Uly.me

cloud engineer

lightsail

AWS display Lightsail snapshots

by

How to display Lightsail snapshots.

#!/bin/bash
displaysnapshots () {
  echo '--------------------------------------------------------'
  aws lightsail get-instance-snapshots --query 'instanceSnapshots[].[name]' --output text | sort
  echo '--------------------------------------------------------'
}
displaysnapshots

Result.

daily_ulyme_1637812801
daily_ulyme_1637899201
daily_ulyme_1637985601
daily_ulyme_1638072001

Adding timestamp to the output.

  aws lightsail get-instance-snapshots --query 'instanceSnapshots[].[name,createdAt]' --output text | sort

Result.

daily_ulyme_1637812801	1637812806.853
daily_ulyme_1637899201	1637899208.285
daily_ulyme_1637985601	1637985606.184
daily_ulyme_1638072001	1638072006.579

Convert Unix timestamp to iso8601. Edit your ~/.aws/config file. Add this line.

cli_timestamp_format = iso8601

Result.

daily_ulyme_1637812801	2021-11-25T04:00:06.853000+00:00
daily_ulyme_1637899201	2021-11-26T04:00:08.285000+00:00
daily_ulyme_1637985601	2021-11-27T04:00:06.184000+00:00
daily_ulyme_1638072001	2021-11-28T04:00:06.579000+00:00

AWS LightSail Create Terraform

by

Here’s how to launch a LightSail instance using Terraform. Create a main.tf file.

terraform {
  required_providers {
    aws = {
      version = >= 3.22.0"
      source = "hashicorp/aws"
    }
  }
}
provider "aws" {
  profile = "default"
  region  = "us-east-1"
}
resource "aws_lightsail_instance" "yourinstance" {
  name              = "yourinstance"
  availability_zone = "us-east-1a"
  blueprint_id      = "amazon_linux_2"
  bundle_id         = "nano_2_0"
}

To launch, run the following Terraform commands.

terraform init
terraform apply

AWS LightSail Blueprints

by

Amazon Lightsail offers a variety of OS blueprints, starting from Amazon Linux 2, Ubuntu 20, Windows Server 2019 to Debian 10 to name just a few. Blueprints are a curated selection of operating systems and software that are preinstalled for the creation of instances. For brevity, only a subset of blueprints are displayed below. The description and licenseUrl portions are truncated. To display an entire list of LightSail blueprints, run this command.

aws lightsail get-blueprints --region us-east-1

Output:

{
  "blueprints": [
        {
            "blueprintId": "ubuntu_20_04",
            "name": "Ubuntu",
            "group": "ubuntu_20",
            "type": "os",
            "description": "Ubuntu 20.04 LTS - Focal. Lean, fast and powerful, Ubuntu Server delivers services reliably ...",
            "isActive": true,
            "minPower": 0,
            "version": "20.04 LTS",
            "versionCode": "1",
            "productUrl": "https://aws.amazon.com/marketplace/pp/B087QQNGF1",
            "licenseUrl": "https://d7umqicpi7263.cloudfront.net/eula/product/aced0818- ... .txt",
            "platform": "LINUX_UNIX"
        },
        {
            "blueprintId": "wordpress",
            "name": "WordPress",
            "group": "wordpress",
            "type": "app",
            "description": "Bitnami, the leaders in application packaging, and Automattic, the experts behind WordPress .... ",
            "isActive": true,
            "minPower": 0,
            "version": "5.6.0",
            "versionCode": "1",
            "productUrl": "https://aws.amazon.com/marketplace/pp/B00NN8Y43U",
            "licenseUrl": "https://d7umqicpi7263.cloudfront.net/eula/product/7d426cb7- ... .txt",
            "platform": "LINUX_UNIX"
        }
}

In this example, I’m using the query option to display only the blueprints ids.

aws lightsail get-blueprints --query 'blueprints[*].[blueprintId]' --output text --region us-east-1

Output:

windows_server_2019
windows_server_2016
windows_server_2012
windows_server_2016_sql_2016_express
amazon_linux_2
amazon_linux
ubuntu_20_04
ubuntu_18_04
ubuntu_16_04_2
debian_10
debian_9_5
debian_8_7
freebsd_12
opensuse_15_1
centos_7_1901_01
wordpress
wordpress_multisite
lamp_7
nodejs
joomla
magento
mean
drupal
gitlab
redmine
nginx
ghost_bitnami
django_bitnami
plesk_ubuntu_18_0_28
cpanel_whm_linux

Reboot Instance Script

by

Here’s a new script to reboot a Lightsail instance based on input.

#!/bin/bash
echo 'Choose a server to reboot ...'
echo '1) server-one'
echo '2) server-two'
echo '3) server-three'
echo '4) server-four'
echo '5) sever-five'
echo 'q) Quit'
read -p 'Choose a server to reboot: ' server
case $server in 
	1)
		echo 'Rebooting server-one ...'
		aws lightsail reboot-instance --instance-name server-one
		echo 'Done'
		;;
	2)
	        echo 'Rebooting server-two ...'
		aws lightsail reboot-instance --instance-name server-two
		echo 'Done'
		;;
	3)
		echo 'Rebooting server-three ...'
		aws lightsail reboot-instance --instance-name server-three
		echo 'Done'
		;;
	4)
		echo 'Rebooting server-four ...'
		aws lightsail reboot-instance --instance-name server-four
		echo 'Done'
		;;
	5)
		echo 'Rebooting server-five ...'
		aws lightsail reboot-instance --instance-name server-five
		echo 'Done'
		;;
	q)
		echo 'Quit'
		;;
	*)
		echo 'Invalid option' $server
		;;
esac

Assuming awscli is working and correct permission is granted to user.

AWS CLI Using Query

by

Instead of using AWS and JQ to get the snapshot names, you can do it with a single command using –query.

Here are the previous commands.

/usr/bin/aws lightsail get-instance-snapshots --region us-east-1 --profile default > $snaps
cat $snaps | jq -r '.instanceSnapshots[] | .name' > $names

Using query.

aws lightsail get-instance-snapshots \
--query 'instanceSnapshots[*].[name]' \
--region us-east-1 \
--profile default \
--output text > $names

AWS LightSail Restrict IP Address

by

AWS LightSail now has the ability to restrict IP addresses in their firewall rules. LightSail instances can now be secured by limiting firewall rules from an IP CIDR block or a single IP address. For example, you can restrict who can SSH into your instance by limiting it to just your IP address, so only you can SSH into your machine. Another feature AWS added in their LightSail firewall is support for ping, which could be helpful for monitoring and checks.

LightSail Upstream Error 515

by

If you use LightSail, AWS provides an easy way for you to connect to LightSail instances via Web SSH. I normally use a terminal (ssh client) to connect to LightSail instances, but using Web SSH is very convenient. If you try to do an OS upgrade, for example from Ubuntu 18.04 LTS to Ubuntu 20.04 LTS, you will break Web SSH. AWS has added a special Web SSH configuration on LightSail base images. The error you’ll get is “Upstream Error 515.” The only way to fix this is to get AWS Support to help you apply the fix. It’s not a make or break it deal, but it can be a nuisance if you prefer to use AWS Web SSH instead of a terminal. If you need a more secure SSH connection, consider uploading your ssh-key to the server, and disable password login.

AWS LightSail Delete Snapshots

by

Here’s my script to delete AWS LightSail snapshots. It can delete daily or weekly backups and scheduled via crontab. If you want longer or shorter retention, adjust the expired value. It’s in seconds. 604800 is 1 week. 2592000 is 1 month.

#!/bin/bash
 
current=$(date +%s)
 
if [ $# -eq 0 ]; then
  exit 1
fi
 
if [[ $1 = 'daily' ]]; then
  prefix='daily'
  expired=$(($current-604800))
elif [[ $1 = 'weekly' ]]; then
  prefix='weekly'
  expired=$(($current-2592000))
else
  exit 1
fi
 
snaps='/root/snapshots/snapshots.json'
names='/root/snapshots/names.txt'
parse='/root/snapshots/parse.txt'
logfile='/root/snapshots/snapshots.log'
 
/usr/local/bin/aws lightsail get-instance-snapshots > $snaps
cat $snaps | jq -r '.instanceSnapshots[] | .name' > $names
cat $names | grep $prefix > $parse
 
while read -r line; do
 
  snapshot=$(echo $line | cut -d_ -f3)
  snapshotname=$line
 
  if [ `expr $snapshot + 1 2> /dev/null` ] ; then
 
    if [ $snapshot -le $expired ]; then
      echo 'Deleted: '$snapshotname >> $logfile
      /usr/local/bin/aws lightsail delete-instance-snapshot \
      --instance-snapshot-name $snapshotname
    else
      echo 'Nothing: '$snapshotname >> $logfile
    fi
 
  else
    echo $snapshot is not numeric > /dev/null
  fi
 
done < $parse
 
echo 'Current time: '$current >> $logfile
echo 'Expired time: '$expired >> $logfile
echo '-----------------------------------' >> $logfile

Schedule deletes via crontab.

# run daily at 5am
0 5 * * * /bin/bash /root/snapshots/delete-snapshot.sh daily 2>&1
# run weekly every sunday at 6am
0 6 * * 0 /bin/bash /root/snapshots/delete-snapshot.sh weekly 2>&1