Step 2: Create and Configure AWS Lightsail Instance

Lecture Slides

Either click on the slide area below or click here to view it in fullscreen. Use your keypad to navigate the slides.

A PDF printable handout version of the slides is available here

Introduction

In this step, you’ll create a new AWS Lightsail instance that will serve as your production server for deploying your Spring Boot application. We’ll configure it with the appropriate specifications and security settings needed for a Java web application.

Understanding AWS Lightsail

AWS Lightsail is Amazon’s simplified cloud platform that provides easy-to-use virtual private servers (VPS) with predictable pricing. It’s perfect for deploying Spring Boot applications because it offers:

• Pre-configured Linux instances
• Integrated networking and security
• Simple management interface
• Cost-effective pricing for small to medium applications

TipWhy Choose Lightsail?

Lightsail is ideal for Spring Boot deployments because it eliminates the complexity of EC2 while providing sufficient power and flexibility for most web applications.

Creating Your Lightsail Instance

Step 1: Access the Lightsail Console

1. Log into your AWS account and navigate to the Lightsail console
2. Click “Create instance” to start the setup process

Step 2: Choose Instance Location and Availability Zone

1. Select your preferred AWS Region (choose one closest to your users for better performance)
2. Keep the default Availability Zone unless you have specific requirements

NoteRegion Selection

For this tutorial, we’ll use us-east-1 (Virginia), but you can choose any region. Just remember your selection for future configurations.

Step 3: Select Platform and Blueprint

1. Platform: Select Linux/Unix
2. Blueprint: Choose OS Only → Ubuntu 20.04 LTS

We’re using Ubuntu because it has excellent Java support and a large community for troubleshooting.

Step 4: Choose Instance Plan

For a Spring Boot application with moderate traffic, select:

• Instance plan: $10 USD/month
  • 1 GB RAM
  • 1 vCPU
    
  • 40 GB SSD
  • 2 TB transfer

TipInstance Sizing

This configuration handles most Spring Boot applications well. You can always upgrade later if you need more resources.

Step 5: Configure Instance Details

1. Instance name: Enter a descriptive name like spring-boot-prod-server
2. Key pair:
   • If you have an existing key pair, select it
   • If not, click “Create new” and download the private key file
   • Important: Save this key file securely - you’ll need it for SSH access
3. Click “Create instance”

Initial Server Configuration

Once your instance is running (this takes 2-3 minutes), you’ll need to configure it for Java development.

Step 1: Connect to Your Instance

You can connect via the Lightsail browser-based SSH or use your own SSH client:

Option A: Browser SSH (Easiest) 1. In the Lightsail console, click the terminal icon next to your instance 2. This opens a browser-based SSH session

Option B: Local SSH Client

# Replace 'your-key.pem' with your actual key file name
# Replace 'YOUR_INSTANCE_IP' with your Lightsail instance's public IP
chmod 400 your-key.pem
ssh -i your-key.pem ubuntu@YOUR_INSTANCE_IP

Step 2: Update the System

First, update your Ubuntu system:

sudo apt update && sudo apt upgrade -y

Step 3: Install Java 17

Install OpenJDK 17, which is the recommended version for modern Spring Boot applications:

# Install OpenJDK 17
sudo apt install openjdk-17-jdk -y

# Verify installation
java -version
javac -version

You should see output similar to:

openjdk version "17.0.x" 2023-xx-xx
OpenJDK Runtime Environment (build 17.0.x+x-Ubuntu-x)
OpenJDK 64-Bit Server VM (build 17.0.x+x-Ubuntu-x, mixed mode, sharing)

Step 4: Set JAVA_HOME Environment Variable

# Find Java installation path
sudo update-alternatives --display java

# Set JAVA_HOME (replace path if different)
echo 'export JAVA_HOME=/usr/lib/jvm/java-17-openjdk-amd64' >> ~/.bashrc
echo 'export PATH=$JAVA_HOME/bin:$PATH' >> ~/.bashrc

# Reload environment
source ~/.bashrc

# Verify JAVA_HOME
echo $JAVA_HOME

Step 5: Install Essential Development Tools

Install additional tools you’ll need:

# Install git, curl, wget, and unzip
sudo apt install git curl wget unzip -y

# Install Maven (for building Spring Boot apps)
sudo apt install maven -y

# Verify Maven installation
mvn -version

Configuring Security Groups

Understanding Lightsail Firewall

Lightsail includes a built-in firewall that controls network access to your instance. We need to configure it to allow web traffic.

Step 1: Configure Firewall Rules

1. In the Lightsail console, click on your instance name
2. Go to the Networking tab
3. Under Firewall, you’ll see the default rules
4. Add the following rules by clicking “Add rule”:

Required Rules: - HTTP: Application = HTTP, Protocol = TCP, Port = 80 - HTTPS: Application = HTTPS, Protocol = TCP, Port = 443
- Custom: Application = Custom, Protocol = TCP, Port = 8080 (for testing Spring Boot directly)

WarningSecurity Note

Only open port 8080 temporarily for testing. In production, you’ll use Nginx as a reverse proxy and close this port.

Step 2: Verify Connectivity

Test that your instance is accessible:

# From your instance, test outbound connectivity
ping google.com

# Test that the instance can reach package repositories
curl -I https://packages.ubuntu.com

Creating a Deployment User

For security best practices, create a dedicated user for your Spring Boot application:

Step 1: Create Application User

# Create a new user for the application
sudo adduser springboot

# Add user to sudo group (if needed for deployment tasks)
sudo usermod -aG sudo springboot

# Create application directory
sudo mkdir -p /opt/springboot
sudo chown springboot:springboot /opt/springboot

Step 2: Set Up SSH Key for Deployment User (Optional)

If you want to deploy directly as the springboot user:

# Switch to springboot user
sudo su - springboot

# Create SSH directory
mkdir -p ~/.ssh
chmod 700 ~/.ssh

# You can add your public key here later for deployments
# echo "your-public-key" >> ~/.ssh/authorized_keys
# chmod 600 ~/.ssh/authorized_keys

Checkpoint

Before moving on, verify that your Lightsail instance is properly configured:

• Instance is running and accessible via SSH
• Java 17 is installed and JAVA_HOME is set
• Maven is installed and working
• Firewall rules are configured for HTTP, HTTPS, and port 8080
• System is updated and essential tools are installed
• Application user springboot is created

Test Your Setup

Run these commands to verify everything is working:

# Verify Java
java -version

# Verify Maven
mvn -version

# Verify network connectivity
curl -I https://start.spring.io

# Check available disk space
df -h

# Check memory usage
free -h

What Just Happened?

You’ve successfully created and configured an AWS Lightsail instance that’s ready to host your Spring Boot application. The server now has:

• A secure Linux environment with Ubuntu 20.04
• Java 17 runtime environment
• Maven build tool for Java projects
• Proper firewall configuration for web traffic
• A dedicated user account for application deployment
• All necessary development tools and dependencies

In the next step, you’ll set up a MySQL database on this same instance to store your application’s data. The groundwork you’ve laid here ensures that your Spring Boot application will have a stable, secure environment to run in production.

TipInstance Management

Remember to stop your Lightsail instance when not in use during development to save costs. You can easily start/stop instances from the Lightsail console.