History: AWS Lightsail

Source of version: 30 (current)

! Create an Amazon AWS Account
LightSail is a very affordable (almost free depending on usage) cloud computing platform that is great for running TikiWiki for personal projects or small collaboration groups.
Another aspect of LightSail is that it is geared for easy to setup and maintenance with just the bare amount of features that you need to run a professional looking TikiWiki.

!! AWS Lightsail Requirements
Given the high security requirements of Amazon AWS you will need a virtual Two Factor Authentication device. Google provide a good virtual Two Factor Authentication app on the [https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_IE&gl=US|Play store] and the [https://apps.apple.com/us/app/google-authenticator/id388497605|App Store] 
!! AWS Account Creation
*Go to the AWS account setup page [https://portal.aws.amazon.com/billing/signup#/start/email|here].
*After email verification you then use the AWS sign-in page [https://console.aws.amazon.com/console/home?nc2=h_ct&src=header-signin|here]. 
{img type="attId" attId="113" thumb="box" height="55%" width="55%" desc="AWS Login" alt="AWS Login" responsive="y"}

*When the AWS account page opens click on your account name in the top right corner.
*Next click Security Credentials.

{img type="attId" attId="114" thumb="box" height="55%" width="55%" desc="aws security console" responsive="y"}

*Next click the Multi-factor authentication (MFA) sliding section.
{img type="attId" attId="115" thumb="box" height="55%" width="55%" desc="AWS MFA Setup" alt="AWS MFA Setup" responsive="y"}

*Next click MANAGE to setup your virtual MFA device. Once your virtual MFA device can generate codes as shown you will be able to login with increased security.

{img type="attId" attId="112" thumb="box" height="95%" width="95%" desc="Google virtual MFA device" alt="Google virtual MFA device" responsive="y"}

*Back in the AWS Management Console select your preferred local data-center.

{img type="attId" attId="116" thumb="box" height="55%" width="55%" desc="AWS LightSail data-center" responsive="y"}

*Now do a service search and type in "Lightsail", when the Lightsail icon appears click it to start the setup of the next stage.
{img type="attId" attId="118" thumb="box" height="75%" width="75%" desc="AWS Lightsail Service Search" alt="AWS Lightsail Service Search" responsive="y"}

*You are then presented with instance creation page, click "Create Instance".
{img type="attId" attId="119" thumb="box" height="55%" width="55%"desc="Lightsail instance creation"  responsive="y"}

*From this point forward its up to you to go with your preferred configuration.
You can setup a linux instance by following one of the many great tutorials on the AWS Lightsail website.
**[https://lightsail.aws.amazon.com/ls/docs/en_us/articles/getting-started-with-amazon-lightsail|Setup Linux Instance]
*Due to the lower compute power of the Lightsail instances your TikiWiki database will have to be placed in a separate database instance that is easy to configure when following the AWS Lightsail tutorials.  
**[https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-creating-a-database|Setup database instance]
*To secure TikiWiki you should configure your web-server to use SSL encryption when serving content to clients.
!!MySQL SSL
*Given that the TikiWiki web-server and database server are not on the same virtual machine the contents of the TikiWiki database will be traversing Amazon's AWS data-center in the clear so you need to encrypt this web-server to database connection with SSL.
*Get your preferred AWS Lightsail certificate from [https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-download-ssl-certificate-for-managed-database|here].
{img type="attId" attId="120" thumb="box" height="55%" width="55%" desc="AWS LightSail root certificate" responsive="y"}

*When you have everything configured to your satisfaction in TikiWiki and all seems to be working, you should then encrypt the web-server to database connection by placing the certificate file "rds-ca-2019-root.pem" you downloaded from [https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-download-ssl-certificate-for-managed-database|here] into the cert sub-folder on your web-server.
{img type="attId" attId="121" thumb="box" height="90%" width="90%" desc="Lightsail root CA file location on your web-server instance." responsive="y"}
*END