  aws lightsail --region eu-west-2 start-instance --instance-name Ubuntu-1
  aws lightsail --region eu-west-2 start-instance --instance-name Ubuntu-1
aws --profile myprofile --region eu-west-2 lightsail start-instance --instance-name "`aws --profile myprofile --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text`"
=== Information ===
=== Information ===

Creating DNS Entries in Lightsail

Using Route 53 Instead of Lightsail Zone

Create DNS entries in Lightsail using AWS CLI

cat aws_add_dns_entry.sh

/usr/local/bin/aws lightsail --region us-east-1 create-domain-entry --domain-name 'mydomain.co.uk' --domain-entry '{"name":"default._domainkey.mydomain.co.uk","target":"\"v=DKIM1; h=sha256; k=rsa; \" \"p=MIIBIjxxxxxxxxxxxiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAurVgfLc8xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx9cRHBTEOIR4lmIgatpit\" \"t+v7oQzngmfKpBNoTeyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxQIDAQAB\"","isAlias":false,"type":"TXT"}'

Installation and Configuration

First Steps

touch .hushlogin
sudo -i
nano /home/ubuntu/{.bashrc,.bash_aliases,.screenrc} /root/{.bashrc,.bash_aliases,.screenrc}
sudo -i
mkdir -p /root/bin
mkdir -p /root/misc
touch --reference=/proc /root/misc/system_installed 
apt-get update
apt-get check
apt-get -y dist-upgrade 
update-initramfs -k all -u
touch /root/misc/system_updated

Initial Update and Release Upgrade and RAM Tweaks

Initial Update

This will make sure you are up-to-date before you do the major upgrade...

sudo apt update
sudo apt dist-upgrade 
sudo reboot

Release Upgrade

Now we upgrade the Ubuntu system from the supplied 18.04 to the latest 20.04 release...

sudo apt install update-manager-core
sudo do-release-upgrade -d
sudo reboot

RAM Tweaks

Now we squeeze every last drop of RAM out of the system because we only have 512Mb...

sudo apt purge landscape-common unattended-upgrades
sudo reboot

Swap File

You can add a 512MB swap to your instance with these commands:

sudo dd if=/dev/zero of=/swapfile bs=1M count=512
sudo chmod 0600 /swapfile
sudo mkswap /swapfile
sudo swapon /swapfile
sudo echo "/swapfile swap swap defaults 0 0" >>/etc/fstab


  1. install vm
  2. static ip
  3. dns zone
  4. ssh keys
  5. ubuntu update
  6. ntp timezone update
  7. wordpress update
  8. ssl certificate
  9. remove bitnami icon
  10. postfix
  11. snapshot backup
  12. web admin


  1. SSH / tcp / 22 - already set up, but you can edit it to restrict the source IP address to just you!
  2. HTTP / tcp / 80 - already set up.
  3. HTTPS / tcp / 443 - already set up.
  4. Ping / icmp - go to ADD RULE > Application > ICMP > Save

SSH Keys

Download the Default SSH key pair from the Account page of AWS Lightsail and copy it to your ~/.ssh/ directory, then change the permissions of the file...

chmod 0600 ~/.ssh/lightsail.pem

Add your own public key to the Lightsail server, by using the downloaded key pair...

cat ~/.ssh/my_id_rsa.pub | ssh -i ~/.ssh/lightsail.pem bitnami@ "cat >> ~/.ssh/authorized_keys"

Login using your SSH public key...

ssh bitnami@

Ubuntu Update

sudo -i
apt-get update
apt-get check
apt-get upgrade
apt-get dist-upgrade

NTP Timezone Update

sudo dpkg-reconfigure tzdata
sudo date
sudo reboot
sudo timedatectl status
sudo systemctl status systemd-timesyncd


sudo hostnamectl set-hostname myserver.domain.com

WordPress Install


sudo apt-get -y install php7.4-imagick php7.4-cgi php7.4-cli php7.4-common php7.4-curl php7.4-fpm php7.4-gd php7.4-json php7.4-mysql php7.4-readline php7.4-xml php7.4-mbstring php7.4-zip





sudo -i
wget https://dev.mysql.com/get/mysql-apt-config_0.8.13-1_all.deb
dpkg -i mysql-apt-config_0.8.13-1_all.deb
apt install mysql-server
mysql --version
mysql -u root -p -e "STATUS;"
mysql -u root -p -e "CREATE DATABASE websitename; CREATE USER 'websitename' IDENTIFIED BY 'goodpassword'; GRANT ALL PRIVILEGES ON websitename.* TO 'websitename'; FLUSH PRIVILEGES;"




sudo add-apt-repository ppa:tiagohillebrandt/wp-cli
sudo apt install wp-cli
sudo -u www-data wp --info


This is now installed completely via the command line software below.

# create directories and log files
sudo mkdir -p /var/www/www.domain.co.uk/{html,logs,.wp-cli/cache}
sudo touch /var/www/www.domain.co.uk/logs/{access,error}.log
sudo chmod g+w /var/www/www.domain.co.uk/logs/{access,error}.log
sudo chown -R www-data:www-data /var/www/www.domain.co.uk/
# change to working directory
cd /var/www/www.domain.co.uk/html/
# create environment variables
export WP_CLI_CACHE_DIR=/var/www/www.domain.co.uk/.wp-cli/cache
# check wp cli working
sudo -u www-data -E wp --info
# download the core wordpress files
sudo -u www-data -E wp core download --locale=en_GB
# create a wordpress mysql database
sudo mysql -u root -p -e "CREATE DATABASE domainname; CREATE USER 'domainname' IDENTIFIED BY 'password'; GRANT SELECT, INSERT, UPDATE ON domainname.* TO 'domainname'; FLUSH PRIVILEGES;"
# create a wordpress configuration file
sudo -u www-data -E wp core config --dbname='domainname' --dbuser='domainname' --dbpass='password' --dbhost='localhost' --dbprefix='wp_'
# complete the installation process
sudo -u www-data -E wp core install --url='http://www.domain.co.uk' --title='Ball and Bone' --admin_user='joe.bloggs' --admin_password='password' --admin_email='joe.bloggs@domain.co.uk'
# log in to the web browser to check web site working and admin dashboard works
wget http://www.domain.co.uk
# check for updates
sudo -u www-data -E wp core version
sudo -u www-data -E wp core update
sudo -u www-data -E wp core update-db
sudo -u www-data -E wp plugin list
sudo -u www-data -E wp plugin update --all
sudo -u www-data -E wp theme list
sudo -u www-data -E wp theme update --all
sudo -u www-data -E wp language core list --status=active
sudo -u www-data -E wp language core update --all
sudo -u www-data -E wp language plugin list --all --status=active
sudo -u www-data -E wp language plugin update --all
sudo -u www-data -E wp language theme list --all --status=active
sudo -u www-data -E wp language theme update --all
# add new user
sudo -u www-data -E wp user create john.doe john.doe@domain.co.uk --role=administrator --first_name=John --last_name=Doe --nickname=John --display_name=John
# list users
sudo -u www-data -E wp user list

Bitnami WordPress Update

sudo -i
gpasswd -a bitnami daemon
su - bitnami
wp cli info
wp cli version
wp cli check-update
wp cli update
wp core version
wp core check-update
wp core update --locale=en_GB
wp core update-db
wp core verify-checksums
wp theme update --all
wp theme install intentionally-blank
wp theme activate intentionally-blank
sudo chown -R bitnami:daemon /opt/bitnami/apps/wordpress/htdocs/

SSL Certificate

Generation and Auto Renew

sudo -i
cd /opt/bitnami/letsencrypt/scripts/
./generate-certificate.sh -m info@domain.uk -d domain.uk -d www.domain.uk -d mail.domain.uk
(yes to cronjob each month)


Force Redirection To HTTPS

sudo nano /opt/bitnami/apache2/conf/bitnami/bitnami.conf
DocumentRoot "/opt/bitnami/apache2/htdocs"
RewriteEngine On
RewriteCond %{HTTPS} !=on
RewriteCond %{HTTP_HOST} !^(localhost|
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
/opt/bitnami/ctlscript.sh restart apache


YouTube Video

Email Server Install



sudo -i
DEBIAN_PRIORITY=low apt-get install postfix

Virtual Users

Backup to AWS S3


Setup DKIM and SPF

Ubuntu Email with SPF and DKIM

Web Administration

Postfix Dovecot and ViMbAdmin - OLD but good

Mail System Install on Ubuntu


Access Policy

  "Version": "2012-10-17",
  "Statement": [
      "Sid": "Stmt1482790463251",
      "Action": "lightsail:*",
      "Effect": "Allow",
      "Resource": "*"


aws lightsail get-regions
"displayName": "London",
"name": "eu-west-2",

Availability Zones

aws lightsail get-regions --include-availability-zones
    "continentCode": "EU",
    "description": "This region is recommended to serve users in Ireland, the United Kingdom, and Iceland",
    "displayName": "London",
    "name": "eu-west-2",
    "availabilityZones": [
            "zoneName": "eu-west-2a",
            "state": "available"
            "zoneName": "eu-west-2b",
            "state": "available"
            "zoneName": "eu-west-2c",
            "state": "available"
    "relationalDatabaseAvailabilityZones": []


aws --region eu-west-2 lightsail get-bundles
    "bundles": [
           "price": 3.5,
           "cpuCount": 1,
           "diskSizeInGb": 20,
           "bundleId": "nano_2_0",
           "instanceType": "nano",
           "isActive": true,
           "name": "Nano",
           "power": 300,
           "ramSizeInGb": 0.5,
           "transferPerMonthInGb": 1024,
           "supportedPlatforms": [
           "price": 5.0,
           "cpuCount": 1,
           "diskSizeInGb": 40,
           "bundleId": "micro_2_0",
           "instanceType": "micro",
           "isActive": true,
           "name": "Micro",
           "power": 500,
           "ramSizeInGb": 1.0,
           "transferPerMonthInGb": 2048,
           "supportedPlatforms": [

So, the cheapest is...



aws --region eu-west-2 lightsail get-blueprints
"blueprintId": "ubuntu_20_04",

Then, you would use this blueprint-id in the command below to create your server with this type and operating system.


Create an Ubuntu 20.04 Server in London using the cheapest tariff of $3.50...

aws --region eu-west-2 lightsail create-instances --instance-names "lightsail-ubuntu-1" --availability-zone "eu-west-2a" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --key-pair-name <value> --ip-address-type ipv4

When launching your instance, you can pass the user-data containing your initial configuration (eg. hostname) as follows:

aws lightsail --region eu-west-2 create-instances --instance-names <value> --availability-zone <value> --blueprint-id <value> --bundle-id <value> --key-pair-name <value> --ip-address-type ipv4 --user-data file:///full/path/to/myconfig

The content of myconfig file should be:

hostname: test-vm


User Data and Commands On Launch

Create a Static IP Address

aws lightsail allocate-static-ip --static-ip-name StaticIp-1

Assign Static IP Address to Instance

aws lightsail attach-static-ip --static-ip-name StaticIp-1 --instance-name Lightsail-1

Create From Snapshot



aws --profile <value> --region eu-west-2 lightsail get-instances
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}'
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}' | jq
aws --profile <value> --region eu-west-2 lightsail get-instances | jq '.instances[] | {Name: .name, PublicIPAddress: .publicIpAddress}'


aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1

@hourly cron script to check a web site and Lightsail instance is running correctly, then reboot the Lightsail if not...

wget_output=$(wget -q "https://www.domain.co.uk")
if [ $? -ne 0 ]
  then echo "Not there" && /usr/local/bin/aws lightsail --region eu-west-2 reboot-instance --instance-name Ubuntu-1
  else echo "OK"


aws lightsail --region eu-west-2 stop-instance --instance-name Ubuntu-1


aws lightsail --region eu-west-2 start-instance --instance-name Ubuntu-1
aws --profile myprofile --region eu-west-2 lightsail start-instance --instance-name "`aws --profile myprofile --region eu-west-2 lightsail get-instances --query 'instances[*].name' --output text`"


aws lightsail --region eu-west-2 get-instance --instance-name Ubuntu-1


aws lightsail --region eu-west-2 create-instance-snapshot --instance-snapshot-name Ubuntu-1-2020111001 --instance-name Ubuntu-1


Create the cheapest Linux Ubuntu 20.04 Server Lightsail in London ...

# create instance
aws --profile <value> --region eu-west-2 lightsail create-instances --instance-names "myname-lightsail-1" --availability-zone "eu-west-2a" --blueprint-id "ubuntu_20_04" --bundle-id "nano_2_0" --ip-address-type ipv4

# create static ip address
aws --profile <value> --region eu-west-2 lightsail allocate-static-ip --static-ip-name "myname-staticip-1"

# assign static ip address
aws --profile <value> --region eu-west-2 lightsail attach-static-ip --static-ip-name "myname-staticip-1" --instance-name "myname-lightsail-1"

# list instances
aws --profile <value> --region eu-west-2 lightsail get-instances --query 'instances[*].{Name:name,PublicIPAddress:publicIpAddress}'

... and then you can use Ansible to update the server, reboot and install any necessary software :-)

CLI Query Examples




Additional Disk Storage

Create and attach additional block storage disks to your Linux-based Lightsail instances

Prices per month...

 8GB = £0.80
16GB = £1.60
32GB = £3.20
64GB = £6.40


Deploying a WordPress VM with AWS Lightsail





Bitnami WordPress Documentation

On every LightSail WordPress install, there is a bitnami section, which is normally shown by the icon in the bottom right-hand corner of the page.

HOWTO: Hide The Icon and Bitnami Info Page

By default, all Bitnami WordPress installs have an icon in the bottom right-hand corner or every web page that links to the completely insecure Bitnami info page... why oh why is beyond me.

To remove it, and help secure your web site, edit the Apache configuration page and comment out the 'banner' line, then restart Apache...

sudo nano /opt/bitnami/apache2/conf/httpd.conf
#Include "/opt/bitnami/apps/bitnami/banner/conf/banner.conf"
sudo /opt/bitnami/ctlscript.sh restart apache


sudo /opt/bitnami/apps/wordpress/bnconfig --disable_banner 1
sudo /opt/bitnami/ctlscript.sh restart apache


sudo touch /opt/bitnami/apps/bitnami/banner/disable-banner

You will want to hide this icon, but then it's lost, so you add this to the end of the URL.


HOWTO: Multiple Sites

Enable the loading of the extra Virtual Hosts configuration file...

sudo nano /opt/bitnami/apache2/conf/httpd.conf

  # Virtual hosts
  Include conf/extra/httpd-vhosts.conf

Edit the Virtual Hosts configuration file...

sudo nano /opt/bitnami/apache2/conf/extra/httpd-vhosts.conf

 <VirtualHost *:80>
   ServerAdmin webmaster@dummy-host.example.com
   DocumentRoot "/opt/bitnami/apache2/docs/dummy-host.example.com"
   ServerName dummy-host.example.com
   ServerAlias www.dummy-host.example.com
   ErrorLog "logs/dummy-host.example.com-error_log"
   CustomLog "logs/dummy-host.example.com-access_log" common
 <VirtualHost *:80>
   ServerAdmin webmaster@dummy-host2.example.com
   DocumentRoot "/opt/bitnami/apache2/docs/dummy-host2.example.com"
   ServerName dummy-host2.example.com
   ServerAlias www.dummy-host2.example.com
   ErrorLog "logs/dummy-host2.example.com-error_log"
   CustomLog "logs/dummy-host2.example.com-access_log" common

