Amazon Lightsail

Amazon Lightsail is a VPS services offered by Amazon that competes with the likes of Rackspace, DigitalOcean, Linode, etc.

Compared head-to-head the Lightsail option is a middle-of-the-road offering. However, compared with AWS and including the highly optimized nature of running Amazon Linux AMI (and not overselling with bullshit numbers like some providers), Amazon Lightsail is an extremely attractive VPS.

S3 snapshot backups and other aspects of high reliability make this a go-to package for the VPS market.

Lightsail Specifications

See the Amazon Lightsail FAQs

The various sizes of Lightsail are (as of July 2017):

  • $5/mo. - 512mb ram, 1 core, 20gb ssd, 1tb transfer
  • $10/mo. - 1gb ram, 1 core, 30gb ssd, 2tb transfer
  • $20/mo. - 2gb ram, 1 core, 40gb ssd, 3tb transfer
  • $40/mo. - 4gb ram, 2 core, 60gb ssd, 4tb transfer
  • $80/mo. - 8gb ram, 2 core, 80gb ssd, 5tb transfer

Note that transfer allowances are half of the above, for Mumbai and Sydney currently.

Lightsail vs. EC2 Pricing

The real genius in Lightsail is the pricing. Compared with a 1 year reserved T2.Nano instance, a $5 Lightsail would be as follows:

Total value of $8.13-$98.04 in value (depending mainly on data transfer).

However, if you had only a single zone, a single IP, 8gb of disk (smallest available), and under 1gb of data transfer, then the value is $4.74/mo., which is within 5% of the cost of a $5/mo. Lightsail.

That said, it is not clear how the vcpu works under Lightsail vs. EC2. However, since this is a single infrastructure, likely the performance is similar, and AWS is just going after a different segment of the market (one that is price-conscious).

Lightsail Docs and CLI

Lightsail has docs and a cli.

Lightsail Tasks

  • Create zone(s)
  • Create and download SSH Cert
  • Log in from command prompt with
    • ssh -i /path/to/.ssh/key.pem ec2-user@server.domain.tld
  • Operate under root rights with sudo su

Lightsail Control Panel

Lightsail is not integrated into the rest of AWS, though it is possible to see some aspects of it (perhaps storage?) from the console. Definitely it is managed separately from EC2 and Route53.

This lack of integration is a bit of a pain, but likely it will go away over time (perhaps).

Securing Lightsail

Depending upon one's security requirements, it might be useful to create a new user and disable or remove rights to the ec2-user account.

The steps to create a user with the same rights as ec2-user are:

  • create the account useradd username
  • set a password for the account passwd username
  • add the account to the sudo group usermod -aG wheel username
  • log in with the account su - username
  • create a .ssh directory mkdir .ssh
  • set security on the directory chmod 700 .ssh
  • log out of username exit
  • now back in root, copy the authorized_keys file to username

cp /home/ec2-user/.ssh/authorized_keys /home/username/.ssh/authorized_keys

Log all the way out of the system, and try and log in with the username, and same public key.

Once logged in invoke sudo su to ensure it has the correct rights. There should be an error message.

The last step is to replace ec2-user with username in the file: /etc/sudoers.d/cloud-init

If this works, then you have a new account with the same priviledges as the ec2-user (and you have also removed ec2-user from the ability to become root) and can safely delete (or ignore) that account.