In the first part of this series, Amazon Lightsail: how to set up your first instance, we introduced Amazon Lightsail, a low-cost virtual private server (VPS) platform from Amazon Web Services. As we saw in that post, it’s easy to create a small infrastructure with Lightsail.
With the launch of this platform, Amazon is trying to get a slice of the lucrative VPS market. The market has matured over the last few years and a number of players have a head start. Vendors like DigitalOcean or Linode have a large customer base and count some big names—Atlassian, Creative Commons, and RedHat to name a few—as customers. This high level of trust is the result of the continuous expansion of data centers, the reliability of service, and the value that customers get for their investment.
In this post, we’ll take a look at how Amazon Lightsail compares to an established competitor and widely popular VPS provider, DigitalOcean. Competing against these niche players means that Amazon will not only have to quickly include some of the features users now take for granted, but it will also have to differentiate itself with extra features that others are still lacking. In our opinion, the competition is just getting started.
Amazon Lightsail vs. DigitalOcean for VPS
Our comparison will focus on the following areas:
Data Center Locations
Amazon is always expanding its regions, which means that Lightsail would also be available in new regions over time. This will give users in different parts of the world greater network proximity to their servers. At the time of this post, AWS has the following regions, in addition to another region in China:
However, Lightsail is available only in the us-east-1 region.
DigitalOcean has data centers in the following countries:
Instance Sizes and Types
Amazon EC2 has a large number of instance types, ranging from micro instances with less than a GB of memory to large, disk or memory optimized servers. Each of these instance types can be further enhanced with extra storage volumes with provisioned IOPs.
Lightsail has a much simpler instance model with only five types of servers.
This is expected because its target audience is developers or start-ups who don’t want to spend a lot of time comparing a lot of price-performance ratios.
DigitalOcean has nine instance types for its “standard” instances.
And a few more in its “high memory” category:
As we can see, the high-end instances are suitable for large scale data processing and storage. This again proves that the company is targeting not only individuals or start-ups but also corporate clients who are willing to pay extra money for their workloads.
Referencing the images above, we can see that the pricing for Amazon Lightsail instances is very similar to that of DigitalOcean Droplets for the same server specs.
Base OS Images
As of March 2017, Amazon Lightsail comes bundled with only two operating systems: Ubuntu 16.04 LTS (Long Term Support) or Amazon Linux 2016.09.01:
DigitalOcean offers a number of open source Nix based operating system images, each with different versions.
VPS providers also offer something called “application images.” These are generic installations of applications bundled with a base operating system. With application images, users don’t need to install applications after creating a server, and this significantly saves time. Some popular application packs are LAMP stack, Gitlab, or Node.js, which are baked in with operating systems like CentOS or Ubuntu.
Amazon Lightsail currently has a limited, but good collection of instance images.
DigitalOcean has a larger collection of “One-click apps” too:
User Data Scripts
User data scripts are special pre-written code blocks that run when a VPS instance is created. A common use case for user data is automating installation of applications, users or configuration files. For example, a server can be made to install a particular version of Java as it comes up. The developer would write a script to do this and put it in the user data section when creating the server. This saves time in two ways: when rolling out a number of instances, administrators don’t have to manually install applications or change configuration in each instance, and secondly, each instance will have a uniform installation, eliminating any chance of manual error. User data has been available for Amazon EC2 instances for a long time and is widely adopted for system automation.
Amazon Lightsail calls it “Launch Script” and DigitalOcean calls it “User data”, but they are essentially the same.
Both Amazon Lightsail and DigitalOcean allow users SSH access from a web console. Most practical uses cases though require SSH access from OS shell prompt or a tool like PuTTy. Authentication can be done either with username and password or preferably with more secure SSH keys.
Amazon Lightsail allows SSH key access only, which is good for security. Users can create a new SSH key, upload their own public key or use an existing key when creating an instance.
DigitalOcean offers both key-based and password-based authentication. The choice of SSH key is optional. If no SSH key is chosen or created, the user is sent an e-mail with a temporary password for the root account. Upon the first login, the user needs to change that password. The image below shows how new SSH keys can be created in DigitalOcean.
Note that unlike Lightsail, DigitalOcean does not offer a key generation facility.
Adding Extra Volumes
Sometimes the data in a server will outgrow its original capacity. When disk space runs out and data cannot be deleted or archived, extra disk space needs to be added. Typically this involves creating one or more additional disk volumes and attaching to the instance.
For Amazon EC2, this is possible with Elastic Block Storage (EBS). Amazon Lightsail is yet to add this feature. DigitalOcean on another hand has only recently added it for users.
DigitalOcean volumes can be attached during instance creation as well, but that facility is available in only selected regions.
Adding extra storage is one way to expand a server. Sometimes the instance may need extra computing power too. This can be done by adding more CPU and RAM to the server. Although this is fairly simple in EC2, we could not find a way to resize a Lightsail instance once it was created.
Again DigitalOcean wins in this area. It allows users to up-size the instance either with CPU and RAM only or with CPU, RAM, and disk. The first option allows the instance to be downsized again.
VPS snapshots are like “point in time” copies of the server instance. This is necessary for protection against data loss, data corruption, or simply creating a separate image from an existing instance. Creating a snapshot for an existing instance is a simple process in Lightsail:
If the instance is deleted for some reason, it can be recovered from a snapshot, if one exists.
However, there is no simple way to automate the snapshots process. Of course, this can be automated with a bit of scripting and scheduling a job from another server, but we could not find the feature as a native option.
DigitalOcean also offers snapshots:
However, there is also a scheduled backup option which can snapshot an instance once every week.
Performance Monitoring and Alerting
Performance monitor dashboards are present in both Amazon Lightsail and DigitalOcean.
With Lightsail, the performance counters are similar to what’s available for EC2 in CloudWatch: CPUUtilization, NetworkIn, NetworkOut, StatusCheckFailed, StatusCheckFailed_Instance and StatusCheckFailed_System. The metrics can be viewed over a period of two weeks. However, unlike CloudWatch for EC2, it’s not possible to create an alert on a metric.
DigitalOcean has a graph option for its Droplets: this would show the Droplet’s public network usage, CPU usage, and disk IO rate. In recent times it also added a feature where users can opt to capture more metrics. For existing Droplets, users can install a script, and for new Droplets, they can enable a monitoring option. With the monitoring agent installed, three more metrics are added: memory, disk usage and top processes sorted by CPU or memory.
Furthermore, it’s also possible to create alerts based on any of these metrics. The alerts can be sent to an e-mail address or a Slack channel.
Amazon Lightsail and DigitalOcean both allow users to attach “static IPs” to their server instances. A static IP is just like a public IP because it’s accessible from the Internet. However, as the name suggests, static IPs don’t change with instance reboots. Without a static IP, an instance will get a new public IP every time it’s rebooted. When a static IP is attached to an instance, that IP remains assigned to the instance through system reboots. This is useful for internet facing applications like web or proxy servers.
In Amazon Lightsail, a static IP address can be assigned to an instance or kept as a standalone resource. Also, the IP can be re-assigned to another instance when necessary.
DigitalOcean has a slightly different approach. Here, the public IP assigned to the instance doesn’t change even after the system goes through a power cycle (hard rebooted) or power off / power on. It also offers something called “Floating IP” which is essentially the same as static IP. A floating IP can be assigned to an instance and if necessary, detached and reattached to another instance. This allows Internet traffic to be redirected to different machines when necessary. The image below shows how floating IPs are managed.
An Amazon Lightsail instance comes with a private IP address by default.
For DigitalOcean, this has to be enabled when the Droplet is created.
We could not find any option for enabling IP v6 for Lightsail instances. As shown above, this is possible with DigitalOcean instances.
Amazon Lightsail enables users to create multiple DNS zones (up to three DNZ zones are free). This is a great feature and very simple to set up. Users who have already registered domain names can create DNS zones for multiple sub-domains and map them to static IP addresses. Those static IPs can, in turn, be assigned to Lightsail instances. The image below shows how we are creating a DNS zone for our test website.
Lightsail provides its own DNS name servers for users to configure their domain records. Users can also register their domain names with Amazon Route 53 without having to use another third-party domain name registrar.
A similar facility exists in DigitalOcean, except it allows users to create reverse domain lookup with PTR records.
This is an area where Amazon Lightsail fares better than DigitalOcean. With EC2 instances, AWS offers a firewall feature called “security groups”. Security groups can control the flow of traffic for certain ports from one or more IP addresses or ranges of addresses. In Lightsail, the security group feature is present in a rudimentary form.
There is no finer grain control though: there is no way to restrict traffic from one or more IP addresses.
DigitalOcean Droplets do not have this feature. Any firewall rules have to be configured from within the instance itself.
Other Security Features
Both Amazon Web Service and DigitalOcean console offer two-factor authentication. With Amazon, it’s possible to enable CloudTrail logs which can track every API action run against resources like EC2. Lightsail has a rudimentary form of this audit trail (“Instance history”), and so does DigitalOcean (“Security history”).
Access to Outside Service Endpoints
This is an area where Amazon Lightsail clearly wins. It’s possible for Lightsail instances to access existing AWS resources and services. This is possible when VPC peering for Lightsail is enabled. Lightsail instances run within a VPC which is not available from the regular VPC screen of AWS console. Unless VPCs are “peered”, they are separate networks and resources in one VPC cannot see resources in another. Peering makes it possible. It is possible to configure VPC peering for the “shadow VPC” Lightsail uses. This is configured from the advanced features screen.
With VPC peering enabled, Lightsail’s capabilities can be extended beyond a simple computing platform, something DigitalOcean cannot provide.
Load balancers are a great way to distribute incoming network traffic to more than one computing node. This can help the infrastructure become more resilient against failures or distribute read and write traffic evenly across the servers. When application traffic reaches a load balancer, it can send it to a node in the group either in round-robin fashion or based on a specific algorithm. Any node not responding to traffic from the load balancer will be marked as “Out Of Service” after a number of attempts.
Although it would help developers test their applications for real-life use cases, Amazon Lightsail is yet to provide this feature.
DigitalOcean has recently added it to their offering, but it’s not cheap, it costs $20 per month.
AWS Billing Alert is a great way for customers to keep track of their cloud infrastructure spending. With billing alerts, AWS will send an automatic notification to a customer when its monthly AWS spending goes over a set limit. Typically the alert is set up to send an e-mail. Billing alert is a feature of CloudWatch metrics and it can be used for Lightsail usage:
DigitalOcean has a similar feature for billing alerts.
Unlike AWS though, DigitalOcean would send the notification to an e-mail address only. With AWS, the alert can be sent to an SNS topic which can have a number of subscribing endpoints like e-mail, SMS, application or HTTP.
Both Lightsail and DigitalOcean have extensive API support for programmatic access and administration of their infrastructure. Both vendors make the documentation well accessible from their public websites.
DigitalOcean APIs are fairly extensive as well and their documentation shows how they can be invoked with HTTP payloads. Language support includes Ruby and Go. Unlike AWS, DigitalOcean does not come with any CLI which can be automated with bash or PowerShell.
Third party tools like Terraform from HashiCorp also have a limited number of resources available for both Lightsail and DigitalOcean provider.
Documentation and Support
Online documentation for both Amazon Lightsail and DigitalOcean is easy-to-follow and can help a user get up and running in no time. Technical support request for Lightsail can be accessed from the AWS console. A similar link exists for DigitalOcean users in its web site.
DigitalOcean also offers a vast array of very useful tutorials. These tutorials can help users set up and run many different workloads on the DigitalOcean platform.
From our test comparison, we found DigitalOcean leading Amazon Lightsail in quite a few important areas. So does this mean developers and start-ups should shun Lightsail for now? We would say no. It depends on individual use cases and whether your organization is already an Amazon customer. Lightsail’s integration with other AWS services provides it an obvious advantage. Also, since the price tag for similar instances is very much similar, you may want to work with Lightsail unless your application requires some of the features it’s lacking… Typical uses cases can include:
- Small, disposable servers for Proof of Concept (PoC) of larger projects
- Development and tests servers for small teams
- Departmental servers for non-IT business units who don’t want to spend money on high-end resources
- Personal-use servers for storing video, audio, and other digital assets
Also, with AWS making a move into the VPS market, it’s only a matter of time before other players like Microsoft or Google start to include it in their arsenal. As the competition starts to gain momentum, more advanced features are sure to follow. Needless to say, established VPS providers wouldn’t be sitting idle either, they would be adding new features to keep their competitive advantage. With this in mind, we think Amazon needs to add some extra niche capabilities to its VPS platform to make it a more viable competitor.
Top 13 Amazon Virtual Private Cloud (VPC) Best Practices
Amazon Virtual Private Cloud (VPC) brings a host of advantages to the table, including static private IP addresses, Elastic Network Interfaces, secure bastion host setup, DHCP options, Advanced Network Access Control, predictable internal IP ranges, VPN connectivity, movement of interna...
Big Changes to the AWS Certification Exams
With AWS re:Invent 2019 just around the corner, we can expect some early announcements to trickle through with upcoming features and services. However, AWS has just announced some big changes to their certification exams. So what’s changing and what’s new? There is a brand NEW ...
New on Cloud Academy: ITIL® 4, Microsoft 365 Tenant, Jenkins, TOGAF® 9.1, and more
At Cloud Academy, we're always striving to make improvements to our training platform. Based on your feedback, we released some new features to help make it easier for you to continue studying. These new features allow you to: Remove content from “Continue Studying” section Disc...
AWS Security Groups: Instance Level Security
Instance security requires that you fully understand AWS security groups, along with patching responsibility, key pairs, and various tenancy options. As a precursor to this post, you should have a thorough understanding of the AWS Shared Responsibility Model before moving onto discussi...
Cloud Migration Risks & Benefits
If you’re like most businesses, you already have at least one workload running in the cloud. However, that doesn’t mean that cloud migration is right for everyone. While cloud environments are generally scalable, reliable, and highly available, those won’t be the only considerations dri...
Real-Time Application Monitoring with Amazon Kinesis
Amazon Kinesis is a real-time data streaming service that makes it easy to collect, process, and analyze data so you can get quick insights and react as fast as possible to new information. With Amazon Kinesis you can ingest real-time data such as application logs, website clickstre...
Google Cloud Functions vs. AWS Lambda: The Fight for Serverless Cloud Domination
Serverless computing: What is it and why is it important? A quick background The general concept of serverless computing was introduced to the market by Amazon Web Services (AWS) around 2014 with the release of AWS Lambda. As we know, cloud computing has made it possible for users to ...
Google Vision vs. Amazon Rekognition: A Vendor-Neutral Comparison
Google Cloud Vision and Amazon Rekognition offer a broad spectrum of solutions, some of which are comparable in terms of functional details, quality, performance, and costs. This post is a fact-based comparative analysis on Google Vision vs. Amazon Rekognition and will focus on the tech...
New on Cloud Academy: CISSP, AWS, Azure, & DevOps Labs, Python for Beginners, and more…
As Hurricane Dorian intensifies, it looks like Floridians across the entire state might have to hunker down for another big one. If you've gone through a hurricane, you know that preparing for one is no joke. You'll need a survival kit with plenty of water, flashlights, batteries, and n...
Amazon Route 53: Why You Should Consider DNS Migration
What Amazon Route 53 brings to the DNS table Amazon Route 53 is a highly available and scalable Domain Name System (DNS) service offered by AWS. It is named by the TCP or UDP port 53, which is where DNS server requests are addressed. Like any DNS service, Route 53 handles domain regist...
How to Unlock Complimentary Access to Cloud Academy
Are you looking to get trained or certified on AWS, Azure, Google Cloud Platform, DevOps, Cloud Security, Python, Java, or another technical skill? Then you'll want to mark your calendars for August 23, 2019. Starting Friday at 12:00 a.m. PDT (3:00 a.m. EDT), Cloud Academy is offering c...
What Exactly Is a Cloud Architect and How Do You Become One?
One of the buzzwords surrounding the cloud that I'm sure you've heard is "Cloud Architect." In this article, I will outline my understanding of what a cloud architect does and I'll analyze the skills and certifications necessary to become one. I will also list some of the types of jobs ...