Deploy and manage containers on Amazon Lightsail

An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run, and manage containers. A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another.

You can think of your Lightsail container service as a computing environment that lets you run containers on AWS infrastructure by using images that you create on your local machine and push to your service, or images from an online repository, like Amazon ECR Public Gallery.

You can also run containers locally, on your local machine, by installing software such as Docker. Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2) are other resources within the AWS infrastructure on which you can run containers. For more information, see the Amazon ECS Developer Guide.

Contents

Containers

A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another. You could run a container on your development environment, deploy it to your pre-production environment, and then deploy it to your production environment. Your containers will run reliably regardless of whether your development environment is your local machine, your pre-production environment is a physical server in a data center, or your production environment is a virtual private server in the cloud.

A container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Container images become containers at runtime. By containerizing the application and its dependencies, you no longer have to worry about whether your software runs correctly on the operating system and infrastructure that you deploy it on – you can spend more time focusing on the code.

For more information about containers, and container images, see What is a Container? in the Docker documentation.

Lightsail container service elements

The following are the key elements of Lightsail container services that you should understand before getting started.

Lightsail container services

A container service is the Lightsail compute resource that you can create in any AWS Region in which Lightsail is available. You can create and delete container services at any time. For more information, see Create Lightsail container services and Delete Lightsail container services.

Container service capacity (scale and power)

You must choose the following capacity parameters when you first create your container service:

If you specify the scale of your container service as more than 1, then your container workload is copied across the multiple compute nodes of your service. For example, if the scale of your service is 3 and the power is Nano, then there are three copies of your container workload running on three compute resources each with 512 MB of RAM and 0.25 vCPUs. The incoming traffic is load-balanced between the three resources. The greater the capacity you specify for your container service, the more traffic it is able to handle.

You can dynamically increase the power and scale of your container service at any time without any down-time if you find that it's under-provisioned, or decrease it if you find that it's over-provisioned. Lightsail automatically manages the capacity change along with your current deployment. For more information, see Change the capacity of your container service.

Pricing

The monthly price of your container service is calculated by multiplying the price of its power with the number of its compute nodes (the scale of your service). For example, a service with a medium power, which has a price of $40 USD, and a scale of 3 compute nodes, will cost $120 USD per month. You are charged for your container service whether it's enabled or disabled, and whether it has a deployment or not. You must delete your container service to stop being charged for it.

Each container service, regardless of its configured capacity, includes a monthly data transfer quota of 500 GB. The data transfer quota does not change regardless of the power and scale that you choose for your service. Data transfer out to the internet in excess of the quota will result in an overage charge that varies by AWS Region and starts at $0.09 USD per GB. Data transfer in from the internet in excess of the quota does not incur an overage charge. For more information, see the Lightsail pricing page.

Deployments

You can create a deployment in your Lightsail container service. A deployment is a set of specifications for the container workload that you wish to launch on your service.

You can specify the following parameters for each container entry in a deployment:

The following health check parameters will apply to the public endpoint of a deployment after it's launched:

Your container service can have one active deployment at a time, and a deployment can have up to 10 container entries. You can create a deployment at the same time as you create your container service, or you can create it after your service is up and running. For more information, see Create and manage container service deployments.

Deployment versions

Every deployment that you create in your container service is saved as a deployment version. If you modify the parameters of an existing deployment, the containers are re-deployed to your service and the modified deployment results in a new deployment version. The latest 50 deployment versions for each container service are saved. You can use any of the 50 deployment versions to create a new deployment in the same container service. For more information, see Create and manage container service deployments.

Container image sources

When you create a deployment, you must specify a source container image for each container entry in your deployment. Immediately after you create your deployment, your container service pulls the images from the sources you specify and uses them to create your containers.

The images that you specify can originate from the following sources:

Lightsail container services support Linux-based container images. Windows-based container images are currently not supported, but you can run Docker, the AWS Command Line Interface (AWS CLI), and the Lightsail Control (lightsailctl) plugin on Windows to build and push your Linux based images to your Lightsail container service.

Container service ARN

Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, and API calls.

To get the ARN for your container service, use the GetContainerServices Lightsail API action, and specify the name of the container service using the serviceName parameter. Your container service ARN will be listed in the results of that action as shown in the following example. For more information, see GetContainerServices in the Amazon Lightsail API Reference.

You'll see output similar to the following:

{
    "containerServices": [
        {
            "containerServiceName": "container-service-1",
            "arn": "arn:aws:lightsail: :111122223333:ContainerService/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
            "createdAt": "2024-01-01T00:00:00+00:00",
            "location": {
                "availabilityZone": "all",
                "regionName": "us-west-2"
        },
        .....
}

Public endpoints and default domains

When you create a deployment, you can specify the container entry in the deployment that will serve as the public endpoint of your container service. The application on the public endpoint container is publicly accessible on the internet through a randomly generated default domain of your container service. The default domain is formatted as https://<ServiceName>.<RandomGUID>.<AWSRegion>.cs.amazonlightsail.com, in which <ServiceName> is the name of your container service, <RandomGUID> is a randomly generated globally unique identifier of your container service in the AWS Region for your Lightsail account, and <AWSRegion> is the AWS Region in which the container service was created. The public endpoint of Lightsail container services supports HTTPS only, and it does not support TCP or UDP traffic. Only one container can be the public endpoint for a service. So make sure that choose the container that is hosting the front-end of your application as the public endpoint while rest of the containers are internally accessible.

You can use the default domain of your container service, or you can use your own custom domain (your registered domain name). For more information about using custom domains with your container services, see Enable and manage custom domains for your container services.

Private domain

All container services also have a private domain that is formatted as <ServiceName>.service.local, in which <ServiceName> is the name of your container service. Use the private domain to access your container service from another one of your Lightsail resources in the same AWS Region as your service. The private domain is the only way to access your container service if you don't specify a public endpoint in the deployment of your service. A default domain is generated for your container service even if you don't specify a public endpoint, but it will show a 404 No Such Service error message when you try to browse to it.

To access a specific container using the private domain of your container service, you must specify the open port of the container that will accept your connection request. You do this by formatting the domain of your request as <ServiceName>.service.local:<PortNumber>, in which <ServiceName> is the name of your container service and <PortNumber> is the open port of the container that you wish to connect to. For example, if you create a deployment on your container service named container-service-1, and you specify a Redis container with port 6379 open, then you should format the domain of your request as container-service-1.service.local:6379.

Custom domains and SSL/TLS certificates

You can use up to 4 of your custom domains with your container service instead of using the default domain. For example, you can direct traffic for your custom domain, such as example.com, to the container in your deployment that is labeled as the public endpoint.

To use your custom domains with your service, you must first request an SSL/TLS certificate for the domains that you want to use. You must then validate the SSL/TLS certificate by adding a set of CNAME records to the DNS of your domains. After the SSL/TLS certificate is validated, you enable custom domains on your container service by attaching the valid SSL/TLS certificate to your service. For more information see Create SSL/TLS certificates for your Lightsail container services, Validate SSL/TLS certificates for your Lightsail container services, and Enable and manage custom domains for your Lightsail container services.

Container logs

Every container in your container service generates a log that you can access to diagnose the operation of your containers. The logs provide the stdout and stderr streams of processes that run inside the container. For more information, see View container service logs.

Metrics

Monitor the metrics of your container service to diagnose issues that may be a result of over-utilization. You can also monitor metrics to help you determine if your service is under-provisioned or over-provisioned. For more information, see View container service metrics.

Use Lightsail container services

These are the general steps to manage your Lightsail container service if you plan to push container images from your local machine to your service, and use them in your deployment:

These are the general steps to manage your Lightsail container service if you plan to use container images from a public registry in your deployment: