Learn AWS Infrastructure for Production & Intro to Terraform | Hashtag Learning | Skillshare

Learn AWS Infrastructure for Production & Intro to Terraform

Hashtag Learning

Learn AWS Infrastructure for Production & Intro to Terraform

Hashtag Learning

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
43 Lessons (4h 45m)
    • 1. Introduction

      5:19
    • 2. Architechture overview

      5:58
    • 3. Create and Setup VPC

      9:33
    • 4. Subnets, RouteTables, IGW, NATGateway (Edit: use NGW on private route table)

      12:59
    • 5. Enable AutoAssign Public IP on Subnets (Edit: Removed on private subnets)

      1:47
    • 6. First EC2 Instance Part 1

      8:28
    • 7. First EC2 Instance Part 2

      3:40
    • 8. Network Setup Recap

      1:28
    • 9. Create IAM Role for EC2 Instance

      3:43
    • 10. Application Server Part 1 - Instance Launch

      8:45
    • 11. Application Server Part 2 - Configure HTTPD

      7:11
    • 12. Application Server Part 3 - Configure Build (S3)

      15:06
    • 13. Automate Setup using EC2 User Data

      4:02
    • 14. Application Server Setup Recap

      1:34
    • 15. Setup Second Application Server

      5:29
    • 16. Load Balancer Setup Part 1

      9:08
    • 17. Load Balancer Setup Part 2

      7:51
    • 18. Security Group Cleanup - Phase 1

      5:45
    • 19. ALB Setup Recap

      1:40
    • 20. Auto Scaling Groups Introduction

      4:11
    • 21. Setup Auto Scaling Group Part 1 - Launch Configurations

      3:09
    • 22. Setup Auto Scaling Group Part 2 - ASG Basic Setup

      8:04
    • 23. Setup Auto Scaling Group Part 3 - Scaling Policies

      9:50
    • 24. Setup SNS Topics, Cloudwatch Alarms etc

      10:03
    • 25. ASG Setup Recap

      1:25
    • 26. Create and Configure Security Group for DB Servers

      4:14
    • 27. Create MySQL DB in RDS and place it in Private Subnets

      4:09
    • 28. Configure ACM Cert to enable HTTPS on Target Group

      5:23
    • 29. Route53 - Create Subdomain which points to ALB

      4:30
    • 30. Terraform Introduction

      5:51
    • 31. Terraform Installation

      2:46
    • 32. AWS CLI, IAM User & Credentials in Profile Setup

      4:31
    • 33. Terraform Init

      5:11
    • 34. Create & Configure ALB Using Terraform Part 1

      10:47
    • 35. Create & Configure ALB Using Terraform Part 2

      16:27
    • 36. Create & Configure Launch Configuration Using Terraform

      9:25
    • 37. Create & Configure ASG Using Terraform Part 1

      10:06
    • 38. Create & Configure ASG Using Terraform Part 2

      4:23
    • 39. Create & Configure Scaling Policies & CloudWatch Alarms Using Terraform

      17:49
    • 40. Terraform Recap

      1:45
    • 41. Slack Introduction & Account Creation

      7:45
    • 42. Configure Slack Integration with AWS

      12:54
    • 43. Conclusion

      1:06
  • --
  • Beginner level
  • Intermediate level
  • Advanced level
  • All levels
  • Beg/Int level
  • Int/Adv level

Community Generated

The level is determined by a majority opinion of students who have reviewed this class. The teacher's recommendation is shown until at least 5 student responses are collected.

259

Students

--

Projects

About This Class

A complete hands on course to setup 3Tier Infrastructure in AWS console, Manage AWS using Terraform & Devops using Slack

If you are looking to boost your career in the field of AWS then you are in the right spot, In this course you will learn how to apply the AWS Concepts to build your Infrastructure from scratch which can handle any production workload and can scale to any number of customers.

I have created this course to help students who are new to AWS understand how the AWS Services work together to host a web application using best practices and a secure 3 tier architecture. 

You will learn the most trending and high in demand skill of managing "Infrastructure as Code" using Terraform from basics and I will show you step by step process of how to write your infrastructure as code by creating all the components in our infrastructure using Terraform.

At the end of the course I have also included "Devops using Slack" section which gives you an idea of how you can get visibility in you cloud by using Cloudwatch Alarms, Scaling Policies and SNS topics posting messages to slack.

This course is a complete hands on and I have attached the required resources at the respective sections.  

Meet Your Teacher


 My name is Sai Kiran Rathan and I am currently working   as  an AWS System Administrator and Solutions Architect   for a software company in New Jersey. 

I hold AWS Certified Solutions Architect Associate & Professional,  AWS Certified Developer Associate, AWS Certified Sysops Administrator Certifications.
I am a huge cloud fan and i love to share everything i know about cloud.
My courses not only teach you about all the services that are offered in the cloud but also teach you how it is implemented in the real world scenarios.

See full profile

Class Ratings

Expectations Met?
  • Exceeded!
    0%
  • Yes
    0%
  • Somewhat
    0%
  • Not really
    0%
Reviews Archive

In October 2018, we updated our review system to improve the way we collect feedback. Below are the reviews written before that update.

Your creative journey starts here.

  • Unlimited access to every class
  • Supportive online creative community
  • Learn offline with Skillshare’s app

Why Join Skillshare?

Take award-winning Skillshare Original Classes

Each class has short lessons, hands-on projects

Your membership supports Skillshare teachers

Learn From Anywhere

Take classes on the go with the Skillshare app. Stream or download to watch on the plane, the subway, or wherever you learn best.

phone

Transcripts

1. Introduction: hello and welcome to my course, setting up AWS infrastructure for production and learning terra form. My name is Sai, and I'll be the instructor for this course. Over the next few minutes, I'm going to talk about one discourse offers and how it will help you to get a boost in your career. As you all know, AWS is one off the top being job roles in the currents off there in the street, and you are going to find many AWS courses on your enemy that will teach you different parts off AWS and different services. But none off them actually teach you how it is implemented in a real world scenario and how production workloads are deployed. So I have created this course to help you all learn how to create infrastructure that can deploy production workloads, that skill. So let's see what we're going to learn in this course. So here are some off the goals that you're going to achieve by the end off this course. First, you'll create the infrastructure from scratch to a finished product which will accommodate any production workload, and it can scale toe handle any number off customers. Here's the architecture er, and you're going to create all the components that are there in this architecture diagram, and the second thing that you're going to do its you'll understand the concept off. Three tier architecture the host of Of Application securely in a public cloud next year learned the concept off infrastructure as court using terra form. And this is one of the trending topics in the industry, and this skill will definitely give you edge in your resume. And last but not the least you are going to learn how to do develops using slack. As you all know, Slack is one off the commonly used messaging platform in the current industry. Now let's talk about the course curriculum and all the different sections that are that we're going to cover in this course. The first we'll start off by talking about architecture in the introduction section and in the network set up. We're going to create our VPC sub net and all the building blocks that are required for a production infrastructure. Next will create the application servers, and in the section you will see how application servers are configured. How to automate your application servers, how toe manage your builds in history and how you can copy them on the fly to a to a easy to instance and stuff like that. Then we're going to configure our application load balancer, and, uh, you're going to see how you can serve the application with multiple instances in place and how you can draw out your application to different target groups and stuff like that next to you're going to create the order scaling groups. In the section you will learn how toe dynamically scale your applications based on different parameters like incoming traffic, the CPU usage or laden sea and stuff like that. And we're going to create different alarms and different scaling policies that will allow your application to scale dynamically. And the next section that we're going to do is the DB instances where and you're going to set up your security groups toe configure your DBC servers and you're going to create a RDS instance and in the next section, with just the manage and configure Dennis here you will set up your Amazon certain if certificate manager and you're going to issue a SSL certificate that you're going toe assigned to your Lord balancer, which will enable you to serve your application via https. And also in this lesson, you're going toe. How create a sub domain in which prove it? You can point your application using a DNS and in the terra form an infrastructure escort section, you will learn how worthless terra form you learn to set up the AWS. Eli, you you'll learn the process off how toe right your infrastructure escort from scratch to the end result. And last but not the least, you will see how you can use slack to perform your develops. That is how you can get the visibility off your production infrastructure. Um, just by using slack that it's like you can you can see your scaling activity. You can see your alarms coming in to the slack, and you could basically expand that idea in tow anything that you want to get visibility from your public club. So I'm really excited to begin this course, and I can assure you that by the end off this course you will go from AWS beginner toe AWS intermediate user. So let's get started 2. Architechture overview: hello and welcome back. So in this lesson, we're going to talk about the architecture for the production infrastructure that we're going to build by the end off this course. So basically here we're going to take a three tier approach to host our Web application inside our infrastructure. So So I'm going to walk you through all the different confidence in this diagram, and we're going to create each and every component in the coming lessons. So let's get started. So basically, in the outermost layer, we have our AWS region. So basically what this tells is in what region are infrastructure is getting hosted as AWS offers, or several different geographical locations like us East one US West one, which is not words in Oregon or you West one, which is Ireland. So basically here we're going to choose Ireland as our region. So inside this Ireland AWS region, we're going to create a VPC. Now, a VPC is a virtual private cloud, which is your own private cloud within the public cloud. Basically, what this does is it creates your own private space inside the public cloud and you'll get to create your own resources, which are not visible to other customers off AWS itself. So basically, were the requirement for this three PCs that you're going toe give it a private I P space, which is a i B before cider block. And what it does is every resource is that it's created within this week, PC gets that gets a private I p from that I p space that you have assigned to it. So inside this VPC we're going toe create our three tiers which is your private sub manage public submit and GMC separate. So basically what we're doing is we're splitting this VPC into six different submit and I'm going to tell you in a minute why we have six entered off three in the three tier architecture. So basically, how we're going to split the CPC into six different submits and the reason why we have six submits is that we want each type off sub net Toby available in two different availability sorts. So basically what AWS does it does is it offers us two different multiple zones within a region where in the zones are also physically separate locations. On the reason why we want in two different subject to different available dissenters. Even if one availability zone has a issues are, it goes down. We have our application up and running in the second availability zone. So this is just to make sure that you have your you have high availability to your application and your application is running all the time. So that's the reason we need six different submits and off three different types, and we're going to place it in one off the availability zones. So basically, once we create all our sub minutes, then we're going to go and create our application servers. And what this application server does is it hosts our Web application, and that's going to go into the public summit. And it has its own security groups, and what the security groups does is basically it controls the access between different sub net and different applications. So said security groups get assigned toe the server that you're launching, and it has a different set of rules saying which port is allowed for which traffic to come in and which traffic to go out and so on and so forth. So oh, we put our application servers inside the public. Some night, and then we create the database servers and database servers going to private Cabinet. And we have our elastic load balancers, which is where declined would access the application from, and these go and sit in the DMC. So basically, the idea off the street year architecture is to make sure that your client can only access the DMG submit, which is theologically load balancer. And from there the communication is only between the elastic lord bands, that application server and every server's. Even the database servers are not reachable by the elastic load balancers, so the only persons who can reach the elastic the database servers are your application servers, and the application servers are only reachable through the elastic load balancers, and your clients can directly access the elastic load balancers. So this way of what you're doing is like you are your cutting off the direct connection between you, your application and your client, and you were having a load balancer toe balance, your lord so that you can have multiple instances running behind the load balancers, and you can scale up or down in the instances and you can facilitate your deployments easily and you have a better secure network. And the reason why you have your database servers in the private submit is that you want. You don't want anyone from outside your network to access the date of the service because it is very critical for any Web application out there as it is the heart off the any application. So that's why we want to protect our data. Every servers within the private submit and the security groups within these sub net acts as a firewall, which controls taxes off. Who gets to talkto this specific servers? So that's it about this architecture. And in the next, lessons were going toe deep. Dive into each off this confidence, and I'm going to show you step by step, process on how to create and what are the settings are we have to apply in order to make sure that we stick to this particular architecture. So that's it for this lesson and thank you so much. And I hope you enjoy the rest off the course. Thanks. Bye bye 3. Create and Setup VPC: hello and welcome back. So in this section we are going to configure our network for the production infrastructure . So ah, what were you going to do is we're going to start off by creating a VPC and we will create different sub nets, Internet gateways and, um so on and so forth. So let's get started. So to create a VPC, we will need a i p v four side of block which is basically a range off I p before addresses . And, uh, why we need this is basically whenever a new resource is created within this vpc aws word, big ai be before address from this side of block and a science, it toe the ah resource that is getting created. So for this infrastructure, we're going to choose 1 92.1 68 or 0.0 slash 19 which is a very big guy PV for ah, space. And what we're going to do is we're going toe divide this I p v for cider into six different side of blocks, and we're going to assign it to six different submits that we're going to create. So the way how I'm going to this The the wide this specific cider block is that I'm going to create a use a calculator for this, and I'm going to key in the i p before cider that I'm going to use here. So I'm saying basically here is that I am going to use 1 $92.1 68 0.0 dot ceo slash 19. And what I'm saying is I need six different subjects, which is a BCG off here. And I'm going to say I'm I need to 56 i p addresses in a specific sub net. It was going toe copy. Paste it everywhere, and I'm going to submit here. So basically what this did, IHS was it it couldn't exactly divided into 2 56 i p addresses. So it allocated 5 10 i p addresses, and it has given him a mask off slash 20. So I've copied that. Information from this table toe are slight here. So we have ah, six different subjects with slash 23 which is lord zero not zero slash 23 dot to 23.0.20 slash 23 etcetera. And we're going to use this to create our submit so Let's get started toe log into your AWS console and if you are in the console, you can just type three PC and then go to that part. And in this NPC part, if this is the first time that you were visiting this page, you could see that there's already one default PPC created for us by the AWS. So this can be directly used and we could still see a go go ahead toe easy to and spin up our resources. But we're not going to use this because we want to set it up from scratch so that we have Marty Easy. Ah fei lower I mean highly reliable production network and we want we want to choose like how much I p space, How many i p ever since that are that are allocated for a specific sub netted right. So let's get started. So hit create vpc and it would ask you for the name I would generally use part vpc and I'm like Keane the baby four sided. It's just 1 92.1 16.0 dot gov slash 19. So this is no, we don't need a IBV force. We've six cider block if you need it, you could just click this and then gave a I P V 60 Amazon or data could give you a previous excited block fire for this lesson. We're not going to choose this and we're going to choose a default and anti because we don't want to dedicate the network dedicated host mission to host our network. So we're going to hit, create, and then this is going to take a few seconds. Once it is ready, you have, you're probably BC Now it's the time to create your submit. So go here, click on the submit, and then you can see all these other three deformed or something start notably assess kid and for us. But we're not going to use this. So hit, create, submit and let me pull up that page where, in a way, we have thes six subjects are we're going to create in, which is DMG. Let's start with the TMZ so d m z make this full screen the M c sub That one was just going to be a part of NBC. And so we're going to choose, um one A and one B for the M C and one a one B for private in public. So this is to just to make sure that you, your your subjects, are spread across different availability zones so that even one of liberty's own goes down . You have your system up and running in the other availability zone. This is to make sure that your system, your prod network, is highly trailer reliable. So we're going to choose one a here, and we're going to key in the oh, baby, six, maybe before side of block. Well, one entered to 1 68 0.0 slash 20 it Yes, create. And then that's quickly create the TMZ something that, too. And you're going to Ah, tool dart ito slash on. Once this is done, we're going to create, uh, public sub one. Funny to tear duct. Uh, we're done with two four. Didn't I chose on me 1 $92.68 not $6 0 slash. Also make sure that you decide your sub net range before hand because you can you cannot. You cannot extend Expand these. Once it is created, you would need toe destroyed, submit and then recreate. And this would this would I mean, that you would have to terminate all the resources that were in that sub Mitzel Just a heads up. Please think about how many How many i p addresses that you need in a specific submit before you create. We need now private submit one. And we needed 2168.80 slash 20 10 but zito slash 20. All right, so now you have your public, your product, BBC, and you're six sub nets. Pretty. So make sure that you fall along with this tutorial. So that so that you don't miss any part because this is the fundamentals. And this is a foundation off your network, and you would be using the sub net and vpc in all the next lessons. So make sure you you practice it along with along with me. So that's it for this lesson. In the next lecture, we're goingto confident there are tables and configure the route between our submit. Uh, thanks 4. Subnets, RouteTables, IGW, NATGateway (Edit: use NGW on private route table): hello and welcome back. So in the previous lesson, we have created the VPC and the submit in this lesson, we're going toe create the route tables and the Internet Gateway which will complete our VPC set up. So before we create, there are people and indirect country. Let's just talk about the roundtable round table is basically sent off rules that were defined, which eyepiece can communicate the witch sub nets and how the routes are propagated between the submit and Internet Gateway is basically allows, um allows the resource is to be able to access to Internet Eso way would first create Internet gateway and assign it to round table so that the resources that were created in A in that vpc can have a outbound route toe the internment. So let's get started. So first far, log into the AWS console and once you're here, you could go to the PPC section. So here you have already created you're probably PC and you have your submits ready. So when you clear your BBC, there's Hey default drought people that's being created for you with this probably proceed out table here. So this is our main route. People So this is like the main around people which tells us which defines which which eyepiece can communicate between sub net and what routes can flow. So by the Ford, you just have that the all these all the instances that are created within this VPC which is our something strange. I mean, the eyepiece space range 1 90 to 1 68 0.0 slash 90. Uh, all the all of them can communicate between each other. So this is fine, but we don't have an Internet gateway connected here so that we can talk to the intimate so before, So for dark, we need to create the Internet gateway. So far they are. You need to go to Internet gateways and create an Internet gateway. So we're going to say prod Hi GW with this Internet gateway. This click? Yes. Now you have an Internet gateway, but it is currently not attached to anything. So for this to work, you need to attach it to the embassy. So we're going to attach it to our proud MEPC so you can select from this and then you can hit attach Now you're in mid gateways, attach to the VPC. Let's go back to the route tables and here in probably PC. You see that there is no it can't get reattached. So what we're going to do it's like go to the route section and hit edit, and then you can add another rule. You're going to say we want to allow this from everywhere, so you're going to do 0.0 dot zero down, you know, slash zero, which is basically everything in the Internet. And then you're going to select the Internet gateway that you just cleared it. So let's open this and then you have and check what is the I P idea off the Internet? Get for that, Just see you and you can see c e c a year and you're going toe. It's safe. So once you hit save, this is going to turn to active. That means that now all the resources within this BBC will be able to access Internet because it has a route outbound to Internet. So the next thing that we're going to do, it's like we're going toe. Create three more roundtables, one for each of the submit, just like bear off the subjects like TMZ one for the M C. One for public and one for private. So this is going to be our main roundtable. What we want to create three sub round table so that we can further have route configured specifically for First Pacific Summit. For this lessons for purpose, we're not going to complicate stuff there that's going to create three now three new round people's. So we're going to call it the emcee Cloud people, and we're going to create it inside the party. And once there our table is created, you're going to edit this out table and you're going toe ad first, the Internet gateway to this table. This is because you have Internet route assigned toe the main route table, but, uh, this will not. This does not mean that every summer out table start this week. PC has also has that access to Internet gateway, so we'll have to explicitly assign the Internet gateway to the individual round table. Talks were created for the summit, so once you could save this, then you'll see that the state of faster interactive Now you're going to go to submit associations here and then you're going to add the B m zis of nets toe the start table. So all that out so this to sub nets would be propagated through this round table. So now you're going to say that the empty one and to be empty, too. And it's safe. So now, now you're the emptied out table that's ready Now what you're going to do. It's like being on a little table for the public throat. They just probably BC tree it in the same thing. First thing you're gonna do, it's like Go to the out section and I cloud your gateway And then it's safe for the summit associations. And you can see here that you're DMC is already assigned to these roundtables. Now you're going to choose the public submit and hit save. Okay, so the last thing that it's left now is to create the private route tables and for the private route tables will not be using the Internet gateway. Instead, we'll use them had gateways. Basically not gateways are replacement to the Nat instances and ah, they are used in private submit because ah, that way Ah, the private sub net instances cannot be accessed from the intimate but the private instances can access the Internet without the public i p address being assigned. So in order to do that first we need to go to the next get race and create a napkin. And also the night gateways are deployed individually in each of the liberty zone. So in our case, we have two privates of net in two different availability zones. So we need to create two different night gateways. So first thing I'm going to choose is basically you need to deploy your not get way in a public availability zone because in a proper public someone because the not get release a route outside the around outside to the Internet. But the her private sub net used this not gateway as a route to go out to the Internet. So we're going to choose a public submit here. Uh, let's use the public, submit one and we need to create an elastic I p you can hit, create, and it has a located and elastic AP here. So now we can create the Nat Katri, and then we can close this and let's create another not get way and choose the public's of net to and let's create another elastic I p. And then we're going to create in that Get three. Okay, so now we have to not get race here. Now they're still getting created, and once they're ready, they'll be, ah, in the active state. So the next thing that we have to do is go back to the road peoples and we need to create to rock tables now, because we the reason we're doing ah to lock tables here is basically ah, you're not get rates are deployed in each of Liberty Zone. And if that particular zone we're in that get rays deployed, goes down, then your entire service goes down because they can't be ableto access the internet. If the if your applications are dependent on Internet, then those obligations were fake. So in order to ah have a highly reliable infrastructure, we need toe have two different now tables pointing to different available designs. So now let's create the private. Are people here? Private cloud people One, this is going to probably PC and inside this we're going to add a route to our Internet there. This and we're going to choose teen at a tree now We need to be careful off what not get we We choose because we need to choose the appropriate submit here. So let's go back to our Nat Gateways here and let's see. So basically So this is our public submit here, and oh, let's go back to this guy. The net get very justice. Public sub meant search for this guy. So this is public submit one. So let's go back here and name this ass Met Gateway one. And this is not get away to so basically what this means is ah, this is public. Submit one. So we're going to choose this. Ah, not get 3660 Wait here inside the private world table 6608 and of will save here and then we'll go to the sub net association and we need to assign the private submit one here because we're choosing the public. Submit one for the not get re. That way, everything stays in the same zone. Okay, so now this is done of. We need to create other road table, which is our 58 about table two and this is going to be in the prod. Vpc it yes, create. And then we need to go to the route that it Adam and the route and then choose the other net instance, which is eight for four and hit safe. And in the sub net associations were going to give it the ah, basically, we have to Tuesday private submit to and hit save. Okay, so now we're pretty much done here in the three p c section. Ah, if in case we need toe do more modifications to our network infrastructure than well, we're going to come back to this section and that's it for this lesson. Now. Thank you so much. Let's see in the next one. 5. Enable AutoAssign Public IP on Subnets (Edit: Removed on private subnets): hello and welcome back. So in the previous lesson, we have completed most off the network set up. But there is one last thing that I want to change, which is auto enable public i p assigning. So basically, for your application servers to be accessible via the Internet, they need to have a public i p address. Although you could assign public i p address when you're launching the instance, Um, there is also an option that you can assign to a submit saying that all the resources, um, have a public i p address by default unless and until specified, not toe. So are to change that setting all we got to do it's like go to the VPC section and go to our submits part. So I'm going back to my submit here, and here are what we're going to do is basically ah select our ah public separate, which is public summit one here, go to submit actions and select modify or to us and I pee before. So basically you can select this guy and then hit Save. We're going to do the same thing, toe our public separate too, and it enable Okay, so Now that we have these settings and ableto the next time when we launch our easy to instance, you don't need to specify that we need to assign a public. I'd be honored by default. The public i p assigning is enabled. So that's it for this lesson and I'll see in the next one Thanks. 6. First EC2 Instance Part 1: now. Well, we're going to go to the easy part by getting easy to hear. And if this is the first time you are visiting this page, then to the left you can see that this instances pain where you're going toe create the instance Here, just click on instance. Don't worry about if you don't know all the options here, we're going to discuss it in the next coming lessons. So once you go to the instant step, you have an option. When when their incentives created, you would see those instances appear in this part. Right now, we don't have any instances in this section, so we're going to create one so hit launch instance and basically you need to choose. And am I Am I nothing but a base operating system that you wonder basic major threat and it can be a next operating system or a new operating system or any off the customer makes like your letter to the in my Amazon. Hey, mice. So here we're going to use the Amazons. The next space am I which is right here. And you consider that and there are a bunch of different options are to choose the instance type. Instant time defines how much CPU is assigned to that instance. How much memories assigned what what is a storage type and what house the natural performance is going to be and all all this battery just decided Which instance type you want for the Destin purpose. We can choose a teacher Door Micro. And also this is free tier eligible as well as this is one of the least cost instance that you can find on AWS so you can choose your special constraints based on your computing needs. But for now, we're going to choose to teach about Micro once you select this hit Mexican figure instance details in this in the section you're going to specify how many instance that you wanted load. We just want one instant and we don't want a spot. Instance, because spot instances expire wants you. Your bidding price changes. Let's talk about that in another lesson here. The network part is important because we don't We don't want this default. We want the probably be see that we have created, so we're going to choose probably BC here, and we're going to choose a public submit because I'm assuming that I'm creating a application server. So I'm gonna hosted in a public segment which is in you Best one even choose any other. Um, I have a little disowned, but I'm gonna go with money. And here, If you see now, you can see that you submit setting with this enabled by default. This is the reason we have configured our submit to auto enable I p public. I'd be assigning eso uh, we see that setting getting assigned here. So let's talk about I am role in another section thesis, A very important part. I want to go deep into how the use roles in our production system. So no, I don't I don't want any. I am wrote, and that's gonna leave it like this. And the shutdown behavior. I want to stop. I don't wonder time in it. Um, no, I don't want the generation production. I don't want details Cloud which monitoring we do get the basic monitoring off. The CPU said it's a what cloudwatch detailed monitoring will give us more details compared to the standard wondering, uh and we're going to use a shared and see I don't want that dedicated instance. So we're gonna just use a shed and way want to keep all the natural conflagration as default and then had storage. So I think for our use case, it gets us more than enough. And I'm gonna choose general processes. You can also just provisioned eye ops if you want, like, dedicated I ops, and you don't want to compromise on the performance off the drive. But for this purpose, we're going to just use the SST general purposes. You can add new volumes if you want, but for this lesson, we're not going to. So let's add some tax tagging is really important because this this helps us in figuring out, um, what type of instance. What is the purpose off this instance? And it is also used in the accounting purposes. To figure out like which product that you're running is to remind the cost off the products that you're running by based on the tax. So let's get so let's just add some tax to this. Let's say this is name off the instance. That's a VPC test instance, and always I go with, like in one bag, just a different ship between what and one. When I'm running, it's gonna say stride, and then I'm gonna Let's go back, okay? And PVs I was here, so I'm gonna configure security. Uh, know that we have created a new BBC. What? We haven't created any security group yet, so I'm just going on. There isn't going to be any security. This is deformed one. But this is Sadie 43 pc security group. But this doesn't applied to this because this is a different embassy. So we're going to create a new BBC news security group in this BBC, and we're going to say this s test me BC on. That's gonna leave Essa such open to the Internet. And this is just for the testing purposes. Do not get me wrong. This is just for the testing. We're never gonna leave as assessed open to the Internet for our production system. So hit review on then you can hit lunch. So many launch. It would ask you to choose a keeper. Weaken, choose an existing keeper. This keeper is like basically a password. It's like a password for your incidents. Are you creating? So if you're going to create a new keeper BPC test keep keep their and I'm gonna download that. I'm gonna dollar died in my documents and inside this to and I'm gonna save it here. So now I'm gonna hit launch instance. This is going to law. Take a few seconds to launch. I'm gonna You can go to the view instances, and you can see that it's going into the pending state on then after some time, it's gonna start and running. I'm gonna pause this video and come back once the district. Okay, so now our instant is ready. It's in the running state. Once you select this, you can see that there's instance i e it's state and it's instant Stipe. And where we're really launch this instant and which might be used to launch this and regard our public, I'd be assigned regard our private, I'd be assigned, and you also get a private Penis. If you want to use this internally, then you can see this is our probably piece intoxicated and these other different settings that we see here So we'll stop this lesson here, and then in the next part, we're going toe connect to the easy to instance, and then see if you are able to connect to the Internet. Don't not, thanks 7. First EC2 Instance Part 2: Hello and welcome back. So now in this lesson, we're going to continue toe create. I mean, connect to our newly created. Easy to instance. To do that, I'm going to assess such using the party software. If you don't have pretty install, you can just goto Google and download such for Donner party. And then you can probably install it real quick and easy. If you want to use any other s that software you can your feet to use. Um, now, to use it with 20 you need to create a dark PPK file out off your dot Pam file Darkman file issue keeping that you downloaded Van, You're creating the instant to create a ppd file. You can download the you can open up the party jen software. And once you have that open, you can hit load. And Lord the doctor, I'm fine. It's not invisible directly here. So, you know, check the all files drop down and then you can Unity said that and it open. So once it's open, you can hit safe private key. Sure you want to save it without the password? Yes. I want to say that without the password and I'm gonna name it. Ah, bpc test. Gaby Dark PPK. So now this is a created Let's see if we have it here. Okay, Now we have the VPC test keeper. People get fun. So now you got you have to open up the party on the body and sorry, Still the but he and you need to keep in the public eye p before so you can hit. You can select it from here, copied on you can taste it here and then you're going to choose such and you're going to go to the ssh part here and then hit, ought and browse People get fired. So this is the pick. If I that we have created, I'm going to select this and hit open. So now you can see that it is asking me to log in. So by the for the Amazon am I has a user created which is easy to dash using once I hit Ender is going to authenticate using my private key that you have created using Patijn and it has logged in to our created easy to instance. So this is our first easy to instance that we have launched here and you can see all our network complication is correctly configured because we're able to connect to it. We the public. So the one thing that we can do, it's like we can we can try toe, um, browse the Internet weaken. See, girl, we'll go to a doctor. Okay, so, yeah, we got some response from google dot com that yes, we directed he directed somewhere. So that means start our internet. It's working. Our BBC configuration is complete, and we have tested it using by creating a new easy to instant. So that's it for this lesson, guys. So in the next lesson, we're going to a deep dive into easy to pardon. Learn in detail off what each and every other option that's available there. See you there. 8. Network Setup Recap: Okay, so now we have completed the network set up section and let's do a recap off what we have done so far. So we started off by creating every PC using insider block for just 1 93.1 68.0 dot zero slash 19. We've then seen how to oh, split this vpc cider block into different submits we've calculated are subject rangers. And then we have created our diem's is our public and private submits. And then we created our Internet gateway and then off configured our route tables by supplying our bond rule. Uh, are born drought toe our Internet gateway Salafi are instances, can talk to the Internet And then we put it up our first D. C. Two instance in this part we have seen how toe connect toe are easy to instance. And what are the different parameters that it takes tow put up a new easy to instance and so on and so forth. And then at the end, we have tested, um, the connectivity off interment by going into the message by doing ssh into the instance and then tryingto visit a website. And then it all worked out. Well, so that's it for this lesson. And you're doing a great job off. I'll see in the next section. Thank you. What? Why? 9. Create IAM Role for EC2 Instance: hello and welcome back. So in this lesson, we're going to create and I am role for our production. Easy. Two instances. I feel there is, like, two reasons why we need to use the I am rolls first thing is that we needed role so that we could assigned permissions to are easy to instance so that the instance can access some off . The resource is within the AWS ecosystem. For instance, if you need, If you're production instance need access to some s three bucket to download some data or some court anything it might be, then you could just give the role some permissions on. And then the two instance would automatically be able to access that specific resort. And the second reason why we would need and I'm role is stock. This would a wide embedding off our security credentials within the instance which is not a good practice. And this and also it may, it is. It is kind of secure as a double years will hand build the permissions of it in behind the scenes. So let's get started. To do that, you need to log into your AWS console and you need to go to the section I am. So go to the I am section and under desk hit rolls here, and then you can start creating it all rolls can be created for different services. What we're talking about the easy to roll, which is you're going to ascended to your instance or you need to select PC to hear so hit select easy to instance. And then if you can see your allows easy to incidents to call it a police services on your behalf. So this is what we want you to do. So it's elect and then hit next. So very far it I don't want to give it any permissions because I want to give it permissions. When a district wide I would always follow the least privileged access mattered wherein you just give the permissions there are required by the instance. So right now, I don't know what permission, so I need to give it. So once we get to that stage where we think that okay, we need something some permission so that we could access it, Then I would give permissions. So for now, I don't choose any policy here just hit next review I'm gonna give it a name. I can call it instance. Underscore role from the score product. This can be anything privately. You need to mention part so that you can distinguish between your mother and where much Here, so you could say allows. Easy to instance to call it for production stances. Just a week clear. Then hit. Create it'll. Okay, so now you're role is created with this instant on the school rolling us were proud. Um, and any time you want to give it some permissions are, um you can just come to this section, and then you can do it just to attach policy. Oh, if resolve indicated if nor then you can go to the policy section and you can create a new policy and give granular axes toe the resource, and then you can just attach that policy to your role, and your easy to instance will pick it up instantly. And then it should be able to access that specific resource. So that's it for this lesson, guys. I'll see you in the next one. Bye bye. 10. Application Server Part 1 - Instance Launch: hello and welcome back. So this will be the part one for configuring our application servers. So let's get started. So first will need to go to the easy to And then the idea here is to like, let's try to set up a ec2 instant and then we'll try to configure our application Ah, within that easy to instance and try to access it using the public i p so that this will ensure if our network set of Eastern right and this will be our first step in configuring our application servers. So let's get started. So once you're into the into the easy to section, you can go to the instances and then you can hit launch instance. And for this purpose in your production instant, This might be a completely different scenario, but usually you could you could choose your own, um, Lennox flavor. Or you could go with the Windows based instance here, um, for this lessons purpose, we're going to choose a Amazon Lennox, am I? And, um, this is basically an idea off, like how an application server should be configured. So, yeah, I'm going to use hey Amazon next. Am I so I'm gonna choose the teacher dot micro again. This, uh, this this is based on your computing meat, so you need to use it wisely. For this, I'm going to choose Tito Micro like to hit configure, And here I'm going to choose the vpc that we have created, which is our proud VPC, And I'm going to put it in our public sub net one. So, like, discussed in the in the architecture and the architecture, um, section where? And we have our application servers hosted in the, um, public 78 So I'm going, I'm going to choose the public's have met while launching that you see two instance. So coming back here on them, I need to probably happy because I need to check if I'm able to access our application. We have this or not. I'm going to choose the instances all that we have created with this instant stroller underscore park. Uh, and then I'm going to choose my shutdown behavior that stopped. That is, when we're not, I shut down, it just stops and it isn't terminated. And I don't need an accidental termination here. This this is this makes sense when you're configuring your database servers are something like that which you don't want to make. Excellent data relate, and I don't want any details. Cloudwatch so I'm not gonna check that. And in some cases, you might need to assign your own, um, private I p address here. If you don't, I need to specify something. Then aws will automatically assign one from the subject I p space. So that's it in this part, I'm goingto go to the story section. I think eight geeks for this application IHS more than enough that I'm going to hit delete on termination. So this is one of the important thing because, like, what happens is if you don't check this box if you stop your instant, then your drive. I mean, like, if you don't terminate your instance, if you don't check this box, then your drive is left behind, which is which I don't want, because you'll be paying for the ah volume separately. And the instance cost is suffering. So make sure that if if you if you don't want your, um, CVS volumes to lie around even after they're terminated, then pleased to check this, and if you need more space you could all be sacked. More space here, So I'm gonna hit next goto at tax. It is always a good practice toe tag your instances because it is easy to find It is sometimes easier when you when you want. Oh ah, it is, um Ah, Build it like your production since a separate being your, um o que instances separately. I mean, it is easy to for you to sort, um, when you have tags around your instances. So I'm going to give it a name for us because I want to check. I want to know what type off what that's ever is doing, and then I will give you give it an environment tag so that I can distinguish between what different environment I want to give it. Like application server one. It can be your any I'm gonna give it a test because I'm gonna test this, and then we're going to reconfigure this in some other man every time we discuss as and when we go into the lesson. So I'm gonna give it a test name and then I'm going to give it in one man fried, and then I'm gonna hit next configure security group. So amazing leaders, um, they will will create a new set of security group here because you want to use this in our upcoming lessons too. So I'm gonna give it, like, public Security Group, and this is applied to all the application source and here by default. Uh, for now, I mean, like to configure our production server. I'm gonna let this s s such open toe, my i p address. So to get that, you could always go toe your power shell power shell, and and they could always do. I can fix it. And you would get in i p address that you're going to key in here so that Okay, so it looks like my PV for year IHS jane 0.0 dot zero dot 104 um, for the east to make this more easy, let's just keep it open toe internet, and we're going to close that down anyways, when we finish up our set up so and one more thing, we need to add a stock. Once we finish our set up one toe, uh, access the application server are on Port 80. So I'm going to leave the TCP port, which is like Http to see people 80 and I'm goingto take the incoming traffic from everywhere. So, uh, this is it that is acquired as of now. So I'm gonna hit on and always give it in me part so that you know that it is a production security do hit review in launch. And and, yes, we have chosen the Lenexa. Am I just an instance? Type teacher. Doc Micro. We have cared a security group, and we have given given it a bunch of fools, which is saying these are incoming rules, by the way. Oh, if you have something open for incoming, then it will automatically have outgoing open for that those but those particular things. And, um and yeah, so we have given it some tax, and we have some storage here. And these are all instance details that once you confirm everything, then it launch. Now, here, we need to select the keeper to launch. Um, in the as in the previous lesson, we have created this of the sea BBC test KP. I'm gonna use the same one and hit launch. So this is going to take Ah a a couple of minutes, so I'll stop the lesson here. And then I will continue back once or instances straight. Thanks 11. Application Server Part 2 - Configure HTTPD: Hello and welcome back. So now that our application server is up and running, let's try to connect it. Ah, via the party or any other SS such that you have. So let me open the party. Okay. Now I have a body open here. I'm gonna need the public. I'd be here, so I'm gonna copy the optic I p. And then I'm gonna pay stick in the B section here. I don't want to choose. Ssh. The next thing that you want to do is like selecting ssh. Here, open it, then you have what section? And then you're going to browse for the ppd file that you've created have shown how to create the people get file in the previous lesson. So I'm gonna just use the same private key because this is the same key that we have chosen when we are launching, being easy to instance. So I'm gonna hit select this and open, and then I'm going to open it. So I should get a screen like this. And then you could just hit. Yes, when you get a pop up, it came into my the other screen. So I just had to click Yes, there. So if you if it appears in your case, you you just need to hit Yes, there. And then you're going to log in as a easy to bash user. This is the before user that's created when you use a Kleenex. Am I so hit? Enter, then you should be able tow enter your system. So the first thing that I'm gonna do it's like, I'm gonna run a yum update, so update. So this will make sure that all the latest patches are everything is at it here. So I'm gonna hit. Yes. So I'm gonna open in order pad and nor don't all the steps that I'm doing so that oh, we can write the script to automate these kind of things. So the first thing that we did is so does young update and hit dash lie because we hit. We did a dash. Why there? Uh, I'm just gonna boss until this update. This finish Oh, it's already done. It's OK. So the next thing that we're gonna do is like, we're gonna install a DPD server, which would, uh, which would which would be before that, enable us to host any PHP or any off those. So let's insult both extra DPD and PHP. So that's going to be so Yem install http D and it also specified BHP here, Um, this is just for demo purpose and the setting up often applications. There were completely defense on scenario two scenario wherein, like your scenario might have a no, dear sir, we're running, or you might have a Windows server hosting I i s I mean, I s there were hosted on the windows Instance. Um, this this section I mean, like, this part are the first in everyone's scenario. I'm just giving you a general idea of how to set up here so that we can below infrastructure on top off it. I'm gonna hit enter here a dash way, and I'm gonna write on the same thing here. I did sotto Yemen install. It's just a BD and p a tree dash. Why? Okay, now our pseudo yum I'm in the treaty PD and pH we are installed. And the next thing that I'm gonna do it's like I'm gonna start the sensitivity service so I can just do sodo service. Mr Pretty start. So once this is done, you're ready be server starts. So I'm gonna know down the same thing here. Service pseudo service, ppd. Start now, one thing that we need to do it's like, check if anything is running on our port 80. So all we gotta do it's, like, copied this public. I p open a new tab based this. Well, so our bay server is installed now and then there is a before landing pages that this Ah, that is created by the dis created when we installed extra TBD in PHP. Here, we can confirm that this is working by going to the directory off CD var. And it's d m l. And before there's nothing here but because we could create something like, uh, in the X page. This is just the text I'm gonna create in back start html here, and, uh Okay, so okay, lets gonna Let's do Let's above all the privileges here. I'm gonna run the same command again the next speech, the index dot html Oops, uh, we just need to do is go in front off it. Okay, so now that we've created this index dot html, it should be by default. Accepted. Let me refresh this year. Okay, cool. So I Lucy an index speech here. So So the So The idea here is that we could we could host our application here, which we could, uh, copy from the S three and then put it here so that whenever we put up a new instance, we run this script and this work, just copy the application from the three and then put it in this place so that our application is ready and confident. So I'm gonna pass this here, and then I'm gonna set up the, uh, in the next lesson, I'm going to show you how we could store our application in the S T bucket and how we would copy that pathetically to the to the instant and configure it. Thanks, boy. 12. Application Server Part 3 - Configure Build (S3): Hello and welcome back. So let's continue from where we left off. So Ah, we we would create a sample application here. It's not a great application where it's just like a small HTML file. In your case, it might be your actual application. So I'm gonna give it a name part, uh, application on here. I'm going to create, uh, some Oh, new files for dark. I'm gonna open up you. Let's talk about it. Oh, remember, Changed index on then? Yeah, I want to change it, and I'm going to open with. Not bad. I'm gonna say on my title of war, you know? Okay, no, I was gonna say the body Say this is our production application, and I'm gonna save it. I'm, uh, hopes go back here and then. No, actually, I would just create a zip file out off the content here. If you're multiple files, you could just create a zip file here. So I'm gonna create a compressed folder on I'm gonna name it. Application was fraud. That's it. Okay, So the the next thing that we want to do, it's like we'll create industry pocket, and then we go, we're going toe put this application on toe the in the in the bucket and then try to download it via the easy to instance. So to do that, let me go back to the AWS console and one open a new tab here. I'm gonna go to the S three bucket, and then the first thing that I'm gonna do it's like, I'm gonna create a bucket. I'm gonna give it a name s three. Uh, let's call it, uh, this is like our big card to come. Funny. I'm just naming, giving, like, giving you the random name. And these are unique. And they should be like they should follow a your old farm work. So we cannot use underscores or any uppercase letters letters. So I'm gonna change it, too. Big product company dash. And, uh, I'm gonna save beards, dash fraud. Okay. And we're going to choose the island because we were We're building on infrastructure and island, so it makes sense to have it in the same region and then hit next. Um, you could always play around with, like, the requirements that you want here. But I'm gonna go with the default settings, and, uh, I'm not giving any permissions here right now, because I wanna handle it for you there. Roll. And then I'm just going to hit she a bucket. So once your bucket is created, you could all the search here. My baby. Uh, what's that? Big product company buckets. Okay, so here, uh, I'm gonna create a folder car on birds, and then I'm gonna save it. And inside this, I'm gonna upload my file, which I'm gonna drag and drop from here. So this is really available. I'm just gonna go with the defaults and upload it here. Okay, so now are application is in the history. The next thing that we're gonna do it's like download this application from the from the easy to instance itself and then try to put it in place so that it aesthetically accessible from the intimate. So to do that, you need to go back to the concert. Okay. Before we do that, we know that we ate. We don't have any permissions assigned to or told. So we're going to go back to our I am section and then add some permission so that are easy to instants. Can access that specific astri. So I'm gonna go here and goto our old section. Ah, you know, I'm gonna go to Yeah, I'm gonna go to the role section, and here I'm going to go to the the role that we have created stance the old part. And inside this, I'm going to attach a policy. For now, I'm goingto sign s the read only access. Um, Okay, you're going to create our own policy so that we gave only granular access. So we're going to go to the policy section here, Will hit, create policy. So weaken actually use thes visual editor, or you could technically go and place the Jason here. So what I'm gonna do, it's like, I'm gonna go to this link here that in it shows how toe specify permissions in a policy. Ah, and I'm gonna copy this section here so I can just copy this Jason here and go to the I'm console council and then paste it here. So I'm just gonna change this ass like this can be any I d could put in anything here in the society section. I'm gonna put in our Hestrie Prague axis policy. Just making that up here on a and in the actions I'm actually going to give s three star, and I'm gonna take this off from this, But here and here, I don't want to give it to all the bucket. Like, if you've seen this document in the upper part, um, you have this section here where you could specify the bucket. So I want to specify the bucket that we have created here, and I'm gonna give permissions to all the folders. I mean, all the objects within that bucket. So I'm gonna copy this heart. Here is a copy. Okay, so I don't copy this part here. I want to taste it. Okay, so now that you have pasted your bucket name here, all you got to do it's like, uh, keen for a slash star. And then I'm gonna copy this part on a basic back again. And so what? This means it's like you have access to this bucket and all the countries within this pocket. Oh, and I'm gonna hit review policy, and then I'm gonna give it a name. So the name that I'm going to give it iss, um policy. Dash is three. Access three spirits access frog on you just say policy use. I could give nations and you can just hit treated policy, nothing that you want to do. It's like search for your policy to created. And you're going to select this here and then you're going toe attach it to the instance rollout you've created Oh, something happened You So I'm going to go toe That's been Didi's hit a patch against select that'll that you've created with just, um, your instance the old fart and then select here and then hit C Now you should be able tow access the your application within the I mean the application zip file from just returned in history from the EEC do instant. Okay, so, no, I'm going to go back to our, um It's a such terminal here. And then I'm going toe execute some. It'll be a cli command to copy. Copy the application from history. So let me try AWS s three Cp help. Let's see what we get back. Okay, so we have the command and then we could use Yeah, we could use something like STD cp this command and then specify the local filing. So we're going to try that on And so I'm back here. We're gonna do as three. Aws is three cp and we're going toe given the bucket name here, which is our this bucket here. Copy this back again and paste it here slash We have bears and slash application underscore fraud and my local file would be medication. Okay, now let's check it here. Now we have our application prod dark zip, and what I'm gonna do it's like unzipped that in this same radically And before that, I want to delete the index dot html that were created before. So I'm gonna index html now that should be gone. And no, I could just do one sip application fraud? No, on. You should get back your in extort html here. No. Now you can get it off your ZIP file from here so we could do on them the cash. Oh, application in front. Here's the file is gone. Now all you off left out with this. The next shortage team with that you have downloaded from the history. Now let's go back to the test page and see here. You should see your this Cecere production application. So now what we have done this like we have put our builds into the s tree and then we have downloaded it, um, via the home. Easy to instance, and we have configure it in the right place, so, like our application server picks it up. So now let's take a note off all these steps that we have done here so that we could automate all this. Um, when we brought up in New Instant. So no, you have this thing installed after that, we want to start the restrictive the service at the end. So before that, what we did Let's go back here. So? So we did. So they did of navigate toe this part, which is Oh, let's take out solo in front off this and put Soto soup. And then here what we're gonna do is like going to navigate to that part CD slash bar check with your okay and this CD slash who are slash. It's damn well Oh, no stupid company here and inside this what we did waas. We did a strict copy here, which is going to be that's what A copy piece that command. It's like this hopes here and paste it here and next thing that we did this unzip ah, application score. The next thing that we did, plus our dash application of school. Okay, so these other steps that we have done toe configure our application server. So how in the next lesson, what we're going to do, It's like put up a new, easy to instance, and we're going to run the script automatically. And once the instant start, you should be automatically able to see our application up and running. So I'll see you there. Thanks. 13. Automate Setup using EC2 User Data: hello and welcome back. So in the previous lesson, we have configured our application server by running a bunch of commands and oh, putting our application onto West three, downloading it via the AWS, Eli on the easy to instance. And then we have configured our application server. So in this lesson, what we're going to do, it's like we're going to do the same thing. But we're going to run this as a script so that we don't have to do anything manually. So when you're instance boots up your instance should be up and ready, and it should be serving your application right away. So these are the steps that you have performed in the previous lesson. So the one thing that it is missing here is the shebang. I'm just gonna add that Oh, been slash bash and I'm gonna hit launch instance. I'm going to select the same he Amazon. Alexa, am I and Teacher Micro should be good enough. And then I'm going to choose a probably BC public sub net one, and then I'm going toe. Yeah, I could just choose enable here I want to choose the role, for instance, role, pride and here in the advanced details. Now we want to run the script so you could just copy paste your script here, and then you get put it here. So no. What? This does this, like, this is going to run, Um, the run, the script as a part off user data, that is, whenever Once the instant starts this script, this run and you should be able tow access your several right away. So I'm gonna hit next, Uh, and then I want to go to here. I'm gonna give it a name tag applications for test two on give one tag, then I'm going to choose a fraction. Here it next. I'm gonna choose the security group that we have created next, and then it launch going to choose the same key pair launch. Okay, so So we have our applications are worth of getting created here. And once this oh goes into the running state, then we should have our application being served. When I hit the public, I pee in the Internet. I'm not a possibility now and will continue once the application servers put it up. Okay, so now our application server is up and running Now, let's see. Let's log into the party session and then check The far code is present in the Oh, Even before doing that, we could just verify it by going to the public I p here and then browsing it here. So how's this? You should be able to see our production complication up and running. So So we have now created configured our application server, and we have automated it that it's like we have Oh, we have it up and running without any human interference. So there is really good. So that's it for this. Listen. And in the next listen Oh, we're going toe. Oh, we're going to see how this is hooked up to the load balancers and stuff like that. Uh, thank you so much. 14. Application Server Setup Recap: So this will be our end off the section for applications over set up. And let's do a quickly cap off what we have done so far in this section. So we started off by creating I am rolls on and we booted up a new application server. Using this I am role. And in that process we have also created a public security group which had rules specifying what in modern connections are allowed and what are born. Connections are allowed and by specifying different ports. And we have ah installed BHP. And that's true TV, sir. We're on the easy to instance. And then we created a sample application, a hello world Web application and then we have stored that application industry. And then we downloaded that application toe the C two instance by installing the AWS Eli and then downloading that build oh, directly onto the server. And then we have automated all the process that we have done manually by supplying the steps in the user data. And, uh, I think we have covered a lot of ground in this section, and you should be proud of yourselves for coming along so far. And, um uh I'll make sure that I keep, although next parts even more interesting. And, um, more information that you can get hard off the next section. Thanks. Bye bye. 15. Setup Second Application Server: hello and welcome back. So in the previous lesson, we have configured our application server by using the user data script. Um, and we have launched that instance in the in the sub net public submit one. And in this lesson, what we're going to do, it's like, create the same server in the public sub net. Do because if you look at our picture here, excuse me. So if you look a look at our our picture here, you're going tohave application server in both the available T zones. I mean, like, for in the previous session, we have created it here and available these on one. And in this lesson, we're going toe the same thing in the availability zone two. And once we have the two applications servers in both the submit, then what we're going to do it's like, clear they create a load balancer, and then we're going toe register these two instances in the load balancer so that whenever we access the load balancers the traffic ease distributed between these two application servers. Okay, so let's get started. So to do this first, you're going to go back to our council. We'll go to the E C two section. Once we are here, let me show you one trick that Rickard use. So we could we could say, Let's say if you want to create the same Ah, sir, where I mean you if you want to create a typical off the server, you could just right click here and you could say launch more like this. So no, we want toe keep am eye the same. We want to keep the instance type the same security groups seem And the one thing that we want to do It's like you want to change where this instant is getting launched. So we'll go to the instance details coordinated instance. Instead of public seven, it won. We're going to choose public subject to, and everything else would be seem here and differentiate it from the previous one. We could just do, uh, here, play Daisy and then say, uh, do yes differentiate between our previous server and the server. Well, we're gonna keep the application name Same because technically it would be it is the same application. So keep it the same there. And then we're going to select the public security group that you've created. And let's double check whether our user data is present here or not. Go to the advance details and our user data is here. And then we'll take the storage. You have think here. And then we would launch this using the same keep it. Okay, so the launching off this server would take a few minutes. I'll be Costis until then. Okay, So, uh, are application service now running? Let's test this. If it is configured correctly by browsing it a public I p in interest. Okay, so this is our, oh, application that you have configured. Okay, so now you might be wondering now that we have to application servers and Howard, I distribute my traffic across thes two servers. Well, to do that, we're going to use the elastic load balancers. So elastic load balancers are a very good way to handle your traffic because you get, um, a lot off details from the load balancers. Such as? Like, Well, how much traffic is coming in? How many number of requests are coming in? What's the average? Wait and see. What is the What is the number off four x six or five xx Anders. That daughter getting written from your servers. Those kind of details. And it also has different cloudwatch monitors that you could configure. And you could tell your auto scaling groups to scale up the servers if there is any, um, a significant amount off, Lord, that that is coming into the into the load balancer. So, uh, and also, you'd get one DNs from that elastic load balancer, which you could configure in the Route 50 t, which we're going to see in the future lessons. But, um, so you'd get one the innocent point. And then once you browse that, DNS, your Lord Baron server decide which one which of the servers to pick based on the load. Ah, and then it would send the request to that particular server. So let's get started. So what we're going to do It's like goto the load balancer section here, and you can hit, create or balancer 16. Load Balancer Setup Part 1: Okay, so now that we're here, we have three different options to choose from for creating our load balancer. So we have Ah, classic load balancer of it is a previous generation one. This will do our job. Fine. But we're not going to use this because this is kind of work. Then there is a network load balancer which is used when you need ultra high performance. Well, in your network. And if you if you ever need static I p addresses for our your Lord banters and you can go with the network load balancer. Oh, and the 3rd 1 is the application Lord Banisar, which is the most commonly used nobody's. And this gives us a lot of flexibility in how we configure, um, application. Uh, how how we configure our applications interaction with the with the request that are coming in. So this is generally used in micro services approach. When you have a old one athletic, you are, and then you have new services coming in and you don't want to group them along with the with the same monolithic application. Why didn't study if you want to split it into a micro service over it and you can have slash report we some other words and member and then point in new obligations to a different target groups. So this is kind of use case for most of the completes out there. So this is this is very widely used nowadays. Let's see how the application load balancers are implemented by going to this Dagenham here . So on the top, viewed have an application load balancer and every application load balancer would need. Ah, listener listener is nothing but where you want your clients to access the load balancer at that. I mean, let's say if you if you want those servant application at Port 80 and 443 with this extra TV industry devious, then you would have to listeners. One is for extra tp and one is for extra TPS. So whenever your client thinks you're never heard of resort example dot com, then they come to the Lord balancer. If if they come on HDP, then they go to this listener. If they go to https, they go to some other listener, that kind of stuff. So what do you do? It's like you have a listener and every listener there. There are a set of rules that you can apply and ah, listener can take a decision on, like which target group it needs to go toe. So let's say you have a big monolithic. You are aware in some example dot com and you have some service one and service to, and you want to see you want to use the same your girl and you want Oh, direct service Oneto one set off Target Group and service to do another set off target group. Then you could have a rule saying, Ah, pad based rule in the listener itself, which would which would control if the park matches service one. Then go to Target Group one with the part matter service do Then you could go to the service Target Group to. So once you configure listeners, then there are target groups itself. So what's the target? It is nothing but a grouping off target. Objects can be anything it could be. It could be your docker containers. It could be instances like our application servers itself will serve as a target here. So basically what we're doing, it's like we're grouping a bunch off target and creating a group ward off it and then you have a health check, which is like, which checks if the target is healthy or not. So let's say here you have bunch off application servers hooked up to your Lord Baron, sir, and you want to know, Um and you wouldn't know which one is healthy, right? So you want to create a health check. You are a rich would, ah, which ah, which is checked by the target group of with a certain interval that you are going to conficker, um, and what it's going to do. It's like, Oh, it's consistently checking for the health. And if ever it doesn't get back the response in a certain amount of time and for a certain number of times, then what is going to do? It's like it is going to deal adjuster that target because it is unhealthy and it is going to tell the auto scaling group if we hooked up the auto scaling group toe, put up a new target and that's going toe, give us a healthy new target, which, which would make sure that our application is running as expected. So So this is what we're going to do, we're going to create a load balancer and within that's fit in this. We're going toe, create the listeners, and then we're going to create the target groups. And we're going to point our health. Check your oral as well inside this, and we'll also be creating a new security group for the Lord balance or itself, like recreated for our application server. So ah, there's okay, So let's get started. And I'll clear out some other doubt if if if I feel like if there's something important that I need to mention here. So let's jump back to the Easy Toe Council here. So I'm going to choose the create application load balancer, and then I'm going to give it a name. So I want to give it a name off my big Come with me. He'll be with this application Lord wallet banter on product. I just put in like application. This is just I'm making it up. Can be anything. I want this to be Internet facing because we want our clients to access it. If for some reason you want a load balancer that handles just an internal application, then you could choose an internal one that it is not accessible externally. And I'm going to choose I PV for. And, um, we could have multiple listeners like we have done here, but for now, we're going to choose just they had TTP because we're yet to configure our certificate manager for extra DPS. So I'm not going toe do that right now. Um and then here we need to choose Thea available D zones where your application or parents that is hosted. Let's go back to our our architecture diagram itself. So here you can see that we have a lasting load balancers in both ah d m c a c one and GMC easy to so So we need to select the m d sub net in both the availability zones. So that's what we're going to do it here. So we're goingto go to the e u West one a and inside this Oh, no, If we first we need to select are probably BC, and inside one a meaning to choose the DMG Summit One and inside one be going to choose the DMC 72. So these other two sub nets that we're going to host our application load balancer in. And we'll just give this a name on how copy paste the name from here. And the most important thing, Yes, I always, uh, give the environment tax. We could say this easy to figure out which environment Lord Byron said that fear looking at . So here we're going toe create a new security group because we don't want to use public esteem because that's meant for the application server. So we're going to create a new one, which is going to be external. He'll be father a lbi, as she I just called L b s G. And we'll just call this us proud. And we just say, uh, load balancer as she for Lord balancers and what we're going to do, It's like we're just going toe say that we're going to allow ah, for 80 with this http, from everywhere for now and then we'll find you in these security group rules in the next lesson. So just hit next. So now we're going to create a target group, which is with this this buck. So So what I'm going to do here is like I'm going to select the new target group going to give it a name off that's going to paste in that one. And so, if this desk your target group, I'm going to choose protocol. Http. Port 80 and I want to choose the instance. And I'll just give the part off. Slash was just like, technically, we could be ableto configure it. I mean, like, making tacky usedto you are for our health check. 17. Load Balancer Setup Part 2: Okay, so the next thing that we have here, it's like advanced health check settings. So here you could specify what's the frequency off your health check and how long you want toe. What's the maximum time out that you want to give for that health check and how? How often you want that health check to be checked. So and what is the pressure? Let's say if you if you give five as your threshold, that meant it would wait for a two least, um, at least like 1 50 seconds before it goes to healthy. And if it if it gets, if it sees ah, the unhealthy. I mean, like, if it doesn't get back from the health check for two consecutive period of time, then it is going tojust de register it. I feel this interval is quite long. So what I'm gonna do, it's like it was going to give it, like, 15. And I wanna go the time out for 40. So we have one second in despair here, and then we're looking forward to wanted success card. So I wanted a healthy too, and then unhealthy fight so that something goes wrong. I don't want my incidents to get TV disturbed very quickly. If there's some small glitch, then I don't want back toe like take out my instance from the service. So the next thing that we're going to do is we just heard the target. So, like, discussed here so that our targets would be our application servers. So I'm going to choose our two applications that were started have created in the previous lessons, and we need to do active registered the next hit review. So, inside review, we have our name. We need this as Internet facing. We have listener port 80 and this is I be before probably BC, and we are subjects. So, uh, the next thing is, we have created a new security group and we have created a new target group and we've confident our health check settings here. Then I'm just going to hit create. Okay, so now are application load balancer is created and what you would get Ah, it's still in the provisioning state, by the way. So the meanwhile let me explain you what it gives us so But if all it gives us a DNS name with you genetically brows so in the earlier lessons. What we did was like we were browsing the application with the public. I p off our instance itself. So now what we could do It's like we could use this DNS. And the request would come to the Lord balancer and lower bands ever figure out which applications are really needs to hit, whether in one a or one b and that completely depends on the traffic and basically load balance servers try to balance the Lord between two applications overstocking off, confident here. So that's one thing. And then you have your listeners. So we have our http listener that you've created and by default there's no also by default , everything that comes in Port 80 is being forward toe our target group that we have created . I'm going to go to that in the in a bit, and you could add a new rules. Like I said, you could have bought based rules are you could have, um, host name based rules. So if you want to add a new rule, you could just go here at a new rule That saying said rule and you you can choose based on the host error on the part pattern. And then you could say for a specific security group if you're multiple security groups, multiple target groups than your your seat here. So we don't want appeared in neural because we just have one application being posted in that server, and I want to follow it everything. Toe that. So I'm going to go back here and then you have your monitoring. So monitoring gives us a lot of details on like, Ah, what's the average laden tea across all the target groups? How maney number off requests are coming in, and then the average late anti it gives like it goes up to all the way up to two weeks. So you have that data coming from the Cloudwatch card watch metrics, and then you have how many truly valuations are happening on the fly, and then you get back the five hundreds that are created by the server. The count for the foreigner. It's count for the founder from the you'll be confident for hundreds from the L B. And then you have to hundreds success court that are getting Britain back. So this is a lot of information that is generally used in the production network. Where in this helps us to answer a lot of questions In case off there is there is an outdated. Or if a customer comes back and sees that they're facing huge laden teas and you can come back here and check what's happening here. And you could also configure alarm saying that if there is any highlight and see that is happening, please 35 me via email or any SNS topic that you could 30 good conficker here. So, um, this is in the load. Balance of level. I mean, like, you wouldn't have multiple target groups and you could also get individual metrics for that specific target group that we will be seeing a bit. So I'm going to go here, listeners, and then I'm going to open up our target group. So we've created our target to pass Well, so here you have the target groups target, which are are two applications servers and they are in the status off healthy. That means that they are working fine. And they're passing the health check that we have configured here. And you could also get the individual metrics here. That is like how much traffic is coming into this pest Picked out of the group. And what is the average Lipton tea from this place with Target Group. So you'll get the same amount off details. Start that that you have from the load balancer level as well. So now let's go back to the load, balancer and see if our if it turned from the roasting state toe the running state, we just refresh. Okay? Now it is in the active state. That means that Vicar directly use our lord balancer. Soto, check if it's running. All you gotta do is like copy the DNS name from here and based within a browser. And you should see your application returning the response. Okay, so this is our response from our application server. That means that we have, ah, road manager taking in the traffic. And then it is figuring out which application server to go toe in. Our application server responded with the response, and then it goes back to the client, and that's what we're seeing here. So So we have configured this flow off. You haven't country around 53 yet, but we have client going through our Internet gateway going to elastic load banter than going to public sub net processing it coming back to DMC in load Balancer and then sending it back to the client. So so far we have achieved that. So I think we're pretty much good in the application Lord balancer part in the next lesson . What we're going to do. It's like we're going to clean up some clean up the security group that you have created the BND Security Group A and we're going toe. Add in few more rules that word. Restrict the traffic flow between the application servers and the load balance or servers. So I'll see you there. Thanks. 18. Security Group Cleanup - Phase 1: hello and welcome back. So in this lesson, we're going to clean up our security groups that we have created in our previous lessons. The security groups were public security group and externally will be security group. So what we're going to do, it's like we're going toe put in rules so that the traffic on the Lord Mansour can only have incoming traffic, can have incoming traffic from everywhere and the outgoing traffic that is going out off the load balancer should be only able to go to the public submit and the public's have not should only be ableto receive traffic from elastic load balancer on Port 80 and on. And this is going to control who is going to access the application servers because we want to cut the clients interaction at the elastic load balancing levels. And even if the client gets hold off the I P address here, he will not be ableto being that I p address directly from the browser like we did in our previous lessons. So let's get started. So to look, this will go to our AWS console and go to the sea to part here and hit the security groups . So first, let's go to our public security group and let's see what rules we have in here. So in inbound, we have poured 80 allowed from everywhere. So fever able to access our application server, which is our test application server with our public i p. We were able to access it and we were getting back the response. So what we're going to do now, it's like edit this rule and we're going to say, Allow traffic for the I. P. V four and I PV six space. Let's take out I previous six because we're not using it in the load balancer itself. So you do not get the I V six traffic here, so we're going to have I PV for traffic in coming from everywhere. So instead of that, what we're going to do, it's like we're going toe put in the security group here, so I'll say External Security Group S G. So what we're doing is saying it's like allowed traffic that is coming from resource is our that have this security group attached. That is our load balancer, so we could have a small note here so that it's easy to figure out which jewel is configured for what purpose? So for external, the lp's and we don't need ssh here. So we're going to take this off here and then we're going to hit safe. So now what is happening is if you go here this work in the previous time, Right now, if you refresh this, this is going to time out because now you have, like, the ah, you have put in a rule which which cuts out the traffic, that it's not like white. But if you go back here, though your lower bands, a euro, you'd still be able to access the same application. You see, this is working here, but this is not responding. And it is failing here because now you have restricted the traffic, Toby. Only coming into the application servers from the Lord balances itself. You cannot access idiotically. So now you have cleaned up the application. I mean, the public security group, but there's one more thing that it's left. So, here, if you have, if you see here in the load balancer, you get all trafficking. I don't want the happy every six here, so I'm gonna take this off So you have in your inbound you have everything is going in. But your traffic that is getting generated from your Lord balancer should be only be going toe de public subjects, but not anywhere else. You own one year load balancers to access from other locations. So you're going to edit this rule and you're going to say that you want http traffic to be going to public security? Google, You should be able to go. That's just copy the public security group here. Second I d here and then go to edit. You're going to change this to it's tricky P. And I'm going to put in the security group here and you're going to say, um, traffic flow to patients. Hey, Steve. So now you have your security groups cleaned up and you have restricted the traffic flow or to the application servers directly from by using the public i p. So So this is according to our architecture, and that's it for this lesson. We'll revisit the security groups want once we create the database servers in the private submit, then we'll have a real clean it up a game based on like what rules we need at that point of time. So that's it for this lesson. Thank you so much. 19. ALB Setup Recap: So this concludes our ale be set up section and let's do a quick recap on what we have done in the section so far. So we started off by creating our second application server. And then we have discussed the concept off load balancing. And we have chosen the application load balancer for our scenario. And then we discussed water. The different parameters that that that the L. B. Has, like listeners are the target groups and ah, listener rules and so on and so forth. And then we have created our security groups for our DMC Submit. Ah, and then we have assigned it to our lord balancer. We have hosted our application load balancer in our TMZ submit. We have created our target groups. We have created ah, listeners. And then we have tested. We have attached our oh, the application servers that have created in the previous lessons to the Lord balancer. And then we tested ah di connectivity by browsing their DNS provided by the application load balancer. So I really enjoyed this section because it's kind of exciting for me when when I see things working a T end off the lesson and, uh This is a kind of flake organized way off doing things in the public cloud. So I hope I really hope that you you also enjoyed the section. And, um, I'll see in the next one. Thanks. Bye bye. 20. Auto Scaling Groups Introduction: hello and welcome back. So in this lesson, we're going to create order scaling groups for our production application and we're going toe hook it up to the target group so that it manages what instances are registered in that in the target group. So let's get started. So for this order scaling and why do we need order scaling? So basically, order scaling helps us into key scenarios. First is it allows us to dynamically scale when there is a load that is coming up or you could schedule. You could have a traffic pattern where and you get certain amount off load in a specific day. Ah, especially time off the day. And then you could have your artist killing group schedule so that you have instances scaled up during that amount of time and then you can scale it back down when there is no Lord. So that's one scenario, and the second scenario is like you want to keep your costs low because in the old the days before the cloud, what days to do, It's like these two or provisioned there instances and then they used to purchase a lot of servers, and there's to configure it, uh, and then even then you end up paying, even though you're not using those servers because there is. The Lord is not there all the time, but in the cloud you pay for only what you use so harder Scaling groups helps us to keep the costs low by by dynamically Skilling it eso Let's get started. OK, so let's see how this will work. So, uh, the artist getting group of functions basically on three main parameters for just minimum size desired ca bestie and maximum size. So this minimum sized tells us ah tell started schooling group that we need a minimum these amount off instances running all the time and then you have maximum size. That is like, this is the maximum amount of servers start. You can scale up toe and then you have your desired capacity. Which stealthy auto scaling group at this particular woman. How many instances I wanted to be running so so basically you're artist killing group will run the instances greater than or equal to minimum size and then less than or equal to maximum size based on the desired capacity. And so how would the orders killing group know what Sir were to boot up and how it which read it goes where it needs to go and register it. So the launch configuration will tell us. Tell the auto scaling group like What is it do instance type it needs to use What is the am I that it needs to use? And what are the security groups that it needs to take one of the storage options that you couldn't that you want to assigning toe that instant? So basically, you'll have the same parameters that you have in your logic an instant, but instead you're going toe. Save it as a launch configuration and you'll assign this launch conflagration to the orders . Healing Group and Auto Scaling Group will figure out a way to boot the new instance with the specific configuration on. The other thing that we use commonly is the scaling plant. This will tell the auto scaling group when and how to skill. For example, let's say let's say you have ah, a scaling plan that Telstar is getting group to add more instances, and this happens when something triggers their scaling plant. Like if there's a Lord that that is coming into the Lord balance around it. It triggers a cloudwatch alarm, and the alarm will in turn trigger earthy scaling plant. And the auto scaling group will start adding new instances to the target group in orderto handle the off Lord. So these are the type off use cases that we get out off the scaling plans. So let's get started with the creation of the orders killing group. 21. Setup Auto Scaling Group Part 1 - Launch Configurations: let's get started with the creation of the auto scaling group. So to do that, we're going to go to the he said to control. And here we're going to go to the heart of scaling groups. So once you're here, you can hit, create out of skating group. So, like discussed, we need a launch conflagration for an auto scaling group. So we're going to create launch confirmation first. So large car configuration eyes similar toe the instance creation that we have done in the previous lessons. So you're going to choose the Amazon the next, Am I? Yeah, and we're going to choose a teacher dot Micro and we're going to give this a name. So I'm going to give it a name. My big company application. We'll see for launch conflict and then I generally give it the environment demon. I give it the date when I'm creating this so that I can keep track off the new launch can fix where says the or launch conflicts. And I'm going to choose the instance role proud that we've created. And we want to enable cloudwatch detail monitoring because it's the production system. We want detailed monitoring coming in so that we have more metrics, men, when we're trying to figure out our investigate something that has happened. Ah, in the advance details, we need our user data, which is the script that we have written which will configure our application. Copy it from the S three. All those things. So we pay stated here, then we're going toe Add the storage. I think it gives us more than enough. If you need more space, you could always add it here Or if you are New Orleans too good at it here. But make sure to check the dilettante termination so that you don't have EBS volumes for from the terminated instances Toby lying around. And then you have to configure the security groups. So ah, so here we're going toe select the, um, security group that we want to assign here. That which is our public security group just here. And then I'm going to go it review. And here you could see Ah, that V of tools in the Amazon leaning CME I. And then we have our name here for the lt. And we have the role selected. We have the user data, which is encrypted here. And then we have some storage which has eight gigs, and we have our selected security group. Ah, and just sending the traffic toe. The Lord balancer. How many languages Accepting the traffic in born from the load balancer. And if you're going to hit, create and we can choose a new key pair are you could have a separate key pair for each off the applications that you have in your production system. Where for this lesson? I'm just going to choose the keeper that that I already have. So Okay, so the launch configuration is completed. 22. Setup Auto Scaling Group Part 2 - ASG Basic Setup: and now we're going to create the orders killing group. So for the auto scaling group were taking the name. Oh, I would give it a same thing. My big company application A s G V dish for orders getting group. And I'm going to give it to me and I want to start with Ah, that's a two instances, at least because I want to put it into a bit over the zones and we're going to choose a party PC. And the subjects that we put in here is actually the public secure, Submit one and probably submit to in both available descends because artist killing group is launching the application servers. So that goes in the public. Seven it. And if you want the article in group to launch it in, those two submits, so we're going to configure it in the public seven. It won in public submit do. And the next thing that we're going to do it's like, Okay, so there is there is the health check grace, period. So what this does is like the health a grace period. Is it abates for this amount off time before it starts checking for the health off the application server. So in some cases, what happens? It's like the application server takes more than it takes more amount off time toe, uh, configure itself and then ready for the ready for go going into the Lord balancer. So we don't want our health check to be, um triggered prior prior to that so that it results in an unhealthy and artist killing group will try to take it out. So we want to wait for a certain amount of time. So that is what this number is going to tell us. So theater seconds is more than enough for her, our server to go into service. So I'm just going to leave it at 300 you could always have ah, in instances protected from scaling. That is when our some alarm happens and your artist killing group scales in that it's like decreases the number off instances. If you want to protect this instances, you can protect it. But I don't want to put that now. I'll talk about the use cases in the next lessons, so I'm going to control. So let's keep this scaling policies to the next lesson because we want toe. Understand how the auto scaling group works first, and then we'll try to come back to this and configure this properly when we have all the alarms and everything else is set up. So I'm just going to skip this part now I'm going to go to the, um, configuration off notifications. We're going to skip this part as well, because I'll talk about this once we have the s and stop it created so that we could use this here and then we could use it for our notifications. So next thing it's like, I'm going to keep the tax, which is our name tag and my big from me application. Hasty. Yeah, that's part. And, as usual, I key in the oh struck. Okay. So, V would we have the auto scaling groups here minimum and maximum size? I want to change this to be see an option to put in the maximum size. Okay. I think we can. We can put that once this is created. I'm just going to leave the skating policies and notifications for the later lesson, and I'm going to hit create. So now what this is going to do? It's like now the artist killing group is created. What? We haven't told it how their toe keep the way to launch the instances and assign it toe which target group or something like that. So now that this is created, we're going to go here and edit this. And here you have the target proof section, and here you could select the target group Turkey off already created in the previous lessons. And you're going toe toe that we have. We need maximum four, and we want the health check. Type two b e l b health check that. It's like now this is going to check the, um, target groups health instead, off the instance Help. Oh, if you go to your instances itself Ah, you have a separate health check that this assigned to this and this is going toe. Show it here. I mean, like the status checks. Something goes bad here than this would turn into unhealthy. But we don't want to check this because this doesn't tell us if you're if our application is healthy or not, it just tells us, with the instances, healthy or not, why? Instead, we want to use the application Lord balances health check where this is going to tell us if our obligation is working fine or not. So let's go back here and I'm going to choose the E l B health check here and termination policy we want to keep in the oldest instant, that is, like whenever a new instance scales up, we want the old instance to go out when it scales down rather than having the new instance go out. So I'll explain the use cases for this in the next lesson as well. So that's it for this part, and I'm gonna hit safe. So now what this is going to do is this is going to put up new instances to do new instances. And if you see here, they have launched successfully. Let's see if they entered the target group or not. So if I go back here in the target groups and hit refresh, I should see two new instances getting added to our target groups, and you can see that this are scaling. Group launched the instances in Port One A and one B because we want our servers to be present in both of our liberties owns. That's why we have minimum off two servers so that it can launch and put the available designs. And even if ones own goes away, then you have the second zone up and running. Uh, now that we have our orders killing group configure toe Thies to put in the servers into the target groups, we can go ahead and tell me these application servers that we've created manually. Uh, before that I just want to check if they are all in a healthy state. So I'm going to go to the application servers here. Want to search for these two, and then I'm going toe terminate those two servers, sell it. Those two instance state terminate. Now I want to go back here, go to the Lord balancer and check if this it's still working as expected or not, I'm going to go to this and yes, so I am getting back my response from my production application. Now we have auto scaling group configured so that we could add more and more on one off instances. Convicted is the number of instances that you want in our target group to handle out load. So that's it for this lesson. And in the next lesson work we're going to do, it's like we're going to create the scaring policies. We're going to create the alarms that are required for our Lord balancer, so that without your intervention, if there is some Lord that is coming in the orders killing group and the load balancer will figure out whether or not to scale up the new instances. So that's it for now. I'll see you there. Thanks. 23. Setup Auto Scaling Group Part 3 - Scaling Policies: hello and welcome back. So in the previous lesson, we have created our auto scaling group. And in this lesson, we're going toe create Ah Sinise topics. We're going to create cloudwatch alarms and attach it to the target troops. And also we're going to create scaling policies for the order scaling group. So let's get started. First thing, go to your home page in AWS console and then search for SNS or simple notification service . So here you could. You can create the topics and you can have signed these topics to the scale up or scale down even. And this will. This will send notification to whoever subscribed to the topic. So we're going to create a new topic here, and I'm going toe create one for scale up alarm. And you could just do scale up here and then created topic. And we also want a lot of them when the go scale it's killing on Hello, skill down. Also, what were going to do is ah, we're going to create another topic which will use for, uh, let's say, if there is something like, um, service. They didn t service. So if there is any surgeries and normally will try to trigger this s and s topic so that you can subscribe to any service anomaly like highlight and see or high CPI or anything like that. We would use this as the trigger. So we're going to use service. No, Morley and then I'm going to hit Create up. Okay, so now we have our sense topics trading. So now I'm going to jump back to the east to section, and what we're going to do is, um, go to the target groups and before conferring target groups, I want toe go and configure the scale of policies and killed our policies in the order schooling groups. So here, select this and go to the scaling policies. I'm going to add a new policy when I'm goingto do, um, create a simple Skilling policy. Okay, so we're going toe named this policy as scale up policy, and I'm going to create a new alarm. And the alarm is it is going toe. This is for scale up policy, and here we can choose the topic that we have created earlier. So we're doing a scale up alarm and what we're doing. It's like we're whenever this average CPU utilization across our instances east greater than or equal to, let's say, 65% for, let's say, five consecutive periods off one minute. Then it's like if you're instances are having CP, let's make it 70 seriously related with higher. So whenever there is 70% arm or, UH, 70% off CB utilization or more for five minutes across the instances, then this is going to trigger in alarm. And that alarm is going toe. Um, at new instances had one new instance, and it will try toe hand in the truth. So what we're going to do is hi CPU scale up. Hello. So now we're creating this alarm, okay? And that got selected here and what we're doing going to do it's like add one instance and then we're asking it to wait for theater second for another scale up activity. So we don't want to be too aggressive as well, because, ah, once the incentives, I mean, like, once a new instance gets added and it needs some more time toe like oh, ready is the Lord and your own wanted, like, aggressively add more number off instances. So let's make this 500 actually and then hit Create. Okay, so we have now simple scaling high CPU scale up policy, and we're going to add another policy, which is what we're going to do is we'll have a skill down policy and this is going to be the same thing. Have its abuse utilization. And, uh, no. We're going to create a simple scaling what's actually scale on policy, and we want to create a new alarm for scale down. We'll choose a scale down alum from or Topics average. Debut utilization is less than or equal to 20%. That is, if for at least for five consecutive Peter itself, one minute. So what this is doing? It's like, Let's say you scale up with the with the high CPU alarm or something like that and want your Lord's upside turn. Your application starts toe, get to normal. Then you'll see that your CIB utilization will go down. At that point, you want to scale down, and that's why we created this alarm. We're creating this alarm so that it is going toe check for the low CPU thing and if the low see if we disclose below then 20% for five consecutive periods off one minute. Then it is going toe take down one instant, which is going to be the old distant since, as we have put in the or list instance termination on the auto scaling group. So I'm going to name this s Cale down. Hello? And then I'm going to hit Create. Okay, so that Alam has mean created here. Ah, actually, we should have named it us. Low CPU scale up. Hello? Skilled on alarm. Okay, let's speak. Hear that alarm here, IHS Less than or equal to 20% for five Continued. If it's off one minute Low CPU scale in this to lord. Guess skill Don't alone. Okay, I'm gonna hit, create, And then I'm gonna close and low CPS Cahalan alarmist selected here, and we're going to remove one instances and we're going toe Wait for 500 seconds before another skating activity happens. So I'm gonna hit create. So now we have ah, scale up and scale down based on the CPU. And we're going to get a notification when I were s Caleb. Activity happens here over that. It may be a heading, a new instance, or anything like that, We'll have a Oh, no. Whenever there is a high CPU, then we'll get a notification here. And the next thing that we're going to do is go to the notification center and we're going to create a new notification. And what we're going to do is ah, whenever there is a launch terminate, fade to launch and filtered. I meant we're going toe. Ah, okay. We'll create another topic saying, uh auto scaling activity notification. And we will add the subscriber Slater. And basically, we're what we're saying. It's like whenever there is a scale up or scale down or very, if there is any scaling activity that is going on here, you want toe, uh, choose a notification here. I don't think it's following with to create a topic without the recipient s o what I do. It's like I'll go back the SNS control here. Then I will try to create there topics, and then I'm going to create a new topic. Just going to be what does Scaling school scale. I don't want to hit, create topic 24. Setup SNS Topics, Cloudwatch Alarms etc: Okay, so now we have our artist killing activity. Notification created. Then I'm going to go back here. I'm gonna get canceled. It's gonna hit refresh so that it gets updated with the U. S and its topic here. I'm just gonna do it. The notification. Select the activity north notification. And I'm going to choose everything and then hit. Save. So now what's happening is ah Oh, whenever there is any orders killing activity that is happening, then this alarm gets triggered, and this will notify us when they were. There's some activity going on. Okay, so the next thing that we're going to do is we're going to create some cloudwatch monitor rings for our, uh, target groups. To do that, we'll go to the target groups, and here you go to the monitoring, and you can see that there no alarms trigger ass off now. So what we're going to do is we're going to create an alarm here. What do you know what we'll do with will? Send a notification tow service anomaly. Oh, there is whenever there's something bad happening here and what we're going to do is whenever there is the average off, have relating t is greater than or equal to. Let's say you, you have you you'll get to know the exact number here wants you. But you have your service running and you kind of know like the trends off the average wait unti Then you can trigger it usually what I would feel. It's like all the services should written, uh, like under 7 50 milliseconds. So that's what I believe is the highlight anti. So this is going to be little 500.750 seconds and for at least five consecutive minutes off one minute. Then I'm going to say hi late and see Hello. And this is You can give application name here so that you know which obligation is having highlight and see. And then you're just going toe create alarm and you're also going to We have also going to create a low laden T alarm where and whenever there is a lady anti we we always need, like highlighting tea and lowland and tea or high superior lord slow CPU so that we get to know when whenever the salaries went back to normal after a normally happened, So what we're going to do It's like we're going to select the service anomaly again here, and we're going to go buy average off. Ah, the average latency. It's less than or equal to little point. Uh, three seconds. This is this considered as normal for me. Then I'm going to go for, like, five consecutive periods off one minute. Then I'm gonna see application lo blade and see. Hello. So this is what, uh, so this is what we're going to do here, and we're gonna hit, create a lot. So now that we have created these alarms, now what we can do, it's like we can hook this up to the order scaling groups back again so that whenever there is highly didn't see, you could also scale up. Because sometimes what happens is even though you're CPU is law, you're late. Auntie might go up, and you might need more instances to handle that kind of float. So in that scenario, you need to scale up. So what we're going to do, it's like we'll go will view this in the cloudwatch alarm itself. I mean, cloudwatch page itself. You can do that by taking it here. Then you go to the speech and then you can see that there ist like obligation, highlighting tea and application low latency. So here, what you can do is then kind of go here and then goto actions and go to modify. And you can also add a new action here, which is the order scaling action that we want to. So what you're doing is whenever this alarm state is an alarm, that is, whenever this goes off Oh, from the source, try Borders Killing group. We want to use this order Skilling group, and we want to do a scale, a policy which is adding one instance and and we're just going toe, save it here. Also we need in notification. Whenever the alarm state goes to okay, us will send the notification toe anomaly. So what is happening here is like whenever there is an alarm, you send the notification to service anomaly, and then we're never never they say alarm. You're scaling. You're also adding a new instance using scale up policy here and then when our state goes to okay, then you are sending a notification saying that your service is back to normal and you can hit changes safe So now this is done and you're going toe Configure the bullet anti alarm now and hear what you can do. It's like goto actions and modify, and you can do the same thing here we want at the notification honor this status in alarm. Actually, we don't need an alarm in the US The whole agency is there because we don't care when when they're slowly until we only care when there is when there is highly didn't see and of year there we have configured an alarm. When when it goes to O K state, we're going toe get a notification anyway. So But we need a order Skilling action where and when The state is an alarm. That is when it is low CPU low latency than what we're going to do is we're going toe do in order scaling, and we're going to select this orders killing group and we're going toe scale down that this we're going to remove one instance so that so that envy so that we can we we don't need more in census because the application is performing very well under the required constraint here. So I'm gonna hit save 10 years here. Now you can go back to the No, you're done con feeling all the alarms. Now you can go back toe the PC to section and here in the target groups, you should be able tow seeing the wandering section that your alarms have been configured. And you have, uh, everything set up here. Probably. So, uh, now I know that this part is done. What you can do, It's like you can goto the SNS. And you could subscribe to these these topics, and then you would receive notifications when they were some activity. Happens like we could We could test a scale a problem by going here? No, actually, we were just to order skinning activity. And I will. I'll create a subscription. I want to send an email, uh, toe click to my email address and then create subscription. I love to go back to my email and then confirmed the subscription so that I'll start receiving the notifications. So what you can do is, uh, let me open up my emails. Okay, so now I have my email open. Here s so I got a email from AWS notification token from the subscription. So I'm gonna hit. Confirm. And now that my subscription is confirmed, what I can do, it's like go to the go back to the hardest killing group and I'm going to add a new instance. And let's see if I get a notification once we get a scale up. So I'm going to edit here, and I'm going to increase the desired capacity by three. Then I'm going to hit, save. Let's see if I get a notification. I'm gonna pass this for a second. Okay, so now that the instances added here, you can see in the activity that it launched a new instance. If I see here, I got a new instance here and I'm going to go to my email and yeah, I got an email saying that there is a lot of scaling even happened and what happened here who, like he used a requested update to auto scaling group constraint, and he changed to this. So until number and these are the details and this is where it launched a new instance and all those kind of information, which is really useful when when you're away from a system and want toe check what happened get to know what happened. What's happening in your production environment. So this is how you configure your alarms and you configure your notifications. This is really helpful when you're when you want to monitor your AWS environment, even though you're not logged into the system. So that's it for this lesson. Guys. I will see you in the next one. Thanks. 25. ASG Setup Recap: So this will be our end off Carter Scaling Group set up section and let's do a quick recap on what we have done in this section. So we started off by looking at the auto scaling group concepts and what are the different options that we have when we're setting up the artist getting groups? And then we created our first launch configuration by supplying different parameters that we warned our application servers to have. And then we created the orders killing group by using the launch configuration. And we have created the scaling policies, the cloudwatch alarms and we have created the SNS topics and we have used all these together and we have ah hooked it up to the load balancer and toe artist killing group. And we have Ah ah! We have tested three order Skilling Group by putting up new instances and also we have tested are scaling policies and SNS topics and alarms by checking the notifications in our email. So, um, I think we have covered a lot off information here and I really hope that you enjoyed the section and I'll see you in the next one. Thanks. Bye Bye 26. Create and Configure Security Group for DB Servers: hello and welcome back. So in this lesson, we're going to talk about the database servers in our private subjects. So let me open up my architecture diagram here. So so far, we have completed the application server set up, have completed the DMG set up. We've got the orders killing set up, and the next time that we're going to do it's like setting up the database servers as we don't have an application that is actually using a database. I'm just going to show you how to configure the security groups and launching off the database server is exactly same as that we have done for the application server. Except that it doesn't need any load balancer or it doesn't need any orders killing because our database servers usually don't skill. So let's get started. So what I'm gonna do is I'm gonna go back to my easy to hear, and what I'm going to do is I'm going to go to the security groups first because I want a confident a security group which allows the traffic to this particular date of this in private submit. So I'm gonna go create a security group. I'm gonna call it private security group security group for the database. Serwer's So here. What will do? It's like we'll put in the incoming port range port numbers that that we need to access the database so that, for example, that for example, if you're configuring a my sequel server than what you would need, it's like you need an environmental that would allow for 3306 And, um, you want this to be accessible only from your public submits because you don't want your Internet to be able to access. Ah, this particular database on the port number because that's this is like behind layers off fire world. We want this to be only accessible from the application servers. So here I am going to select trying to get the order filler working for me. Looks like it doesn't like it. Ah, kloppitt from here. Just gonna open it here, and I'm going to copy the public security group from, and I'm going toe based here, and this is for the access to application. Worse. And if he if you have some internal applications that are running in the sport number, how I mean running on the private submits then you could also have uh, http coming from you're foreseen Private public security groups s for less access to port verification tourists. And in some case, if you want to if you want your load balancers if you want some if you want to hook up a load balancer toe this. I would not do that here. I guess we don't want to give permissions that are not acquired, Kip. So I think this should be good enough for the oh, deliver server too, to be accessed from the application servers. So all we gotta do now, it's like create our, uh, get abyss server. This can be a database server whole straight on a ec2. Instance are this can be even a r D. A server like you could go to the are the A section here, and then you can create your own database server like my sequel are, or any other RTs that Amazon offers you 27. Create MySQL DB in RDS and place it in Private Subnets: Okay, so now that you're in the idea section, what you need to do is go to the summit groups and we need to create a new subject group. Oh, so that, uh, the audience can choose that subject group to host the RDS instance in. So I'm gonna name this s private BB sub knit group. Um, some night group for our deace. I'm gonna choose my probably PC here. Uh, and then my preference is going to be one a and then we're going to choose the private summit here. So let's look up. What are private summits are 01 off them. Is this guy 556 Let me choose the 5561 here, and we're going to choose one b inside one B. We have private something do but IHS for C A and I'm going to choose the Foresee a one here and added to this of so now when the rds instance gets created, physic the submit group, then it's going to be launched in these two submits. So that's going to hit Create. Now we will go to the instances here and we'll launch a new TV instants. We can choose Amazon. Hetero are my sequel. There's no real difference for this, uh, demo. We can choose a production. Amazon. Aurora? Yes. It's the similar to my sequel. Um, me to choose the smallest one just to see how this gets created. Uh, if you don't need my THC or we could just sitting here, we could just give some name here, put a password, and here you're here is the important thing. You you're gonna choose the party PC here, and then it automatically selects your new privates of my group that you have created and you can choose if you want the lakes exposed this publicly or you want to put this internally. So by our picture, we prefer to keep it inside internally accessible s so that no one outside this BBC can ever access or db It's really not required for us to expose already be in the scenario. So we want to choose No. Here and then Oh, we could choose our preference. That's up to you where you want to create yours. Um, could be the instance. And then you can select the existing security group that we have created just a few minutes back. That's a private testy, and you take this off before she on. You can give the DB cluster name if you want, and select all the default or any other confirmation that they want to make and launch the DB instance. Once you launch this TV instance, then all the application server should be ableto access that especially unspecific db instance on the Port 3306 which is the before port on which the my sequel gets accessed. So that's it. Further data based configuration part as we don't have a running application that has a baby connectivity. It is really hard toe assimilate that kind off demo in this lecture. But if you have any questions about this, you can comment in the comment comment section, and then I'll get back to you on with the reply off. Like what you need to do in your scenario. Oh, so that's it for this lesson. Thanks 28. Configure ACM Cert to enable HTTPS on Target Group: hello and welcome back. So in the previous lesson, we have configured our application load balancers, but we haven't configured it for the extra DPS. So in this lesson, what we're going to do is create a CME Sirte, which is like Amazon issued SSL certificate, and then we're going to assign it to our load balancer by creating a listener for extra DPS and forwarding that to our target group that we have created earlier. So let's get started. So first you need to go to the certificate manager in your AWS console and then you need to get started here. You can specify the domain in first, you need to have a domain name. I believe every company has a domain name, so Oh, I'm just gonna request for star thought. Oh, this is the domain name that I own. So I'm just putting star dart cycle, nothing dot com And then I'm hitting next here, and then I'm gonna choose female validation. So what eight ugliest us iss like it creates. So it checks for the register for that domain in sense. An email to him saying that someone is trying to generate a certificate on your behalf And do you approve off it? And once the registrar approves, start your certificate is ready to use. So I'm gonna choose the email validation here, and then I'm gonna hit preview, and then I'm going to request this. So now I should be receiving an email to my registered email address off my domain. So I'm gonna go to my email and check. Okay, So now I garden email saying that of so many stick questing for this domain. And if I want to approve, then I just need to click this link here, and then I just need to fit high a proof. So now our A certificate is validated here, and I can go back here and hit Refresh. Then it should be issued state. Okay, so now we have a certain The next thing that we're going to do is go back to our e application load balancer, so you'll go back to the sea to part. You'll go to the load balancers, hopes, load balancers, and then you're going to select this and you go to the listeners. We want to add a new lister and we want to listen on https. Right? So you just click Add listener. You would choose https and it's still going to use the same target group. It doesn't matter if your target group is hosted on 80 or four for three as long as you have your lord balance Airport pointing toe receiving traffic on 443 You can always three directing traffic back to port 80 from Lord Balancer to your application server. So I'm gonna choose the the same target group and we're going to choose a certificate. Ah, choose a certificate from the ACM and which is going to be started cycle nothing dot com from here and then I'm just gonna hit create. Okay, So this is saying that our security group doesn't allow that port for for three traffic incoming, that really going to fix it right away. So I thought in a boat do is go to the oh External. He'll be security group and in the inborn traffic, what we're going to do is add another rule, which is a three TPS, and we're going to see that we can receive traffic from everywhere for this, and it's safe if I go back here and go to my listeners I should have my for for three listener listed here. And although, although request our being able to do my they started group So let's test if we can get the restrictive Pierce working here to goto this. This is the http. And if I put and should GPS, then it complaints of being not secure because you're not using the same DNs here. But once we configure our route 53 point toe that specific domain, then this would start working if it proceed. Even though it is a city piers, it is not secure because it is not evaluating the certificate that we should. So, um, that's it for this lecture In the next lecture will configure our BNS, which is the route 53 part. And, uh and that is going toe point. The point of obligation to expressing domain name. So I'll see you there. Thanks. 29. Route53 - Create Subdomain which points to ALB: hello and welcome back. So in this lesson off you're going toe configure our art 53 part for our production infrastructure. So the one thing that you require to complete this lesson is a register domain name. It can be from the route 50 30 itself. Are you Could you could purchase any domain from DNS providers like go Daddy or any other providers. So let's get started. You need to go to the route 53 from AWS console and you need to go to the whole state zones and you need to create a hosted zone. Ah, I've already created my hosted zone, which is for cycle and nothing dot com. That's the domain name that I'm going to use now. So you just need to key in your domain name here, and then you need to choose the public hosted zone and then hit create. So once you hit, create ah, you will be provided with default records from from the euro 53 itself. So you're interested in the in this regard? So the next thing that you going to do is log into your DNS provider for in my case, it is godaddy dot com. So I log in here and then I'm just gonna go to man, manage my DNS so here has already connected it to my account. You might not observe here. So there some default records that are preassigned toe the name servers off the GoDaddy itself. But what we going to do? It's like we going toe change it to custom name servers. And then we're going to put in our ah names. There were entries that we got from the AWS, not 53 itself. If you see here, these are the entries that I got from ah, from the credibly assault 53. So once we be enter it here it it takes like some timeto propagate. And once it is propagated, then all your you can just create your supplements and manager DNS directly from Route 53. And you don't need to goto go, Daddy to manage your DNS anymore. So once we do that, we come back here. We just create a new record set, and we're going to point it toe are he'll be there. So for this application, let's call it my prod applications, not cycle of Britain dot com. And I'm going to choose the sassy I P v four address, and I'm going to choose it as an alias and we're going toe pointed to our he'll be which is my big company, l b. And I'm going to choose the simple routing policy. You have different options, like waited. They didn't see or fail our or they're different use cases for different things. But in our case, we're going to choose a simple lording policy, and we're going to hit create. So now what happens is in a few minutes, we should be able tow browse our production application just by entering my part application dot com. So this takes this is us. This is a new D N a century. This is going to take a few minutes to propagate for the DNS records. I'm gonna pause this and then come back once this is ready. Okay, So after a few minutes and they being us flush, I can now resolve this domain name, and I'm able to get my production server configured. And also we can check this using https asked. You have created a http assert and assigned it to our load balancers. So now we have our production applications running on its GDP and extra DPS. And we have a DNS entry pointing toe that application. So, basically, uh, this is it for for the Venus Park. And I will see you in the next one. Thanks. 30. Terraform Introduction: hello and welcome back. So in the section off the course, we're going to learn about terra form, and we're going to implement this in our production infrastructure. So before getting started, let's learn something about terra form. So what is tough home? Basically, it is a open source tool developed by hash carp. What this does is it helps you toe store your infrastructure as cold, meaning. You can have your entire infrastructure in the form off accord, and it makes it easy for you to save this called in a subversion, or to get help, and which enables you to share your infrastructure with among your team members. And you could also modify your infrastructure or recreate your infrastructure. So let me tell you the use cases behind this. So let's say, um, you have an infrastructure that is created by terra form and you have the conflagration filed with you. Now someone in your team goes in to the Let's say we're using AWS in the skin. In the scenario, he goes in and changes something in the in your configuration off your fear production infrastructure. Ah, but he forgot what he changed. So to get the actual desired state back. You can go back and get your terra form configuration that you have saved in your version ing. Ah, you could just run that script again and get back your infrastructure to the desired state . So this helps you to keep you, AH, consistent environment. And also the other use cases that you might have is, Let's say you. Let's say you you want to spin up a new environment with exactly the same configuration that you have currently in your production network if they want to create a pre part R, a Q A network. So at in those scenarios, what you want to do is you just need to change a few variables which define like rich network. It's going to get created. And then all you gotta do is like run this terra form and you have your new environment with exactly the same configuration that you have in your production infrastructure or any other infrastructure that you are recreating. So it's very simple to use. It's it's very manageable, and it is also a widely used tool in the current industry. So so that's the reason we wondered, learn to perform and we want toe save the infrastructure that we have created in our previous lessons using terra form and we're going toe see each and every step off, like how do you write the conflagration? How do you explore the documentation toe? Get your desired, um, resources to configure. And ah, we're going to see how the basically used this terra forming our infrastructure. So, uh, let me also tell you, ah, the steps that are in world in getting your data form to run ISS first thing you need to write a configuration file, which is going to be a dot pdf file, which uses a head C a language, which is has she Corp configuration language. And this is a very simple language and it is easy to use. It is mostly English, and it is kind of a dick Laredo language. So when you read the configuration file, it is straight forward saying that Okay, I need a load balancer. I need a name to it. Ah, this is the conflagration that I'm going to give and that's it. You just run that plan. So as once you have the configuration file ready, next thing that you're going to need a that you're going to need to do. It's like planned infrastructure. That is, you're going to run a command saying Terra form plan and then what it's going to do. It's like it's going to check against the current infrastructure, and it's going to see what all the resources that you need to create in order to get to your desired state of configuration. And then it's going to list out to your saying that, OK, so these are the resources that we're going to create. So once you have a plan in place, the next thing you're going to do it's like the reform apply. So once you do that, what it's going to do, it's like it's going to apply the configuration of two year the cloud infrastructure, and then it's going to create all the resources that you want in order to get through the desired state. So these are the three simple steps that we need toe do toe, create your infrastructure using uniform. Ah, and when you modify your configuration, it's again the same steps. You're gonna modify your configuration file, you save it, and then Terra Form has two files that are generated when you first run the terra form script. Uh, what it saves is like it saves the information and the data like, What's the idea is that has been created for the resource is something like that. And then whatever you run the second time with the third time, where it's going to do, it's like it's going to synchronize with the current infrastructure that is running in your cloud. And it's going to compare with what's new resources that it's going to create or what's what's getting modified in the current resources and it's going toe. Apply those changes in order to get to your desired state. So enough off terra form. Now that you know what the reform is used for and how important it is to have it at a form script configured for your production infrastructure, let's get started. That's it for this lesson. I'll see in the next one. Thanks Bye bye 31. Terraform Installation: hello and welcome back. So now that we know what they're farmed us, let's go ahead and install it in our computer. So all you gotta do it's like go to this website and farmed out I Oh, I have it open. So I'm gonna put this here and you're going toe download. Whatever the latest washiness. So and it's gonna to 0.11 point one. And I want to choose my operating system. You can choose any other operating system, but I'm gonna use windows, and it is really simple toe Install it on any off the operating system as ah, all you gotta do is like Donald Bindley standpoint, your part to it. So that's what I'm going to do in the windows. So I hit Don't, Lord, and I'm gonna clear the new for, and I'm going toe knowledge it here. So once it is downloaded, what I gotta do is like extract the files in this, and I'm going to find a executable here. So what I'm gonna do, it's like copy this executable from here and put it in my C program files so that I can better track were my, uh, programs are installed. So I'm gonna do head of forms here, and I'm gonna baste it here. So now for your care of home, to get recognized in your command line interface, all you got to do it's like add this to your part variable in your environment variables. So I'm gonna do at it environment variables, and I'm going to add it to my part. So here's my part, and I'm going toe create a new one, and I'm going to add a terra form here. Oh, I added twice. They can just take this off, and then I could just hit. Okay, so now that you have to reform downloaded, put it in a specific location that you want and then we have added this to our environment variable spot. And next thing that I'm gonna do is open up our show and I'm going to check if I can, um, you run this command here and whether it's getting recognized. So, like you can see ah, 10. A farm is getting recognized because it's in our path and we have a bunch of different options that we can choose from here. So that's it for this lesson in the next lesson. We're going to see how we start with our configuration and how the group plan and run our infrastructure. So I'll see you there. Bye bye. 32. AWS CLI, IAM User & Credentials in Profile Setup: hello and welcome back. So now that we have our terra form installed and ready, the next thing that we're going to do is set up our command line interface for AWS. And to do that, we need to create a I am user for terra form and I'm going toe save the credit chilled in our AWS Eli, which we're going to just install in a bit. And I'm going to say there's a profile so that I can give it a sin input to the configuration file. And the Terra form is going to use that user with that, uh, permissions that it got. And it's trying its going to use it to create the infrastructure. So let's get started to do this. First, we're going to go to the her AWS console here, and then what we're going to do is like, we're going to go to the I am section here, and I'm going to create a user for the Terra form so that I can control what permissions are given to this. So I'm going to go here and add a user here saying terra form user and I'm just going to give it a problematic access because this is meant to be just for the running the script. And I don't want this getting any consul access, whatever. So once I hit program my programmatic access here, I'm gonna hit next, give permissions, and I'm going to just give, um, the administrator access for now. But you can always find tune what you want to give to this 10 a form user. So I'm just going to create user, and I am going to download this dark TSV into my so first for it. Okay, so now that we have our credentials downloaded basically this access key and secret access key that we're going toe set it up in our C ally. The next thing that will we have to do is download the AWS, Eli. So not even just a little lawn lord terribly a cli for windows. And you can go to the first link here, and then it's going to show you different options. Ah, we just have to install it for windows. I'm gonna choose windows here, and I want to download a famous I for a 64 bit and and it's a basic installer, so you could just run this. Ah, I have already installed. So it doesn't allow me to. I think it does allow me to install so I can just hit next, next, next, and then after I just have to hit install here. I have it already installed. I'm gonna I'm not gonna I'm not going to install it again, so I'm just gonna cancel it from here. And the next thing that we have to do, it's like configure this. Ah, a Tbilisi alive with the credentials that we have just created. So to do that, I'm just going toe open up our show. You can always use the regular command problem. But I'm not comfortable with power. Since I'm we're just going to use this so he of what we're going to do. It's like we're going to do in a blessed configure and that stash profile, and we're going to give a profile name. So it is. Have a farm dash user is gonna be anything that, uh, you can create here. This is just for your reference. And then if I hit, enter going to act, act, ask for my ex society. So I'm just going to open up my credentials here and then I'm going toe. Copy this, but from here, this is my access key I d. So I copied this. I can paste it here. Next thing that it's going to ask me is the secret access key. So I'm going to copy my secret access key from here and then put it here. And the default is in. That I'm gonna choose is you rest one. Because that's where we are setting up our production infrastructure. So And I could just leave the default option for for mint, and that's it. So now you have your terra form user configured in your WC light. So that's it for this lesson. And in the next lesson, we're going to see how how we create the conformation file for Artur form. Thanks. See there by 33. Terraform Init: Hello and welcome back. So now that we have our AWS Eli and Terra form installed and ready, we're going to start with our configuration. So to do that, what you need to first do, it's like you need to choose a folder where you're going to create a terra form. So I I'm going to use this for her here, and I am just going toe create a new Ford er inside this saying terra foam. And inside this I'm just going to create a new file. It is going to be a doctor here file which a limit as production application. Dark TF, Yes. I want to change the format here and inside this file. What we're going to do is, um we're going to specify a provider, and we're going to do it in a four minute on that. So that puts the required plug ins. So first, let's go to the Terra form documentation and see how to do that. So first we go to the uniform dot io website and go to the dark section. So inside their stock section, you're going to choose a provider. So as we were working in AWS, we're going to choose here. If you're going to use some other providers, you can always check it. Check out like all the providers that it supports. There's a wide range off providers that you can configure with using telephone. Oh, here we using AWS So I'm going to choose AWS. So they're a bunch of different ways how you can configure your provider in your uniform script. I don't like to expose my access key and ticket access key in my configuration file because people tend to steal your information if it there out in open. I mean, I don't want to check check in my credit, chills in a portion, control or share it across the team because I like it, keeping it in my computer itself. And then I'm just gonna give the profile in here so that we're is running. Um, that script they have they should have their own profile. Ah, set here before they run so that they're going to use their level off access instead off a global level off access. So I'm going to choose ah, this matter off um, using the AWS provider. So I'm just gonna copy this part, and this is going to be the first block off court that I'm going to put it my configuration file. So I'm gonna go to this folder and I'm going toe open up using Ah, I'd like to use thieves Visual Studio Court. So I'm just gonna open up a new visual studio court. You can use your, um, choice off editor when I'm gonna choose usual story accord putting my fuller there and opening it. So So basically, this is a blank folder here and what you're gonna do ISS copy, paste our ups, face this block off gold here into this section and change by the gym because we're using, uh, you last one. And I'm not using a share credential file. Instead, we have it already configured in our AWS, Eli, that we're going to use terra form dash user. Okay, so now that we have created the confusion file and he have supplied what provider we're going to use and which region real configuring and what profile we're going to use here. So I hit safe, and then I'm going to open up my our shelf. I'm just going to clear this out navigating toe this folder and here we're going to run it at a farm in it, let's see what this does. So basically what it is doing, its like its checking our configuration file. And it's, uh, and it's checking what provider this is going to use. And it's going to download that require providers plug ins, and it's going to configure and create a folder inside that with that's quite configuration . So if you see here, then you have the plug in standard it for your computer and whatever the dependencies that it requires. So so now that we have configuration file here, ready and this initialized weaken, start adding our resources into this configuration file. So I love that in the next one, Thanks. 34. Create & Configure ALB Using Terraform Part 1: hello and welcome back. So in the previous lesson, we have initialized our configuration file and we have downloaded the required plug ins using tear a farm in it. And in this section, we're going to create some off. The resource is. So before doing that, let's check our architecture diagram and see the requirements that we need. Ah, the resources that we need to spend up in order to get to our decide configuration. So let's look at the diagram now. So here what we're going to do, it's like, first, we need a load venture. Oh, by the way, we're not going to recreate our entire architecture, but we're going to create the resources that are required for our application itself. So the requirements are the load balancers and the application servers configuration the artist quelling groups. So these are the three things that we're going to create. So first thing we going to do is like, we're going to create the load balancer. So to do that, that we pulled back my, um, conflation file here, and we're going to go back to our documentation for the Terra form and we're going to create the load balancer So first thing you need to do is search for your load balancer. So it should be called a lovely s load balancer. Ah, on and let me see. So basically, this is an application. Orban. So So it should be called a l b here. So we're going to choose the So under Easy to resource is you can see that we have a W s a l b. So I'm going to open this up here, and you can always look at an example here and then you can work on it toe, get to your required configuration. So I'm just going to copy these, uh, this example. Block here and then I'm going toe modify According to mine, it So I have this copied here. So what does this basically doing here is like, it's saying, I need a resource off AWS load balancer and I need to create a I need to give it a name so that I can reference it locally within this configuration file. And I'm gonna need the name off the load balancer itself. I wanted to know if it's an internal or banter on external one. I need to specify the security groups here. I need to specify the sudden it's like we did everything through the council. So let's put in our configuration here that we want to do. So I'm gonna say here, um prod product Dash, they'll be. And I'm just gonna give this name. Name off the load, balancer. ISS production production. No, no, that's gonna give my big company application bash L B Dash Prague. So I'm just gonna give terra form so that we can different shapes between different between , the one that we have created through Consul in terra form. We need external, so that's going to be internal equal to falls. And we need the security groups that we have created here. So what I'm gonna do is go to the are AWS console and get our security group ID's that where we want to put in. So basically, you can also create your security groups using terra form for this lesson. I'm not going to do that. I'm just going toe use the ones that we have created through the console. So I'm gonna go to the security groups here on the network and security, and we're going to choose the idea for the Ah, ready for the the M. D sub net has. You can see you need the BMC submit for your load, balancer. So I'm gonna choose the BMC submit. So we have your vehemence of medicines are externally will be security group the system and for already employees. So I'm gonna copy this here, and I pieced it in here. So what this is going to do? It's like it's hard coding our security group into the configuration file, which I don't like doing that, because if if I'm gonna reek here, my environment, I don't want to go in and change each and every place where the security great group is getting used. So, intern, I'm gonna use a variable. So now let's go back to our, uh, terra form documentation. And let's see how we can. Ah huh. Configured the variables. So what you could just do? It's like I just don't want to close that page. So I'm gonna go here, and I'm gonna search for chloroform valuables. Okay, so now here we can see the different ways in which the variables can be declared here. We're gonna choose the first example where and we have the key. We have the type that you can specify whether to string or a map or any other former doctor from support and the default value that if we're going to use for this. So I'm going to choose this type off declaration for variables and what I'm gonna do here, it's like on top. I'm just going to paste this year and I'm going to say external E l B Security Group I D can be sub nets as well, so I am not going to put anything here. I'm just going to leave this out for that Perform automatically detects what type often idea variables that we're configuring here. So I'm going to give this a value off of the security I d. That Oh, we get from the AWS console here. So this is our It's getting good variety. I'm going to paste it here, extra space. So once we have that here, the next thing that we need is the sub nets where we need todo host are not bad answer so that I'm just going to create another variable here, and I'm going to say the M c sub net ID's so again I'm going to go back to our Is it a console here? And I'm going to go to my GP C section to find out the ideas that I need for the load balancer here. Those are going to be the DMG submit. So I go to my servant section and copy the submit ideas from here. So the first subcommittees in the society and I'm like to use And are they here instead? Off instead offi single string there. So the other strings is declared in this way and oops. And here I need to put my second TMZ sub net. I d He's going to with this. Okay, so now I have my DMC summit ideas here. Um OK, so I have my two variables here, so I'm going to use my variables here instead off the oh, show off the hard coded value there. So inside and Ari, I'm This is how you use your variables. So you have dollar open, curly brace, and then you're going to save our 0.1 of the variable names so externally will be security group I d. And here I need a day off sub net, so I just can get it off this area from here. And I can just say inside coats, you can see that I need the BMC where dot TMZ sub net ID's and Okay, so the next thing that you're going to do, it's like, OK, before doing that, I see a typo here. I need to add a court around this from you know, also, I think this name is too big, So I'm going toe change this toe half start that TF instead off big name, because I I think, uh, Publius restricts the name Toby. Oh, it cannot be longer than 32 characters, I guess. So, uh, we're going toe shot in the name here, and ah, next thing is we definitely need the enable detection abolition production because this prevent us from accidentally clicking a delete button in our AWS console. And this is going to prevent you from that. So I just need that we turned on, and, uh, here we can also get the access logs out off the l B. That s o all the metrics that you get from the console. You can save it in your history, and you can use some parts or like sumo logic or any other her logging system that you condone parts thes locks and get some usefully in fort off it for this lesson. We're not going to use it, so it's gonna remove this block off court from here. Okay, s So we definitely need the bags. And as this is for a production application, I'm just tagging it. That's the production here. Okay, so now our load balancer is ready. Ah! Oh, The other things that we need for the load balancer are the target groups and the load balancer listener. 35. Create & Configure ALB Using Terraform Part 2: so the other things that we need for the load balancer are the target groups and the Lord balance of listeners. So let's go back to our uniform documentation and let's see the let's see the other requirement. Oh, so we're going to go back to the center section school all the way down, and here under this we need the AWS ale B target groups. I'm gonna click this one, and I'm going to go here and used the example block from here. You can always check out the argument reference here and then had in the extra parameters that if you want to add in ah, because we're going to use a lot off default values. So I'm not gonna put in a lot off resources information here. But if you want to customize stuff, you can always check out the reference here, too. Get the required configuration. So I'm gonna I'm just gonna copy this part, and I'm going to paste it in my configuration. We just need one target group as's. We've seen that we we had one target group and we had multiple listeners pointed to the same product, so I'm just going to use this target group as my that the f that t g nash frog. And I'm going to copy piece the name from here. We want it to be on for 80. We need this on the STV protocol, and one thing we need is here. We need to be PC idea. So I'm just gonna create another variable here called vpc idly. And I'm going to copy it from our AWS console if a goal back here Ah, on a BBC, probably PC. We have the BBC I d. So I'm just gonna copy it from here and put it in my contribution filed here. So now here. I'm just going to change my V p c i D. Yes, I think this large dark sea. Okay, so you've got the BBC ITV got the protocols, name and stuff. Ah, the next thing that we going to do ISS go back to our documentation and see if we need anything else. Okay, We got the name of it. It's important because the ports that the protocol because the BBC I d ah b registration delay. We can I think I was good with the 302nd default, so I'm just gonna leave it there. I don't need any stickiness. Okay? I need the, uh, uh, health check, and and we're going to use the default. Partridges are slash as the health. Soto, check how it is configured. If I just click this, I'm gonna see something here. Okay, so the health check blocks is defined as underscore Check. So to define a block, all you got to do it's like you put in the block that you want here, open, calibrates and close curly place inside this, you're going to use it as a key value pairs. So you need the interval, which is going to be something like this in true. Well, and you're going to give it a number off. Uh, I'm just gonna give it, and then we're off 30 and put it on the courts 30. And I'm going to give it back off the default part, and we have the okay, let's go back to our consul and see what we have configured so largely less easy to recreate. That way, I'm gonna go to the Ec2 section here and go to my target tubes and go to my targets. Oh, no. Go to my health check. And we can see we have the http protocol. So we need the protocol here for the call, and we need to give it a student. People call and we have the port lettuce. Let's see how we can confuse the port here. So basically, this defaults to traffic port. So I don't need to specify a port here as we have the default with just the traffic port. Ah, we need to give it a healthy threshold. Unhealthy threshold. Time out, inter Well, and success coats. So let's go back to the documentation and open up the find here. Okay? So we need the ah healthy Congress core short, and we need the healthy threshold to be just gonna be anything I'm just going to give it to and we need on healthy the fresh short we're going to give. This has five and we need the time out, which should be less than the interval time. There's gonna give it, like, 28. And, uh so the next thing that we need to do with the warn thesis access codes. So let's see what? How we can configure the success court here. Okay. Goods to use checking for health. Full rest once. Okay? Yes. So this is what we need to do. So we need to get the match. Er so we need to put the matter as match your world. Do we need to be 200? Yes. We're expecting it to 100 response back. Okay, so I think that's it for the target group. The next thing that we need is the ah Lord, balance a listener so that we have a listener for http and https. And those listeners are going toe forward. Our requests toe the target groups here, so let's see how to configure those. So to do that, I'm going to go back to my documentation here. And if I scroll back all the way to easy to resources, I can check for AWS. They'll be listener. Okay. So, like, you can see for this load. Balancer Listener, you need to have a target group and you need to have a load balancer. Okay, we have already configured those, so I'm going to copy this section here, and we're going to modify it according to our needs. So here, I'm gonna first thing if I'm gonna give this name is going to be happy as to DPS. Oh, it's DP Listener. And OK, so the load balancer Aaron. So what this is doing? It's like it's asking us to which load, balancer. We need to configure this too. So we want it to be configured to our world bands here, here. So I'm going to copy the name from here and put it here. So the saying in load balancers use this load balancers chaotic, and we're going configuring it for http. So I'm gonna still be here. No, I'm gonna choose a deport, and I'm gonna choose that DPS It should be entered off extra DPS for extra DPS. We don't need this confirmation before this. I'm gonna make a copy so that I can be used this for its treaty PS for extra TV. We don't need thes two here, and the default accidents were going toe send it to our Sgtp target group. So I want a copy in the name off the target group and put it here so that this automatically gets the land. I'm gonna follow those requests. You can always ADM or, uh, rules here so that you can, um you can have, um, different parts getting forever Two different target groups. So Ah. Okay. So the next thing we need to do is configure the extra DPS one here. So I'm gonna change the name plates to Piers. I'm still gonna use the same Lord Baron terror and the port is going to be 443 And this is going to be https. Oh, you're going to use SSL positive the fall one, or we can match it toe the one that you have created here. So if I go back to my load balancer listeners, I can check the security policy. So we're using this one so I can copy this part here and based it here. Okay. The certificate. Aaron is the one that you've created in the A certificate manager. Just your domains. SSL, cert. I'm gonna go here, choose my SSL cert, and copy the Aaron, and I'm going to paste it here. Okay, so the default action is we need to forward it to our same extra tributary a group. Ah, So I'm gonna copy name here and put it here. So basically the year having two different load balancers hopes Oops. I copied the wrong one. So I'm gonna copy the target groups name here, and I'm going to put it here, and I'm gonna forward in this. So, uh, so far, what we have us, we have the door balancer. We have the listeners, we have the target group, and we have two different listeners which are listening on its recipient and its treaty, Pius and border far wording that requests back to the same target group. And let's try to run this terra form and see how this is going to create our infrastructure . Okay, for that, I'm going to open up my partial. Uh, I'm gonna stay in the same folder where we have this configuration file, and I'm going to run this command tear off form, get a phone plan, and let's see what this does. So basically, it goes and checks with ah, with your cloud saying more than all the resources that it needs to create, and it tells us de plan for that. Okay, so it's throwing couple off others here. It's saying unknown. Variable referenced here. And no only sources front. And oh, we might have missed something here. Uh, let's see what? Huh? Line this is their friends define block. Very well. Vpc I'd be every PC I d here. Oh, that was all uppercase that couldn't recognize it there. Okay, so the next thing that we have problem here is in the extra DPS listener Https listener. I think we didn't save it. So this is complaining about friend, like, half think or front. Okay, so I think I might have not saved it. OK, now that we have everything saved, let's try to run this again. Okay? Oh, I made a typo here in threshold. Cool headed. Okay. Oh, my God. I'm making so many typos. Did you try on healthy threshold? Okay, so, no, finally this grand and we have the plan saying that it's going to create a load balancer. First, it's going to create the listeners. It's going to create the target group, and it's saying that we're going to add four. Resource is there is nothing to change, and there's nothing to destroy. So to create this all we gotta do. It's like from this comment and a form reply. Hopes again. I made it. Hitler tell our form a plight. Okay, so now this is going to ask us for a confirmation Whether or not you want to run this so we can double check here having a lord bands, our listeners and the target group. So if you're OK with this, just type. Yes. Here and press. Enter. Now this is going to clear the resources and we can go back to our console and check if thestreet sources are kidder or not. So let's jump back to the console. Let me let us wait until this gets finished. It's just going to take ah, a few minutes to just create the resources it once I'm gonna pass and come back once it's done. Okay, so this completed after, like, a few minutes. It really took some, like around 2 2.5 minutes to create the load balancer. But once the system ah, you get a successful in my searching that for resources were created and let's go back to the council and check if they're all created properly. I'm going to go back to my console goto the easy to section and go to my load balancer. Okay, so we do have our floor balancer created and you can compare Thies to load balancers. It should have almost the same configuration because we did the same configuration using our, um, terra form. And that's checked listeners here. Okay, we do have to listeners. And the rules are saying, whatever the traffic comes in, forward it to this target groups. Let's check out the target groups. If I go here, I should have the target group created. And we have the health check to be configured to whatever the requirements that you have specified there. And that's pretty much it. So we we have configured our first part in our architecture, which is the Lord balance or set up. And in the next lesson, we're going toe configure our applications, or worse. And it's dependencies. Okay, I'll see you there. Bye bye. 36. Create & Configure Launch Configuration Using Terraform: hello and welcome back. So in the previous lesson, we have configured our load balancer, our target groups and our listeners using the telephone and in the section we're going toe configure our launch configuration, or are the scaling groups and her all the scaling policies etcetera, using telephone. So let's get started. So the first thing that we were going to need ah to create it's the launch configuration so that we can hook that up to the or the scaling group. So let's go to our Terra form documentation, uh, answered for launch configuration. Ah, under easy to resource is we want to select the launch conflagration. And here there are different examples that you can choose from and all the different options that you can provide to your launch configuration. So I'm gonna choose a example from here. It's going to a basic example and we'll be adding our parameters toe that by checking the launch conflagration that we have created through concert the first thing that I want to do It's like I want to give this a name. I'll call this app underscore launch configuration underscore. I'm just going to give it a name off I'm just going to give in the date. See the one underscore. I'm just gonna use dashes instead. 7 2018 And I'm going to give this a name. Yes, the same master resource name here. A copy based. Okay, so we need to go back to our council to figure out the image idea which is going to with our a m i t. I'm gonna go back to my easy to console, go to the launch configurations. Here you can final settings that you have configured for this. So I'm gonna copy in the A My i d. From here. And Okay, So, like we've treated for the other variables, I'm just gonna create a new variable here for the Miley face. So I'm gonna copy on and I cut this. Put it here, call this in my eye extra lane and the I'd like to use it here, So I'm gonna call this our guard in my I d. I just want to use to teacher dot Micro, this word give me. So I'm just gonna go here and check all the other stuff that I need. So I needn't. I am role to be assigned to. I'm going to go back to my documentation here and see what? How I can configure this. So this is going to be instance. Role copy This they stood here. So my instance. Role would be our instance. Role part. I'm gonna copy this from here and put it here. Okay, so the next thing that we need East keeping his name, So I will go back to the documentation, copied the key name here to tear. That's going to be your IPCC test. KP was gonna confirm it. Okay, copy that. He stood here, and we need the Ah. Next thing that we need is the security group. So I'm gonna go back here and copy this. Okay, so this is going to be a list off security groups so we can put it here. And this is going to be a list off security groups. So first thing you need to do is let go back here, copy the security group, and that's great available for this guy. So copy this block, make it valuable. Named Public Security Group, if you need our application servers to be hosted in Public Security Group. So that's why we chose this on here. And but the security group here, so dark public as chief. Okay, so one more thing that we need is the user data. So we need this user data so that we could copy are built whenever we put up a new instance . So the way we do that is oh, you're going to create a file at some part, and then we're going to give that part toe, um, give that part as a reference to the user data. So I'm just going to call this user data. And inside this file, I'm going to copy the user data that we have created here copping this one, pasting it here and safe. Okay, so here how the way you're going to refer, this is s So this is a file. So I'm just going toe open this as oh, file. And I'm just going to give this apart, Gord dollars. Bardot user. Oh, I need to create a variable for this part. So I'm just gonna go here in this call this, uh, user data and then give the but for this call this user data txt. Okay, so the one thing that you need to do is you need to add another slash because it doesn't recognize it with the single slash Need to escape the slashes. So extra slash. Once you have the variable, you gonna refer that here as you start user data part and you're going to close the's rackets. Match it. Ah, and actually, you need to open this as the curly brace here. And you've close this file one. You're going to close the curly brace. Gonna close the courts there. Okay, so we now have the launch configuration ready. And as we didn't change in this storage or anything like that, So I think we're good to go. Uh, let's go ahead and run. This inn are par service. They open up the one for them. Okay, so let's try running this. So we're gonna do that our farm planned. Okay, so this is saying the duplicates found variable names must be unique. Oh, maybe I did it type of here. Ah. Did I do a type of public case? G? Oh, why don't have to a my this year, Okay, so I'm gonna take this off from here, and I'm gonna try to the from planet game, but saying public s she is to placate. Take this stuff. That's well, Okay, so now you should be able tow. See that? Trying to add a new resource, which is our launch configuration. So if I do terra form apply this will create the launch configuration for us. Okay, so I just don't have to give a confirmation. Okay, so now we have our lunch configuration ready. And in the next lesson, we're going to create our artist killing group. So that's it for this lesson that see in the next one by 37. Create & Configure ASG Using Terraform Part 1: Okay, so now in this lesson, we're going to create the order Skilling group using terra form. So let's go to the terror from documentation and see what we need. So I'm gonna search for those scaling groups and under easy to, ah, we have to search for the auto scaling group. So on this, you'll find several examples. Ah, so I am going to choose the example off. Let's make a simple example. Okay, Maybe I can just copy this guy, so let me see. Read this. And Okay, so I'm gonna copy all these and paste it in our configuration file. Okay, So first thing is, I want to give this a name ass. Half underscore P s G l A score card. And okay, so the available the zones will be are subject to availability zones. So ah, here. We can just say variable we need Oh, now are what we call this, uh, s g Easy's. And give that this is going to be a list off. Easy. So we need to ah, available. Disowned. So to get the available designing for we're going to go back to our console and lord orders kidding groups. We're going to choose these two thes. Just gonna copy here. Uh, but courts around it. Okay, So going to use that variable in your So it's sort of this We're going to have the available I thought Oh, dsg eighties. Okay, so name off. The is going to be Ah hap on the score SG on the score. Uh oh. Our farm. We're score product. So this is just toe the friendship between our the other lord bands there. There are two Skilling group that we have created and the terror for one. So I'm gonna give them access is five minutes. I still is. That capacity is too. Oh, hell, Check their spirit. We leave it 300 we need the health check type to be. You'll be Ah, I don't think we need a force delete here, and oh, we don't need any placement groups with this. We're just creating this, uh, normally under the load balancer. The launch confirmation that we're going to use is the one that created here. So we have to give the name off this resource. So this is going toe Pick it up radically from here and, ah, the initial lifecycle hook, so we don't need any lifecycle hook for now. So I'm just gonna take this off from here. And also, I don't need to give all these stuff, so I'm just going to get it off it. Okay, So the other important thing that you need to do issue need to hook this up to a specific load balancer. So the way that you're going to do us, you're goingto go here and search for the target group. Example. So you're going to say Okay, so you need the target group. Aaron's here, So I'm gonna go here, and this is going to be a list. So thinking to give list. And what are you going to say, ISS? You're going to get the air in for your target to. Okay, so that seem like you've done in the door balance and listener going to copy this, but and put it in. Yeah, So now you're saying you need the target groups here in for this specific target group. So whenever a order skating row planters and new instances it assigned start new instant 100 this target group Uh, Okay, So the next thing that we need iss um We need the termination policies to be the oldest instance. So I'm gonna go back here, copy the termination policies, and this is also a list. Uh, so you're going to put in here don't. And to give this the oldest a copy this from you. I'm going to give this house the oldest instance. Okay, so the other thing that we need have you got the launch config? We got thes settings. Okay, so the thing that we need is the sub nets. So, uh, let me go back here in search for the submit. Okay, So the sub net are such for this. Okay, so we're going to choose the VPC zone. I didn't fire to specify are sub nets. This is going to be a list. So this is going to be here, and you need to add the submit. ID's in the variable, so I'm going to create a new variable, and this is going to be public sub public sub net. My niece and we let go to our council toe, get herself varieties so you can get the separate ideas from here. Copy paste in this guy market with coats and used this variable in your heart of scaling group. So sneak do. Okay, that's that. It's already your list. You can just automatically call this IHS sub net. This is probably some of the Chinese. Okay, so the I think we got all the basic stuff that we needed here, and we just need a few tax were going to say this US and one Rand, give this as, ah, production, and we're going to propagate this at launch. We don't need to give any time out. And let's run this and see what we get. Okay, So to do that, we're going to go back to our partial, and we're going to do a terra form plan. Okay, so we have some ever here, so it's saying it can't find the variable. Oh, we didn't do okay, so no. Yeah. Okay. So something meth got messed up here, identifiers. Okay, Something's not right. So let's copy that part again. So going toe this Oh, it's just I didn t fire. Okay, so let's run this again. Okay, So now it will test whether ah, it will check what resources it needs to create. So it's going to create the G. So I'm going to go tear a farm? Well, I and given information. So I'm gonna boss the video here and then come back once this is created. 38. Create & Configure ASG Using Terraform Part 2: Okay, so now we have our artist killing group created with the Terra form. So we're going to go back to our consul and check if that got created correctly. So I'm gonna go back to my console here and we refresh. No, I should see my or a scaling group that's being created by the telephone. So now, not only this. Ah, created the auto scaling group. It also started to launch the instances. Now, if I go to my running instances, you should see the two instances that were created in the early lessons and the two instances that are getting created now. So if you see, these are the two resources Oh, that it's getting created. And if you notice here, we didn't get the name tag applied here, so we can go back and at Dr Ward Terra form script. So I'm going to go back here, check what tag that you added here. So So we have added So we're missing the name Tiger. So I'm just gonna add that name tag back to in my uniform script. Copy the name tag. Here, taste it. Give us a name, missus application. This making of the name here. Distribute French here. Eso now the you should do a telephone plan again. This is going to tell us that it's going to add a new tag and let's see what comes back with. So it's changing the orders killing group with, ah, the number of tags to be to now. And the new tag is going to be the specific tag that we're adding name and complication production. Soto, apply that we're going to run terra form apply and we're going to give it take information to run it. Okay, so now that we have changed this, this is not going to take an immediate effect. It definitely adds the name here, but the instance itself will not get the ah, get the name propagated by Ah, the next instance that is going to be launched from this SG would have that new name tag coming in. Okay, so I believe this. Ah, instances. Up and working. I'm gonna go to my load balancer and try to run this Europe first. Let me check if this target is actually healthy. So I came here. I can see the two new targets getting assigned are to this charity troops. So I'm going to go back to my lord, answer and copy the DNS. And from this. Okay, so I do get back my response from the production server application. Ah, and as you can see, if we have configured it Ah, everything just via the telephone. And now we can save the sterile farm and share it with your team members or your gun store this in your version, controlling. And you can recreate any environment that you want just by changing these variables here. Because this is what defines where it needs to be launched and stuff like that. Once you change this, you can have the exact same infrastructure getting created in some other environment that you want. Ah, that's it for this lesson. And in the next lesson, we're going to configure our alarms and Skilling policies, So I'll see you there 39. Create & Configure Scaling Policies & CloudWatch Alarms Using Terraform: hello and welcome back. So in this lesson, we're going to continue our very if left off in the previous lesson. So here we are going to configure the notifications for artist killing group when or some scaling activity happens, and we're going to configure some cloudwatch alarms, and we're going to tie it toe our or the scaling skin ah group so that the whenever the alarm gets triggered, the order scaling group has an action toe respond. Do whether to scale up or scale down based on the alarm that's getting triggered. So let's get started. So the first thing that I want to do it's like add notifications when aware some skating activity happens in our or the scaling group. To do that, we need to go back to our telephone documentation so you can search for order scaling or risk a notification. Basically, what we're doing is if I go back to my AWS console here into orders killing group. If I look at the or this killing group that you have created using console or here on the notification section, we have the notification with this auto scaling activity notification, and what's happening is whenever this launch turn right. Failed to launch and failed to terminate. When are these events happen? There is a notification that's getting triggered. Eso We're going to create the same thing in our terra form. So let me go back to the documentation here. Israel Simple. I can just copy this example from here, and I'm going to paste it in my telephone script. I'm gonna give this notification thing. Uh, activity underscoring a notification, do the notification and hear what we need to give us. Like, what are the scaling group are retiring this notification toe. So we're gonna tie this to our order scaling group that we've created here. I'm gonna take this off, and this should be replaced with this. Happy is cheap front here. So I'm gonna copy that and replace it here and now we have our Skilling group name here and on what conditions do any toe triggered the notification. So in this scenario, we need a launch terminate launcher. And if I see in my console, I also have I have four things here, so I'm gonna go back to this check. Like what? The references that I can make. So I need to go to the AWS documentation to find all the possible options. So we have easy to instance Launch instance large. And since terminate instance launcher and we need to copy this easy toe instance, Terminator. I'm gonna copy that. And then, addict, my scaling. Oh, in this copy paste here. And that's pretty much it. The next thing that we need to do, it's like you need toe get the Senate's topic. Aaron, do that. I'm going to go back to my aid of this. Console your to create a new one. You can always create a new one using telephone, but I already have that created in my previous example. So I'm gonna go to my SNS topics and I'm gonna copy that O E. Allen from here. So that would be going to topics. And we're going to use a auto scaling group activity notification they are in. So I'm gonna copy this, and I'm gonna baste it in Oh, actually, I'm gonna create a ah variable for that so that I can change it if I want to change the environment. So valuable. Oh, those killing a notification on and and I can see it default to. And then you just need to got this from here and basted. Think I deleted the closing place. Okay, so now that I have this, I'm gonna go to my order skating notification here and instead off this I'm gonna do while dot or the scaling notification. Okay, so now let's go back to our telephone and I mean the partial and tried to run this. I'm going to do terra form plant and let's see what this gives us back. Okay? It is kind of checking. Okay, So it is saying that it's going to add one resource, which is our new notification toe, our hardest killing group. And I'm okay with that. So I'm applying back toe my infrastructure, so I'm just gonna do terra form apply, and I'm gonna give a confirmation off s once it is ready. Okay, so it is ready. So I'm going to give a confirmation. Yes. Okay. Cool. So now that this has completed, if I go back to my, uh, easy to check my, uh, or the scaling group that rift created using data form, we can see that the order scaling group modifications has been added here. Okay, so now we have docked. And the next thing that we need to do is we need to act some scaling policies so that we can scale up our down based on whenever there is some activity happening, like high CPI or highlight and seeing the Lord violence or something like that. So we're gonna cop configure the same thing with this. Ah, we're gonna do a high CPU scale up, and we're gonna do a lowly didn t alarm to scale down. So let's get started. Um, so I'm gonna go back to my telephone documentation, and we're going to check for first thing is, we need to create a cloudwatch so we can see cloudwatch. Hello. We thought that resources which we don't want Ah, that's check for alone. Okay, so we need to get a cloudwatch medical. Um, and we can see different examples here that we can use from. I'm just gonna copy the first example from here. It is going to be this one. Scrap it. Here, go back to my telephone. Basted in here. So what this is going to do? It's like it's going to create a cloud which metrical. Um, so here I'm gonna say this is going to be high CPU alarm and I'm gonna name this ap underscore I I was forced to, you alum, and the operation is going to be greater than or equal to threshold. Okay. And the value to evaluation petered are like how on the check for at least five times. And thematic name is going to be a seep utilization and name spaces aws ec2 And we also need to add the dimension so that it is just doing it across the, um, instances in the hardest killing group itself and not the entire CIB utilization off our production infrastructure. So I'm gonna check it for 60 seconds and 60 seconds and fight consecutive, did it? And the average and the threshold this fits more than 80% and and that's not gonna do any insufficient date actions here. But instead, I'm going to go here and check for my dimensions, which is going to be my orders killing groups dimension. And I'm gonna have the dimension here. So what this is saying is, um, whenever this alarm happened, it just calculates the average EBU across the instances of which are attached to this auto scaling group. So here we just need to get the name off for artists Killing group and put it here. Okay, so the next thing that we need is what happens when this alarm gets triggered. So to do that, first we need to get the scaling policies. So let's go a little bit of a new page off this guy and search for heartless killing. Okay, so we can see auto scaling policy here, so we can just, uh, choose Ah, one off the examples from here, So I'm gonna choose Oh, auto scaling policy. Okay, so this is going to give a name policy type target tracking the society's callable dimension. Okay, let misters for action. Scaling target. Okay, I think we are in the wrong documentation here. We need to This is our borders killing policy. So we need to search for, um, Are the scaling group policy under easy to resource is here. So I'm gonna go here and choose the order scaling policy. And here I need to just copy this, for example, and I'm gonna faced it here, so I'm going to say all this killing policy this is up scale up policy. So What this is going to do is I'm just gonna put So what this does is whenever something triggers this, it's going toe. Add a new instance which is going to be We're going to add one new instance and the adjustment diaper exchange in capacity and the default cool down period this ventured, the next skinning activity happened after this particular scaling. So we're gonna put 300 seconds and on what artist killing group does this need to take the action on? So I'm just gonna choose the my oldest killing room that we have created here. Copy the name there basted here. And the next thing that we're gonna do is, uh, copy paste the same thing again or the entire thing, and we will do a low CPU. So whenever there's a low CPI alarm, well, you could do a low latency or anything you want of. It's just easy toe replicate the low CPI with high CPU. So I'm just gonna do a low CPU here in this case. So we're saying low CPU if it is less than are equal to or greater than or equal to them, we're just gonna do less than or equal to threshold. And we're going to be valued for five consecutive periods CPU utilization and Theo the threshold that we're going to give a stiff. It is under 30% average CPU across the instances in this specific orders killing group. Then we're going to execute a new scale down alarm. Uh oh. I didn't actually add the action there, so we're gonna add that now. Oh, first we're gonna change this so the policy would be skilled on policy and we're going to change that. Just went to minus one. That's we're going to change. Remove the one instance from the Auto Scaling Group, and this is going to do it on this artist getting go. So the one thing that is missing here is what happens when this alarm gets triggered. So there's no action specified here, so we're gonna add that part. So we're going to go back to the documentation here with for the artist killing groups. Ah, I mean, the cloudwatch alarms, and we're gonna give the alarm action. So here we're going to copy this part, put it under the nine mentions. So whenever this alarm happens to be going toe to trigger this or the Skilling group policy . Just going to with this policy says for high CBS. So we're copping the high CPU policy, basting it here and for the same thing. We're gonna copy the low CPU alarm here. I mean, they lost ab scaled on policy here, and we're going toe. What? The action. Let me copy this action again and face it here and here into, off, upscale up. We're going out. Copy the upscale long policy based it here. Okay, so now we have our alarms configured, and we have our scale skilling policies. And when are these alarms get triggered? These killing policies would adjust the order scaling groups capacity. So let's run this and see whether that works. I'm going to do telephone plan, and this is going to check what all the resources to do. Okay, so we have some, uh, it a year, which is almost killing cap. Okay, so we have the editor seeing source. Cloudwatch High CPI alarm conflict unknown resource. Okay, So high CPU alarm. We have unknown resource, which is Oh, I think didn't trouble this guy here. And I would have more than I would have done the same thing. Yeah. Okay. So I didn't took it off from there. So let me try that. I gained now their phone plan. Okay, so now we don't have any Earth. It's checking the, uh, taking the AWS to check what resources it needs to read. Okay, so it's adding four new resources, which is our scale, upscale down policies and are high CPU and low CPU alarms. So let's apply that form. Apply. Okay, so now it's applying those alarms. And once this finishes, let's go back. Okay? I need to give the information. Yes. So once this completes, let's go back to our AWS console and check if thesis sources are created. When I do that. Goto my easy to Oh, do refresh. So here, if I goto this stuff from here, So now you can see we have our simple scaling. You're saying if there is a low CPU less than or equal to 30% off five consecutive years off 60 seconds, then we're going to remove one instance and same thing. If there is the CPU greater than 80% for 500 to put it off 60 seconds, then we're going to add a new instance. So So that's it, eh? So we have our, um, load balancers or artist killing groups are alarms and scaling policies, everything configured of your the telephone. And now, now that we know how to configure stuff a terra form, you can extend this to create your free PC, your sub net, your security groups and you can basically spend up every single resource that you have spun up using the console via the terra form configuration. So this really helps you to, ah, maintain your infrastructure and to document your infrastructure so that if there is any changes that you want to make or if you want to restore it to your previous configuration than you always have this particular script with you. So the important things that you need to consider is when you are saving your infrastructure escort, you need thes two folders, which are really important. I mean, the two files that the terra form created for you are very important. You need to also put this under washing control. So the TF state and DF backup, they stay dark backup. So this two files actually keep track off what resources were created What are the ideas for those resources that it created and stuff like that? So it is really important that you saved these two things so that you can change your existing infrastructure and update your sources. So that's it for this section. And it was really a fun thing to configure our infrastructure using terra form. So I'll see you in the next one. Thanks. Bye bye. 40. Terraform Recap: So this concludes our terra form infrastructure as court section and let's do a quickly cap off what we have done so far, I've really enjoyed this section off the course and I think we have really covered a lot of ground here. We started off by learning about what they're for me is and then we did a terra form set up on. Then we have created our I'm user and we have installed or aws Eli, if configured our access key and secret access key. And then we have seen how to use terra form. Ah, and how to browse the documentation to get started. Then we did it in a form in it and followed by be configured our application load balancer . We've created target groups, listeners, everything using terra form. And we have seen like the different phases off the reform, like there for minute terra form plan and then terra form apply so on and so forth. And then we created our order. Skilling groups are scaling policies are cloudwatch alarms and basically we have. We have automated everything that we have done manually in our previous lessons. So I really hope you guys enjoyed this section. And if you have any questions about any any part where you didn't follow, he could just comment in the comment section. And I'll, I'll try to answer your, Ah, doubts. And then we can take it from there s so that's it for this section. Let's, um let's see you in the next section. Thanks. Bye bye. 41. Slack Introduction & Account Creation: hello and welcome back. So now that we have created our production infrastructure using the AWS console and also we have learned how to use terra form to configure our infrastructure and maintain it. Ah, now is the one big and important topic, which is their wops. How do you manage your infrastructure now? Like, how do you keep track off what's going on in your production infrastructure? You ve We did configure our emails Assauer like a point off notification when there is some order scaling happening or when there's some, um, high CPU are low CPU highlight anti alarms, these kind of things. But instead of having it on the email itself, how how how would it sound if he get notifications off those scaling activities and anything that's happening in the cloud directly into our slack, Most off you are might have already used lack. For those who know slack, it is basically a messaging application that most off the companies use. It is very good for team communication. You have different integrations that you can choose to configure that and, um basically this it makes communication. Ah, very easy and effective in terms off, um, communication between the teams itself. So the idea here is like to get the notifications that we're getting in the eight of us ah , toe branch toe forward those notifications directly into the slack channels so that all the team members within the slack can subscribe to those channels, and then they can see what's going on in the cloud, and they in taken action. If there is something critical loves going on, you can have your SNS topics configured in your obligation itself like exceptions. Or if there's some errors that's going on. If there's some crash reports or do you want to collect, you can send all those information directly into the slack off. When you throw a notification to an SNS topic and we can connect that SNS topic to trigger a Lambda function, it is going too far. Word Acto the slack. So let's get started with the slack. So to do that first we need to go to the slag dot com. And if you already have a workspace here, you can use that. I'm just gonna create a new one, Uh, and that's going to give my email so it's going to asked me for a confirmation. Let me just copy that from my Gmail. Okay, so I entered those numbers that I got in my email, and then it's asking for my name. And then I'm just going to give That's nothing here. And I'm going to continue toe password. And And I'm just going to choose this'll for education purpose. And how big of a team that's choosing the minimum. This can be configured according to your needs. Clear the group name. I'm gonna use the group name as, uh, my You did me course. So my you Demi course starts lack dot com is going to be my end point for slack. I'm just gonna hit. I agree. Okay. So you can invite other team members that you want to. I'm just gonna skip it for now. Well, it's like if you have work Gmail O r. Anything configured in your office workspace. You can always use that because, ah, the slack also supports samel integration. So you can you can have your active directory users have direct access to your slack in the paid version. So in this use case, we just don't need that. Oh, so now once we have our slack. Open up. Ready. I just want to skip, Skip, skip this tutorial. So the first thing that I want to do it's like I want to create. Ah, I can use this general channel to port post my notifications to So the first thing we need to do it's like we need to create a web hook. Your So what? Web hook your unless basically that you are having or someone posts to that you are all it's going to come. Ah, it's going toe. Oh, send a notification. I mean, send a message to a specific channels so clear that we need to go go here and do manage APS . So under manage applications, you can have ah, several different integrations like you could have your he could have your Gina Indignation . You can have your, um, there. Unlike many different, uh, applications that you can integrate it with. If you browse the AB directly, that are so many APS that are getting integrated with slack thes days, you can also integrate your Google drive or your although all the APs that Google offer that kind of stuff. So for our purposes, we're going to use the custom integrations. So I'm gonna choose the custom integration here. Okay, Before we see any custom indications, we need to actually create an application which takes in a custom integration. So I'm just gonna hit build here, and, uh, I can just go toe start building, and I just I could just create an application here. I'm just going to give this name of my company AWS activity ap name. And this is going to post my, uh, the workspace here, and I'm just gonna create the application. So here are what you could do is like, we can create different configurations like slash commands, but the right sort of what? We are interest rate in the incoming web hooks. So I'm gonna select this one, and I'm going to activate this. So once I activate this, all I got to do It's like, create a new book for this workspace, and I'm going to post it to the general channels and I'm going toe hit authorize. So once I hit authorized to that, I have the weapon curole eso who are posts. So this weapon curole can post this specific channels. So now that we have this incoming web books ready? The next step is to go ahead and create our lambda function, which can skin send notifications to the specific You are. Uh, so I'll see you in the next one, but by 42. Configure Slack Integration with AWS: hello and welcome back. So in the previous lesson, we have created an incoming web book in our slack. And ah, in this lesson, what we're going to do is we're going to create a AWS Lambda function and Islam. The function will trigger a notification to slack whenever there is some activity that's going to happen in our AWS. So let's see how we can configure that. So to do that, we need to go to our AWS console and go to the Lambda Service. So inside Lambda, what we're going to do is we're going to create a function. So basically, the AWS lambda is a several s function where you can just write your court and even configure your triggers. Um, toe trigger that function and that function gets executed. Um, and you can have different sets off actions that you can perform within that function, like maybe you could. You want to change something in your AWS ecosystem where you want to post something to slack or something like that. So it is very easy to configure, and it is very easy to manage Lambda functions because you don't have toe. What about the several configuration and where you want to host this application Stuff like that. So So let's create the Lambda function that posts notifications to slack. So here we don't need to write any function because we can choose from the blueprint. There are various different blueprints that even choose from, but we're going to search for slack Here, Here, we're going to choose Thekla loud. What alarm For slack using nor JIA's. The basic thing that we need to do is give this a name. So I'm gonna say, Ah Oh, slack notifications, Lambda. And I'm gonna create it'll from the template itself where in the role would have the necessary permissions to execute this function as well as decrypt the coke. You're so basically what you were going to do us. We're going to encrypt our who cure a lot we have created in the previous lesson because we don't want to expose our hook. You are because if someone gets hold off that hook, you're what happens is they can post notifications to our channel, which we don't want. So that's why we want to protect our coke. You are. We're going to inflict it. Oh, to do that first we need to give this a role name. I'm just gonna say slack Lambda for role. And I'm going to just choose the Caymus decryption permissions and what we're going to use this We're going toe trigger this function whenever there say it's on, this topic gets triggered the auto scaling activity, and I'm just gonna hit enable trigger. And the one thing that we need is now the Caymus and captured hook Europe and the Channel where we are going to post so we don't meet. We do know that very are posting with this our general channel and the encrypted hook you are would be the encryption that you're going to create now. Soto, create an encryption. You are. What you need to do is go to your I am service and other your encryption keys. You can create a new key and you can call it Oh, before that you need to select your region because we're in you West. You have to choose the EU region here and now here you can create a new key. You can call it, um slack Lambda tmk. With this, this is a customer managed key. So years putting C m k here and then we're I don't need to give any tax here, so I'm giving access to myself to manage, and I'm giving this account, and I just need to hit finish here. So once you have this key, um, what you need to do issue need to, uh, go to your partial and and run a cli command that would give you thean corporate Europe. So to do that, what I'm going to do is first time I'm going to go to the AWS documentation. Yes, I think the euro iss encrypted here itself. I mean, placed here on how toe use this. Uh, I think I'm just gonna figure it out from here so you can use AWS kms encrypt and let's see what this gives us. Okay, so there is this one. It needs key. I d. And it needs the plain text. Okay, so let's try that. So we're going to give the key i d. So this is going to be our key that we just created. So I'm just gonna use this key. I d here, and we can paste it here. And the next thing that we need is the plain text, which is our hook you are itself. So if you read the instructions here, it is saying you just need toe create a ah encryption here with just the, uh, you oral and not the exit e p s or any other protocol that it specifies. So I'm gonna go back to my slack incoming Web books and copy my Europe. And I'm just gonna copy it from here because mentioned that we don't need the protocol. So I copied dart and paste it here. So now once a press enter, it's going to give me a encrypted eso. Okay, so the basic thing that we did here is like, we didn't specify the region, so I'm going to specify the region. You last one. Okay, so now we got the encrypted Cypher next year. So what I'm gonna do is basically copy this entire thing into a north bad session so that I can extract this Basically. So, like, this entire thing open a note pad faced it in here, So basically, this is our cipher text, so if I just expand this, I can see that this is in the next lane. I'm gonna get this back this pack. But this is all now one single strength. I'm going to copy this on and basted in Why Landau function here, and I can just know. Ah, now I can just do a create function. Okay, so now we have our slack notification. Ah, function created in the Lambda. There's one couple of things that you need to change here. Basically, this, um this function is intended, toe just send the CLOUDWATCH. Alums. But we want to use this as a general one for both order skating notifications. As for last cloudwatch alarms. So I'm just gonna remove some parsing elements here so that we can send a Kendrick message . So if you go to the process even here, So basically, what this is doing is it's parsing out the message and is pulling all the information like alarm new state, old state, etcetera, which we want, which we don't want to do. What I'm gonna do is, uh, const str message. Just I want to convert this. Asked a string, don't want to do Jason Dodd string. If I off this message and there's an extra brace, the next thing that I'm gonna do, it's like I'm going to just put this str message here last er what I do str my such here And then I'm just going to take cough extra things that we don't require. Okay, so now that we have this, we can save this and I'm just gonna use a test event to see if this is going to work. So just go good for SNS, Stephen. So I'm just gonna give this name test slack, and I'm going to just create this and I'm gonna and I'm going to hit the test important here to see if we're getting the response back in the slack. OK, so we do see our notification coming through, which is our test alarm that we I mean the test, even that we have configured in the Lambda. So now let's go back toe our ah, what we call the auto scaling group itself and tried to scale up in new instance and see if that notification is getting triggered into our slack. So let's go back to our you see, to resource is and you're going to go to our or the scaling groups. And here ah will choose this guy and we'll try toe add a new instance. Let's just wait until the new instance comes up. I'm just gonna pass this until the new instance comes up. Okay, so now that we have our new easy to instance added here, let's go back to our slack tunnel and see if you got a notification. Okay, so we do see a notification coming in here for thes killing activity that we had. Ah, and like you can see, um, it is a It is a very good use case where in all your team members need not go to your cloud console toe, check what's happening. Instead, you can get all those information and visibility off what's happening in your cloud right in your slack channels. So Oh, I really hope that you guys enjoy this part off the course and I hope you can extend Thies this example toe different use cases that you might have some off the use cases that I think really interesting are, uh, hooking up your exceptions from your applications directly into your slacks. Of that, your team members can go in and track what's happening in your application. If there's something that are happening, then you can have a real time looking toe the exceptions and you can try to fix those. So I hope this helps you in your abs. You in maintaining your production applications in a good state. So that's it for this lecture. Ah, thank you so much. Bye bye. 43. Conclusion: So this concludes our course on setting up AWS production infrastructure and landing terra form. I really enjoyed teaching this course, and I really hope that you all got some good in fort off this and you apply these concepts in your own production infrastructures that you'll be building And, uh, if you if you really have any questions, are any concerns about this o. R. If you want me to include any other topics in this particular course, you can always contact me at May lead rate cycle of nothing dot com, and I'll be more than happy to answer all your questions. And, um, I would make any changes to this course based on your selections. Um, thank you so much. And you can if you if you like this course pleased to share this course with your colleagues or your friends and are spread the knowledge off AWS cloud. Oh, peace. Thanks. Bye bye.