cloud engineer
Here’s how to launch a LightSail instance using Terraform. Create a main.tf file.
terraform { required_providers { aws = { version = >= 3.22.0" source = "hashicorp/aws" } } } provider "aws" { profile = "default" region = "us-east-1" } resource "aws_lightsail_instance" "yourinstance" { name = "yourinstance" availability_zone = "us-east-1a" blueprint_id = "amazon_linux_2" bundle_id = "nano_2_0" } |
To launch, run the following Terraform commands.
terraform init terraform apply |
Amazon Lightsail offers a variety of OS blueprints, starting from Amazon Linux 2, Ubuntu 20, Windows Server 2019 to Debian 10 to name just a few. Blueprints are a curated selection of operating systems and software that are preinstalled for the creation of instances. For brevity, only a subset of blueprints are displayed below. The description and licenseUrl portions are truncated. To display an entire list of LightSail blueprints, run this command.
aws lightsail get-blueprints --region us-east-1 |
Output:
{ "blueprints": [ { "blueprintId": "ubuntu_20_04", "name": "Ubuntu", "group": "ubuntu_20", "type": "os", "description": "Ubuntu 20.04 LTS - Focal. Lean, fast and powerful, Ubuntu Server delivers services reliably ...", "isActive": true, "minPower": 0, "version": "20.04 LTS", "versionCode": "1", "productUrl": "https://aws.amazon.com/marketplace/pp/B087QQNGF1", "licenseUrl": "https://d7umqicpi7263.cloudfront.net/eula/product/aced0818- ... .txt", "platform": "LINUX_UNIX" }, { "blueprintId": "wordpress", "name": "WordPress", "group": "wordpress", "type": "app", "description": "Bitnami, the leaders in application packaging, and Automattic, the experts behind WordPress .... ", "isActive": true, "minPower": 0, "version": "5.6.0", "versionCode": "1", "productUrl": "https://aws.amazon.com/marketplace/pp/B00NN8Y43U", "licenseUrl": "https://d7umqicpi7263.cloudfront.net/eula/product/7d426cb7- ... .txt", "platform": "LINUX_UNIX" } } |
In this example, I’m using the query option to display only the blueprints ids.
aws lightsail get-blueprints --query 'blueprints[*].[blueprintId]' --output text --region us-east-1 |
Output:
windows_server_2019 windows_server_2016 windows_server_2012 windows_server_2016_sql_2016_express amazon_linux_2 amazon_linux ubuntu_20_04 ubuntu_18_04 ubuntu_16_04_2 debian_10 debian_9_5 debian_8_7 freebsd_12 opensuse_15_1 centos_7_1901_01 wordpress wordpress_multisite lamp_7 nodejs joomla magento mean drupal gitlab redmine nginx ghost_bitnami django_bitnami plesk_ubuntu_18_0_28 cpanel_whm_linux |
Here’s a new script to reboot a Lightsail instance based on input.
#!/bin/bash echo 'Choose a server to reboot ...' echo '1) server-one' echo '2) server-two' echo '3) server-three' echo '4) server-four' echo '5) sever-five' echo 'q) Quit' read -p 'Choose a server to reboot: ' server case $server in 1) echo 'Rebooting server-one ...' aws lightsail reboot-instance --instance-name server-one echo 'Done' ;; 2) echo 'Rebooting server-two ...' aws lightsail reboot-instance --instance-name server-two echo 'Done' ;; 3) echo 'Rebooting server-three ...' aws lightsail reboot-instance --instance-name server-three echo 'Done' ;; 4) echo 'Rebooting server-four ...' aws lightsail reboot-instance --instance-name server-four echo 'Done' ;; 5) echo 'Rebooting server-five ...' aws lightsail reboot-instance --instance-name server-five echo 'Done' ;; q) echo 'Quit' ;; *) echo 'Invalid option' $server ;; esac |
Assuming awscli is working and correct permission is granted to user.
Instead of using AWS and JQ to get the snapshot names, you can do it with a single command using –query.
Here are the previous commands.
/usr/bin/aws lightsail get-instance-snapshots --region us-east-1 --profile default > $snaps cat $snaps | jq -r '.instanceSnapshots[] | .name' > $names |
Using query.
aws lightsail get-instance-snapshots \ --query 'instanceSnapshots[*].[name]' \ --region us-east-1 \ --profile default \ --output text > $names |
AWS LightSail now has the ability to restrict IP addresses in their firewall rules. LightSail instances can now be secured by limiting firewall rules from an IP CIDR block or a single IP address. For example, you can restrict who can SSH into your instance by limiting it to just your IP address, so only you can SSH into your machine. Another feature AWS added in their LightSail firewall is support for ping, which could be helpful for monitoring and checks.
If you use LightSail, AWS provides an easy way for you to connect to LightSail instances via Web SSH. I normally use a terminal (ssh client) to connect to LightSail instances, but using Web SSH is very convenient. If you try to do an OS upgrade, for example from Ubuntu 18.04 LTS to Ubuntu 20.04 LTS, you will break Web SSH. AWS has added a special Web SSH configuration on LightSail base images. The error you’ll get is “Upstream Error 515.” The only way to fix this is to get AWS Support to help you apply the fix. It’s not a make or break it deal, but it can be a nuisance if you prefer to use AWS Web SSH instead of a terminal. If you need a more secure SSH connection, consider uploading your ssh-key to the server, and disable password login.
Here’s my script to delete AWS LightSail snapshots. It can delete daily or weekly backups and scheduled via crontab. If you want longer or shorter retention, adjust the expired value. It’s in seconds. 604800 is 1 week. 2592000 is 1 month.
#!/bin/bash current=$(date +%s) if [ $# -eq 0 ]; then exit 1 fi if [[ $1 = 'daily' ]]; then prefix='daily' expired=$(($current-604800)) elif [[ $1 = 'weekly' ]]; then prefix='weekly' expired=$(($current-2592000)) else exit 1 fi snaps='/root/snapshots/snapshots.json' names='/root/snapshots/names.txt' parse='/root/snapshots/parse.txt' logfile='/root/snapshots/snapshots.log' /usr/local/bin/aws lightsail get-instance-snapshots > $snaps cat $snaps | jq -r '.instanceSnapshots[] | .name' > $names cat $names | grep $prefix > $parse while read -r line; do snapshot=$(echo $line | cut -d_ -f3) snapshotname=$line if [ `expr $snapshot + 1 2> /dev/null` ] ; then if [ $snapshot -le $expired ]; then echo 'Deleted: '$snapshotname >> $logfile /usr/local/bin/aws lightsail delete-instance-snapshot \ --instance-snapshot-name $snapshotname else echo 'Nothing: '$snapshotname >> $logfile fi else echo $snapshot is not numeric > /dev/null fi done < $parse echo 'Current time: '$current >> $logfile echo 'Expired time: '$expired >> $logfile echo '-----------------------------------' >> $logfile |
Schedule deletes via crontab.
# run daily at 5am 0 5 * * * /bin/bash /root/snapshots/delete-snapshot.sh daily 2>&1 # run weekly every sunday at 6am 0 6 * * 0 /bin/bash /root/snapshots/delete-snapshot.sh weekly 2>&1 |
Here’s my script to create snapshots of a LightSail instance. Create daily or weekly snapshots.
#!/bin/bash if [ $1 != '' ]; then prefix=$1 timestamp=$(date +%s) snapshotname=$prefix'_web-server_'$timestamp /usr/local/bin/aws lightsail create-instance-snapshot \ --instance-snapshot-name $snapshotname \ --instance-name web-server else echo 'Need one argument. e.g. daily or weekly' fi |
Crontab. Job can be scheduled daily or weekly.
# run daily at 4am 0 4 * * * /bin/bash /root/snapshots/create-snapshot.sh daily 2>&1 # run weekly every sunday at 5am 0 5 * * 0 /bin/bash /root/snapshots/create-snapshot.sh weekly 2>&1 |
How to delete AWS LightSail instance via CLI.
aws lightsail delete-instance --instance-name your-server-name |
How to create a LightSail instance from a snapshot via AWS CLI.
aws lightsail create-instances-from-snapshot \ --instance-names your-server-name \ --availability-zone us-east-1a \ --instance-snapshot-name your-snapshot \ --bundle-id nano_1_0 \ --key-pair-name your-key-pair |