add this to the end of the URL.

http://123.456.789.100/bitnami/index.html

HOWTO: Multiple Sites

Enable the loading of the extra Virtual Hosts configuration file...

sudo nano /opt/bitnami/apache2/conf/httpd.conf

  # Virtual hosts
  Include conf/extra/httpd-vhosts.conf

Edit the Virtual Hosts configuration file...

sudo nano /opt/bitnami/apache2/conf/extra/httpd-vhosts.conf

 <VirtualHost *:80>
   ServerAdmin webmaster@dummy-host.example.com
   DocumentRoot "/opt/bitnami/apache2/docs/dummy-host.example.com"
   ServerName dummy-host.example.com
   ServerAlias www.dummy-host.example.com
   ErrorLog "logs/dummy-host.example.com-error_log"
   CustomLog "logs/dummy-host.example.com-access_log" common
 </VirtualHost>
 
 <VirtualHost *:80>
   ServerAdmin webmaster@dummy-host2.example.com
   DocumentRoot "/opt/bitnami/apache2/docs/dummy-host2.example.com"
   ServerName dummy-host2.example.com
   ServerAlias www.dummy-host2.example.com
   ErrorLog "logs/dummy-host2.example.com-error_log"
   CustomLog "logs/dummy-host2.example.com-access_log" common
 </VirtualHost>

Set up AWS Lightsail for Multiple WordPress Sites

Host Second Web Site