AWS Cloud Development Kit - Infrastructure Is Code (From Beginner to Professional) | Kumar . | Skillshare

AWS Cloud Development Kit - Infrastructure Is Code (From Beginner to Professional)

Kumar ., Cloud Architect | Alexa Developer

AWS Cloud Development Kit - Infrastructure Is Code (From Beginner to Professional)

Kumar ., Cloud Architect | Alexa Developer

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
53 Lessons (8h 12m)
    • 1. AWS Cloud Development Kit: Why should you learn it?

    • 2. AWS Cloud Development Kit: Course Structure

    • 3. What is AWS CDK?

    • 4. Getting Started: AWS CDK Prerequisites & Installation

    • 5. Create your first CDK Stack & Deploy It

    • 6. AWS Cloud Development Kit: Where is the sample code?

    • 7. Learn to customize stack resources & How to get help

    • 8. Infrastructure-Is-Code: Version control your Infrastructure

    • 9. Plan & Visualize your deployments: Diff your changes

    • 10. CDK Tokens: How to Export/Import Stack Values - Cfn Intrinsic Functions

    • 11. Stack Cleanup: Destroying the App's Resources

    • 12. Opt-Out from CDK Metadata Version Reporting

    • 13. DTAP in CDK: Dynamically customize stacks based on inputs for different environments

    • 14. Deploying stacks to Multiple AWS Regions & Accounts: Best Practice

    • 15. Customize Stack Parameters: CDK Context variables

    • 16. Build Multi-AZ Production Ready Custom VPC

    • 17. Add Tags to CDK Resources On Creation

    • 18. Tagging At Scale: Easily Add Tags to ALL Resources in the Stack

    • 19. Import Pre-Existing External Resources: S3, VPC

    • 20. Launch EC2 using CDK

    • 21. Customize EC2 Instances by Bootstrapping them with user data

    • 22. Launch EC2 with Custom Instant Profile - SSM Agent Role - Login without SSH Keys

    • 23. Launch EC2 with latest AMI in any AWS Region - Portable Region Independent stack

    • 24. Improve EC2 Performance with EBS Provisioned IOPS SSD Volumes

    • 25. Highly Available Web Servers with AutoScaling & Application Load Balancer

    • 26. Create AWS SSM Parameter & AWS Secrets

    • 27. Create IAM Users, Groups

    • 28. Create IAM Role, Inline & Managed Policy

    • 29. IAM Resource Policy: S3 Bucket Policy

    • 30. Create RDS Database

    • 31. Import pre-existing Cloudformation templates into CDK

    • 32. Create SNS Topic & Subscriptions

    • 33. SQS: Fully Managed Message Queues for Microservices

    • 34. Serverless: Create Lambda for Event Driven Architecture

    • 35. Create & Manage Lambda Log Groups

    • 36. Serverless: Lambda Source Assets from S3

    • 37. Schedule your Lambda Function: Cron in the cloud

    • 38. DynamoDB: Key-Value Database

    • 39. Grant Least Privileges to your Lambda Functions

    • 40. API Gateway: An HTTP endpoint for your Lambda function

    • 41. CloudWatch Alarms

    • 42. CloudWatch Custom Metrics, Filter Patterns & Alarms

    • 43. CloudWatch Live Dashboards & Widgets

    • 44. Deploy a static website with contents

    • 45. Reduce Latency and Protect your site with Cloudfront

    • 46. Serverless Event Processor Architecture with S3 Events

    • 47. Serverless REST API Architecture: APIGW, Lambda & DynamoDB

    • 48. Serverless Stream Processor Architecture with Kinesis

    • 49. Serverless DynamoDB Event Processor Architecture with DynamoDB Streams

    • 50. Containerized Micro Service Architecture with ECS

    • 51. Run Containers without managing servers using Fargate

    • 52. Serverless Batch Job Architecture with Fargate

    • 53. Serverless Multi-Person Chat Application

  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.





About This Class


AWS Cloud Development Kit (CDK) - Infrastructure-Is-Code

Provisioning cloud applications can be a challenging process that requires you to perform manual actions, write custom scripts, maintain templates, or learn domain-specific languages. AWS CDK uses the familiar and expressive power of programming languages.

AWS CDK gives you components preconfigured with proven defaults, without needing to be an expert. AWS CDK provisions your resources in a safe, repeatable manner through AWS CloudFormation.

Note: This course assumes you know how to use the AWS Cloud. It will help you transform your solution architecting skills into CDK Stack.

You have five modules to work your way to AWS Cloud ☁️ Development Kit. Each video lesson includes the demo code. You are encouraged to follow along with the code shown in the video lesson.

  • Chapter 1 - Getting Started with CDK
  • Chapter 2 - Create AWS Resources and Customise resources to suit your needs
  • Chapter 3 - Create Serverless & Deploy Serverless Application Resources
  • Chapter 4 - Create Advanced Use-Cases and Architecture Pattern
  • Chapter 5 - Create & Deploy a fully functional application using CDK

This Course Also Comes With:

✓ Lifetime Access to All Future Updates

✓ A responsive instructor in the Q&A Section

✓ Links to interesting articles, and lots of good code to base your next application onto

✓ SkillShare Certificate of Completion

This is the course that could change your AWS skills.

Learning and getting hands-on on AWS CDK helps you to enhance your career opportunities and helps to boost your income. An investment in your career is an investment in yourself. Don’t procrastinate. There is no time like the present to take charge of your career. Take your career to the next level by learning AWS CDK today!

Take the course now, completely risk free !

Meet Your Teacher

Teacher Profile Image

Kumar .

Cloud Architect | Alexa Developer


Class Ratings

Expectations Met?
  • Exceeded!
  • Yes
  • Somewhat
  • Not really
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Your creative journey starts here.

  • Unlimited access to every class
  • Supportive online creative community
  • Learn offline with Skillshare’s app

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.



1. AWS Cloud Development Kit: Why should you learn it?: Hey there. Thanks for picking on my covers. If you are an AWS professional on, you're thinking is this right course for me? Are, um I in the right place? Then don't worry. Give me a few minutes so that I can explain to you what this course offers and why you need to take this course. If you have been some time working with AWS than you might a provision, some resources in AWS, it might be with told formation or aws Samsel lie or with genetically on the ceiling or the court soul. But all of them have some problems with the data. It is not reproducible are you have a lot of errors because you are doing it manually or sometimes it is very time consuming to deploy the same resources consistently in different environments. On there is a lot of conflagrations in tax if you take, for example, a simple BPC, but it require about 300 lines of confirmation code. And if you're doing it through the control, it takes about a few minutes to reply. All this course is a lot of details. You need to remember everything so that you could consistently deploy that is when you, this course, come to the picture. Is that a better way of doing things? Do you always have to suffer all these things? That is where AWS city It comes into picture to take away all these problems that we're facing. So let us go ahead and see what AWS Syndicate offers. When you're talking about Sirikit CD, get uses a familiar programming language. If you are a job a developer are fighting. Developer are no chairs or typescript or dark net. You can go ahead and write infrastructure code using your own family or programming languages. It just doesn't stop there. You can use higher level concepts created by a lot of people in the open source community are provided by Amazon itself, so you don't have to go ahead on confident each and every detail. A lot of default values, which are from Arab use best practices, learn from multiple customers are provided on the construct itself so you can deploy and BBC in a bowl just three lines off code, and finally, you can treat your infrastructure a school. What this means is you can have programmatic loops. You can go ahead and checks for conditions, whether certain values are set as enterprise practices. You can also write s cases before even deploying them and do some driver. So Sirikit offers all these benefits. So in this course, what I'm going to show you is how to install and configure CD K on. Then we will also go ahead and see how to create your first stack on. Once you create your stack, let us go ahead and see how to use the best practices on all the tribal knowledge that is accumulated by all the people all across the open source community. And then we will try to see how important existing resources I'm customize your stacks so that you can deploy them in different environments. And finally, we will create a multi tier resource stack. It just didn't stop there. They fell just a high level Concepts off what we're going to see in the scores. If I go a little bit deeper, some off them are listed here. You will see how to create a lambda functions how to create crown in the cloud, even driven architectures. A fully functional chat application also will be shown how to be pulled from the ground up . So you no longer have to just listen to the videos and you need to scratch your head out to do them all the court and all the demo is available for you so you can go ahead and practice it in your own account if you're still waiting for it. Here is the latest offer for you. There's a special discount coupons available. One Lee for you. I need is available for a limited time. Go ahead and choose that on. Get that benefit off the scores right now. See you on the other side. 2. AWS Cloud Development Kit: Course Structure: Hey there. Thank you very much for choosing the scores on taking the time to become an expert in seedy que onda Ada viewers. Let me walk you through how this course has been structured so that you can get the maximum value for your time and effort you are putting in. This course has been structured in four basic models on in These basic models will go ahead and see how the concepts are. Therefore CTK on from their own words. You'll go ahead and start building higher level at once concept. So let's go ahead and see what are these four basic concepts that we have in Chapter one? We're starting at the very beginning. We're introducing ourselves to see DK on. Then you're going ahead and finding what are the prerequisites? What is the insulation requirements? Creating our first stack on deploying it, deleting it. I'm creating some best practices out offer, So that is what we're going to see on the first chapter on in the second chapter. What we're going to do is we're going to take it one step forward. I'm here. We're going to create some silicate resources. We tap it on top off the existing resources we are going toe, customize them by creating some bootstrap comments on. Then we're going to create a multi account, multi region deployments. So these are all the indications off all the different topics. It is not just these ones that will be other models also there. So on the chapter three, we're going to take it a little bit one step forward on we're going to create our data basis. We're going to create essence topics and queues and user ladies and customize our policies on See how we can do it with minimum quoting or minimum effort. So once we have this basics, we take it a little bit for higher level. Now on, we're talking about several s applications. Lambda functions AP a gateways on the custom dashboards, alarms, matrices, custom logs and all those sort of things. So once we have all these tools that in our hand, then we go ahead to Chapter five, which is going to combine all these concepts on start Really, at once use cases in these use cases, you will see how to create some must stream processes. You will create some even drew on architectures you will create some containerized applications, so you will see all those use cases. And finally, when it comes to a chapter six, you put all your experience that you have learned so far in creating and chat blobby application on all the court for that is also provided here. So you go ahead and created on Gasol, your friends with the stat application. So let us go and take it one step forward. Now you learn CTK. You're deploying applications. Rachael, you go next. What I've done is I've created a list off activity that you can take it on your own sweet time on. Then go ahead and show it to the world. It is a kit of repository off a lot of challenges and you can go ahead and do it on your own personal time or work with your friends and see what you can build with. Finally, to help you with all this activity, I put together a complete list off resources that will walk you through with all the demos and everything on most of the code is available in gator on. You can go ahead and forget on Makesem pulled request. If there is an improvement that you need to make. Finally, if you have gone through all this way, I would like to see you on the other side. Then you are becoming acidic. Expert. Thanks for taking the time and see you in the first lecture. 3. What is AWS CDK?: Hello, folks. Welcome back. Let us talk about AWS Cloud Development Kit or City Gate address. It has been called. This is a new deployment framework that Amazon has launched. Two helpers Prohibition Cloud Resources. Let us go ahead and see what is wrong with it. Existing my turns off provisioning resources when you want to provision some resource on the cloud, One of the common ways of doing it is a manual way. Let s say you want to create an easy two instance. You go to the control, click on a few buttons on, then you get that resorts created. It is very easy to get started. The problem with this approach is it is not going to be easily reproducible. It is going to be error prone because you need to know where you need to click on what you're clicking it on what output it is going to produce. Likewise, it is quite time consuming as well. The other approaches a scripted approach. Maybe you will be using an AWS. A CIA light to create a resource or some other sdk is to create a resource that are some big force in this approach. For example, if you're calling an A P A on the AWS side on for some network reasons or some other delays that is AP called face how you're going toe handle that failure. Are you going to handle the failure in a script? Then your script becomes bloated with error handling on not just having resource provisioning. It is also having the difficulty off making updates. So whenever you are wanting to add more resources or want to change some resources, how do you make those updates? Because the scripts had to be watching control now. Likewise, How do you know which is the source has been created? Are you going to wait for the A P A. Call constantly pull them and find out what resource has been created? Or so if the resource has been dependent? Are you going to wait for that? Finally, if for some reason you want to roll back, how do you roll back when your script is being running or an impending state? So these are the some of the problems that you have with a scripted deployment. The other approach is using and the source provisioning engines like, for example, you can use the total formation engine are the template on the back off, which is having a Justin format or an amul format. Then you give it to the cloud formation service, that provision of the source for you. This solves some problems like, for example, it is very easy to ultimate. You can replicate the resources in multiple and amendments or multiple regions, but at the same time you need to learn a new syntax, which is not quite convenient. For many people are people who are just beginning to you store information, then the Jasons Index can be quite daunting. The other problem with this is that is not a lot of obstruction. For example, if you return a court formation template on, if you want to create a VPC, you're typically going to write about 200 lines off court. There, finally, that one more upwards that the people take when you're trying to write a resource and more document object model is using some tools like a troposphere or spark information, another layer off obstruction on top off port formation itself. So this against all some problems, for example, you're writing the entire court in the real cold format you're using an I D. You re rating in the court and fight on or Ruby or some other language on. You are also maintaining your desired state here because you're saying I want this vpc I want to submit to be this on. Then I wanted easy to instance on top offered You are informing the tool that this is the decided state you want. But there are some problems with this approach also, for example, the abstractions is not building. You need to write your own obstructions on top of confirmation. For example, if you're using troposphere, you're still writing around 200 lines off court for just creating and vpc. So this is where City Gate comes in. This is a completely a different approach. You are going to look at your entire infrastructure as competent dies, too. So in this case, if you want to create an application, you can agree a thing off. Your application has made up off different stacks, which is the same as they're called formation stack. But you're going to use the building concepts that Amazon provides you. So, using those constructs you're going to compose your infrastructure on then the city cables synthesize Ondo formation template for you, which is again deployable using your familiar deployment mechanisms. So CTK provides you on list off higher level resource constructs on. Does the source concepts have defaults built? And, for example, if you want the lunch and BBC, it already has the logic to deploy in that instance, and the greater voting tables attach an Internet gateway on all those defaults are building with some tea for security groups. Also, you can think off the constructs as an comm portable cloud components on using those components you will really complex and architectures. So when you're talking about higher level concepts or library, Amazon s published the reference documentation, which has construct library for almost all the resources on there, constantly updating it for every new service on whatever services not there that is also getting updated as we can see, some off them has been updated frequently on the questions for each of them. Keep changing on. If there is a new service that is coming up on, they do market with experimental, and then you can go ahead and use them. So the advantage of the nurses there are two levels of concepts everyone and L two. So if native CTK contact is not available, you should be able to still call on a cloud formation resource if it is supported from Siddeeq it directly. So, basically, if you're writing CD K, you can write the city. Callable resource are used the Native Cloud Formation Resource on the other advantage of using Sirikit ISS. It is a mighty language software deployment framework, meaning that you can write your court and multiple different languages. It can synthesize into an AWS court formation template which can be watching controlled in your get report centuries. So what are the different languages that are supported today? You have ah typescript JavaScript, Java Dark Ned on by dawn on, go on. It is an open source framework so that you can go ahead. Andi, extend them as required. If there is a concept that is required for your organization with some certainty Fort pre baked in. For example, if you're creating an s three bucket on, you want the extreme, but get to be encrypted by default on no public access. Then you can create another concept on top off city case. This source concepts then you can publish it to your organization so that they can go ahead and use them. So from a bigger picture, this is what is happening under the hole in Serie K. So you write your source court for CTK on. Then you ask Siri, get to compile it on. Once it is compiling, it is going to pull up the court. But do the allegations on it is going to generate and or formation template. So basically, this is the assembly language off the AWS cloud on this is into the AWS confirmation service on. Then you deploy it. Now that you are writing cold as native language is no longer your infrastructure has to be treated. Escort your since infrastructure has become course, so because you are writing it natively. So in the next lecture, we're going to see how to install CTK on get started. 4. Getting Started: AWS CDK Prerequisites & Installation: Hello, folks. Welcome back. We have been hearing a lot about AWS CTK on how it can revolutionize the provisioning off infrastructure by using really cold it is. Go ahead and get started on DSI. What is required to do that in your development machine? Whether you're using a laptop or desktop, our Cloud nine environment one of the main things that you need to have in your laptop so that you can start quoting in seeing again that is what we're going to see today on it is highly opinionated view because when you're talking about programming languages that are many options, as we saw earlier, City Gate can be done and Jaguar by. Don't go darknet on all those languages. So this predict was said M O is going to be highly opinionated on. We're going to do that in a line X based laptop we're going to use by. Don't ask our primary development language it is. Go ahead and see what all the things that are required when you're talking about prerequisites, some off them are listed here. One is an aws see lay on. Then you also need an AWS account for experimentation on also user with privileges to provision resources in your account on you also needed nor Jace environment. It is going to take the poor, whatever language you're writing it and then working it into a JavaScript on. Then from there it gets converted into court formation. You don't need to know about all those things you just need no Jay's installed on your laptop. I show you in a short, wide if you don't have it, how to install it or from where you can get it. And then we also need an I d tool kit that you can attach to your I d on then the runtime environment. In this case, it is going to be fighting. So the first really quizzically the school hadn't see it and a WC like So I am going to use no Lennox laptop. So the Arab Lucille is already in salt. So just if you don't have with if you want to confirm it, I'm in my terminal, so I'm just going to run aws configure on. If you are getting a prompt, then it means that it has been already installed on configured with your kids. So if you don't have the keys. This is what I meant by having an account with privileges. Go ahead and get your access key and secret key on. Go ahead and configure them on for the rest of the demos. I'm going to use us East as my primary region on open former can be man as well. So we have enemies, Seeley configured and I also have a user configured. So now that we have a wc l a and also configure it a school head and see what the other predict was that we need So no Js we need to have no jay's in your account. So if you're in Windows, you can go ahead and get it in the no chase website or if you're in a Mac or some line express laptop, you can use rule on, then insert nor jays. So I also have no chase all the insult. If not, just go ahead and install it. So I have no Jay's on the pushing that I have is washing 12. That should be good enough. You can see here a strong is your about. Then we're good to go. So that is another prerequisite that has been satisfied, So I d again this is going to be quite a tricky one because everybody has a favorite I d in this case. What? I'm going to use its visual studio code as we can see here, the sorts of recommended by the CBK platform. Because there are some tool kits available, there are some extensions available. Other ideas might also have the same thing. It's up to you Totally. Which one do you want to use? But in this case, the one that I'm using is I'm assured, Studio Court And I helped us to my state or for my use case. So go ahead and choose whichever i d you are comfortable with. So now that we're done with the I d or so the next political is it is the language. So if you have noticed it already my i d. You can see here I have by tone 3.7 or so have by default. It comes with Piper on 2.7 hold. So So I can change my room anytime when you're writing a program. So if you are not having a I don't install, go ahead and install it on just to show you. You can see here. That is the fight on two. And I also have a fight on three s. What? Likewise, we will need Pip three also. So if you don't have weapons, start go ahead and install. Pip and I have configured for board abortion pointing my T 4 to 2.3 point seven so that I will always get the latest 3.7 packages. So you done with idea You are so done with taking the I don't language on there is one more important prerequisite when you're talking about right on ISS the virtual environment, because your city gate is going to create on get triple on. You are going to install packages in the question environment. So you will also need fight on which will envy. So what I'm going to do now is I'm going to run these commands in my environment to make sure that I have all the latest prerequisites. So remember this is by default pointing to fight on. So I'm just going to change it to bite on tree when I'm running it in my environment and they won't bite on to its deprecate er so I would highly recommend you to go help the juice by country as your default as well. So let this cup, since I'm using every day CD cape. Most off the predicted sits in my there were. Environmental is already installed, so if you don't have it in stock than this package will take some time to collect all the differences and go ahead and install them. So now we have the which will environment also on. Then we can go ahead on install Sirikit now. So to install City Gate, remember earlier be installed. No Jay's. If you're wondering why we're installing OJ's, this is the reason entire city a court is working on note. So this is the reason we need NPM install. So let's just go ahead and copied on. We needed to be installed globally, so little school had installed that if you want, do run it in the electoral environment, that is what supports it will remove the High Queen G and create a subdirectory on. You can have a normal city installed on your virtual environment. Also, that's also possible. So now we have installed a CD K. So if you go ahead and run a city gate washing. You should be getting in Western number there. That is one more prerequisite that the city gate code package is dependent on. We need to go here on install that one as well, so you can see him. We have already done the NPM install and Siddiqui washing. This is the other co dependency. So I'm just going toe run this on. Remember my purpose pointing to three. So if you want to install the fight on three packages, just make sure you're using the big portion three. I'm just going to update it. So now everything is said. Now we can go ahead and start creating our projects in Abuse city from one words. So just to confirm everything is good, I'm just going to get the washings of bill numbers. Get on. Remember, City Gate is getting updated really, really fast. That is a lot of developments is happening. A lot of new features are getting at her, but fixes are happening. So on weight off on Amazon, make sure that it is backwards compatible. So if you guess if you're stuck up on something and that is a bug and if you're not sure I highly recommend you to go ahead and update your city K and try to compile it. Your daughter formation good again. So keep your city as close to the latest, which and it's possible that this will be my recommendation. So no, we're done here. In the next demonstration, we'll go ahead and start creating or projects and creating your stacks from their own words , actual watching. 5. Create your first CDK Stack & Deploy It: Hello, folks. Welcome back on your we saw. What does he gave? How it can revolutionize the way you can deploy infrastructure using really cold. Then later we saw how you need to get the prerequisites like no jail despite on your I d on nearly eight of your cli on those things in your living woman so even. Go ahead, create your first back. Now only steps are done. Let us go ahead and greater for stack on deployed in our interviews account. Let's go and get started. I'm going to use visual studio called as my dough environment. If you have decided to use another I d. You should be able to follow the same commands there again. My recommendation is go ahead and your special studio because you also get this AWS uh, toolkit, which allows you to trigger some Lambda functions or get some logs and see that in your control itself. Anyway, let's get started. The first thing we need is an directory. So I'm just going to create my first project on I'm going to initialize and scaffolding. So there is a default app which will give creating an empty scaffolding for us. I'm going to use that. There's also example aptitude provisions. Some other sources like excuse. In essence, since we don't need that for a big energy level, I'm going to just say default app on. Then I'm going to say what language I'm going to develop. My CD gets back in. So in this case, it is going to be fightin if you're going to use a seat again. Another language. Gold on change. The language variables. There on there are some sample commands like ls which is going to list all this tax on your app on synthesizes going to create a close formation from the stack itself. On deploy is like a minus. The word stays. It is going to deploy in your camp. We'll go ahead and see them later when we go have our app which sells ready Now that we got our project directory. Next step is the most important step is creating and virtual environment. So here by default city get that's that for us? Let me just open it in the visual studio code you can see here I have opened it on my terminal here on then you haven't which will environment not me so let the school had an accurate or which will environment. This is really, really important part of the city because any packages that you install here will be part off the switch with environment and it will not affect other packages or other products that you might be developing in the same left aboard air environment. So make sure your project is activated. Your virtual environments activated. Then you start. There will be your stack. This is really important. So now that we have got it out of the way, if we go ahead and see your app, not people on fire since I named or Abbas ABP on you can see here that is Ah, deport Waske unfolding here on then the stack itself that the resources are going to be built is here. This is the place where we are going to create our resources on you also. See, here there's a wiggly line. The good packages have missing because I have no, we have not installed any of the different NC packages. So in any time you need a dependent package, you can use the command to install it. In this case, I want an aws underscore CD Cato Corp package. I can go ahead on toe. That s so this will install the different packages on, but also the committee. If there is an update possible, it recommends you that I'm just going to do that as well. But I would strongly recommend duty. Go ahead and use that equipment. Start txt fight. Say, for example, the stock is going to create an s three bucket for this. So the aws service for that is AWS underscore City Gate innovators under school history on if you're wonder Lamba or something So it is going to follow the same thing and abuse hyphen CTK, dart eight of yours underscore lamp so that anything is having the same structure. So it abuse followed by the service name. So in this case, we're not needing a lamb that you're just going to remove this and just look at them CNN dot core Save this file. Once you have saved this one installed all the different packages but using this command here. So I'm just going to install the court as well as history on If I go back to my app dot b y that the bigly lined will disappear because it will start picking up the project defaults because we haven't solved the dependencies on later school had an import our AWS extreme package as well You can in imported like this, but I would strongly recommend you toe Let me just go ahead and order formatted But the white collisions with the global name spacing. So whenever you're important, just go ahead and say underscored s three. So this way you are not going to have any collisions with any other packages with a similar name there. So we have got almost all over steps ready. So let us go ahead and create or reinforce toe resource that is going to be a restaurant pocket. So this is going to be the construct that we have imported s three No bucket. So we need an identify it. This is a logical identify, not the name off the bucket. I'm just going to say my bucket I d. So this is always required Toe created source, for example, in this case, actually, so let us see if everything is fine. So if you do an exit gate ls if you're not getting an error, that means that your project iss good. All the dependencies are met on automatic. It's going to create and see the gate or owt directory here on inside this. It will go ahead on the list of the core permission. If I go ahead and run this command native new assistant, it is going to create the necessary told permission from Breitbart. All the sources to create our history. Bucket here, tree. This is a social. My in the eyes, my bucket on. Then it says, uh, this is the resource. I'm going to create an update. Policies retain. So if you're going to deploy the bucket for the first time, then you need toe run this command that CTK a bootstrap. This is one of the first time that you are going to need it. Let me go ahead and show you my information. So here I am, in the total formation as off. No, you can see here. That is no stack related to see decay or the bootstrap on for s trivia having only three pockets here. So let me just go ahead and run. Bootstrap. So basically what this is going to run is, uh, apparently made on the other there. Now that is one what headed that boots travel I can't spend today. So this is going to create the scaffolding, basically needs and bucket valid and states the templates and then push it toe confirmation on Deploy the stack itself. So it is going to create a packet for temporary pocket, which is controlled by city. It's a Ford is going to happen now. You can see here there's in staging bucket that is getting created on a greater necessary I am roads so that it can go ahead and report. So this is another reason I said, when you're creating an embassy late on the profile that provide should have privileges for creating about these resources with the city. So when this is happening, let's go to our countdown. Just refresh it. That must be one bucket. Here. You can see that staging, but created unlike ways if I go here and refresh it, there must be in a bowl shopping stack. Let me just remove this winter, you can see here that is in the city. Get to naked on it is complete. So if I go back here, it starts of computer. So my stack is ready on day. I have the bootstrap in place. So finally let the school head on, deploy our stack. So what this is going to do is it is going to send my told formation template into the staging pocket and then create a pro formations tax set and then deploy those resources. So you can see here is say, is creating proclamation. Changed it. If I go here and refresh my screen, that must be one more stack. Here you consider my first city. Their product is happening on. Then if I go under Fillon's already it is a complete elements here. All the bucket has been created at the school have and see whether the new book it has been created. So be how our first bucket that is my first city get project. My bucket I'd even see here. My this was has been created. So this is how you create a resource using city again in the next video, even see how you can customize it. For example, in this case, we had no control over the bucket name or any of the attributes that is required for the bucket. For example, if you want tohave encryption enabled or, if you want to have washing enabled. We were not able to do that. Let us go ahead and see how we can customize the source creation on. Then we can deploy it in the next video. Until then, thanks for watching Happy learning. 6. AWS Cloud Development Kit: Where is the sample code?: Hey there. Thanks for choosing my pores on CTK. I have to send the course in a completely interactive manner with all the necessary court for you to follow. Be along in those chapters on the cold is all committed in get up so you can go ahead and flown them. Have access to the court anytime. On if any of you is comfortable with good on, you can make a pull request so that if there's a typo our there's a mistake. Then you can send me that really pulled request. I much them on. Everybody can learn from it. So now and let me quickly go ahead and show you how you can get the call for a particular chapter that you are going to do. A temple on the court that we're talking about is in this report country. If that is going to be another importantly, then I'll add them in their resources section off their cell course so you can go ahead and get that you are. And if you're not familiar with the get you have something called us, it releases on their races, you will have all the decks that are we're talking about difficult here and take on the tax section on all the comments out there. If you're not familiar with to get, you could go ahead and don't know the terrifying. Also that false are possible. I'm going to show you a simple mechanism by which you can clone the comet for a particular chapter on follow the demo. So the simple way to come flown a particular branch or attack name is this is the command you can use. Git, clone, heifer knife and branch. And then the tag name followed by the airport. You are. So if we go back to our repositories here on the throne or don't know you're you have both the SS that your asshole s the city s your let us say we want toe check out the court, which is talking about the tagging, all their sources. So this is attack we're talking about. We need toe check out this particular chord for this chapter. So we have to do is let us go to our terminal. So I'm just going to say, get clone hyphen hyphen branch followed by the branch name brand name. Followed by that you are So I say informed earlier, you can find you are here. I'm taking the SS that your if you want, you can go ahead and choose the Hester TVs. You are also so this support it is going to be locally cloned. So let me switch to that directory on. If you are using which usually go like me when all your just type court dark, they will automatically open me the directly in visual studio code on here. I will have the necessary cold for trying out this table in this particular chapter. We're talking about attacking the resources in. Usually you can see here there's a corridor tag or add on and there's a golden time, but you can go ahead and check on any off these tags on broil doors. Appropriate the chapters when you're practicing death, I won't name them all in and Judy Way. If there is anything that is missing or there is something is wrong, send me a request or just stopped it in the comments. I will go ahead and fix them for you. I hope you have as much fun as I had in designing the scores and preparing to scores for you I really like your feet back. Go ahead and write me an email or semi input couple request, or you can also raise an issue here. 7. Learn to customize stack resources & How to get help: Hello, folks. When come back in considering the city Gates series earlier we saw how to create our personal license back on deploying it, using the city get toolkit on within our stack We deployed in s three bucket And if you remember that stack was creating the S three bucket on gave a name off its one. For example. In this case, it is my first city gate bucket, followed by the logical idee handsome I identified at the end. What if you want to test a MySpace? How do you go gold customizing your resources so that you know that what you are creating and then you can refer it in other thing plants. For example, if you're creating and vpc you want to prohibition it with a certain I Beatrice off your own, you want to make sure that I p address ranges not overlapping with your other existing idea tresses on also with your corporate networks. So how we go about customizing post resources? So here we are in our environment on this is the court that we used to deploy our s three bucket on. You can see here we have just mentioned self that is cope off this object on also the logical I. D. So what this time I'm going to do is I'm going to add a packet. Name on. You can see here. It lists me all the property. This is one of the benefits of having an i d. Even creating a resource so that you can go ahead and identify water sources have acquired what information that you need to provide engages you. This information is not enough on the one toe, no more about them. What you can do is they're gonna go ahead on and check out their abuses. He degale if they were friends, I'll put this. You are in the description also on our resources. We can go and take it out on since I'm going to use fight on. So I'm going to go to the fighting here and then I'm going to search for s three. Let us go here on. I am trying to create a bucket. So I want to know all the properties that I can supply doing Bucket. So what properties have been if I go ahead and click on bucket and in the bucket last, I have all these properties and one of the properties will be pocket name here. So I'm just going to sense for it on when I said for bucket name, it stays that this is a physical name off the pocket on by default, it is assigned by court formation on it is also recommending that that should be default. The reason for that When your provisioning in a pocket with custom ice bucket name it needs to be unique so that it doesn't collide with any off the other bucket keys out there in the STD name space. That is why Siddiqui recommenced you to leave the bucket name to itself so that it can provision unique name on always. You referred to the logical idea that we have. Even then if you want oh, say that I want to provision the bucket then myself. Then you can go ahead and do that. So I'm going toe adds a bucket name and then I'm going to prime create a unique pocket name . So what I'm going to do is just saying my CD gay. They use the other stack name itself. Hopefully that is unique enough on just for some good measure I'm just going to throw some random numbers at the end. Andi let us. But our city gets that. So now everything should be simple enough. So let me just go ahead and build it. So whenever you making changes, save the change so that you can see here. That's a tiny dark that you enabled auto save. It might not be there, but let us just say with and then I'm just going to running. And this just to make sure that it's no others here and that I'm just going to say city case. And so when they do the scent, you can go ahead and check it out in your Medicare out repository. Or so this is our template on here. You can see here the bucket name properties added on the little school head on. Deploy it. So we saw this earlier. This is going to packaged our template on created change, said on denim. Trigger the changes on the cloud. So once it rolls down to the next step while just take you to the confirmation, our service and then we'll see that even said, see what has happened in there. So it started making the changes you can see here it is requesting an update for the creation of the new physical resource. Because but get names are universal. You cannot just born rename them. So City is going to create a new market for us now, So they just go back to our service here on this is our stack and you consider already update in progress on if I see here, that is new events in place. So let's go ahead and refresh your screen. Onda Uh, remember, really get there is not a religion pockets immediately, especially if it is an extra bucket. If there is another source which it thinks that it can daily safely, it will go ahead and delete them. Otherwise, it's just going to keep those resources. And when you're asking it to delete those resource, it'll ask you for a confirmation on. Sometimes you you will have another check box if you're going to the G A y, so that you can confirm that I want to delete this bucket. So update is complete lettuce goto our history console. Here, let me just close this. I'm just going to refresh my screen again, so hopefully that must be two buckets you can see here. That is two packets. This is the 1st 1 that was created earlier on. This is the other bucket we just now got created. So this is one way off customizing your bucket parameters. Let me just go ahead and open this presidential. Couple more things. For example, In this case, if I goto properties, you can see here The washing is not enabled. Onda, let me just go ahead and enable worsening likewise that it's known encryption also for this pocket. So let us go to our concern here on day. I'm just going to add questioning your bucket so you can see all the parameters of austerity. If I scroll down somewhere, I should be able to see washing. If not, let us just go ahead and start typing here. Actually, there's a bullion value, so I'm just going to say true here, it should be camps true on DSO. You know what? Watching in a wood Andi for encryption. You can see here that is encryption field here typing encryption on for encryption. It is an invaluable enormous enumerated. Well, because there can be different options. For example, when Jews? Yes, the managed encryption or the customer encryption or silver side encryption. So since there are multiple options, we need to back this way so you can see here all the three options are listed. So I'm going to choose game us managed. So I'm just going to think they would on then once against Gay Ellis to make sure there's no errors. Then let us do in sent here and once isn't to say 6 10 If you just go back here, you will see there is a silver said encryption enabled on also that must be in Washington. Here, you can see in question configuration status, neighborhood. So let's go ahead and deploy this now. So the change that has been updated let us go back to your console shares. You can see here. Still, it is not enable. So I'm just going to go back to Metro information. Onda. That must be some evens coming up here. You can see there's an update in progress, so I'm dead has been completed for the bucket. So just going to go ahead on the first screen here you can see here the wishing has been enabled Onda default encryption heroes of the famous encryption has been taken to place so you can go ahead and customize encryption. Also, to choose material form of encryption you want are ready custom encryption that you want to Jews as well. That is also possible. So by default you can choose a blues extreme anything on the parameters that you can send in so that the direct qualifications will be taken on and it predicted to effect. This is one way of using the services that is so another way. Because in this, uh, page Amazon has not listed any examples. That is another place where you can go ahead and find some examples. So if you go ahead and type by then, the CTK s three, they will bite and big package that we installed earlier on You can see here some of the examples that we're using, for example, of my first bucket on. Then how to enable encryption here on day. Also, if you want to do our some other parameters, that is also possible. So this is how you check you for your resources. Take some examples on, then start customizing your gored. Since the league is being constantly developed that are always the new examples coming up on the Internet. And sometimes you might be the person first time using that resource are customizing that resource in a particular way. Then you might have to go ahead and publish those examples in get up. So in the next video, what I'm going to show you is how you can control your stack so that you know what differences at their what changes were made on. Then you can share your results to the public. Also mandolin. Thanks for watching Happy learning. 8. Infrastructure-Is-Code: Version control your Infrastructure: Hello Falls. Welcome back. We have been used in silly game to play around with our infrastructure. We saw how to create our stack. We went ahead and deployed our stack. We made some changes to your stack on day. We also saw how to push those changes to our account. So if you notice it, all the changes that we made to our infrastructure was at the core level on. We were able to take those stages, tow a car. So when you are treating infrastructure score, why not introduce was in control for your infrastructure so that you can know what has happened when on who has made those changes on. In case those changes are not as desired, you can go back to the previous question off your infrastructure. So basically, you get an option off easily rolling back to a previously good state off your infrastructure without worrying too much on how to roll back on how you can go ahead and create a deployment strategy for your infrastructure. So that is what we're going to see. We're going to introduce wishing control for your infrastructure because it is written and purely needed gored. So if we go back to our repository right now on the left hand side, you can see the entire trio for repository on. If you're using visual studio, you can see here that get already tracks all the change files in your report injury. But you notice that there is or more than one dozen files, but we don't need all those things. For example, you need the files under the intrude folder or under the in before you just need only the coal fires that you need. So you need to keep tracking only those files. So the best way to do it is through and get ignore. So let's and get ignored for our project. So when I looked around when I was doing some projects in CDG and fight and there was not many get ignore really made Lee available. So I went ahead on created my own get or yeah, I'm going to put this link in the description so you can also go ahead and use it or modify it or make some amendments and then send me modified just so they just go ahead and copy This are easy and raise, too. Use that all wishing. So I'm going to create on get ignoring the root off my repository. So the moment I go ahead and paste this, you can see it. It's 1005 that are being tracked, but once we had a get dignified automatically, that gets changed so that the one with the necessary files are getting tracked. The most important thing is if we go ahead and see the get signal for the bottom section, it also ignores the vials and a CD. Get out. That also means that any template that is synthesized from your court is also left out off your question control system because you're going to treat you infrastructure called That is here. That's a real code, you know. Want to treat your synthesize to court? Asked the artifact that you want to keep it in your Western controlled a corsetry. You would probably want to store it as artifact in another losing control mechanism, so that is the reason it has been excluded them. If you want to go ahead and come in that you can manually add them by using the hyphen F common, I can show you that as well. But just know that the city get out is by default. It is ignored. So let us put our repository into the Western control system, for in this case, I'm using Kate up. You can go ahead and do that in a big packet. Are good combat or any poison control system that you are familiar with. So we're just going to take this project name Ondo. Let me go to my get up on to create a new repository and you re a triple on it automatically gives me the command so that I can set my repository toe remote origin here. So already we have a report here. So I'm just going to copy these commands. If you if we don't have it, then we need those commands so that the school head and set over remote this coming that I'm going to execute now will push the goal into our you know. So the system villages go back here on the refresh our screen to see the court has been pushed. So if I call here on my city project and go to my physical project, you'll find that the s three bucket court that we have it's not reflected The reason for that is we have not committed those stages so you can see all those changes are not reflecting here. So I'm just going to add the court on then the get ignore boys also require on city cages. And we will wait and see how to use the syndicate or Jason to customize your project so that it's also another important why we need to keep track off on requirements is where we have saying the dependencies. So I'm just going to ask that I'm saying this is going to be my initial commit and then I'm just going to commit it on. I can push it from here as well. So once the pushes successful, let us go head on and make one more change here on the Read me for I'm just going to remove the end. There's section here under in shame. Welcome to my first CD Gay project. Let's go ahead and come into this me find as well so we can go ahead and see the changes. Yeah, so changes have committed. So I'm just going to go back to my home folder here. So if I scroll down, you can see here will come to my foot CTK project and likewise, my court is also updated with my history information. So if you remember, I spoke about the city, Get out. Electricity is not being tracked. So in case if you want to add this while so you can go ahead and say, get on, get out slash my first. So if you just go ahead and press enter, it is going to give you an elder saying the falling parts that ignored by your get ignore file. If you want to add them, use the hyphen in flag. If you want added, just go ahead and and hyphen f on automatic. It gets tracked here so you can go ahead and add a coming message, adding my see offend synthesized template. So it gives you want to share your synthesized template with somebody are if you want toe, make it reproducible for some other people so that they can go and see how the template looks like. Then you can use this modern on. If we go back here, we should be able to find City. Get on out folder also here. Get this, Andi, Anybody can take this template and running their account. But John, where we have created a bucket with name so it might most probably not work because Asti James advocate name. But that is not important point. Oh, that was important. Thing is you consensus. I said template and chatted with your team are have other poor people who can do your cord and make it reusable. So just how you wasn't control your infrastructure on then keep it into on Western control deposits so you can roll back or look at the previous it is. And look at the comet history and see when the change was made. Who made it? Go ahead and try it. If you have any problems, put them in the comments on the questions section. I will try and help them with you in the next section. You go ahead and see how we can customize our environment using the city cages and file on add some matter groups there. Until then, thanks for watching Happy learning 9. Plan & Visualize your deployments: Diff your changes: Hello, folks. Welcome back in continuing the CTK cities to religious. See how we can prepare for your deployments in your environment when you make some changes to it. Infrastructure. It is always good to know what kind of changes that will be there on what is the impact off those changes in your environment, whether the resources are going to be deleted or whether the losers are going to be created or the existing resources are going to be modified. Now that all our infrastructure is cold, it should be possible for us to do it. If so, you can do that and find out what are the changes on how it is going to be impacted, which is very familiar toe anybody who is using kids or Washington your system. So when you do it, if you are going to have a deeper understanding off your core on, then for example, if that is an S three bucket that is going to be fortified with some public access are going to remove some public access for public website, Then you can be more careful not to quit. Those changes are have some additional controls and approval mechanism for those kind off impactful changes. So let us go toe over environment here. This is the stack that we have been using for deploying or estate bucket. You can see here that is questioning is enabled on encryption Also what set with K must manage So let us go toe and when which itself to see them. So the system bucket. If I go to my properties, you see question is enable for some reason your department or your team things that you don't ever need questioning for your bucket. Then we need to disable them. Unlike wise, If I goto my default encryption gutsier came is encryption without the campus air and it is there. So let's go ahead and change it to an extreme manage encryption. Likewise, they just try to make one more change here. If I goto permissions, you can see here public access is off, so I want to block on public access to my bucket. So that is what I'm going to try and do. Now I go back to my coat. It is as simple as changing my wishing to force here on then for extreme managed. I'm just going to remove this Andi. If I throw a dart here, it gives me an option about all the different encryption mechanisms. I'm just going to choose history manage this time on the final game that we wanted to do Waas blocking public access. So let's go ahead and trying to that block public access on in this case for rocking public access. So we have on a redefined the meaning here on you can see there are different options. For example, you want to block only public issues or you want to block Electra public access or really, the new issues that are coming in it is Start with blocking all effects of public access here. So little school head and save this fine on. I'm just going to activate my virtual environment. Remember, this is the most important thing when you want to work with the city K. So I'm activating my winter environment and do CTK Ellis to see whether my stack is having any errors or not. So now that we are, Stack is not having any errors, they just go ahead and do it if and see what differences that will be impacted in my and my team, I know. So the command for that CD case spaced if on it is going to combat it with the existing environment stack. With the new changes appear made on, it highlights it with different colors. You can see here we have changed the algorithm from AWS came us to and server side A to 56 . Likewise, the bubbly access have brought public access, has been unable. That's true on the listening is also being disabled. And that would be one more thing about it will say that whether your pocket is going to get modified or updated, we can go ahead and see that in the stack Said s Well, so it is deployed. This change. So once the deployment triggers and let us go door confirmation and see whether we can find the same changes that we have triggered here will be going there. Another recommendation, from my aside, is there is a ton off longer that indigent by CTK, so you can push all this logging information into your but management system or some kind of a monitoring system to measure how many changes have been introduced into our production environment. Harmony changes are damage of the when one meant harmony. Defects are the harmony. Break it and is that so you can have a dashboard on have rich experience off whole? What is happening in your environment? Unlike what you can have. Some approved mechanisms also possible so you can see the stackers deployed already. So before blowing and changing, I just want to go ahead and take you to the throat formation here on day in just a freshness screen here. So the status update Did that mean many Meister's and see here that has changed its on. The team says every time you together change from your CTK and new change said is created with an unique I. D. So you can die this unique I d along with your long from your CTK on. Find out what changes was made on what changed it was created. And what is the identifier? So here you can go ahead and take the Jason changes on it is going to list off the same thing that we just know folk a boat, for example, here is the block public access configuration on like why, so we will be able to find the washing configuration as well it's the encryption configuration or so so the bucket encryption. So there's one more thing here. The action keywords and you can see here are action is going to be modifying in case if you are looking for changing the bucket name like we did in the previous the demonstration you will be seeing and stuff are modifiable be saying that the new the successively created So now that we understood that changes that has been triggered on the death element is also updated and changed it. Let us see where the detainee is actually getting implemented. Let me leave the spirit. Asset is I'm just going to talk to get this page on. You can see it. That's a block. Public access. A swing set is no here on all the values are also know here. If I go back to my previous tab, you can see her on the values her off. Likewise, if I call here and then go to my properties, my questioning should be turned off. Unlike waste, my encryption is also said to a is 2 56 So that is how you use def command toe. Understand what changes are going to be made When you make a change, your confirmation. Andi, stop deploying it and finding out. But that was a making change before itself. You can take some corrective actions on deploy the successful changes wanted to your production environment. Thanks for watching Happy lying. 10. CDK Tokens: How to Export/Import Stack Values - Cfn Intrinsic Functions: enter falls. Welcome back, Inventing or CTK. Siri's Let us talk about city get tokens, which is very similar to the confirmation intrinsic functions that you might be using. Takeover scenario value or creating and publication. Whenever we're talking about a member application, that is always some more friend and stack that you will deploy, which will have s three bucket. But when you put in, the CS is on synthetic objects that are required for your website on. Then, when you're grading your Web servers, you need a pass on the information off Minister pocket which region it is located on. Other information about the bucket needs to go into your left ear stack, so you need that information from one stack to go to another stack. Typically, what happens is if your family with more information what you will do is you will write in old Foot. As you can see here, you'll say, this is my pocket I d. On. This is the bucket name on you use the export functionality in one off the stacks on you. Will you go ahead on import that value into Europe tear stack so that the market can be used when you're talking about the city, get you have a similar functionality here on that functionality is exposed by the cold off city. Except so let us go and see the documentation for that. So under core, you will find something called a sissy Fono porch. Or if research for outputs, your begetting that on, then let us go toe foot section. You can see your volume dimension is a logical i d on what value it will be on if you want to apply some conditions are descriptions on what should be the export name or so so that the other sex can big it up. So we're going to try this in our account now. So the other benefit off tokens are these offering values. The tokens can be a string value, or the tokens can be in list value or it can be a number. So since we're running it in a real gold, you will be able to print it out. What do you see? All the guns. Only something like this. You see a token value like since some tokens are string values, you can do some links. Check for example, if you're getting it from another stack. You don't know what values are passed to you. You cannot trust the value mass it is. So you need to do some validation on since you're writing the entire stack and really cold , even go ahead and manipulate them. Find out the link with their especially characters are there or in guesses, you're creating a bucket name. You cannot have income, our dot or some special characters it so you can go ahead and manipulate that spring, will you? And then put it into your function so they just go to our stack. So here on the project director, let me activate My ritual in mind went first. So here is my stack here. So let us go ahead and try and create another bucket. So for opening a function, we need to told this value in tow. Object. So let us go ahead and create another Birgit. I'm going to call this as my pocket on. Then let us go ahead and quickly added another bucket. It's so this is going to be my bucket. My bucket, I d. So I'm not going to add any description or anything in any other values here. Just leave it as it is. So next is going to be are going to export this while you are used to see if an output. So I always prefer toe store the output are this told them in the object. So I'm just going to call this as open one or if you have one to have multiple annuals, that it's also possible so that you could keep on incriminating and find out which puts have been banner, which reports that would not be bad. So we already important court. You can see here the beginning. You have a core here so you can go ahead and access the objections, said Core on. We're going to use the CF an output. So once again, the scope is defined on going to call this as my bucket of foot one on. Then I'm going toe actor by new again. We're talking about vital functions so we can use a very simple white on what was here. So here I am going to say are just not doing this way. That is just the first time that I do just like this. My bucket question. It is not just like this. My bucket docked, but get name you can see here. All the attributes off the market are listed here some just time. We're going to just use the market name. That's it on then, if you want to our description for this. So I'm just going to copters as this is. Remember, the description has to be string well, new my first to see the work id on. We also need an export. When your password you can see here. That is export name. I'm just going to use the same thing that it seems to be here spilling here. Let us go ahead and choose that. So let us see if everything is fine. Let's do one scenic Ellis. So you can see here. You cannot create it. Do get, uh, nautical ideas. So already we have in my pocket i d somewhere here. So I'm just going to call this as my bucket. I d one so that we could fix that other. Did we save the fine? No, I didn't see it with the fire. You can see the doctor there. Okay, let me say we don't that run it again. My stack. It doesn't seem to have any better than this. Go ahead and doing def. I see. What are the changes you can see here? That is an output that has been added. And then that's the new resource that is going to be created. So before we go ahead and deploy this, let us let me take you to my cloud formation. Temperatures is the stack that we have on right now in the oval section. We have nothing here, so let's cool head and deploy this on. Come back and see what happens. You remember the previous one we checked out. What is the change That? So if you go ahead and look at the change that it will be saying action is going to create little school and check their past well, so we should have a change said by now, Hopefully this is the new one they just called or Jason changes and you can see that there's a tight resource and then it's, ah, completely numerous or that it's going to be created. So this is the value that I was talking about earlier. The action was modified because we were changing some attributes, often existing bucket. Now we're creating a new resource that so the action is add. So let's just go back here and see if the stack updates have been completed. You can see them Bridges company that is called the output. So here you can see here. This is my key value. I mean, this is Mickey, my bucket open one. And then this is a very This is the name off the bucket that has been created on this is export value. So any stack that you're going to create no one words can import this value into that stack on access the bucket name directly into that stack itself. So that is how you export value Self from one stacked, another stack. So you remember earlier I spoke about doing someone numerical validations. So if you want to do some regulations, let us say your business don't, because our topic name is going to come from somebody else to say ABC x y Z that for a moment assumed that this value is coming from another stack. So what you can do is city allows you to have some validations on top of the token, So I'm just going to say, if not, I'm just going to take that This is a spring on. Whether it is the value is less than 10 or not. So I'm just going to say CTK core on then talking is unresolved on. Then I'm just going to say yes and that's stopping. Name Andi. Length off isn't stopping. Name is less than 10. Are you just greater than dentist legislation enter? Okay, that's good. I'm just going toe addicts White C A b c 1234 cents. This is a string of I can just add numerous. Also just going to run the city get ls it should give us an error. Now, with the value together, you can see here that is the value at a maximum value can be 10 characters. This case is was just a string. But if you're importing, it'll become a Seeley Can't open that using that's token, you can validate them. Likewise, I can just show you one more thing Here you can I run time. You will not know the value off there's pocket name. So if you go ahead and do something like this, sprint my bucket to dart back a name, So I'm just going to remove this so that that of course away. So if I do in civic ls you can see here this is the when you love the bucket name I'd run them because it's at the same time. We don't know the bucket. Never. When you deploy your stack, the bucket name will be there. So when the old what is called during the deployment time you can see the value but on your compiling time or transporting time, it is Ah numerical identified only there to go ahead and try down. Import them, export some final use on dizzy. What manipulations you can add on what this case is. You can around up off this in the next sector letter See how you can go ahead and king of your stack on day Start fresh for the next level of social that we're going to create. Until then, thanks for watching Happy learning 11. Stack Cleanup: Destroying the App's Resources: Hello, Falls. Welcome back. You might want to clean up your resources when you're done with your experimentation or you might be doing a people. See, while the idea what did not vote out, I want to clean up. The resources are you do point something incorrectly or you want to make some modifications and want to start from scratch. Then you want to destroy those resources. This is where the syndicate to strike. A man comes into place on doing what this command is going to call. The information released on that command has some dependencies. For example, if you're going to clean up on s three bucket, it is going to fail in a very nice, clean way. Saying that the ESPYs resource might have some differences, like someone telling objects. So it just not going to delete that? Likewise, if you're going to try intelligence if Unity pro, which is at that toe easy toe instance than the delete off the security group is going to fail. So there is a list of reasons why an elite off your stat might fail because they are related to the confirmation delete limitations. So if in any case, if you have a problem? I would highly recommend you to go ahead and current the powerful underlying confirmation itself on final, while the deal it is failing. Then you come back and troubleshoot. Seek and destroy command. If I take you to my stack here we have deployed a couple of history buckets. And if I go ahead and try and delete them, it will just delete the total mission stack, not the bucket, except can show you the case. Here we are in our your inflammation. So if I take you to my street bucket, you can see here that are three buckets. This is the tool kit. That is a staging begin. That does not be part of the stack that we created in this project on there at the two package be created on right now. There are no objects here. So this is the other one that no objects. So what? I'm going to go. Some just went toe. Quickly. Add one object. One of this buckets. In my experience, that has many changes. It just leaves the S three bucket for you to clean up in most cases. So what I'm going to do is I'm going to quickly create another source like, for example, and I am group and then go ahead and triggered the strike a man and see whether that I am group gets deleted. So if you remember, if you want to install any additional people in sees the commander's pip install aws high fun CTK, dark AWS iPhone I am So it's going to install it that this important package here So anybody importantly to me quickly go ahead on creating I am group. So I'm just going to quit. You call this a century? I d andi. It isn't to say so. A template so ardently changed it Good. So when this is getting created that me take you to my I am group spanning here for right now that is quite one cook ADM group on. Once my stack is completed, we should be able tow find another group here. So there is an updated progress that we just kowtow resources You can see here that's Nghe Group is getting creative. And if I could my Evans, that is also what's happening. So let us go here and refresh. So my group was created so back to our template. Meanwhile, what? And when you lose also on one fight the S three bucket. So we will have to face cases and see what happens when you get that destroying command. So my stack is completed. Even you see here the open are showing the bucket enemy. That is not what we wanted live in. Just so we have a lead. Me Finally we just uploaded me Fine on going to upload it to this bucket. So the problem is completed. I think we'll do this bucket now. And freshmen screening should have about finding here good images. Go ahead, Andi, trigger that seek and destroy command on it is not going to immediately go ahead and diligence. Tack. It is going to ask you for your information when leaving you press. Why are s then we need to adjust our activity. You stack So it is triggered This here on difficult back to the information here and see for villains that happening here. You can see that it's in the daily complete. So this stack is deleted by now on defiant. Did you do my s three bucket on? You can see here it is not. Did he turned up like a stupid case. These other two buckets on none of them are deleted. But if I told them, I I am not refreshed my page here in a fresh it this world should have gone. If we go back to confirmation on go to resources, it would clearly say that it is escape those deleting news Pakistan Charitable. So there are some spaces mechanisms built into the core formation, delete and civic. It also follows the same sensible defaults. So if there is the resources that is having dependencies are there is some possibility off data delusion for the client side, the entity is going to fail. I know. Very nice game on. You will have to clean up those resources. Just keep that in mind when you're doing that crying. If your problems for them in the comments or questions I'm trying help them do. Thanks for watching. Happy learning 12. Opt-Out from CDK Metadata Version Reporting: and the folks gonna come back when you're using CD K, you're using underling and being models. If you're trying to create an s three year source, you're going to install the extreme dependency packages. All these packages have a lot of meta data on a lot of questions. Information. So Amazon collect all this information so that they can make some insightful analytics on top off this data. I'm provide you with the better service. They're saying that they're collecting this information to understand what packages are pretty useful people on the what questions off those packages are being used on. Then go ahead and include those packages. All this information that is it generation from your DEV environment is sent to AWS using the total formation template I'll show you later. Alec is getting created and how it is getting set. The reason they're asking for this data is they identify which tax are using which packages on and engage. Those packages are having some security issues or some reliability issues. They can go ahead on contact users for those issues and inform them saying there is a security should they be to obtained it or want another package or another service that might not have the dependencies or security issues. So the question comes scanning up. Don't know for sending this telemetry data to AWS. Yes, it is possible. You can go ahead, customize your city kid or chase and file on Said you were reporting to falls. Then you stop sending this meta data at all the interviewers cloud. So let us go back to our environment that see how we can do this. In the bravest lecture, we completely destroyed our stack so we don't have anything. So it could be a better our time to start deploying your stack and see where is the telemetry data getting created If I don't see the get unless it is going to synthesize my template that we already know that. And then if I do insidious and on you can see it. This is the telemetry data I'm talking about. You have a city came a calendar that is added on. Likewise, if you have the monuments that have been other Andi for each resources is going to add it that way. So if I goto micro formation template here and scroll up, you can see here there's a metre data on the city get partners there. So when we're going ahead and deploying it, this in their information on a few other pieces off information like what Note models that you're using on what questions are those? No more deals are also saying to It appears I'm going to go to my court formation resource . So they received. The stock is getting created. They are going to look at the resources so stated we can go to the template section on Did here you can see here. Other models it lists sold all the different packages that are required on for running this resource. So this information is being sent in. Guess you think that you don't want this information to be said. All you have to do is in your foot off your directory. You'll have a file called the Syndicate or Jason. Just go head on and act is variable destiny in bushing importing Poland forts. And then we're If it is done correctly, you'll have the border formatting. So we have done that. So what I'm going to lose? I'm just going to do in Sydney Kaye Ellis, because we're not changed anything on. I'm just going to Radio City Cason and let us do a diff now to see what has changed if that is going to be in change or not to consider. Obviously, the Philly committed that I speak the mood from my confirmation templates. So I'm just going to who City deploy again. So now this information is no longer being sent. Any changes over that I make is no longer going to be reported on the AWS Cloud. So let's just go back to our core commission template here on Let us leave this alone and just going to get the screen on. Let's see Yeah, you can see here once I refresh my screen, the entire material has gone here. All the question reporting and everything is gone when Lee, you are saying that this morning this being generated here. So that is how you can go ahead and stopped elementary that being sent to AWS. If you are putting your organization which is ah concerned about security, that sort about privacy, then you can differently. Go ahead and look at this option and secure your packages and templates cried out. If you have any problem for them in the government's help to meet you. Thanks for watching Happy loving 13. DTAP in CDK: Dynamically customize stacks based on inputs for different environments: Hello Falls. Welcome back. So far, we have been using city care for creating a single stack for a particular environment. On were being playing around with only one resource and customizing it. Can we use city game for multiple environments? For example, if you're running an application quite often, that will be their environment test environment on then production, also on the resources that are required, will be different, or it can be having more attributes. For example, if you take an extra bucket, invest in one minute. You not want encryption. Maybe not questioning as well, or you'll world want to retain the resources after the people see or testing is completed. But when you go to production, you would want have features like encryption on also wishing on maybe an M afraid elite. Our attention, given the total mission stack is getting deleted, so you will have different requirements for different elements. How we can do this in Syria, get that is what we're going to see now. And I think of a scenario where we haven't full stack developer on. The developer is going to create a perfect bucket stack on deploy that bucket into when they win when meant as well to a production environment on both of them are in different interviews, accounts That is a key here on let us in. But using the CT crescent commanded all the birds is creating the S three bucket stack on. Then they would go ahead and issue the command to deploy it using the profile for they went lineman on then also used the profile for production environment on deployed blood. When you're deploying it in production, we will have a different attributes. Add it to the stack. Dan immediate. We will not have hard putting for these two buckets. Just the burning of one with And when mature getting deployed to check on her getting it deployed. You will add more features our remove or features from that a stack. So let's go ahead and see how we can do this in our account. This is the democratic that they have been playing around with. And I cleaned up all the resources on the outputs that we have. We don't have any resources in this a stack. I just deleted everything s so that we can go ahead and simulate a fresh artifact bucket stack that we're going to deploy the cell demo before going in. To do that, I'm want introduce you to my accounts. This account is going to be one of my environments on. You can see here that are relieved. Seven begets let us get northeast. Three packets were now on their Likewise, I deleted all this access. Will we just have one really two stacks on this account. You can see here. This is a different account. CTK tail. That's the name says it is going to be the environment on that. I know stacks adult here and no x three buckets. So if I go back here on day, I have also created the enemy's provides. So Aws s three less profiling them That should be coming back empty because there are no buckets like ways. If I go ahead and do it for Ron, I should have the seven, but gets listed. So we have about our intimacy lisetta that just go ahead and start writing Overcoat here. The first thing is, I no longer want to call this as my civic A voice product. I'm just going to call it my artifact, but get But I defects Tag. Oh, so we need to change this indoor app also, because they're important this stack and tore up not be wine, but we could do that later. Let us go ahead and edit it. But we need anti word. For example, I have introduced a key word here is you can see it is prodding or to force. You can have any keyword that you can want to pass on to your stack so that you can take appropriate actions. It can be easy encryption falls Or do you want is questioning enabled false or anything so you can pass on any values and use those values to create your stack itself for So this is a string value. So what I'm going to do now is I'm just going to say if it is broad, So I'm going to create an artifact bucket here on this is going to be my letter. Say this is going to be my prod and the fact, but can't. So because this is going to be my broad. I'm just going to say, washing equal toe crew on. Then I'm going to add encryption. Also, if I'm not wrong, it is but get encryption and then I'm going to say s three managed. Unlike wise, I don't want my production pocketed Toby remote when the stock is telling, that's going to say a moon policy is going to be retained. It is. I think it is removal policy on then I want to use them, retain value here. So that center for my broad value. So if it is what broader said toe false, I just want to create my artifact bucket. Andi, I'm just going to say one of the defaults. So this is going to be my Devon Weinman ratified pocket so then sent. So we have set up or cord in such a way that when we are saying that is broadly was true automatically, these parameters will be set up on when the value is falls. It is not going to set up these parameters for basically, bushing is going to before it's an encryption will not be there on the clock for minutes is deleted about the stock is doing it. Will Adams to delete the artifact like it also So now we're set here. So let us go back to our thought p y on then you feel you can see here. This is giving us an error. What we need to do is we need to import our classy A properly. So this is the worst last name. So I'm just going to change this year instead of calling this generally in my CD Cape Project. What I'm going to do is I'm just going to call this as my dough stock on when you're having multiple stature. When people environments, it is mandated to set up the environment variable here. The reason for that The city needs to know that it needs to deploy this a stack and which environment if you don't know how that environment that will send up it is going to take up your Abdul default profile on Diffuse that. So in this case, I'm having two different device on It is possible that you might want to use engineer for your taste in women on the island for your protection and Weinmann so it allows you to customize stores bad news on, uh, provide them in during one time. So the enemy is the key word. So let me just go ahead and say on he and remaining Well, here, let us say for the deployment us. I'm just going to say core dot and Veron meant, and then I'm just going to say Wenjun equal to it was East one. So what I can do is I can just do get this and then say, if I wanted to ply this in Europe, let me take properly. So I'm willing to say you I'm not sure the region names of bread. You best one or east one that the same. Just I'm not going to use Europe by that is how you customize it on then here, whatever does just going to call you and likewise, I'm going to duplicate this again. I'm just going to say this is my broad stack. So we have duplicated out stack. Basically, I can synthesize and those stack as well at the broad stack as well on. Then, when I'm doing a broad stacked, what I'm going to do is I'm going to pass one more variable, as is Broad is broad equal. Do true here because of me. Want the Prada with encryption back on the worsening, so just going to pass on the valuable. So when the stock is getting created have all those additional attributes. So let's go ahead and listen to size our stack. If everything is good, we should have two stacks here listed for us. So here we have my nails tacked on, then broad stacked. No, we have synthesised Let us go ahead and quit. You have a look at the template itself that has been generated. If you go here, you will find that that will be to them places the 11 which we don't need it. So it should be getting rid off despite anyway. But we have a stack for Mike. They'll stack template on. Then you see here under there was that that is no washing control, o r. That it's Noah. Encryption on the delusion policy is by default is retain. If you don't update it on Dallas people to my production, you can see here that is in a property for encryption on then that is a property for question control or so so it automatically generates two different told formation templates with one single cold on their uses. The amount of therefore that you want to customize your templates for different and wife wants whether it is there that stop fraud. Now, let me, however stacks. Let us go ahead on deploy them. So for deploying it is interviews City did reply on, then followed by my stack name. So let's go ahead and apply our does back first when you use the don't for a fight. So remember when I'm doing it in the Dell profiler is not going to be questioning our encryption. So this, uh, go to our there. When women this is off their environment, we should have a new stand. You consider order in my deal. Stock is getting created. If I go to my resources, we should have one bucket. So let me go ahead. And when does here? So the properties aboard the wishing and encryption should not be there if assuming the seconds complete here. So what a fresh here there is not done. Black. Likewise. I'm just going to deploy it for my pride stack now, So see if he can to pry Ron from when to use a broad profiling. So I changed. It is greeted. Letters, court overcoat, formation resources. This is in this account. So the drone accounts is going to be a broader environment. Let me refresh. The prospect is getting deployed. Let's check whether our defect bucket is there. So my product stacked bucket So we should have one more bucket to just acting with my broad stack. Here it is that there's go inspect the properties here on you can see here the worsening is unable on the default. Encryption is culture set. So basically, if you notice what you have done is we just returned the cold ones. But we're able to dynamically change attributes off. The temperatures were deploying depending upon the environment. So you can do this for any other source that you can imagine, for example, for production. You will. I wanted to play and be PC without an Internet gateway are without some public access support resources letters in there, one Sandbrook In one month, you would want to attach an elastic I P or Internet gateway so that you can do some experimentation, so it makes it really, really customizable. Go ahead and trying Monday environments in your account. If you have any problems, put them in the comments. I try and help them and you in the next Demel literacy. How we can take this concept a little bit further on. See how we can have money with stacks in this team CD. Get project bite for different types of resources. So far, we're just playing around with every back later school head and start building some other sources and see how we can combine all this concept that there seems so far. Until then, thanks for watching Happy learning. 14. Deploying stacks to Multiple AWS Regions & Accounts: Best Practice: Hello, folks, Welcome back we have been seeing How do you see the gate to create resources on deployed into our environment? We also went ahead and saw that how you can create stacks for different environments on change. The attributes of the resource is depending upon the environment. We are deploying, taking this one step for the Let's go ahead and see what best practices that you can follow . When you were particularly deploying for production environment, they just go back though the project that we have been working with so in this project you will notice that the region variable is, Bean said. In the environment, there is a reason for that. On that is, if you're used to provide on City is going to take the region that is configured in your profile at deployed that environment or the stack in that region until, for example, if I go ahead and say aws gone figure list hyphen life and provide run, let us there. This is a profile I want to use for Department of Fraud. Enlightment on you can see here the default region is us east. But I don't want to deploy my stack and uses for production. Let's say I want to go to Europe. Then you have to inform City Gate that the stock is going to be divided Europe. Otherwise it will go ahead and do it uses. So that is one reason you need to mention the region. Another best practice that you can follow is you can go ahead and mention the account number also, that the stock is going to be deployed, right? This has been given the documentation or so you can go ahead and check it out. So I'm going to show you how you can do that in your app. So first of all, it is clean it up a little bit for Europe, that is. No Easter services has to be breast. So it's Let me just quickly clean my stack here on to be consistent. I'm just going to make this also two characters. So for production that they say I want to deploy it and Ireland. So this is going to be you know, you on. Do we have to add our account number also So the assassin bless playing hard and staying account number on goat. So let me grab my phone number. Yeah, like when they just had a phone number for production stack. So, like my phone numbers for a one amendment hours have gotten our phone number for by production environment. So if I both had it deployment production stack now, before that, you just go ahead and do with cities. And so this will go ahead and create my stack on. I've figured out one anything that you might want to notice if you're just playing around, If you go to your stack and at this line there's a removable to seek or don't remove policy to destroy. It is going to attempt destruction off your s three bucket if there is no content. So you gonna go ahead and try it out for a test. Environments for production. Be mindful that any bucket that created that bucket name was lost. You will not be able to get it. So I recommended to keep it for retain for production anyway, that that's for a different topic. So going back here, let this go ahead and deploy our production stack. So in this case, I'm going to go to production on Go ahead, J hyphen, hyphen for flying fried before I go ahead and present. Let s go to our told commission service an island and see any services there. So the Iron Virginia, let us go to Ireland. Now, as you can see, your island does not have any stacks unlike wise. And when you also we do not have any artifact bucket o r any static bucket here. So let's go ahead and deploy or stack and come back and check it out there. And remember, The interesting thing is the bucket name spaces global by the pocket itself hasn't region affinity. So it is going to get created on a particular region. Just go ahead and take the resource itself. Let us go back over a count now so you can see it is completed. So let me go ahead and refreshment base here. Nothing is going to happen. Let's go to Ireland. So in Ireland you can see your my product bucket that has been created on. Likewise, I should have a resource here. You can see here interviews, history If I could take you to my mystery bucket service. Andi, I should have brought back it. And you can see this is the Ireland region where the market has been created. So I have made my stack born into a particular account on also bound to in particular region. So any time I deploy the stack would be confident that this stock is going to go to a particular region or leave. How so? This is kind of certainty that you want in. They are production stacks, so go ahead and four of these best practices. If you have any problems, put them in the comments. I'll try and help them with you. Until then, thanks for watching Happy learning. 15. Customize Stack Parameters: CDK Context variables: and a fault. But come back. Let's talk about the motor parameters that been using in our stacks. Whether it is an estimate bucket Bradley Oneto Inform the stack whether the encryption has to happen or the questioning has to happen. Or if you're trying to create and BBC, then you need to pass on the information of What is this the idea or how many subjects you need on which celebrities are still subject has to spread all those parameters that you need to pass through the stack. If it is a conventional ah cloudformation templates, you will have a parameter sections on. If it is in single stack, you will have the user to input it or you'll feel some default values are in your CSE pipeline. You have that, but when it comes to see a, you need to approach parameters slightly differently. Last lecture. We saw how you can pass on the core numbers on the region where the stock is to be deployed in the app dot the way fine. But in my opinion that this matter really good practice because you know, one of heart called your values and all over the place because it becomes very difficult for somebody to come and edit it. So this is where city get a protest, the whole ecosystem of parameters differently. You have two options before going and choosing this one. You also have a diameter store that is available the head of your service. Then you can have all your configuration parameters well up there, or if you want to keep it in the APP, call itself, then that is also possible. Let's go back to our project to see when we can store this values. So this is a product sector that we have been using on here. You can see here we have an environment very well. Where were mentioning the phone number on region on everything You want to make a change. You want to actually make their change appearance of. But if it is possible to move on this comfortable values outside the abstraction, it's really great. So that is where the city gate or Gestion file comes. If you remember earlier, we used this while to disable the telemetry, reporting to interview us. We can use a file a game for sending some more information to your AB, for example, what we can do this they can add another Key Caldas context on inside this context, we can add any number off Jason Key value pair here. So if you're familiar with the fight on, just go ahead and create some keys and values. So the first key I'm going to creators, I'm going to customize might do environment here that I say This is my 10th on. Then, inside this, I'm going to say region on if you remember our debt region or skewers east one on likewise my background or so it's going to be there. I'm just going to put in my phone number for deaf, so I'm done with my day. So I'm going to go to my product, which will have more values. For example, for product. I will add values like encryption became a ski and all those things, so that is quest to the D force that it's for region on. If you remember, my bucket was investing region, so I'm just going to have the same thing you west one on then the account. So we have account value here, so I'm going tohave an encryption value order to make sure in case I want. Oh, check sometimes Then I can say that encryption is going to be true for my broad bucket on. If I guess I will have a custom key that needs to be used for all my encryption values. Then I'm going to say this is my custom, Caymus Air and that every position to use in their applications for inculcating So this is going to be in values just populace, and put it from my bucket. I'm finally just as example If you want to have mention your IPCC a year or so, what you have to do is I'm just going to mention something like this. Vpc underscores the idea. Onda inspectors. Okay, $10. 83. It is used this later. I'm just going to fill in the values here. I was supposed to put it docked here, so we got on Jason, you're created here. So how do we access these values into our app dot Be WiFi. So if you go here and then I'm just going to show you a sample just going to rent it out until your app. Supposedly it should be inside your app, not they're just people. It here. It will be, um, not know dot Cry on, get context on a Let us pick up some values for production. So just going to say you are on We know that products additionally, so I'm just going to get the value for region. Let me say this and then I'm just going to proceed ikea others So it should print out the value off. Our reason here so we have to do is we're just going to copy this. Andi, you just going to replace this with you here? Likewise for regional soon for a cannibalism is going to change toe account. So this way, now you can see here. My after FBI file is completely custom. My steps on it picks values dynamically from the context. While since we're using the ab note, I'm just going to move it inside the app initialization structure. Likewise. Let's just move this one also. Yeah, just going to duplicate this so we can say with some typing there. Well, it does. It does. I do so if I don't My silicate Ellis. Everything is good, but an immature values are picked up, So it is not just in the app flying. We can access this context. Valuables. You can go ahead, access the context variables in your conflict it's have here. This concept is creating an artifact of packets tax so you can access those valuables like was just to demonstrate how to access it on the other doors and slow for Abby Here You just say self dart. No, don't try and get context. So we want to say I want to this time get my game is here so that I would be able to use it Just going to print this value so that to affiliate endless and let us see if we can get the game us by the printer. You can see here once it is compiling this concept and then it is compelling. The absolute gets up until again. So what I'm going to do with this game this now is earlier. If you room where we're inflicting or back it with an F three manage keys, they say this time I want 00 in front or my pocket with custom game huskies. If I goto my pocket here to seize the bucket you're talking about earlier we depart this bucket. If I goto properties on you. Consider the default aggression is a storm 56. We don't want that selected school back here on, uh, it is. Go ahead and say this when he was going to be my came Askey. So before that, we need to import our became a ski here. We just do that. Samed. Let me just say Mikey equal to cameras in the score key. Start from key Aaron on the school for self On that, I'm just going to move. Name my key, Haley. And then here is my heir. And when you can see here, we have done our key. We have done our school, but and we need to fill in the game a scare on for air, and you're just going to get it from here, So I'm just going to copy that. I put it here, So no need to sprint value on the one where I have already installed the cameras. If you don't have an audio clip in store, it appears TK Dark it of yours. IPhone game. Lis, make sure that you're installing it. Otherwise we'll be getting ever here. So we got no aqui, so I'm just going to change this tool, not game us on that. If you mention it s Caymus, then you need to mention that encryption key also here. I'm going to say Mikey, So let's just confine this. I'm going to deploy my brought stack. So the core formation is triggering a change. Once it is updated little school and stayed out there, it's completely letters. Goto s three bucket. Let us leave this page, pacifists. Okay, Anyway, we don't have a property space open. So you can see here already has changed UK Muskie's. If I call here, it will show me the custom air and key automatically. And then it is already showing the air and that we put in our context variable here. So that is how you permit rise your application stack and pick those parameters in run time in your stack and took part in. You can go ahead and check it out in your broad stack. Or so it would be already configured here. So I really move as much parameters as possible from your stack itself to your syndicated or Jason file so that in one time you can change those values depending upon the environment. on the for example, we chose the encryption key and passed on his product. True are likewise. I will have another key saying Is encryption equals true? Then I will look for the cable ski and then I will enter the resources evidence. Zeevi's will EBS Volumes are givers or any other type of encryption that you need. So go ahead and try it. Use parameters in scenic importation are parameters or whichever is convenient for you. And if you have any problems, put them in. The comments are really happy to help you. Thanks for watching Happy learning. 16. Build Multi-AZ Production Ready Custom VPC: and the fools when I come back. So far we have been using City gate the great resources like s three adding some attributes like encryption or questioning on. We also saw halted deployed multiple regions on using the city killer Jason find to add some context valuables and important there. So let us take this one step forward and see how we can create a resource like our VPC on how to customize the BBC so that it is highly available on also has unnecessary doubts and security groups that there. So this is the documentation for the BBC constrict. So let us go to bite on. Politics is just this one line that you see here on you will be able to create a BBC. But when you're learning or if you want to pride out for your environment, I recommend you to go ahead and look at all the other attributes that are listed here at the top so that you can customize the BBC So, interational, I'm going to show you how began building customized, highly available vpc in your account on. Remember, if you're going to use this one link concept, it is going to create a multiple, not get with so you. When your private subjects can communicate to the internet Now then tell me so we can get somewhere. Source help. When you are creating a VPC, they just go ahead and start building it in Norco. So this is the project that you have been playing around with the my city project. But let us start from scratch. We're just going to remove this concept so that we have one Lee one networking stack. So our constructors built under the city get predicted. It does not to create ever be easy. Also inside that what I'm going to do is I'm goingto create a lever for the Cordless every source stacks so that tomorrow you want to come head and create a easy to instance our ideas instance construct You can go ahead and put them under the resource tax and import them as necessary. So inside this, I'm going to create a fire going past custom BBC. So this finest empty now. So the basic construct off this if I can pick it up from here so this at the four or five banks that we eat from this fine, so let me just remove this. Let me just change this one. Also to say Oh, custom BBC stack on with this is a value that will be passed on earlier. So we don't need that. We can use the one line information that we saw in the documentation when the senior value was hard quarter in tow. The construct itself does not do that. Let's go ahead and use this unique it or the Jason Fire to pull all the parameters like the sea area, the mosque on also, whether you want some results up next for future future usage. So here we have our context on inside this. We have a day when alignment of broad environment. So what I'm going to do is I'm just going to create a higher level. Are dictionary court as environments on said environments, we will have both our day one prod. So we started that on in this case. Let us say I want my broaden. My much is also going to be in the U. S. Pieced one Onda uh, I'm going to put all maybe busy configuration in one place, so I'm going to call this VPC conflicts on inside this. We have a IPCC eight year. We also need and see ADM ask so that our subjects are excised from this place. So they say, I want my CD Master B 24th. For that I would have to have 26 I p addresses in each submit on my end a c a. D A rate is going to be slashed 20 so that we can spread it across of my people up with pretty sorts. So room where we can also set another valuable. This is the custom. Really Well, we can use it inside or not later. Let us say we want a form syndicate not to reserve some subjects for future use. A. So I used a central. So we called the falls on. We can use these values inside. So when it is good over a custom bpc that is important context variable. So that doesn't want the broad can fix. So my former convicts at that, So let's go ahead and create our, uh, the B C. So before reading, we basically need to import a concept. So the BBC is part of the easy toe construct. A soldier to school had an important before importing into. You need to install it as well so that the actors, when you share they go here on say, I want easy to install it. So now we have important if you know where you need to put the common here so that it doesn't complain There Andi heroes, it just underscore. So the another interesting thing about Michelle studios I can start my imports so that it is much more easier. So I don't have to worry about commerce and brackets. This is how I actually write my course. So I know clearly what imports are there. And what is that out of their imported? Just go ahead and create or custom BBC. It is on the upper case. BP seen on. Let the scope be to find I'm going to call this custom vpc I d on. Then we're going to say what is going to be my c idea? Ready? So if you know where we have broad conflict under port conflicts, we also have BPC conflicts and to be busy convicts. We also have a BBC, see a deer and swell. So if you were dumped, you can go in and take it or under the he and me we help run on abroad. We have ABC conflicts on BBC confident Boch here and also see their mask. So let's just go ahead on, say, how maney availability zones me want to use So we have parameter for that. We call it Maxie's. So we'll say we want to use to get over the petitions on since I want a custom BBC with her public private and database subheds that for roping my privates up next really incident. I also need a gnat it with. So let's just go ahead and say I want to create one night to get with Onda And finally we're coming to our subject configuration. So something is on a list of subjects because that that is going to re public private and database. So just go ahead and start building over suddenly configuration. So we need to name our sudden it. So 1st 1 is going to be in my public sub net on the the a. D A mask. Everyone were become that already here on, uh, you just take this and we have something God does see the are underscore Mosque on. If you're not sure of anything. You can go ahead and check the documentation. That is the reason I showed you that you can find the documentation on, uh, what help you can get from the documentation. So finally, we're going to tell CD case. What kind of sudden it this is going to be looking forward is so we can see everything on the screen. So this is going to be in public. Submit on it is an in home value if you have something. It dying on dark. Sure. How Public There. Okay, now we have got our first to publics of nature spread across two easy's. So what we're gonna do is you can just go ahead and type it completely or just going to locate this couple of times. So I got this as brave it on. Then I did this one also as a private It on this one goes as isolated and this one is going to you might db submit Justin more this and say this. So this is all that is required to create and a BBC onder How higher? Validity. Also. So in case if you want to output this vpc so that you can see it as an output construct, So all you have to do is CF course. See if we have seen this earlier, just going ahead and putting it again so that you can do it. You can do with custom bc dot BBC Andy and I said, an export value so we cannot have two values with the same identify. So let me just go ahead and changes put when fixing the BBC would I release the export name is having underscores. Typically, the export names are not a happy with having having underscore, so I'm just going to change that one. Also, the final step is going head and importing or stack in the after two people. I find it currently they have not people. If I has my artifact bucket and all that environments, we don't want that anymore. So just going to remove these values. And I don't want my act if it like it also. So where were we need to import it from resource tax? So let's go ahead and do that resource tax dot custom BBC on Then we have a class called us accustomed BBC stack so that it's done that this creator stack itself my custom. Maybe she enquired too. Okay, let us name our custom BBC or so custom BBC stack. We're all good here. I'm sorry, we don't need a name there. That isn't to say so. Stack, if everything is good and we should have a successful step so they just go ahead and deploy our stack. So when this is deploying, it may take you to my core commission resource here. So we should get out. You start getting creative. So there's in reviewing progress when the stock is getting evaluated on you can see here. Right now, there is no BBC. So as soon as my stack gets building resources, we should start seeing the BBC also getting created. So right now we are having some substance. So it just getting Bill did so. What I'm going to do is just going to wait for some time under the status getting created, because we are going to get all these resources like a new me BC, with the DCP options enabled delis enabled six subjects that is spread across both the availability zones in Virginia one night get way that is building the problems of net roping tables for my public submit pointing to the Internet. Get away, Ana Old Bone Internet for my private through my night and also some default. Security groups are initials. So all these resources are going to create created with those five or 10 lines off course. If you go to my city, cannot out that must be on my custom BBC stack dot template. So if I see here that India struck must be at least 100 200 lines, you can see your it keeps going. There's approximately about finder lines, of course, that has been created for creating justice. BBC All this is done by city get for us. So let's go back to your stack, Onda. Hopefully we got all our resources done. So Stack is still in progress to see if our output is done, not it. So it is a matter gator. So most of other resources that they are already time. So let's go ahead and check out our PC itself. So let me just refresh this page. I'm going to feel that it so that it is easier to navigate for us. So it is going and check the subjects first. So you can see here that after 67 answer that we wanted. So let me go ahead and filter it by public. So you have those the public subjects. If I go and check the voting tables, you should find that just pointing toe investigate with the same thing for this one as well . It's like Why is that? If I go to my, uh, road Diggins and such for David to this time, Why not? And should have. It s a private this way. So we should haven't wrote pointing to the navigator as soon as the matter get with Issa published on the roads are added eso because my stack is still getting created So we should not be taking this right now. Oh, what I will show you is on a network issue. We should have and deformed network a seal attached to those subjects like ways I will have on security group also that as the default one. If you want to go ahead and customize it, you can use the VPC 80 to create additional security groups on subjects. So I'm just going to wait for one more moment for my 90 Gateway to come online. You can see here this is already available on it is also attached to my custom. BPC integration is complete so they just go back to over noting table on to check our privates updates and see if the natural reflecting now. So you can see here for my private subjects into natural to some pointed at my night And that would be the same case for my hat on. Since we don't have value every deal we have not built to Max both our submits or both over availabilities order pointing to the same net and you don't have the ability. So in your goal, audio to do is just go to our custom resources and changes as a una two nights. Then automatically you will have one more not built in the other submitted it automatically intelligently chooses the war 80 that is not having and now not so Likewise, The final thing is whether the old put fiction is also having the value you could see. Here's the same landing that was built in here. So this is how you go ahead and create custom resources, which is really takes Find the length of quarter and as confirmation on build them out and see the get right out. If you have any problems, put them in the comments. I'm happy to help them with you. In the next lecture, we will take this one step forward and see how we can back some off those resources that we have burned today. Thanks for watching. Happy look. 17. Add Tags to CDK Resources On Creation: and a full welcome back to another lecture on ce que We'll be looking at creating resources that to see how we can add some bags to those resources The last demo we saw how to create a PPC This is the BBC stack that be created on if you notice that the default attacks are there for example, name off the vpc Onda Few mother information related to the formation It's of the logical 80 stack Etienne stack name I believe in you want to go at a that your BBC you need to do that in all the forces as well. For example, I filled out here or for or vpc And if I go to my subjects on select any off the substance here one of the default attacks are very for I wonder at some back saying What is application? This VPC is going to host on who is the networking team that I need to contact for any truth of the BBC like changing and security rules or anything like that. So I need to add tax on all these resources on If you are using the conventional confirmation, then you need to go ahead and add all those sources. But that is quite time consuming on the lot off erroneous workers in world. Let us use the power of CTK to go ahead on the bag our resource like BBC in one central place so that all the resources under the BBC can get the bag. Rumor of yours really have the court important here so that it's ah matter under court which is called us and tagging. So we are going to do is score dot pang dark and on then the simple day and the patterns are here which conflict that we want to tag and the key and the value in this case I want to attack my BP Seems so I'm just going to add custom bpc on Little say I'm going to add attack as Warner for app on. Then I'm going to say that they say my owners mystique just going to save it. That thought we need to do let us go ahead and send to Cesar Stack can do isn't as well. That is absolutely fine. So let me just move this up. So if I do a CTK send that, then adore Dev. Yeah, so I mean, we see the tags being added toe overstaffing. But here all the green lines so wonderfully over the template was quite big. If I go ahead and use my custom bpc stand here, it was already about a 400 lines, including the tagging must have gone human bigger. So city get improves the opportunity for me because I don't have to find our bathrooms will start at 92 ad attack If I call headed just us for honored back here and you can find the all the water tax, it'll be greeted all mostly 16 decks have incredibly just go ahead and deployed on see it in our bones or less Well, so when it is getting built on, we could take us back to our concerts right now you can see here that are about 1 to 3 on the six tax. At that you see won more tackles, getting either as on ourselves record for mission starts deploying two stages. So it's complete for our Aida muse over to start with our I c w and work our way with subjects as well. Let us go toe and GW on Go to tags. We should have our own of tech. Likewise, if I go pick some subjects that I started one, you should have it. So this is the very simple way of adding a tag lettuce. Uh, you can go ahead and take note that the resources also they would most probably get completed. But what I want to show here celibacy, I want to add and other source like an SD. Although named Lucas and custom bpc stack, let us say I want to add another results like and history. So I have important here. And remember, if you're not installed, Esther, you need to go ahead and import history and install it as well. So just going to add it so that you don't forget it when they're going to follow this existence along with me so important history. Let us go ahead and create our street packets of just going to say my bucket followed by custom bucket highly. So let us go ahead and add another bag as well here. So my bucket followed by owner so stuff what I need it can just reuse the same stricter here. So what I'm going to do is I'm going to synthesize my stack. Everything is good. There is little difference. See if the new book it is getting created in the bag so it's going to be had. It's just going to see a CD. Get to fly. So, like this, you should be able to act Acto any resources that you're building out in your city. Just stack. So when this is getting created, it must go back toe over stack. We should have custom bucket choose. There's three service. You should have a new bucket here just trying to find which one was the new one. Because country collect between it is. So that is, uh, wait for this one. Our s three bucket and the market is called. That's my custom BBC stacked buckets. So this is the one I was thinking. This is the one. So my custom bpc stock market on the other properties and attacks I should have a name off the tag that we created just now we can see here. The one attack is also added apart from the front formation tax that was spare old, Really, we have seen how to create resources, and you're also seeing how toe add tax to those resources that were created in our CTK application. But you noticed that every time we need to add on value to the enforcement are creating what have all the resources that are forming a particular stack we can centrally do. It is propagating the lines the same lines again and again. If you remember, we were coming pressing the owner deck ondas with less the value more. So what if we can with this values to see regular Jason on, apply it at the polls Level X and bought a stack of itself? That is what we're going to see the next video, how we can apply tags globally so that all the resources that are performing a part of your application on this accent of the application can take your bags. 18. Tagging At Scale: Easily Add Tags to ALL Resources in the Stack : Hello, folks. Welcome back to another episode on Siri K. This time we're going to learn how to tag all your resources in your stack. Earlier we saw if you have multiple resources like a BBC or forget cluster or s three bucket, you need to add tags individually. But that is not going to scale, and it is going to be quite error prone. If you have multiple resources, how do you tag all the resources in a particular stack? For example, you want to have a support team for database Thakor and support team for Network Stack. Then you want the guy said in an address toe all the resources in the network stack. How do you go ahead and do that in one place? So all the resources will pick up the military's on have a attack? That's what we're going to see now. We have been using this as a positive as our most act earlier. If you notice that we created a BBC, we also created an s three bucket with a single tag. If you just go here under the BBC section, you can see here there is a name tag on as well as an owner tag. Likewise, on the extreme console, we will have a few tax like four bags out there the deport, local mission decks and a couple of them that was added by us. So this is not going to scale. So I'm going to show you how you can add it at that stack level. The best place to do it is if you go to the abductee wife. I All you have to do is just called art Dag dog ad on the same format that we saw earlier. We're just going toe at the school bus app on. Then the key name is going to let us say we're going to call this as a stack owner are on. The value is going to be Let us pick the value from the context because we already learned how to pick it up from the context. So I'm just going to say afterwards nor dot fry and get going fixed on this time. We're going to say, Pick it up from the N. Y in men's because we have multiple environments. If you go here under city gauges and you can see here under context, we have multiple environments for day one product. So I want to say support email for Let me pick up the key from here. This is the key via looking for John Scenic ages. And we're going to have a support team on Say it can be ABC at X y said dot com Go back under enemies under broad You're going to have a key here, So that is one tax like white second at another Dag. So this time they just just say stack leverage bags, just another frenzy Tag value can be, as generally gathers anything it is. Example. Dag you If everything is good, we sure hasn't to say so. Stack on. Then we should be able to deploy it. So my diploma tres began that this goto our information on see what is happening there. So I'm just going to leave the stab faceted so we can see the difference. So here we have about five tax on that. We should have two more added to our BBC. So you can see here the militants have been picked up from a context while and also the stack tagging that we added. Likewise, if I go to my estate market as well. I should have two more bags here so earlier goes for. Now you can see it. Six. Tax on. We can have the stack level tagging added on also the stack Team support team editors. So that is how you go ahead on the added tax for your and their stack in one single place, you can have a for loop if you don't bite on you just have a Jason file with all the tax that you want to add and just right and four look for so that all the tax get added in the problem. I think with that is also possible. Go ahead and try that. If you have any problems, put them in the western section. I try and help them with you. 19. Import Pre-Existing External Resources: S3, VPC: and a phone Welcome to another. Every short on city gay. This time we're going to talk about importing resources that are already in your account. Are in your shell account into your city, Haystack. Why? This is useful. Let us sail. You want to launch a Luisito instance in an existing BPC? Are you haven't BBC already, but you want to ruin another BBC and peer those two BBC's than in those cases. You want to import those resources which you are created outside your stack on makesem interactions with that stack. You know where you get up, modify the existing resources but you can use it for for example, launching and easy to are using that s three bucket as in storage mechanism are, for example, appearing the BBC also all those things that are possible But you cannot morning for the existing resources. So let's go ahead and see how we can do this in our stack. This is the product that we have been working on on you can see here there's a custom BBC stack on be created and bpc already which is called this custom BBC on. There is also an estimate bucket if I call here, You can see the custom, BBC. What we will do is we will importers divorce with PC into our stack and try to create appearing connection between these two BBC's that we see here. Likewise. I'll show you how to import and existing s three bucket like this one, so they just go back to our stack. So let us talk about importing the s three bucket. First, let us say you want toe add a bucket, which is already in your A counselor. I'm just going to add on comment here would say is resource and same account. So we're going to use the every construct here s three dot bucket on. We're going to say from bucket name in this case. So let us at a school which is itself on your also going to call this as my imported bucket on, Just going to add the bucket name. So let's go ahead and pick the bucket name from here, so that's only this. So if we want to check it out, whether we have imported it successfully, what I'm going to do is have just going toe at the old good fiction cold or the cfn out my important bucket. Uh, just have a name here. It just call. This is Bucket one. What I can say is against a bucket, One dark bucket mean Just go ahead and seem to say so. Stack if it if we have important it properly, we should be able to fit the faceoff stack on. Find the output section also. And if I go ahead and deployed so we can go ahead and take it out whether we have imported this s trip again properly. So my stack has put deployed. You can see here already. My sample back. It has been exported automatically. So if I go ahead and refresh my screen, I should have one more output by important back it. So basically whatever then is I have imported an existing resource on I can use it into my city historic. But this is not much fun. We're not done anything. Just used only one ourselves. But let me show you how you can import another bucket which is would be in another account which is shared with you. So it is a pocket to Andi using the same construct this time. What we're going to do is what we are going to importers from bucket. Yeah. Then I'm inside this. We need to given proper here and let us at the scope first on. Then it is a Russ. I phoned Bucket. I don't have a cross. I want black it. Really? But what? I'm going through it. I'm just going to show you how the air and should look like according aws school in history on. Then your sample. Cross it going bucket, something like that. So if you do it this way, what happens is if you have a necessary permissions. The packet from that account is imported into your stack. I'm going to show you one more thing that you can do. We already have one BBC here custom BBC, which is if I go to my GP C section we have ABC, so I'm going to import this vpc into our staff. Let us copy this BBC I d andan important into our stack. So we're going to call this as a BBC two on. We're going to use that easy to construct on. There are two options for you. One is from look up on from the PC attributes from BBC attributes allows you a lot of flexibility. Like for example, you can use the tags or you can use the V p c i. D. You need to be very, very specific when you're using that, so that the city can know that which BPC that you are talking of order, for example, in a re election annual. And that might have my people. BBC's So you should not have a confusion of which BBC two important. So you should have all the values, really. So that city can uniquely identify the PPC an important when we're using the look up there talking French. One is the account number on the region from which the BBC isn't on. You need to provide it in your app. Daughter be way section is an environment variable. So I went to show you that option here. It's a self on. Then we'll call this as important BBC here there is a easier option. You can just say he's default equal to troop. It is going to import the T 40 PC because that can be always one lee one default in your account. Whatever reason, it might even choose this option are I can show you another way where you can import it. You can say BBC I d on them will be copied the BBC I d So I'm just going to paste it here. Let us have another out border for our BBC Also to see whether we have ah imported it correctly. I'm going to save me between two or three b c d and then have a brackets here. So let us into space or attack on, See if everything is good you can see here it is requesting for the default region and also the default account. So let me just go ahead and added in do my stack here. So if we remember, we have done this in the earlier lecture. So under environment, all you have to do is accorded environment followed by the region. I have saved it. Let us do a syndicate Ellis again to see if our stack consent to sex properly. So what is going to do is basically is going toe maken a big old to my content, see whether the BBC ideas in my account and see whether it can import it. So they just go ahead and deploy. So it is not going to do much. It is just going to print out the value want to screen here. And also, if I go to the Tora Formation service on the output, I will have the vpc idea also exported. So what? This is doing that I'm just going to show you how you can do it. BBC peering. But they said beer BBC So let's go ahead and build our hearing and we're going to use the information class here, So bear BBC on We went to ST Pierre BBC I d. So in this case, my first BBC is going to be my custom BBC here, so I'm just going to use that value custom BBC dot BBC underscore Heidi Followed by my So that's it all it requires to appear to be PC's in city. Get that a synthesizer stack. So basically what? What we have done now. So I'm sure knew how to important s three bucket how to import an existing BBC on. There are two methods off important your existing BBC using the attributes and also the look up on another step what you can do with an important source so like in this case, we're doing a building with being an existing BPC on the new BBC created by our stack. So the BBC building mixing is getting boot here. As you can see on remember, this is not going to build a vote. It is just going to create a period connection. If you want to take it to the next step that you need to act out ot tables for your BBC's so that they can communicate between the two species S o. I believe it is an exercise. You can go ahead and try it out. So our billing connection is completely just goto Overcoat formation ticket out here. So this is my important BBC on my stock is also complete like Tesco under fresh our screen to see our BBC Zoe Baird correctly So you can see here This is the accept or BBC because the source waas our default to BPC. This is what 72 cities is by default on the other BBC instead about 83. If I go here, there's only two. So we don't have any confusions off different BBC's. Go ahead and try hotel important existing resources into your stack on day. Right toe. Make some resources on top off them. If you have any problems, put them in the comments. I will have you with them. Thanks for watching. Happy learning. 20. Launch EC2 using CDK: Hello, folks. Welcome to another episode on City game. This time we're going to see how the launch and easy to instance inside and existing BBC. This is the sample reports entry that we have been using for importing the VPC. We're going to build on top offered. So instead of using the custom BBC section that we saw earlier here, what we're going to do is we're going to create one more file which is going to be launching our easy to instance. So I'm going to call this as custom. Easy to Onda. We need the class structure on the imports from just going to copy this and move to two over Easy to. So we're not going to launch anything yesterday, so I'm just removing it. Andi just need easy to on the court on. Let me just change the name off the stack as well. So we're all said the first step is importing and existing bpc. So this time I'm going to launch it inside my default vpc it can be any other BBC doesn't matter at all, So let us go ahead and import it. So we have seen already how to imported so I'm just going to quit takeover head on to do the front look up option. So let's go ahead and pick up that the 40 p c i. D. So the next step is launching the instance itself In city. If you have launched a few instances in easy toe, you know that launching an instance requires a multiple attributes. When you want to run an easy two instance, you will need to provide multiple parameters. For example, you want to know what is a since type of 32 micro R M for large or what type of mission image, whether it's a Windows machine or Lennox machine on what BBC need to run on. What a deliberate is only want to run that incense all those parameters so all of them are listed here. Some of them are optional, some off them are required. So let's go ahead and see how we can launch or 48 cents by providing are simple as a few inputs that are required to religion Instance, so going back here, I'm going to go myself for themselves on it is under the easy to construct on. Then we have something going this instance, So they just have the scope on you. Got this? Expects over i d Then it comes the instance type. So just under instance type under that you need to provide an instance Type I d fire. So here is where you provide your stream as Tito Micro. If you have other instance types like em for lunch, this is where you will add them. Let us go ahead and now say my instance name or this is going to be the name deck. So I'm going to call this as 7001 This is just a name tag. It can be anything or you could just leave it empty or so. So now we need inform what type of mission in magic want to run it, whether it is an Amazon, Lennix or red at or when those you can choose that. So here also Amazonas built, then constructs for this. So we're going to call the Britain gun SEKs Waters machine image on. Then we are going to launch and land existence so that we can make it into a Web server later. So I'm just going to say General Line X and inside this you need to provide which region. Because you know that Amy Thes are particular toe region. So we are going to launch it. And he was east one on room where I'm hard. 40 years. It is not necessary. You need to hardcourts while you're here. You can go ahead and put them in. The one takes flight. We can see here on you can add the values here, then pick it up in your custom easy toe or any of the stack that you're bringing. So I want that before Amazon Lennox. So what I'm going to do is I already opened the lunch visit. When you open the lunch with that, it gives you the incenses as well less than I am. I i ds. So I'm just going to pick up the am I d for Amazon leanings to put that back here. So now we have got our mission image also. Then we need to inform which BBC we want to run if he already imported it. So I'm just going to say BBC equal to be PC on under, which submits. So since it is going to be on a web server, I'm going to run it in public subjects, so we need to select the public subjects on for selecting them. We haven't attributes for separate selection on the subject selection. I'm going to say subject typing to public then where we did the same thing when you're choosing or launching ourselves custom, BP's even really spending it. So let's check if everything is fine before going ahead and deployment. Let's have a quick check on our I want also to see what is there What is not there. So you can see it is building a custom BBC stack and it is not building my custom Easy to start. The reason for that is in the app God be Wi Fi. We have not important the easy to stack. So let us go ahead and import are easy to stack So here you go It is prompting it Western Easy to stack. We have got that. I think it is in the lower case that we just go ahead and confirm that this is a lower case custom, easy to stack. So I'm just going to days that no, we need to create and stack for that. So I'm just going to say custom anything to stack and we need to provide the environment Or so So in this case and my environment equal brought have just made it into a very well. So my environment has the account number SLS division. So when you're running it in your country might want to change these values to suit your equipments, that just doing city get ls now we should cease to stacks. So every time I want to deploy now, I have to specifically pick up this one are. And if you want to deploy board, you could just run city get deployed Command are if you don't want your PPC stack. Toby running other than do is you can just go ahead and come into it so that it is not going toe brought do for that. So in our observer automatically out instance, role is going to be created. So it is asking for permission Whether you want to create an instance, roll on likewise and security group with our bones access is getting created. So do you want to provide access for that? I'm going to say yes. So when this is getting deployed, let s go to our local Mission stack section here as off? No, we are having our new website. Was that getting created? Likewise, if I go to my it is canceling except this one. So under instances, we shouldn't have any incidents running right now. That was the one that was served. They stayed some time back, conceal is terminated. It should get one more instance launched as part of this process. So that is wait for the permission to deploy. So now our stackers card point Let us goto our no console and see whether we have a new instance running here. You can see here there's a new instance running on. It also has on I am Road. If you go to this, I am rolled Right now. There won't be any permissions attached to this. I am rolled. It is just before Jodi conceded and the permissions and I think it's there and it is just having a translation shipping easy to. I was on aws that he said that instance can assume this role. But this instance itself does not have any permissions, and it also creates a default security group on the security group is going to other traffic one from within the BBC. Only you're not going to have any other traffic kill you can see here. There's an inborn room on our borders. You can send traffic or the Internet. So remember this easy to instance is launched without on a keeper. You can see here that keep name is empty. So if you want, you can have another parameter attribute and add any keys that you might have configured in your keepers so automatically this ever gets the lines with that keeper. So go ahead and connected and do some trouble shooting. So that is how you launch an easy two instance in an existing GPC. Go ahead and try it. If you have any problems for them in the government's, I'll try and help them with you. 21. Customize EC2 Instances by Bootstrapping them with user data: Hello, folks. Welcome to another every short on CTK. This time we're going to see how the launch and easy to instance with some footsteps scripts, especially using that you should later field. If you're going to launch a Web server, it is not uncommon to pick up the latest question off your tips over vanities from the Internet or from your local reported tree. Or you might want to copy some files so that the Web server will have a nice looking webpage when the terrace and you exchange. So in those cases, you said that if you becomes really, really interesting, useful, So let's see how we can do this in our own account. This is the repository that we were using so far for running over syndicate demos. I've just taken the best of easy to stack on right now, my Web servers not running. So what we're going to do is we're going to add some usually the field. So this Web server on open some security groups so that it can accept traffic on the for 80 or 4 40 if you are going to configure it for certificates also, so first is we need that usually discriminative. So I would recommend you to put it in the root off your project or if you are putting in some other, Ford wrote. It's not a problem. You just need to reference it properly. So I'm going to call my usual eaters location as a bootstrap scripts. So under this, I'm going to create a file called as Install History. Typically, Andi, I'm going to write this in Bash, so I'm going to install basically, City pretty here. I'm not going to get a lamp stack with PHP and everything. If you're interested, go ahead and add all the necessary packages that you are interested in on. I'm going to configure it so that whenever the server restarts on my package comes online, that is. My service comes on length th config Mr Deeply on Andre. Just finally start the service as well. So that's it. My pushups script is really so The next step is importing it into my cellar, so I'm just going to add some comments. It is always a good practice to comment you your court so that you can understand it when you come back later. So we're going to read from the file now. So this is basic fighting here. We're just going to pick up the location. Bootstrap. Followed by the finding on. We're not way to modify it. Just I'm just going to open it as a read, only more. I'm going to store it in a very We called this usually that you could have any variable here but should not be a problem. So we have read the contents of the file on it is in persuading accuser later. So we're just going to import it now? Yeah. I'm going to say user data equal to score. Easy to dart, Dr Custom. So that's it. My user data field has been imported here so far? No. We need a Web server i p address so that we can go ahead and quickly find out what is the i p address and put it in approaching. So I'm going to you losers and output field so that we can pick up the idea Trust easily. Since we have seen it already, I'm just going to quickly update this information. So here is the interesting point here. So we're launching Web server so you can easily access the public eye. Beatrice Webb, seller dot instance underscore public. I see so you can do it this way are if you are going to put it in the process. We can also have some fancy additions by string manipulation here. So what we can do is we can just say at the CTP part that's what's so that we can quickly click on it. So that's it. So remember, as I said earlier this hour, does not accept any traffic right now because the security group, by default, does not allow incoming traffic. So we're going to add and so are Soviet window alot, incoming traffic. So the easiest way to do it is so where Dr Connections on we're going toe all alone all I'd be before traffic from all over the Internet. So the sister is alot from any I'd be before on we're going to do it for Port 80 and I'm just going to add a friendly description here so that we know why we're open this port. So let me go ahead and quit. You check. Everything is fine before we go in and synthesize so with open bootstrap steps. So that seems to be anti poll here, let me just fix that. That is bootstrap scripts installing CPD file. And then we have imported that usually feel and then get out, putting the public I p address on. Then we're following the traffic on Port 80. So everything seems to be fine. So that this go ahead and synthesize it. So it looks everything is fine here, so they just go ahead and deployed as well. Since we're opening of the Internet traffic, it is asking for my permission so that the school had said yes. So let's head over to our information service here. We should start seeing and use that coming up here on a given section. It should start building my lips over. So that's off. No, we have an instance. Profile level changing. Go to your resources. He would see all the resources that I mean, but but off the stack. So we guard our security group, so let us go ahead and check whether we have Port 80 open on our security group. So on the in bone room, you can see that support 80 on that description that we get here. In my opinion, it's always a perspectives to have some prescriptions. So you know why there particleboard was open or but it'll rule was added in your security group for Let me refresh it. Here seem whether stack is completed, we can see here Stack is completed. Let me go to my output section. We have our I p address. So that means Uganda's If everything is fine, we should have a taste face here. So that is how simple it is to use that you sell it a field to launch and server on also having bootstrapped with some packages or any other packages. So go ahead and try this in your own account. If you have any problems for them in the comments in the next demonstration, we will see how to pick up some fights from s three or makes them for the customer. Stations in bunching are easy to instance from city care. Thanks for watching Happy learning 22. Launch EC2 with Custom Instant Profile - SSM Agent Role - Login without SSH Keys: Hello, folks. Welcome to another episode on City. This time we're going to see how the large and easy to instance. But some people in privileges, for example, if you have an easy two instance, you will need to have some privileges so that you can access s three buckets. Or you might even use cold Watch agent so that it can communicate with gold watch and push some logs. Or you might need an SS, um agent so that you can automate this over and fulsome batches on automatically update that. So for all these things you need and I am pro flying, that is going to be a dad to your easy to instance, which is called less an instance profile At that distance, profile will need some privileges like, for example, it's awesome. Permissions are as three permissions or some other provisions. So let's go ahead and see how we can do this in our account. So this is the Web server stack that we used earlier way have a BBC and up off that we built in a simple and easy to instance on, by default a city cables you and I am profile without any privileges. So I'm going to show you how you can add some managed policies. You can go ahead and use the same concepts reviews. Your own policies are permissions. This time I'm going to start with some AWS managed policies and peacefully passed them to your easy to instance. Since we're dealing with policies, the four step is importing that I am. So let us go ahead and do that. A rumor really took install it as well. So once I have done with the import here, I will go ahead and install the package. So it is called US evolution to school. I am so water requirements. And at that package, before I forget it, I'm going to trigger the insulation here. Oh, so we're finished with the installation letters. Go back to our stack on day, start adding the permissions so that this Axum coming so we know what we're adding there. So we are going to reference the Web server road so under website where you have the better Caldas Web, several road on, we're going to go had managed policy on inside manage policy. Be needle at the interviews managed I am Aaron or the role name. So the way to provide that is I am has matured for that. It is called us managed policy from man. Its for a C name on the 1st 1 is the one I want to add is an SS, um, agent rule because we're using in his own likeness. Stoicism agent is pre built in. So by adding this privileges, this is, um, agent will be able to talk to this awesome service, and you can do some automation like update management. O R. 10 7 combined said Don't pick up some long flights or push them lock friends. So different things that you can do with this road. I want to add one more old so that I can pick up some fights from s three orders of this going to took. The gators are goingto adhere as Amazon. Yes, you read only access we don't want off. Permissions are particular pocket permissions right now. In production was probably what you'll do is invite the custom policy where you give this instance access to particular extreme pocket. You didn't want to give it to boil the estate, but catching your account. So we had done here. Let us. Go ahead and synthesizers stack and see if everything looks good. So everything looks good here. Let us go ahead and deploy. So, one second we're deploying a simple Web servers that we should be able to check the Web server by using the I P address off the server. Onda. We will also try to connect to the seller because we have an excess of agent on. We will try to run some commanders to check whether we can access the yesterday but gets or not. So let's get over a low information service now so we can see here. There's a stack that this getting built Let us go to events onder. Easy to instance, right now, I don't have any running instances. Once my stack completes, we should have on running instance here, so I'm just going to wait for the start to complete. So let's go ahead and see what resources have been created. We can see here, for instance, is getting put on the system instance role that will be attached at this school head and check what permissions have been added. We added to permissions one for SS until SS um managed instant score on. We also added the Amazon estimated only access so we can see both the paralysis up in added here. Likewise, we should also have an easy two instance running. We can see here that is up and running now. So let us take the Cypriot er's and put it in a brochure and check whether our web server is ableto be access from the Internet. So you can see here our web servers running on were able to access it. So this is not it we actually I managed to add some privileges, so let's go ahead and check. Our SSN agent is on length. So if our system agent is online and is communicating to the service, we should be able to connect with us over on the run. Some commands there, So we should be thrown into and bash or a deep portion from here. You've been going to bash as well. So little on has three less comment because we have privileges to check s three. If we go to our s three servers, we will be able to see the same flight. But cats that are in my account so you can see here we're getting the same five buckets and you can go ahead on Brett some data from the buckets or push some data to the packets are you could use the same hated privileges to push them a lot. Medics to the cloud watches There was also. So this is how you launch an easy two instance with instance provide with the customized of privileges instead of managed policies. You can go ahead and write your own policies and also at them aside, shown here trying with the manage policies. Then, once you're familiar with their, then go ahead and start casting my secret and tightening the policies that would be required in the production. Sit down. Go ahead and try it. How fun with it. If you have any problems for de medicaments, I will try and help them to. Until then, thanks for watching Happy learning 23. Launch EC2 with latest AMI in any AWS Region - Portable Region Independent stack: Hello, folks, Welcome back to another lecture on City game. So far, we have been seeing have to launch an 82 instance on. We went ahead and added some permissions to the seat of instance so it can pick up some plants from history or bootstrapping it with some Web confrontations, like installing, infested, piece of. But in order, this configurations. One thing that was constant was the air my i d. We had the air, my i d hard coded in glower stack, in my opinion, Asian a white hart cutting values whenever it is possible. But even putting in the context while has the disadvantage that we know that the new packages are released, then you're my idea gets updated on. You need to go over that change your got X twice and really brought your staff. What if you can't animate you? Pick the latest washing of your air. My Apply your patches in one time. That is what we're going to see on. Moreover, if you're a my ideas heart quarter it is. The stack is going to be born to a particular region because it, when ideas are tied into a region, are otherwise you need to write the stack, then find out what is the region that appropriately pick up the air. My ideas from your stack So don't want all this problems. I'm going to show you a simple mechanism off picking the latest every ID's on any region, the stackers running. Let this go ahead and do that now. So this is a stack that we have been playing around with. So we're going to make a couple of modifications. The first thing, sir, Picking up the latest air, My four line X. So Amazon has pre but in classes for that aspirin. So the first thing is here we have had heart quality and value. So what I'm going to do is just going to come in this so we can reuse the value. So in submission image with the value, what, and when it does, I'm just going to have a variable so that we can pass on the image and video here. So let us say I want to run on Amazon clinics and my i d here. So I'm just going to say Mannix, am I so that the same boost would come on here, So let us pick up the value of dynamic, you know. So here you have few options off accusing your air might. So all the options are under the issue. Two concepts over the school head and add that are easy to construct. You have machine image. So once they come here, you can see a hughesmen option off genetic line, a line explosion or a genetic toast Question. Or I can go with the latest Western off Amazon landings. Also, if you notice it that there is no latest for attacked or Centaurus because those concepts are different for Windows, there is a rebuilding license. So Amazon has backed up a few years myself with the sq and all those six. So first thing is, I'm going to show you how you can do on Amazon Lennox. Then I'll show you how to do the big question also. So here we are going to say lettuce, Amazon Lennox. On Inside this, we have a few options of customizing or machine. For example, if you want a toe standard edition are there is a slim version of Amazon lending service available, or do you want to run and a better way to rise the machine off hardware which applies to machine. So the first thing is John vision that are too available versions right now for Amazon like next. So wait, the truth. The latest one once again. So I'm going to say Amazon landings generation on Dhere. You see here that I do washing, so I'm just going to choose the latest one. So that is the generation that is the latest. Am I for question two of Amazon landings on edits And this is a slim version or the standard of volition. So I'm going to shoes here. An exhibition, as is you feel there's a minimal and standard soldiers go have juice, a standard on what they have started. We want whether we want to run it in a formal instance, or do you want to run it in a GPS falling? The devious volume is quite often director under function, so I'm going to choose that one now. So you have your storage on def juice here, that is Ngentle Progress and CBS. If you want to go ahead and do general purpose also, there is nothing wrong with doing that. So let us shoot BBS on which realization is what I was talking about. If you want to do a better, which delays for some reason, I will recommend it. But if you still wanted to let it, that is also possible. So under what do you have to even values when it's a hardware which lies in battle? What your life? So just go for hard work place. So now we got on our parameters for our land ex machine. So, as I said earlier, just in case if we want a luncheon Windows machine, so let us start with easy to construct here on that easy to contact. I just get to mission image on the letters to latest Windows on the latest windows. We have something called us and question. We don't have the same options like it's enriched. In addition, but we have something called a situation. You can go ahead on import our Windows question so you can see here there's a different divisions are available. Windows question when I do it out here, it was going to list out all the different year my summer sun is provided along with the appropriate licenses so you can see here's all of them are language back, but also their Some of them are with service packs on some of them with the different languages. Also, for example, this one if I'm not wrong, is for Japanese. So likewise if I scrawled on on the way, that would be some. Ask yourself for someone so available and different. I am I said, also available So you are free to choose whichever original windows you want lunch on. All you need to do is go ahead and change is valued. Toe does, am I? And you should be able to find that instance So everything is good means let us go ahead on synthesizer stack. So it just do that on Let me start typing the deploy command as well. So what? This is getting benefit is goto our, um aws console and see if everything is getting ready there. So have for now that no instances that does get to her confirmation on great for or stack to get completed here. So it's already building the BBC. We should see on so over running with the latest air. My so right now I'm in Virginia region on what I will do is I'll go ahead and deployed in Ohio. Reason as well, but we need to do is if your own were. If I goto my Abdul to people, I find you haven't region valuable sqs east. So if you change your here to us West or I can do here, is Carla's environment broad use tough environment brought again boot camp or something like online my Virginia? And then I could create another deployment for, in my mind, Ohio or so. So that way I can just go ahead and deploy the stack in another region on the stack was going to pick up the latest Am I from Amazon's list, and then it is going to launch it without any, uh, hi putting of values from my side. So let us get back here on the weight. One of the seven gets booted, so we got our staff creation completely. Just code. Or is it'll? Instance we should be able to see a new instance here. It should be running the latest version of the Air Minds for you. Remember we were watching and Web server. So if a copy news and then put it to my approach that I should be able to see the whatsoever coming online. You can see here, let's go ahead and see if we can deploy the same stack in the Ohio region also without any modifications other than changing the region. So here what I'm going to lose, I'm just going to say U s speech to and then I'm going to save it on. Then let us toe syndicate ls so now that nothing has been changed except for the region, and I'm going to deploy it. So it's asking me permissions because the entire stack is getting billed for the Ohio region, so that has head toe horrible, higher region. So here's the confirmation servers, so we just cool toe Ohio, so you should see a new stack here on. Likewise, if I go to my easy to instant service in Ohio and Nusa instance will get built, and then it will get deployed or the Medicare so you can see here report to sometime back to test the stack. It's working or not. This was the previous one, so you can see here my Web servers complete, so let's go ahead and see what the new servers running you can see here That's a new server running. Likewise, if I take this I purpose and put it in the brochure, Richard Workers. So basically what we have done is we have shown how to pick up the latest air, my deployed at observer in different regions with just the modification off the region. Go ahead and try it in your own accounts. If you have any problems, put them in the comments or questions. I'm happy to help them to you. Thanks for watching Happy learning. 24. Improve EC2 Performance with EBS Provisioned IOPS SSD Volumes: Hello, folks, welcome back to another every sort on city gate. This time we're going to see how the launching easy to instance, with some additional EBS volumes. So far, we have been launching easy to incenses with just a hoot volume with no Edison. Storage for state management are for access to Alicia that your applications might need. And when you're talking about EBS volumes, you get it to types of Williams when it's a standard one on, then with the provision shops, The provision Diop's a lotion obligation to have more spiky workloads for compute intensive or read write intensive workloads. So in those cases you need and William, which can provide that kind of for performance in this demo, we're going to see how to launch an easy two instance with the required level of provision psyops in a line. Next instance. So this is a stack we have been using for wanting or easy to instance, I'm not taking anything here just copied over to a new file on Called Us on Custom. Easy to pay up, stat on we have are easy to instance here you can see that it's on your route. William on no other women sometimes. So what I'm going to do is I'm going to add a comment here. So what we can do is we can use the same the Web server construct on the Web server we can do Issa other instance on we can all right, the default property by using our property. All right, on the property over, Rider, we're going to define that this is going to be a block. The waste mapping. So this is a lower level construct that the city offers whenever you want to. All right, An internal property. You can do this so you can do device mapping on. There are many ways off. We're doing this. So this is one off the ways, as usual in Siddique is completely flexible on how you want to structure your cold. So I'm just showing you one way and then put the documentation so you can go ahead and see the other ways also. So this is going to enlist because you can have multiple volumes on this sample. I'm going to show you 11 William. So under a list, we're going to create a Jason with the different type of values like puts the device name. What is the hopes? So the first thing is device name, so in line X, usually you're going to mount it at a slash day. So I'm going to call this as slash del on the rule out there is little Route one and then we'll call this. Ask STB. So after this, we're going to configure the previous specific parameters. On First is the Williams says what or how big the William has to be. So let us say I want something like eight gigabytes off storage on. Then I'm going to say what type I'm going to choose as I ops because we want provisioned throughput. I want to know how much I hope so. I want so here I'm going to say a bow down 400 hopes and need on you can go ahead and configure it to any safe for you that you want that your instances supporting this time we went to use the teeter Microsoft just a passing only a small amount of oil into. If you have a bigger instance, which can take advantage of much bigger jobs, then you can go ahead and use it. I'm just going toe until it domination. This is absolutely not necessary when you're doing it or pollution. Most probably would want to leave the disk on or are you were terminated there later. So in this case, I'm just going to show you that is an option off doing that when you're deploying the poor formation. Except so if you say getting domination is true, then what happens is when you're stackers deleted, your also gets deleted at the end of it. So it looks like I made an error somewhere, so I'm just going to quickly check if I missed anything here. So this is the name of the property and my apology stairs. This is the name of the property. So then followed by a list here. So they're eagle. That was the other. Then, In case you want to add more than 112 you're easy to instance. So all you do is add one more item just to get the section on. Then you'll be able to add one more warning, but the size that you need. So in this case, I'm just going to add more anyone willing seller to school head and said to say so Stack Everything is good that we should not take. See any errors here? So this school head on deploy the statcast would It does go to a rock formation service and see what is happening there So we can see our payoff time being deployed here. So under here we have a server for that just code or a sequence Since we should have a new server coming up here on defy scrawled on that must be to limbs. Here you can see others in a room device on then that is also an assistant. If I click on that, obviously this is a well in my knee. So again, I already open the dam was if we refresh my screen, I should be able to see two warnings here. So as you can see, I have created on an 80 be provisioned. I also volume within Ayob Colour 400. So this is how you add an original William which is off provision stories to improve the performance of your PC to win stairs. Go ahead and try it. If you have any problems for them in the comments, I'll be happy to help them with you. Thanks for watching. Happy learning 25. Highly Available Web Servers with AutoScaling & Application Load Balancer: Hello, folks. Welcome to another lecture on Sirikit. Let us see how we can launch Web servers in an auto scaling group. Friend ended by an application for balance Self. There are reasons why you want such an architecture. Let's say you have launched in the publication on it. This become quite popular and you're getting a lot of hits from your users. So in that case, you want the scale of your Web server to meet all the traffic demand. I'm quite often in interview is the best way to do that is using an order scaling group on . Whenever you have an auto scaling group, you would want to have a Northern so that that's a single point of entry on orders. Killing Group can also help check your servers to see whether they are only available, unable to meet the requirements off your users in terms off agency and performance. So let's go ahead and see how we can burn this in our city. Haystack architecture that we're going to build is going to look something like this. So we have a user who is going to hit the obligation nor balancer domain name, or that you are. You can also have a role captivity. But we're not going to do that today. So we have a load balancer behind the load balancer. We have my different observers, general Part Often. Order Skating Group. So these are the two confident that we're going to build in today's picture. So this is a tear off over application. I could picture whatever then so far is just imported the bootstrap scripts on Also, I have imported online exam. So our web servers basically going to run on online extend my so for building and load balancer. Obviously we need to import the balance of construct so that the school had on do that first. So we're going to use the distribution of the load balancer Onda. We also need to import the I am construct as well as the auto scaling construct, because we're going to use those functionality as well so into school head and import them . So we have important the necessary constructs. Remember, whenever you're importing a new contract and if you just not install, it is imperative that you need to go ahead and ask them to requirements and struck them. So we went toe act them here sort of later. School hadn't had auto scaling first, followed by the north balancer. So let me say this on before we do anything else that we just go ahead and install it. So my contacts have been installed. So let me just for this. So they just go back to our Web application. So little start building on load balance that the question is creating the load balancer. So I'm going to call it my Lord balancers MB on. Then we went to import of a concept he'll be was too dark application load, balancer. And of course, we always start with the scope followed by the I. D. I'm just going to call this as they'll be. Andi. We have one to say whether it is which BBC descriptive. But you can see here I have, importantly pc from the BBC stack. So all I'm going to say it's PPC equal to be PC's. So so and maybe see which is existing in my environment can be used by this construct easily unstoppably and BBC again and again. I'm going to say this is going to be Internet facing, so I'm going to say true Yeah, on what is going to be my load balancer name. I'm going to call this as if so where? And be so What we're going to do next is we're going toe. Allow the security group to receive traffic and port 80 from the Internet. So and we don't connections dot Hello from Internet. Once again, we're going to other Only I'd be before traffic. So under this, we're going to say easy to dark portrait DCP on bought in India. They just add a description so that we know why we have added this. So now we are done with security group, so next is adding and listener So here we are going to say listener equal to get be dot Add listener on the listening name is going to explain to the list i d bordered by just my port and whether they want to open their tour whether just open or not, they're just accepting traffic or not. So we have added a listener as well. So the next step is going ahead and start building the necessary resources for our order. Skilling Group So for my auto scaling room, there are few people prerequisites for example, we need to know what is am I am going to launch. What if the Bootstrap scripts? What is the role? What is the excess? Its key. So we have got a couple of those Is that despite here, the next step is I'm going to build the road. So I'm just going to say But so were I am ruler. So we're going to use that I am constructs. I am dot role I followed by my school when they're just going to have an i d. Here. So here we are going to say this is going to be assumed by my service, which is easy to so I am not service principle. Easy to door a measure on AWS. Start calm on. We're going to add a couple of manage policies were seen this earlier. Help to advance policies on that one is going to be my assistant policy. Another one is going to be my daily access for history policy name from manage 14 and that's what I came for. So I'm going to copy business one so that it won't make a mistake here for a systems it's called us. Racism managed instance score on just going to do to get this. So we also have Amazon s trade or read only access here. So we got our Web server role also. Really? The next step is going ahead and believe the order's getting group. Except So let's start by that. I'm going to call this as a Web server auto scaling group. And you have the construct called this auto scaling on under that, I'm going to say Auto scaling Group. Yeah, plus the one followed by my i d. So I mean, Mitch, maybe you want to run it. So this is the BBC on here. You can see here help keep them. But I don't want to do that because I'm going to use a systems patients manager because I have against this role and I'm using Amazon. My next on the agent comes in default, so I should be able to manage my service by using the SSN vision's manager. So I'm not going to add a keen him. If you want to go ahead and add a key, them did. So it's something I want to run it. And so basically, you can choose whether they want to find it and breaks up next public separates or whichever subjects being wand. So in this case, I'm going to put them into, uh oh, Private seven. It's because, my lord balance that is going to be public facing. So if you do not select subjects election Uh, yeah, here we are going to say something to type. Is it a sudden it time is going to do pregnant. So that said for the subjects. So next step is instance time What type of instance I want to run. So basically here you if you're familiar with orders getting group were feeling the launch configuration on then the auto scaling group configurations in all in one place. So the instant state was going to meet my group. I'm going to run a small instance. If you want to have a different sense, go ahead and change them should not be a problem. Instead, style certainty. Doing my girl camp It does not make a spelling error. Do my throat. Did you go there? On what mission? Image? We have already imported our machine image just going to say my necks. Am I here on what role we have already defined the role. Also observer role on what capacity wanted. Just choose the minute capacity first in the past, I'm going to say two on then max capacity. Also, I'm going to say to on, Do you want to know how decided field? But if you said this well, whenever you're launching this tack, it is going. If you have water, scaled it from two to let us a higher number, then it is going to put the skating group back into his desire number, so I wouldn't recommend you to go ahead on the tool that is, I have capacity, unless you're sure what you're doing. So finally, before we forget the needle at the Usage Data field also here, let's So let's go ahead and on our use elevators for that. Our instance will pick up the latest 80 TPD packages and become a Web server. So we have seen this already. Also say that equal to orders for season two dot user data Dark custom. Under this, we just give the user data value that we already picked up somewhere in the beginning, you can see here we're reading from the fire under storing the value. It is a data, so I'm just passing it on here. So we got our auto scaling group set up. The next step is enabling daughter's getting group to receive traffic from the board balancer. So we're going to add a comment here to say, Donald SG Security Group, Did they see you Graphic brown and be so we can say lips ever SG Dr Connections Dark Hello from envy. If you can go up here, you will find out that is an l b there. And then we are going to say from easy does not board dot TCP port 80 on the lettuce. Add a description also. So we know that this is the part off the it be security group. I'm just going to add the same description. Here it is. Closest out. So this is good. So we need to add or auto scaling group Toby the targets for our lord balancer so we can see here that is already listening at it. So we're going to say, Listen, don't act target groups. So listener so listener I d followed by my fort matter. I'm going to listen So again it's going to be on port 80 then where we're not going to do any certificates. So it is going to be one Lee. What? 80 were doing certificates and you will go under. Add another 44443 Also So the targets and going toe attachment reps over SG. So now we have a test. Our the scaling instances toe are listening. So I'm just going to add a comment here. So finally, we need the El bur so that we can take it out on the grocer. So I'm just going toe all put that value also. So I'm going to make it into a few other so that we can just click on it from confirmation and be docked nor balancer de in its name. Sugar is the name I was looking for. So I just add a description also to see what it iss So your own good here, so we can go ahead. And since it's a self stack on, check it out. Okay, so my stack is all good so that I can go ahead on deploy it and it should ask my confirmation because we're building multiple security groups and multiple stacks out there . You can do one by one and just going to say deployment of source stack because this is dependent on this BBC stack automatically in my city cable deploy the different stack aspirin. So I'm just going to chose this one on later. Sometime it is going to ask me a question with it and we want to deploy the Elvis type. Also just going toe preempted by saying why? So let us go toe are abused, export and see what the resources are getting. But so I should see one start getting, but that is my BBC stack. First on, then, after this, it will be following and deploying my auto scaling group on everything. So just quickly take you through all the services that we were going to see later. This is my, uh you see two page in Virginia that are no servers right now running on defy take you to my auto scaling group. There. Nothing there. Unlike wise that there is no lunch confrontation Also on no Lord balances no diving groups , so they just wait for our stack to get completed. Let me just wait for my humans. And here so you can see him on BBC stock is completely just go back to our stacks. Andi, I should see one more stack here. If I go back here, you can see the other stack has started building. So let's go and check out our Evans to see what humans are getting pulled and resources. I can see the security group that has been created already on board balances getting created. Let us start taking over things killed. So bl we're seeing a load balance and so they just go ahead and check it out. So, other listeners, my listeners, are still getting burned and you can see you. There's a BBC on. This is my public subjects. If you go to your maybe see section, you can confirm that this is part off the public subjects so city is automatic and picking up my public submits act. Applying my lord balance of in the public submits. So we should be able to see this many other or so populist into the protection on also the concert when it there's that companies deployment. So let us go back to proper formation and seeing what other resources are completed here. So we should see some more resources that is getting started just goto over events again so we can see there is a launch configuration. So I think this is my auto scaling group so we can see here. That's a launch template as well. So just take it over here. So here's my lunch conversation that he do Micro instance that he said, and we didn't want that and keep name that is my were were able to connect it with the fishing's manager because we have instant Superfly with the This is, um, agent rule. Likewise, we have a lunch configuration with daughters Killing group, so we have this minimum capacity and a maximum capacity. So if everything is good, we should be able to see two instance coming up here. So as soon as our instances are coming up online on available in the target groups, we should be able to see them here so you can see that's interrogators available on the target tradition is in progress. So once it is successful, we should be able to see something like healthy or okay here. So I'm going to check my tour formation on Dhere. We have that you are in so you can see here my web app is running on. You can see the I P address off this hour or so. It is a 10 10 to 95. If I go ahead and refresh my screen, I should see the I P address also changing. That means that I have to Web servers behind my application. Lord balances on the traffic is distributed to the different sellers depending upon the load on the each server. That is how you create and lips over in an auto scaling group on friend ended with an application character. Go ahead and write in your account. If you have any problems, put them in the comments section. I'll be happy to help them with you. Thanks for watching Happy learning. 26. Create AWS SSM Parameter & AWS Secrets: Hello, folks. Welcome back to another episode on cloud Development, kid. Today we're going to see how to create custom SS and parameters on air abuse secrets. Earlier, we have used the services for creating orders retrieving in my I. D. S. It is quite useful when you want to start a lot off configuration that it's required by your application or for connecting to a database you need over database password on instruct Heart. According them. You can store them in secrets Manager and to treat them. So wait off when these services are being used for Lambda Functions and Micro Services for passing parameters and configurations. So let's go ahead and see how we can build this in our environment. So this is the stack that we're going to use today, which is going to be called as the custom parameters secrets stack on day. I just created an empty filer. Know how resources are built on official incident, Kate, The first step is making sure that you have the requirements while updated with packages that you're going to use in this case, we're going to use the sick racism, so I'm just going to add that on I'm also going to add the secrets manager also so we can go here. Use that later. Okay? Just called secrets Manager. So on then. Remember, always you need to install them once as soon as you added. I always make it a point to install them as well. No, the installation is completed. Let us go hurt on the import them. Unlike wise, I want to import the secrets manager also, let me just do it this way. So we have imported them there to start building our first parameter. So first time what I'm going to do is I'm going to create a simple parameter. Say, for example, I want O have on a low testing in my environment and I want to see how many users I want to configure there. So in that case, whatever do is I'm just going to call this as a parameter one. This is, um, dot string parameter. So you see her string parameter, And as usual, we're going to set the scope on. Then, after setting the scope, we're going to set the I D. In this case, I'm just going to call this s Bring me one on what is going to be this parameter. So I'm just going to add a simple description. I'm going to say this is low resting configuration on. Once we do that, we're going to set the parameters name it says so for the parameter name. I'm going to use something like a number off banker and users. So what is going to be the value of spring value? So I'm going to say I want 100 uses. This can be any value one toes and hot bread or whatever you want on, then what year it is going to be standard deal because sometimes some parameters are going to be access toe quite a lot of time more than dentals and transactions per second. Then you want to put it into a premium tier. But our bloated thing is not going to people requested that many times. So depending upon that, even want to choose your transaction deal in parameter store. So here we have something called us Barometer tier, Dark standard. You also have other in number news like Atwan steering, so choose depending upon what is your use case. So that is going to be our first parameter. So I'm just going to quickly output this value. So now we got no stack. Where we ever adding one simple parameter on all Soviet going toe to you? The value on putting it into the core formation open section so that the school had its into Cesar stack. If everything is good, let me also deploy it. So while I was trying to deploy lettuce goto our this concert here we have the confirmation Lecter's Coto, our custom parameters on that is all stacked that just getting bulldozer parameter fiction . So this is our system console under here, you have the perimeter store on that. We should be seeing one parameter getting. But you see here the number of concurrent users on defy go inside. You have a value off 100 on Our good fiction also will be updated now, But sometimes what happens is that you need to stole more than one parameter, for example, for low testing. It's not just concurrent users. I will also need how many how long I want to run this tester that Eurasian off that on, then is that an additional users coming in or repeated off them? So I need to have multiple conversations. In those cases, you won't have a hierarchy off configurations. So parameters allows you to have highlight kill configurations. So that's what I'm going to show you right now. Just going to duplicate this. I'm just going to call this aspirin, too. On that exchange is also to to Onda here in slow for having a simple value. I'm just going to perfect sit with forward slash and them let us. A locus is my low testing tool of choice. And then I'm going to stay low test conflicts on under that I would have ah number of concurrent users on that is going to be 100 on. Let us it. I'm going to talk to get this again. Andi, I would have three here so that but I'm pretty sort of built on here. In this case, I'm just going to say duration. It is a tradition in seconds, so I'm just going to run this test for, say, about 300 seconds of yourself, like five minutes. I want to run this tester. So what happens is I will have a hierarchy conflagration now, so anybody wants to pick it up, can pick up the conflicts that apparently and that is the type of ever hear that is just not the type of convicts. So once you pick up the confrontation locus and the conflicts, you will have access to all the values Number of concurrent users duration in seconds on other parameter for free. Keep on adding likewise a Another contribution that I always comment to users is something like a database on, then followed by the environment. Whether it is brought, there s on. Then you have my sequel or Laura are. But what about the date of his engine? I'm followed by the passport. So you know what parameters that they're without you and having to retrieve them? Because their values you haven't highlight destructive for organization. And then you can keep on testing it so late to school. Head on. Deploy this one as well. Okay, I was tak it's got completed. Let's go ahead and refresh. Nothing is going to happen here, But if you go here, we should treat to more parameters here. Under these conflicts, you see a Jewish in seconds and number of concurrent users. So now let's go ahead and see how we can use AWS secrets manager for storing some secrets like passports for databases are some of the baby keys or anything that you want to store encrypted on how some automatic rotational futures passwords. So let us go ahead and below secret. Now I'm going to call my secret as a secret one on. Then we're going to use the secrets manager construct on, then under that, we're going to call the secret my third, and then the matter scope is going to be self followed by my i d. We're just going to call this a sensitive one, followed by my description on let us call this as my customer database bus work. And now we have that. And then let us go ahead and add our secret name itself. So this is going to be customer DP password. So let us cool head and synthesize the stack. If everything is good, we should be able to deploy this. And remember, when you're using secrets Manager, you will not be able to retrieve the string value itself. You just retrieve the secret of token on that token, will passed on to any service that it wants to consume it just to show that I'm just going toe. Add an output value for secret. Also, they're just going this as open to on, then just going to say secret. One thing this is little Say, this is the so the value is going to be secret value. This is how you're going to use the name off the you know, you're going to call the secret and then you're going toe pass it on to other services. Gift that census isis properly. Then we can go ahead and deployed. Okay, Since we have a secret one and cannot just have this one is also secret one just say lacking here ls it is called. I didn't deployed us, so we should have a new secret that is also configured for us. So when this is getting deployed of what I wondered was, I want to show you another way off, creating secrets that just called us a temperature secret where you have on Jason feel like Why have games the name, password, and have a hierarchy off secrets. So let us see that one also. But this is getting deployed. Just go here quickly and then you can see here There's a secret one value. That is just a random string object. That is a reference to the secret itself. But if we go to the service called us the secrets manager, we should have a custom Devi password on then on, uh, secret value here in quite go ahead and click on this one. It's going to show me the plain text dwelling here, so that is the only way you can treat clean the plane takes. And if you are using it in the database spots work, this plain text token will be automatically passed on to the service. That consuming this. So here you can see here there is a secret key value. I don't know. We're just store and a simple string that started key value. So if you're dreaming it out, if you want to start multiple values, you cannot use this format. That is what I'm going to show you next, how you can store and hierarchical or Jason template that secret itself. So let us just, uh, write a new one That might be better, that I'm just going to call this a set template ID Secret value went to you suggesting template secrets. Manager Dark secret once again. And then the school is going to be self. The letters caused this secret as a secret, too. On here also were going toe act that descriptions show that we know what we're doing here. It template Good for you. Did, uh, aan den uh, secret name, Midst of later school head on our secret name on. I'm just going to call this ask you serve gone high pick buttes. So my user name is gone, and then I'm just going toe had acted with for this users. So here we have a construct called us that generate a secret string on. We're going to call that on. There is a matter for this one. Also. Secrets manager dot Secret string generator. Okay, that is the one on here. We're going to say secret string template. The 2nd 1 on, we're going to have a Jason for my third, uh, template because we're going to use the fight on our dignity. So remember that Jason is not imported into my court, So just going to import Jason also here so that it stops complaining about Jason. It's not unavailable, so we want an ah dictionary. So I'm just going to call this adds user name on then for Lord, apply my user, but using a value that is going to be calling here. So this is the bracket. Once that is done, we have to say what is the possible is going to be stored? So we're going to have the string key on here is my passport is going to be stored for diffuser. So there will be a user name attribute whose value is going to be calm And there's going to be one more attribute called this password on the whose value it began in Italy generated by the secret that's told it and services. So let us cool head and synthesize it and deploy it. So whenever you're calling this secret in any other service you will have both attributes so you can find out what is the use of name? What is the password? This might not be the ideal use case of student use. An impasse were part of for a P s. You can say for production. This is a pity for a test. You have this baby a key are for district party services of the So you can have some Iraqis to find like that. It depends upon what is the Iraq. You want to define a quart of the keys. So this is just an example of using your sentiment password. So we got our secret uploaded. So to school back here and see that is the usual corn attributes. That is my user. So if I call inside here under secrets value, you can see here That is the user name whose values gone. And then there's a password with the values automatically generated presented here. So that is how you create a system parameters on the AWS secrets you've seen Citic it. Go ahead and try them. If you have any comments, are problems facing get up issue. I will try and help with you. Thanks for watching Happy look. 27. Create IAM Users, Groups: hello, folks. But him to another episode on City que This time we're going to use indicate to create users on add them to groups on, have a hierarchy in your head appears account. So this is a stack that we're going to use. So there are two important concepts that are required. One is the I am construct. Another one is a secrets manager. If you're wondering why we need a secrets manager, the basic concept off I am user requires and whose name on the passport. So in this case, for generating the password, we're going to use the secrets manager so that we can have and no complex password auto generated for us. And then it will be stored in the sickest manager security for us. You can also use any test um, string our spring used to buy cold o r. It a Pacific itself. I'll show you put the matter so that you can use them to create I am users on. Remember, if I have already installed I am and Secrets Manager as the dependencies. So if you have not done that, go ahead and do that using the pip install hyphen, our requirements command. So let's go ahead and start building our first users. So I'm just going to call our flows to use a password because we need the password first. So let's just go ahead and generate them. Since we have seen how to create secrets earlier. Lettuce tool that faster. So here's a secret name. I'm just going to call it the secret vampires user One plus. So we have got our passport for our first fusion. So let's go ahead and build argues that itself. So we're going to use that I am concept for creating that usually this cold, as I thought user on then the school on bordered by the I. D. So, for bus word, we're going to use the other one dot secret value. It will automatically call on Pick it up So you can see here that the secret value dead on Then what is there going to be my user name? I'm just for user name. I'm just going to say is that one here? So we're all set for one user. Let me show you another mother. Also value can use custom generated password vary by that locally generated the password and pass it on So I'm just going to say on user too, with literally passport on. Since we're goingto hard court the passport or show the password in the city can stack itself. It is highly under recommended approach. But if you still want to use it for some reason you can use this just going to copy this Construct here on day in store for this one. What we're going to say is cord our secret value Dark plain text on. In this case, I'm going to use a plane exports with this is the richness of course informing, you know, use this. So I'm going to say something like doing nos by I just, uh So finally, I just want contained this construct to user to one user tune. So we have got to users Onda, we should be better. Come on, the scene here, So just act this cover on business in the face of stack first if you are stuck in school, let go head on and deploy it. So when my stock is getting to pilot, does Goto Ah Consul in see what is happening there? So this is my console right now and you can see here. That's when one user on that just refresh my screen. There's another stack that is getting built for now. Eso using a screen test, but they just go ahead and take it out here. You can see here people to users on both of them are not part of any groups. So if you want to give the user name as for the supplies but also to some use, and what we can do is we can use that. I'll put off for matter so that you can also generate the log and you had a or so. So I'm just going to quickly show you hope you can use that. So value is where the interesting part happens. What we're going to do is I'm going to construct the string from my account. ID's on my count that is available at court. What aws dot com i d. So once they get my contract it, then I can just like in my that you are signing dog aws. Start amazon dot com slash concert so that should be good. Just I'm going to deploy this again. So what this is going to do is if I go to my tour formation stack now under output section as often, Innocenti. As soon as the stack gets completed, we will be having an awkward which will kill that you are in for you have to sort of the usual toe can be center that the military's off the long and you are ask unless that passport separated so that they would have the access chills to start being productive. So we have done here. So let me just see here. So we gotta put your just going to copy this on the letters, go ahead and put it into another project moment where I am in a different Roeser. Now I am the private browsing more so that we can go ahead and open that. So this is first users to on for password. If you remember, we used to hear password. I'm just going to copy this. And he was this? Yeah, as off. No. You know where we have not given any promises for those users. But this user, if I just goto ecstasy or any service you can see here that is an error displaced because we have not given any privileges at all for this king. So even if we go here, that user is not part of any group and there are no permissions. So let us go ahead and add a group and add one off these users into that group. So let's go ahead and add a group here. I went about this group as a constant group and here one second you're going to use that I am constrict. That is the correct spelling. So again followed by my Heidi on my group name. That's as simple as that. Okay, now we have created a group on. Let us go ahead and add that you should also that's very simply done. Content group dot after school, usually what we're going to on, then they're going to act. Use that to here. So did we create a butt off them as user one itself, which has changed it. So this is going to be used to now I'm just going to quest, uh, synthesised stacked made to make sure that they're not made any errors on discordant deployed since we confirmed the staggers. But good, so know what is going to happen. It's a new group. I am group called this constant Group is going to get created on then that he was a user that is used to will be adolescent member off this constant group. So let us go here on the groups you can see it is a group that is headed and assault. No, that's zero user stare as soon as my stack completes, which will be able to see the user toe that it's about being adults. Remember off the article, so the user to has been updated. That is not dead complete. That means that the membership has been updated there. So I just go to our group. No, we'll get out to the first page so you can see here. There's a usual to that has been added to this group, So that is how simple it is to create users on I Am group. I would like you to explore how to set a password. Policies are how to set up, but hierarchies are part boundary permissions. Also using the city concept. Go and explore them. If you have trouble, put them in the question. Answer discussions. As a community, we can all learn from each other 28. Create IAM Role, Inline & Managed Policy: Hello, folks. Welcome to another episode on City. In this lecture, we're going to see how to create custom. I am rules custom. I am policies adds a managed policies on grant resources permissions to access. Then if your own were earlier, we used them. I am users and groups. We will deliver it to the same constructs to see how we can add privileges. Toes users are those groups using manage policies are in line policies. So they just go to our stack and start building this environment. So this is a stack that we're going to use before Bellinger. I am rolls, but you can see here that is already fuel resources. I have written out up. That is, for example, I'm going to create and user on that I'm goingto have a group on. I'm adding that user one into this group that sold me going to help rebuild. So I'm just going to quickly deploy this plane, be start writing our custom rules for rules and the permissions for manage policies and other things. The reason I want to start here is as off. No, you can see year. There are no permissions added to this group are. There are no permissions attitude. This user called us use that one. So when they are provisioned in my account, they will not have any privileges. We will go ahead and test that on. Once we confirm that there are no privileges, then we go ahead and add some privileges first by adding some manage policies on as always , it is the best practice, not toe. Add any privileges to the use of itself. You either add privileges to the group that uses dismember off our to the role that you should be assuming toe. So that's what we're going to do. We're going to add some manage policies to this group on. We'll take whether those manage policies taking into effect. So the user is getting probation now. So let me take you to my console here. So as off now, if I go to my user section, that must be one knew you said that must be getting created on. You can see the user is none. The group is none, but in a very short while, the user will get ah group added to him so likewise, Asaf know that are three buckets in my s three our service on. Then in a parameter story, we're going to see how to access parameters in our account. So as of now, there are no parameters also, So this is the baseline that we have. Onda, uh, you can see here the stack is created on an output section. I have and you are? Let me just go ahead and put this into my private process so that we can go ahead and access it. So if your own word for user one what I did worse. The password iss stolen a secrets manager under the password string, as usual. One pass. So it is dynamically created. So I'm not embedding the password here, so just fleeced securely stored in my account itself. So if I go to my secrets manager here on user one vice is here, so just go ahead and pick up the value from here. Of course there. Since I'm exposing my passport here after the stackers completed or this lecture is completed, I will be going head and destroying these two users. So as I said earlier, this user does not have any privileges. I mean, what any other resources I showed you earlier also in Virginia If I goto my easy to instances are, for example, and just go to parameter store on also history I'm just opening Put the taps here So if I goto my parameter store on goto this option I should be getting another likewise in s three or so I should be getting no privileges So let us go ahead on and see how to add privileges to our group now. So first what you are going to do is add managed policy on all of the policies and permissions are part off this I am group So it is already dead imported into my stack sort . That is why I'm going to start using it. If you're going toe right it fresh make sure that you're importing that I have group on since I will be later using a system I have important them be already started using secrets Manager in the possible section So for doing the managed policy. So we're here to do this a const own group dot at managed policy on the construct the way to Addis underscore I am dot managed policy from AWS manage policy name on this time I'm going to use the Amazon trade only access for my s three bucket Amazon. Make sure that you're typing in the names correctly. Here. Amazon s three who need quantity access. So I'm just going to save this and then deploy it. Now we're giving additional privileges. So scenic is asking whether do you want to do this? So we're going to give on permission Toe syndicate to deploy the sedition permissions on Once this is deployed, Let the school hadn't put your ticket out. The stock is deployed. Just go ahead and check it out in our private approach that you see here. This is a permission this denied. I'm just going to open it to do another tab on. Hopefully we should be able to see the three packets here. So that is how you have managed a permissions to your account. So even if I go here to my group section on, if I goto constant group on the permissions you can see here asked the daily access has been added here later, we will see how to add in line policies also So just a demonstrator on inland policy. What I'm going to do is I'm going to create a couple of resources, especially there. But I am at the store. So what I'm going to do is I'm going to create two parameters. I just taken the court from the previous stack that we earlier did with this system parameter store here. The first parameter is going to be called a spam one on this is going to be called us Keys to constant. That is good highlights. Gilkey Constance organization under that. My deputies on this kids called us fish on. There is a numerical value on Likewise, I'm going to create another parameter. Let me just changes to call this parameter to on named this parameter to. And this has under fish. We have different levels. So this is the goldfish and this is the value for that. So why I am creating new parameters is that is very easy way. For example, if I want to provide this user or this group permission for example, Constant Group needs to permissions for this parameter all I have to do this. So all I'm going to do is bear one god Grant. Really? So here you can see here There's a read and write books who are religious? Are there just this time going to give really here? And I'm going to say Give the group name So that's all that's it I have to do if I don t get ls it is going to give me that. That is a change in permissions. So if I do a diff, it will be able to clearly see that there is an additional for these describe parameters and all those things What this group earlier we saw here, there's only really permissions now. It will also have some permissions to describe this particular parameter that is parameter one, not all other parameter surges of fine grained permission so that the resources isolated toe fortes parameter and the air it's listed there. So let's go ahead and deployed. That's the best way to take it out. So the stock is deployed. Let us go toe admin access. This is our admin access page. I'm going to go ahead and refresh this screen. You can see here. This isn't the doctor who would earliest and there is a new policy that has been a test and in fact, we control policy. It will allow me to describe all these parameters for this particular source, that is parameter one, if you remember parameter to has a fish slash gold so we don't have access to that. So this policy is actually not enough for going ahead and seeing it on the console later School head and check it out. Here we have the parameter. Let me go ahead and describe it. The reason for that is when you're looking at in the console, you need describe parameters for describe parameter permissions. For all the parameters in your account, you can see here, it looks for the star privileges on. We don't have that. We give only privileges for particular resource here. So if you're going to do that in a C. L. A. For example, user one house and sdk or CLR access on. If the user is requesting the value for this particular parameter, then the user will be able to access the values. But in the console, when you're doing it, you need privileges to list on the parameters. So that is what I'm going to show you next. How toe add a custom policy so that you can list all the parameters in your account. So let us go ahead and do that. That's what we're going to do. We're going to create. I am statement. So I'm going to call this group statement one because there can be many statements on the other. I am. We have on a policy statement. So here you have that it is going to use the park mortal, which we are family with the principal actions Resource and FX. So the principle is going to be the group here on for effect what we're going to to assess , we're going to say hello. I am on the affect dot alone you have that And then for resources were going to say all resources because we're going to just describe them Onda for actions we're going to say a system described the actions is also in a day. So we're going to put that in up records. So this is going to ss them cold and describe para meters. So this is good on guy usually personally recommend you to go ahead and add ons. Assaidi aside, is nothing but a small description off what this statement is allowing people to this case . It is a describe on parameters in console. So when you go ahead and check it out and the statement in AWS console, you'll find the bad. This is helpful. So that's all it is. So let us go ahead and synthesize. That's the type of there. Unless I take yourself. So just go ahead and deploy this. Remember, I have not advice this ah statement of my group. So that is why it has not made any changes. So let me just add this privileges to my group. I forgot to that part Cornerstone group, don't I? We're not doing managed policy. We're going to just say at the policy on that, I'm going to say group statement one ls and get me to a CD in Different so that we know the difference that the spirit is They're going to go out of the group. You can see here very clearly list that the sister describe parameters being added to the principal construct group. So just go ahead and deployed. The stock is two point. That doesn't goto our private Brosa. You see? Hear them this user one. Let me refresh my screen. If the difference is not working, let me log out and log in on because sometimes cessation is not picking up the use a variety, a privilege that has been changed dynamically. So if I go to my parameter store now, Andi, I should be able to list on the parameters you can see here on. Remember this user that if usually one does not have privileges for the Swiss gold. We have just gave it a permissions poorly for this fish because go 11 omissions are not that If I go ahead and click on that, it is going to give me an editor on the value. It's not civil. I will not be able to check any other attributes off this, but I'm a territory. But if I goto fish here, I have access toe. See that when you are, pick up this value and use it. So basically what we have done as we a graven, fine grained access to a user using see decay to the point that you can restrict that you said no particular resource on within that resource, or so you can say one lead level permissions there. If I take you back to my admin console here under a group section we have this a policy here. Let me just refresh the page here. Andi, if I go ahead and click on show policy particularly, I wanted to show this essay the concept here. So you have a statement idea which describes why this particular statement has been added into this. A policy here I would highly recommend you to go ahead and use this feature so that you know why your particular policy has been added into this. So another thing is, this is an inland policy. Sometimes you want to create a customer managed to policy so that you can reuse that, afford multiple services. So I'm sure you have to do that as well. So before we go ahead and see how to create a custom managed policies, let us go ahead and create a rule on for this. I'm going to call this role as a constant optional on we're going to give some issue to privileges for, to say, rolled so that they can wanted to the easy to instances that have anything to second so role under that, we're going to define the scope on we're going to say on stone ups Road on this is going to be assumed to buy. I am going principle that is, everybody in this account ho thesis probably can be assigning to are allocated to on We have seen this earlier. How to pick up the account i d We have that won't and under cold or aws dot account i d. So we can pick up the value from there. So that is how the principal is created on for rolling. I'm going to use the same value has gone stone optional here. So we have created a road on Let us create and manage to policy so that we can add to this manage for this little this little here and this managed to policy can be attached to any user. Also, in this case, I'm showing as an example of attaching it toe you wrote. So go ahead and attach it to a little groups or users. Whichever way you want to use them, list his it'll policy. So we have a contract. Something called us have managed to policy on. Once again, the scope is defined after the school where we're going to give the i d. So list easy toe instances and description is list is it? Took instances in the region are this is going to be a policy show that is going to be account. So that has changed That managed a policy name. I'm going to use this one, Lee here on what is the permissions? So here, this is where the interesting part is that it's Ah, while you call the statements on you. As you notice earlier, we can help multiple statements. So that is going to be a today. So let us open this on then. The first statement is going to be policy statement, which you have seen earlier. Also, I want to see statement on effort equals do and it's couple. And since we're following, it is going to be a low on actions. So accents can also be in a hurry because they're gonna be multiple accents. In this case, I'm going to just use a easy to gold and describe start. There can be multiple descriptions, instances running the volumes and all those things. So and then, if we want to check out approach alarms out there for that easy to insist that you need to kill clothes, which Coleridge is also something like cloudwatch describe star on If there are told what metrics then you need to give them Also, cloudwatch get star. So these privileges would have noticed that my experience is barely enough toe get your easy to dashboard concert working. So now we got our up in the park mortal. We got our effect off actions on resources So in this case, the resources are going to be all off them. That is all the instances because this is an ops team on finally, we're goingto attach it to the are really that the operator? So this is also going to be a list because there can be multiple roles that you want to attach it. So in this case of just going to say, const owner group on stone role obsolete So you if you have something like groups or users , you can attach that for the secret doors. I think you can see here for users also can attest this policy. So that's it. Let us go ahead and it's interstates. Our stack. If there are no others into school head and deploy, that s well, since the role is already completed. Lettuce goto our I am console. Here I am. Remember, I'm on the main page here. I'm not on the user. One access because you said one does not have privileges. Toe. I am level. So let me just go toe rules on you can see here that is in a constant obstacle that has been created. If I click on this that must be on at has managed policy, you can see there's a manage policy. I can check the same thing by going to policies on under custom managed policy. I should be having that list easy to policy so you can see here the same permissions that we get. So this is how you can create I am. Rules manage policies. Custom policies at actually them to different users are granted privileges to particular resources using the grant option. What creating the stack it's for. Go ahead and try them. If you have any comments or questions or a better way of doing it to put them and Q and a section we can learn from each other. Thanks for watching Happy learning 29. IAM Resource Policy: S3 Bucket Policy: Hello, folks. Welcome to another episode on City Que. This time we're going to talk about creating resource policies in interviews that a number of resources, for example, estranged one off them, which allows resource policy on likewise you can go ahead and created resource policy for and care musky are an SNS topic or even in Lambda function that also allows and function policy. So this example, let us go ahead and see how we can create a resource policy for s three pockets. You should be able to take the same knowledge on try to create a first policy for any other service that is supporting it. So that just goto a stack and see how we can do this. So this is a stack that we're going to use toe build our source policy on Since we're going to talk about S three on the policies, so have imported history, and I am concepts. So I'm going to start by creating an s three pocket on. I'm going to call my bucket as a constant bucket. You can go ahead and go that whatever you want, let s go ahead and quickly build the constructs here. So I'm going toe How some assets here that to say, I want this bucket to be apportioned Andi, while I'm removing this stack. I want this bucket also to be removed. And what I do is I just go ahead and say it or not removed for the sea dart. Try and remember this will Still not working for you. How some content in the pocket, your leader manually go ahead and deleted. But if you don't have any content in the pocket or any flying objects, then the stack will automatically deleted. But there is, ah, bucket policy here on. Remember, I'm not adding any a public relaxes here. That is what we're going to do. We're going to use the resource policy itself to add some permissions and privileges. So how am I going to do that? So we can use the concern bucket on then? Under this, that is an maternal coldest add resource policy you can see here at the bottom are to resource policy. On inside this, we have the familiar I am policy statement construct so we can just go ahead and write our policy statement here on inside the policy statement it uses a family or a part mortal. So effect is going to me alot because I'm going to give some public access here on for actions is going to be all aesthetic objects. So Estrich Colon, get object on nexus resources. Walk for water sources. I want to kill this poor emissions. So for this is going to be for my dentist. Say this bucket is going to hold objects which is having a steamer text files and some image ones. But I want to give public access only for his team. All flights. Then you can simply go ahead and say constant bucket, no ad and for objects on. Then we can customize build objects like this. So start our taste him and what this is going to do? This? It is goingto do public access or whatever access we're defining here toe the objects which are ending with dark history animal so it can be having any violent. But if it is ending its estimate, it will have this policy. Guys do it. So finally, what principles are going toe have access to this policy. So I'm going to say any principle. So that means that anybody in the Woods is what the policy may exit public access because anybody can have access to the objects which are having tasty and at the end. So I want to add one more to transport. See, How will I do that? So simply what we can do is you can just go ahead and create another policy statement. So what I'm going to use, I'm just going to start with this one on this. This time it has just close this first so that we don't have a better later. So I am policy statement on this time. What I want to do is I want to deny all CTP access. So how do I do that with our condition key for that specifically for this so that the school had and at that effect, So we're going to deny all non secure transport. That's what this means on actions is going to be for all SP bucket objects. So I'm just going to put the star here. So this is one of those places were having and start privileges in your record policy is acceptable because we had denying the privileges there. So resources is going to be for my bucket air and itself. So let me be careful here because my auto complete is within the brackets. It's not going to work. So just going to say bucket there and here on B will carefully closing my bucket air followed by my slash star. So what? This means that it takes a bucket air and followed by the start means any objects under that bucket will be denied access if the metal of access is not hasty DPS so for any principle, once again And here is where the important magic happens Conditions on the conditions were going to have a boolean value under bullion. What? We're going to stay here iss If aws cold and secure transport it's force then deny access. So that's it. Here. I'm going to go ahead and synthesize my stack. So all is good. We should be able to deploy before going head and deploying it. What I want to show is in the s three service We have something called us block public access settings. You can see here I have turned on one of the first to off them on the other tour off What Basically this means is any issues that are popping issues for a particular object will be denied. If you are putting anything in a packet level are cross account level. It is not going to be checked eso because we are trying to create some bucket with the public access. So this is one important sitting on. Likewise, each bucket will also have in public access, allow or deny on if you see here when I'm creating the pocket I'm not creating any public access Dely. So if you're going to try this demo, just be mindful of these two factors So let me go ahead and deploy the stack now So we got our stack completed. Let us go toe our court formation service on the letters Just take it out. We have a stack is complete Onda we had three baguettes earlier. Let me just so let me a reef fresh this green. So we have our new bucket here So you can see here There's a public access mentioned because we have added and public access privileges on it should highlight here or so. So if I go to my permissions on goto packet policy, we should have to policies here. So you can see here for all principles we have. Get object for start artist email on then. We also have a deny for his https Hess TTP request. So I know that I have no objection. So what I'm going to do is I'm going toe upload couple of objects. So in this suppositories, there is a boot subscript and under that, I have created an index dot html on installed chastity. Peter bases. That is what I'm going to upload right now. Yeah, like what? Off them open on. I'm not ending any privileges or anything. I'm just going to upload them. So they're applauded here on. I'm just going to take that you are off this one. First on, I'm going to go to my private bro self on. What it here. So this is the familiar you're that we used earlier for taking our web servers. And you can see here my web server or that static pages working on you can see here that is in a secure symbol that means that decide to secure with https transport. So if I just copy this, you're looking and put it into the process you consider said history D B s that. So if I go ahead and remove this s and then try to access the space, I was most probably get the page cannot be despite her access tonight because you can see here. So the reason for that is we have created and secure transport ical toe force on it is why it is rejecting the traffic on If I just go ahead and perfect it with safety. T P s on the foot double coolers. We should be able to access the bridge. Likewise, this is a hasty A modified so that if we were able to access it If I go back here, I also created on other fine, which is not s edge. So I'm just going to copy this urine on, then put in here. I should get access denied better. That is how you create I am resource policies in this case as three pocket policy. If you have any trouble, go ahead and put them in the Q and a section. I will look into it or the community will look into it that help you with that. Thanks for watching. Happy learning 30. Create RDS Database: Hello, folks. Welcome back to another episode on Siri K. This time we're going to talk about creating ideas, instances for our database behind our applications. When you're talking about ideas, you can use them for Oracle databases or my sequel or post race or Maria TB, or any of the flavors that you like in the Microsoft stable on. In this case, in this demo, we're going to see how to create on my sequel database for our application. So the architects of that we're going to build is going to look something like this we're going to have on back in as a my sequel database on the front and side. We will have you. Is he doing senses running inside an auto scaling group, which is front ended by an application with PAL itself. So we will long into one of those easy to instance, and try to see if we can connect to a database losing the delegates host name and the usual alien password that has been generated on for the password. We're going to use the AWS secrets on that secret is going to be automatically generated for us and put it to the secrets manager which can be used with other applications. Also. So this is architectural. Let us go ahead on to see how we can builders indoor CTK stack. Since we're going to build and treated architecture that is going to be a BBC toe host all the infrastructure. So we're going to build on BBC Stack here on that, maybe see is going to provide on multi SCB P C with 67 It's that it's a public on the private and then isolated submits in the private ones were going toe brunch an obligation stack which is going to provide us application load balancer, the auto Scaling group, the launch configurations and also there easy to instances that is going to run beside inside them on If you see here we are importing the VPC that has been created here on likewise, when you're talking about the database stack, we are importing the BBC on also the security groups from the application servers that are going to talkto ahead at this instance. So this is the BBC sec. Nothing fancy here. We have seen it plenty of times, So this is the entire court that we're going to use for launching the BBC. So I'm just asked me. I've seen it many times. I'm going to leave it as it is. There's no going to be any updates there on likewise in the application stack. Also, we're just going to use the Amazon line except for are easy to instances operating system and then we're going to use. And, uh, it will be for obligation load balancer for our French ending application. Onda. We also are exposing our order scaling group so that we can pick up the security group later for our database. So finally, since we're going toe build the RDS database, I have added the ideas package construct into a recover Mintz. Why? Let us go ahead and install the RDS package. Know that we have installed our ideas. Dependence packets it is. Go ahead and start building our earliest stack. We don't need these fines anymore because we have taken the inputs and have passed on to them. You can see here I have been about the basic concept of the class and I also imported the BBC and Auto Scaling Group. If you're wondering, just going to show it again under the app dot file. You can see here that is, that it ever stack on. I'm importing the VPC, which is coming from Michael et a repeat c Stackley PC on then from the application stack, I am importing the Application Security Group. Also, that is auto scaling group doctor Connection. Start security groups that were imported close to you. Let us see how to use them. So the first step is believed in my ideas. Instance on if you also notice that I have imported the ideas instance. Also the easy to the peasy tools for picking up the sub nets and a few other instance classes also. So let us start by building or about database. So I'm going to call this asked constant db on the under this we will have a non artist concept on. We have something called us and database instance. Let me just type it out So you get all the attributes so we're scope it once again to self on then. But then self, we will create our ideas. Instance I d onda. We start building or master part user name. Now this is going to be the user name that is going to be used for my database. In this case, I'm just going to cause this as mystique. Mustard on. You can have whatever name you want, but make sure just a conforming to tow the database engine that you're using on. I'm not going to provide any password on when I don't provide anything. What is going to happen is City gets going to automatically create a secret on past that secret for our database on. We can see the value in our secrets manager later. What's the status tip like before going and they're operating the devastation. Let us create a name for our database. And since this is a constant baby, I'm going to call this as a constant DP it's of on. Then let us talk about the engine on for engine. This is going to be ideas. Dart database. Instance. Engine on. This is an in home values of and I dough dot You get all the flavors off the depositions that is supported on. We're going to use the mice equal one. Next is the VPC. So we have our important BBC just defined that there in port number on. I'm going to run it in the default port that is 3306 If you want to go ahead and trying it in a different port, that is also flying on. But this is going to be demo. So I'm just going to use the t 4 30 kicks off. Remember, if our storage for my database on whether it is want to be muddy, easy or not on once again, as this is going to be demo, I'm going to say false. And if you just change the value true, then you'll have to databases conflict for you on multiple over the British on configuration. So whether you know what I want a cloudwatch long exports. What this going to do? This it is going toe alot me toe Send some logging information whether it is audit long enter longer general slow Katie, log on. All the information can be passed on to cloudwatch on. We can make some mattresses out off that. So I'm just going to say Heather also I like on that is something called us a general logging whether it's who's lying and who's failing, belong and all this kind of information on then finalise local Very so now we're done with the what kind of information you want. Toe monitor. Then what type of instance of a though it is going to Bt to Micro instance, or Devi Micro instance of what is the type of instance, so that separates class on here is whether easy to construct importers coming into picture instance class or instance. Type. If I remember correctly. Andi off. And here we have to bring in the instance class you have eagle on. We want a Bastable one so that if that is an additional demand for databases, we can meet it on. The type is going to be. Our size is going to be my girl so you can go ahead and use any of the values that is shooting to your requirements. On what, is it going to be removed? Policy Again? I'm going to remove Allah. I'm going to ask a syndicated Remove it whenever the stock it's deleted. But if you don't want your neighbors to be deleted, just go ahead and make sure you tighten retain. And in this case, I'm going to just I destroyed because I don't want you said I was after This demo is completed on delusion for It's another way of protecting your data bases dilation policy. This is a boolean value on I'm going to say Do not protect my database from the status, are trying to delete the database itself or somebody's again deleted. Then they need to change this flag and then noted a developed village on what happens to the automated backups. So I'm going to say daily to my automated backups. Also again, that is a bullion value on how long do you want to retain your backups on? In this case, I'm just going to say, I want to retain my backup. So for seven days, so that's it. We're done with the most off our database complications here. I'm just going to synthesize are stacked to see. Everything is good so far for everything isn't to say so so far. We should be able to get our database instance so before there is one more step, that is alarming our application servers to connect to our database instance at the thought of scaling group. So if your room where we have imported our auto scaling group here, let me just for this one. So the auto scaling group so that might be more than one artist security groups in, say, the auto scaling security groups. So we're going to do afford up. This is a typical bite on foreign loop. So for security Group in Auto Scaling Group, what we're going to do is we're going to add them into the database security group database . Your connections dot allow default. We have something called As a low default poured from SG on. We're going to add a description also to say that this is going toe hello easy to SG access Door, I guess. My sequel instance. So that's it. Once again, I'm going to synthesize Short Stack to make sure that we have type did everything correctly . And if this is done, I'm going to go ahead and initiate that deploy. And since my database stack is dependent on my up stack and after a separate on my BBC stack, I'm just going toe, say, deploying my DB stack and it is going to automatically deploy my APP seller as well as the BBC's tackle so you can see here automatically to speaking of the dependencies and listing it and starts going to deploy when this is going to deploy this and because I just usually takes about 5 to 10 minutes to get completely deployed. What I'm going to do is I'm just going toe all put the value off my database instance so that we can go ahead and connect it. But one more thing that I want to go inform us some off. The concept that we're using can be experimental in nature. So what I mean by that is if I take you to the database, instance acidic a documentation page. This is the value that we're tryingto open in our court formation stack that this DB instance in point at risk I even see here under the stability is experimental. That is today when I'm recording it on things that improving constantly. So by the time you see it are start practicing it by the experimental might be stable on this value might change into something girls. But this is how you need to go hair adapt to the changes on see what improvisations you need to make or what changes you need to make a record, but constantly different to the documentation off. Something is breaking coming back. Checking the documentation itself. So this is what we're going to try and exports so that we can easily connect to our database. Now we have wiped out the awkward command. So once this deployment is completed, our district another deployment. What that will do is just add the cell could value into the cloud formations tackle puts. So once that is done, we can just go ahead and check out the database itself on the Secrets Manager password, and then we'll pick it up on Goto are easy to instance, and try to log in to lazy to incense and connect or database. So let's wait for a stack to get deployed as off. No, you can see here when the absolutes getting to part, it is going to take a few minutes for our absolute and then they have is to come online. No, I was Tank has got deployed. I'm just going to go ahead and deployed against so that our good fortune it also beat. And so, meanwhile, when this is getting to play, let us court over concern and check what has happened there. So this is our formation here. Let's go to our stack section on. We should be able to feed three stacks here. When is the BBC and abstract on the database stack? If I go to my databases on the resources, I should be finding the ideas instance. Let me just go ahead on and refresh my page here on the databases. I should be having one database there. Onda here is our artist instance and all the confirmations that were provided here should be here. So that is a Tito db 32 micro instance and then the constant TV as a database name on for a master user name we gave us