Deploy and manage containers on Amazon Lightsail - Amazon Lightsail

Deploy and manage containers on Amazon Lightsail

An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run, and manage containers. A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another.

You can think of your Lightsail container service as a computing environment that lets you run containers on AWS infrastructure by using images that you create on your local machine and push to your service, or images from an online repository, like Amazon ECR Public Gallery.

You can also run containers locally, on your local machine, by installing software such as Docker. Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2) are other resources within the AWS infrastructure on which you can run containers. For more information, see the Amazon ECS Developer Guide.

Contents

Containers

A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another. You could run a container on your development environment, deploy it to your pre-production environment, and then deploy it to your production environment. Your containers will run reliably regardless of whether your development environment is your local machine, your pre-production environment is a physical server in a data center, or your production environment is a virtual private server in the cloud.

A container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Container images become containers at runtime. By containerizing the application and its dependencies, you no longer have to worry about whether your software runs correctly on the operating system and infrastructure that you deploy it on – you can spend more time focusing on the code.

For more information about containers, and container images, see What is a Container? in the Docker documentation.

Lightsail container service elements

The following are the key elements of Lightsail container services that you should understand before getting started.

Lightsail container services

A container service is the Lightsail compute resource that you can create in any AWS Region in which Lightsail is available. You can create and delete container services at any time. For more information, see Create Lightsail container services and Delete Lightsail container services.

Lightsail container service diagram

Container service capacity (scale and power)

You must choose the following capacity parameters when you first create your container service:

  • Scale — The number of compute nodes that you want your container workload to run in. Your container workload is copied across the compute nodes of your service. You can specify up to 20 compute nodes for a container service. You pick the scale based on the number of nodes you want powering your service for better availability and higher capacity. Traffic to your containers will be load-balanced across all nodes.

  • Power — The memory and vCPUs of each node in your container service. The powers that you can choose are Nano (Na), Micro (Mi), Small (Sm), Medium (Md), Large (Lg), and Xlarge (Xl), each with a progressively greater amount of memory and vCPUs.

If you specify the scale of your container service as more than 1, then your container workload is copied across the multiple compute nodes of your service. For example, if the scale of your service is 3 and the power is Nano, then there are three copies of your container workload running on three compute resources each with 512 MB of RAM and 0.25 vCPUs. The incoming traffic is load-balanced between the three resources. The greater the capacity you specify for your container service, the more traffic it is able to handle.

You can dynamically increase the power and scale of your container service at any time without any down-time if you find that it's under-provisioned, or decrease it if you find that it's over-provisioned. Lightsail automatically manages the capacity change along with your current deployment. For more information, see Change the capacity of your container service.

Pricing

The monthly price of your container service is calculated by multiplying the price of its power with the number of its compute nodes (the scale of your service). For example, a service with a medium power, which has a price of $40 USD, and a scale of 3 compute nodes, will cost $120 USD per month. You are charged for your container service whether it's enabled or disabled, and whether it has a deployment or not. You must delete your container service to stop being charged for it.

Each container service, regardless of its configured capacity, includes a monthly data transfer quota of 500 GB. The data transfer quota does not change regardless of the power and scale that you choose for your service. Data transfer out to the internet in excess of the quota will result in an overage charge that varies by AWS Region and starts at $0.09 USD per GB. Data transfer in from the internet in excess of the quota does not incur an overage charge. For more information, see the Lightsail pricing page.

Deployments

You can create a deployment in your Lightsail container service. A deployment is a set of specifications for the container workload that you wish to launch on your service.

You can specify the following parameters for each container entry in a deployment:

  • The name of your container that will be launched

  • The source container image to use for your container

  • The command to run when launching your container

  • The environment variables to apply to your container

  • The network ports to open on your container

  • The container in the deployment to make publicly accessible through the default domain of the container service

    Note

    Only one container in a deployment can be made publicly accessible for each container service.

The following health check parameters will apply to the public endpoint of a deployment after it's launched:

  • The directory path on which to perform a health check.

  • Advanced health check settings, such as interval seconds, timeout seconds, success codes, healthy threshold, and unhealthy threshold.

Your container service can have one active deployment at a time, and a deployment can have up to 10 container entries. You can create a deployment at the same time as you create your container service, or you can create it after your service is up and running. For more information, see Create and manage container service deployments.

Deployment versions

Every deployment that you create in your container service is saved as a deployment version. If you modify the parameters of an existing deployment, the containers are re-deployed to your service and the modified deployment results in a new deployment version. The latest 50 deployment versions for each container service are saved. You can use any of the 50 deployment versions to create a new deployment in the same container service. For more information, see Create and manage container service deployments.

Container image sources

When you create a deployment, you must specify a source container image for each container entry in your deployment. Immediately after you create your deployment, your container service pulls the images from the sources you specify and uses them to create your containers.

The images that you specify can originate from the following sources:

Lightsail container services support Linux-based container images. Windows-based container images are currently not supported, but you can run Docker, the AWS Command Line Interface (AWS CLI), and the Lightsail Control (lightsailctl) plugin on Windows to build and push your Linux based images to your Lightsail container service.

Container service ARN

Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, and API calls.

To get the ARN for your container service, use the GetContainerServices Lightsail API action, and specify the name of the container service using the serviceName parameter. Your container service ARN will be listed in the results of that action as shown in the following example. For more information, see GetContainerServices in the Amazon Lightsail API Reference.

You'll see output similar to the following:

{ "containerServices": [ { "containerServiceName": "container-service-1", "arn": "arn:aws:lightsail: :111122223333:ContainerService/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "createdAt": "2024-01-01T00:00:00+00:00", "location": { "availabilityZone": "all", "regionName": "us-west-2" }, ..... }

Public endpoints and default domains

When you create a deployment, you can specify the container entry in the deployment that will serve as the public endpoint of your container service. The application on the public endpoint container is publicly accessible on the internet through a randomly generated default domain of your container service. The default domain is formatted as https://<ServiceName>.<RandomGUID>.<AWSRegion>.cs.amazonlightsail.com, in which <ServiceName> is the name of your container service, <RandomGUID> is a randomly generated globally unique identifier of your container service in the AWS Region for your Lightsail account, and <AWSRegion> is the AWS Region in which the container service was created. The public endpoint of Lightsail container services supports HTTPS only, and it does not support TCP or UDP traffic. Only one container can be the public endpoint for a service. So make sure that choose the container that is hosting the front-end of your application as the public endpoint while rest of the containers are internally accessible.

You can use the default domain of your container service, or you can use your own custom domain (your registered domain name). For more information about using custom domains with your container services, see Enable and manage custom domains for your container services.

Private domain

All container services also have a private domain that is formatted as <ServiceName>.service.local, in which <ServiceName> is the name of your container service. Use the private domain to access your container service from another one of your Lightsail resources in the same AWS Region as your service. The private domain is the only way to access your container service if you don't specify a public endpoint in the deployment of your service. A default domain is generated for your container service even if you don't specify a public endpoint, but it will show a 404 No Such Service error message when you try to browse to it.

To access a specific container using the private domain of your container service, you must specify the open port of the container that will accept your connection request. You do this by formatting the domain of your request as <ServiceName>.service.local:<PortNumber>, in which <ServiceName> is the name of your container service and <PortNumber> is the open port of the container that you wish to connect to. For example, if you create a deployment on your container service named container-service-1, and you specify a Redis container with port 6379 open, then you should format the domain of your request as container-service-1.service.local:6379.

Custom domains and SSL/TLS certificates

You can use up to 4 of your custom domains with your container service instead of using the default domain. For example, you can direct traffic for your custom domain, such as example.com, to the container in your deployment that is labeled as the public endpoint.

To use your custom domains with your service, you must first request an SSL/TLS certificate for the domains that you want to use. You must then validate the SSL/TLS certificate by adding a set of CNAME records to the DNS of your domains. After the SSL/TLS certificate is validated, you enable custom domains on your container service by attaching the valid SSL/TLS certificate to your service. For more information see Create SSL/TLS certificates for your Lightsail container services, Validate SSL/TLS certificates for your Lightsail container services, and Enable and manage custom domains for your Lightsail container services.

Container logs

Every container in your container service generates a log that you can access to diagnose the operation of your containers. The logs provide the stdout and stderr streams of processes that run inside the container. For more information, see View container service logs.

Metrics

Monitor the metrics of your container service to diagnose issues that may be a result of over-utilization. You can also monitor metrics to help you determine if your service is under-provisioned or over-provisioned. For more information, see View container service metrics.

Use Lightsail container services

These are the general steps to manage your Lightsail container service if you plan to push container images from your local machine to your service, and use them in your deployment:

  1. Create your container service in your Lightsail account. For more information, see Create Lightsail container services.

  2. Install software on your local machine that you need to create your own container images and push them to your Lightsail container service. For more information, see For more information, see the following guides:

  3. Create a deployment in your container service that configures and launches your containers. For more information, see Create and manage deployments for your Lightsail container services.

  4. View previous deployments for your container service. You can create a new deployment using a previous deployment version. For more information, see View and manage deployment versions of your Lightsail container services.

  5. View the logs of containers on your container service. For more information, see View the container logs of your Lightsail container services.

  6. Create an SSL/TLS certificate for the domains that you want to use with your containers. For more information, see Create SSL/TLS certificates for your Lightsail container services.

  7. Validate the SSL/TLS certificate by adding records to the DNS of your domains. For more information, see Validate SSL/TLS certificates for your Lightsail container services.

  8. Enable custom domains by attaching a valid SSL/TLS certificate to your container service. For more information, see Enable and manage custom domains for your Lightsail container services.

  9. Monitor the utilization metrics of your container service. For more information, see View container service metrics.

  10. (Optional) Scale the capacity of your container service vertically, by increasing its power specification, and horizontally, by increasing its scale specification. For more information, see Change the capacity of your Lightsail container services.

  11. Delete your container service if you're not using it to avoid incurring monthly charges. For more information, see Delete Lightsail container services.

These are the general steps to manage your Lightsail container service if you plan to use container images from a public registry in your deployment:

  1. Create your container service in your Lightsail account. For more information, see Create Lightsail container services.

  2. If you plan to use container images from a public registry, find container images from a public registry such as the Amazon ECR Public Gallery. For more information about Amazon ECR Public, see What Is Amazon Elastic Container Registry Public? in the Amazon ECR Public User Guide.

  3. Create a deployment in your container service that configures and launches your containers. For more information, see Create and manage deployments for your Lightsail container services.

  4. View previous deployments for your container service. You can create a new deployment using a previous deployment version. For more information, see View and manage deployment versions of your Lightsail container services.

  5. View the logs of containers on your container service. For more information, see View the container logs of your Lightsail container services.

  6. Create an SSL/TLS certificate for the domains that you want to use with your containers. For more information, see Create SSL/TLS certificates for your Lightsail container services.

  7. Validate the SSL/TLS certificate by adding records to the DNS of your domains. For more information, see Validate SSL/TLS certificates for your Lightsail container services.

  8. Enable custom domains by attaching a valid SSL/TLS certificate to your container service. For more information, see Enable and manage custom domains for your Lightsail container services.

  9. Monitor the utilization metrics of your container service. For more information, see View container service metrics.

  10. (Optional) Scale the capacity of your container service vertically, by increasing its power specification, and horizontally, by increasing its scale specification. For more information, see Change the capacity of your Lightsail container services.

  11. Delete your container service if you're not using it to avoid incurring monthly charges. For more information, see Delete Lightsail container services.