Building a team knowledge base with Amazon Lightsail

Every fall, a fresh cohort of professors take the helm of their own labs at universities across the world. These new leaders are highly trained, with years of experience beyond their PhDs. However, this may be the first time they are running a team. One task they may not have formal training for is how to build an organization with its own culture and local knowledge. This is also a similar problem for many startup companies.

Building an organized system for common information—such as addresses, phone numbers, purchasing account numbers, a curated and annotated literature section, lab recipes and protocols, meeting schedules, and links to commonly used online tools—can prove extremely valuable for professors and their teams. However, building this system on a secure virtual server can require heavy lifting in IT time and effort that many professors do not have time to navigate.

Amazon Lightsail from Amazon Web Services (AWS) can provide these capabilities in just a few clicks, and the network is configurable with other simple web-based interfaces. Building a lab’s knowledge base on AWS can save hours of administration and maintenance time, while providing additional control and flexibility for remote access. It can also simplify setting up a reliable backup system, and establish a simple path for growth to a larger server.

In this blog post, learn how to set up a content management system (CMS) using Lightsail, including how to manage basic network security, backup, and upgrades, to build a knowledge base for your lab, agency, startup, or other team-based environment. This walkthrough uses only web-based interfaces and is designed for those who are comfortable using web applications (such as common email applications). This solution does not require deep technical knowledge and can be completed in less than 15 minutes—important for busy leaders who are short on time.

Solution overview: Build a team knowledge base with Amazon Lightsail

This walkthrough uses WordPress as an example CMS, but the steps are the same for any of the Amazon Lightsail blueprints. The following sections show how to set up WordPress quickly, and then how to configure backups, network access restriction, and other customizations.

Part 1: The quick start guide for building a knowledge base with Amazon Lightsail

Creating a Lightsail instance

1. Login to your AWS account and navigate to the Lightsail console. If you don’t have an AWS account yet, set one up for no cost.

2. Select Create instance. Make sure to select the respective AWS Region and Availability Zone where you want to host your instance.

3. Under Pick your instance image:

a. Choose Linux/Unix, then the latest version of WordPress.

Figure 1. Selecting a Lightsail instance platform and blueprint.

4. Under Optional, select the Enable Automatic Snapshots and select a time of day. Pick a time when you think the traffic to your WordPress instance won’t be so busy, such as 3 AM in your local time.

Figure 2. Enabling automatic snapshots.

5. Choose an instance plan. The cheapest version is usually sufficient for most users.

Figure 3. Choosing an instance plan.

6. Identify your instance. Give your instance a meaningful name. For example, “MyLab-Wordpress-3.50” but use your lab or company name instead.

7. Select Create instance. It will say “Pending” for a few minutes until it is ready.

Set up basic network security: Keeping access private

The following steps enable access restriction to individual IP addresses or IP address ranges.

1. Figure out your current public IP address (for your own computer). Simply search for “What is my IP” in your preferred search engine. You will need this later in Step 3.

2. In the Lightsail console, under Instances, choose the Manage page for your instance (under the menu depicted with three dots).

Figure 4. Managing your instance.

3. Under the Networking tab, find the IPv4 Firewall. By default, there are three rules making it accessible to all IP addresses. Select the edit icon for each rule on the right, choose “Restrict to IP address.” Then enter your current public IP address that you sourced from Step 1.

Figure 5. Setting firewall rules.

When you finish editing, you should see your IP address listed under the “Restricted to” fields for the SSH, HTTP, and HTTPS applications.

Figure 6. Firewall rules restricted to specific IP addresses.

If you want to enable access to all IP addresses at a later time, uncheck “Restrict to IP address” for these rules.

4. If you want to enable access for all computers in your university (typically), you will need the IP address range in Classless Inter-Domain Routing (CIDR) block notation. Follow the same steps above but enter the CIDR range instead.

Connecting to your new WordPress instance

Now, we are ready to connect to the WordPress instance, set up accounts, and put content in, i.e. administer the site. To get the WordPress administrator password (also known as the application password):

1. Under the Connect tab, choose Connect using SSH.

2. After you’re connected, enter the following command in the terminal window that appears to get the default application password:

cat bitnami_application_password

Figure 7. Retrieving the Bitnami application password.

With this administrator username and password, log into WordPress:

1. Under the Connect tab, find the public IP. This will be four numbers separated by periods (such as 192.168.1.5).

2. Browse to http://<public-ip-address>/wp-admin/. Replace <public-ip-address> with the public IP address of your instance.

3. Sign in to WordPress:

a. Username: user

b. Password: default application password from earlier.

Part 2: Customizing your Lightsail instance

If you require some additional customization from the basic setup in Part 1, or you’re curious to explore the other options available to you, the following sections walk through some additional information that builds on the quick start version.

Starting a Lightsail instance

Starting a Lightsail instance is the same as in Part 1. Repeat Steps 1-8 again.

Restricting access to your Lightsail instance

A best practice is to add an additional layer of security on top of the WordPress account management system. In the Part 1, we showed how to do this simply for individual IP addresses and network blocks. If you are trying to restrict access to only computers in your department or whole university, for example, this will require some knowledge of how the internet is organized.

You can read about CIDR block notation here. In the meantime, consider sending a sample email to your university’s IT department to get the information you need:

Hi, I am looking to add an additional layer of network security for common lab information. I understand my current IP address at the university is <my IP address>. Can I know what the IP address range for my department/university is? If you can send this in CIDR block notation, that would be best.

The Lightsail firewall is flexible enough to enable access to multiple CIDR ranges and/or individual IP addresses. It may also be useful to enable access to your home computer or your mobile phone. For these, you can use a simple online service to get your public IP address and follow the directions from the “Set up basic network security: Keeping access private” section above.

Note: Typically the IP address associated with your home computer or your mobile phone is not static, so the IP address will change over time and you will have to update your firewall rules accordingly as well.

Connecting to WordPress (or another application) for the first time

To connect to your WordPress instance (or other CMS application), follow the same steps outlined in the quick start version. Note that applications like WordPress, Drupal, and Joomla are all different, but have the same basic concept of having a main administrator account and/or password. The Django application doesn’t have a username, but there is still a password. Besides the bitnami_application_password file, there is also a bitnami_credentials file that has more information and where to look for further documentation. Learn more in bitnami FAQ documentation.

1. In the Lightsail console, under the Connect tab, choose Connect using SSH.

2. Enter the following command to get the default application password:

cat bitnami_application_password

3. Alternatively, look at the credentials file by inputting:

cat bitnami_credentials

The process for logging in and administering your new site will depend on the application you started. The details for WordPress are noted in the quick start procedure in Part 1, but that same address won’t work for other applications like Drupal or Joomla. In general, you can connect to https://<public_ip_address>, where you would use the Public IP for your Lightsail instance. Then you should be able to log in using the username user with the password you find in the file bitnami_application_password in Part 2, Step 2.

Domain name configuration

While possible, using a numeric IP address for your site isn’t ideal. It can be hard to remember and may trigger anti-malware software. If you already have a domain name registered (such as www.mylab.com), you can point it or a subdomain (such as lightsail.mylab.com) to your new Lightsail instance.

The instructions below assume you don’t already have a domain name; if you do, skip the first step, and all the Amazon Route 53 steps should have an equivalent at wherever your domain name was registered.

1. Register a domain name. You can register your domain with Amazon Route 53 or any other domain registrar.

2. Create a static IP address and attach it to your Lightsail instance. Static IP addresses are no cost only while attached to an instance. You can manage five at no additional cost.

a. In the Route 53 console, under the Networking tab, choose Create static IP.

b. Select the AWS Region where you want to create your static IP.

c. Make sure that the static IP is being attached to the correct instance, as in the second box in the following Figure 8.

Figure 8. Creating a static IP address for your Lightsail instance.

d. Provide a unique name for your static IP. This name:

i. Must be unique within each AWS Region in your Lightsail account.

ii. Must contain 2-255 characters.

iii. Must start and end with an alphanumeric character or number.

iv. Can include alphanumeric characters, numbers, periods, dashes, and underscores.

e. Select Create.

3. Map your domain name to your WordPress website.

a. From the console of your DNS provider, such as Route 53, create an A Record which maps your domain name to your static IP address created earlier.

b. Your A Record may look like the following in the Route 53 dashboard:

Figure 9. Configuring the A Record in Route 53.

You should now be able to use your domain name to browse to your WordPress website.

Additional configurations

Updating WordPress

1. From your WordPress console, under Dashboard, select Updates.

2. On this page, find the option to update your WordPress to the latest version.

Figure 10. Updating WordPress.

Enabling HTTPS

Enabling HTTPS on the WordPress instance can be done in Lightsail using the Bitnami HTTPS configuration (bncert) tool (recommended) or requesting a Let’s Encrypt wildcard certificate using Certbot

Establishing third-party login

If you’d like to integrate social logins (e.g., Google, Facebook, Amazon, etc.) with your WordPress application, you may use the WordPress Social Login Plugin by miniOrange. View the installation guide or the video installation guide to learn more.

Figure 11. Using social logins with WordPress.

Setting up snapshots (i.e. backups)

Lightsail retains your seven most recent automatic snapshots, which are backups of the Lightsail instance. You can manually select snapshots to retain for longer by selecting the snapshot you’d like to retain, then choosing Keep snapshot. It will then be moved to Manual snapshots, where no automatic deletion occurs.

Figure 12. Creating manual snapshots and selecting snapshots to keep.

Note that snapshots are incremental. Only the data on the disk that have changed after your last snapshot are saved in the new snapshot. Even though snapshots are saved incrementally, the snapshot deletion process is designed so that you need to retain only the most recent snapshot to restore the entire disk.

You can also create manual snapshots whenever you like. In the Snapshots tab under your LightSail instance, select Create snapshot. These snapshots can be used to create new LightSail instances and would need to be copied to start an instance in a new Region.

Figure 13. Creating a manual snapshot.

Upgrading instances

Once a Lightsail instance has been created, you cannot change its instance plan. Instead, you must create a new instance and migrate your workload to the new instance. Follow these steps to upgrade an existing instance:

1. Make sure that you create a snapshot of your most current instance. If not, follow the steps from the “Setting up snapshots” section to create a snapshot. Select this snapshot and choose Create new instance.

2. Choose a new instance plan.

When a new instance is created from a snapshot, the system disk and additional attached disks are moved into the new instance. However, other instance-specific configurations, such as the static IP address and firewall rules, will not be shifted over. As such, these will need to be reconfigured for the new instance:

3. On the Lightsail home page, under the Networking tab, select the static IP address that was attached to your old instance.

4. Select Detach to detach the static IP address from your old instance.

5. Select the new instance you just created and select Attach. You have now attached your static IP address to the new instance. Browsing your domain will now redirect you to this new instance instead of the old one, since the A record you created earlier is mapped to the static IP address.

6. Repeat the firewall configuration steps from the old instance.

Figure 14. Attaching the static IP address to an instance.

Figure 15. After the static IP address has been attached to the instance.

Figure 16. Creating a new instance from a snapshot.

Conclusion

Any new organization, whether a research lab or a company, needs to adapt as it grows. While a simple shared drive with documents works well at a small scale, more structure is usually needed as the organization grows to 3-5 people and beyond. A content management system (CMS) can help consolidate and organize disparate types of information, while simultaneously allowing collaborative editing and tracking changes. Running this on AWS provides a convenient way to manage security and backups, while providing nearly infinite capacity to grow as your lab and team grows as well. Enhancing the organization within your organization can help you spend less time on tedious management tasks and more on what really matters: your team and the work you do for your community.

Amazon Lightsail is AWS Free Tier eligible; learn more about Lightsail pricing and get started in just a few clicks.

Learn more about how researchers and universities use AWS to support teaching and learning, connect the campus community, make data-driven decisions to save money and resources, and accelerate research efforts.

Read related stories on the AWS Public Sector Blog:

• Getting started with Amazon Lightsail for Research: A tutorial using RStudio
• Introducing 10 minute cloud tutorials for research
• Accelerating and democratizing research with the AWS Cloud
• The top 3 innovation drivers in higher education in 2023
• How advanced analytics can improve efficiency and provide important student insights at higher education institutions
• Building scalable WordPress sites for public institutions on Amazon Lightsail

Subscribe to the AWS Public Sector Blog newsletter to get the latest in AWS tools, solutions, and innovations from the public sector delivered to your inbox, or contact us.

Please take a few minutes to share insights regarding your experience with the AWS Public Sector Blog in this survey, and we’ll use feedback from the survey to create more content aligned with the preferences of our readers.