# Deploy and manage containers on Amazon Lightsail
An Amazon Lightsail container service is a highly scalable compute and networking resource on which you can deploy, run, and manage containers. A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another.
You can think of your Lightsail container service as a computing environment that lets you run containers on AWS infrastructure by using images that you create on your local machine and push to your service, or images from an online repository, like Amazon ECR Public Gallery.
You can also run containers locally, on your local machine, by installing software such as Docker. Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2) are other resources within the AWS infrastructure on which you can run containers. For more information, see the [Amazon ECS Developer Guide](https://docs.aws.amazon.com/AmazonECS/latest/developerguide/Welcome.html).
**Contents**
+ [Containers](#understanding-containers)
+ [Lightsail container service elements](#understanding-lightsail-container-services)
+ [Lightsail container services](#lightsail-container-services)
+ [Container service capacity (scale and power)](#container-services-capacity)
+ [Pricing](#container-services-pricing)
+ [Deployments](#container-services-deployments)
+ [Deployment versions](#container-services-deployment-versions)
+ [Container image sources](#container-services-image-sources)
+ [Container service ARN](#container-services-arn)
+ [Public endpoints and default domains](#container-services-endpoints-domains)
+ [Custom domains and SSL/TLS certificates](#container-services-custom-domains-certificates)
+ [Container logs](#container-services-container-logs)
+ [Metrics](#container-services-metrics)
+ [Use Lightsail container services](#using-lightsail-container-services)
## Containers
A container is a standard unit of software that packages code and its dependencies together so the application runs quickly and reliably from one computing environment to another. You could run a container on your development environment, deploy it to your pre-production environment, and then deploy it to your production environment. Your containers will run reliably regardless of whether your development environment is your local machine, your pre-production environment is a physical server in a data center, or your production environment is a virtual private server in the cloud.
A container image is a lightweight, standalone, executable package of software that includes everything needed to run an application: code, runtime, system tools, system libraries and settings. Container images become containers at runtime. By containerizing the application and its dependencies, you no longer have to worry about whether your software runs correctly on the operating system and infrastructure that you deploy it on – you can spend more time focusing on the code.
For more information about containers, and container images, see [What is a Container?](https://www.docker.com/resources/what-container) in the *Docker documentation*.
## Lightsail container service elements
The following are the key elements of Lightsail container services that you should understand before getting started.
### Lightsail container services
A container service is the Lightsail compute resource that you can create in any AWS Region in which Lightsail is available. You can create and delete container services at any time. For more information, see [Create Lightsail container services](amazon-lightsail-creating-container-services.md) and [Delete Lightsail container services](amazon-lightsail-deleting-container-services.md).
![\[Lightsail container service diagram\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-container-service-diagram.png)
### Container service capacity (scale and power)
You must choose the following capacity parameters when you first create your container service:
+ **Scale** — The number of compute nodes that you want your container workload to run in. Your container workload is copied across the compute nodes of your service. You can specify up to 20 compute nodes for a container service. You pick the scale based on the number of nodes you want powering your service for better availability and higher capacity. Traffic to your containers will be load-balanced across all nodes.
+ **Power** — The memory and vCPUs of each node in your container service. The powers that you can choose are Nano (Na), Micro (Mi), Small (Sm), Medium (Md), Large (Lg), and Xlarge (Xl), each with a progressively greater amount of memory and vCPUs.
If you specify the scale of your container service as more than 1, then your container workload is copied across the multiple compute nodes of your service. For example, if the scale of your service is 3 and the power is Nano, then there are three copies of your container workload running on three compute resources each with 512 MB of RAM and 0.25 vCPUs. The incoming traffic is load-balanced between the three resources. The greater the capacity you specify for your container service, the more traffic it is able to handle.
You can dynamically increase the power and scale of your container service at any time without any down-time if you find that it's under-provisioned, or decrease it if you find that it's over-provisioned. Lightsail automatically manages the capacity change along with your current deployment. For more information, see [Change the capacity of your container service](amazon-lightsail-changing-container-service-capacity.md).
### Pricing
The monthly price of your container service is calculated by multiplying the price of its power with the number of its compute nodes (the scale of your service). For example, a service with a medium power, which has a price of \$140 USD, and a scale of 3 compute nodes, will cost \$1120 USD per month. You are charged for your container service whether it's enabled or disabled, and whether it has a deployment or not. You must delete your container service to stop being charged for it.
Each container service, regardless of its configured capacity, includes a monthly data transfer quota of 500 GB. The data transfer quota does not change regardless of the power and scale that you choose for your service. Data transfer out to the internet in excess of the quota will result in an overage charge that varies by AWS Region and starts at \$10.09 USD per GB. Data transfer in from the internet in excess of the quota does not incur an overage charge. For more information, see the [Lightsail pricing page](https://aws.amazon.com/lightsail/pricing/).
### Deployments
You can create a deployment in your Lightsail container service. A deployment is a set of specifications for the container workload that you wish to launch on your service.
You can specify the following parameters for each container entry in a deployment:
+ The name of your container that will be launched
+ The source container image to use for your container
+ The command to run when launching your container
+ The environment variables to apply to your container
+ The network ports to open on your container
+ The container in the deployment to make publicly accessible through the default domain of the container service
**Note**
Only one container in a deployment can be made publicly accessible for each container service.
The following health check parameters will apply to the public endpoint of a deployment after it's launched:
+ The directory path on which to perform a health check.
+ Advanced health check settings, such as interval seconds, timeout seconds, success codes, healthy threshold, and unhealthy threshold.
Your container service can have one active deployment at a time, and a deployment can have up to 10 container entries. You can create a deployment at the same time as you create your container service, or you can create it after your service is up and running. For more information, see [Create and manage container service deployments](amazon-lightsail-container-services-deployments.md).
### Deployment versions
Every deployment that you create in your container service is saved as a deployment version. If you modify the parameters of an existing deployment, the containers are re-deployed to your service and the modified deployment results in a new deployment version. The latest 50 deployment versions for each container service are saved. You can use any of the 50 deployment versions to create a new deployment in the same container service. For more information, see [Create and manage container service deployments](amazon-lightsail-container-services-deployments.md).
### Container image sources
When you create a deployment, you must specify a source container image for each container entry in your deployment. Immediately after you create your deployment, your container service pulls the images from the sources you specify and uses them to create your containers.
The images that you specify can originate from the following sources:
+ **A public registry**, such as Amazon ECR Public Gallery, or some other public container image registry. For more information about Amazon ECR Public, see [What Is Amazon Elastic Container Registry Public?](https://docs.aws.amazon.com/AmazonECR/latest/public/what-is-ecr.html) in the *Amazon ECR Public User Guide*.
+ **Images pushed from your local machine** to your container service. If you create container images on your local machine, you can push them to your container service to use them when creating a deployment. For more information, see [Create container service images](amazon-lightsail-creating-container-images.md) and [Push and manage container images](amazon-lightsail-pushing-container-images.md).
Lightsail container services support Linux-based container images. Windows-based container images are currently not supported, but you can run Docker, the AWS Command Line Interface (AWS CLI), and the Lightsail Control (lightsailctl) plugin on Windows to build and push your Linux based images to your Lightsail container service.
### Container service ARN
Amazon Resource Names (ARNs) uniquely identify AWS resources. We require an ARN when you need to specify a resource unambiguously across all of AWS, such as in IAM policies, and API calls.
To get the ARN for your container service, use the `GetContainerServices` Lightsail API action, and specify the name of the container service using the `serviceName` parameter. Your container service ARN will be listed in the results of that action as shown in the following example. For more information, see [GetContainerServices](https://docs.aws.amazon.com/lightsail/2016-11-28/api-reference/API_GetContainerServices.html) in the *Amazon Lightsail API Reference*.
You will see output similar to the following:
```
{
"containerServices": [
{
"containerServiceName": "container-service-1",
"arn": "arn:aws:lightsail: :111122223333:ContainerService/a1b2c3d4-5678-90ab-cdef-EXAMPLE11111",
"createdAt": "2024-01-01T00:00:00+00:00",
"location": {
"availabilityZone": "all",
"regionName": "us-west-2"
},
.....
}
```
### Public endpoints and default domains
When you create a deployment, you can specify the container entry in the deployment that will serve as the public endpoint of your container service. The application on the public endpoint container is publicly accessible on the internet through a randomly generated default domain of your container service. The default domain is formatted as `https://...cs.amazonlightsail.com`, in which ** is the name of your container service, ** is a randomly generated globally unique identifier of your container service in the AWS Region for your Lightsail account, and ** is the AWS Region in which the container service was created. The public endpoint of Lightsail container services supports HTTPS only, and it does not support TCP or UDP traffic. Only one container can be the public endpoint for a service. So make sure that choose the container that is hosting the front-end of your application as the public endpoint while rest of the containers are internally accessible.
You can use the default domain of your container service, or you can use your own custom domain (your registered domain name). For more information about using custom domains with your container services, see [Enable and manage custom domains for your container services](amazon-lightsail-enabling-container-services-custom-domains.md).
**Private domain**
All container services also have a private domain that is formatted as `.service.local`, in which ** is the name of your container service. Use the private domain to access your container service from another one of your Lightsail resources in the same AWS Region as your service. The private domain is the only way to access your container service if you don't specify a public endpoint in the deployment of your service. A default domain is generated for your container service even if you don't specify a public endpoint, but it will show a `404 No Such Service` error message when you try to browse to it.
To access a specific container using the private domain of your container service, you must specify the open port of the container that will accept your connection request. You do this by formatting the domain of your request as `.service.local:`, in which ** is the name of your container service and ** is the open port of the container that you wish to connect to. For example, if you create a deployment on your container service named `container-service-1`, and you specify a Redis container with port `6379` open, then you should format the domain of your request as `container-service-1.service.local:6379`.
### Custom domains and SSL/TLS certificates
You can use up to 4 of your custom domains with your container service instead of using the default domain. For example, you can direct traffic for your custom domain, such as `example.com`, to the container in your deployment that is labeled as the public endpoint.
To use your custom domains with your service, you must first request an SSL/TLS certificate for the domains that you want to use. You must then validate the SSL/TLS certificate by adding a set of CNAME records to the DNS of your domains. After the SSL/TLS certificate is validated, you enable custom domains on your container service by attaching the valid SSL/TLS certificate to your service. For more information see [Create SSL/TLS certificates for your Lightsail container services](amazon-lightsail-creating-container-services-certificates.md), [Validate SSL/TLS certificates for your Lightsail container services](amazon-lightsail-validating-container-services-certificates.md), and [Enable and manage custom domains for your Lightsail container services](amazon-lightsail-enabling-container-services-custom-domains.md).
### Container logs
Every container in your container service generates a log that you can access to diagnose the operation of your containers. The logs provide the *stdout* and *stderr* streams of processes that run inside the container. For more information, see [View container service logs](amazon-lightsail-viewing-container-service-container-logs.md).
### Metrics
Monitor the metrics of your container service to diagnose issues that may be a result of over-utilization. You can also monitor metrics to help you determine if your service is under-provisioned or over-provisioned. For more information, see [View container service metrics](amazon-lightsail-viewing-container-services-metrics.md).
## Use Lightsail container services
The following are the general steps to manage your Lightsail container service and either push images from your local machine to your service or use container images from a public registry.
**To manage your Lightsail container service and use container images in your deployment**
1. Create your container service in your Lightsail account. For more information, see [Create Lightsail container services](amazon-lightsail-creating-container-services.md).
1. Use one of the following options to use container images with your Lightsail container service:
+ **Use a container image from your local machine** – You can install software on your local machine to create your own container images, and then push them to your Lightsail container service. For more information, see the following guides:
+ [Install software to manage container images for your Lightsail container services](amazon-lightsail-install-software.md)
+ [Create container images for your Lightsail container services](amazon-lightsail-creating-container-images.md)
+ [Push and manage container images on your Lightsail container services](amazon-lightsail-pushing-container-images.md)
+ **Use a container image from a public registry** – You can find and use container images for your Lightsail container service from a public registry such as the Amazon ECR Public Gallery. For more information about the Amazon ECR Public Gallery, see [What Is Amazon Elastic Container Registry Public?](https://docs.aws.amazon.com/AmazonECR/latest/public/what-is-ecr.html) in the *Amazon ECR Public User Guide*.
1. [Install software to manage container images for your Lightsail container services](amazon-lightsail-install-software.md).
1. [Create container images for your Lightsail container services](amazon-lightsail-creating-container-images.md).
1. [Push and manage container images on your Lightsail container services](amazon-lightsail-pushing-container-images.md).
1. Create a deployment in your container service that configures and launches your containers. For more information, see [Create and manage deployments for your Lightsail container services](amazon-lightsail-container-services-deployments.md).
1. View previous deployments for your container service. You can create a new deployment using a previous deployment version. For more information, see [View and manage deployment versions of your Lightsail container services](amazon-lightsail-container-services-deployment-versions.md).
1. View the logs of containers on your container service. For more information, see [View the container logs of your Lightsail container services](amazon-lightsail-viewing-container-service-container-logs.md).
1. Create an SSL/TLS certificate for the domains that you want to use with your containers. For more information, see [Create SSL/TLS certificates for your Lightsail container services](amazon-lightsail-creating-container-services-certificates.md).
1. Validate the SSL/TLS certificate by adding records to the DNS of your domains. For more information, see [Validate SSL/TLS certificates for your Lightsail container services](amazon-lightsail-validating-container-services-certificates.md).
1. Enable custom domains by attaching a valid SSL/TLS certificate to your container service. For more information, see [Enable and manage custom domains for your Lightsail container services](amazon-lightsail-enabling-container-services-custom-domains.md).
1. Monitor the utilization metrics of your container service. For more information, see [View container service metrics](amazon-lightsail-viewing-container-services-metrics.md).
1. (Optional) Scale the capacity of your container service vertically, by increasing its power specification, and horizontally, by increasing its scale specification. For more information, see [Change the capacity of your Lightsail container services](amazon-lightsail-changing-container-service-capacity.md).
1. Delete your container service if you're not using it to avoid incurring monthly charges. For more information, see [Delete Lightsail container services](amazon-lightsail-deleting-container-services.md).
# Create a highly available container service with Lightsail
In this guide, we show you how to create an Amazon Lightsail container service using the Lightsail console, and describe the container service settings that you can configure.
Before getting started, we recommend that you familiarize yourself with the elements of a Lightsail container service. For more information, see [Container services](amazon-lightsail-container-services.md).
## Container service capacity (scale and power)
You must choose the capacity of your container service when you first create it. The capacity is made up of a combination of the following parameters:
+ **Scale** - The number of compute nodes that you want your container workload to run in. Your container workload is copied across the compute nodes of your service. You can specify up to 20 compute nodes for a container service. You pick the scale based on the number of nodes you want powering your service for better availability and higher capacity. Traffic to your containers will be load-balanced across all nodes.
+ **Power** - The memory and vCPUs of each node in your container service. The powers that you can choose are Nano (Na), Micro (Mi), Small (Sm), Medium (Md), Large (Lg), and Xlarge (Xl); each with a progressively greater amount of memory and vCPUs.
The incoming traffic is load balanced across the scale (the number of compute nodes) of your container service. For example, a service with a Nano power and a scale of 3 will have 3 copies of your container workload running. Each node will have 512 MB of RAM and 0.25 vCPUs. The incoming traffic will be load-balanced across the 3 nodes. The greater the capacity you choose for your container service, the more traffic it is able to handle.
You can dynamically increase the power and scale of your container service at any time without any down-time if you find that it's under-provisioned, or decrease it if you find that it's over-provisioned. Lightsail automatically manages the capacity change along with your current deployment. For more information, see [Change the capacity of your Lightsail container services](amazon-lightsail-changing-container-service-capacity.md).
## Pricing
The monthly price of your container service is calculated by multiplying the base price of its power with the scale (the number of compute nodes). For example, a service with the \$140 USD medium power and a scale of 3, will cost \$1120 USD per month.
Each container service, regardless of its configured capacity, includes a monthly data transfer quota of 500 GB. The data transfer quota does not change regardless of the power and scale that you choose for your service. Data transfer out to the internet in excess of the quota will result in an overage charge that varies by AWS Region and starts at \$10.09 USD per GB. Data transfer in from the internet in excess of the quota does not incur an overage charge. For more information, see the [Lightsail pricing page](https://aws.amazon.com/lightsail/pricing/).
You are charged for your container service whether it's enabled or disabled, and whether it has a deployment or not. You must delete your container service to stop being charged for it. For more information, see [Delete Lightsail container services](amazon-lightsail-deleting-container-services.md).
## Container service status
Your container service can be in one of the following states:
+ **Pending** – Your container service is being created.
+ **Ready** – Your container service is running but it does not have an active container deployment.
+ **Deploying** – Your deployment is being launched to your container service.
+ **Running** – Your container service is running and it has an active container deployment.
+ **Updating** – Your container service capacity or its custom domains are being updated.
+ **Deleting** – Your container service is being deleted. Your container service is in this state after you choose to delete, and it's in this state only for a brief moment.
+ **Disabled** – Your container service is disabled, and its active deployment and containers, if any, are shut down.
**Container service sub-status**
If your container service is in a **Deploying** or **Updating** state, then one of the following additional sub-states is displayed below the container service state:
+ **Creating system resources** - The system resources for your container service are being created.
+ **Creating network infrastructure** - The network infrastructure for your container service are being created.
+ **Provisioning certificate** - The SSL/TLS certificate for your container service is being created.
+ **Provisioning service** - Your container service is being provisioned.
+ **Creating deployment** - Your deployment is being created on your container service.
+ **Evaluating health check** - The health of your deployment is being evaluated.
+ **Activating deployment** - Your deployment is being activated.
If your container service is in a **Pending** state, then one of the following additional sub-states is displayed below the container service state:
+ **Certificate limit exceeded** - The SSL/TLS certificate required for your container service exceeds the maximum number of certificates allowed for your account.
+ **Unknown error** - An error was experienced when your container service was being created.
## Create a container service
Complete the following procedure to create a Lightsail container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose **Create container service**.
1. In the **Create a container service** page, choose **Change AWS Region**, then choose an AWS Region for your container service.
1. Choose a capacity for your container service. For more information, see the [Container service capacity (scale and power)](#create-container-service-capacity) section of this guide.
1. Complete the following steps to create a deployment that will be launched at the same time as your container service is created. Otherwise, skip to step 7 to create a container service without a deployment.
Create a container service with a deployment if you plan to use a container image from a public registry. Otherwise, create your service without a deployment if you plan to use a container image that is on your local machine. You can push the container image from your local machine to your container service after your service is up and running. Then you can create a deployment using the pushed container image that is registered to your container service.
1. Choose **Create a deployment**.
1. Choose one of the following options:
+ **Choose an example deployment** – Choose this option to create a deployment using a container image that's been curated by the Lightsail team with a set of preconfigured deployment parameters. This option provides the fastest and easiest way to get a popular container up and running on your container service.
+ **Specify a custom deployment** – Choose this option to create a deployment by specifying containers of your choosing.
The deployment form view opens, where you can enter new deployment parameters.
1. Enter the parameters of your deployment. For more information about the deployment parameters that you can specify, see the **Deployment parameters** section in the [Create and manage deployments for your Lightsail container services](amazon-lightsail-container-services-deployments.md) guide.
1. Choose **Add container entry** to add more than one container entry to your deployment. You can have up to 10 container entries in your deployment.
1. When you're done entering the parameters of your deployment, choose **Save and deploy** to create the deployment on your container service.
1. Enter a name for your container service.
Container service names must be:
+ Must be unique within each AWS Region in your Lightsail account.
+ Must contain 2 to 63 characters.
+ Must contain only alphanumeric characters and hyphens.
+ A hyphen (-) can separate words but cannot be at the start or end of the name.
**Note**
The name that you specify will be part of the default domain name of your container service, and it will be visible to the public.
1. Choose one of the following options to add tags to your container service:
+ **Add key-only tags** or **Manage tags** (if tags have already been added). Enter your new tag into the tag key text box, and press **Enter**. Choose **Save** when you’re done entering your tags to add them, or choose **Cancel** to not add them.
![\[Key-only tags in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-key-only-tags.png)
+ **Create a key-value tag**, then enter a key into the **Key** text box, and a value into the **Value** text box. Choose **Save** when you’re done entering your tags, or choose **Cancel** to not add them.
Key-value tags can only be added one at a time before saving. To add more than one key-value tag, repeat the previous steps.
![\[Key-value tags in the Lightsail console.\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-key-value-tag.png)
**Note**
For more information about key-only and key-value tags, see [Tags](amazon-lightsail-tags.md).
1. Choose **Create container service**.
You are redirected to the management page of your new container service. The status of your new container service is **Pending** while it's being created. After a few moments, the status of your service changes to **Ready**, if it doesn't have a current deployment, or **Running**, if you created a deployment.
# Build and test Docker images for Lightsail container services
With Docker, you can build, run, test, and deploy distributed applications that are based on containers. Amazon Lightsail container services use Docker container images in deployments to launch containers.
In this guide, we show you how to create a container image on your local machine using a Dockerfile. After your image is created, you can then push it to your Lightsail container service to deploy it.
To complete the procedures in this guide you should possess a basic understanding of what Docker is and how it works. For more information about Docker, see [What is Docker?](https://aws.amazon.com/docker/) and the [Docker overview](https://docs.docker.com/get-started/overview/).
**Contents**
+ [Step 1: Complete the prerequisites](#create-container-image-prerequisite)
+ [Step 2: Create a Dockerfile and build a container image](#create-container-image-create-dockerfile)
+ [Step 3: Run your new container image](#create-container-image-run-container)
+ [(Optional) Step 4: Clean up the containers running on your local machine](#create-container-image-cleanup)
+ [Next steps after creating container images](#create-container-image-next-steps)
## Step 1: Complete the prerequisites
Before you get started, you must install the software required to create containers and then push them to your Lightsail container service. For example, you must install and use Docker to create and build your container images that you can then use with your Lightsail container service. For more information, see [Installing software to manage container images for your Amazon Lightsail container services](amazon-lightsail-install-software.md).
## Step 2: Create a Dockerfile and build a container image
Complete the following procedure to create a Dockerfile, and build a `mystaticwebsite` Docker container image from it. The container image will be for a simple static website hosted on an Apache web server on Ubuntu.
1. Create a `mystaticwebsite` folder on your local machine where you will store your Dockerfile.
1. Create a Dockerfile in the folder you just created.
The Dockerfile does not use a file extension, such as `.TXT`. The full file name is `Dockerfile`.
1. Copy one of the following code blocks depending on how you want to configure your container image, and paste it into your Dockerfile:
+ **If you want to create a simple static website container image with a Hello World message**, then copy the following code block and paste it into your Dockerfile. This code sample uses the Ubuntu 18.04 image. The `RUN` instructions updates the package caches, and installs and configures Apache, and prints a Hello World message to the web server's document root. The `EXPOSE` instruction exposes port 80 on the container, and the `CMD` instruction starts the web server.
```
FROM ubuntu:18.04
# Install dependencies
RUN apt-get update && \
apt-get -y install apache2
# Write hello world message
RUN echo 'Hello World!' > /var/www/html/index.html
# Open port 80
EXPOSE 80
# Start Apache service
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
```
+ **If you want to use your own set of HTML files for your static website container image**, create an `html` folder in the same folder where you store your Dockerfile. Then put your HTML files in that folder.
After your HTML files are in the `html` folder, copy the following code block and paste into to your Dockerfile. This code sample uses the Ubuntu 18.04 image. The `RUN` instructions updates the package caches, and installs and configures Apache. The `COPY` instruction copies the contents of the html folder to the web server's document root. The `EXPOSE` instruction exposes port 80 on the container, and the `CMD` instruction starts the web server.
```
FROM ubuntu:18.04
# Install dependencies
RUN apt-get update && \
apt-get -y install apache2
# Copy html directory files
COPY html /var/www/html/
# Open port 80
EXPOSE 80
CMD ["/usr/sbin/apache2ctl", "-D", "FOREGROUND"]
```
1. Open a command prompt or terminal window and change the directory to the folder in which you are storing your Dockerfile.
1. Enter the following command to build your container image using the Dockerfile in the folder. This command builds a new Docker container image named `mystaticwebsite`.
```
docker build -t mystaticwebsite .
```
You should see a message that confirms your image was successfully built.
1. Enter the following command to view the container images on your local machine.
```
docker images --filter reference=mystaticwebsite
```
You should see a result similar to the following example, showing the new container image created.
![\[Result of docker images command\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/docker-images-command-result.png)
Your newly built container image is ready to be tested by using it to run a new container on your local machine. Continue to the next [Step 3: Run your new container image](#create-container-image-run-container) section of this guide.
## Step 3: Run your new container image
Complete the following steps to run the new container image you created.
1. In a command prompt or terminal window, enter the following command to run the container image that you built in the previous [Step 2: Create a Dockerfile and build a container image](#create-container-image-create-dockerfile) section of this guide. The `-p 8080:80` option maps the exposed port 80 on the container to port 8080 on your local machine. The `-d` option specifies that the container should run in detached mode.
```
docker container run -d -p 8080:80 --name mystaticwebsite mystaticwebsite:latest
```
1. Enter the following command to view your running containers.
```
docker container ls -a
```
You should see a result similar to the following example, showing the new running container.
![\[Result of docker container command\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/docker-container-command-result.png)
1. To confirm that the container is up and running, open a new browser window and browse to `http://localhost:8080`. You should see a message similar to the following example. This confirms that your container is up and running on your local machine.
![\[Static website running on a Docker container\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-mystaticsite-hello-world.png)
Your newly built container image is ready to be pushed to your Lightsail account so that you can deploy it to your Lightsail container service. For more information, see [Pushing and managing container images on your Amazon Lightsail container services](amazon-lightsail-pushing-container-images.md).
## (Optional) Step 4: Clean up the containers running on your local machine
Now that you've created a container image that you can push to your Lightsail container service, it's time to clean up the containers that are running on your local machine as a result of following the procedures in this guide.
Complete the following steps to clean up the containers running on your local machine:
1. Run the following command to view the containers that are running on your local machine.
```
docker container ls -a
```
You should see a result similar to the following, which lists the names of the containers running on your local machine.
![\[Result of docker container command\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/docker-container-command-result.png)
1. Run the following command to remove the running container that you created earlier in this guide. This forces the container to be stopped, and permanently deletes it.
```
docker container rm --force
```
In the command, replace with the name of the container you want to stop, and delete.
Example:
```
docker container rm mystaticwebsite --force
```
The container that was created as a result of this guide should now be deleted.
## Next steps after creating container images
After you create your container images, push them to your Lightsail container service when you're ready to deploy them. For more information, see [Manage Lightsail container service images](amazon-lightsail-pushing-container-images.md).
**Topics**
+ [Step 1: Complete the prerequisites](#create-container-image-prerequisite)
+ [Step 2: Create a Dockerfile and build a container image](#create-container-image-create-dockerfile)
+ [Step 3: Run your new container image](#create-container-image-run-container)
+ [(Optional) Step 4: Clean up the containers running on your local machine](#create-container-image-cleanup)
+ [Next steps after creating container images](#create-container-image-next-steps)
+ [Manage container images](amazon-lightsail-pushing-container-images.md)
+ [Install container services plugin](amazon-lightsail-install-software.md)
+ [ECR private repository access](amazon-lightsail-container-service-ecr-private-repo-access.md)
# Push, view, and delete container images for a Lightsail container service
When you create a deployment in your Amazon Lightsail container service, you must specify a source container image for each container entry. You can use images from a public registry, such as Amazon ECR Public Gallery, or you can use images that you create on your local machine. In this guide, we show you how to push container images from your local machine to your Lightsail container service. For more information about creating container images, see [Create container service images](amazon-lightsail-creating-container-images.md).
**Contents**
+ [Prerequisites](#push-container-images-prerequisites)
+ [Push container images from your local machine to your container service](#push-container-images)
+ [View container images stored on your container service](#view-pushed-container-images)
+ [Delete container images stored on your container service](#delete-stored-container-images)
## Prerequisites
Complete the following prerequisites before you get started with pushing your container images to your container service:
+ Create your container service in your Lightsail account. For more information, see [Creating Amazon Lightsail container services](amazon-lightsail-creating-container-services.md).
+ Install software on your local machine that you need to create your own container images and push them to your Lightsail container service. For more information, see [Installing software to manage container images for your Amazon Lightsail container services](amazon-lightsail-install-software.md).
+ Create container images on your local machine, that you can push to your Lightsail container service. For more information, see [Creating container images for your Amazon Lightsail container services](amazon-lightsail-creating-container-images.md).
## Push container images from your local machine to your container service
Complete the following procedure to push your container images to your container service.
1. Open a command prompt or terminal window.
1. In the command prompt or terminal window, enter the following command to view the Docker images that are currently on your local machine.
```
docker images
```
1. In the result, locate the name (repository name) and tag of the container image that you want to push to your container service. Make a note of it because you will need it in the next step.
![\[Docker container images on a local machine\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-container-service-docker-images.png)
1. Enter the following command to push the container image on your local machine to your container service.
```
aws lightsail push-container-image --region --service-name --label --image :
```
In the command, replace:
+ ** with the AWS Region in which your container service was created.
+ ** with the name of your container service.
+ ** with the label that you want to give your container image when it's stored on your container service. Specify a descriptive label that you can use to track the different versions of your registered container images.
The label will be part of the container image name generated by your container service. For example, if your container service name is `container-service-1`, the container image label is `mystaticsite`, and this is the first version of the container image you're pushing, then the image name generated by your container service will be `:container-service-1.mystaticsite.1`.
+ ** with the name of the container image that you want to push to your container service. You obtained the container image name in the previous step of this procedure.
+ ** with the tag of the container image that you want to push to your container service. You obtained the container image tag in the previous step of this procedure.
Example:
```
aws lightsail push-container-image --region us-west-2 --service-name myservice --label mystaticwebsite --image mystaticwebsite:v2
```
You should see a result similar to the following example, which confirms that your container image was pushed to your container service.
![\[Docker container image pushed to a Lightsail container service\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-container-service-pushed-image.png)
Refer to the following [View container images stored on your container service](#view-pushed-container-images) section of this guide to view your pushed container image in your container service on the Lightsail console.
## View container images stored on your container service
Complete the following procedure to view container images that were pushed, and are being stored, on your container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to view the stored container images.
1. On the container service management page, choose the **Images** tab.
**Note**
The **Images** tab is not displayed if you have not pushed images to your container service. To display the images tab for your container service you must first push container images to your service.
The **Images** page lists the container images that were pushed to your container service, and are currently being stored on your service. Container images that are being used in a current deployment cannot be deleted and are listed with a grayed-out delete icon.
![\[The stored images page of the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-container-services-stored-images-page.png)
You can create deployments using container images stored on your service. For more information, see Creating and managing deployments for your Amazon Lightsail container services.
## Delete container images stored on your container service
Complete the following procedure to delete container images that were pushed, and are being stored, on your container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to view the current deployment.
1. On the container service management page, choose the **Images** tab.
**Note**
The **Images** tab is not displayed if you have not pushed images to your container service. To display the images tab for your container service you must first push container images to your service.
1. Find the container image you want to delete, and choose the delete (trash bin) icon.
**Note**
Container images that are being used in a current deployment cannot be deleted and their delete icons are grayed-out.
1. In the confirmation prompt that appears, choose **Yes, delete** to confirm that you want to permanently delete the stored image.
Your stored container image is immediately deleted from your container service.
# Install Docker, AWS CLI, and the Lightsail Control plugin for containers
You can use the Amazon Lightsail console to create your Lightsail container services, and create deployments using container images from an online public registry, such as Amazon ECR Public Gallery. To create your own container images, and push them to your container service, you must install the following additional software on the same computer on which you plan to create your container images:
+ **Docker** – Run, test, and create your own container images that you can then use with your Lightsail container service.
+ **AWS Command Line Interface (AWS CLI)** – Specify parameters of the container images you create, and then push them to your Lightsail container service. Version 2.1.1 and later will work with the Lightsail Control plugin.
+ **Lightsail Control (lightsailctl) plugin** – Enables the AWS CLI to access the container images that are on the local machine.
The following sections of this guide describe where to go to download these software packages, and how to install them. For more information about container services, see [Container services](amazon-lightsail-container-services.md).
**Contents**
+ [Install Docker](#install-software-docker)
+ [Install the AWS CLI](#install-software-aws-cli)
+ [Install the Lightsail Control plugin](#install-software-lightsailctl)
+ [Install the lightsailctl plugin on Windows](#install-lightsailctl-on-windows)
+ [Install the lightsailctl plugin on macOS](#install-lightsailctl-on-macos)
+ [Install the lightsailctl plugin on Linux](#install-lightsailctl-on-linux)
## Install Docker
Docker is a technology that allows you to build, run, test, and deploy distributed applications that are based on Linux containers. You must install and use Docker software if you want to create your own container images that you can then use with your Lightsail container service. For more information, see [Create container images for your Lightsail container services](amazon-lightsail-creating-container-images.md).
Docker is available for many different operating systems, including most modern Linux distributions, like Ubuntu, and even macOS and Windows. For more information about how to install Docker on your particular operating system, see the [Docker installation guide](https://docs.docker.com/engine/installation/#installation).
**Note**
Always install the latest version of Docker. Older versions of Docker are not guaranteed to work with the AWS CLI and Lightsail Control (lightsailctl) plugin described later in this guide.
## Install the AWS CLI
The AWS CLI is an open source tool that enables you to interact with AWS services, such as Lightsail, using commands in your command-line shell. You must install and use the AWS CLI to push your container images, created on your local machine, to your Lightsail container service.
The AWS CLI is available in the following versions:
+ **Version 2.x** – The current, generally available release of the AWS CLI. This is the most recent major version of the AWS CLI and supports all of the latest features, including the ability to push container images to your Lightsail container services. Version 2.1.1 and later will work with the Lightsail Control plugin.
+ **Version 1.x** – The previous version of the AWS CLI that is available for backwards compatibility. This version does not support the ability to push your container images to your Lightsail container services. Therefore, you must install the AWS CLI version 2 instead.
The AWS CLI version 2 is available for Linux, macOS, and Windows operating systems. For instructions on how to install the AWS CLI on those operating systems, see [Installing the AWS CLI version 2](https://docs.aws.amazon.com/cli/latest/userguide/install-cliv2.html) in the *AWS CLI User Guide*.
## Install the Lightsail Control plugin
The Lightsail Control (lightsailctl) plugin is a lightweight application that allows the AWS CLI to access the container images that you created on your local machine. It allows you to push container images to your Lightsail container service, so that you can deploy them to your service.
**System requirements**
+ A Windows, macOS, or Linux operating system with 64-bit support.
+ AWS CLI version 2 must be installed on your local machine in order to use the lightsailctl plugin. For more information, see the [Install the AWS CLI](#install-software-aws-cli) section earlier in this guide.
**Use the latest version of the lightsailctl plugin**
The lightsailctl plugin is updated occasionally with enhanced functionality. Each time you use the lightsailctl plugin, it performs a check to confirm you're using the latest version. If it finds that a new version is available, it prompts you to update to the latest version to take advantage of the latest features. When an updated version is available, you must repeat the installation process to get the latest version of the lightsailctl plugin.
The following lists all releases of the lightsailctl plugin and the features and enhancements included with each version.
+ **v1.0.0 (released November 12, 2020)** – Initial release adds functionality for the AWS CLI version 2 to push container images to a Lightsail container service.
### Install the lightsailctl plugin on Windows
Complete the following procedure to install the lightsailctl plugin on Windows.
1. Download the executable from the following URL, and save it to the `C:\Temp\lightsailctl\` directory.
```
https://s3.us-west-2.amazonaws.com/lightsailctl/latest/windows-amd64/lightsailctl.exe
```
1. Choose the **Windows Start** button, and then search for `cmd`.
1. Right-click the **Command Prompt** application in the results, and choose **Run as administrator**.
![\[Run Command Prompt as administrator\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsailctl-cmd-run-as-administrator.png)
**Note**
You may see a prompt that asks if you want to allow Command Prompt to make changes to your device. You must choose **Yes** to continue with the installation.
1. Enter the following command to set a path environment variable that points to the `C:\Temp\lightsailctl\` directory where you saved the lightsailctl plugin.
```
setx PATH "%PATH%;C:\Temp\lightsailctl" /M
```
You should see a result similar to the following example.
![\[Command line response to setx command\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lighstailctl-setx-command.png)
The `setx` command will truncate beyond 1024 characters. Use the following procedure to manually set the path environment variable if you already have multiple variables set in your PATH.
1. On the **Start** menu, open **Control Panel**.
1. Choose **System and Security**, then **System**.
1. Choose **Advanced system settings**.
1. On the **Advanced** tab of the **System Properties** dialog box, choose **Environment Variables**.
1. In the **System Variables** box of the **Environment Variables** dialog box, select **Path**.
1. Choose the **Edit** button located under the **System Variables** box.
![\[Windows system variables\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-windows-system-variables.png)
1. Choose **New**, then enter the following path: `C:\Temp\lightsailctl\`
![\[Windows environment variables\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/lightsail-windows-edit-env-variable.png)
1. Choose **OK** in three successive dialog boxes, and then close the **System** dialog box.
You are now ready to use the AWS Command Line Interface (AWS CLI) to push container images to your Lightsail container service. For more information, see [Push and manage container images](amazon-lightsail-pushing-container-images.md).
### Install the lightsailctl plugin on macOS
Complete one of the following procedures to download and install the lightsailctl plugin on macOS.
**Homebrew download and install**
1. Open a terminal window.
1. Enter the following command to download and install the lightsailctl plugin.
```
brew install aws/tap/lightsailctl
```
**Note**
For more information about Homebrew, see the [Homebrew](https://brew.sh/) website.
**Manual download and install**
1. Open a terminal window.
1. Enter the following command to download the lightsailctl plugin and copy it to the bin folder.
```
curl "https://s3.us-west-2.amazonaws.com/lightsailctl/latest/darwin-amd64/lightsailctl" -o "/usr/local/bin/lightsailctl"
```
1. Enter the following command to make the plugin executable.
```
chmod +x /usr/local/bin/lightsailctl
```
1. Enter the following command to clear extended attributes for the plugin.
```
xattr -c /usr/local/bin/lightsailctl
```
You are now ready to use the AWS CLI to push container images to your Lightsail container service. For more information, see [Push and manage container images](amazon-lightsail-pushing-container-images.md).
### Install the lightsailctl plugin on Linux
Complete the following procedure to install the Lightsail container services plugin on Linux.
1. Open a terminal window.
1. Enter the following command to download the lightsailctl plugin.
+ For the AMD 64-bit architecture version of the plugin:
```
curl "https://s3.us-west-2.amazonaws.com/lightsailctl/latest/linux-amd64/lightsailctl" -o "/usr/local/bin/lightsailctl"
```
+ For the ARM 64-bit architecture version of the plugin:
```
curl "https://s3.us-west-2.amazonaws.com/lightsailctl/latest/linux-arm64/lightsailctl" -o "/usr/local/bin/lightsailctl"
```
1. Enter the following command to make the plugin executable.
```
sudo chmod +x /usr/local/bin/lightsailctl
```
You are now ready to use the AWS CLI to push container images to your Lightsail container service. For more information, see [Push and manage container images](amazon-lightsail-pushing-container-images.md).
# Grant Lightsail container services access to Amazon ECR private repositories
Amazon Elastic Container Registry (Amazon ECR) is an AWS managed container image registry service that supports private repositories with resource-based permissions using AWS Identity and Access Management (IAM). You can give your Amazon Lightsail container services access to your Amazon ECR private repositories AWS Region. Then, you can deploy images from your private repository to your container services.
You can manage access for your Lightsail container services and your Amazon ECR private repositories by using the Lightsail console or the AWS Command Line Interface (AWS CLI). However, we recommend that you use the Lightsail console because it simplifies the process.
For more information about container services, see [Container services](amazon-lightsail-container-services.md). For more information about Amazon ECR, see the [Amazon ECR User Guide](https://docs.aws.amazon.com/AmazonECR/latest/userguide/what-is-ecr.html).
**Contents**
+ [Required permissions](#ecr-private-repos-permissions)
+ [Use the Lightsail console to manage access to private repositories](#ecr-private-repo-access-lightsail-console)
+ [Use the AWS CLI to manage access to private repositories](#ecr-private-repo-access-cli)
+ [Activate or deactivate the Amazon ECR image puller IAM role](#activate-ecr-puller-role)
+ [Determine if your Amazon ECR private repository has a policy statement](#identify-ecr-repo-policy-statement)
+ [Add a policy to a private repository that doesn't have a policy statement](#ecr-private-repo-add-policy-no-policy)
+ [Add a policy to a private repository that has a policy statement](#ecr-private-repo-add-policy-existing-policy)
## Required permissions
The user who will manage access for Lightsail container services to Amazon ECR private repositories must have one of the following permissions policies in IAM. For more information, see [Adding and removing IAM identity permissions](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_manage-attach-detach.html) in the *AWS Identity and Access Management User Guide*.
**Grant access to any Amazon ECR private repository**
The following permissions policy grants a user permission to configure access to any Amazon ECR private repository.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ManageEcrPrivateRepositoriesAccess",
"Effect": "Allow",
"Action": [
"ecr:SetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:DeleteRepositoryPolicy",
"ecr:GetRepositoryPolicy"
],
"Resource": "arn:aws:ecr:*:111122223333:repository/*"
}
]
}
```
------
In the policy, replace *AwsAccountId* with your AWS account ID number.
**Grant access to a specific Amazon ECR private repository**
The following permissions policy grants a user permission to configure access to a specific Amazon ECR private repository, in a specific AWS Region.
In the policy, replace the following example text with your own:
+ *AwsRegion* — The AWS Region code (for example, `us-east-1`) of the private repository. Your Lightsail container service must be in the same AWS Region as the private repositories that you want to access.
+ *AwsAccountId* — Your AWS account ID number.
+ *RepositoryName* — The name of the private repository for which you want to manage access.
Following is an example of the permissions policy populated with example values.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "ManageEcrPrivateRepositoriesAccess",
"Effect": "Allow",
"Action": [
"ecr:SetRepositoryPolicy",
"ecr:DescribeRepositories",
"ecr:DeleteRepositoryPolicy",
"ecr:GetRepositoryPolicy"
],
"Resource": "arn:aws:ecr:us-east-1:111122223333:repository/my-private-repo"
}
]
}
```
------
## Use the Lightsail console to manage access to private repositories
Complete the following procedure to use the Lightsail console to manage access for a Lightsail container service to an Amazon ECR private repository.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to configure access to an Amazon ECR private repository.
![\[Container service in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-card.png)
1. Choose the **Images** tab.
![\[Images tab in the container service management page of the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-images-tab.png)
1. Choose **Add repository** to grant access for your container service to an Amazon ECR private repository.
**Note**
You can choose **Remove** to remove access for your container service from a previously added Amazon ECR private repository.
![\[Amazon ECR private repositories section of the Images tab\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-ecr-repos-section.png)
1. In the dropdown that appears, select the private repository that you would like to access, and then choose **Add**.
![\[Amazon ECR private repositories dropdown selection\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-ecr-repos-selection.png)
Lightsail takes a few moments to activate the Amazon ECR image puller IAM role for your container service, which includes a principal Amazon Resource Name (ARN). Lightsail then automatically adds the IAM role principal ARN to the permissions policy of the Amazon ECR private repository that you selected. This grants your container service access to the private repository and its images. Don't close the browser window until the modal that appears indicates that the process is completed and you can choose **Continue**.
![\[Modal confirming that permissions are being added to Amazon ECR private repository\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-ecr-repos-confirmation-modal.png)
1. Choose **Continue** when the activation is completed.
After the selected Amazon ECR private repository is added it is listed in the **Amazon ECR private repositories** section of the page. The page includes instructions for how to deploy an image from the private repository to your Lightsail container service. To use an image from your private repository, specify the URI format that is displayed on the page as the **Image** value when creating your container service deployment. In the URI that you specify, replace the example *\$1image tag\$1* with the tag of the image you want to deploy. For more information, see [Create and manage container service deployments](amazon-lightsail-container-services-deployments.md).
![\[Next steps after adding an Amazon ECR private repository\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-ecr-repos-next-steps.png)
## Use the AWS CLI to manage access to private repositories
Managing access for a Lightsail container service to an Amazon ECR private repository using the AWS Command Line Interface (AWS CLI) requires the following steps:
**Important**
We recommend that you use the Lightsail console to manage access for a Lightsail container service to an Amazon ECR private repository because it simplifies the process. For more information, see [Use the Lightsail console to manage access to private repositories](#ecr-private-repo-access-lightsail-console) earlier in this guide.
1. **Activate or deactivate the Amazon ECR image puller IAM role** — Use the AWS CLI `update-container-service` command for Lightsail to activate or deactivate the Amazon ECR image puller IAM role. A principal Amazon Resource Name (ARN) is created for the Amazon ECR image puller IAM role when you activate it. For more information, see the [Activate or deactivate the Amazon ECR image puller IAM role](#activate-ecr-puller-role) section of this guide.
1. **Determine if your Amazon ECR private repository has a policy statement** — After you activate the Amazon ECR image puller IAM role, you need to determine if the Amazon ECR private repository that you want to access with your container service has an existing policy statement. For more information, see [Determine if your Amazon ECR private repository has a policy statement](#identify-ecr-repo-policy-statement) later in this guide.
You add the IAM role principal ARN to your repository using one of the following methods, depending on whether your repository has an existing policy statement:
1. **Add a policy to a private repository that doesn't have a policy statement** — Use the AWS CLI `set-repository-policy` command for Amazon ECR to add the Amazon ECR image puller role principal ARN for your container service to a private repository that has an existing policy. For more information, see [Add a policy to a private repository that doesn't have a policy statement](#ecr-private-repo-add-policy-no-policy) later in this guide.
1. **Add a policy to a private repository that has a policy statement** — Use the AWS CLI `set-repository-policy` command for Amazon ECR to add the Amazon ECR image puller role for your container service to a private repository that doesn't have an existing policy. For more information, see [Add a policy to a private repository that has a policy statement](#ecr-private-repo-add-policy-existing-policy) later in this guide.
### Activate or deactivate the Amazon ECR image puller IAM role
Complete the following procedure to activate or deactivate the Amazon ECR image puller IAM role for your Lightsail container service. You can activate or deactivate the Amazon ECR image puller IAM role using the AWS CLI `update-container-service` command for Lightsail. For more information, see [update-container-service](https://docs.aws.amazon.com/cli/latest/reference/lightsail/update-container-service.html) in the *AWS CLI Command Reference*.
**Note**
You must install the AWS CLI and configure it for Lightsail before you can continue with this procedure. For more information, see [Configure the AWS CLI to work with Lightsail](lightsail-how-to-set-up-and-configure-aws-cli.md).
1. Open a Command Prompt or Terminal window.
1. Enter the following command to update a container service and activate or deactivate the Amazon ECR image puller IAM role.
```
aws lightsail update-container-service --service-name ContainerServiceName --private-registry-access ecrImagePullerRole={isActive=RoleActivationState} --region AwsRegionCode
```
In the command, replace the following example text with your own:
+ *ContainerServiceName* — The name of the container service for which to activate or deactivate the Amazon ECR image puller IAM role.
+ *RoleActivationState* — The activation state of the Amazon ECR image puller IAM role. Specify `true` to activate the role, or `false` to deactivate it.
+ *AwsRegionCode* — The AWS Region code of the container service (for example, `us-east-1`).
Examples:
+ To activate the Amazon ECR image puller IAM role:
```
aws lightsail update-container-service --service-name my-container-service --private-registry-access ecrImagePullerRole={isActive=true} --region us-east-1
```
+ To deactivate the Amazon ECR image puller IAM role:
```
aws lightsail update-container-service --service-name my-container-service --private-registry-access ecrImagePullerRole={isActive=false} --region us-east-1
```
1. If you:
+ **Activated the Amazon ECR image puller role** — Wait at least 30 seconds after getting the previous response. Then, continue to the next step to get the principal ARN of the Amazon ECR image puller IAM role for your container service.
+ **Deactivated the Amazon ECR image puller role** — If you previously added the Amazon ECR image puller IAM role principal ARN to the permissions policy of your Amazon ECR private repository, you should remove that permissions policy from your repository. For more information, see [Deleting a private repository policy statement](https://docs.aws.amazon.com/AmazonECR/latest/userguide/delete-repository-policy.html) in the *Amazon ECR User Guide*.
1. Enter the following command to get the principal ARN of the Amazon ECR image puller IAM role for your container service.
```
aws lightsail get-container-services --service-name ContainerServiceName --region AwsRegionCode
```
In the command, replace the following example text with your own:
+ *ContainerServiceName* — The name of your container service for which to get the Amazon ECR image puller IAM role principal ARN.
+ *AwsRegionCode* — The AWS Region code of the container service (for example, `us-east-1`).
Example:
```
aws lightsail get-container-services --service-name my-container-service --region us-east-1
```
Look for the ECR image puller IAM role principal ARN in the response. If a role is listed, copy it or write it down. You will need it for the next section of this guide. Next, you need to determine if there is an existing policy statement on the Amazon ECR private repository that you want to access with your container service. Continue to the [Determine if your Amazon ECR private repository has a policy statement](#identify-ecr-repo-policy-statement) section of this guide.
### Determine if your Amazon ECR private repository has a policy statement
Use the following procedure to determine if your Amazon ECR private repository has a policy statement. You can use the AWS CLI `get-repository-policy` command for Amazon ECR. For more information, see [update-container-service](https://docs.aws.amazon.com/cli/latest/reference/ecr/get-repository-policy.html) in the *AWS CLI Command Reference*.
**Note**
You must install the AWS CLI and configure it for Amazon ECR before you can continue with this procedure. For more information, see [Setting up with Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/get-set-up-for-amazon-ecr.html) in the *Amazon ECR User Guide*.
1. Open a Command Prompt or Terminal window.
1. Enter the following command to get the policy statement for a specific private repository.
```
aws ecr get-repository-policy --repository-name RepositoryName --region AwsRegionCode
```
In the command, replace the following example text with your own:
+ *RepositoryName* — The name of the private repository for which you want to configure access for a Lightsail container service.
+ *AwsRegionCode* — The AWS Region code of the private repository (for example, `us-east-1`).
Example:
```
aws ecr get-repository-policy --repository-name my-private-repo --region us-east-1
```
You should see one of the following responses:
+ **RepositoryPolicyNotFoundException** — Your private repository does not have a policy statement. If your repository doesn't have a policy statement, follow the steps in the [Add a policy to a private repository that doesn't have a policy statement](#ecr-private-repo-add-policy-no-policy) section later in this guide.
![\[Response to the get-repository-policy command for a private repository that doesn't have a policy statement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/ecr-no-policy-statement.png)
+ **A repository policy was found** - Your private repository has a policy statement, and it is displayed in the response of your request. If your repository has a policy statement, copy the existing policy and then follow the steps in the [Add a policy to a private repository that has a policy statement](#ecr-private-repo-add-policy-existing-policy) section later in this guide.
![\[Response to the get-repository-policy command for a private repository that has a policy statement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/ecr-existing-policy-statement.png)
### Add a policy to a private repository that doesn't have a policy statement
Complete the following procedure to add a policy to an Amazon ECR private repository that doesn't have a policy statement. The policy that you add must include the Amazon ECR image puller IAM role principal ARN of your Lightsail container service. This grants access for your container service to deploy images from the private repository.
**Important**
Lightsail automatically adds the Amazon ECR image puller role to your Amazon ECR private repositories when you use the Lightsail console to configure access. In that case, you don't have to manually add the Amazon ECR image puller role to your private repositories using the procedure in this section. For more information, see [Use the Lightsail console to manage access to private repositories](#ecr-private-repo-access-lightsail-console) earlier in this guide.
You can add a policy to a private repository using the AWS CLI. You do this by creating a JSON file that contains the policy, and then referencing that file with the `set-repository-policy` command for Amazon ECR. For more information, see [set-repository-policy](https://docs.aws.amazon.com/cli/latest/reference/ecr/set-repository-policy.html) in the *AWS CLI Command Reference*.
**Note**
You must install the AWS CLI and configure it for Amazon ECR before continuing with this procedure. For more information, see [Setting up with Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/get-set-up-for-amazon-ecr.html) in the *Amazon ECR User Guide*.
1. Open a text editor, and paste the following policy statement into a new text file.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowLightsailPull-ecr-private-repo-demo",
"Effect": "Allow",
"Principal": {
"AWS": "IamRolePrincipalArn"
},
"Action": [
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}
```
------
In the text, replace *IamRolePrincipalArn* with the Amazon ECR image puller IAM role principal ARN of your container service that you got earlier in this guide.
1. Save the file as `ecr-policy.json` to an accessible location on your computer (for example, `C:\Temp\ecr-policy.json` on Windows or `/tmp/ecr-policy.json` on macOS or Linux).
1. Write down the file path location of the `ecr-policy.json` file created. You will specify it in a command later in this procedure.
1. Open a Command Prompt or Terminal window.
1. Enter the following command to set the policy statement for the private repository that you want to access with your container service.
```
aws ecr set-repository-policy --repository-name RepositoryName --policy-text file://path/to/ecr-policy.json --region AwsRegionCode
```
In the command, replace the following example text with your own:
+ *RepositoryName* — The name of the private repository for which you want to add the policy.
+ *path/to/* — The path to the `ecr-policy.json` file on your computer that you created earlier in this guide.
+ *AwsRegionCode* — The AWS Region code of the private repository (for example, `us-east-1`).
Examples:
+ On Windows:
```
aws ecr set-repository-policy --repository-name my-private-repo --policy-text file://C:\Temp\ecr-policy.json --region us-east-1
```
+ On macOS or Linux:
```
aws ecr set-repository-policy --repository-name my-private-repo --policy-text file:///tmp/ecr-policy.json --region us-east-1
```
Your container service is now able to access your private repository and its images. To use an image from your repository, specify the following URI as the **Image** value for your container service deployment. In the URI, replace the example *tag* with the tag of the image you want to deploy. For more information, see [Create and manage container service deployments](amazon-lightsail-container-services-deployments.md).
```
AwsAccountId.dkr.ecr.AwsRegionCode.amazonaws.com/RepositoryName:ImageTag
```
In the URI, replace the following example text with your own:
+ *AwsAccountId* — Your AWS account ID number.
+ *AwsRegionCode* — The AWS Region code of the private repository (for example, `us-east-1`).
+ *RepositoryName* — The name of the private repository from which to deploy a container image.
+ *ImageTag* — The tag of the container image from the private repository to deploy on your container service.
Example:
```
111122223333.dkr.ecr.us-east-1.amazonaws.com/my-private-repo:myappimage
```
### Add a policy to a private repository that has a policy statement
Complete the following procedure to add a policy to an Amazon ECR private repository that has a policy statement. The policy that you add must include the existing policy and a new policy that contains the Amazon ECR image puller IAM role principal ARN of your Lightsail container service. This maintains the existing permissions on your private repository while also granting access for your container service to deploy images from the private repository.
**Important**
Lightsail automatically adds the Amazon ECR image puller role to your Amazon ECR private repositories when you use the Lightsail console to configure access. In that case, you don't have to manually add the Amazon ECR image puller role to your private repositories using the procedure in this section. For more information, see [Use the Lightsail console to manage access to private repositories](#ecr-private-repo-access-lightsail-console) earlier in this guide.
You can add a policy to a private repository using the AWS CLI. You do this by creating a JSON file that contains the existing policy and the new policy. Then, reference that file with the `set-repository-policy` command for Amazon ECR. For more information, see [set-repository-policy](https://docs.aws.amazon.com/cli/latest/reference/ecr/set-repository-policy.html) in the *AWS CLI Command Reference*.
**Note**
You must install the AWS CLI and configure it for Amazon ECR before you can continue with this procedure. For more information, see [Setting up with Amazon ECR](https://docs.aws.amazon.com/AmazonECR/latest/userguide/get-set-up-for-amazon-ecr.html) in the *Amazon ECR User Guide*.
1. Open a Command Prompt or Terminal window.
1. Enter the following command to get the policy statement for a specific private repository.
```
aws ecr get-repository-policy --repository-name RepositoryName --region AwsRegionCode
```
In the command, replace the following example text with your own:
+ *RepositoryName* — The name of the private repository for which you want to configure access for a Lightsail container service.
+ *AwsRegionCode* — The AWS Region code of the private repository (for example, `us-east-1`).
Example:
```
aws ecr get-repository-policy --repository-name my-private-repo --region us-east-1
```
1. In the response, copy the existing policy and continue to the next step.
You should copy only the content of the `policyText` that appears between the double quotes, as highlighted in the following example.
![\[Response to the get-repository-policy command for a private repository that doesn't have a policy statement\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/ecr-existing-policy-copy-statement.png)
1. Open a text editor, and paste the existing policy from your private repository that you copied in the previous step.
The result should look like the following example.
![\[Example policy statement JSON file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/ecr-existing-policy-statement-json.png)
1. In the text that you pasted, replace `\n` with line breaks and delete the remaining `\`.
The result should look like the following example.
![\[Example edited policy statement JSON file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/ecr-existing-policy-statement-json-edited.png)
1. Paste the following policy statement at the end of the text file.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "AllowLightsailPull-ecr-private-repo-demo",
"Effect": "Allow",
"Principal": {
"AWS": "IamRolePrincipalArn"
},
"Action": [
"ecr:BatchGetImage",
"ecr:GetDownloadUrlForLayer"
]
}
]
}
```
------
1. In the text, replace *IamRolePrincipalArn* with the Amazon ECR image puller IAM role principal ARN of your container service that you got earlier in this guide.
The result should look like the following example.
![\[Example complete policy statement JSON file\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/ecr-existing-policy-statement-json-completed.png)
1. Save the file as `ecr-policy.json` to an accessible location on your computer (for example, `C:\Temp\ecr-policy.json` on Windows or `/tmp/ecr-policy.json` on macOS or Linux).
1. Write down the file path location of the `ecr-policy.json` file. You will specify it in a command later in this procedure.
1. Open a Command Prompt or Terminal window.
1. Enter the following command to set the policy statement for the private repository that you want to access with your container service.
```
aws ecr set-repository-policy --repository-name RepositoryName --policy-text file://path/to/ecr-policy.json --region AwsRegionCode
```
In the command, replace the following example text with your own:
+ *RepositoryName* — The name of the private repository for which you want to add the policy.
+ *path/to/* — The path to the `ecr-policy.json` file on your computer that you created earlier in this guide.
+ *AwsRegionCode* — The AWS Region code of the private repository (for example, `us-east-1`).
Examples:
+ On Windows:
```
aws ecr set-repository-policy --repository-name my-private-repo --policy-text file://C:\Temp\ecr-policy.json --region us-east-1
```
+ On macOS or Linux:
```
aws ecr set-repository-policy --repository-name my-private-repo --policy-text file:///tmp/ecr-policy.json --region us-east-1
```
You should see a response similar to the following example.
![\[Response to the set-repository-policy command\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/ecr-set-policy-statement-response.png)
If you run the `get-repository-policy` command again, you should see the new additional policy statement on your private repository. Your container service is now able to access your private repository and its images. To use an image from your repository, specify the following URI as the **Image** value for your container service deployment. In the URI, replace the example *tag* with the tag of the image you want to deploy. For more information, see [Create and manage container service deployments](amazon-lightsail-container-services-deployments.md).
```
AwsAccountId.dkr.ecr.AwsRegionCode.amazonaws.com/RepositoryName:ImageTag
```
In the URI, replace the following example text with your own:
+ *AwsAccountId* — Your AWS account ID number.
+ *AwsRegionCode* — The AWS Region code of the private repository (for example, `us-east-1`).
+ *RepositoryName* — The name of the private repository from which to deploy a container image.
+ *ImageTag* — The tag of the container image from the private repository to deploy on your container service.
Example:
```
111122223333.dkr.ecr.us-east-1.amazonaws.com/my-private-repo:myappimage
```
# Create and manage container service deployments in Lightsail
Create a deployment when you're ready to launch containers on your Amazon Lightsail container service. A deployment is a set of specifications for the containers that you wish to launch on your service. Your container service can have one running deployment at a time, and a deployment can have up to 10 container entries. You can create a deployment at the same time as you create your container service, or you can create it after your service is up and running.
**Note**
If you create a new deployment, then the existing utilization metrics of your container service will disappear, and only metrics for the new current deployment will be shown.
For more information about container services, see [Container services in Amazon Lightsail](amazon-lightsail-container-services.md).
**Contents**
+ [Prerequisites](#creating-container-deployments-prerequisites)
+ [Deployment parameters](#creating-container-deployments-parameters)
+ [Container entry parameters](#creating-deployments-container-entry)
+ [Public endpoint parameters](#creating-deployments-public-endpoint)
+ [Communication between containers](#communication-between-containers)
+ [Container logs](#creating-deployments-container-logs)
+ [Deployment versions](#creating-deployments-versions)
+ [Deployment status](#creating-deployment-status)
+ [Deployment failures](#creating-deployment-failures)
+ [View your current container service deployment](#view-container-service-deployment)
+ [Create or modify your container service deployment](#creating-container-service-deployment)
## Prerequisites
Complete the following prerequisites before you get started with creating a deployment in your container service:
+ Create your container service in your Lightsail account. For more information, see [Creating Amazon Lightsail container services](amazon-lightsail-creating-container-services.md).
+ Identify the container images that you want to use when you launch containers on your container service.
+ Find container images on a public registry, such as the Amazon ECR Public Gallery. For more information, see [Amazon ECR Public Gallery](https://gallery.ecr.aws/) in the *Amazon ECR Public User Guide*.
+ Create container images on your local machine, then push them to your Lightsail container service. For more information, see the following guides:
+ [Installing software to manage container images for your Amazon Lightsail container services](amazon-lightsail-install-software.md)
+ [Create container service images](amazon-lightsail-creating-container-images.md)
+ [Push and manage container images](amazon-lightsail-pushing-container-images.md)
## Deployment parameters
This section describes the parameters that you can specify for the container entries and the public endpoint of your deployment.
### Container entry parameters
You can add up to 10 container entries in your deployment. Each container entry has the following parameters that you can specify:
![\[Deployment configuration of a container service in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-deployment-config.png)
+ **Container name** – Enter a name for the container. All containers within a deployment must have unique names, and must contain only alphanumeric characters and hyphens. A hyphen can separate words but it cannot be at the start or end of the name.
+ **Source image** – Specify a source container image for the container. You can specify container images from the following sources:
+ A public registry, such as the Amazon ECR Public Gallery, or some other public container image registry.
For more information about Amazon ECR Public, see [What Is Amazon Elastic Container Registry Public?](https://docs.aws.amazon.com/AmazonECR/latest/public/what-is-ecr.html) in the *Amazon ECR Public User Guide*.
+ Images pushed from your local machine to your container service. To specify a stored image, choose **Choose stored image**, and then select the image that you want to use.
If you create container images on your local machine, you can push them to your container service to use them when creating a deployment. For more information, see [Creating container images for your Amazon Lightsail container services](amazon-lightsail-creating-container-images.md) and [Pushing and managing container images on your Amazon Lightsail container services](amazon-lightsail-pushing-container-images.md).
+ **Launch command** – Specify a launch command to run a shell script or a bash script that configures your container when it's created. A launch command can do things like add software, update software, or configure your container in some other way.
+ **Environment variables** – Specify environment variables, which are key-value parameters that provide dynamic configuration of the application or script run by the container.
+ **Open ports** – Specify the ports and protocols to open on the container. You can specify to open any port over HTTP, HTTPS, TCP, and UDP. You must open an HTTP or HTTPS port for the container that you plan to use as the public endpoint of your container service. See the following section of this guide for more information.
### Public endpoint parameters
You can specify the container entry in the deployment that will serve as the public endpoint of your container service. The application on the public endpoint container is publicly accessible on the internet through a randomly generated default domain of your container service. The default domain is formatted as `https://...cs.amazonlightsail.com`, in which ** is the name of your container service, ** is a randomly generated globally unique identifier of your container service in the AWS Region for your Lightsail account, and ** is the AWS Region in which the container service was created. The public endpoint of Lightsail container services supports HTTPS only, and it does not support TCP or UDP traffic. Only one container can be the public endpoint for a service. So make sure that you choose the container that is hosting the front-end of your application as the public endpoint while rest of the containers are internally accessible.
**Note**
You can use your own custom domain name with your container service. For more information, see [Enabling and managing custom domains for your Amazon Lightsail container services](amazon-lightsail-enabling-container-services-custom-domains.md).
The public endpoint of your deployment, and container service, has the following parameters that you can specify:
![\[Public endpoint of a container service in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-deployment-public-endpoint-config.png)
+ **Endpoint container** – Select the name of the container in your deployment that will serve as the public endpoint of your container service. Only the containers that have an HTTP or HTTPS port open in the deployment are listed in the dropdown menu.
+ **Port** – Select the HTTP or HTTPS port to use for the public endpoint. Only the HTTP and HTTPS ports that are open on the selected container are listed in the dropdown menu. Select an HTTP port if the selected container is not configured to support an HTTPS connection when first launched.
**Note**
The default domain for your container service uses HTTPS by default even if you choose an HTTP port as the public endpoint port. This is because the load balancer of your container service is configured for HTTPS by default, but it uses HTTP to establish a connection with your containers.
The load balancer of your container service connects to your containers using HTTP, but serves content to users using HTTPS.
+ **Health check path** – Specify a path on the selected public endpoint container where your container service's load balancer will periodically check to make sure it's healthy.
+ **Advanced health check settings** – You can configure the following health check settings for the selected public endpoint container:
+ **Health check timeout seconds** - The amount of time, in seconds, to wait for a response. If no response is received during this time, the health check fails. You can specify 2–60 seconds.
+ **Health check interval seconds** - The approximate interval, in seconds, between health checks of the container. You can specify 5–300 seconds.
+ **Health check success codes** - The HTTP codes to use when checking for a successful response from a container. You can specify values between 200 and 499. You can specify multiple values (for example, 200,202) or a range of values (for example, 200–299).
+ **Health check healthy threshold** - The number of consecutive health check successes required before moving the container to the Healthy state.
+ **Health check unhealthy threshold** - The number of consecutive health check failures required before moving the container to the Unhealthy state.
**Private domain**
All container services also have a private domain that is formatted as `.service.local`, in which ** is the name of your container service. Use the private domain to access your container service from another one of your Lightsail resources in the same AWS Region as your service. The private domain is the only way to access your container service if you don't specify a public endpoint in the deployment of your service. A default domain is generated for your container service even if you don't specify a public endpoint, but it will show a `404 No Such Service` error message when you try to browse to it.
To access a specific container using the private domain of your container service, you must specify the open port of the container that will accept your connection request. You do this by formatting the domain of your request as `.service.local:`, in which ** is the name of your container service and ** is the open port of the container that you wish to connect to. For example, if you create a deployment on your container service named `container-service-1`, and you specify a Redis container with port `6379` open, then you should format the domain of your request as `container-service-1.service.local:6379`.
## Communication between containers
Using environment variables, you can open communications between containers within the same container service, containers within different container services, or between a container and other resources (for example, between a container and a managed database).
To open communication between containers within the same container service, add an environment variable to your container deployment that references `localhost` as shown in the following example.
![\[Container deployment with a localhost environment variable in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-container-service-environment-variable-localhost.png)
To open communication between containers that are in different container services, add an environment variable to your container deployment that references the private domain (for example, `container-service-1.service.local`) of the other container service as shown in the following example.
![\[Container deployment with a private domain environment variable in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-container-service-environment-variable-private-domain.png)
To open communication between containers and other resources, add an environment variable to your container deployment that references the public endpoint URL of the resource. For example, the public endpoint of a Lightsail managed database is typically `ls-123abc.czoexamplezqi.us-west-2.rds.amazonaws.com`. So you should reference that in the environment variable as shown in the following example.
![\[Container deployment with a resource public endpoint URL environment variable in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-container-service-environment-variable-service.png)
## Container logs
Every container in your deployment generates a log. The container logs provide the *stdout* and *stderr* streams of processes that run inside the container. Access your containers' logs periodically to diagnose their operations. For more information, see [Viewing the container logs of your Amazon Lightsail container services](amazon-lightsail-viewing-container-service-container-logs.md).
## Deployment versions
Every deployment that you create in your container service is saved as a deployment version. If you modify the parameters of an existing deployment, the containers are re-deployed to your service and the modified deployment results in a new deployment version. The latest 50 deployment versions for each container service are saved. You can use any of the 50 deployment versions to create a new deployment in the same container service. For more information, see [Viewing and managing deployment versions of your Amazon Lightsail container services](amazon-lightsail-container-services-deployment-versions.md).
## Deployment status
Your deployment can be in one of the following states after it's created:
+ **Activating** – Your deployment is activating and your containers are being created.
+ **Active** – Your deployment was successfully created, and it's currently running on your container service.
+ **Inactive** – Your previously successfully created deployment is no longer running on your container.
+ **Failed** – Your deployment failed because one or more of the containers specified in the deployment failed to launch.
## Deployment failures
Your deployment fails if one or more containers in your deployment fails to launch. If your deployment fails, and there is a previous deployment running on your container service, then your container service keeps the previous deployment as the active deployment. If there is no previous deployment, then your container service remains in ready state with no currently active deployment.
View the container logs of the failed deployment to diagnose and troubleshoot what went wrong. For more information, see [Viewing the container logs of your Amazon Lightsail container services](amazon-lightsail-viewing-container-service-container-logs.md).
## View your current container service deployment
Complete the following procedure to view the current deployment on your Lightsail container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to view the current deployment.
1. On the container service management page, choose the **Deployments** tab.
The **Deployments** page lists your current deployment and deployment versions. Both sections of the page are empty if you haven't created a deployment in your container service.
## Create or modify your container service deployment
Complete the following procedure to create or modify a deployment on your Lightsail container service. Whether you create a new deployment or modify an existing one, your container service saves your every deployment as a new deployment version. For more information, see [Viewing and managing deployment versions of your Amazon Lightsail container services](amazon-lightsail-container-services-deployment-versions.md).
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to create or modify a container service deployment.
1. On the container service management page, choose the Deployments tab.
The **Deployments** page lists your current deployment and deployment versions, if any.
1. Choose one of the following options:
+ If your container service has an existing deployment, choose **Modify your deployment**.
+ If your container service has not had a deployment, choose **Create a deployment**.
The deployment form opens, where you can edit existing deployment parameters, or enter new deployment parameters.
![\[Container service deployment form in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-deployment-form.png)
1. Enter the parameters of your deployment. For more information about the deployment parameters that you can specify, see the [Deployment parameters](#creating-container-deployments-parameters) section earlier in this guide.
1. Choose **Add container entry** to add more than one container entry to your deployment. You can have up to 10 container entries in your deployment.
1. Choose the container entry of your deployment to serve as the public endpoint container service. This includes specifying the HTTP or HTTPS port, the health check path on the selected container entry, and advanced health check settings. For more information, see [Public endpoint parameters](#creating-deployments-public-endpoint) earlier in this guide.
1. When you're done entering the parameters of your deployment, choose **Save and deploy** to create the deployment on your container service.
The status of your container service changes to **Deploying** while your deployment is being crated. After a few moments, the status of your container service changes to one of the following depending on the status of your deployment:
+ If your deployment succeeds, the status of your container service changes to **Running** and the status of the deployment changes to **Active**. If you configured a public endpoint in your deployment, then the container chosen as the public endpoint is available through the default domain of your container service.
+ If your deployment fails, and there is a previous deployment running on your container service, the status of your container service changes to **Running** and your container service keeps the previous deployment as the active deployment. If there is no previous deployment, the status of your container service changes to **Ready** with no currently active deployment. View the container logs of the failed deployment to diagnose and troubleshoot what went wrong. For more information, see Viewing the container logs of your Amazon Lightsail container services.
**Topics**
+ [Prerequisites](#creating-container-deployments-prerequisites)
+ [Deployment parameters](#creating-container-deployments-parameters)
+ [Communication between containers](#communication-between-containers)
+ [Container logs](#creating-deployments-container-logs)
+ [Deployment versions](#creating-deployments-versions)
+ [Deployment status](#creating-deployment-status)
+ [Deployment failures](#creating-deployment-failures)
+ [View your current container service deployment](#view-container-service-deployment)
+ [Create or modify your container service deployment](#creating-container-service-deployment)
+ [Change container capacity](amazon-lightsail-changing-container-service-capacity.md)
+ [Manage deployment versions](amazon-lightsail-container-services-deployment-versions.md)
+ [View container logs](amazon-lightsail-viewing-container-service-container-logs.md)
# Scale capacity for your Lightsail container service
The capacity of your Amazon Lightsail container service is made up of its scale and power. The scale specifies the number of compute nodes in your container service, and the power specifies the memory and vCPUs of each node in your service. You pick the scale based on the number of nodes you want powering your service for better availability and higher capacity
By following the procedure in this guide, you can dynamically increase the power and scale of your container service at any time without any down-time if you find that it's under-provisioned, or decrease it if you find that it's over-provisioned. Lightsail automatically manages the capacity change along with your current deployment.
**Note**
If you create a new deployment, then the existing utilization metrics of your container service will disappear, and only metrics for the new current deployment will be shown.
For more information about container services, see [Container services](amazon-lightsail-container-services.md).
## Change the capacity of your container service
Complete the following procedure to change the capacity of your Lightsail container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to change the capacity.
1. On the container service management page, choose the **Capacity** tab.
The current power, scale, and monthly price of your container service is displayed in the **Capacity** page.
1. Choose **Change capacity** to change the power and scale to something else.
1. On the confirmation prompt that appears, choose **Yes, continue** to acknowledge that changing the capacity of your container service will re-deploy the current deployment.
1. Choose the new power and scale of your container service.
1. Choose **Yes, apply** to apply the new capacity to your container service.
The status of your container service changes to **Updating**. After a few moments, the status of your service changes to **Enabled**, and it begins operating under its new capacity.
# View and manage Lightsail container service deployment versions
Every deployment that you create in your Amazon Lightsail container service is saved as a deployment version. If you modify the parameters of an existing deployment, the containers are re-deployed to your service and the modified deployment results in a new deployment version. The latest 50 deployment versions for each container service are saved. You can use any of the 50 deployment versions to create a new deployment in the same container service. In this guide, we show you how to view and manage the deployment versions of your container service.
For more information about container services, see [Container services](amazon-lightsail-container-services.md).
## Deployment version status
Each of your deployment versions can be in one of the following states after it's created:
+ **Deploying (Activating)** – The deployment is being launched.
+ **Active** – Your deployment was successfully created, and it's currently running on your container service. Your container service can have only one deployment in an active state at a time.
+ **Inactive** – Your previously successfully created deployment is no longer running on your container.
+ **Failed** – Your deployment failed because one or more of the containers specified in the deployment failed to launch.
## Prerequisites
Before you get started, you need to create a Lightsail container service. For more information, see [Create a container service](amazon-lightsail-creating-container-services.md).
You also should create a deployment in your container service that configures and launches your containers. For more information, see [Creating and managing deployments for your Amazon Lightsail container services](amazon-lightsail-container-services-deployments.md).
## View the deployment versions of a container service
Complete the following procedure to view the deployment versions of your Lightsail container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to view the deployment versions.
1. On the container service management page, choose the **Deployments** tab.
The **Deployments** page lists your current deployment and deployment versions, if any.
1. The deployment versions of your container service are listed under the **Deployment versions** section of the page.
Each deployment has a date, in which it was created, a status, and an actions menu.
1. Choose one of the following options through the actions menu of a deployment version:
+ **Create new deployment** – Choose this option to create a new deployment from the selected deployment version. For more information about creating a deployment, see [Create or modify your container service deployment](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-container-services-deployments#creating-container-service-deployment).
**Note**
If you choose to create a new deployment from a version that has a **Failed** status, then you must correct the cause of the failure before creating the deployment. Otherwise, the deployment will likely fail again.
+ **View details** – Choose this option to view the container entry and public endpoint parameters of the selected deployment version. You can also view the container logs for the deployment in case you need to diagnose a failed deployment. For more information, see [View container service logs](amazon-lightsail-viewing-container-service-container-logs.md).
# Analyze Lightsail container service logs
Every container in your Amazon Lightsail container service deployment generates a log. The container logs provide the stdout and stderr streams of processes that run inside your containers. Access your containers' logs periodically to diagnose their operations. The latest three days of log entries are stored before the oldest ones are replaced by the newest entries.
## Filter container logs
Container logs can have hundreds of entries per day. Use the filtering options to reduce the number of entries displayed in your log window, and make it easier to find what you're looking for. You can filter container logs by a start and end date (in local time), and by a specific term. When filtering by a term, you can choose to include or exclude log entries for the term you specify.
![\[Container service log filters in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-container-log-filter.png)
The *include* or *exclude* filter term looks for an exact match that is case-sensitive. For example, if you specify to include only log events that have `HTTP` in the message, then you will see all log events that include `HTTP` in the message, but none that include `http` in the message. If you specify to exclude `Error`, then you will see all log events that don't include `Error` in the message, and you will also see log events that include `ERROR` in the message.
## Prerequisites
Before you get started, you need to create a Lightsail container service. For more information, see [Creating Amazon Lightsail container services](amazon-lightsail-creating-container-services.md).
You also should create a deployment in your container service that configures and launches your containers. For more information, see [Creating and managing deployments for your Amazon Lightsail container services](amazon-lightsail-container-services-deployments.md).
## View the container logs
Complete the following procedure to view the container logs of your Lightsail container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to view the container logs.
1. On the container service management page, choose the **Deployments** tab.
The **Deployments** page lists your current deployment and deployment versions, if any.
1. Choose one of the following options to view container logs:
+ To access the container logs of the current deployment, choose **Open log** for the container entries under the **Current deployment** section of the page.
+ To access the container logs of a previous deployment, choose the actions menu icon (⋮) for a previous deployment under the **Deployment versions** section of the page, and then choose **Show details**. In the **Version details** page that appears, choose Open log for the container entries that are listed.
The container log opens in a new browser window. You can scroll down to view more log entries, and refresh the page to load the newest set of entries. The filtering options are displayed at the bottom of the page.
**Note**
Log entries are displayed in ascending order, and in Coordinated Universal Time (UTC). That is, the oldest log entries are at the top, and you must scroll down to see newer log entries.
![\[Container log in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-container-log.png)
# Enable secure web access with custom domains in Lightsail
Enable custom domains for your Amazon Lightsail container service to use your registered domain names with your service. Before you enable custom domains, your container service accepts traffic only for the default domain that is associated with your service when you first create it (e.g., `containerservicename.123456abcdef.us-west-2.cs.amazonlightsail.com`). When you enable custom domains, you choose the Lightsail SSL/TLS certificate that you created for the domains that you want to use with your container service, and then you choose the domains you want to use from that certificate. After you enable custom domains, your container service accepts traffic for all of the domains that are associated with the certificate that you chose.
**Important**
If you choose a Lightsail container service as the origin of your distribution, Lightsail automatically adds the default domain name of your distribution as a custom domain on your container service. This enables traffic to be routed between your distribution and your container service. However, there are some circumstances in which you might need to manually add the default domain name of your distribution to your container service. For more information, see [Add the default domain of a distribution to a container service](amazon-lightsail-adding-distribution-default-domain-to-container-service.md).
**Contents**
+ [Container service custom domain limits](#container-service-custom-domains-prerequisites)
+ [Prerequisites](#container-service-custom-domains-prerequisites)
+ [View custom domains for a container service](#container-service-view-custom-domains)
+ [Enable custom domains for a container service](#container-service-enable-custom-domains)
+ [Disable custom domains for a container service](#container-service-disable-custom-domains)
## Container service custom domain limits
The following limits apply to container service custom domains:
+ You can use up to 4 custom domains with each of your Lightsail container services, and you cannot use the same domains on more than one service.
+ If you use a Lightsail DNS zone to manage the DNS of your domain, then you can route traffic for the apex of your domain (e.g., `example.com`) and for subdomains (e.g., `www.example.com`) to your container services.
## Prerequisites
Before you get started, you need to create a Lightsail container service. For more information, see [Creating Amazon Lightsail container services](amazon-lightsail-creating-container-services.md).
You also should have created and validated an SSL/TLS certificate for your container service. For more information, see [Create container service SSL/TLS certificates](amazon-lightsail-creating-container-services-certificates.md) and [Validate container service SSL/TLS certificates](amazon-lightsail-validating-container-services-certificates.md).
## View custom domains for a container service
Complete the following procedure to view the custom domains that are currently enabled for your container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to view the enabled custom domains.
1. Locate the custom domain values in the heading of the container service management page, as shown in the following example. These are the custom domains that are currently enabled for the container service.
![\[Custom domains for a container service in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/container-service-custom-domains-heading.png)
1. On the container service management page, choose the **Custom domains** tab.
The custom domains being used under each attached certificate, are listed under the **Custom domain SSL/TLS certificates** section of the page. The certificates currently attached to your container service, are listed under the **Attached certificates** section.
## Enable custom domains for a container service
Complete the following procedure to enable custom domains for your Lightsail container service by attaching a certificate to your service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to enable custom domains.
1. On the container service management page, choose the **Custom domains** tab.
The **Custom domains** page displays the SSL/TLS certificates currently attached to your container service, if any.
1. Choose **Attach certificate**.
If you have no certificates, then you must first create and validate an SSL/TLS certificate for your domains, before you can attach it to your container service. For more information, see [Create container service SSL/TLS certificates](amazon-lightsail-creating-container-services-certificates.md).
1. In the dropdown menu that appears, select a valid certificate for the domain(s) that you want to use with your container service.
1. Verify the certificate information is correct, then choose **Attach**.
1. The container service's **Status** will change to **Updating**. After the status changes to **Ready**, the certificate's domain will appear in the **Custom domains** section.
1. Choose **Add domain assignment** to point the domain to your container service.
1. Verify the certificate and DNS information are correct, then choose **Add assignment**. After a few moments, traffic for the domain that you selected will begin to be accepted by your container service.
1. After you've added the domain assignment, open a new browser window and browse to the custom domain that you enabled for your container service. The application that is running on your container service, if any, should load.
## Disable custom domains for a container service
Complete the following procedure to disable custom domains for your Lightsail container service by detaching a certificate from your service, or by deselecting a previously selected domain.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service for which you want to disable custom domains.
1. On the container service management page, choose the **Custom domains** tab.
The **Custom domains** page displays the SSL/TLS certificates currently attached to your container service, if any.
1. Choose one of the following options:
1. Choose **Configure container service domains** to either deselect domains that were previously selected, or to select more domains that are associated to the container service.
1. Choose **Detach** to detach the certificate from the container service, and remove all of its associated domains from the service.
**Important**
If you haven't already done so, modify the DNS records of your domain so that traffic routes stops routing to your container service and instead routes to another resource.
**Topics**
+ [Container service custom domain limits](#container-service-custom-domains-limits)
+ [Prerequisites](#container-service-custom-domains-prerequisites)
+ [View custom domains for a container service](#container-service-view-custom-domains)
+ [Enable custom domains for a container service](#container-service-enable-custom-domains)
+ [Disable custom domains for a container service](#container-service-disable-custom-domains)
+ [Point Lightsail domain to container](amazon-lightsail-point-domain-to-container-service.md)
+ [Point Route 53 domain to container](amazon-lightsail-route-53-alias-record-for-container-service.md)
# Route domain traffic to a Lightsail container service
You must point your registered domain names to your Amazon Lightsail container service after you enabled custom domains for your service. You do this by adding an alias record to the DNS zone of each of the domains specified on the certificates that you're using with your container service. All of the records that you add should point to the default domain (e.g., `https://...cs.amazonlightsail.com`) of your container service.
In this guide, we provide you with the procedure to point your domains to your container service using a Lightsail DNS zone. For more information about Lightsail DNS zones, see [DNS in Amazon Lightsail](understanding-dns-in-amazon-lightsail.md).
For more information about container services, see [Container services](amazon-lightsail-container-services.md).
**Note**
If you're using Route 53 to host the DNS of your domain, then you should add the alias record to the hosted zone of your domain in Route 53. For more information, see [Routing traffic for a domain in Route 53 to an Amazon Lightsail container service](amazon-lightsail-route-53-alias-record-for-container-service.md).
## Prerequisite
Before you get started, you should enable custom domains for your Lightsail container service. For more information, see [Enabling and managing custom domains for your Amazon Lightsail container services](amazon-lightsail-enabling-container-services-custom-domains.md).
## Get the default domain of your container service
Complete the following procedure to get default domain name of your container service, which you specify when you add an alias record to the DNS of your domain.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of a container service for which want get the default domain name.
1. In the header section of your container service management page, make note of your default domain name. Your container service default domain name is similar to `...cs.amazonlightsail.com`.
You must add this value as part of a canonical name (CNAME) record in the DNS of your domains. We recommend that you copy and paste this value into a text file that you can refer to later. For more information, see the following [Add the CNAME records to your domain's DNS zone](#add-container-service-default-domain-record) section of this guide.
## Add a record to your domain's DNS zone
Complete the following procedure to add an address (A for IPv4 or AAAA for IPv6) record, or canonical (CNAME) record to your domain's DNS zone.
1. In the left navigation pane, choose **Domains & DNS**.
1. Under the **DNS zones** section of the page, choose the domain name to which you want to add the record that will direct traffic for your domain to your container service.
1. Choose the **DNS records** tab.
1. Complete one of the following steps depending on the current state of your DNS zone:
+ If you haven't added an A, AAAA, or CNAME record, choose **Add record**.
+ If you previously added an A, AAAA, or CNAME record, choose the edit icon next to the existing A, AAAA, or CNAME record listed on the page, and then skip to step 5 of this procedure.
1. Choose **A record**, **AAAA record**, or **CNAME record** in the **Record type** dropdown menu.
+ Add an A record to map the apex of your domain (e.g., `example.com`) or a subdomain (e.g., `www.example.com`) to your container service under the IPv4 network.
+ Add an AAAA record to map the apex of your domain (e.g., `example.com`) or a subdomain (e.g., `www.example.com`) to your container service under the IPv6 network.
+ Add a CNAME record to map a subdomain (e.g., `www.example.com`) to the public domain (default DNS) of your container service.
1. In the **Record name** text box, enter one of the following options:
+ For an A record or AAAA record, enter `@` to route traffic for the apex of your domain (e.g., `example.com`) to your container service, or enter a subdomain (e.g., `www`) to route traffic for a subdomain (e.g., `www.example.com`) to your container service.
+ For a CNAME record, enter a subdomain (e.g., `www`) to route traffic for a subdomain (e.g., `www.example.com`) to your container service.
1. Complete one of the following steps depending on the record you're adding:
+ For an A record or AAAA record, choose the name of your container service in the **Resolves to** text box.
+ For a CNAME record, enter the default domain name of your container service into the **Maps to** text box.
1. Choose the save icon to save the record to your DNS zone.
Repeat these steps to add additional DNS records for domains on your certificate that you are using with your container service. Allow time for changes to propagate through the Internet’s DNS. After a few minutes, you should see if your domain is pointing to your container service.
# Route domain traffic to a Lightsail container service using Route 53
You can route traffic for a registered domain, such as `example.com`, to the applications running on a Amazon Lightsail container service. You do this by adding an alias record to the hosted zone of your domain that points to the default domain of your Lightsail container service.
In this tutorial, we show you how to add an alias record for your Lightsail container service to a hosted zone in Route 53. You can do this only by using the AWS Command Line Interface (AWS CLI). It cannot be done using the Route 53 console.
**Note**
If you're using Lightsail to host the DNS of your domain, then you should add the alias record to the DNS zone of your domain in Lightsail. For more information, see [Routing traffic for a domain in Amazon Lightsail to a Lightsail container service](amazon-lightsail-point-domain-to-container-service.md).
**Contents**
+ [Step 1: Complete the prerequisites](#route-53-container-service-prerequisites)
+ [Step 2: Get the hosted zone IDs for Lightsail container services](#route-53-container-service-hosted-zone-ids)
+ [Step 3: Create a record set JSON file](#route-53-container-service-create-record-set-json)
+ [Step 4: Add a record to the hosted zone of your domain in Route 53](#route-53-container-service-add-record-to-hosted-zone)
## Step 1: Complete the prerequisites
Complete the following prerequisites if you haven't already:
+ Register a domain name in Route 53, or make Route 53 the DNS service for your registered (existing) domain name. For more information, see [Registering domain names using Amazon Route 53](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/registrar.html) or [Making Amazon Route 53 the DNS service for an existing domain](https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/MigratingDNS.html) in the *Amazon Route 53 Developer Guide*.
+ Deploy your applications to your Lightsail container service. For more information, see [Create and manage container service deployments](amazon-lightsail-container-services-deployments.md).
+ Enable your registered domain name on your Lightsail container service. For more information, see [Enable and manage custom domains](amazon-lightsail-enabling-container-services-custom-domains.md).
+ Configure the AWS CLI with your account. For more information, see [Configure the AWS CLI to work with Lightsail](lightsail-how-to-set-up-and-configure-aws-cli.md).
## Step 2: Get the hosted zone IDs for Lightsail container services
You must specify a hosted zone ID for your Lightsail container service when you add an alias record to a hosted zone in Route 53. For example, if your Lightsail container service is in the US West (Oregon) (us-west-2) AWS Region, then you must specify hosted zone ID `Z0959753D43BBB908BAV` when adding an alias record for your Lightsail container service to a hosted zone in Route 53.
Following are the hosted zone IDs for each AWS Region in which you can create a Lightsail container service.
**EU (London) (eu-west-2)**: Z0624918ZXDYQZLOXA66
**US East (N. Virginia) (us-east-1)**: Z06246771KYU0IRHI74W4
**Asia Pacific (Singapore) (ap-southeast-1)**: Z0625921354DRJH4EY9V0
**EU (Ireland) (eu-west-1)**: Z0624732FELAMMKW3Y21
**Asia Pacific (Tokyo) (ap-northeast-1)**: Z0626125UAU4JWQ9JSKN
**Asia Pacific (Seoul) (ap-northeast-2)**: Z06260262XZM84B2WPLHH
**Asia Pacific (Jakarta) (ap-southeast-3)**: Z03072883T5HFTY4T7CDL
**Asia Pacific (Malaysia) (ap-southeast-5)**: Z09430204C5DXNNO314Y
**Asia Pacific (Mumbai) (ap-south-1)**: Z10460781IQMISS0I0VVY
**Asia Pacific (Sydney) (ap-southeast-2)**: Z09597943PQQZATPFE96E
**Canada (Central) (ca-central-1)**: Z10450993RIRIJJUUMA5W
**Europe (Frankfurt) (eu-central-1)**: Z06137433FV04OY4EC6L0
**Europe (Stockholm) (eu-north-1)**: Z016970523TDG2TZMUXKK
**Europe (Paris) (eu-west-3)**: Z09594631DSW2QUR7CFGO
**US East (Ohio) (us-east-2)**: Z10362273VJ548563IY84
**US West (Oregon) (us-west-2)**: Z0959753D43BBB908BAV
## Step 3: Create a record set JSON file
When you add a DNS record to the hosted zone of your domain in Route 53 using the AWS CLI, you must specify a set of configuration parameters for the record. The easiest way to do this is by creating a JSON (.json) file that contains all of the parameters, and then referencing the JSON file in your AWS CLI request.
Complete the following procedure to create a JSON file with the record set parameters for the alias record:
1. Open a text editor, such as Notepad on Windows or Nano on Linux.
1. Copy and paste the following text into the text editor:
```
{
"Comment": "Comment",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "Domain.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "LightsailContainerServiceHostedZoneID",
"DNSName": " LightsailContainerServiceAddress.",
"EvaluateTargetHealth": true
}
}
}
]
}
```
In your file, replace the following example text with your own:
+ *Comment* with a personal note or comment about the record set.
+ *Domain* with the registered domain name that you want to use with your Lightsail container service (for example, `example.com` or `www.example.com`). To use the root of your domain with your Lightsail container service, you must specify an `@` symbol in the subdomain space of your domain (for example, `@.example.com`).
+ *LightsailContainerServiceHostedZoneID* with the hosted zone ID for the AWS Region in which you created your Lightsail container service. For more information, see [Step 2: Get the hosted zone IDs for Lightsail container services](#route-53-container-service-hosted-zone-ids) earlier in this guide.
+ *LightsailContainerServiceAddress* with the public domain name of your Lightsail container service. You can get this by signing in to the Lightsail console, browsing to your container service, and copying the **Public domain** listed in the header section of the container service management page (for example, `container-service-1.q8cexampleljs.us-west-2.cs.amazonlightsail.com`).
Example:
```
{
"Comment": "Alias record for Lightsail container service",
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "@.example.com.",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z0959753D43BBB908BAV",
"DNSName": "container-service-1.q8cexampleljs.us-west-2.cs.amazonlightsail.com.",
"EvaluateTargetHealth": true
}
}
}
]
}
```
1. Save the file to your local directory as `change-resource-record-sets.json`.
## Step 4: Add a record to the hosted zone of your domain in Route 53
Complete the following procedure to add a record to the hosted zone of your domain in Route 53 using the AWS CLI. You do this by using the `change-resource-record-sets` command. For more information, see [change-resource-record-sets](https://docs.aws.amazon.com/cli/latest/reference/route53/change-resource-record-sets.html) in the *AWS CLI Command Reference*.
**Note**
You must install the AWS CLI and configure it for Lightsail and Route 53 before continuing with this procedure. For more information, see [Configure the AWS CLI to work with Lightsail](lightsail-how-to-set-up-and-configure-aws-cli.md).
1. Open a Command Prompt or Terminal window.
1. Enter the following command to add a record to the hosted zone of your domain in Route 53.
```
aws route53 change-resource-record-sets --hosted-zone-id HostedZoneID --change-batch PathToJsonFile
```
In the command, replace the following example text with your own:
+ *HostedZoneID* with the ID of the hosted zone for your registered domain in Route 53. Use the [list-hosted-zones](https://docs.aws.amazon.com/cli/latest/reference/route53/list-hosted-zones.html) command to get a list of IDs for the hosted zones in your Route 53 account.
+ *PathToJsonFile* with the local directory folder path on your computer of the .json file that contains the record parameters. For more information, see the [Step 3: Create a record set JSON file](#route-53-container-service-create-record-set-json) section earlier in this guide.
Examples:
On a Linux or Unix computer:
```
aws route53 change-resource-record-sets --hosted-zone-id Z123456789ABCDEFGHIJ --change-batch home/user/awscli/route53/change-resource-record-sets.json
```
On a Windows computer:
```
aws route53 change-resource-record-sets --hosted-zone-id Z123456789ABCDEFGHIJ --change-batch file://C:\awscli\route53\change-resource-record-sets.json
```
You should see a result similar to the following example:
![\[Result of the change resource record sets request\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/amazon-lightsail-route-53-record-set.png)
Allow time for the change to propagate through the internet's DNS, which might take several hours. After that is completed, internet traffic for your registered domain in Route 53 should begin routing to your Lightsail container service.
# Delete a Lightsail container service
You can delete your Amazon Lightsail container service at any time if you're no longer using it. When you delete your container service, all deployments and registered container images associated with that service are permanently destroyed. However, the SSL/TLS certificates and domains that you created remain in your Lightsail account so that you can use them with another resource. For more information about container services, see [Container services in Amazon Lightsail](amazon-lightsail-container-services.md).
## Delete a container service
Complete the following procedure to delete your container service.
1. Sign in to the [Lightsail console](https://lightsail.aws.amazon.com/).
1. In the left navigation pane, choose **Containers**.
1. Choose the name of the container service you want to delete.
1. Choose the ellipsis icon in the tab menu, then choose the **Delete**.
![\[Delete tab for the container service in the Lightsail console\]](http://docs.aws.amazon.com/lightsail/latest/userguide/images/continer-service-delete-tab.png)
1. Choose **Delete container service** to delete your service.
1. In the prompt that appears, choose **Yes, delete** to confirm that the deletion is permanent.
Your container service is deleted after a few moments.