Amazon Lightsail makes it easy for anyone, at any skill level, to create a VPS in AWS with little more than a few clicks.
On the surface, AWS may seem intimidating with over 175 service offerings with acronyms like EC2, EBS, and VPC – it’s enough to make even a seasoned professional steer away from as AWS isn’t necessarily known for its ease of entry.
So, today I want to share an Amazon service comparable to some of the more well known budget VPS providers out there like Digital Ocean, Vultr, and Linode.
Amazon Lightsail makes it easy for anyone, at any skill level, to create a VPS in AWS with little more than a few clicks.
So, if you’ve been wanting to take the plunge, but haven’t jumped in yet – I will walk you through the steps required to create your first VPS in AWS, the easy way, with Amazon Lightsail.
What is a VPS?
In terms of this tutorial, a Virtual Private Server (VPS) is a low-cost virtual server hosted by a third party provider such as AWS or Digital Ocean, using a shared hosting model.
Why Do You Need A VPS?
A VPS can be handy in a wide range of scenarios. You may want to build out that Proof of Concept you’ve been thinking about developing? Or, possibly, want to move your personal website off of a shared web server, and onto a system where you have more control. Perhaps you’re learning to program or building a website and need a development environment to test your code – the possibilities are endless.
What is Amazon Lightsail?
Amazon Lightsail addresses the complexity of setting up an EC2 instance in AWS by making virtual servers accessible to anyone with monthly pricing starting at less than a cup of coffee.
Let’s Get Started
If you don’t already have an account head on over to Amazon and Create an AWS Account.
Sign in to the AWS console and search for Lightsail.
Create a VPS by clicking on “Create Instance” button.
A wizard will guide you through the process. In this tutorial, we will select a “Linux/Unix” Platform with an “OS Only” blueprint and install Ubuntu 20.04 using the $5/month plan. Once you are satisfied with your selections click the “Create Instance” button at the bottom of the screen.
Log in to the terminal by clicking on the orange console button and wait for your terminal to open.
Congratulations, you’re now in the AWS ecosystem and have a VPS at your disposal.
Here Are A Few Ideas For Your New VPS
Learn Docker
Create a self-hosted Dropbox alternative with NextCloud
As an IT professional Rick has had the opportunity to work in Managed Services, School, Enterprise, and Non-Profit settings. Throughout this time he has gained valuable experience and insight to understand IT is not an end, but a means to achieve the goals necessary for a business to thrive and grow.
This tutorial is inspired by a question posted on the Rasberry Pi Stack Exchange site titled “Website behind Firewall: How to SSL through a Reverse SSH Tunnel?”.
A little background. The person posting the question is using a Raspberry Pi to host a website and has opened a reverse SSH tunnel from their Raspberry Pi to a VPS..for the sake of this tutorial, a Digital Ocean VPS. The original poster has pointed DNS for a custom domain to the Digital Ocean VPS and would like to know how to access the Pi’s website from said domain.
In this tutorial we will cover setting up a self hosted website using a Raspberry Pi and Docker. Obtaining and setting up a Digital Ocean VPS. Installing Caddy on our VPS to be used as a proxy server to route traffic to our custom domain back to the Raspberry Pi via an ssh reverse tunnel. An added benefit of using Caddy is that Caddy will obtain a free SSL certificate via Let’s encrypt for us.
So, if this is of interest to you continue reading…
What is a Raspberry Pi?
Raspberry Pi is an ultra affordable computer the size of a credit card and can be had for as little as $35 dollars for a 2GB model capable of running Raspberry Pi OS and Ubuntu. For this tutorial we will also be running Docker on the Raspberry Pi and use an Apache Docker container to host our website.
What is a Digital Ocean VPS?
Digital Ocean is a cloud provider offering services ranging from managed databases and storage to hosted Virtual Private Server (VPS) solutions. A VPS is a virtual computer hosted on managed infrastructure. You don’t have to worry about the underlying hardware, but have to manage the OS on the VPS.
What is SSH?
SSH is a secure shell typically used for server administration. It allows a remote system to access another system using public/private key pairs to secure the connection. In our use case we will be using the SSH session to create a reverse tunnel from our Raspberry Pi to a Digital Ocean VPS. You can SSH into another system with the following command.
ssh user@ip
Where “user” is the username with access credentials on the remote server and “ip” is the FQDN or IP address of the remote system.
What is a Reverse SSH Tunnel?
A reverse ssh tunnel is a tunnel in which the originating system maps a port on the remote system giving the remote system access to services on the originating system. Later in the tutorial we will create a reverse tunnel from the Raspberry Pi with the following command
ssh -R 8081:127.0.0.1:8080 user@ip
As you can see the SSH command is a bit different for a reverse tunnel. The -R flag is where the magic happens. We are telling our Digital Ocean VPS that any request made to port 8081 should be forwarded over the tunnel to port 8080 on the Raspberry Pi
What is Caddy?
Caddy is an open source web server that automatically takes care of SSL provisioning via Let’s Encrypt. In our use case we will be using Caddy as a Reverse Web Proxy for our self hosted site. This is the piece that will allow our VPS to serve pages from our Raspberry Pi which is being tunneled to our VPS via SSH. That was a bit long winded…but, hopefully it makes sense.
What is a Reverse Proxy?
A reverse proxy is a server that sits in front of an application server, in our case the Raspberry Pi, and will proxy requested made to our VPS via our custom domain name to the Raspberry Pi.
Proxies add a layer of security by limiting public access to the proxy server — allowing our application servers to be hosted in a more isolated network such as our home.
Self Hosting a Website on the Raspberry Pi
For demonstration purposes, and in case you don’t already have a self hosted website, let’s set one up quickly using Docker via the command below (hint…this will work on any server or desktop that has Docker installed…not just a Raspberry Pi).
docker run -dit -p 8080:80 httpd
With this command we are asking Docker to run the Apache httpd container and map it to port 8080 on the Raspberry Pi.
For the sake of brevity I will not go into setting up Docker. If you don’t already have Docker installed you can install Docker Desktop fairly quickly with the Get Started with Docker link found in the reference section below.
Now that we have a website up and running we can navigate to it via our browser. My Raspberry Pi has an address of 10.10.10.27 as depicted in the picture below.
As you can see, we are good to go. Let’s move on to creating our VPS…
Creating A Digital Ocean VPS
Sign in to Digital Ocean and create a droplet.
If you do not have an account please use this referral link as every person using this link gets $100 in credit which can be used over 60 days. If you end up spending $25 with Digital Ocean, I’ll get a $25 credit I can use towards creating some more exciting tutorials.
For this tutorial I will be creating an Ubuntu 20.04 server on the Basic $5/mo plan in the San Francisco region with password authentication.
Note: If you run your server less than a month you will only pay for what you use. This plan is charged at $0.007/hour.
Now let’s configure the VPS…
Setting Up Our VPS
Create a firewall rule allowing Port 22, 80, and 443 inbound to our VPS by clicking on “Networking” and then “Firewalls”.
Depending on your use case you may want to further limit each of the rules to only allow traffic from your IP address.
Now that the firewall rules have been taken care of let’s ssh into the VPS
ssh root@<ip address of Digital Ocean VPS>
Per good practice let’s update the server.
apt update && sudo apt upgrade -y
Install Caddy…the commands below have been taken directly from the Caddy website via the link in the Reference section below.
Create A Reverse SSH Tunnel from the Raspberry Pi to the VPS
Now that Caddy is installed we can create our reverse ssh tunnel via the command below.
ssh -R 8081:127.0.0.1:8080 root@<ip address of Digital Ocean VPS>
Let’s test to make sure the reverse ssh tunnel is working with the following curl command.
curl 127.0.0.1:8081
If all is working as expected the curl should return the following or something similar if you are using another source outside of this tutorial for your self hosted site.
<html><body><h1>It works!</h1></body></html>
Update DNS
This is another topic I will not go in to much detail for the sake of the tutorial. In short, create and “A” record for your custom domain to point to the public IP address of your VPS.
Creating the Reverse Proxy with Caddy
We can now see the fruits of our endeavor by starting the revers proxy. If all works as expected we will have a public facing site.
As always, thanks for reading the post. Please note this post contains affiliate links — While I wholeheartedly endorse the products I write about — If you use these links I may earn a commission…thanks again.
AWS Lambda and API Gateway play a crucial role in Amazon’s serverless compute offerings. In this tutorial we will create a Lambda PowerShell Function and associate it with Amazon’s API Gateway to demonstrate how these services work together to create a dynamic web page. In continuation of the last article I wrote How To Create An AWS Lambda PowerShell Function the Easy Way — Using Docker we will be utilizing the Docker container I created as it has all the dependencies required to publish PowerShell code to AWS Lambda.
What is PowerShell?
PowerShell is a cross-platform object oriented scripting language released in 2006 by Microsoft and is used for scripting and automating tasks. AWS began support for PowerShell in September of 2018.
What is AWS Lambda?
Lambda is a serverless compute offering from Amazon which allows us to run code without having to worry about the underlying infrastructure. It is highly scalable and cost effective.
What is API Gateway?
API Gateway is an Amazon service that manages custom APIs. In this tutorial we will use it as an SSL Endpoint for our dynamic web page.
Prerequisites
AWS Access Key Id and Secret Access Key
Access to Docker or Docker Desktop
Deploying the PowerShell Code To AWS Lambda
Open a shell and start the Docker container.
docker run -dit --name powershell-builder rickjacobo/lambda-powershell-project-builder
Enter the powershell-builder’s shell.
docker exec -it powershell-builder pwsh
Create a new project and follow the prompts to setup the environment.
./create-project.ps1
Follow the prompts to setup the project.
Enter Project Name: powershell-lambda-apigateway-dynamic-web-page Enter AWS Region: us-east-1 Enter Desired Memory Allocation ie, 198: 1024 AWS Access Key ID [None]: xxxxxxx AWS Secret Access Key [None]: xxxxxxxx Default region name [None]:us-east-1 Default output format [None]:json
You will then be redirected to the project directory. Launch the edit script and add your code to the project.
If you followed along to this point you should be editing your script with vim. If you need some help with VIM check out the resource section below for a link to the VIM Cheat Sheet.
Paste the following code into the PowerShell script and save the file.
When prompted to enter an IAM role for the Lambda function select 1 to create a new IAM role.
1) *** Create new IAM Role *** 1 Enter name of the new IAM Role: powershell-lambda-apigateway-dynamic-web-page
When prompted to select and IAM policy select 1
Select IAM Policy to attach to the new role and grant permissions 1) AWSLambdaFullAccess (Provides full access to Lambda, S3, DynamoDB, CloudWatch Metrics and ...) 1
Setting up API Gateway
We can now configure API Gateway — Begin by searching for API Gateway in the console and selecting API Gateway.
Select “APIs” from the top left menu section, navigate to REST API, and click on “Build”
Enter the details as pictured below and click on the Create API button (not pictured).
Click on the “Actions” drop down button and select “Create a Method”
Click on the “Actions” drop down button again and select “Create Method”. Create a GET method.
You will be directed to the “Setup” section in order to finish configuring the “GET” method. Setup the GET method with Lambda Proxy integration and select the Lambda function we created earlier.
Click on “GET” and then click on the “Method Request” header.
Expand “URL Query String Parameters” and enter “name”.
Note: the name parameter will be used by the PowerShell script $Name variable as seen in the snippet of code we entered earlier.
If everything goes as expected our web page should return “Hello, World!”. Feel free to change the “name” parameter to something else and hit enter to see what happens.
I’ve been working with PowerShell since its beginning and haven’t looked back since. Last year, while working on an serverless project for work, I decided to try Lambda on my own and deploy some PowerShell code to AWS to see how it works.
Fast forward to now…I started working more with AWS on my own while studying for some certs. I jumped back into Lambda and was reminded of how tedious it was to setup my environment for publishing my PowerShell code to AWS. Unfortunately, I didn’t take any notes last time and wanted to ensure I next time around I could just focus on the code. That is where Docker comes in to save the day and our story begins — I created a Docker container with all the dependencies required to publish your PowerShell code to AWS in as little as 5 minutes with a few scripts included to help streamline the process.
So, jump on in and give it a try.
See It In Action
Assumptions
You have an AWS Account and access to you “Access Key Id” and “Secret Access key”
You have access to Docker or Docker Desktop
You have some Docker know how
If you are lacking in either of these areas head on over to the Docker website and learn how to Get Started!
So, How Easy Is It To Publish My Code?
Really easy, check out the steps below…
Start the container
docker run -dit — name powershell-builder rickjacobo/lambda-powershell-project-builder
Access the container shell
docker exec -it powershell-builder pwsh
Create a project
./create-project.ps1
The create-project script will ask a few questions during setup to assist with
Setting up the PowerShell Lambda Project
Creating a script to edit your PowerShell code
Creating a script to publish your PowerShell
Adding your AWS credentials via the ‘aws configure’ cli
Add code to your project
./edit-<projectname>.ps1
This is the same as running
vi /<projectname>/<projectname>.ps1
If you don’t have any code readily available feel free to append the code below to <projectname>.ps1.
That’s it — the container abstracts a lot of the complexity of getting started. Hopefully, you’ll give it a try.
Project Notes
The lambda-powershell-project-builder container has all the dependencies required to get started quickly with PowerShell on AWS Lambda
The create-project.ps1 script runs the Publish-AWSPowerShellLambda command with the values collected during the script execution and creates the edit and publish scripts on the fly based on your answers. Finally, it launches the ‘aws configure’ cli command for so you can enter your aws “Access Key Id” and “Secret Access key” which is required for publishing your Lambda application.
The publish-<project>.ps1 script run the Publish-AWSPowerShellLambda script with some sensible defaults
WireGuard is a relatively new VPN implementation that was added to the Linux 5.6 kernel in 2020 and is faster and simpler than other…
Continue reading on Tangram Visions »
With AWS Lambda, you upload your code and run it without thinking about servers. Many customers enjoy the way this works, but if you’ve invested in container tooling for your development workflows, it’s not easy to use the same approach to build applications using Lambda. To help you with that, you can now package and […] Read More…
Amazon Web Services (AWS)’s solution to the relational database is called Amazon Relational Database (RDS). RDS is an AWS service that enables you to manage relational databases in the cloud. RDS provides various kinds of databases, but the one you’re going to learn how to deploy today is MSSQL. Read More…