Difference between revisions of "AWS Lightsail"
Plittlefield (talk | contribs) |
Plittlefield (talk | contribs) |
||
(20 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
https://aws.amazon.com/lightsail/ | https://aws.amazon.com/lightsail/ | ||
+ | |||
+ | == Introduction == | ||
+ | |||
+ | With Amazon Lightsail, you pay a low, predictable price. Lightsail bundles resources like memory, vCPU, and solid-state drive (SSD) storage into one plan, so budgeting is easy and straightforward. All of Lightsail’s features—from free tier options to those with more compute—are offered in bundled plans. | ||
+ | |||
+ | == Pricing == | ||
+ | |||
+ | https://aws.amazon.com/lightsail/pricing/ | ||
== DNS == | == DNS == | ||
Line 61: | Line 69: | ||
=== Swap File === | === Swap File === | ||
− | You can add a | + | You can add a 1GB swap to your instance with these commands: |
− | sudo dd if=/dev/zero of=/swapfile bs=1M count= | + | sudo dd if=/dev/zero of=/swapfile bs=1M count=1024 |
sudo chmod 0600 /swapfile | sudo chmod 0600 /swapfile | ||
sudo mkswap /swapfile | sudo mkswap /swapfile | ||
sudo swapon /swapfile | sudo swapon /swapfile | ||
+ | sudo swapon --show | ||
+ | sudo free -m | ||
sudo echo "/swapfile swap swap defaults 0 0" >>/etc/fstab | sudo echo "/swapfile swap swap defaults 0 0" >>/etc/fstab | ||
Line 234: | Line 244: | ||
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/ | sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/ | ||
exit | exit | ||
+ | |||
+ | === Bitnami Stack Update === | ||
+ | |||
+ | https://docs.bitnami.com/installer/faq/linux-faq/administration/upgrade-linux-osx/ | ||
=== SSL Certificate === | === SSL Certificate === | ||
Line 245: | Line 259: | ||
https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ | https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/ | ||
+ | |||
+ | https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-bitnami-renew-ssl-certificate/ | ||
==== Force Redirection To HTTPS ==== | ==== Force Redirection To HTTPS ==== | ||
Line 262: | Line 278: | ||
[https://www.youtube.com/watch?list=PLGgVZHi3XQNm-dQwUU0K83kMKIdCILGy7&v=amiuttv8BEw YouTube Video] | [https://www.youtube.com/watch?list=PLGgVZHi3XQNm-dQwUU0K83kMKIdCILGy7&v=amiuttv8BEw YouTube Video] | ||
+ | |||
+ | === Load Balanced WordPress Website === | ||
+ | |||
+ | Amazon Lightsail is the easiest way to get started on AWS. It offers virtual servers, storage, databases and networking, plus a cost-effective, monthly plan. | ||
+ | |||
+ | This tutorial shows you how to create a load balanced WordPress website in Amazon Lightsail. A load balancer is a server that distributes network traffic over a set of servers. By distributing network traffic to a pool of servers, you can dramatically improve the number of concurrent users your WordPress website can handle. Load balancers also add fault tolerance. The Lightsail load balancer ensures that only healthy WordPress instances attached to the load balancer receive traffic. | ||
+ | |||
+ | https://aws.amazon.com/getting-started/hands-on/launch-load-balanced-wordpress-website/ | ||
=== Email Server Install === | === Email Server Install === | ||
Line 457: | Line 481: | ||
aws lightsail --region eu-west-2 get-instance --instance-name Ubuntu-1 | aws lightsail --region eu-west-2 get-instance --instance-name Ubuntu-1 | ||
+ | |||
+ | === Instance State === | ||
+ | |||
+ | aws --profile default --region eu-west-2 lightsail get-instance-state --instance-name 'lightsail-ubuntu-01' --query 'state.name' --output text | ||
=== Snapshot === | === Snapshot === | ||
Line 473: | Line 501: | ||
aws lightsail --region eu-west-2 get-instance-port-states --instance-name Ubuntu-1 | aws lightsail --region eu-west-2 get-instance-port-states --instance-name Ubuntu-1 | ||
+ | |||
+ | === Copy Firewall Rules From One Lightsail Instance To Another Lightsail Instance === | ||
+ | |||
+ | Export the existing rules ... | ||
+ | |||
+ | aws --profile myprofile --region eu-west-2 lightsail get-instance-port-states --instance-name "Ubuntu-2" | grep -v "state" > firewall_export.json | ||
+ | |||
+ | Copy the JSON file for editing ... | ||
+ | |||
+ | cp -av firewall_export.json firewall_to_import.json | ||
+ | |||
+ | Edit the JSON file ... | ||
+ | |||
+ | { | ||
+ | "portInfos": [ | ||
+ | { | ||
+ | |||
+ | Import the JSON file to the new AWS Lightsail instance ... | ||
+ | |||
+ | aws --profile myprofile --region eu-west-2 lightsail put-instance-public-ports --instance-name "Ubuntu-3" --cli-input-json file://firewall_to_import.json | ||
+ | |||
+ | https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-copy-firewall-rules/ | ||
=== COMPLETE Process === | === COMPLETE Process === | ||
Line 565: | Line 615: | ||
ansible -i ~/Bin/ansible-homelab/inventory/hosts -m ping ${AWS_LIGHTSAIL_NAME} | ansible -i ~/Bin/ansible-homelab/inventory/hosts -m ping ${AWS_LIGHTSAIL_NAME} | ||
ansible-playbook -i ~/Bin/ansible-homelab/inventory/hosts ~/Bin/ansible-homelab/playbooks/ubuntu/ALL_ubuntu.yml -l ${AWS_LIGHTSAIL_NAME} | ansible-playbook -i ~/Bin/ansible-homelab/inventory/hosts ~/Bin/ansible-homelab/playbooks/ubuntu/ALL_ubuntu.yml -l ${AWS_LIGHTSAIL_NAME} | ||
+ | |||
+ | === Delete Lightsail Instance === | ||
+ | |||
+ | Release the static IP ... | ||
+ | |||
+ | aws --profile myprofile lightsail --region eu-west-2 get-static-ips | ||
+ | aws --profile myprofile lightsail --region eu-west-2 release-static-ip --static-ip-name StaticIp-1 | ||
+ | |||
+ | Delete the Instance ... | ||
+ | |||
+ | aws --profile myprofile lightsail --region eu-west-2 get-instances | ||
+ | aws --profile myprofile lightsail --region eu-west-2 delete-instance --instance-name Ubuntu-1 --force-delete-add-ons | ||
+ | |||
+ | === Domains === | ||
+ | |||
+ | ==== List ==== | ||
+ | |||
+ | aws --profile myprofile --region us-east-1 lightsail get-domains --query 'domains[*].name' --output text | ||
+ | |||
+ | ==== List Records ==== | ||
+ | |||
+ | aws --profile myprofile --region us-east-1 lightsail get-domain --domain-name example.com --output text | ||
+ | |||
+ | ==== Create Record ==== | ||
+ | |||
+ | aws --profile myprofile --region us-east-1 lightsail create-domain-entry --domain-name example.com --domain-entry name=new.example.com,type=A,target=123.456.78.90 | ||
+ | |||
+ | ==== Delete Record ==== | ||
+ | |||
+ | aws --profile myprofile --region us-east-1 lightsail delete-domain-entry --domain-name example.com --domain-entry name=old.example.com,type=A,target=123.456.78.90 | ||
=== CLI Query Examples === | === CLI Query Examples === | ||
Line 573: | Line 653: | ||
https://docs.ansible.com/ansible/latest/collections/community/aws/lightsail_module.html | https://docs.ansible.com/ansible/latest/collections/community/aws/lightsail_module.html | ||
+ | |||
+ | == CloudWatch == | ||
+ | |||
+ | Install the CloudWatch Agent on the Lightsail ... | ||
+ | |||
+ | Configure for 'cpu_usage_user' ... | ||
+ | |||
+ | Set an alarm for >60% ... | ||
+ | |||
+ | == EventBridge == | ||
+ | |||
+ | Create a rule in the default bus to track CloudWatch Alarm for state=ALARM ... | ||
+ | |||
+ | { | ||
+ | "source": ["aws.cloudwatch"], | ||
+ | "detail-type": ["CloudWatch Alarm State Change"], | ||
+ | "resources": ["arn:aws:cloudwatch:eu-west-2:292291573537:alarm:Lightsail CPU"], | ||
+ | "detail": { | ||
+ | "state": { | ||
+ | "value": ["ALARM"] | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | |||
+ | Set a target for a Lambda function. | ||
+ | |||
+ | == Lambda == | ||
+ | |||
+ | Create a trigger for the CloudWatch ALARM state. | ||
+ | |||
+ | Create a Python 3.9 function with the following code ... | ||
+ | |||
+ | import boto3 | ||
+ | lightsail = boto3.client('lightsail', region_name='eu-west-2') | ||
+ | def lambda_handler(event, context): | ||
+ | lightsail.reboot_instance( instanceName='lightsail-ubuntu-01') | ||
+ | |||
+ | ... and watch the magic happen :) | ||
== Upgrade == | == Upgrade == | ||
+ | |||
+ | # Sign in to the Lightsail console. | ||
+ | # Choose the Snapshots tab. | ||
+ | # Find the Lightsail resource whose snapshot you want to use to create a new, larger resource, and choose the right-arrow to expand the list of snapshots. | ||
+ | # Choose the ellipsis icon next to the snapshot you want to use, and choose Create new. | ||
+ | # On the Create page, you have a few optional settings to choose from. For example, you can change the Availability Zone. For instances, you can add a launch script, or change the SSH key you use to connect to it. You can accept all the defaults and move on to the next step. | ||
+ | # Choose the plan (or bundle) for your new resource. At this point, you can choose a larger bundle size than the original resource, if you'd like. | ||
+ | # Enter a name for your instance. | ||
+ | # Choose Create. Lightsail takes you to the management page for your new resource, and you can start managing it. | ||
[https://lightsail.aws.amazon.com/ls/docs/en_us/articles/how-to-create-larger-instance-from-snapshot-using-console Creating a larger instance, block storage disk, or database from a snapshot in Amazon Lightsail] | [https://lightsail.aws.amazon.com/ls/docs/en_us/articles/how-to-create-larger-instance-from-snapshot-using-console Creating a larger instance, block storage disk, or database from a snapshot in Amazon Lightsail] | ||
Line 588: | Line 715: | ||
32GB = £3.20 | 32GB = £3.20 | ||
64GB = £6.40 | 64GB = £6.40 | ||
+ | |||
+ | == RAM AND SWAP USAGE == | ||
+ | |||
+ | The following commands set up a zram device with a size of one gigabyte and use it as swap device. | ||
+ | |||
+ | sudo -i | ||
+ | zramctl --find --size 1024M | ||
+ | mkswap /dev/zram0 | ||
+ | swapon /dev/zram0 | ||
== Videos == | == Videos == | ||
Line 610: | Line 746: | ||
[https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-create-dns-entry Create DNS Entry] | [https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-create-dns-entry Create DNS Entry] | ||
+ | |||
+ | [https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/lightsail.html Boto3] | ||
== Bitnami == | == Bitnami == |
Latest revision as of 13:39, 10 September 2024
https://aws.amazon.com/lightsail/
Introduction
With Amazon Lightsail, you pay a low, predictable price. Lightsail bundles resources like memory, vCPU, and solid-state drive (SSD) storage into one plan, so budgeting is easy and straightforward. All of Lightsail’s features—from free tier options to those with more compute—are offered in bundled plans.
Pricing
https://aws.amazon.com/lightsail/pricing/
DNS
Creating DNS Entries in Lightsail
Using Route 53 Instead of Lightsail Zone
Create DNS entries in Lightsail using AWS CLI
cat aws_add_dns_entry.sh #!/bin/bash /usr/local/bin/aws lightsail --region us-east-1 create-domain-entry --domain-name 'mydomain.co.uk' --domain-entry '{"name":"default._domainkey.mydomain.co.uk","target":"\"v=DKIM1; h=sha256; k=rsa; \" \"p=MIIBIjxxxxxxxxxxxiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurVgfLc8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9cRHBTEOIR4lmIgatpit\" \"t+v7oQzngmfKpBNoTeyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQIDAQAB\"","isAlias":false,"type":"TXT"}'
Installation and Configuration
First Steps
touch .hushlogin sudo -i nano /home/ubuntu/{.bashrc,.bash_aliases,.screenrc} /root/{.bashrc,.bash_aliases,.screenrc} sudo -i mkdir -p /root/bin mkdir -p /root/misc touch --reference=/proc /root/misc/system_installed apt-get update apt-get check apt-get -y dist-upgrade update-grub update-initramfs -k all -u touch /root/misc/system_updated sync reboot
Initial Update and Release Upgrade and RAM Tweaks
Initial Update
This will make sure you are up-to-date before you do the major upgrade...
sudo apt update sudo apt dist-upgrade sudo reboot
Release Upgrade
Now we upgrade the Ubuntu system from the supplied 18.04 to the latest 20.04 release...
sudo apt install update-manager-core sudo do-release-upgrade -d sudo reboot
RAM Tweaks
Now we squeeze every last drop of RAM out of the system because we only have 512Mb...
sudo apt purge landscape-common unattended-upgrades sudo reboot
Swap File
You can add a 1GB swap to your instance with these commands:
sudo dd if=/dev/zero of=/swapfile bs=1M count=1024 sudo chmod 0600 /swapfile sudo mkswap /swapfile sudo swapon /swapfile sudo swapon --show sudo free -m sudo echo "/swapfile swap swap defaults 0 0" >>/etc/fstab
Steps
- install vm
- static ip
- dns zone
- ssh keys
- ubuntu update
- ntp timezone update
- wordpress update
- ssl certificate
- remove bitnami icon
- postfix
- snapshot backup
- web admin
Firewall
- SSH / tcp / 22 - already set up, but you can edit it to restrict the source IP address to just you!
- HTTP / tcp / 80 - already set up.
- HTTPS / tcp / 443 - already set up.
- Ping / icmp - go to ADD RULE > Application > ICMP > Save
SSH Keys
Download the Default SSH key pair from the Account page of AWS Lightsail and copy it to your ~/.ssh/ directory, then change the permissions of the file...
chmod 0600 ~/.ssh/lightsail.pem
Add your own public key to the Lightsail server, by using the downloaded key pair...
cat ~/.ssh/my_id_rsa.pub | ssh -i ~/.ssh/lightsail.pem bitnami@1.2.3.4 "cat >> ~/.ssh/authorized_keys"
Login using your SSH public key...
ssh bitnami@1.2.3.4
Ubuntu Update
sudo -i apt-get update apt-get check apt-get upgrade apt-get dist-upgrade reboot
NTP Timezone Update
sudo dpkg-reconfigure tzdata sudo date sudo reboot sudo timedatectl status sudo systemctl status systemd-timesyncd
Hostname
sudo hostnamectl set-hostname myserver.domain.com
WordPress Install
PHP
sudo apt-get -y install php7.4-imagick php7.4-cgi php7.4-cli php7.4-common php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mysql php7.4-readline php7.4-xml php7.4-mbstring php7.4-zip
MySQL
NEW
http://wiki.indie-it.com/wiki/MariaDB
OLD
sudo -i wget https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb dpkg -i mysql-apt-config_0.8.13-1_all.deb apt install mysql-server mysql --version mysql_secure_installation mysql -u root -p -e "STATUS;" mysql -u root -p -e "CREATE DATABASE websitename; CREATE USER 'websitename' IDENTIFIED BY 'goodpassword'; GRANT ALL PRIVILEGES ON websitename.* TO 'websitename'; FLUSH PRIVILEGES;"
NginX
http://wiki.indie-it.com/wiki/NginX#Installation
WP CLI
sudo add-apt-repository ppa:tiagohillebrandt/wp-cli sudo apt install wp-cli sudo -u www-data wp --info
WordPress
This is now installed completely via the command line software below.
# create directories and log files sudo mkdir -p /var/www/www.domain.co.uk/{html,logs,.wp-cli/cache} sudo touch /var/www/www.domain.co.uk/logs/{access,error}.log sudo chmod g+w /var/www/www.domain.co.uk/logs/{access,error}.log sudo chown -R www-data:www-data /var/www/www.domain.co.uk/
# change to working directory cd /var/www/www.domain.co.uk/html/
# create environment variables export WP_CLI_CACHE_DIR=/var/www/www.domain.co.uk/.wp-cli/cache
# check wp cli working sudo -u www-data -E wp --info
# download the core wordpress files sudo -u www-data -E wp core download --locale=en_GB
# create a wordpress mysql database sudo mysql -u root -p -e "CREATE DATABASE domainname; CREATE USER 'domainname' IDENTIFIED BY 'password'; GRANT SELECT, INSERT, UPDATE ON domainname.* TO 'domainname'; FLUSH PRIVILEGES;"
# create a wordpress configuration file sudo -u www-data -E wp core config --dbname='domainname' --dbuser='domainname' --dbpass='password' --dbhost='localhost' --dbprefix='wp_'
# complete the installation process sudo -u www-data -E wp core install --url='http://www.domain.co.uk' --title='Ball and Bone' --admin_user='joe.bloggs' --admin_password='password' --admin_email='joe.bloggs@domain.co.uk'
# log in to the web browser to check web site working and admin dashboard works wget http://www.domain.co.uk
# check for updates sudo -u www-data -E wp core version sudo -u www-data -E wp core update sudo -u www-data -E wp core update-db sudo -u www-data -E wp plugin list sudo -u www-data -E wp plugin update --all sudo -u www-data -E wp theme list sudo -u www-data -E wp theme update --all sudo -u www-data -E wp language core list --status=active sudo -u www-data -E wp language core update --all sudo -u www-data -E wp language plugin list --all --status=active sudo -u www-data -E wp language plugin update --all sudo -u www-data -E wp language theme list --all --status=active sudo -u www-data -E wp language theme update --all
# add new user sudo -u www-data -E wp user create john.doe john.doe@domain.co.uk --role=administrator --first_name=John --last_name=Doe --nickname=John --display_name=John
# list users sudo -u www-data -E wp user list
Bitnami WordPress Update
sudo -i gpasswd -a bitnami daemon su - bitnami wp cli info wp cli version wp cli check-update wp cli update wp core version wp core check-update wp core update --locale=en_GB wp core update-db wp core verify-checksums wp theme update --all wp theme install intentionally-blank wp theme activate intentionally-blank exit sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/ exit
Bitnami Stack Update
https://docs.bitnami.com/installer/faq/linux-faq/administration/upgrade-linux-osx/
SSL Certificate
Generation and Auto Renew
sudo -i cd /opt/bitnami/letsencrypt/scripts/ ./generate-certificate.sh -m info@domain.uk -d domain.uk -d www.domain.uk -d mail.domain.uk (yes to cronjob each month)
https://docs.bitnami.com/aws/how-to/generate-install-lets-encrypt-ssl/
https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-bitnami-renew-ssl-certificate/
Force Redirection To HTTPS
sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
... DocumentRoot "/opt/bitnami/apache2/htdocs" RewriteEngine On RewriteCond %{HTTPS} !=on RewriteCond %{HTTP_HOST} !^(localhost|127.0.0.1) RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
/opt/bitnami/ctlscript.sh restart apache
https://docs.bitnami.com/general/apps/wordpress/administration/force-https-apache/
Load Balanced WordPress Website
Amazon Lightsail is the easiest way to get started on AWS. It offers virtual servers, storage, databases and networking, plus a cost-effective, monthly plan.
This tutorial shows you how to create a load balanced WordPress website in Amazon Lightsail. A load balancer is a server that distributes network traffic over a set of servers. By distributing network traffic to a pool of servers, you can dramatically improve the number of concurrent users your WordPress website can handle. Load balancers also add fault tolerance. The Lightsail load balancer ensures that only healthy WordPress instances attached to the load balancer receive traffic.
https://aws.amazon.com/getting-started/hands-on/launch-load-balanced-wordpress-website/
Email Server Install
Dovecot
Postfix
sudo -i DEBIAN_PRIORITY=low apt-get install postfix
Virtual Users
Backup to AWS S3
SPF and DKIM
Ubuntu Email with SPF and DKIM
Web Administration
Postfix Dovecot and ViMbAdmin - OLD but good
CLI
Access Policy
{ "Version": "2012-10-17", "Statement": [ { "Sid": "Stmt1482790463251", "Action": "lightsail:*", "Effect": "Allow", "Resource": "*" } ] }
Regions
aws lightsail get-regions
"displayName": "London", "name": "eu-west-2",
Availability Zones
aws lightsail get-regions --include-availability-zones
{ "continentCode": "EU", "description": "This region is recommended to serve users in Ireland, the United Kingdom, and Iceland", "displayName": "London", "name": "eu-west-2", "availabilityZones": [ { "zoneName": "eu-west-2a", "state": "available" }, { "zoneName": "eu-west-2b", "state": "available" }, { "zoneName": "eu-west-2c", "state": "available" } ], "relationalDatabaseAvailabilityZones": [] },
Bundles
aws --region eu-west-2 lightsail get-bundles
"bundles": [ { "price": 3.5, "cpuCount": 1, "diskSizeInGb": 20, "bundleId": "nano_2_0", "instanceType": "nano", "isActive": true, "name": "Nano", "power": 300, "ramSizeInGb": 0.5, "transferPerMonthInGb": 1024, "supportedPlatforms": [ "LINUX_UNIX" ] }, { "price": 5.0, "cpuCount": 1, "diskSizeInGb": 40, "bundleId": "micro_2_0", "instanceType": "micro", "isActive": true, "name": "Micro", "power": 500, "ramSizeInGb": 1.0, "transferPerMonthInGb": 2048, "supportedPlatforms": [ "LINUX_UNIX" ] },
So, the cheapest is...
"nano_2_0"
Types
aws --region eu-west-2 lightsail get-blueprints
"blueprintId": "ubuntu_20_04",
Then, you would use this blueprint-id in the command below to create your server with this type and operating system.
Create
Create an Ubuntu 20.04 Server in London using the cheapest tariff of $3.50...
aws --region eu-west-2 lightsail create-instances --instance-names "lightsail-ubuntu-1" --availability-zone "eu-west-2a" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --key-pair-name <value> --ip-address-type ipv4
When launching your instance, you can pass the user-data containing your initial configuration (eg. hostname) as follows:
aws lightsail --region eu-west-2 create-instances --instance-names <value> --availability-zone <value> --blueprint-id <value> --bundle-id <value> --key-pair-name <value> --ip-address-type ipv4 --user-data file:///full/path/to/myconfig
The content of myconfig file should be:
#cloud-config hostname: test-vm
https://awscli.amazonaws.com/v2/documentation/api/latest/reference/lightsail/create-instances.html
User Data and Commands On Launch
Create a Static IP Address
aws lightsail allocate-static-ip --static-ip-name StaticIp-1
Assign Static IP Address to Instance
aws lightsail attach-static-ip --static-ip-name StaticIp-1 --instance-name Lightsail-1
Create From Snapshot
List
aws --profile <value> --region eu-west-2 lightsail get-instances
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}'
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}' | jq
aws --profile <value> --region eu-west-2 lightsail get-instances | jq '.instances[] | {Name: .name, PublicIPAddress: .publicIpAddress}'
Reboot
aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1
@hourly cron script to check a web site and Lightsail instance is running correctly, then reboot the Lightsail if not...
#!/bin/bash wget_output=$(wget -q "https://www.domain.co.uk") if [ $? -ne 0 ] then echo "Not there" && /usr/local/bin/aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1 else echo "OK" fi exit;
Stop
aws lightsail --region eu-west-2 stop-instance --instance-name Ubuntu-1
Start
aws lightsail --region eu-west-2 start-instance --instance-name Ubuntu-1
aws --profile myprofile --region eu-west-2 lightsail start-instance --instance-name "`aws --profile myprofile --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text`"
Information
aws lightsail --region eu-west-2 get-instance --instance-name Ubuntu-1
Instance State
aws --profile default --region eu-west-2 lightsail get-instance-state --instance-name 'lightsail-ubuntu-01' --query 'state.name' --output text
Snapshot
aws lightsail --region eu-west-2 create-instance-snapshot --instance-snapshot-name Ubuntu-1-2020111001 --instance-name Ubuntu-1
Add Firewall Rule
aws lightsail --region eu-west-2 open-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=123.45.67.89/32" --instance-name Ubuntu-1
Delete Firewall Rule
aws lightsail --region eu-west-2 close-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=123.45.67.89/32" --instance-name Ubuntu-1
List Firewall Rules
aws lightsail --region eu-west-2 get-instance-port-states --instance-name Ubuntu-1
Copy Firewall Rules From One Lightsail Instance To Another Lightsail Instance
Export the existing rules ...
aws --profile myprofile --region eu-west-2 lightsail get-instance-port-states --instance-name "Ubuntu-2" | grep -v "state" > firewall_export.json
Copy the JSON file for editing ...
cp -av firewall_export.json firewall_to_import.json
Edit the JSON file ...
{ "portInfos": [ {
Import the JSON file to the new AWS Lightsail instance ...
aws --profile myprofile --region eu-west-2 lightsail put-instance-public-ports --instance-name "Ubuntu-3" --cli-input-json file://firewall_to_import.json
https://aws.amazon.com/premiumsupport/knowledge-center/lightsail-copy-firewall-rules/
COMPLETE Process
Create your Programmatic User in IAM and then edit your ~/.aws/*
files accordingly.
This will create the cheapest Linux Ubuntu 20.04 Server Lightsail in London, and the DNS Zone and the Ansible configuration.
Enjoy...
# CLEAR VARIABLES unset AWS_PROFILE unset AWS_LIGHTSAIL_NAME unset AWS_LIGHTSAIL_STATIC_IP_ADDRESS unset AWS_LIGHTSAIL_STATIC_IP_NAME unset AWS_LIGHTSAIL_DOMAIN_NAME # SET VARIABLES export AWS_PROFILE=client export AWS_LIGHTSAIL_NAME=client-lightsail-1 export AWS_LIGHTSAIL_STATIC_IP_NAME=client-staticip-1 export AWS_LIGHTSAIL_DOMAIN_NAME=client.com # TEST CLI ACCESS aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances # CREATE INSTANCE aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail create-instances --instance-names "${AWS_LIGHTSAIL_NAME}" --availability-zone "eu-west-2c" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --ip-address-type ipv4 # CREATE STATIC IP ADDRESS aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail allocate-static-ip --static-ip-name "${AWS_LIGHTSAIL_STATIC_IP_NAME}" # ASSIGN STATIC IP ADDRESS aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail attach-static-ip --static-ip-name "${AWS_LIGHTSAIL_STATIC_IP_NAME}" --instance-name "${AWS_LIGHTSAIL_NAME}" # LIST INSTANCES (SHORT) aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances --query 'instances[*].name' # LIST INSTANCES (LONG) aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances | jq '.instances[] | {Name: .name, PublicIPAddress: .publicIpAddress}' # START INSTANCE aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail start-instance --instance-name "${AWS_LIGHTSAIL_NAME}" # CLOSE SSH PORT FROM ANYWHERE IN FIREWALL aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail close-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=0.0.0.0/0" --instance-name "${AWS_LIGHTSAIL_NAME}" # ALLOW MY IP ADDRESSES TO SSH IN FIREWALL aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrs=123.456.78.90/32" --instance-name "${AWS_LIGHTSAIL_NAME}" # ALLOW BROWSER TO SSH IN FIREWALL aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=22,toPort=22,protocol=TCP,cidrListAliases=lightsail-connect" --instance-name "${AWS_LIGHTSAIL_NAME}" # ALLOW HTTPS IN FIREWALL aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=443,toPort=443,protocol=TCP,cidrs=0.0.0.0/0" --instance-name "${AWS_LIGHTSAIL_NAME}" # ALLOW PING IN FIREWALL aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail open-instance-public-ports --port-info "fromPort=8,toPort=-1,protocol=ICMP,cidrs=0.0.0.0/0" --instance-name "${AWS_LIGHTSAIL_NAME}" # LIST INSTANCE FIREWALL RULES aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instance-port-states --instance-name "${AWS_LIGHTSAIL_NAME}" | jq # CREATE DNS ZONE aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail create-domain --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME} aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail create-domain-entry --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME} --domain-entry name=${AWS_LIGHTSAIL_DOMAIN_NAME},target=${AWS_LIGHTSAIL_STATIC_IP_ADDRESS},isAlias=false,type=A aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail create-domain-entry --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME} --domain-entry name=www.${AWS_LIGHTSAIL_DOMAIN_NAME},target=${AWS_LIGHTSAIL_STATIC_IP_ADDRESS},isAlias=false,type=A # CHECK DNS ZONE aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail get-domains --output text aws --profile "${AWS_PROFILE}" --region us-east-1 lightsail get-domain --domain-name ${AWS_LIGHTSAIL_DOMAIN_NAME} --output text # DOWNLOAD DEFAULT SSH KEY PAIR aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail download-default-key-pair --query 'privateKeyBase64' --output text > ~/.ssh/${AWS_PROFILE}_default_key_pair.pem chmod --verbose 0600 ~/.ssh/${AWS_PROFILE}_default_key_pair.pem # GET IP ADDRESS export AWS_LIGHTSAIL_STATIC_IP_ADDRESS=$( aws --profile "${AWS_PROFILE}" --region eu-west-2 lightsail get-instances --query 'instances[*].publicIpAddress' --output text ) # PING SERVER ping "${AWS_LIGHTSAIL_STATIC_IP_ADDRESS}" # COPY PERSONAL SSH KEY TO SERVER ssh-copy-id -i ~/.ssh/id_rsa.pub -o 'IdentityFile ~/.ssh/${AWS_PROFILE}_default_key_pair.pem' ubuntu@${AWS_LIGHTSAIL_STATIC_IP_ADDRESS} # CHECK SSH LOGIN TO SERVER ssh ubuntu@${AWS_LIGHTSAIL_STATIC_IP_ADDRESS} hostname # ADD SERVER TO ANSIBLE HOSTS FILE echo -e "[${AWS_PROFILE}]\n${AWS_LIGHTSAIL_NAME} ansible_ssh_host=${AWS_LIGHTSAIL_STATIC_IP_ADDRESS} ansible_connection=ssh ansible_user=ubuntu ansible_python_interpreter=/usr/bin/python3\n" >> ~/Bin/ansible-homelab/inventory/hosts # SET UP SERVER USING ANSIBLE ansible -i ~/Bin/ansible-homelab/inventory/hosts -m ping ${AWS_LIGHTSAIL_NAME} ansible-playbook -i ~/Bin/ansible-homelab/inventory/hosts ~/Bin/ansible-homelab/playbooks/ubuntu/ALL_ubuntu.yml -l ${AWS_LIGHTSAIL_NAME}
Delete Lightsail Instance
Release the static IP ...
aws --profile myprofile lightsail --region eu-west-2 get-static-ips aws --profile myprofile lightsail --region eu-west-2 release-static-ip --static-ip-name StaticIp-1
Delete the Instance ...
aws --profile myprofile lightsail --region eu-west-2 get-instances aws --profile myprofile lightsail --region eu-west-2 delete-instance --instance-name Ubuntu-1 --force-delete-add-ons
Domains
List
aws --profile myprofile --region us-east-1 lightsail get-domains --query 'domains[*].name' --output text
List Records
aws --profile myprofile --region us-east-1 lightsail get-domain --domain-name example.com --output text
Create Record
aws --profile myprofile --region us-east-1 lightsail create-domain-entry --domain-name example.com --domain-entry name=new.example.com,type=A,target=123.456.78.90
Delete Record
aws --profile myprofile --region us-east-1 lightsail delete-domain-entry --domain-name example.com --domain-entry name=old.example.com,type=A,target=123.456.78.90
CLI Query Examples
https://how.wtf/aws-cli-query-examples.html
Ansible
https://docs.ansible.com/ansible/latest/collections/community/aws/lightsail_module.html
CloudWatch
Install the CloudWatch Agent on the Lightsail ...
Configure for 'cpu_usage_user' ...
Set an alarm for >60% ...
EventBridge
Create a rule in the default bus to track CloudWatch Alarm for state=ALARM ...
{ "source": ["aws.cloudwatch"], "detail-type": ["CloudWatch Alarm State Change"], "resources": ["arn:aws:cloudwatch:eu-west-2:292291573537:alarm:Lightsail CPU"], "detail": { "state": { "value": ["ALARM"] } } }
Set a target for a Lambda function.
Lambda
Create a trigger for the CloudWatch ALARM state.
Create a Python 3.9 function with the following code ...
import boto3 lightsail = boto3.client('lightsail', region_name='eu-west-2') def lambda_handler(event, context): lightsail.reboot_instance( instanceName='lightsail-ubuntu-01')
... and watch the magic happen :)
Upgrade
- Sign in to the Lightsail console.
- Choose the Snapshots tab.
- Find the Lightsail resource whose snapshot you want to use to create a new, larger resource, and choose the right-arrow to expand the list of snapshots.
- Choose the ellipsis icon next to the snapshot you want to use, and choose Create new.
- On the Create page, you have a few optional settings to choose from. For example, you can change the Availability Zone. For instances, you can add a launch script, or change the SSH key you use to connect to it. You can accept all the defaults and move on to the next step.
- Choose the plan (or bundle) for your new resource. At this point, you can choose a larger bundle size than the original resource, if you'd like.
- Enter a name for your instance.
- Choose Create. Lightsail takes you to the management page for your new resource, and you can start managing it.
Creating a larger instance, block storage disk, or database from a snapshot in Amazon Lightsail
Additional Disk Storage
Create and attach additional block storage disks to your Linux-based Lightsail instances
Prices per month...
8GB = £0.80 16GB = £1.60 32GB = £3.20 64GB = £6.40
RAM AND SWAP USAGE
The following commands set up a zram device with a size of one gigabyte and use it as swap device.
sudo -i zramctl --find --size 1024M mkswap /dev/zram0 swapon /dev/zram0
Videos
Deploying a WordPress VM with AWS Lightsail
Documentation
Amazon Web Services Lightsail How To Articles
Let's Encrypt SSL with WordPress in Amazon Lightsail
Bitnami
Bitnami WordPress Documentation
On every LightSail WordPress install, there is a bitnami section, which is normally shown by the icon in the bottom right-hand corner of the page.
HOWTO: Hide The Icon and Bitnami Info Page
By default, all Bitnami WordPress installs have an icon in the bottom right-hand corner or every web page that links to the completely insecure Bitnami info page... why oh why is beyond me.
To remove it, and help secure your web site, edit the Apache configuration page and comment out the 'banner' line, then restart Apache...
sudo nano /opt/bitnami/apache2/conf/httpd.conf
#Include "/opt/bitnami/apps/bitnami/banner/conf/banner.conf"
sudo /opt/bitnami/ctlscript.sh restart apache
https://docs.bitnami.com/aws/components/bninfo/
sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1 sudo /opt/bitnami/ctlscript.sh restart apache
or
sudo touch /opt/bitnami/apps/bitnami/banner/disable-banner
You will want to hide this icon, but then it's lost, so you add this to the end of the URL.
http://123.456.789.100/bitnami/index.html
HOWTO: Multiple Sites
Enable the loading of the extra Virtual Hosts configuration file...
sudo nano /opt/bitnami/apache2/conf/httpd.conf # Virtual hosts Include conf/extra/httpd-vhosts.conf
Edit the Virtual Hosts configuration file...
sudo nano /opt/bitnami/apache2/conf/extra/httpd-vhosts.conf <VirtualHost *:80> ServerAdmin webmaster@dummy-host.example.com DocumentRoot "/opt/bitnami/apache2/docs/dummy-host.example.com" ServerName dummy-host.example.com ServerAlias www.dummy-host.example.com ErrorLog "logs/dummy-host.example.com-error_log" CustomLog "logs/dummy-host.example.com-access_log" common </VirtualHost> <VirtualHost *:80> ServerAdmin webmaster@dummy-host2.example.com DocumentRoot "/opt/bitnami/apache2/docs/dummy-host2.example.com" ServerName dummy-host2.example.com ServerAlias www.dummy-host2.example.com ErrorLog "logs/dummy-host2.example.com-error_log" CustomLog "logs/dummy-host2.example.com-access_log" common </VirtualHost>