Want to try out Amazon Lightsail but nervous about the technical aspects? I’m going to help you learn about Amazon Lightsail and teach you how to create a WordPress website even if you have zero AWS experience! All you need is an AWS account (and a domain name).
In this tutorial, we’ll learn how to:
- Set up a WordPress website using a “click-to-launch” pre-packaged application
- Log into your WordPress website
- How to connect to your server with SSH
- Create a Lightsail static IP address
- Map your website to a custom domain
- Issue SSL Certificate to keep the blog secure using bncert tool, and
- Take down/stop the Lightsail instance
You do not need to have any prior knowledge with Amazon Web Services to follow this tutorial! This blog post is fairly comprehensive (and long), so make sure you’ve got your coffee (or tea) and some snacks, and let’s get started!
If you want to get right to the tutorial, and skip the basic information on Amazon Lightsail, click HERE!
Table of Contents
What is Amazon Lightsail?
Amazon Lightsail is an Amazon Web Service (AWS) service that helps you create and launch web applications or websites with just a few steps. You can get as basic or complicated with your website or project’s setup as you’d like, with “pre-packaged” applications (“images”) that launch with a click of a button, or managed databases and load balancers for more granular control.
Amazon Lightsail is effective for quickly setting up blogs, personal websites, databases, or e-commerce stores with low, predictable monthly prices. You can learn more about the service on the AWS Knowledge Base.
What do you need to get started?
- A domain name purchased at your own domain provider or Amazon Route 53 (AWS’s DNS service)
- An AWS account
Create a WordPress website on Amazon Lightsail
Launch a WordPress Image in Amazon Lightsail
- Open your AWS Management Console (if you don’t have an account yet, create one)
- Go to the search bar and type in “lightsail” to find Amazon Lightsail
- Click on “Create an Instance,” and review all of the options available to you for your instance location and instance image (a pre-prepared “meal kit” for your website)
- We are creating a WordPress website, so select these options:
- Instance location: a location will be selected for you based on your geographical location; feel free to change it if you have strong feelings about it (otherwise, leave it as default)
- Platform: Linux/Unix
- Blueprint: WordPress Bitnami (using Bitnami will be important later on)
- Optional options: you don’t need to mess with these, though if you have specific requirements, feel free to adjust them
- Choose an instance plan (sets the network type and resource size of the Lightsail instance)
- Plan type: General purpose (best for most scenarios)
- Network type: Dual-stack
- Size: You can select any of the first few options that has “first 90 days free” flag on it, though I recommend the cheapest ($5 USD/month as of March 2026)
- Name your Amazon Lightsail instance
- The name must be unique (original) within each AWS Region in your Lightsail account and comprised of 2~255 characters (I used “wordpresstest01“)
- Must start and end with an alphabet or number, but can include periods, dashes, and underscores
- You can optionally add tag(s) to your instance to easily identify what project it is for
- Click “Create Instance“
- Once the Lightsail instance says “Running,” you’re ready to get started!
And tadaaa! Just like that, you’ve launched your very own Amazon Lightsail instance, running WordPress! How cool is that?!
Log in to your WordPress website
We now want to log into the WordPress website so you can change its layout, publish blog posts, and do whatever you’d want to do with a blog or website. To do so, you need to find the default username and password of the WordPress instance to sign in to the administration dashboard.
And here’s where it gets a little jargon-y. But don’t worry! The AWS development team has made it all very simple for us with a browser-based SSH client right in the Lightsail console!
- Click on the SSH quick-connect icon for your WordPress instance (a little box with >_ ); I’ve circled it in red in the screenshot below:
- You will see a black-and-white screen pop-up, with lots of text, which is the browser-based SSH client window
- Enter this command into the client, and click “enter” (I recommend copy and pasting)
cat $HOME/bitnami_application_password
- The text that comes up in the next line is your WordPress instance’s password; copy it
- Go back to your Lightsail page, and locate the public IP address of your WordPress website (It’s the first set of numbers in light gray; refer to the screenshot below):
- Go to your WordPress website’s administration dashboard
- URL: http://[the public IP address you just found]/wp-login.php
- Username: user
- Password: password you retrieved from the SSH client earlier
And you should be in logged in to the WordPress administration dashboard! (I highly recommend you change your password for the default user, and create your own administrator account as well.)
- Alternatively, you can click on the WordPress instance name in the Lightsail dashboard, and it has a launch link to “Access WordPress Admin” that will take you to the same log in page
- You can access your blog using the public IP address:
Create a Lightsail static IP address for your website
The default public IP address that we found on the Lightsail dashboard will change every time you stop or start the instance, which means that the next time you try to find your blog, it might have a different IP address. To solve this issue, you will need to attach a static IP address to your Lightsail instance.
- Go back to your Lightsail dashboard, and click on the instance name (mine is wordpresstest01); you will be taken to that specific instance’s dashboard
- Scroll down to section with different headings, like “Connect,” “Metrics,” and “Snapshots,” and select “Networking“
- Click on “Attach static IP” under “Public IPV4”
- Create a name for your static IP in the textbox, and click “create and attach“
- If successful, you should get a message like “staticip-wptest01 has been created and attached to wordpresstest01.“
- Now, the Public IPV4 should have a static IP address assigned to it, with the option to detach it
- When you go back to your Lightsail instances dashboard, your instance’s IP address should have updated to your static IP address, with a little pin icon next to it
Now that we have a static IP address for your Lightsail instance, you can map a domain name to it so people don’t have to find your website by typing in a bunch of numbers into the browser!
Map your Lightsail instance to a domain name
Domain names like hiroko.io and hirokonishimura.com makes it easier for visitors to identify your website and visit it. Now that we have a static IP address for your Lightsail instance, we can attach a domain name to the IP address so your visitors can be routed to your WordPress website via a domain name.
There are a few steps involved to do this:
- Create a DNS zone
- Transfer management of your DNS to Lightsail
- Add A Records to DNS
I know these sound a little daunting, but I promise we’ll do everything together, step by step!
Create a DNS zone for your instance and get the name servers
- Go to your Amazon Lightsail dashboard, and select “Domains & DNS” on the navigation bar; click on “Create DNS zone”
- You need to register a domain name at a domain provider, or Amazon Route 53 (tutorial link)
- If you register through Amazon Route 53, Lightsail will automatically create a DNS zone for you, which will likely be the easier option (second button: “Register a domain“)
- This tutorial will assume you have a domain at another registrar and will take you through those steps
- Create a DNS Zone through Domain configuration
- Domain source: use a domain from another registrar (like namecheap)
- Domain name: the domain name you have registered (I will use awsnewbies.com)
- Click on “Create DNS zone“
Transfer management of your domain’s DNS records to Lightsail
- You need to now update the name servers of your domain (in my case, awsnewbies.com) to match the name servers of the DNS zone you just created with Lightsail
- You do this in your domain’s registrar’s administration dashboard (in my case, namecheap.com)
- The name servers are listed in the DNS zone that you just created (you can always find them by going to “Domains & DNS” in the navigation bar, and clicking on the DNS zone you created)
- You are transferring management of the domain’s DNS records from your domain registrar to Lightsail
- Sign in to your domain’s current registrar (in my case, namecheap.com), and find the part of the dashboard where you can edit your domain’s name servers
- With Namcheap, it is Account > Domain List > Manage > Domain
- Find “Nameservers,” select “Custom DNS,” and input the name servers provided in the DNS zone page, one line at a time
Unfortunately, DNS takes a bit of time to update (you will likely get a notification that it will take up to 48 hours to update).
You can check to see if your DNS has updated by doing a Whois search and seeing if the name servers listed there matches the ones in your DNS zone on Lightsail: Whois Domain Lookup.
Add an A Records on Lightsail
Once the DNS has updated, and you’ve handed over the management of your domain’s DNS records to Lightsail, you can now officially point the domain name to your Lightsail instance.
You’re basically telling a web browser: “Hey, so yourdomain.com goes to this static IP address! Please load this website! Thanks!“
- Go back to the DNS zone page for your domain on Amazon Lightsail
- Click on DNS records, and select “Add record“
- Create a record
- Record type: A record
- Subdomain: @
- Resolves to: Amazon Lightsail instance’s static IP address
- Click the green check mark to save
- Create another A record for www
- Record type: A record
- Subdomain: www
- Resolves to: Amazon Lightsail instance’s static IP address
- Click the green check mark to save
Once the 2 records are there, you should end up with a DNS records page like this:
Make sure you have both A Records, or the next section of securing your website with an SSL certificate using bncert will not proceed properly!
Again, this may take some time to update. You will know that the routing has updated when you type in your domain name (awsnewbies.com and www.awsnewbies.com) and you land on the WordPress blog you created on Lightsail.
Once DNS has updated, you can move on to securing your website with an SSL Certificate!
Secure your Lightsail instance with SSL Certificate
When you go to check out your Lightsail instance, you might notice your browser telling you that connection to the website you’re trying to visit is not secure. This isn’t very comforting to your visitors, and chances are, they will just close the browser and never come back.
What the heck even is SSL?
SSL stands for “Secure Sockets Layer,” which protects web servers from bad actors using cryptography (ooohhhhooo~). It ensures that data transmitted are encrypted and secure, which is important if you consider what kinds of personal information we enter into websites every day.
An SSL certificate is issued by Certificate Authority (CA) to authenticate the owner’s identity and enable SSL/TLS encryption, activating https://.
I’m not going to go too deep into how everything works, but you can get a more professional, deep-dive about SSL/TLS on this page: What is SSL? The Ultimate Beginner’s Guide.
We will be utilizing a tool to issue an SSL certificate for our brand new WordPress site, and enable https:// so that our visitors can visit us in peace.
What is Bitnami HTTPS configuration tool?
The bncert tool, or Bitnami HTTPS configuration tool, will enable HTTPS on your WordPress instance for the domains and subdomains you specify. This will help your website rank higher on search engine results, remove the scary alert message telling your visitors that their website connection is not secure, and make sure your website starts with https:// (Hypertext Transfer Protocol Secure).
Note: You need to be running Certified by Bitnami WordPress image for bncert tool to work. If you installed a different image of WordPress, you can try to Certbot tutorial: Secure your Lightsail WordPress instance with free Let’s Encrypt SSL certificates.
Connect to Lightsail with SSH and install bncert tool
We connected to your Lightsail instance using the SSH quick connect console when we were looking for the default log in password for WordPress. We’ll be doing it again to utilize the bncert tool to protect your website.
- Click on the SSH quick connect icon on your Lightsail instance
- Confirm that the bncert tool is installed to your Lightsail instance by copy and pasting the following command:
sudo /opt/bitnami/bncert-tool- If you see command not found, follow “Step 4: Confirm the bncert too ls installed on your instance” in AWS’s official documentation to install it
- If you see Welcome to the Bitnami HTTPS configuration tool, then it means you’re good to go!
Run bncert tool to enable HTTPS
- Paste the command below to run the bncert tool:
sudo /opt/bitnami/bncert-tool- You might be prompted to update the tool; if so, update it (type Y, then enter key), and then run the above command again
- Enter your domain (awsnewbies.com form and www.awsnewbies.com form) in the Domain list, and click enter
- The tool will ask you a few questions about redirections, to which you will respond with Y (yes) or N (no); here are my recommendations (explanations are available in this knowledge base):
- Enable HHTP to HTTPS redirection: Y
- Enable non-www to www redirection: Y
- Enable www to non-www redirection: N
- The changes that will be implemented will be listed; type Y to confirm
- The tool will then ask you for your email address; enter it and click enter
- Agree to the Let’s Encrypt Subscribe Agreement with an Y
- Wait until the tool finishes running
If everything works out, you will find “Success” in your console!
Bncert tool will automatically renew your SSL certificate every 90 days, which means way less work for you! Horray!
Confirm the SSL certificate and www redirection
We’re almost done! Let’s confirm that the HTTPS redirection and www.domain.com redirection are both functioning by typing these URLs into your browser:
- https://yourdomain.com (in my case: https://awsnewbies.com)
- http://yourdomain.com (in my case: http://awsnewbies.com)
- https://www.yourdomain.com (in my case: https://www.awsnewbies.com)
- http://www.yourdomain.com (in my case: http://www.awsnewbies.com)
They should all redirect successfully to https://www.yourdomain.com, and your browser should show valid certification (“your connection is secure“). You may need to use incognito mode or clear your browser’s cache.
Take down/stop your Lightsail instance
Done with your test, or want to get rid of your Lightsail instance? It’s very easy to delete your Amazon Lightsail instance!
- Go to the Amazon Lightsail instances dashboard
- Click on the ellipsis icon (⋮) next to the SSH quick connect icon (>_ ) on your Lightsail instance, and select Delete
- That’s it!
You will need to delete your DNS zone and static IP as well. If you want to just pause the instance so it’s not active, you can choose “Stop.”
And that’s it! I hope this tutorial post has helped you get started with working in Amazon Web Services and creating your first Amazon Lightsail project! Congratulations!