What should I consider before choosing Amazon Lightsail over Amazon EC2?
I want to set up my website environment using Amazon Lightsail. What factors should I consider before choosing Lightsail over other AWS Services, such as Amazon Elastic Compute Cloud (Amazon EC2), Elastic Load Balancing (ELB), and so on?
Lightsail provides an easy, lightweight way for you to build your website quickly. Lightsail provides pre-configured applications such as WordPress, Magento, MEAN, Prestashop, and so on. Lightsail is a good place to start your website in AWS and further familiarize yourself with the services that AWS offers. It's important to know what features Lightsail does and doesn't offer compared with other AWS services.
For a summary of the differences between a Lightsail instance and an EC2 instance, see What are the differences between Amazon EC2 and Lightsail?
Before choosing Lightsail over Amazon EC2, consider the following:
1. Modifying the disk space quota: In Lightsail, It's not possible to increase the size of the disk without upgrading the instance bundle. Upgrading the bundle increases other parameters, such as RAM, CPU, bandwidth, and so on along with the disk space. In Amazon EC2, it's possible to increase the size of the Amazon Elastic Block Store (Amazon EBS) volume without upgrading the instance.
2. Upgrading the instance: In Lightsail, it's not possible to upgrade the instance directly. You must take a snapshot of the instance and then launch a new instance with the bigger bundle using that snapshot. In Amazon EC2, you can easily upgrade an instance without taking a snapshot and launching a new instance.
3. Limited resources for an instance: The biggest Instance plan in Lightsail provides 32 GB RAM, 8 vCPUs, and 640 GB disk space. If you need additional disk space, you must attach secondary disks to the instance.
4. Attaching multiple IP addresses: You can attach only one IP address to a Lightsail instance. You can attach multiple IP addresses to a single EC2 instance.
5. Instance console output: This is a tool in Amazon EC2 that helps you troubleshoot unresponsive instances by yourself. This tool isn't available in Lightsail.
6. Private instances: Resources in Lightsail are in a public subnet. You can't make a Lightsail instance private, although you can restrict access to the instance using Lightsail firewalls.
7. Instance launch script: You can use an instance launch script to execute a script when you launch the Lightsail instance. In Amazon EC2, you can add the script after launching the instance so that the script executes when the instance stops and starts. In Lightsail, you can't add a script after launching the instance. The workaround is to take a snapshot of the Lightsail instance and then launch a new instance from that snapshot. You can add the launch script while launching the new instance from the snapshot.
8. Replacing the root disk: In Lightsail, it's not possible to replace the root disk of an instance. Using the AWS Command Line Interface (AWS CLI), you can create a disk snapshot of the root disk, create a disk from that snapshot, and then attach it to another Lightsail instance. However, you can't attach this disk to the original instance as root disk.
9. Instance termination protection: EC2 instances provide a feature to enable termination protection. Termination protection prevents your instance from being accidentally terminated. This feature is not available in Lightsail.
10. Instance purchasing options: Amazon EC2 provides different instance purchasing options, such as On Demand, Spot Instances, Reserved Instances, capacity reservations, and so on. Lightsail's only purchasing option is to launch a Lightsail bundle on demand.
11. Auto Scaling group: In Amazon EC2, you have the option to set up Amazon EC2 Auto Scaling to make sure that you have the optimal number of EC2 instances to handle your workload. Lightsail doesn't support Auto Scaling.
12. Instance hibernate: EC2 instances support hibernation. You can use hibernation instead of stopping the instance. Hibernation saves the contents from RAM to the EBS volume. Lightsail doesn't support hibernation.
13. Number of Lightsail firewall rules: You can add up to 60 firewall rules for a Lightsail instance. Each source IP address is considered a different rule. IPv6 rules are counted towards this quota of 60. The maximum number of source IP addresses that can be added in a rule using the Lightsail console is 30. To add more, you can use the AWS CLI.
14. Copying Lightsail firewall rules: In security groups, you can use the console to copy the rules from one security group to another. However, the Lightsail console doesn't support copying rules from one firewall to another. You can use the AWS CLI to copying rules in Lightsail.
15. Denying IP addresses in a Lightsail firewall: In a Lightsail firewall, you can allow port access to a set of IP addresses. However, you can't explicitly deny a set of IP addresses in Lightsail. In Amazon EC2, you can use network ACLs to deny particular IP addresses.
Common solution - Use EC2 instances instead of Lightsail instances. If you already have a Lightsail instance launched, you can export it to EC2. Exporting a cPanel Lightsail instance to EC2 isn't supported.
Lightsail load balancer
1. Health check settings: In Application Load Balancer health check settings, you have various customization options available, such as HealthCheckPort, HealthCheckProtocol, Matcher, and so on. In Lightsail load balancer, you can modify only the HealthCheckPath settings.
2. Security Policies: In Application Load Balancer, you can choose a security policy from the available options. Using this option, you can disable the TLS versions that aren't needed for your Load Balancer. The Lightsail load balancer doesn't provide this feature.
3. Listener rules: You can use listener rules to define how your load balancer routes traffic to target instances. One of the common use cases of this option is to add HTTP to HTTPS redirection. Listener rules are available in Application Load Balancer but aren't supported in Lightsail load balancer.
5. TLS certificates: In Application Load Balancer, you can attach a total of 26 ACM SSL certificates. In Lightsail load balancer, you can attach one at a time. Also, you must request separate certificates for each load balancer that you create.
6. Target port: In Lightsail load balancer, target instances are registered on port 80 by default. You can't modify this using the Lightsail console. However, you can use the AWS CLI to define a different port when creating the load balancer.
7. Access Logs: Application Load Balancer provides access logs that capture detailed information about requests sent to your load balancer. Lightsail load balancer doesn't support logging.
Common solution: Use an Application Load Balancer instead of a Lightsail load balancer for your Lightsail instance. For more details, see How can I associate an Application Load Balancer with my Lightsail instance?
2. Routing policies: Unlike Route 53, routing policies aren't supported in Lightsail.
4. Health checks: Route 53 supports health checks. Health checks can be used to monitor the health and performance of your web applications, web servers, and other resources. Lightsail DNS doesn't support health checks.
5. Private DNS zone: You can use private DNS zones to make a domain or sub domain resolve to the records of your choice within the VPC. Lightsail DNS doesn't support private DNS zones.
6. Importing a zone file: In Route 53, you can import DNS zone file to create records in a hosted zone. This is helpful when you want to migrate DNS records from a third-party DNS provider to AWS. Importing zone files isn't supported in Lightsail DNS.
Common solution: Use Route 53 instead of Lightsail DNS for your Lightsail resources. For more information, see Map your domain at Route 53 to your Lightsail resources.
Lightsail SSL/TLS certificates
1. Number of certificates: In Lightsail, you can have up to 20 SSL/TLS certificates per Region (including expired certificates). Amazon Certificate Manager (ACM) offers a quota of 2500 certificates.
2. Wildcard domains: It isn't possible to add a wildcard domain (for example, *.example.com) in your Lightsail SSL/TLS certificate. You have to define each subdomain separately in your certificate. ACM supports wildcard domains.
3. Importing certificates: In ACM, you can import a third-party SSL certificate and then attach it with resources such as Application Load Balancer, Amazon CloudFront distribution and so on. It's not possible to import third-party certificates to Lightsail SSL/TLS.
Common solution: Use ACM certificates in Lightsail instead of Lightsail SSL/TLS certificates. This means you have to use Application Load Balancer or Amazon CloudFront instead of Lightsail load balancer or Lightsail distribution.