Install in Amazon Web Services (AWS)

To use Lighthouse with Amazon Web Services (AWS), you must have an Amazon Machine Image (AMI) that contains Lighthouse in the AWS region in which you want to deploy Lighthouse. You can:

• Manually create an AMI on AWS, or

• Subscribe to the Opengear Lighthouse AMI on AWS Marketplace

Before you begin

Before you perform any procedures in this section, ensure that you have an account on AWS with an IAM user, a key pair and an access key:

• The IAM user should have, at a minimum, permissions to create, attach, delete, and snapshot EBS volumes as well as create an Amazon Machine Image (AMI).

• If you are using IAM Identity Center, you can use an IAM Identity Center user with the same permissions instead. Consult Amazon documentation for more information if required.

Changes to Default Settings

Caution: With Lighthouse version 24.06.0 and later, changes have been introduced related to the root user and SSH Password Authentication default settings that impact any newly launched Lighthouse AWS instances.

Changes impacting the root user:

• For security purposes the root user is disabled by default. The root user can be enabled by going to > USERS & ACCOUNTS > Local Users.

• A new user called lhadmin is provided that should be used for initial configuration.

• SSH connection for root is also disabled by default. To enable, navigate to > USERS & Accounts > SSH Authentication.

• Ensure to run all commands with appending sudo.

Changes impacting SSH Password Authentication:

• SSH Password Authentication is disabled by default.

• User accounts require a Public SSH Key associated with the account.

• Users will use their Private SSH key to connect via SSH.

• The lhadmin user will default with the AWS key pair that was used to create the Lighthouse Instance.

• To associate a Public SSH Key to the account navigate to > USERS & ACCOUNTS > Local Users and add the SSH Authentication Key to the user.

Limitations

AWS support is currently limited to:

• All standard Lighthouse operations.

• Running on the AWS platform.

• Providing aws-cli tools for interaction with AWS.

• Loading the provided SSH key for the lhadmin user.

• Running custom scripts on startup (see above).

• Providing a lhadmin password via userdata (see above).

At this time Lighthouse does not support:

• Using AWS database services.

• Using AWS redis services.

• Using any of AWS scalability functionality.

Note:  If you want to deploy Lighthouse across different AWS regions, an AMI is required in each region. Amazon supports copying AMIs between regions and offers a walkthrough of the necessary steps to do this.