logo
Menu

Connecting Lightsail to AWS Services

This posts demonstrates how to connect Lightsail instances to AWS services using VPC Peering.

Sophia Parafina
Sophia Parafina
Amazon Employee
Published Dec 7, 2023

There are situations where you need access to AWS resources that are not in Lightsail, such as files on an EC2 server or the need to connect to an AWS RDS such as PostgreSQL or MariaDB. It is possible to use these resources via VPC (Virtual Private Cloud) peering with a few caveats. This article shows how to configure VPC peering to connect to AWS resources not in Lightsail.

A VPC is a virtual network that connects AWS resources to each other. It isolates your infrastructure into a logical grouping to facilitate managing resources. Each AWS region typically has a default account in addition other user created VPCs. VPC peering establishes a network connection between two VPCs. Lightsail is in its own VPC and if you want to access resources outside of Lightsail you can use VPC peering to connect to the default VPC. Lightsail can only create VPC peering with the default VPC for an AWS region.

To establish VPC peering open the Lightsail console. Choose Account.

Choose Account at the top right of the Lightsail console

Then choose Account from the drop down menu.

Choose Account from the drop down

Next, choose the Advanced tab.

Choose the Advanced tab

Choose the AWS regions where you want to Enable VPC peering.

Choose AWS regions to enable VPC peering

You can confirm if VPC peering was successful by opening the VPC console.

Open VPC console

Choose Peering connections in the side menu.

Choose Peering connections

Verify peering connections by examining the Requester VPC and Accepter VPC which should be the default VPC for the chosen region.

Verify the peering connection

A common scenario is to connect a Lightsail instance to a RDS. To do this, you’ll need the Lightsail instance’s private IP address.

Get the private IP address of the Lightsail instance

Next, open the RDS console. You can use the search bar in the AWS home console.

Find the RDS console using the search bar

Choose Databases, then choose the database by selecting the DB Identifier.

Choose the database

To connect to the database, we will need to modify the security group to allow connections from the Lightsail instance. Choose the link to the security group.

Choose the security group

Choose the security group for the database, then choose Edit inbound rules under the Actions button.

Choose Actions, then Edid inbound rules

Choose Add rule, enter the port for MariaDB, the private IP address of the Lightsail instance, and a description. Choose Save rule.

Create an inbound rule for the Lightsai instance

The new Inbound rule will be listed for the security group.

New Inbound rule is listed in the security group

In this example, he Lightsail instance has the MariaDB client installed. We can use it to test VPC peering by connecting to the database and running SQL commands. Open a terminal on the Lightsail instance.

Open the Lightsail instance terminal

In the terminal, connect to the database.

1
$ mariadb -h wp-mariadb.c0kabllgdzuf.us-west-2.rds.amazonaws.com -P 3306 -u

List the databases on the RDS.

List the databases in the RDS instance

List the tables in the acme database.

List the tables in the acme database

Query the acme database for employees.

Query the acme database

You can now connect any client or application to the database from your Lightsail instance.

This article shows that you are not limited to the resources in AWS Lightsail. You can connect and use other AWS resources as long as they are in the default VPC for an AWS region. For example, checkout this document that shows how to connect a to AWS Elastic File System (EFS).


Any opinions in this post are those of the individual author and may not reflect the opinions of AWS.