Deploy and manage containers on Amazon Lightsail
An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run, and manage containers. A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another.
You can think of your Lightsail container service as a computing environment that lets you run containers on AWS infrastructure by using images that you create on your local machine and push to your service, or images from an online repository, like Amazon ECR Public Gallery.
You can also run containers locally, on your local machine, by installing software such as Docker. Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2) are other resources within the AWS infrastructure on which you can run containers. For more information, see the Amazon ECS Developer Guide.
Contents
Containers
A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another. You could run a container on your development environment, deploy it to your pre-production environment, and then deploy it to your production environment. Your containers will run reliably regardless of whether your development environment is your local machine, your pre-production environment is a physical server in a data center, or your production environment is a virtual private server in the cloud.
A container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Container images become containers at runtime. By containerizing the application and its dependencies, you no longer have to worry about whether your software runs correctly on the operating system and infrastructure that you deploy it on – you can spend more time focusing on the code.
For more information about containers, and container images, see What is a Container?
Lightsail container service elements
The following are the key elements of Lightsail container services that you should understand before getting started.
Lightsail container services
A container service is the Lightsail compute resource that you can create in any AWS Region in which Lightsail is available. You can create and delete container services at any time. For more information, see Create Lightsail container services and Delete Lightsail container services.
Container service capacity (scale and power)
You must choose the following capacity parameters when you first create your container service:
-
Scale — The number of compute nodes that you want your container workload to run in. Your container workload is copied across the compute nodes of your service. You can specify up to 20 compute nodes for a container service. You pick the scale based on the number of nodes you want powering your service for better availability and higher capacity. Traffic to your containers will be load-balanced across all nodes.
-
Power — The memory and vCPUs of each node in your container service. The powers that you can choose are Nano (Na), Micro (Mi), Small (Sm), Medium (Md), Large (Lg), and Xlarge (Xl), each with a progressively greater amount of memory and vCPUs.
If you specify the scale of your container service as more than 1, then your container workload is copied across the multiple compute nodes of your service. For example, if the scale of your service is 3 and the power is Nano, then there are three copies of your container workload running on three compute resources each with 512 MB of RAM and 0.25 vCPUs. The incoming traffic is load-balanced between the three resources. The greater the capacity you specify for your container service, the more traffic it is able to handle.
You can dynamically increase the power and scale of your container service at any time without any down-time if you find that it's under-provisioned, or decrease it if you find that it's over-provisioned. Lightsail automatically manages the capacity change along with your current deployment. For more information, see Change the capacity of your container service.
Pricing
The monthly price of your container service is calculated by multiplying the price of its power with the number of its compute nodes (the scale of your service). For example, a service with a medium power, which has a price of $40 USD, and a scale of 3 compute nodes, will cost $120 USD per month. You are charged for your container service whether it's enabled or disabled, and whether it has a deployment or not. You must delete your container service to stop being charged for it.
Each container service, regardless of its configured capacity, includes a monthly data
transfer quota of 500 GB. The data transfer quota does not change regardless of the power
and scale that you choose for your service. Data transfer out to the internet in excess of
the quota will result in an overage charge that varies by AWS Region and starts at $0.09
USD per GB. Data transfer in from the internet in excess of the quota does not incur an
overage charge. For more information, see the Lightsail pricing page
Deployments
You can create a deployment in your Lightsail container service. A deployment is a set of specifications for the container workload that you wish to launch on your service.
You can specify the following parameters for each container entry in a deployment:
-
The name of your container that will be launched
-
The source container image to use for your container
-
The command to run when launching your container
-
The environment variables to apply to your container
-
The network ports to open on your container
-
The container in the deployment to make publicly accessible through the default domain of the container service
Note
Only one container in a deployment can be made publicly accessible for each container service.
The following health check parameters will apply to the public endpoint of a deployment after it's launched:
-
The directory path on which to perform a health check.
-
Advanced health check settings, such as interval seconds, timeout seconds, success codes, healthy threshold, and unhealthy threshold.
Your container service can have one active deployment at a time, and a deployment can have up to 10 container entries. You can create a deployment at the same time as you create your container service, or you can create it after your service is up and running. For more information, see Create and manage container service deployments.
Deployment versions
Every deployment that you create in your container service is saved as a deployment version. If you modify the parameters of an existing deployment, the containers are re-deployed to your service and the modified deployment results in a new deployment version. The latest 50 deployment versions for each container service are saved. You can use any of the 50 deployment versions to create a new deployment in the same container service. For more information, see Create and manage container service deployments.
Container image sources
When you create a deployment, you must specify a source container image for each container entry in your deployment. Immediately after you create your deployment, your container service pulls the images from the sources you specify and uses them to create your containers.
The images that you specify can originate from the following sources:
-
A public registry, such as Amazon ECR Public Gallery, or some other public container image registry. For more information about Amazon ECR Public, see What Is Amazon Elastic Container Registry Public? in the Amazon ECR Public User Guide.
-
Images pushed from your local machine to your container service. If you create container images on your local machine, you can push them to your container service to use them when creating a deployment. For more information, see Create container service images and Push and manage container images.
Lightsail container services support Linux-based container images. Windows-based container images are currently not supported, but you can run Docker, the AWS Command Line Interface (AWS CLI), and the Lightsail Control (lightsailctl) plugin on Windows to build and push your Linux based images to your Lightsail container service.
Container service ARN
Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, and API calls.
To get the ARN for your container service, use the GetContainerServices
Lightsail API action, and specify the name of the container service using the
serviceName
parameter. Your container service ARN will be listed in the
results of that action as shown in the following example. For more information, see GetContainerServices in the Amazon Lightsail API
Reference.
You'll see output similar to the following:
{ "containerServices": [ { "containerServiceName": "container-service-1", "arn": "arn:aws:lightsail: :111122223333:ContainerService/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111", "createdAt": "2024-01-01T00:00:00+00:00", "location": { "availabilityZone": "all", "regionName": "us-west-2" }, ..... }
Public endpoints and default domains
When you create a deployment, you can specify the container entry in the deployment that
will serve as the public endpoint of your container service. The application on the public
endpoint container is publicly accessible on the internet through a randomly generated
default domain of your container service. The default domain is formatted as
https://
,
in which <ServiceName>
.<RandomGUID>
.<AWSRegion>
.cs.amazonlightsail.com<ServiceName>
is the name of your container
service, <RandomGUID>
is a randomly generated globally
unique identifier of your container service in the AWS Region for your Lightsail
account, and <AWSRegion>
is the AWS Region in which the
container service was created. The public endpoint of Lightsail container services
supports HTTPS only, and it does not support TCP or UDP traffic. Only one container can be
the public endpoint for a service. So make sure that choose the container that is hosting
the front-end of your application as the public endpoint while rest of the containers are
internally accessible.
You can use the default domain of your container service, or you can use your own custom domain (your registered domain name). For more information about using custom domains with your container services, see Enable and manage custom domains for your container services.
Private domain
All container services also have a private domain that is formatted as
, in which
<ServiceName>
.service.local<ServiceName>
is the name of your container service. Use
the private domain to access your container service from another one of your Lightsail
resources in the same AWS Region as your service. The private domain is the only way to
access your container service if you don't specify a public endpoint in the deployment of
your service. A default domain is generated for your container service even if you don't
specify a public endpoint, but it will show a 404 No Such Service
error message
when you try to browse to it.
To access a specific container using the private domain of your container service, you
must specify the open port of the container that will accept your connection request. You do
this by formatting the domain of your request as
,
in which <ServiceName>
.service.local:<PortNumber>
<ServiceName>
is the name of your container
service and <PortNumber>
is the open port of the container
that you wish to connect to. For example, if you create a deployment on your container
service named container-service-1
, and you specify a Redis container with port
6379
open, then you should format the domain of your request as
.container-service-1
.service.local:6379
Custom domains and SSL/TLS certificates
You can use up to 4 of your custom domains with your container service instead of using
the default domain. For example, you can direct traffic for your custom domain, such as
example.com
, to the container in your deployment that is labeled as the
public endpoint.
To use your custom domains with your service, you must first request an SSL/TLS certificate for the domains that you want to use. You must then validate the SSL/TLS certificate by adding a set of CNAME records to the DNS of your domains. After the SSL/TLS certificate is validated, you enable custom domains on your container service by attaching the valid SSL/TLS certificate to your service. For more information see Create SSL/TLS certificates for your Lightsail container services, Validate SSL/TLS certificates for your Lightsail container services, and Enable and manage custom domains for your Lightsail container services.
Container logs
Every container in your container service generates a log that you can access to diagnose the operation of your containers. The logs provide the stdout and stderr streams of processes that run inside the container. For more information, see View container service logs.
Metrics
Monitor the metrics of your container service to diagnose issues that may be a result of over-utilization. You can also monitor metrics to help you determine if your service is under-provisioned or over-provisioned. For more information, see View container service metrics.
Use Lightsail container services
These are the general steps to manage your Lightsail container service if you plan to push container images from your local machine to your service, and use them in your deployment:
-
Create your container service in your Lightsail account. For more information, see Create Lightsail container services.
-
Install software on your local machine that you need to create your own container images and push them to your Lightsail container service. For more information, see For more information, see the following guides:
-
Create a deployment in your container service that configures and launches your containers. For more information, see Create and manage deployments for your Lightsail container services.
-
View previous deployments for your container service. You can create a new deployment using a previous deployment version. For more information, see View and manage deployment versions of your Lightsail container services.
-
View the logs of containers on your container service. For more information, see View the container logs of your Lightsail container services.
-
Create an SSL/TLS certificate for the domains that you want to use with your containers. For more information, see Create SSL/TLS certificates for your Lightsail container services.
-
Validate the SSL/TLS certificate by adding records to the DNS of your domains. For more information, see Validate SSL/TLS certificates for your Lightsail container services.
-
Enable custom domains by attaching a valid SSL/TLS certificate to your container service. For more information, see Enable and manage custom domains for your Lightsail container services.
-
Monitor the utilization metrics of your container service. For more information, see View container service metrics.
-
(Optional) Scale the capacity of your container service vertically, by increasing its power specification, and horizontally, by increasing its scale specification. For more information, see Change the capacity of your Lightsail container services.
-
Delete your container service if you're not using it to avoid incurring monthly charges. For more information, see Delete Lightsail container services.
These are the general steps to manage your Lightsail container service if you plan to use container images from a public registry in your deployment:
-
Create your container service in your Lightsail account. For more information, see Create Lightsail container services.
-
If you plan to use container images from a public registry, find container images from a public registry such as the Amazon ECR Public Gallery. For more information about Amazon ECR Public, see What Is Amazon Elastic Container Registry Public? in the Amazon ECR Public User Guide.
-
Create a deployment in your container service that configures and launches your containers. For more information, see Create and manage deployments for your Lightsail container services.
-
View previous deployments for your container service. You can create a new deployment using a previous deployment version. For more information, see View and manage deployment versions of your Lightsail container services.
-
View the logs of containers on your container service. For more information, see View the container logs of your Lightsail container services.
-
Create an SSL/TLS certificate for the domains that you want to use with your containers. For more information, see Create SSL/TLS certificates for your Lightsail container services.
-
Validate the SSL/TLS certificate by adding records to the DNS of your domains. For more information, see Validate SSL/TLS certificates for your Lightsail container services.
-
Enable custom domains by attaching a valid SSL/TLS certificate to your container service. For more information, see Enable and manage custom domains for your Lightsail container services.
-
Monitor the utilization metrics of your container service. For more information, see View container service metrics.
-
(Optional) Scale the capacity of your container service vertically, by increasing its power specification, and horizontally, by increasing its scale specification. For more information, see Change the capacity of your Lightsail container services.
-
Delete your container service if you're not using it to avoid incurring monthly charges. For more information, see Delete Lightsail container services.