Uly.me

cloud engineer

Home/Archives for lightsail

AWS LightSail Restrict IP Address

AWS LightSail now has the ability to restrict IP addresses in their firewall rules. LightSail instances can now be secured by limiting firewall rules from an IP CIDR block or a single IP address. For example, you can restrict who can SSH into your instance by limiting it to just your IP address, so only you can SSH into your machine. Another feature AWS added in their LightSail firewall is support for ping, which could be helpful for monitoring and checks.

LightSail Upstream Error 515

If you use LightSail, AWS provides an easy way for you to connect to LightSail instances via Web SSH. I normally use a terminal (ssh client) to connect to LightSail instances, but using Web SSH is very convenient. If you try to do an OS upgrade, for example from Ubuntu 18.04 LTS to Ubuntu 20.04 LTS, you will break Web SSH. AWS has added a special Web SSH configuration on LightSail base images. The error you’ll get is “Upstream Error 515.” The only way to fix this is to get AWS Support to help you apply the fix. It’s not a make or break it deal, but it can be a nuisance if you prefer to use AWS Web SSH instead of a terminal. If you need a more secure SSH connection, consider uploading your ssh-key to the server, and disable password login.

AWS LightSail Delete Snapshots

Here’s my script to delete AWS LightSail snapshots. It can delete daily or weekly backups and scheduled via crontab. If you want longer or shorter retention, adjust the expired value. It’s in seconds. 604800 is 1 week. 2592000 is 1 month.

#!/bin/bash
 
current=$(date +%s)
 
if [ $# -eq 0 ]; then
  exit 1
fi
 
if [[ $1 = 'daily' ]]; then
  prefix='daily'
  expired=$(($current-604800))
elif [[ $1 = 'weekly' ]]; then
  prefix='weekly'
  expired=$(($current-2592000))
else
  exit 1
fi
 
snaps='/root/snapshots/snapshots.json'
names='/root/snapshots/names.txt'
parse='/root/snapshots/parse.txt'
logfile='/root/snapshots/snapshots.log'
 
/usr/local/bin/aws lightsail get-instance-snapshots > $snaps
cat $snaps | jq -r '.instanceSnapshots[] | .name' > $names
cat $names | grep $prefix > $parse
 
while read -r line; do
 
  snapshot=$(echo $line | cut -d_ -f3)
  snapshotname=$line
 
  if [ `expr $snapshot + 1 2> /dev/null` ] ; then
 
    if [ $snapshot -le $expired ]; then
      echo 'Deleted: '$snapshotname >> $logfile
      /usr/local/bin/aws lightsail delete-instance-snapshot \
      --instance-snapshot-name $snapshotname
    else
      echo 'Nothing: '$snapshotname >> $logfile
    fi
 
  else
    echo $snapshot is not numeric > /dev/null
  fi
 
done < $parse
 
echo 'Current time: '$current >> $logfile
echo 'Expired time: '$expired >> $logfile
echo '-----------------------------------' >> $logfile

Schedule deletes via crontab.

# run daily at 5am
0 5 * * * /bin/bash /root/snapshots/delete-snapshot.sh daily 2>&1
# run weekly every sunday at 6am
0 6 * * 0 /bin/bash /root/snapshots/delete-snapshot.sh weekly 2>&1