Updated 28-Jun-2024
Amazon Lightsail is a VPS services offered by Amazon that competes with the likes of Rackspace, DigitalOcean, Linode, etc.
Note: As of mid 2018 AWS effectively halved its prices on Lightsail. This means there is a $3.50 USD/mo. option and the $40 option listed below (4gb ram/2 cpu/60gb ssd/4tb xfer) is actually only $20 now.
Compared head-to-head the Lightsail option is a middle-of-the-road offering. However, compared with AWS and including the highly optimized nature of running Amazon Linux AMI (and not overselling with bullshit numbers like some providers), Amazon Lightsail is an extremely attractive VPS.
S3 snapshot backups and other aspects of high reliability make this a go-to package for the VPS market.
Lightsail Specifications
See the Amazon Lightsail FAQs
- Up to 3 DNS zones
- Up to 5 ip addresses (elastic IPs)
- Available in about half of AWS zones
The various sizes of Lightsail are (as of July 2017):
- $5/mo. - 512mb ram, 1 core, 20gb ssd, 1tb transfer
- $10/mo. - 1gb ram, 1 core, 30gb ssd, 2tb transfer
- $20/mo. - 2gb ram, 1 core, 40gb ssd, 3tb transfer
- $40/mo. - 4gb ram, 2 core, 60gb ssd, 4tb transfer
- $80/mo. - 8gb ram, 2 core, 80gb ssd, 5tb transfer
Note that transfer allowances are half of the above, for Mumbai and Sydney currently.
Lightsail vs. EC2 Pricing
The real genius in Lightsail is the pricing. Compared with a 1 year reserved T2.Nano instance, a $5 Lightsail would be as follows:
- T2.Nano reserved $3.36/mo
- 1gb data xfer, subsequent at $0.09/gb/mo. (1tb = $89.91)
- 1 elastic ip vs. 5 elastic ips (instances can only use 1 in ec2)
- $0.11gb/mo of provisioned ebs (disk) = $2.22/mo in value
- DNS = 3 zones included vs. $0.50/mo/zone for Route53
Total value of $8.13-$98.04 in value (depending mainly on data transfer).
However, if you had only a single zone, a single IP, 8gb of disk (smallest available), and under 1gb of data transfer, then the value is $4.74/mo., which is within 5% of the cost of a $5/mo. Lightsail.
That said, it is not clear how the vcpu works under Lightsail vs. EC2. However, since this is a single infrastructure, likely the performance is similar, and AWS is just going after a different segment of the market (one that is price-conscious).
Lightsail Docs and CLI
Lightsail has docs and a cli.
Lightsail Tasks
- Create zone(s)
- Create and download SSH Cert
- Log in from command prompt with
ssh -i /path/to/.ssh/key.pem [email protected]
- Operate under root rights with
sudo su
Lightsail Control Panel
Lightsail is not integrated into the rest of AWS, though it is possible to see some aspects of it (perhaps storage?) from the console. Definitely it is managed separately from EC2 and Route53.
This lack of integration is a bit of a pain, but likely it will go away (slowly and partially) over time (perhaps).
Securing Lightsail
Depending upon one's security requirements, it might be useful to create a new user and disable or remove rights to the ec2-user account.
The steps to create a user with the same rights as ec2-user are:
- create the account
useradd username
- set a password for the account
passwd username
- add the account to the sudo group
usermod -aG wheel username
- log in with the account
su - username
- create a .ssh directory
mkdir .ssh
- set security on the directory
chmod 700 .ssh
- log out of username
exit
- now back in root, copy the authorized_keys file to username
cp /home/ec2-user/.ssh/authorized_keys /home/username/.ssh/authorized_keys
Log all the way out of the system, and try and log in with the username, and same public key.
Once logged in invoke sudo su to ensure it has the correct rights. There should be an error message.
The last step is to replace ec2-user with username in the file: /etc/sudoers.d/cloud-init
If this works, then you have a new account with the same priviledges as the ec2-user (and you have also removed ec2-user from the ability to become root) and can safely delete (or ignore) that account.
Lightsail Limitations
Lightsail has a few limitations, including no tools for transfer or resizing, though in late 2018 an ability to export snapshots to EC2 was added. In addition, Lightsail cannot port filter at the IP address, only at the port level. And for DNS management, CAA records are not supported (as opposed to Route 53 where they are).