I want to use Amazon Lightsail to set up my website environment or application, and I want to know what options are available.
Resolution
There are some limitations when you use Lightsail to launch your project. Review the following limitations, and choose the appropriate AWS service for your use case.
For a summary of the differences between Lightsail and Amazon Elastic Compute Cloud (Amazon EC2), see What are the differences between Amazon EC2 and Lightsail? If you already launched a Lightsail instance, you can export it to Amazon EC2.
Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshoot AWS CLI errors. Also, make sure that you're using the most recent AWS CLI version.
Lightsail instances
Disk space and upgrades
To increase the size of the disk space, you must perform a bundle upgrade. An upgrade also increases other parameters, such as RAM, CPU, and bandwidth. To upgrade the instance, take a snapshot of the instance. Then, use the snapshot to launch a new instance with the bigger bundle. The biggest instance plan in Lightsail provides 32 GB RAM, 8 vCPUs, and 640 GB of disk space. For additional disk space, attach secondary disks to the instance.
To increase the size of the Amazon Elastic Block Store (Amazon EBS) volume without an instance, use Amazon EC2. You can also use Amazon EC2 to upgrade an instance without a snapshot and or a new instance.
IP addresses
You can attach only one IP address to a Lightsail instance. To attach multiple IP addresses to a single instance, use an Amazon EC2 instance.
Instances
Resources in Lightsail are in a public subnet. You can't make a Lightsail instance private. However, you can use Lightsail firewalls to restrict access to the instance.
You can't replace the root disk of an instance in Lightsail. Instead, use the AWS CLI to create a disk snapshot of the root disk. Then, create a disk from the snapshot, and attach it to another Lightsail instance. You can't attach the disk to the original instance as a root disk.
The following instance features are available only in Amazon EC2:
Firewall options
You can add up to 60 firewall rules for a Lightsail instance. Each source IP address is considered a different rule. IPv6 rules count towards this quota. The maximum number of source IP addresses that you can add in a rule through the Lightsail console is 30. To add more, run the open-instance-public-ports AWS CLI command.
You can use the Lightsail console to copy the rules from one security group to another. However, you can't use the Lightsail console to copy a rule from one firewall to another. Instead, use the AWS CLI to copy rules in Lightsail. You can allow port access to a set of IP addresses in a Lightsail firewall. However, you can't explicitly deny a set of IP addresses in Lightsail. In Amazon EC2, you can use network access control lists (network ACLs) to deny specific IP addresses.
Lightsail load balancer
Health check settings
If you use a Lightsail load balancer, you can modify the HealthCheckPath settings. Use Application Load Balancer health check settings for more customization options.
Target port
By default, target Lightsail instances are registered on port 80. You can't use the Lightsail console to modify the port. Instead, use the create-load-balancer AWS CLI command to define a different port when you create the load balancer.
Application Load Balancers
For the following options, use an Application Load Balancer instead of a Lightsail load balancer:
- Choose a security policy or turn off TLS versions that aren't needed for your load balancer.
- Attach up to 25 certificate authority (CA) certificates at the same time. You can attach only one certificate at a time to a Lighsail load balancer, and you must request separate certificates for each load balancer that you create.
- Use AWS firewall services, such as AWS WAF and AWS Shield.
- Listener rules that define how your load balancer routes traffic to target instances.
- Access logs that capture detailed information about requests that are sent to your load balancer.
To use an Application Load Balancer instead of a Lightsail load balancer, see How can I associate an Application Load Balancer with my Lightsail instance?
Lightsail DNS
You can have a maximum of six DNS zones in Lightsail. For more than six DNS zones, use Amazon Route 53 hosted zones.
For the following options, use Route 53 instead of a Lightsail DNS:
To use Route 53 instead of a Lightsail DNS, see Point a domain to your Lightsail instance using Amazon Route 53.
Lightsail SSL/TLS certificates
You can have up to 20 SSL/TLS certificates per AWS Region, including expired certificates. To have up to 2500 certificates, use AWS Certificate Manager (ACM).
You can't add a wildcard domain, *.example.com, in your Lightsail SSL/TLS certificate. You must define each subdomain separately in your certificate. To use wildcard domains, use ACM.
Lightsail SSL/TLS supports only DNS validation for certificates. It's a best practice to use ACM certificates in Lightsail instead of Lightsail SSL/TLS certificates. Use an Application Load Balancer or Amazon CloudFront distribution instead of a Lightsail load balancer or Lightsail distribution.