Learn AWS Step By Step With 3 Projects | Mukesh Ranjan | Skillshare

Learn AWS Step By Step With 3 Projects

Mukesh Ranjan, Learn Everything Step By Step

Play Speed
  • 0.5x
  • 1x (Normal)
  • 1.25x
  • 1.5x
  • 2x
35 Lessons (5h 19m)
    • 1. Course Introduction

      8:00
    • 2. Prior To AWS

      5:10
    • 3. AWS Regions Availibility Zone Edge Locations

      6:28
    • 4. Setup Free Tier Account

      2:58
    • 5. Understand AWS Management Console

      7:04
    • 6. Setup Free Tier Usage Billing Alarm

      7:17
    • 7. Understand Identity access management

      14:03
    • 8. CONCEPT Elastic Compute Cloud

      12:32
    • 9. LAB Elastic Compute Cloud

      13:35
    • 10. CONCEPTS Elastic Block Storage

      7:26
    • 11. LAB Elastic Block Storage

      8:15
    • 12. VPC Introduction with Subnet and CIDR Block Part1

      6:22
    • 13. Concept Security Groups

      7:26
    • 14. LAB Security Group

      9:22
    • 15. VPC Component RouteTable

      6:45
    • 16. VPC Component Internet Gateway

      5:35
    • 17. VPC Component ElasticIP Addresses

      5:23
    • 18. VPC Component Network Address Translation(NAT)

      7:27
    • 19. VPC Component Egress Only Internet Gateways

      3:02
    • 20. VPC Components VPC Flow Logs NACL Implied Router

      8:33
    • 21. LAB Default VPC

      9:45
    • 22. LAB Custom VPC

      17:42
    • 23. Amazon Machine Image

      6:50
    • 24. AWS CloudWatch

      7:01
    • 25. Make EC2 Instance As Webserver

      10:15
    • 26. EC2 Bootstrap

      4:50
    • 27. AWS Elastic Load Balancing

      12:49
    • 28. CONCEPTS Amazon Simple Storage Services

      12:17
    • 29. LAB Amazon Simple Storage Services

      16:11
    • 30. CONCEPTS AWS CloudFront

      4:42
    • 31. LAB AWS CloudFront

      19:41
    • 32. AWS Route53

      8:58
    • 33. CONCEPT AWS Relational Database Service(RDS)

      7:31
    • 34. LAB AWS Relational Database Service(RDS)

      10:01
    • 35. Project Design High Availabity AWS Infrastructure

      17:26

About This Class

LEARN AWS STEP BY STEP is the Course  designed exclusive for Freshers and Beginners who want learn AWS. In this course you will be learning the AWS services in Step By Step Manner with manual steps using AWS Management Console . We will be learning the AWS Services with Practical approach. I have designed AWS Automation Series courses in such a manner that you can easily  work with  any of the AWS project after finishing the series. This course is pre-requisite for my upcoming AWS Automation courses. I will be coming with complete AWS Automation series with different technologies (Like Boto3 / PowerShell / Shell Scripting / Serverless Architecture / Cloud DevOps ) in the Next 6 Months. My Target for this series is that you will learn the Industry Standard different approaches of AWS Automation.

In this course you will be Learning following Concepts and with LAB based approach

AWS Automation Series Course 1: Learn AWS Step By Step

STEP 1: OVERVIEW & SETUP :  AWS Overview And Intial Setup

Prior To AWS

What is AWS Regions / Availibility Zone / Edge Locations

Setting Up The AWS Free Tier Account

STEP 2: ECOSYSTEM : Learn AWS Ecosystem

Understand AWS Management Console

Setup Free Tier Usage Billing Alarm

Understand Identity access management

STEP 3:: COMPUTE : Learn AWS Compute Service

CONCEPT - Elastic Compute Cloud (EC2)

LAB - Elastic Compute Cloud (EC2)

STEP 4: BLOCK STORAGE: Learn AWS Elastic Block Storage

CONCEPT - Elastic Block Storage (EBS)

LAB - Elastic Block Storage (EBS)

STEP 5:MACHINE IMAGE : Learn About Amazon Machine Image

CONCEPT + LAB : AMAZON MACHINE IMAGE (AMI)

PROJECT I: Make EC2 Instance As Webserver

PROJECT II : EC2 : Make EC2 Instance As Webserver

STEP 6: Bootstrapping

Learn Bootstrapping

STEP 7:Learn About Virtual Private Cloud (VPC) In Depth

CONCEPT : VPC Component : Introduction with Subnet and CIDR Block

CONCEPT : VPC Component : Security Group

LAB : VPC Component : Security Group

CONCEPT : VPC Component : RouteTable

CONCEPT : VPC Component : Internet Gateway

CONCEPT : VPC Component : Elastic IP

CONCEPT : VPC Component : NAT (Network Address Translation)

CONCEPT : VPC Component : Egress-Only Internet Gateways

CONCEPT : VPC Component :  Flow Logs / NACL / Implied Router

LAB: Default VPC

PROJECT II: DESIGN CUSTOM VPC

Design Custom VPC

STEP 8: ELB: Learn About AWS Elastic Load Balancing

CONCEPT AND LAB: ELB : Elastic Load Balancer

STEP 9: S3 : Learn About Simple Storage Service

CONCEPTS : S3 : Simple Storage Service

LAB: S3 : Simple Storage Service

STEP 10: MONITORING : AWS-Cloudwatch

CONCEPT : AWS Cloudwatch

STEP 11: CDN : Learn About AWS Cloudfront

CONCEPTS : CDN : AWS Cloudfront

LAB: CDN : AWS Cloudfront

STEP 12 : ROUTE53 : Learn About Route53

CONCEPTS: ROUTE53 : Learn about Route53

STEP 13: DATABASES : AWS Relational Database Service(RDS)

CONCEPTS : RDS : Learn About AWS Relational Database Service

LAB: RDS : Learn About AWS Relational Database Service

FINAL PROJECT: Design High Availability AWS Infrastructure

Design High Availability AWS Infrastructure

Transcripts

1. Course Introduction: Hello, guys. Welcome to the course loan aid of Lewis's step by step. This is the first course in aid of Louis Automation cities. So let's look into the topic. What are the topics which we are going to cover in this source? This course is Redick with it for the automation within eight of Louis as we are going to perform all those exercises manually, because if you do the things manually, you can easily right any automation, irrespective of what you want to automate. So let's look into the topic now, so we will start our journey. But I step one overview and set up in this a step we will learn about what is cloud computing and what was there prior toe, either. Bluest how things was working right? Weight of Louis. And what was the pain area? Right? Weight of Louis. Then we will look into how aws globally it's credited their infrastructure and how they're organizing their infrastructure and what they're called in aid of Louis context like AWS regions availability zone as location. So all these things we will learn once you comfortable with that. Then we will look in tow. The steps to set up the AWS free to your account as it is required to work with eight of Louis management console. Once we finished their Step one, we will proceed toe there Steptoe, where we will learn about eight of Louis ecosystem with this cause. My attempt is toe teach you everything afraid of Louis in a step by step manner so that you can relate each concepts logically and you can use that service says accordingly. No moving further. Oh, in the Steptoe belong about ecosystem, afraid of Louis. So in this aspect we will understand that what is AWS management console and how you were going to use it when you use any of the services of VWs and AWS charges people usage. But with three tier account, you will be getting some our so free using off many services. Toto, drag that usage. We will set up free tier usage billing alarm in the same escape with will. I also understand identity access management, which is one of the core important topic in terms of security. Well, we will learn how to manage the security off. Any resource is off AWS with the help of identity access management now moving for the in the step three. We will learn about compute option, where we will learn about elastic compute cloud that is mainly related toe virtual servers . In this, a step alone about how many times off compute That is what you also was offered by Aid of Louis. Along with that, we will also use free two year offered virtual sober that is D to Waco or, say, free tier compute option that this d to micro. So in this aspect, we will learn, forced the concept. And then we will do the lab so that you are in a comfortable position to understand what is easy to. Once you have understanding about compute, we will move further and looking toe block a stories that is our step for here we will look in tow. Devious. That is elastic blocker stories that is stories service offering off it of Louis blockers told that used to hold the wineries off operating system. So here also, we will learn about the concepts off elastic blocking stories that is devious, and then we will do lab, And once we comfortable with devious elastic blocker stories, then we will move for the investor. Five. We will learn about Imogen Machinea made here. We will learn about how to create Imagine machine image if we had using easy to instance and made that. Is it, for instance, as a webs over and you want to replicate the same configuration in another 20 easy to instance toe, make them as a Web server. So this is Step will give you idea how to convert an easy to configuration in tow. Imagine machine image now moving for, though you will also do a small project where you will create an easy two instance and make it as a Web server. My intention with the schools is that you will do as much as lab while learning the aid of Louis so that you will get more hands on experience along with theoretical knowledge. Once you complete the Project one, we will move further on Lord in a vote bootstrapping process in the Step six. In this aspect, we will Buddhist wrapped the project one in a step six. If you confuse the world Buddhist tripping word. So Buddha stripping is nothing but a mechanism by which you can or to make the repetitive task using his script. And once you understand bootstrapping, we will proceed Photo at step seven steps seven is very important to understand the aid of Louis infrastructure. So here we were going to learn about what? Your private cloud in depth and where I have discussed all the nuts and bolts off virtual private cloud that is re PC. So we're going to discuss all these topics in virtual private Cloud section and where we will do a lab as well so that you can easily understand the concept once you're comfortable with what your private cloud, we will proceed for those and we will do the project to where we will design the custom repeat, see with the knowledge which we have required at a step seven once you completely the project. So then we will proceed for the and where we will learn about aws elastic load balancing. So here also, we will learn about the concepts and we will do the lab. Once you understand about hell, we that is elastic load balancing. We will proceed for the at the step nine on. We were going to learn about a double with one of the mostly you service that is simple story service, and here also we will understand the concept. And then we will do the lab, though, that you can get the complete knowledge about as three. That is simple story service off eight of Louis After learning as three, we will proceed for, though, and we will learn about aws cloudwatch that is mainly used for monitoring, monitoring off the resource, you said. So we belong about that. Once we learn about cloudwatch, we will proceed for the right to step 11 and we will learn about how to improve the performance off your application, which you are hosting within either of Lewis with the help of Content delivery network that a CD in that is known as cloudfront in aid of Louis infrastructure. So in this aspect we are also going to learn about the concept, and we will do the lab on it so that you will be in a comfortable position to understand the entire nitty gritty off content delivery network off AWS tactics cloudfront. Then we will proceed further and we will look into another AWS services that is Route 53 we will learn about the usage off route 53 in detail. I want to understand that. Then we will proceed further at the Step 13 where we will look into another one of the most reused Manus services. That is aws rds. That is relational database service off either of Louis. Here we will learn about the concepts off our ideas, how the are idiots instances being created and how you will create a DB engine within that instance. And once engine is being created, how we're going to access it through client tools and at last, how we will delete that db instance. So all these things we will learn within this step 13 and once we're comfortable with everything, we will do a final project where we will design something meaningful. In this project, we will design Ah, high availability eight of Louis in France. In this project, you will come to know about or to a scaling concept you will also see I was so we're coming back to an existence. If it is going down in this project, that is really going to be a very fun exercise. And that knowledge you cannot play anywhere in your practical day to day activity wherever you're designing Ojai every level infrastructure with the need of Louis. So all these things are coming in our upcoming session in this course while you are waiting for Let's jump into the court. 2. Prior To AWS: Hello grades. Welcome to the first session off our first course in need of Louis Automation cities to indecision were going toe discuss about what was there prior to eat of Louis here. Eight of Lewis's the representation off Cloud Computing as eight of Lewis is one of the major player in cloud computing in space. So instead of keeping the name prior toe cloud computing, I have kept it as pride to AWS for this topic. Cause in this journey we're going to learn about it of Louis. So we will talk only a voted of Louis. So let's jump into the diagram. And then we will start our discussion right to AWS System Administrator, often used to talk about service as a whole union, and that is called Data Center. That includes the hardware, the operating system, the storage and the application servers and the applications. Overs are often referred to await their function. That is, like exchanges over the Sequels over the file silver. And if you look into this inmate, then you will find that how this always is being organized. These words are organizing on racket spaces, so you can imagine that if something went wrong, then it is really very painful task or cumbersome task for system administrator. So I didn't to find the problem and rectify it. And in keys off hardware failure, the system administrator must add a new solo. So you can imagine that any company wants to have ah, fault tolerant infrastructure in place for dollar and means if anything goes wrong on the solo than others, over can easily take place the rule of that particular so over. So you can imagine that how difficult and how tough it was to design a fault tolerant in France structure or system administrator to resign, such infrastructure for $4 system administrator can implement Cluster also was to make them more for dollars. However, even clusters have limits on their scalability, and not all applications work in a cluster environment, and we all know that everything comes with a cost along with the cost of maintaining. So to save from these hardware and maintenance costs, the virtual server came into place, which also concept separate the server software away from the hardware. This includes the operating system, the applications and their stories, for that's over with such innovation. So where is no become just finally stored on a physical walk instead of physical hardware. So no, you must be asking me. OK, OK, so I understand that how physical so is being replaced by which also or say how virtual so over taken place or physical server. But why do we use cloud computing? Why do we use aid of Louis? So to answer your cushion, I want to quote an example and with an example, I want to make you understand. Suppose you're a CNN dot com and CNN Salvos Operation hour, nine AM until five PM in a day. Then why is print resources on the sober during night when it is not actually used? If CNN Who's there Sobel themselves, then why living in title during its known operational hours? So the better solution to host your debt cloud. Then eight of Lewis comes into picture. We will host the website in Amazon's E. C. Too easy to refer, says elastic Compute cloud, which I am going to discuss in upcoming session, for the time being just considerate as a virtual sober where we can host our website. So if we're hosting our website on easy to then we will prove is a new servers every day, and D probe isn't them every night by paying just 0.1 sample sober, poor our or might be a little more for higher capacity servers, and we don't need to worry about the hardware's. Let's imagine running about the hardware cloud computing takes for two logician, one a step ahead. So, no, I hope you understand that why we use cloud computing and eight of Louis, because it is really very cost effective. And whenever we want we can use. That's over, and we can be by use it on. Whenever we don't want, we can d prove is on it. Let's have some more discussion on cloud computing so that you will be more comfortable with the jargon core cloud computing. So so far, we have discussed about how physical So where is migrated toe What rules over now In this cloud computing era, cloud computing takes virtual addition one a step ahead, where virtualization provides the ability to run multiple operating systems on a single political system and seared down the lying hardware resources and with the power of cloud computing, it provides the ability to probe reason the services in a timely manner or so whenever we want it on the mind manner, we can allow them to a scale up and scale down off resources whenever it needed. We just need toe provide the configuration read of Louis can take your off scaling open the scaling down off your servo asper, your configuration in the upcoming station. I'm going to design a project where I will show you the same capability. That is how you have ability and four tolerant and France structure within eight of Louis that is going to were very fun exercise. So with this North, I'm just to stopping here. There are various thing coming in our upcoming session, so stay tuned and see in the next system. Until then, Bob, I take here. 3. AWS Regions Availibility Zone Edge Locations: Hello, guys. Thanks for joining decision in decision. We will learn about how the aid of Louis interest actually is being set up. But bridal, going into the detail discussion about it of Louis Cloud infrastructure set up, I wanted to make you understand about what is cloud computing is. So to understand that, let's look into her diagram so basically cloud computing, you can understand it as a group off shared physical resources made available to enable consumption off compute and storage capacity on a need basis using Internet. These shared resources can be located in multiple locations across the globe that enable accelerated access to the floor resources like so vos databases and other man it's services . No, let's understand about need of Louis Cloud infrastructure set up. But prior to going into a detailed discussion about it of Louis Global infrastructure, Let's and this turn that white cloud infrastructure matters. Companies around the world are moving toward cloud based infrastructure to increase ICTY, agility gain, unlimited scalability, improved reliability and lower carts. These companies weren't the flexibility to expand their operations at a rapid pace without worrying about setting up a new I T infrastructure as you know that setting up a 19 France structure is a costly affair, and the reason being is that they want to enhance their end user and customer experience by minimizing the Litan. See on the time it takes for their data packet to travel so they can avoid really and interruption. So, no, let's understand about AWS global infrastructure. The aid of Louis Global Infrastructure is designed will to deliver the most flexible, reliable, scalable and secure cloud computing environment with the highest quality global little performance every level today that the reason Amazonian Media player in Cloud a space the era of Louis global infrastructure set up, has 22 geographical regions, and this diagram regions is represented with the blue dots in the orange darts is upcoming regions and these regions has multiple availability. Zones have liability zones, are designed for physical redundancy and provide resilience which enables uninterrupted performance even in the event off power outage, Internet downtime, floats and any natural disasters. So let's zoom into the diagram. So here you will find that it has six availability zones. This reason, and this is a representation off North Virginia. Reason off image on eight of Louis cloud. So basically everybody zones. Our data center in the reason these have liberated Jewel's have the actual physical resources for cloud services have liberated zones are interconnected by high speed land toe enable four tolerance and high availability. So weapon case one availability zone and sat down due to any reason at least another availability zone is the level to see it. The Lord. Now there is another term that is called edge locations, as locations can be seen as so was kept geographically closer to users. These soldiers can act as a cash storage that enable faster transaction of frequently accessed data. Transfer. Acceleration technique is used to provide monster data transaction off new data. So you must be asking that what is the benefit off all these setups? The benefit we will get on the set up is high performance, high availability, security, high reliability Along with the capability off rescue ability. You can a scale your application any time with any number off instances as but your need. And as per your load off the application and all these bill coming with the locals, as I already discussed with you, a known earlier session set up all this, we need our data center and to set of the data center. It is very costly affairs because hardware costs on the maintenance of hardware cost is very high. And if you're a growing business, you can't think off to know enough off talk. Let's jump into eat of Louis Management console from where I can show you how you can choose the regions and how it looked like If you're confused about these Jagan's don't Woody, you were going toe learn all these in the upcoming station, so we're into it of Louis management. Console it. A blues management console is one of the interface by which you can interact with the aid of Louis Resources. I have a little discussion or say digitalization on AWS management console for a timing. You just consider it by using it of Louis Management console. You can play with eight of Louis Resources now coming back to the topic. If you want to know which regions we are currently belongs to in AWS management concern, then you should look in tow this extreme rate, and here you will find that North Virginia reason. So it is telling that we are in tow. North Virginia. Reason. If you want to change the region, then you come here. Click you and you can change anywhere. So it is always preferable to choose whichever your nearest location. For example. For my case, my knees issue specific moon way. So I will choose Monday, which is nearest to my location. So no, you understand about were to find regions in AWS management console and how to change it now moving further. How do we identify how many have liability? Jones have a level. So the easiest way is to identify the have liabilities on you should come here and within computer option. You will click on Easy to, and it will take us toe the easy to management console. And here you will find that we have total number or three availability zone in this year. Pacific reason. But if we will change it to the North Virginia reason, you will find that it is going to be changed to six. So let's look into that. So here you will find that we are in tow US East, North Virginia reason, and we have total number off. Six have lovely T zones, so this is the way you can identify the regions as well as they have lividity zones. So you must remember these two terms because you're going toe area where these storms frequently in our upcoming sessions. So on this note, I'm closing this session. Seeing the next session. Tilden bubble, I take it. 4. Setup Free Tier Account: Hello. Gates will come to another session in this session. We're going to set a three tier eight of loose account. So let's jump into the browser and then I will let you know their steps to set up the every two year AWS account. So what you need to go, you need to goto the google dot com and here you will search for eight of Louis three tier account and here you need to click on the first link. That is eight of Louis free tier. So we're in tow the page off AWS free tier account. From here we will create the free to American but pride to creating the free tier. I wanted to let you know that what are the offers, which we are getting in free tier With free to your account, you will be getting image on easy to 7 50 hours per month. Along with that, you will be also getting a 1,000,000 as 35 TV off store it it of Lewis also offering us imagine rds 7 50 yards off deviance stances. We are also getting crispies for no sequel databases. That is dynamically we off imagine, and there are various services, which is being offered within eight of Louis free to your account. So if you wanted to loan any off the service, Imogen provided that services within a free tier. What example, If you have for requirement to learn the capability off machine learning with the nadir of Louis than eight of Lewis also provided. Imagine Sage Maker, where you can build your machine learning models on Deploy those models. And for the 1st 2 months, it is free for 2 50 ours and they're offering tea to medium notebook, you said. So now, to register for free tier account, you need to grow up, and here you will find a button called Create a Free Account. You need to click over here, and it will take you to the sign up page. So here you will provide the email, address, passport and confirm your password and what the aid of loose account name you want to keep . So all their steps are self explanatory while doing the registration. If it will ask you for the credit card on debit card, it also accepting the David card. Once you complete the sign up process, then you need to come to the browser and visit the site console 0.8 of lewis dot amazon dot com, and from here you need to specify the email address and the password, which you have been set up. So here you need to specify your email address and then click on next. And once you provided the registry 1,000,000 password, then you will land in tow eight of Louis Management console. And here you will get all those services which we are going to loan in the upcoming session . So it is very a straightforward process. One more important thing. Whenever you were doing a sign up, you will get the verification call from eight of Louis, and once they verify it, you recount will be accessible. And once you get the access now you are ready to play with the resources afraid of Louis. So on this note, I'm stopping the session and see in the next session where we will start learning about these services. So till then, web, I take you 5. Understand AWS Management Console: Hello guys. Welcome to another session in this session. We're going to look in tow. ADA blew it. Management consultant. But prior to that, let's look into our journey. So far. So far, we have seen that what to pose happening, right to eat of Louis. Then we have understand that what is region and what is their availability? June. So these are the two concept, which was very important, so we have understand that now. After that we have looked into how to set up your free tier er on AWS, and now we have created they come No. The next step is that we have to understand that what is eat of Louis management console is but right toe that I wanted to discuss some of the point regarding it of Louis Management console. Basically eight of Louis management console is nothing but an interfering or say mechanism by which you can interact with eight of Lewis and its services. So to understand it, whether that's somethinto, the little blue it management console and understand that worked, my statement means Soto access console what you need to do. You need to read this address https, and he'll have to need right console taught. Imagine eight of those daughter Megan dot com, then in tow. So this will take you to the aid of Louis console management site, and here you need to provide the credits is use the account, which you have used for account creation, with it of fluids. For example, I have used this email address. Then I need to mention over here and click on next. After that, you need to provide your passport once you log, and then you will find that this screen. So this is Krienitz Guard eight of Louis Management console. So here the question comes that Why do we use it of with Management Council? So to answer your question, the aid of Louis management console provide the interfaith toe access the aid of Louis managed service. As I told in our of your discussion that eight of Louis offer various services to their users. So we need a way by which we can access those services or say we need a way by which we can configure those services to use it for the so eight of Louis management console. Provide that mechanism. For example, here you will find the list off. All those services over here were like, and it is being grouped together like compute Instance. We will discuss all this thing in the coming session for the time being. Just considered that so computers a group machine learning is a group, and these air the services which belonged to a particular group. So they have categorize it like that way, same way stories, database analytics. So so many service offerings provided by Aid of Louis. We're not going into all these services, but definitely I will provide you technique or a way by which you can work with any of the services. With that technique in the scores, we will play with some of the commonly used services manually forced. And then we will do the automation off those services. Whichever services which I explained in the man will part off the scores. So moving for the let's understand the console is water. They'd Yet it has given that if you look in tow the right side of this screen, then you will find that this is the profile which is being given over here, your profile description and you're seeing that it's coming like out Virginia. So this is the region or the forced region. You can see that where it of Lewis was long and then it s spread it across. So here you will find all the regions where aid of Lewis's having the presence, and we need to select the table the nearest region, like issue specific moments. But the thing is, whenever either blue is is coming with new services, it will be forced, released with not Virginia. Reason subjected. We can stick with North Virginia reason because we can get an opportunity to lick unwto water, the services, all the services you will find in North Virginia. Reason. But it is not. But it is not necessary that you will find that services in that other particular region. But it is very good practice. If you were sticking into the nearest region, why? Because it will provide us a low latency while accessing those services. So that means that suppose that if you're trying to access any services, it will take lesser time if you were accessing toe the nearest region. But if you're trying to access some other services from the other region than it will take more time, or say latency is very high compared to the nearest one. But in this course, we are going to stick with not one Virginia reason. The ones we understand that let's move further. So here you can also access the services with help off the search box. So if you want to access, for example, as three, then you will be accessing like this reachable service which you want to access. You can write the name of that service and it will be coming over here. You need to select it. So this is one of the way that is other way. You can access the services like that here. Also, you will find those information. For example, you will get the information like which group it's always belongs toe the same way you can get the complete glance, overview and year old, so unique toe right thoughts always name with this mega menu. So this is a mega menu they have provided and what you need to do you need to provide. For example, I want to access e care service. You need to write it, and it will give you the managed to burn it on aws so all the IT services. They're telling it as a resource. You can manage those resource as put your convenience and that's for your project, whichever it'd so you can come here. You can create the group of those resources. You can say you can check that want are the groups you have seen, and you can also look into the tag editors tag editors can be used to man is the services which you have created and tagged while the time off creation off that services. So from tag editor, you can manage those who says I haven't created any services, so you will not get over here. So this is the use of tag editors or design ways. Imagine has created very simple design off their AWS management console, and they have provided really good documentation on each of the services. The how do we can access the documentation to access the documentation? What you need to do, you need to come over here and take condo documenting. So here you will get the details about all those services that you want to learn about. You can kick on documentation, and it will take you to this location and where you can search for the information about that service. It'll see it has provided the duty aerial as well along with the project, so you can look in tow those documentation as well. So I would recommend that bookmark this page because I am 100 portion show that we will be coming back by and then tow this page to get the information about it of Louis managed services. So this is what I wanted to demonstrate your indecision. So see, in the next session till then. Bye bye, kid. 6. Setup Free Tier Usage Billing Alarm: Hello, guys. Welcome to another session in this session. We are going to look into how to set a building alarm. So in this aspect, what we are going to do, we're going to cover the following things. So basically, we will understand that what? Actually it is why we had using it and how we are doing. But prior to going into these discussion, let's look into the journey which we have covered so far. So so far we have looked into what was happening prior to it, a blue ists. And then we have seen that two important thing for the entire it of Louis concept that disease in an inevitability jewel, if you understand this thing than it is very easy to understand the aid of Louis infrastructure. After that, we have seen that how to set up the aid of Louis Free Tier account. Then afterwards, we have seen that eight of Louis management console, where we have discussed about why we are using AWS management console. No. In this session, we're going to look in tow setting of the building alarm into eight of Louis. But prior to going into how to do the billing alarm set up in need of Louis. We have to understand that why we had using it and what Actually it is so as you were than either Blue. It's comes with various services and some of the services which AWS offers in prettier, but not also with his faults into the free tier. So that means it is coming with some costs. So we need a mechanism by which we can monitor our uses off that services. So to achieve this thing, eight of Louis provide and interprets for setting of the building alarm. So no, we understand that what actually it is and why we are using it to let's move further and let's look into the steps. What are the steps required to setting of the willing allowed to? Let's jump into the heat of Louis console. So we are in tow. Eight of Louis console to set up the billing alarm. We need to follow these steps First. We need to goto the my building dashboards or we will be getting these options here. We will get that cost management Cost Explorer budgets budget report. So all the thing which is related with the cost and budget, you will get over here. So we are mainly interested in this session with the building preferences. So we need to click on the building preferences. So we will be getting these options so we will be mainly interested in receive free tier usage alerts so we will enable it and we will provide the militarists. If you will not provide, it will take the ROOTY County militants. But we will be interested in plowed program here at gmail dot com. So here I want that all the alerts were getting prettier. Usually I won't at this email address, So once you have provided you river Remillard is the next step is you have to select the receive building alerts. Once you inability, then you need to configure the cloudwatch. So race off aid of Louis for sending the allure to your email address. So this is really important. I have a detail station on cloud would service. So for a time being, you just to understand that Lord watches one off the service which will take care off all the monitoring related task off AWS can be configured within cloudwatch services. So now we will move further and configured. The cloud was service so that we will receive the building alerts. You can do it way too with post. Either you can click over here. It will take you to the same location else you need. Toe, come here on a pipe cloud what? And you will go directly to the cloud work. So let's understand this cloud was service. Over here you will find that there are various options for the cloud. What services? You will find that there is a dashboard alarms building event rules, even bus logs inside matrices, settings, all the thing which is required to monitor or say monitoring related operations. You can configure over here. So in this session we will be interested in building related I think so. We will be going in tow building. So here you will get an option called Create alarm. You will need to create alarm. So here it is pretty easy to configure, as the steps has also been given who over here you will find that specify matrices and condition, configure actions at a description preview and create. So we will do the same thing and you will find the detail over here. If we want to change the currency. You can do it from here and then here you need to select that water. The condition you're going to apply as we are doing this is for our learning process. So we will not exceed more than $5. Once done, click on next. So here you're going toe see another kind off a new service called s Illness. Like a simple notification service. So this service will take care of all the notification related asked. So, guys, this is really very interesting. I want to explain you in a better way. And this will give us the understanding off the architecture off eight of Louis. So let's jump in tow one diagram which I want to explain you. So, guys, see this diagram in this diagram what it is representing that AWS has various services which is designed for a specific purpose or purposes. They have a very good design. If you look into that, then we will find that here we are using cloudwatch and simple notification services to set up the building alarm within that once always calling another service and assigned their respective task. So, as we have seen that while the creation of willing alarm we are going toe create cloudwatch and within the cloudwatch what we're going to do, we are creating a simple notification service. The reason behind to swing this diagram is that you saw No, we start thinking eight of Louis Services as an object. You can think that cloudwatch is an object, so it must be having some properties. It must be having some 1/3 which we will do their discussion in our part two of this course . So to create simple notification service, we need to create a new topic. And here you need to provide the name of the topic. We're going to provide a name called Building Alarm. Next, you need to provide your email, a wrist like I'm going to provide my human urges. And you can also provide comma separated the militants. If you want multiple places to receive the email. Once done, create topic. So it has created a new simple notification service with you can verify over here you need to go over you and you will check that it has created on simple notifications off. So what you need to do next, you need to go to your inbox and confirmed the notification. After that, you will start getting the notifications whenever you're building for 32 year usage is getting exceeded from your A specified amount. So now proceed further and complete. The remaining is take. So here, Once we have provided that and we know we need next and here you can provide the detail with the description over here. Once done, you can click on next. The ones done. You will get the preview and create So here, If you want to do any changes, you can again do, they did. If we want between the currency and anything, you can do it over here. Once it is being done, you should come here and click on the create a lot so it will create the alarm. You will start getting the email once you do that. 7. Understand Identity access management: low grades will come to another session in this session. We're going to look into the identity, excess management, afraid of us or in this aspect we're going to learn about what it is, why it is and how we can do that in the world aspect. We will look into what actually the services and in the way aspect we will look into away. We're using this services and in the how aspect we were looking toe how to configure the I am. So let's jumps into the discussion. Identity access management is one of the important service or say one of the important concept You should know, right? We start learning other concepts in a W. It's as I already mentioned, that live in our discourse. Eight of Lewis has various services, like, If you see this day a ground, then you will find that it has very a services and we're going to discuss some of the important services in the father of coming station. So no, let's understand that. What is I e m? That his identity access management. I will show you one diagram. Then I will explain that What? Actually it is. So look at this diagram. So this is the major off different, different Manus Services off aid of Louis. And now you consider that we have to use is called usually and user be and you have created an account for the user and user. Very toe work on the respective services creation often account for this particular user doesn't mean that they are having access to these services. So to allow the respective services where these user need to work, you must have toe provide the access toe that particular services with the need of Louis to use that service. If we look closely, then you will find that AWS is working on authentication and authorization model Rare authenticated user is not required toe have on access toe the particular service. Still, the time if we haven't authorized to access that service, for example, if usually want toe create easy to instance with the program, so to rule that he must be having that access. So here I am, Identity access management comes into picture. So all these operations, or say access related activity, can be handled with I am identity access management. So here it comes the first definition off our session. What is I am identity access management. So it is one of the mechanism by which you can manage the security off AWS services at a granular level. In the fourth position, I will show you what this granularity means and how to assign a particular rule to a particular user within I am. You can also do the user management within your aid of with infrastructure. So here we understand that what is identity access management and why we had using identity access management. Now we will look in tow. What are the things we can do within this service? So with the help off identity access management, you will set up multi factor authentication. You will set up users, users, management on the group's management. You can do with the help of identity access management. So let's move for though, and do all these exercises and understand it better. So let's jump into the AWS console toe here. You will search I am, and we need to go over here. So this is how identity and access management So this console will look like you will find that dashboard groups, users, policies, rules. So all these thing you can manage from here for your aid of loose account, and here you will seem that the security of status So we need to configure these things. So to market green trick, you need to configure all these items so we will look into how we can set up this. So Emma for means multi factor authentication and to set up that we need to follow these steps. But prior to going into the configuration of steps off, what a deflected authentication. We must have to understand that what? Actually it is so basically multi factor authentication provide an extra layer of security for your AWS account. So why logging along with the user name and password, you need to provide additional security information which you have configured in the form of multi factor authentication. So this is what we're going to do. So to do that, we need to click on manage em affair to here, click on, continue to security credentials. So here you need to select this multi factor authentication. No, you need to click on, activate everything. So after tricking that you will find that it is giving us three options were sure pretty voice you two have to critiquing other hardware. I'm pretty ways. So basically some of the companies is using some hardware to authenticate users like Arce. But here we're going toe. Use virtual Emma for device and we will set up that what? You 11 per device as well. So click on. Continue. So after clicking on continue, you will get this option and here we need to configure it or find a list of comfortable applications. So to do that right click open in Newtown, we will look into what are those options? So here you will find the details off the supported devices. So let's look into that. So here you will find that we are using what Ulama p so foreign rightful. We're going to download the Google authenticator. So you need to go into your players tour and source for Google on 10 indicators or off t two factor authentication for both iPhone and then right. If you are using when those food, then you need to use authenticator. So what you need to do in your phone goto place toe and search for Google authenticator and download it and install it on then later point of time, we will use it. So please install Google authenticator and then we will proceed. Photo. So now I hope you have installed Google Authenticator. Now we will configure multi factor authentication. So here you should open your Google authenticator app on your mobile and there you are getting an option called scan A barcode with the camera icon So prior to clicking on that you have tow trick your Shoki were cord and use Google authenticator from your phone to a scan This QR code So let's a scan it so I scanned it so it has given me an access court. So I will type there. You will also type yours and it will again generate another one. You have to wait for it so it hasn't deterred another one. You have to again right that and to set of the multi factor authentication. Now it's sign MMP So we have done successfully what you love my first set up so close you so it has generated the serial number. Now let's go in tow dashboard. So CEO, you will find that the green tick mark came Now is a sign off. You have successfully configured the multi factor authentication. So let's move for the and we will creator. I am user. No, we will configured and I am user. Currently, we're using root account, so that is a not a good practice to use the root account for your project. So we need a new user which has access to the respective service for the project in a production environment and use every country be created also for your name. So let's look into the steps water the steps required to create an I am user. So we need to click over here and click on manage users. So here you will get an option toe. Add on user. So let's click into that. If you click in tow that, then you will find that this Pete on here, you will find their steps. What are there Steps required to create a new users? What you need to add user provide a name in the second SW a senior year. It is showing that permission need to be assigned and then the tag needs to be created for that particular user and then it will provide an option to revere it, and then the process will complete. So it is five Mystic process, toe ad and user. So here we're seeing that we need to provide a name. So we are going to provide some name. I will create one generic names guard Loper, one clothed of Lapa one. And here we're going to provide the programmatic access. We're going to use the same user when we're doing the part two off this course as this is an eight of Louis automation course. So we need toe have such kind of factious. So we need to provide programmatic access and along with it of Louis management console. No, here you have two options. Either you can auto gendered password or custom passport. I will be using custom password and I don't want to release it. So here we need to provide that Once you provided the password, you need to click on next permissions. So no, here you will find that it is giving an option to create a group. So it is really important you have to manage the users with the group so that it is really very convenient for user management. So why it is important. Suppose if we're working in a project and there are various rules like developer project managers. Scrum Master If you're working in a jail project so their various rules and suppose if you want toe given access to a particular developer then it would be really easy to add within a group and he will get all those permissions which is required for developer if you're managing through groups, so now click on create Group Britain. So here you will find that it is giving an honor option to provide the name along with the policies which is being applied toe this group. So it is really important to understand this policies. So first we will provide the name, I suppose, given to name developers and then understand that what actually these policies are so these are the policies which is pre defined by AWS for the uses off their services. So this is the way by which you can manage the granularity off the security. Suppose that if you want to given access, I can add mistreated. So you can. So it's for administrator. We're here. We're getting it. So you want to assign the administrator access toe this group so you can search it and you can Derrick Lee assign it, so we will look into that. What? Actually this system administrator access has the click on this button. So here you will find that it has listed all those services, which is exist within eight of fluids, and we have administrator access. Now. If any user is being assigned toe this developers group and they have full control on these services, let's move further and click on Create Group. Now it has created that group and that has administrator access. You can also provide the same permission, if any. A special formation is given weathered user, and you want to replicate that you can use this option on. You can also add as the existing policies directly. For example, we have seen that Administrator access policy you can directly assigned that policy so this particular user or develop open and straight off creating a group. But group is the best way to handle the permissions, so let's move further and click on next tag. This is also very important, but optional thing. Suppose that you have a big project and you want a way for kid the users as per their rules . So this tags option is comes very handy. For example, you want to add ruled, and here you can say that developer. So if you want toe, get the list off. All go devil oppose within the project so you can use this tag as well. So here you provide that rules. Were the rules for this user disease a developer, and it will help, really, if you were doing some reporting thing and want the list, How Maney number and who are the develop of walking in the project attacks will really help for by for cation the ones you have provided the ruled. Let's more further and click on next review. Now we will get an option to create user to click on, create user. You should review it. If you want to do any changes, you can easily do the changes. And now African create user to make sure that you should download the sea is we and keep it at your secure location. So, no, we done with the user creation process, So close it and let's move to the dashboard toe here. You will find that we have created the individual I am user and we have also created the groups over here. Now, next we need toe applying. I am passport policy. So let's do it. Click over here, Click on manage password policy. So this password policy is required to set the minimum criteria for setting off the passports. So let's do it. Click concept password policy to hear you will set the rules where at least one uppercase letter while setting off the passport. So it is really very important so that users will generate the strong password, the help of these policies. So we will select this one and we will select this one as well. Or you want to set all this thing that is also good. Select this one also and click on save changes. So we have set up now the password policy. No going to the dashboard, and you will find that we have conflict all the security aspect. So this is what I wanted to demonstrate you in this session to see in the next session. Bob, I take you 8. CONCEPT Elastic Compute Cloud: Hello, guys. Thanks for joining. Decision in decision we're going to discuss about elastic compute cloud That is easy to off aws. So let's look into the topics. What are the topics we're going to discuss in this aspect? We will be discussing the following topics. So here we will be discussing that. What? Actually is he two instances and we will come to know about what is aws instances on in that we were looking toe on with takeoff architecture it is based upon and we will look into the instance type. We will also discuss about the purchasing options. Once we understand that the purchasing option, we will move further and look into how we can use eight of Louis management console toe create DC Two instance. Once we understand that, then we will look in tow the steps to connect toe, easy to instance. So let's jump into the discussion now. I wanted to show you one diagram so that you can understand what actually see two instances . So look at this diagram. This is a diagram off memory CPU in the storage. So these are the three hardware components on which any computer is based upon So here, the first definition off this isn't comes that what is an instance instance is nothing but a combination off memories. Cebu in the storage on the same aspect, Aws instance, is nothing but a combination off memory CPU in the story. There were 80 off instance. Type we will discuss for the indecision, but for a time being just considered that either Blue, it's instance is nothing but a combination off memory CPU in the storage. So to understand this, a statement better. Let's move further and we will look into some of the definition how this set up is being done and what is the technology behind it or save behind eight of Louis instance. So let's jump into the discussion. So eight of Louis instances based upon nitro based instance. So what? Actually, NATO waste instances Nitro raised instance, is nothing but an architecture, which is which is built upon the nitro system. And the nitro system is nothing but a collection off AWS build hardware and software components that enable high performance, high availability and high security. It is again are different, kind off actualization architectures. If you want to know more about, just go through this YouTube video, which ADA Blue has has shared in their green went program on 2017. So every year they are organizing a event called Green Went where they introduced their innovation for those years. So go through it with the nitro system for a time being just considered that it is one of the virtualization technique, we remove the word your allegation overhead. Now let's discuss about instance types. So basically, we are having following types off instance like general purpose. Instance computer optimize Instance memory optimized instances. The stories optimizing chances to let's discuss about one by one. So basically general purpose instance provides of balance off compute memory in networking resources and can be used for a variety off workloads. So let's look into some of the general purpose instances. So some of the general purpose and stances is this one. You will find that a one daughter medium you in that large a window text large. So basically, these are the categories off general purpose instances where AWS has provided the balance off compute memory and the storage. So now let's look in tow, other type of instances. One more thing. I wanted to mention you prior to going to discuss about other type of instances. General purpose and stances can be used for Web servers. Contravene ized micro service casting pleats distributed data stores persist. Scenario. You can use general purpose. Instance. No discuss about another type of instance that is computer optimized. Instance. Computer optimized instance are ideal for compute bone applications that benefit from high performance processor. Who you must be asking that in work kind of application. This compute optimizing Instant and BU so basically it can be used with bad processing workloads, media transporting, high performance Web servers, high performance computing it and majorly machine learning algorithms. So let's looking toe computer to my age. Instance for that I will show you one director. So here we have seen that general purpose computer instance like even dot medium he won that large. So here computer optimize instance will be like C four dot large c four Gortex like so you must be wondering that what this actually see for dot large and X large is so I want to show you one off the diagram again so that it would be easy for you. So basically, when it is refering that c four dot laws. That means that the default CPU is, too, and the memory in Devi's this month 3.75 extra large is going toe before CPU and 7.5 db off memory. So this is the configuration which is being associated with this name. So you must remember that. And if you have any doubt you can go and check with eight of Louis site, I will provide the link into the North's off this session. So here we have seen that. Now let's looking toe other type off compute instances that is he five and brought large, See if we were not extra large. So no, let's look into other instance tape. So a type of incense in need of Lewis's memory optimized instances. So basically, memory optimized instances are designed to deliver fast for four months for workload. That process large data set in memory. So now you must be asking that what kindof application memory off tramways instants can be used for so such kind offense, chances will we will suited for high performance relational and no sequel databases. This is one kind off application. Another one is that you can use for distributed were skill Cassis tools that provide in memory, cashing off key value tape off data like readies meme cast such kind of an application the third kind off application you can think off in memory databases using optimized a trans too rich for Mitt and analytics for Business intelligence like Recipe Hannah. So these are some of the examples where you can use memory optimized instances. Let's look into some of the name, so these are some of the memory optimized are four door, large R four dot extra large are porn or two extra large a specification off these thing? You will find that eight of Louis site that I will share with you in the North section off decision. But just consider that so it is nothing but the large and extra large sizes specifications as Bodo type off instances. If you're talking about memory, that means the size of the memories large if we're talking about to compute in stances and size of the CPU is large. If we're talking about the stories, then that this sizes large, so let's jump into another type of instance, and we were looking toe that so no, we will discuss about the storage optimizing senses. So basically, stories operations Chances are designed for workloads that require high sequence, will read and write access to a very large data sets on local storage. So such kind off instance are designed to deliver tens off thousands off low latency. Render my operations per second. So the applications. So you must be asking that in what kind of a scenario you were going to use such instances . So these intense is our mainly used for massive parallel processing data warehouse kind off application. My produces. How do distributed computing or law or data processing applications? So there are various scenarios. So let's look into some of the stories optimized instances. So the storage optimizes chances they will find into AWS console Cordy to dot extra large detour to extra alliance with some off this one, so you will get all those detail into it of lewisite if we want o loan a boat word this detour, and that's when this thing is that you must have to visit day the bluest site for the time being. Just understand that the storage optimized instances are nothing better. Shape off instance, which has large number off historic capacity so that it can perform high reading rate operations. So, no, let's proceed further and looking toe. Other topic. So now we have understand that aws instance types? No, we were looking toe crocheting options, as we all know, that VW ists has variety of services, and these always is a rebel level, as people use it on the same aspect for easy to instance, aws off radius purchasing options. So let's look into that. So basically you can approaches the aid of Louis on demand. Instance. That means how many number of seconds you can use you can people that then it has resulted . Instance, that means you can pour just at a significant discount. That means you can result due in stand for longer contract like one year, and to you, the benefit off. This kind off purchasing option is that AWS provide a huge discount on such poor chasing option on the weren't instances little costlier. But if we're going with the result instance, then you will be getting it, you know, discounted price. But the problem with this kind of a changing option is that you have to go into contract a long term contract, then only you can get the benefit of discount. If we're planning for long term projects, then this purchasing option is really a good option. So now discuss about another type of instance, purchasing option that is subdued. Result instance. So basically in such kind of option, it enables you to poaches capacity reservations. That record on a daily, weekly or monthly basis is that they're specified the start time and duration borrow one year, Tom. So in a simple language, you can understand it that you have to re committed to use this instance for at least one year. And you know that when you are going to use this instance, this type of purchase option is very handy. You resolve the capacity in advance so that you know it is every level when you need it to Doolin. Chances are good choice for workloads that don't run continuously but do run on a regular sea do. This would be really useful and cost effective. You can see dual instances for an application that runs during business arts or or bad processing that France at the end of the week, so no move forward and look into a sport Instances that is another kind off instance. Poor Choosing options to a sport Instances is another kind of instance. Pricing options, which works on bidding system where the price off easy to instances getting changed on an hourly basis and it will be every level are allocated to you if you're bidding places maximum than others. But it will be lured than on demand price. Maximum price is not set than the on demand prices. The price for the sport. Instance, Such kind off instance. Pricing option is really beneficial and cost effective if your task is bad jobs, background processing and optional tasks. But it is not a good idea to have a sport instance for many stream task, because the moment if anybody, is being more than whatever the price, which you're paying for the sea to instance, it is. Get a located toe that person for a doctor ask, You have to use this thing, this port instance and you know they're the aeration how long it will run. Another type of pricing option is the dedicated hosts and dedicated instances, so both are almost similar. Were dedicated host you can be by poor host, and he'll you will pay by poor instance. In both the cases were dedicated instance and dedicated. Host toe comedian Easy two instances launched onto physical so world that are dedicated for your specific use it. So another type off instance purchasing option is the capacity reservation. In this scheme, you can reserve the capacity for your image honesty. Two instances in a specific availability June for any duration. So that means it give you the ability to create and manage Kaposi's reservations independently from the billing discounts offered by reserved instance. So, guys, these are some of the instance purchasing option. We will be mainly focusing on on demand instances where this session, as we're going to use free tier offering offered of Louis. So this is what I wanted to discuss with you in the session. See, in the next session where we will be it an easy to instant and connect that if you to instant so that is going to really lab session. See you in the next session, Bubba 9. LAB Elastic Compute Cloud: Hello, guys. Thanks for joining the session in this session. We're going to look in tow, Elastic compute cloud. So this is going to really lab station where we will create the elastic compute cloud from eight of Louis management console. So let's jump into the AWS management console and let's look into the steps, which is required to create an aide of Louis elastic Compute cloud that is easy to So this is our rate of Louis management console to create an easy to you have two options. Either you can come over here and go toe the easy to from the compute Group. This is one option. If you click over here, it will take you easy to landing page from where you can create the easy to instances. Other ways that you can come over here and you can search for is Ito. And you can select that it will take you to the landing page off. Easy to go here. You will get all the details about easy to instances. So now we are in to landing page and currently it is easy to desperate is being selected. If we look in tow that than it will give you an information that how many number off instances is running? How many dedicated host? Any volumes attacked with any? Keep ear placement groups, elastic, a bit snap, short load balancer, Any security group or how many number of security group is running so basically will find all those information related toe the easy to instance over here. And then here you will see that create instances, my greater machine. So this help. So do you live in any event is being said, Do it or not. And the most important section, If you look over here, then you will find that there are so many options given over here, for instance, is when when we will create an instant to instance related will information you will get over here than the launch templates, then a sport request we have discussed able to sport request than reserved instances if we have any reserved its chances. So these are the instance pricing options which we have already discussed in our concept car No system and then you can get the detail a vote in medium eyes. We will create some instances with help off image on Machinea majors, who am. Am I full form then this is the information related to security group Elastic A piece placement groups. Keep your load, balancer. Any load balancer than launch conflagrations. All these detail you will get over here. So let's now create. And easy to instance Soto create an easy to instant The steps Are this one forced? You need to click on launch instances, so it will take you to the beach. So here you will get an options to select the media's on which this instance is going to be raised upon. So, for example, over here we're getting that Amillia Only NATO e m I. And all those details. So But we will be interested in free two year only. So we need toe check. Mark this one for this lab. So we're getting such option now we need to select the image on the next to a might. So you need to just select this one toe a my full form, which I already mentioned that image on Machinea meat. So that means whenever we're launching an easy to instant, that easy to instant is based on this year. Might who here? Now you have to recollect the theory part, we have discussed about where 80 or instance type like general purpose computer optimized memory optimized stories optimized all these thing you will get over here. So it has been categorized also. So we have discussed about general purpose we have discussed about com computer up to my some of the general purpose not have level into the free tea and whichever is mentioned over here. So the one lady to is every level for free t it. So we have only used this one. We want to use other one than it is chargeable as per the on demand pricing which we have discussed in our once obsession to hear you are getting the detail that were the conflagration it should contain. It has one virtual CPU and 2.5 gigahertz until the own family keep you on. We have one degree off memory and it has a devious, which we were going to discuss about the weirs in the later part of the courts. That is a stands for elastic block a story. So this is the configuration for this particularly easy to instant. Now proceed further and click on next and we will configure the instance. Details. So here we're getting so many options, like number off instance. The number of instance we're going to create one. If you have any option for your sport instances praising option you want to apply, then you can select this one. It will give you the option to select that price. You need to provide the maximum price off that. So this is the current price which is going on. So you need to specify your current press than it will relocated to you. So we don't require no. In this level, it has provided the Defour VPC network connections. So we're going to discuss later part of this course and here you will find that submit references. So currently we're going to stick with the default sub net, which is being provided over here. That is no preferences here. You can assign the public i p so we're going toe stick with water were 34 adoption, which is being selected. Then you can choose the placement group as well. Then there is a capacity reservation which we have discussed earlier. If any of the I am rule is being created in which you want to associate with this easy to instant. You can associate that I am roll so we don't have yet and said Don't behavior you can select the said Don't be a weird whenever this is going to be so don't so whether you want to dominate it so you can choose the dominate as well so that it gets dominated and you're easy to his chance Guard deleted. It has also pro prison where you can check this protect against accidental domination. So, in case if anybody argue terminating the instance by mistake, such option will help you That will remind you that this instance is not supposed to be deleted. Then there is an option for tendency. So there is an option for elastic inference ing. So this is useful. Whenever you were working on the deep learning programming or deep learning algorithm, So this is really very helpful. So there is another option you will find over here that true t two and t three unlimited. So this is going to be a chargeable. So for this session, known said like this one, then we have user data. So in this you can provide the Buddhist trip supposed that if we want to configure your easy to instant and it is very useful. For example, I suppose that if we want to install and civil after the creation off you see too so you can read those a script over here on it will install than simple package within this easy to instant. So such kind of Buddhist trapping thing you can provide over here. Now proceed further and click on next at the storage. So here you will get an option to add this story. So basically it has provided that root ball which is being associated with this easy to instant. So these volumes are the volume where operating system has been in start rude volume. One interesting thing you confined that you can't encrypt this route volume. But if you add another new volume, then you will find that it gives you an option to encrypted. You just need to select that it will do the encryption for you. It is really helpful for those security purposes. We're going to stick with root volume on legal. We can remove that these manual steps are really very important to understand the details about the object as it is really very easy to do the automation on any subject or say on any object. If you know about the details off that particular object with that, the reason rightto going into automation off eight of Louis I wanted toe give the part one where I can. So the manual, the strips home annually we are going to create all these object with the help off aid of Louis Management console. So now proceed further and click on next Act act. So this is very important to hear we can associate sometimes with this easy to instance, so that it is easy toe group the instances, for example, right here so that if we want to associate this easy tune stand as a death machine so you can rated development or the machine, you can add another one. Suppose that if we wanted to keep it with other groups like operating system, so you can add it. So what kind of operating system it has? So you suppose you want to get the detail about all those ec2 instances which is and which is having a lean X operating system, how you can do it? We will rate it like that operating system. Lee Necks, who? We have associate ID two tags over here. So it would be really easy toe group the machines with the help of banks machines. Here I am refering that easy to instances now proceed folder and click on Next Configure Security Group. So here we will get a new Tom called Security Group, so we're going to discuss the World Security Group in detail. But for a time being just considered, that security group is nothing but a Fire World rules, which is associated with easy to instances that allow or disallow to your easy to instance . So let me provide that detail. So I have given the detail like Security Group name is it of Louis automation and description is the same. So here we need toe provide the how we're going to connect with with this. Easy to instance, we we must enable there's a such port. So for that on reason, we need to select either from which i p we're going toe connect to the sea. Easy to instance, for a time being, I'm going to select anywhere so that is applicable for any machine. So any machine or say any I can be used to access this easy to instance. So now we can proceed further and click on review and longed to hear. You can reveal that whatever the set of you have done to you can reveal those set up. So now So now we need to click on loan here to last for the existing keep here we need toe creator new keep here. So this is really important year we will select create a new keep here and we will give the name Middle Blue Automation. Make sure that you will not move this. Keep it else you need to create the easy to instance against. You know, you need to click on download, keep here, save it. So now click on launch instances so it will create a easy to instance now. So here it has created and to if you're going toe that will just click on the instant Saidi . It will take you to the instance CEO we years into easy to get good only. But here we are into instance that's what you will find that it has created it. You just select it and you will find the details about the easy to instance over here. So it is running now and this is the public I p So this we will use it to connect toe this Lena Easy to instance. Oh no. We have created the easy to instance. So the another rest of which we need to do with that we need to connect toe this easy to instant to connect to the city. To instance, we required our Software Corp party. Well, you need to download that software. You need to come over here, you can type Google and here you need toe provide, but he and click on you. You need to download this party along with the intelligent. So here you can don't lure that party. I have already downloaded it and installed it so you can select as put your machine. You can select that minus 64 with machines. So I have used this one. So now once in store party, then you need to install Partick Kitchen. So for that you need to come here and install that party in. So this will be used to generally don't pray with qihoo This you condone load as well. I have already in store that so no one's you have installed it. So you need toe open the 40 gin. So now we will load the key, which we have generated by creation off. Easy to instance. So we will grab the key over here, which we have generated while creating the easy to instant. And we will open it once it is being done. So you need to click on save private key. Trickle that give it a name in the blue. It's auto making. Trajan, read the private key over here Now. Once it is being done, then we need to open the party. Now I have opened, buddy. So here we need toe grab the public I p and faced it here. So for that we need toe go back to easy to instance and grab the public. I p from here, we'll just copy it. So we copied it. No, we will go toe the party softer. And here we need to paste it toe price so that we need to inter the user information That is easy to high phone users at the site. So now the next step is that we need to goto the message here. We will find an ought. We need to grow for the private key, which we have generated from B and filed. So this file we have generated, we will grab it, open it and make sure that we're going to save decision prior to picking on open. So here we need to select the session and we're goingto tell it at AWS Sito and save It was done. Pecan open. So we have connected to the PC twins Chance. See you. So we are in tow. Easy to instant. So this is our easy to instance. The next instant you can type I d. And you will get the detailer boto use already. So this is how we have connected toe the easy to intense, the next easy to instance. So this is what I want picked with the most read you in this session. See in the next lesson. Until then, Bubba, I take you 10. CONCEPTS Elastic Block Storage: Hello, guys. Thanks for joining the station in this session. We're going to look into elastic blockers to read, so let's jumps into the discussion. So in the last session, we have discussed about elastic cloud compute toe in decision we're going to discuss about elastic block storage. So the topics which we're going to cover is the areas serious volume snapshot. And we can also look in tow that how toe who it is, Think with the aid of Louis management console. But prior to going into in depth off TVs. So I wanted to show you one diagram so that you can understand the different type of for storage within it of Louis. So let's jump into the diagram. So in this diagram, you're finding that there were 80 off or so different type Oprah story within either bluest like a majority bees, that is a Stearns for elastic blocks, tourist type. Then there is something called S three than we have something called instances to and then we have a 1,000,000 a year for its elastic file system. So I have kept in depth session for, um, a journalist, three along with image on, if it's so in decision. We're going to discuss a voter, imagine TVs and the snapshots, and we will discuss about the instances store as well. So now if you close you look in tow this diagram, then you will find that the instance or say easy to instance is being connected with. We're 80 off different kind off stories, debates or, say story types like you bs as the office. But their usage pattern is little different that we will discuss in detail. So basically image on easy to provide you with a flexible, cost effective and easy to use data storage options for your instances, like Armajani Office amateur newbies and Madonna's three and Instances told. So all these options has a unique combination off performance and durability, and these options for a storage can be used as per our need. So let's discuss about one way one so we will look into emo Johnny office. Imagine if it's provides a scalable file, a storage but used with Amazon. Easy to. You can create a new office for in system and can trigger your easy to instance to mount the files. You can use any of its file system as a common data source for workloads and application running on multiple instances. Now let's understand about instances Tour Instances Store mainly provides temporary block level storage, for instance, is the point which I'm going to discuss now regarding the instances tour that is very important point. So you should remember that and appointed the D tone and instances to volume for system only during the life off the associate ID instance. So that means the moment you will stop or terminate an instance. He sued to instance, any detail that is a stored on instances store volume is lost, so this is very, very, very important point. There is another type of storage that it has three that spans four simple story service, so basically edible within three provides access to reliable and inexpensive date. I strode it infrastructure guys, we have detailed discussion about a 1,000,000 as three in the upcoming station off this course. So these are the some of the important point about the AWS s three bucket a story broke. It is mainly designed toe. Make Weber skill computing easier by enabling you to a store and retrieve any amount of data at any time from within image on easy to for anywhere on the Web. So basically as three is mainly used for taking the backup and keeping it there. For example, if we're taking the backup for Evie's, then we're keeping it s three work it. So if we look into diagram here, it is representing the same thing. So here they're taking the backup snapshot is nothing but a backup off E V is volume, and that is being kept that image industry and really it is kept, which is kept into a bucket. So when we were discussing Able Tammi Jonas three, then you will come to know about what is this Bucket is. So now let's discuss about the elastic block, a story that the previous elastic block restore. It provides block level storage volumes for use with easy to instance. Basically, TV's volume behave like roll on for motor block devices. You can moan devious volumes that devices on your instances. You can mount multiple volumes on the same instances, but the condition over here is one Lear. Single volume can be a test toe. Easy to instance at the time, one of the major feature off TVs volume is that It is highly available and reliable storage volume that can be attached toe any running instances that is in the same every livability . Joan. So you must be asking that what is the benefit off? Using devious volumes compared to instances store. So, as I already mentioned in the earlier discussion in the same station about the instances told the lights, I can love or see the life span Off Instances tour is associated with the life cycle. OPC two instance. The moment, easy to instance, go terminated instances. Tours get deleted. So too, will come. This challenge, devious comes for rescue. The major benefit off reveals instance. Previous volume is that it is independent off easy to instant. If anyhow, ec2 in Stan's got terminated. Devious volume can remain. That means it is independent off easy to life cycle. And imagine also recommend to use devious when you want to access the data quickly and you have a requirement to post is the data on a longer term. So in salt, we can say that previous volumes are particularly well suited for use as the primary story for file systems, databases or any applications that require fine granular updates. and access to unformed. It'd block level storage. So, no, we have discussed about devious volumes. Let's have some discussion about even snapshots. So where does this snapshot means? So Snapshot is nothing but backup off previous volumes and the snap shorts are incremental backups. So where does it mean? It means that one leader block under device that have changed after your most recent snapshots are saved? So such feature really minimize that the time required to create those snapshots on DSI one is storage cost by not duplicating the data. So on a theory. Inspect. These are the things which I wanted to discuss with the decision. You know, next session we will do the lab in the lab station. We will create any C two instance and we will stop the instance. And then we will detach the previous volume route volume, and we will take the snapshot. So this is the exercise we're going to perform in our lab. So see, in the lab station Until then, Bob, I take you 11. LAB Elastic Block Storage: Hello, guys. Welcome to the session in this session, we're going toe do the lamb. So basically, in this love, what we're going to do, we're going to create an easy two instance. And then we will stop that easy to ends tents, and we will take the route volume and we will create the snapshot. So, after completion off this lab, you will learn about how to start or out with stop B C. Two instance and how toe detest the route volume off. Easy to instance. And then you will also learn how to take snap shirt off that route volume devious solar jumps in tow, the aid of Lewes Council, and we will perform the exercise. So we are intuitively this console. So as I already mentioned that how to access the easy to instance we have already visited over here, we can use it. One of the mostly used method it's you have to use to search box and type is easy to click over here. So it will take us to the dashboard to were into easy to dashboard. So here what we need to do we need to play con launch Instance if you remember that we have performed the same exercise in our last session. That is elastic compute cloud position. And here we will click on free tire Only then we will find that worst option that I mean the only next to weigh in my image medium. So we will select this one, and here we will get an option to choose the instance tape. And here we're getting The TV is only CEO. So this is offering us whenever we're creating this instance. Cordy, toe Micro and devious is goingto be a tent where this operating system in being in stores, were going to use it. So now we will click on next Contra gration instead of detail these exercises we have performed earlier. So we're going toe stick with the default configuration. All these thing I have explained in our last session. So if you have any doubt about what are these options are you can with it last, So no click on next added story. So here we get an option that you can add a new volume and we have already a rude volume attached with this easy to instance. So we're again going toe stick with the same configuration and we will go ahead and click on next time tax. And here we can add some Thai like, Oh, in one moment this is again going to be a devil. We're telling it the other day we will stick with one tag only now on, click on next, configure security. But also here you will make sure that you will be providing anywhere. So what it will do. It will open the port as a such port as such is used for road. The more Dexter Inlay necks that means you can access the CC two instance from outside computer. You can access this easy to instant from any. So that's what here we're setting the Fire World Room were career dinger as a such a security group. So we will provide the name of Lewis devious Syria's we can provide over here and now, once it is being done to make sure that you were choosing anywhere if we will not choose this one than what will happen, you need to express if I for example, my a p than you need to a specified this I p or custom. So you need to provide the i p off the machine. So it is accessible toe that particular. But for testing purposes on for the training purpose, I'm going to use anywhere so that this easy to instance can be accessible from any of the I B. So now we need to click on review and launch toe. Once you click on this, then you will get an option to review it once it is being done. So here you need to click on launch. So know this thing already, Bean explained in our last session. So what do you have to do? You have to provide a create a new keep here. So we're going to give it a name aws devious. It will generate or dark Pam file which we will generally access from the party software which I have explained you party. Basically, we're using toe connect brutally next machine from window. This is no system return amusing. So I need to connect toe this least lee next machine. That is easy to instances based off only next machine. So I need a party software. So but if you're using early next machine on during the training, so now it is being done so here. We need to download this. Keep it. So this is pretty much important if we will not do because this option you were getting only wants to click on that. Save it once, don't click on launch. Instance it. So here you will find that the instances being created it is still creating. So we're into a pending the street. If you look into that, it has located this public I p this public I p we will use for connecting toe this easy to instance. But in this level, I'm not going to connect it. I wanted to show you that How toe detach the obvious route volume and then how we're going to take the backup. So now see your it is in the running a straight to know what we need to do. We need to come here, come into the volume and you will find that there is a root volume you will find over here . So this is the route volume which we are using. We will find this is associated with easy to instance which we have created. Just know so to detach it. What do you need toe First you need toe stop. The easy to instance which we have created. So let's go into the easy to that movinto, the running and stand. And here you can directly go. If you click on instances, you can come over here. You know, you can select all the actions which you want to toe perform on this easy to instance. So you select it and click on actions. And here you will get an option. For instance, a state. And here you will get an option to a Stop it. So you need to come here and click on the stop. So once you select this one, you can stop it. So no, it is being a stop. So make sure that whenever you are performing this action for taking the backup are creating a snapshot. You should stop it on beat as the volume root root volume so that we don't have any running processes while taking the backup. Tono, let's jump in tow the volumes click on the volume and we will get here and we can detest the volumes once you detach it. Now we're ready to create the snap short just waiting for it to CEO. It is the work is in progress. So now it is being detect. No, we will goingto the snapshot and we will click on, create snap shorter. Here we will get an option to select the volume and we're getting the volume over here, so you need to select it. Provide the description. So now our route volume is not encrypted. That the reason you were getting option not encrypted. So it will go as is If it is encrypted, then you will get an option when encrypted the option enable over here. So it is right. No other route volume is not encrypted. So once it has been done, you have provided or detail. If you want to add any tag, you can associate the tank. But for this level, I'm not going to use it. But if you have multiple instances, it is really very useful. I suppose if you're having a project and where we have multiple in one moment and where we have multiple and stances and you want to take the backup so you can easily group does the instances volume or say V is volume back up and we you can Dagget, So just click on now Create snapshot. So it has created a snapshot. Now close it and you will find that it is in the process. Once it is being done, then we will get an option. Once it is being done, a snap shirt will be created. So here it has been completed. Now you can use this snap short to do the following thing. Either you can create a volume with the same snatcher. You can create any meat. Imagine machine emits so that you can create and easy to instance, on this snapshot, or you can copy it. So here you can also change the added tags. You can modify the permissions over here so couldn't lead his private. You make it public as very. Just cancel it. We're not going to do anything. So this is what I wanted to demonstrate you in decision in this lab session, seeing the next session till then. Buh bye. 12. VPC Introduction with Subnet and CIDR Block Part1: hello. Grades will come to another session in this session. We're going to look in tow, virtual private cloud. And we will understand that. What? Actually virtual private cloud. It's on water, the component involved in designing the virtual private cloud. So let's jumps into the discussion. So far, we have seen easy to in stances elastic block a storage security groups. These resources off Ada blew. It doesn't provide much control or somewhat complete. Nitto, design the infrastructure as we want because it is belonging. Toa defer to re PC. If you closely look in tow our previous love, Then you will find that whenever we're creating any easy to instances, then by default it is belonging. Toa 44 To be Peter, you must re asking that. Okay, I understand that there is no completeness. There is no much control but work actually this virtual private cloud And in short, I can say that virtual private cloud is service offering from AWS, which enables you to launch AWS resources into a virtual network which you have defined using some new technique. The virtual network closely resembles a traditional network that you're operating in your own data center with the benefits off, using the scalable infrastructure, afraid of Louis to understand virtual private cloud in a more better way. First, we were looking toe water, the component which is involved to design the virtual private cloud. So let's jumps into one off the diagram. So here you will find that VPC components. So these are the components which actually helps us to design our own virtual private cloud , where we have much control over our virtual private network to here, Every component have their bonus specific rules within the virtual private clothes. But we will discuss all these components in details and understand that what is the significance of those competent? Why we had using it within VPC designed. So let's understand the competent one by one to really start with sub nets. So as we already discussed that of what your private cloud is a virtual network dedicated to your AWS account. So that means it is logically isolated from other virtual networks in the aid of Louis Cloud. So what is happening when we had creating a VPC? So we must have to specify your range off I P addresses and these I P addresses is a range off I P B four red dresses in the form off cider blocks I did block is not a new concept for those who belonging toa networking background. But it is a new concept for those who is not belonging. Toa who were not belonging to networking Bagram. So in short, I can tell that side of Loch is nothing but the class less interred, um in routing block. So where does it mean? So basically our virtual private cloud has many submit and eats. Avnet has range off I p addresses. So who actually defines this strange for some it. So the answer is side of Loch. So to better understand it, let's jump into the diagram. So here you will find that the cider block for this three pc is 10.0 10.0 dot 0.0 Last 16. So that means our submit will reside in these trains on for though, if you will find here there is to sub minutes of net one and submit to and that has a range of five peas from first sudden it has 10.0 dot 0.0 slash 24 2nd one subcommittees It was looking toe the third octave. Then you will find that it is changed to one. But overall it is belonging. Toa this range only 10.0 dot 0.0 Last 16. So here, with the help of side of Loch, this VPC range is being defined to understand it more better, we will Juman. So this diagram and looking toe another diagram which is a subset off this diagram. So let's jump in tow that diagram. So basically, to look closely, you will find that every PC expense all the availability Jones in the region. And when you create a sudden it, you will specify the cider blocked year. This insider block for the submit which is a subset off this cider block CEO. When we created this, this range is being used. Oh, and see a It is a subset. It is a subset off this side of law, so the range of sudden it will fall within the cider block range. Some points to remember is that east submit must reside entirely within one have liability , Joan. That means the range of sudden it belongs to the particular every livability. Joan So Now we understand the side of Loch. Let's move further and discuss over the summit. Ah, submit is a range of I P address in your BBC. Be looking toe the diagram. Then you will find that it has in the sub net one. It has two instances and that will be falling within the range which is a specified within the subject. One. It will not fall into the range which is defined within the subject toe. The C two instance which is belonging to some NATO, will be within the range which is being a specified within some NATO well, creating the VPC. So here you must get some clarity that at the vpc level, the segregation happened with those cider block within the cider within the BBC. The segregation happens for the instances by the submit to eat something, it has their own range and the instances which is belonging toa that particular submit it must be falling in tow that strange which is being allocated for summit. This concept is really very important Because of that reason, I am emphasizing on this topic so that once you understand this one, it is really easy to design the What shall Private cloud. So this is what I wanted to demonstrate you in decision. See, in the next session where we will discuss the another week with the compliment. Tilden bubble, I take you. 13. Concept Security Groups: Hello, guys. Thanks for joining the session in decision. We are going to understand security groups off eight of Blue. It's so let's jump into the discussion. Let's look into the journey so far. So first we have understand that what is prior to the head of Louis then we have seen that two important Jagan's, which is really important within UW, is that these regions and availability Jones Then we have also seen the lad how we have set of the free tier account. After that, we have understand that how to use eight of Louis Management console. Then we have set up the billing alarm so that power usage is reaching to our trees or limit . Then it will notify years. So we have set up that building alone, and we have understand that identity, access management and we have done the love. Also, after identity access management, we have discussed about elastic cloud compute, and we have done lab on that as well, using manual the steps with aid of Louis management console. Then afterwards we have discussed revolt elastic block a store. Now we are in two security groups, so here we will discuss about the security group. So prior to discussing the security group, I wanted to share two concepts and so that it would be easy to understand security group. So let's look into one diagram. So if you're seeing this diagram, then you will find that to Tom's that is inbound and our born. So why it is important to discuss inborn and or born tried to discussing security group is that because security group is mainly used toe handle inbound and are born traffic, So what does it mean? So inborn is nothing better. Incoming traffic toe access, your easy to instance and out boned is related. Toa outgoing traffic from your easy to instrument to access the Internet so all security group discussion will be goes around these two concepts. If you clear about in bone or bone, you can easily understand security group. So now we understand that in bond and our bone. So no, let's start our discussion about security groups opposed that if you are having an easy to instant and you must be thinking that how you can allow and disallow other computer to access, your easy to instance. So here the security group concepts comes into picture. So within eight of Louis, you can manage the security off. Easy to instance, with help off Security group. So basically, Security Group act as a virtual firewall that controls the traffic. For one or more instances, easy. Two instances when you launch an instance, you can specify one or more security group. You will not specify any security group than it will pick the default security group. You can add Rules to Eat Security group that allowed traffic toward from its associated instances within eight of Louis. The management of security group is really very easy. You can modify any time the rules off security group on new rules, which you have added into a security group that will be automatically applied through the instances that are associated with the security group. So look at this diagram. So it is representing the same thing here. This is inborn traffic, and there are born traffic, and here we are having the easy to instant, and that will be managed way. The security group and we will do the lab session. Then I will show you where you can write the inborn rule and where you can read our born ruled by default. Inborn rules is not allowed, but out born rule is allowed. So what it means. As I already explained in our inborn and Norgle discussion, inbound means the request coming from the Internet to access the C two. Instance, This girl in Born on the request, which is going from a C twins, tends to the Internet that is out born. So caution comes over here. Is that how do you manage inbound and our born for a specific I P means How do you allow an I p to access? The easy to instance to Here comes the concept of security group rules, so security group rules. So it basically do the job off, allowing this alot often i p to access the easy to instant. When we do the lab station there, I can show you so that you can better understand it. So let's now discuss about types of security group with the native Lewis, So basically we have to type of security. Group one is the false Security group on another one is the custom security group, so let's discuss one by one. So the false security group is already exist within your AWS account along with the Fort Vpc VPC. We're going to discuss in for the session off this course. So for a time being just considered, that it is a private cloud, virtual private cloud with mainly company prepper who set up their cloud environment. So you must be remembering that whenever we are creating easy to instance, then we need to provide the configuration detail while creating the easy to instance. And we get an option to choose the security group. If you don't provide the security group at the time off creation off, easy to instance, then it will automatically pick the defaults security group for your easy to instance. So if you closely looking toe that before security group, then you will find that it has a rule that allows all in Bonn traffic from other instance or saying Stances, which is associated with the default security group can access each other, and out born traffic from the instance is also allowed. So these are some of the important point for default. Security group. I will demonstrate you in our lab station where we will create an issue to instance, and we were looking toe our default security group is being assigned. If we don't provide any kind off security group, toe the instance, so now move further. And let's understand that what actually custom security group is so prior to discussing about Custom Security group. We must have to understand that in what scenario you can use the custom security group. Suppose if you're working for a company and that company has various departments like a char finance I T. And each department has their own easy to instance, and you want to restrict the access off Finance Department from other department. So if you're going with the default security group option that that is not really feasible , options as by default, default security group or say all instance has access to each other as their belonging toa que for security group. So you need a mechanism or a way by which you can handle the granular level off security for each instances. So here, custom security group comes into picture so you can create a different custom security group for each of their department, and you can associate or create a security group rules for each of the customs security groups where you can handle the security requirement off the particular department you can easily manage. I will show you in the lab were to define the security rules. So no, we understand that. Custom security groups who we will stop over here and we will do all this thing in our lab sessions. Bob, I take care. 14. LAB Security Group: Hello, guys. Thanks for joining decision. In this session, we're going to do laugh or security groups. So let him win Toe either blew its management console. But pride toe that Let's understand that what we are going to do in this land So first we will create a security group and then we will create an easy two instance. And while creating the easy to instance, we will use that custom security group in our easy to creation. Then we will rate some security group rules to allow and disallow toe access the easy to instant. We will also look into inbound and outbound Soto allowing boned where we can write and to allow out Born where we can write, we will look into that All these things are coming into our lab. So no, let's jump into the it of Louis management console. So here we are into it of Louis management console. Now, first we will goingto easy to dashboard. So you remember how do we are going there? So we need to use the search box. We can type it. So this is the preferred way. So once you find it, you just click over there So it will take you to the easy to management console. And here you will get the dashboard. So currently we have two security group. Now what we will do, we will create a security group over here. So we are in tow Security group. And here we will create a security group cord. We will give a name eight of Louis Security group them, or we will give one name, and then we can add a rules. So see, here we were discussing about inbound and outbound toe. Allow the poor toe access this easy to instance and whichever easy to instance which is actually associating with this security group, they can access it. We will add the security group rules later. For a time being just created. Click on Create weapon. So it will create on security groups here. It has created it of Louis, as did Emma. So now the next step, what we will do we will launch an easy two instance and associate the security group. We will come over here now we will click on launch instance. So here we need to select the three tier only we will get this option. Now we will click on Select to choose the General Proper. And now here contribute instance this details you click over here now, in the configure instance section that means this section we will keep the thing as is as we don't need to provide. And we don't need to change anything over here. So we will go with 34 adoption and we will click on our the story. Now here we need to again choose the default option and click on add Thanks. So you can add Tank. So again we can provide some tag over here. But wait, the name, it is not necessary. But you can give it now we can get an option to configure security group. So here we need to use the security group. We need to select over here, select an existing security group, and we can use that eight of Louis, as did Emma. Now we will write the security group rules later for a timing, we will review it review and long to see your We're getting a warning. So this warning is telling that you are not able to connect with the CC two instance which you're creating because you haven't opened. That means you haven't given a rule security group rules, so that doesn't have involved rules. Where we are opening the port 22 poor 22 is basically used for as such connection. Asus it connection is seem like rdp connection off Windows. That means you can remotely access the easy to instance. So we will continue it because we know that we haven't set up any kind off security group rules that were there in our security group. So that's fine. Click on continue. Know we need to click on launch. So here we need to generate the new keep here so that we will connect. So this easy to. So here we will given name and the names would be eight of Louis. Demo is de demo key. So you need to download it and we will use the party connection. If you're working with the next system than you don't required Connecticut, we do that. But if you are working with the window system, then you need 40 42 to connect to the clinic system. So because we have created a leaning system, the CC two instances Olynyk systems where you need to use must have a party connection to connect with the neck system from Windows Machine to download it, download, keep here and say that we will use it later. And now we will click on launch instances. So it is getting created. You go here and you will check it to say year. It is still working. It is impending a state. So now it is being created. So no, we will goto the security group and we will look into the inborn rules. So let's look into that. If you select that, you will find over here that there is no inborn rules, so what it means. So that means this security group is associated with the easy to instance which we have created now. So suppose that if you want toe connect from party, then it will not connect. Why? Because our inborn rule is not being said. So let's trey toe open first 40 kitchen so that we can generate the people kicky that is private key from the Pam file, which we have downloaded at the time off Creation off easy to instance. So let's open it. So now we need to Lord Ducky. So here you need to select all files. We need to select this Pam Fine. Which we have created for AWS as ge Demo key to select it. Open it on. It has given us the private key. So we will save this private key? Yes. And we will give a name it of Louis SG and save it. So now we will open the party and try to connect with easy to instance. So now we have opened the parties after, So what we need to do we need to specify the i P and the user to the user is easy to iPhone users. Now we need to grab the I p public I p off Easy to instance so to do that, we need to come back with easy to desperate. And here here we need toe select the instances from the instances we need to grab this I p before public. I pick opiate once you cooperated. Then again open the party software and here you need to paste it. No CEO were telling that goto this i p with this user and connected at port 22. But this poor poor 22 is not opened in the s D group in the inbound rules, which I haven't returning it. So what will happen that even though you have generated the key map it first. So we will browse it even though you have mapped it. But still it will not work. Why? Because in bone rule is not being allowed yet. Okay, so first we will save it. Come here. And here we will say. Well, give give it a name. Eight of Louis de Demo. Save it. Once done. Now click on open. So what will be the output? What do you think exactly Will not connect. So it is trying. But the port is not open there. So that the reason it is keep on trying. Keep on trying. After some try, it will return the era of CEO after some time it through network interconnection. Time out. Now what we will do, we will write a security group rule for inbound or incoming traffic. Okay, let's do it. Click on. OK, that's okay. You go away and now we will go here. We need toe. Come here into the network section. So here, sick security groups. And then we will say like the as did m o and in the end, it so here project. So here we need to click on it. It turned. We need to with specify the A sausage. And we need to open the port 22 the source I'm going to use anywhere. I'm opening for everywhere to select it. So any off the I p can access this instance for timing. I'm keeping it like so have added it saved. Now I have a reader rule. So this rule is being added. So now again opened the party software and what we will do, we will try toe connect again. Let's do it. So here we have already created its Oh Lord it So now try to access it. See you. It got connected. The committee. Why? Because we have allowed the ESA such panic. So this is war Security group rules it work as a firewall so that you can allow or disallow at any time. So by default from a security group, prospective are born. All the traffic which is going out from the easy to is being allowed. So all traffic is being allowed from easy to instance. But in boned, you need to a specify which I p is going toe access this easy to instance So it is really important to understand in bone traffic. And Lord want traffic to understand the security group. So this is what I wanted to demonstrate you in this station. See you in the next session where we will discuss some new topic. So building Bob, I take you. 15. VPC Component RouteTable: Hello, guys. Thanks for joining the station. In this session, we're going to discuss about another re PC components that is called Route Table. So let's jumps into the discussion from where we have left earlier. So last time we have discussed about sub nets and cider block. So in this session, we are going to discuss about root table. So what, actually route table is and why we use rooted. So Rude Table is one of the component off BBC where we can restore the roping information about the sudden it. So let jump in tow the diagram, and we will discuss in more detail about the route tables. But before understanding that how rude table works, I wanted toe and discuss some of the major route table concept. So let's look into that work actually looted, and then we will. And then we will come over here and discuss for the so these are the six concepts which we are going to discuss. So let's start with men, drew people. So what happens is that when you create a BBC, it automatically has a main route table. So the question over here is what actually this main do people do so The answer is the main room table controls the routing for all sudden it that are not explicitly associate it with any other route table. You will come to know more about Main route table when we will do the lab. Some of the points to remember or main road table is that by default, when we create a non differed with PC, the main route table contains only a local roots. Here we get a new tone that is known default. Vpc. I wanted to let you know that there are two ways by which you can create a BBC. The first way is the wizard based that recall it. AZA Before we PC as most of the configuration, we will use the default one, which was provided way eight of Lewis and we will stick with those configuration. We will not do any kind of changes, so this re PC is referred as default BPC. There is another way that is called normally for me pretty that is related to the custom three PC creation to where we need to configure each component of VPC, and then later we will associate those component at the time of creating three PC. So these two concepts you should remember whenever you are hearing non before we pretty, that means it is related to the customary pretty, where we provide our conflagration. And whenever you are hearing before we busy, that means they're talking about. We have used wizard based re PC creation, and we have kept the country gration, as is, whichever it of Lewis has provided so as simple as this. So moving further. Another point to remember is that when we use the BPC wizard in the console to create a 94 PPC with the net gateway or virtual private gateway, the result automatically had route through the main route table. For those gateway, it's Another important point to remember is that we can't delete the main route table, but we can replace the main route table with the custom route table so normal for the we will discuss about custom route table by default. A costume room table is empty and we can add route whenever we needed. When we use the VPC results in the console to create a VPC with an Internet gateway, the wizard creates a custom rooty will and add sir route through the Internet gateway. One way to protect your re PC is to leave the main route table in its original default estate, then explicitly associate eat new Submit that you create with one off the custom route tables you have created. So this ensures that you explicitly control how eat some knit groups. Traffic seem like men do table. We can add remove and mortified roots within customer table. But here, unlike Mander table, we have option toe. Delete the custom route table, but we don't have any option to delete main route table. So this is one off the difference between custom Rooty will in main route table. Let's move forward earned the stand Route Table association so it is basically association between a roof table and submit the ROOTY will associate it with the sub net controls. The routing for that sub net. This is quite the straightforward, so moving further and look into their destination. This is also a straightforward so basically destination related to the destination cider, where you want rapid from your submit to go. Once we understand destination now, we will move forward and looking to target. Target is also very much a straightforward the target through which send the destination traffic. So here, for example, Internet Gateway moving further toe Another concept doctors local route. Local route is nothing but a default route for communication with then repeat. So now we understand these concepts, we will move further and going toe the diagram. We will understand that. How we Pretty rude table. Well, so if you're looking toe this diagram, you will find that there is something called rotor. This is called implicit rotor or implied route that we use without table toe control. Where network traffic is directed Eat sub net. In our repeat, E must be associated with the road table which controls the voting. For the sudden it we can explicitly associate a sub net with a particular road table. Otherwise, the subcommittee is implicitly associated with the main road table. One point to remember over here is that a sub net can only we associate ID with one root table at a time, but you can associate multiple sub nets with the same route table. This is important. So this is what I want you to discuss in this session. But prior to closing the session. I wanted to show you how the voting they will look like. So basically, it looked like this where we have an entry for destination and the target. This is the entry for the side of Loch and which is referring to the local. This is also different. Tow the local here. You were finding that Internet gateway in three toe that it will communicate with the Internet when we do the lab, then we will find all these things and you will feel more comfortable with all these concepts. One thing I wanted toe tell you that if you are not able to understand any off these concepts, that's perfectly fine. What do you have to do? You need to go to the lab and look into the lab and understand that what are the things exist over there? And then again, come back and look into these concepts that will make much sense. You follow the reverse learning process you took and try this one. So that's it. Gates for decisions in the next session till then. Bye bye. 16. VPC Component Internet Gateway: Hello, guys. Thanks for joining decision in decision. We're going toe looking toe, Another repeat see component that is Internet gateways. Who? Let's look into the diagram where we have left earlier. So in this diagram, we have already discussed sub net out table. No, we will do their discussion on Internet get way. So what is Internet gateways? So basically, Internet Gateway is one off the VPC component that allows communication between instances in our everything on the Internet. So basically an Internet gateway serves two purposes. Forced it provided target in your VPC route table for Internet route, table traffic and second toe perform network address translation. For instances that have been assigned public I p v four address is so majorly for these two things. Internet Gateway is being used within VPC infrastructure. Internet Gateway supports both kind of traffic. That is I p before and I people think now we will move further and we will look in tow a diagrammed wonderland, the Internet gateway you know, more proper manner so that you can get a holistic view about the Internet gateway. And whenever any questions comes regarding Internet Gateway so that you can confidently answer the question. You know, let's jump into the another diagram. So now you can look in tow This diagram and you will point the Internet Gateway can be used to to provide the access off Internet toe the instance off the Southern that So here the questions comes over here Is that how do we enable Internet access for the easy to instant ? So then I can say that this is more off lab question. But again, I wanted toe introduce their steps which is required to enable the Internet into the instance off BPC. So basically it is a four step process and the forced to step what we need to do we need to attach an Internet gateway to the world should pray, would clothes. That is our VPC Now Can you tell me what would with a second district? We have discussed aboard this in our previous component discussion exact, so we can make an entry off Internet gateway into the root table. So when we attach Internet Gateway toe the VPC for providing the access off Internet toe the easy to instant, and we should make sure that we should have unique of leak, I ve addresses is allocated toe. Each instance is reachable in stances. Going toe have Internet access. So this is the third sister p should rally. Did the uniqueness off I P addresses off each easy to instances now coming to the fourth step. This is also very important and we have already discussed able this thing in one off our earlier discussion. So the fourth step is we should make sure that Security Group, often easy to instances, should have ruled to allow Internet Gateway l Security Group will not allow the Internet access. This is one point. Another point. There is something called network access control, which we will discuss later in the course. But for a time being just considered that Nicholas, also one of the component of virtual private cloud, that is, we PC that should also have an entry toe allow Internet gateway within nickel. So this is really very important to the fourth point, which we have discussed for enabling the Internet access to easy to instances. We should make sure that nickel network access control should have entry to allow Internet Gateway and and Security Group should also have an entry to allow Internet gateway So now we understand that how to enable Internet access to any off the easy to instances off virtual private cloud. So now we will move further and we were discussing about some of the points to remember. So the first point You should always remember that to use an Internet gateway yourself, Nets wrote Table must contain a rule that data Internet bound traffic toe the Internet gateway. Another points to remember is that in a will communication over the Internet what I p before your instance must have a public i p before red dress or and elastic I period rid that's associated with the private eye. Be before address on on our instance. Our instances only aware about the private I P addresses speed defined within the VPC and submit another points to remember is that the Internet gateway logically provide the oneto one not on behalf off our so that when traffic leaves our re busy sub net and goes toe the Internet, the reply addressed religious said toe the probably cape before rhetoric or elastic i p address off your instant and not its private i p address. So this is about enabling communication over the Internet for i p. Before now, we will discuss about how to enable communication over the Internet. But I'd be very sick. Soto enable communication over the Internet for right people say so to enable communication over internet. For I people think our VP CS Avnet must have an associate ID. I previous six cider block and our instance must be assigned. And I PV six Andhra. See you. There is a beauty six address and this is IBV. People red dress in the diagram from the range of the submit and make sure that I P v six addresses are globally unique and therefore public by default. So this is what I wanted to discuss in this session. Seeing the next session. Tilden Bob Arctic you. 17. VPC Component ElasticIP Addresses: Hello, guys. Thanks for joining decision. In this section, we are going to learn about elastic I p addresses. So let's jump into the diagram where we have left earlier. So this is the diagram you are no familiar with. So so far in the three PC components understanding, we have learned to votes off nets. So table Internet Gateway No. We will discuss a vault elastic AP addresses. So basically an elastic I p addresses static I p address whose design is similar to public i p before Edris. The last take i p address is basically designed for dynamic cloud computing. So what does it mean? It means that with an elastic I p address, we can months the frail euro and instance by rapidly d mapping the address to another instance in our repeat e So basically we can associate and elastic appeared with any instance on there talking to face for any re busy in our account. So, no, we have some idea about elastic I p addresses. Let's move further and we will discuss about some of the points to remember while walking with the last kick I please post going to remember is that in for elastic A pre addresses in news that is not chargeable. But if you create the elastic i p address and you're not using it, then it is chargeable. Heat of Lewis has give this building a structure because eight of Louis doesn't want that somebody will block the particular i p address and not using it. No moving for, though Another point to remember is that elastic I p this is can be assigned toe only one instance at the time. Another point to remember is that if we have to see it and elastic i p address returners zero network interface off your instance its current public I pretty for is released to the public KP address pool. And supposing kids, if we're disassociating the elastic i p address from the eternal zero networking toe face, then in that case, the eternity networking toe phrase is automatically assigned a new public i p before address. And all this happened within a few minutes. This doesn't have play if we have that has the second networking toe face to our instance. The another points to remember which we're going to discuss is really, really interesting and very useful in case of failure. So the point is we can move in elastic I p address from one's chance to another instance. The instance can be in the same repeats here another. We've et So that means with this behavior if, in case any failure is happening and end user will never come to know that failure has happened As we're sticking with the theme static I p address with the help of elastic I p address another point to remember for elastic I P addresses is littered with the lifeless panel off elastic I p. Address an elastic I p address remain associated with our AWS account until we explicitly released them. This is also a good design from a job, Louis, so that nobody else can use the same i p address without the release or say without its availability. So, no, we will move further and we will go to it of with management console and looking toe the components which we have discussed so far, along with elastic I p address Guys, we're having our detail lab for three PC creation where all these component is going to be used. This I'm doing because I want that you should become for table enough. Whatever we're discussing or save whatever we have discussed so far, that will make sense in a much greater way. So let's jump into the AWS management concern. So we are now into eight of Louis management console. So here, how do we can access all those competent? So the better ways that we should come here, click on services and click on Be PC. You just click on it so it will take you toe the basic management console. And from there we can get the dashboard along with the component details. So this is the dashboard off bpc complement. And here you will find that whatever the components we have discussed so far, which is existing over here like submits, wrote table Internet Gate with I will come toe this aggressive only Internet gate with component later. Now we're discussing the elastic. So the last take I mean, if you wanted to create, then you should come over here and used this interfaith were locate new elastic I p. And so from here, you can could hear their last two KP actress and that you will associate with this prayer. What clothes or save with this BBC. So this is what I wanted to demonstrate you in this sessions here in the next station. Tilden. Bubba, take you. 18. VPC Component Network Address Translation(NAT): Hello, guys. Thanks for joining. Decision in decision. We're going to discuss about another repeat see component that is not get with and night instances. In short, we're going to discuss the vote net. That is network at this translation. So let's jump in tow the diagram. So, no, we're in tow. This dagger we have already discussed revolt submits road people, Internet gateway and last session. We have discussed the water elastic I p no, we will discuss of or Net and we will discuss about, not gate with along with Mac. Instance so majorly, we're going to discuss the world night gate with but practical discussing about not Gateway was his napkin stance. We should understand that. What? Actually noctis tonight. The stands for network address translation. So here the question. Come, please. Where do we use? Not so to answer the question. We use net toe in a bill. Instances in the privates, off net to connect to the Internet. So you must be wondering that. Why should I connect private in stances through the internet? And if you wanted to connect to the Internet, why do we created the instance as private instance so to answer your question in certain scenarios where we must have to keep our instances as player it because so kind of applications, like databases, monstrous aid into the flavor instances. And we want to connect the private instance toe the Internet because off software update within private instances, so then only private instance can access the Internet. What Internet? Current aerobatic Texas toe. The private instance it would we achieve this? We need a mechanism which will take care of this complex scenario. And the mechanism is not networker this translation. So no large. This with the world Whole night basically works one night, the ways forward traffic from the instances in the privates of net through the Internet or other AWS. So with it and then since the response back to doing stances when traffic goes to the Internet, the source i p Before red. This is replaced with the not the weight address, and similarly, when the results roughly goes to do since chances tonight, the waiters translate the orders back to lose instances like retyping before addresses. Now we understand that how it works, we will move further, and we will discuss about some of the points to remember 90 races are not supported for I'd be real X traffic. We can implement that design with the North AWS infrastructure by two. With either we can all the not get with over system made of Louis or we can create not easy to instance using that a mice provided weight of Louis. So here question comes is just the best way or said a commended way for Nat management. So the recommendation from eight of Louis is to use, not get with. Why? Because first of all, not get racism is a managed service. So the benefit off managed services we don't need to give the administration effort now more for the we were looking toe one off the architectural right ground and discuss some of the important point. So this is our not get with set up. If we will look into that, then you will find that it in need of Lewis. We have a set up of the PC and that contains so full of the sub minute one is the public submit. Another one is the private submarine. And here you will find that in the within the public seven it there are three C two instances is running with the following elastic eyepiece, and it has not gateway associated with. And within the private submit, you will find that there the data with Sober is running three database instances off the sober is running and there is a implied rotor is also being applied to do the communication with the public of networks over. So here you will find that if you're looking toe that it is going through him fried rotor. And here is going toe, though not get with. And then your communication is happening over here and here you will find that the entry for not Gateway is done in main road table, also within the custom fruit table. So, as we discussed that supposed that if we want to do any kind of a pad or say software update process, want to run the software update process and we need to access the Internet who don't lure the soft bread and run the path into this database over. This is not a feasible solution to expose this private sub net as public seven as it is a risk for the business nag, it will help us in this situation no discuss some of the important points to remember about not get way. The point is to create a not get way. We must specify the public sub net in wheat not get with should reside. We must also specify an elastic I pre Andris we associate with the not get way. When we created one point, you should remember that elastic I p address cannot between once we associate it with a net gateway Another point related to the configuration. Once we have created the land gateway, then we must have toe obeyed the route they will associated with one or more off our privates of net wind, Internet bound traffic toe the net. Katri, this strip is really very important as this is step enables instances in our private suddenly communicate with the Internet. So these are some of the point or it's a good point for not get way. You know the question. Come over Myriads. Is there any limitations off? Not Gateway. Then I can say that yes, there are certain limitations. We will discuss that limitations now on that get with support five d repeat so bandwidth and automatically scales up 2 45 Gbps we cannot associate a security group with, though not get way. We can use security groups for our in stances in the privates of net toe control the traffic when from those instances we can use a nickel or the net Okay, seal to control the traffic who went from the sub nit and wit not get with located? No, we understand this. We will proceed for the and discuss some comparision between ad Gayatri and not in stances . Who the first aspect off comparison in a level ability. If we talk about not get with the navigate with highly every level as it is a man, it's over. It's so not get within each availability zone are implemented with redundancy. We should create a nag a tree in each of litigation to ensure zone independent architectures on the other hand or night and stances in terms of availability, we need to use a script to manage fail over between instances now moving toe the another point off comp arisen is bandwidth in the band with suspect not get with can scale up to 45 db peas and on the other hand, not in stances. Bandwidth can be depends Opondo Instance type now moving further. Another point of comparison is maintenance maintenance way with not get re. You don't have to bother about in tenants as it is a man of service. All the maintenance thing. Administrative task is taken care by eat of Lewis and we talk about net instances and it should be managed by us. Only any kind of patchwork likes after a break operating system Patties on the instances we're night and stances running is all these things are taken care by us only. So these are some of the major point off competence which I wanted to discuss with you regarding that gateway. Worse is not in sterile. That's it, guys. This is what I want you to discuss with you in decision in the next section. Till then, Bob, I take you 19. VPC Component Egress Only Internet Gateways: Hello, guys. Thanks for joining decision in this session, we're going to discuss the vote. Another BPZ components. That is a good only Internet gate with So let's jump into the discussion. So basically an instance in our public submit can connect to the Internet through the Internet Gateway if it has public I P v four address or an I P. V six address as we already know that I people six addresses are globally unique and therefore public by default. Now suppose if we want our instance to be able to access the Internet along with that, we also want that to prevent the sources on the Internet from initiating communication with our instances we can then use Agrees only Internet gateway. Now let's look in tow This diagram in this diagram every PC has an I. P V six cider block on the submit in the VPC has people six cider block. A custom route table is associated with sub net one and points all Internet bound I P V six traffic to and egress only Internet gateway in the VPC here, I want you to discuss some of the characteristic off, agrees only Internet gateway with agrees only turn it gateway. We can't associate a security group, can you? Security groups of four hour instances in the privates of net toe control the traffic to win from those instances. Another one of the characteristic off a grace only Internet gateways that we can use on nickel that is cornetto is heel toe control. The traffic to and from the submit, for which the agrees only Internet get reroute traffic will work. If you understand this diagram, then you can easily understand that egress only Internet gateway. So now we have little understanding about agrees only Internet Gate with no, we will jump in tow creative Lewis management console and look into the VPC section. And from where we can create this if Greece Internet it we or Cygnus only Internet gateway . So let's go to the aid of Louis console management. So we are in tow eight of Louis console management. So here, when I want to access the VPC than first thing we need to do, we need toe take on services and here we need toe type BPC. Then we will get the option and when we goto the VPC, then we will find all the components which I have discussed with you taking time. It is coming now. So see years where? The left side. We're getting the navigational bar, and they're the right side. We're getting the dashboard. So here we will get the cigarettes only Internet gate with option over here. And if you click over there, then we will find option to create the agrees only Internet gateway. So from here, you can create the agrees only Internet gate with. So this is what I wanted to demonstrate your indecision. See you in the next session till then, Bob, I take you. 20. VPC Components VPC Flow Logs NACL Implied Router: Hello guys. Welcome to another session in decision we're going to discuss about remaining we busy component that is we pretty flu log, nickel and implied rotor. So let's jump into their discussion. So so far we have discussed sub nets Rout table, Internet gateway elastic AP not get with not instances, security groups. Now we will discuss about three PC flew low nickel and implied rotor. We will start me repeating through long. So what is re PC flow log? Repeat The flow logs is one of the mechanism by which you can capture information about the I P traffic going to and from network into phrases. In our repeat e PPC flew Long data can be published toe eight of Louis Cloudwatch logs and image on a street. So these two services still need to discover for the time being just considered that these air the Morton managed services off eight of Louis. We will discuss about Cloud what and Amazon s three in the upcoming stations No moving for though we will understand that in worked Oslo logs can help us. So the answer over here is through logs are really helpful in diagnosing overly restrictive security group roots. Another important task their flu log can help is monitoring the traffic that is reaching to our instances. Flow logs can also help us in determining the direction off the track who went from the network interfaces. So now we will discuss someone's to remember. For every PC flow logs flow law not only created for VPC, we can create a flow lock for submit or a network interfaces. Suppose if you create a flow logs for a sub net or for re PC. In this scenario eaten, you're talking to friends in the sub Nittel. VPC is monitored. Another point to remember is that flow log data for a monitor networking toe Faith is recorded as low, long record, which are nothing but a lot given, consisting off feels that described the traffic flow now moving for, though, when we create a flow logs, we must have to specify for which resource we're creating this flow law. This is what I wanted to discuss with you regarding with busy flow logs. Now we understand that Why do we use now another repeat see component, which we're going to look into it? That network a seasons is he really stands for access control list. So let's understand that why we use network A Seal's basically undertook access control list is an optional layer of security for our VPC that act as a firewall for controlling traffic in and out off one or more sub net. So that means it is a security on top of sub minute. Let's jump into a diagram and we will understand it better. So no looking toe this diagram. Then you will find that there it is an extra layer of security on top up some night. That means you can provide inborn rule and are born rule for accessing the sub minute through the network E seals prior to security group. So know your family with all these components, and you are looking into that we are having a extra layer of security in the form off notebook access control list, which will pass through Summit to access the instances. So now the complete picture will look like, I suppose that if any off the request coming so it will come through router than it would look into road table, and then it will go into network A Seal's where network a seal's looking toe. The involvement are born rule whether the incoming request from an I P is being allowed or not allowed. So on the basis off that it will proceed further if it is being allowed. Then again, it will come you and check the security group whether the I P is being allowed or not allowed in the security group to access the instance. So this is the complete No, let's discuss about some of the points to remember while walking with Network A seals. This point is very important. Another point which I'm going to discuss. That is, when we create a custom network, a seal and when we associate with the sub net by default, each custom network is heels denies all in bone and our born traffic until us specify the rules to allow a specific eyepiece, which you want to allow moving further, and we will discuss another want to remember eat some nitty Nora. VPC must be associated with a network, a seal and supposing kids, if you forgot to mention near Tokyo, seals explicitly, then submit will automatically associate with the Fort Network access control list. Another point to remember is that on network access control list can be associated with multiple submit, but the sudden it can have only one association with any network access control list at any time. No moving toe. The another point. But before discussing this point, I wanted to take you toe eight of Louis management console where I can show you how the network access control list look like. So let's jump into it of Louis management console. So we are in tow. AWS management console again. How do we can access service? We can come over here and I three pc selected, so it will take us to the VPC console. So we are in tow. Vpc dashboard CEO. It is a part off sick purity. So you should remember this page. So now we will go into network a seal and here we will look their entry off a CSO here we can see that we have six of knit association and now you will find the rules. The rules are in, bond rules are born. Rules submit association For all these detail, you can find a way so to discuss the point which I was telling now so you can see how it is being designed, you will see the the rule number it has given the rule of execution off. These rules happened in order, starting with the lowest number. The highest number you can use for the rule is 3 to 7, double six. So keep the rules values within the range 3 to 7 double Six years of Louis recommendation is that we should start by creating rules in increments like 10 or 100. Over here, it is being used 100 so that in case any of the new rule which you want to insert, we can insert with in between them. Now let's discuss about network A seal schools. So you will see that the entry off Network A seal's rules which contains rule number type protocol for print source allowing deny for in bond rules You are getting source over here for our one rule. You will get destination over here. So here you will find the entry rule where I already mentioned that you cannot specify the number because it will execute from the Louis number type type is nothing but a type of traffic like ssh connection. In the protocol, you can specify protocol that has a standard particle number in the port range where you can specify, like port 84 for three. And for the sources, you can specify the side arranged from where the traffic is coming and allow and deny you can. I specify that whether it is being allowed or not allowed one last point, which I want to discuss regarding network access control list is that like Okay, seals are a straight list. That means response, which is being allowed in inborn traffic, are subject rules off our born traffic. That means whatever allowed in inborn rule, the same will be allowed in our bone rules. But that is not the case with the security group, which I have discussed in one of our session. So this is what I wanted to discuss with you regarding Network A Seal's rules. So let's move further and let's look into another VPC competent. So another component which we're going to look into is that implied rotor. So let's discuss about implied. There are turtles jumping to their diagram. It is one of the straightforward component. If you look in tow that it is nothing better component, which is helping in routing the traffic. So any traffic which is coming or going, it will go through rotor. It will check that from where the traffic is coming and from where it will go. This is what I wanted to discuss in this session. See you in the next session till then, Bob, I take you. 21. LAB Default VPC: Hello guys. Welcome to another session in this session. We're going to look into lab for VPC. Whatever we have discussed in our theory section, we are going toe work with VPC where we will look into default bpc along with known default vpc That is custom virtual private cloud. So let's jumps in tow it of Louis management concern and gets our hands dirty. So, guys, we're into AWS management console. No, we will move further and go toe the PC guestbook going to the U P zero as rude. We have two options. What we need to do. We need to come here and click on services diary pretty so you can go it from you or you can sort you and you will find that networking and content delivery or click on re busy. The ones who click on we proceed will take you to the CPC dashboard. So in this dashboard you will find that we have one vpc six sub nets, one room table, one security group, one network, A seals. So these competent we have already discussed. So you must be wondering that we haven't created any kind of repeat yet. But why do we take this over here. So here, the first point to remember. Come. So what happened that whenever we're creating an AWS account on that time AWS creator Ah vpc in each regions that I will show you And this three pc is the forgery pretty so it Let's look into that Once you go inside that then you will find Over here there is a flag mentioned the full vpc Yes, So that means it is a deformed bpt. But when we create all custom vpc then you will find that this flag is said to be no Now we will move to the other region and we will look into that Is there any re PC is also being created while creating off readable is account so we can go to any of the reason. For example, US West, North California we will go there. Then we will find that there is another BPC is also being created while creating the AWS account. So it has created a very busy in each reason. See, the number is a little different. You PC iPhone 59 cdd e three eat. So just remember this number and what was the number we were having in North Virginia. I will show you. Come here. Then you will find that this number is different. So here you will find that 73 V for everyone. So now, moving toe the dashboard again and you will find that it has six suddenly. Why? Because it has this reason North Virginia reason had sex. Several abilities on that. There is an intense six sub net. If you go us East Ohio so here you will find that it has three sub minutes because it has three of liabilities will know we will move further and again. We will went back toe not Virginia reason. And we will go inside the we pity. So we're into the VPC and we can go inside it and we will tag it so you can give a name so that it would be easy to recognize that you can give it to a name before we proceed. It is really a good practice to provide the tagging, Jordan. No, we will go to the dashboard and here you will find that we have sub nets and why it is being click submit. Because this region has six. Several abilities. What is also good practice? Tow tank. The sudden it's as well if you want to do that. So it would be really easy to get to know what what the subject is and from where it belongs. Toe you will tag it as well. Commune. Tag it. Give it to name. Let easy one of net is too easy. Three. So we can tag it like this way Tagging is really very helpful. When we want to troubleshoot these sub nets, you can find that it is being associated with same re PC. So now here you will find the details have. Although some next year you will get their description that what is the subject? I d What is the state which we proceed is being associated with So here you are getting a number that is 4091 So you must be wondering how this number is being given to Let's discuss about some of the man. If you're looking toe i p before cider this one, then you will find that it has given twenties last 20 and it has total number off 42 seats . So that means 30 to minus 20 we're having to elope, Know, understand the man. That means we're having in hand to a little bit. On the basis off the hand we can generate the I p and system. So now I will open a calculator. So if we will find that, too, to the power off 12 that will give us a number 4096 But here we're getting 4091 looking toe that 4091 Why is it so? Because five addresses which either Lewis will not provide, and they will keep it for their uses. So we can't use it. The talk for and the last one and the top for So you should remember that the top four imagine will keep it, and the last one imagine will keep it. Between that, you can use anyone so that the reason for 096 minus that fiver addresses the top for and the last one will return a 4091 So that the reason you are getting a P before 409 months, That means these number off I P addresses you can locate within this sub may. Well, just remember that and the other information you will find over here is that flow locks which we have discussed earlier through people fruit people, information which is being associated with this of net nickel tagged the tax which we have created over here it is being reflected and sharing is the summit is being shared anywhere . So it is not given the information because we haven't shared it for no moving for though we will discuss about root people's jumped into the roof table. So here you will find that this is a root people which is marked there. Yes, in the main. That means it is a main route table. If you remember that we have discussed about main route table in our theory section, You can else attack the round table over here with the name core main table en route with. And now if you remember this diagram, then you will come to know that we have in tree over here, which is being mentioned like Ken Burns 0.0 dot zero last 16 that is representing the local . So where this entry happened, let's look into that. Then there is a tab called route. If you were looking toe that. Then you will find that we have an entry over here. Like here We're getting one. Put 1 $72.31 dollars 0.0 slats 16 and that is representing the local. This route table has an also entry off Internet gateway. So you must be remembering the authorization. That way we use the round table so it will be used to rule the traffic. And this route table is associated with the implied route and router can be used to grow the traffic with the help of this round table. So by default you will find that it has to intrigue. So the first entries, this one's a word. This entry mean, waited, representing as local because if any, off the traffic which is coming within this range, this is a side of Loch Range which you will get over here. If you will go into the VPC dashboard within the VPC, then you will find we have a side of loch range, the same range which is existing within the root table. So if we're getting the traffic within this range, that means that is belongs to the local. This is what this entry means so basically this entries for the local within the seven And now we were moving further than we were looking toward this entries Isidore Blue for entry . That means so it is applicable. All die pays which is coming from outside Apart from the sub NATO, that means forced entry for local within the BBC and second entry for outside the VPC. So you must be remembering We have discussed about Internet Gateway in our theory section where we have discussed about whenever any back it is coming from outside of the VPC, it must come through Internet gateway and Internet gateways associated with the implied rotor and implied order disassociated with root table where we can check that where this packet should go. One important thing which I wanted to show over here. Whenever we're going in tow, they didn't You will find you don't have ah probe isn't toe leader before local but you have an option to delete the Internet gateway and this entry you confined in all the round table within the week BC, Whether it is a photo able or whether it is a custom road table, the local interests would be associative within the repeat sea route table irrespective of type, whether it to the main road table or a custom wrote table, this entry will exist way because it contains the I P address ranges within the CPC No moving photo. You can check the subject associates and within the Southern attests a season taboo. Here you will find it has six of minute association over here. So now moving back to repeated Daschle? No, Here we have understand in this lab that default VPC came to know about what happens when we create an account with a w it than eight of fluids. By default create three PC in per reason. We have also discuss about subjects We have also discuss about truth table. So here are my stopping in the next session we will do the lab to create the customary PC in the customary pretty where we will create the sub nets through table Internet, get with security group network a sales by our own and then we will associate those component with the VPC. So this is what I want to discuss with you in decisions in the next session. Till then, Bob, I take care 22. LAB Custom VPC: Hello guys. Thanks for joining decision. In this section, we are going to implement custom repeat see? So let's jumps in tow the diagram off customary PC which we are going to implement in this app. So this is the architecture off our custom vpc where we're going tohave to sub nets of net wants of Netto, Main road table, custom route table, Internet gateway and the implied rotor. So no, let's jumps into the heat of Louis management console and design our vpc So we are in tow AWS management console. And here we need to go below. And there, in the networking and content delivery, you can click on re PC. It will take you to the VPC desperate. No, we're into vpc dashboard. Next, we need to click on your PPC this We have already seen that we have a default entry for a day for the BBC. We have already discussed in our last session. Now here we need to freak on this Create we PC weapon first, let's create it. So we're in tow. Creatively prissy form. Let's understand. Here you need to provide the cider block range you remember? Why do we use side of Loch Range side of Loch Range will be used to provide the range off I P addresses at the third option I p with six cider block, we need to choose No, I people succeed of look for this particular implementation at the fort, there is something called tendency. We will look into the options so default and dedicated to dedicated. So that means the hardware which is being a located toe this vpc that is goingto be only used were you so that means it is not shared. But if we were using before to that hardware is being shared, whichever eight of Liz will locate to you. So this is the difference. So let's fill out the form toe here we will, right on the range which we are going to provide over here is that daughter don't know 00 slash extinct so you can get the information. If you have any doubt, you can place your course over here. It will let you give you some tools, tips that way this feel IDs being used for because I already explained no moving for the week politically con create what? Until we have, you don't create Witten So it will not take much temps. So it is being created. So now it will take us toe the VPC desperate. Here we have created this one custom repeats and if you will go inside that, then you will find all those detail what it has being a So the main thing you will find over here that the default BBC you were getting over? No, as it is a customary pretty. So let's look into that. What are the things which is being created when we have created discussed a repeat c So the resources which is being associated with customary pretty we were going to solve nettle. We will find that only 67 it not Virginia reason and that is being associated with the default Be pretty. So that means there is no communities automatically video. We need to create a suddenly and that we need to associate with a custom repeating Let's look into the round table, go to the round table on what we will find over here the main road table it has created. So why default? Whenever we were creating any kind of v p c x, create main route, they will by default and that is being associated with the custom repeating. Go there, then you will find over here and you will find that main door table, which is ending with 60 Cito. Now we will go to the devil and we were very find that it's ending with 6 82 So that means this round table is being automatically created when we created the custom bpc. So let's move further and looking toe that other competent with that it has been created or not. We will move for the Internet gateway. So you will find that there is only one entry that meant it hasn't been created. Any kind of Internet gateway this Internet gateway is being associated with before we PC, no moving further and looking toe the other component from the security aspect goto the network a seals and you will find that there is an association the year customary PC, so it has by default created a network a seal's nickel for our customers. So how do you are going to find that it is being associated with our custom? Vpc will check over here. It meant in that customer. Now we have seen that network case years normal for door and looking toe The security groups within the security group you will find there is one security group is also being created to look into that Over here This is the security group which is associated with our customary PT hold. We were into fighting the customer everything the I d and you will check here that what it is ending with 58 for you can go there to your reap between created ending with five report And that name is the custom repeated. So it is being associated with the The security group is being associated with the custom repeated to just give a name that has come before security group so that you can identify it. It is always a good practice to give tagging so that you can recognize it to know we will proceed for their and creator sub net and that we will associate with our customary PCU. Let's go toe the subject And here we need to create on click on create sub net Now in this form, we need to fill in the details off the summit which we want to create, like name off the summit and which we piece it is going to associate it with. And we need to provide the availability. Joan, Preference. If you will not provide, then it will automatically choose that. And here we need to provide the I p before cider block or summit which must be fall within the wider range which we have defined when creating the VPC. So let's fill in their details Now Here we will fill that east of nets of net one and here we need to choose the customary PC. And here it is, tagged also default, BBC and custom. VPC So now it has automatically pick up the VPC cider block if we're not going to choose availability zone and what will happen that AWS will automatically pick the availability zone for us Now here we need to define the range. But prior to that, we will also choose the availability zone over here. So we will choose the U. S. East one so it must be associated with one off the availability zone. If we will not provide, then it will automatically pick up. But we have to the newest East one now here. We need to provide the sub net or you will write and not zero dot We should all into the side of rain. We have provided i p before cider blocking defect Any point of time if you have any doubts so you can get the information with these iconic over here you will get the details vote What? Actually, it is why this really getting you So it has given for each of the field we were using And what is the purpose off these fields? So click on create weapon. Once it has been Dunton our sudden it is being created to see your We have created a custom sub net and it has given that to 51 Do you remember why it is 2 51? As I told you so This is 32 We talked on 30 to minus 24. It has given a on We will find that again I will do the same calculation for you to hear our calculator latest 30 to re talked it and we have told that we're going to use 24 so 30 to minus 24 We remain with eight weeks and if you take out to put the power rate. Then we will get to 56. And I already mentioned that five addresses which is being blocked way Amazon so that you can remove it 2 56 minus my door for and the last 1 to 51 so that the reason we're getting over 2 51 or no moving further, you will find all the detail over here to see you were getting default cabinet. No, so far what we have. Great. So let's go jump into the diagram. So so far, we have created the sudden it that a sub net wonder and we have given the names of minute one. So now moving further and we will create those off Netto which is being associated with the different availability it's on. So let's jump into the AWS console now. Now again, click on Create submit. And here again, we need to provide thesis of net of net to and we proceeded going to associate it with the customary PC and here we will choose this time some different availability in select U assist won't be. And now here we need to provide the cider rain's off year and not, you know, don't order little dot to 0.0.0. That's 24. So now we have to find our range. Now click on create weapons so it will create a second submit. We will go and verify it. So now we have some knit one and submit toe. You will go there. Diagram. We have created the sub net one and some Nitto now moving further. So now we have to make sure that one off the sudden it is being a public servant. So how do we can do that? We need to goto the Internet gateway And first we will create the Internet gateway. We can create Internet gateway to know here you need to provide the name so you can associate C i d w And then you need to click on create So it is being created. But you will find that their status detect So we need to make sure that it should be attached. To do that, we need to come your actions and at that has to be prissy. We need to select the customary pretty. We have selected it and click on the attack. So no, this idea w is being asked with the customary PC So no, it is being get it. And here I want to be a treat. The point to remember which we have discussed in a two resection on that is you thatch. A single Internet gateway. Will BBC at any point of time now moving further, we will go into the road people and create a custom wrote table. And then we were less was here this Internet gateway to that particular road table so that we can have our Internet access within the VPC toe. We're into the low table. So we need to create over your create wrote table and given name so that you can easily eight into foreign, customer or table. And here you need to specify which will be see you want to associate customary pretty. We want to associate it can create weapon It has created a custom wrote table and here you will get an intriguing what we need to do We just need to select it and need to check what intrigued has when it is being created. Click on data you will find that it has ah local. Do you remember that why it is being local and we have discussed this thing in North Theory section. I have explained it all just because he's cider rains reachable in stances which exist within the cider drink that should communicate with each other. So any traffic which is coming with within this traffic rain that will communicate all that . The reason it has already being entered within this road table tweeted that level by default. So here, the point to remember reiterated that whether it's a main road table or whether it is the custom road table, this entry must exist within no doubt table. Now we need to associate the Internet gateway, which we have created in the last step, and we will associate that Internet gateway over here. So how to do that? We need to come over here and click on Edit Room, and then we will get an option toe add route, and here we need to specify zero dot 0.0 Zito's Last Zero. This is telling that this is going to be applicable for all the traffic, and here we need toe choose the Internet gateway, and here we need to specify that which Internet get with which we have created. The idea of look like over here. And now we will need to clear save roots. Click over your clothes. Now we need to associate a sub net, which we want to make it public. So come here and here. We need to select one off the summit and associate pull. Do the seven IT association. We need to come over here and click on edit, submit association, And here you need to select one off the Cabinet, which we have created. So we're going to make it seat summit one as a public submit photo. Do that. First, we have to click on this and save it. So now we have associated the sudden it for next to we need to make sure that or to assign public I pre is being enabled. So how to do that? We need to go into the sub nets, and then we need to select the cease of net one. And here you will find auto assigned Public Summit is no. So what we're going to do, we're going toe. Make it? Yes. How to do that? To make sure that you have selected that sub net. And now we need to go on actions. Modify your to assign I p Here, we need to select enable Auto, it's I in public i p v four address and click on save. Now go and check. So we will find that auto assigned public eyepiece. Yes. Oh no. We have done with the all VPC component configuration. No, we will move for the and create an easy to instant which belongs toe This custom re PC who lets movinto the main console and from there we can create are easy to know we're into easy to dashboard. We need to come over here and select the longe Easy to instances and here you will select the free two year only and then we need to select them is only next and then we need to select the configurations translated and here we need to select the customary PCT there it automatically Tuesday some nights which is being associated with this, so we need to select the U. S. Is east one as it is a public. So we're going to create a public instant So here, So that means we need to associate with the sub Netto, which is being associated with the Internet Gateway tal this sudden it is being associative . So once you have selected the sub net which is being associated with the public Internet gateway So why we're doing this? So because we wanted to launch our easy to instant in public submit so that the reason we are associating with the C seven it won as it is having an association with Internet Gateway. So that means this is he Two instance can be accessed using public I p no more photo and we will go there and click on. Next are the storage. We will leave it as it so we will go toe neck and here we can add some tag. If we want, we can give Ian visa webs over. So now no, next year we will move further and click on Configure Security Group. So here you can create a new security group We're also going to create over here. So here we need to choose that s TTP. So now you can give a name the SG group costume at Citigroup. Once it is being done, So click on review and launch. Click over here. Here again. You need to provide the keep your given name that still BBC demo Don't Lord the Keep Here. Save it on launch. Easy to instance So it is launching. No, we will go there. So see, year, this is C two Instance got launch and it is being assigned that public I about what we need to do this. We have long enough Public summit. Next instance we're going to launch and we will launch in tow the private submit so that we can have this infrastructure design in place. So let's jump into it of less console again. So this time we're going to launch an easy two instances in our custom BBC with private submit So click on launch and stances and the stream against Select Free to your only select And here you need to click on confident instance retail Tamir select the customary PC And this time we're going to select C sub Nitto So it is already being selected as this sub net is being associated with private summit because we haven't configured any kind off Internet gateway with this sub net. So it should be through the favorites of net only now click on Next are the storage. We're going to leave it has this leak on our tag. We're going toe click on add tangled example. We're going to keep it as a name. Give it to name. So private and stance mainly we can keep databases so you can give it a name Database one which is residing in tow. The private summit. Now we will move for the configured security group. So here you can create another security group. Give it a name. Thieves, Private security group. So here we will add rules so that it could be excess able from the database protocol only, for example, might sequel. And it should be accessible from our public Soften it. So we will choose that we will add one more. All right, CMP so that we can ping it for rights and be over here all light cmp ap before and we can access one lee from the public Instance. So here, Now, this easy to instance is being accessible from this I p, which is associated with our public. You see two instance here we can make sure that a sausage connection also you will do it from this issue to instance proceed for the click on reviewing launch now click on launch. So we need to provide a new key. Pairs were more one you can give downloaded. We can launch instances. No, A recent wins chance getting launch. So see you. This is having on Lee the private I p. But nor the public AP on this instance is only exercisable through the I p which we have mentioned. That is our public easy to instance so no, we have to easy to instances running one has the public ap you will see you. And if you look into here the database is one it doesn't have the public. I be so no, we have completed our designs. So let's goingto the diagram and understand that what we did. So we have completed this infrastructure designed where we have launched Too easy to instances one in the private submit Another one is the public submit and those subcommittees being associated within the custom vpc where we have created our Internet gateway and associate id the custom submit one with the Internet gateway. And then we have also created a custom route table where we had make an entry for that Internet gateway. So that's it, guys, this is what I wanted. Toe the most treat you in this sessions even the next session. Till then, Bob, I take you. 23. Amazon Machine Image: Hello, guys. Thanks for joining the station in this section, we're going to discuss about a 1,000,000 machine image that is called Am I? So there is the A M. A concept is pretty much a straight forward, so to understand it better, let's jump into the heat of Louis management console and discuss aboard the air Me. So, guys, we're into eight of Louis management concern. If you remember that whenever we're creating an easy two instance while going into the computer and clicking on Easy to and here we were clicking on the launch, easy to instance to in this process we are getting a stepped where we need to to the image on machine image that is a mate. So here we're choosing the image in which you know, let's understand that what actually they see me. So basically, you may provide the information to launch an instance. So see you it is providing the information like what? This instance images containing so whenever you're creating and stand losing this year minds what this contains. So this contains, like by tone drew people and job all these things preinstalled. If you want to create your own, you might. You can do that as well, so you can create the instance. We will go through the steps, water the steps required to create our own Amazon machine images. But prior to that, we were looking toe the life cycle over, am I? So let's jump into a diagram and then we will discuss So this diagram represent the lifecycle of reminds. So it is telling that once you create enriched uranium way, you can use it to launch new instances you can copy inhumane within the same reason or two different regions as well. When you no longer required. And am I, you can deregistered eight as well. So no, let's look into the steps, which is required to create our own am ways. So let's jumps into the AWS console. So the steps to create our only in weight is first recon launching instance from the existing game. It's and then we will customize the instance. For example, if we decided that we're going to use this, am I, then what we need to do? We need to select this image and customize it as per our project requirement. Example. If we're building an image for our project where each developer machine must have, Prince told reddest, and it has 10 developers. Then, in this scenario, it is really very helpful. Toe reinstall the reddest application within the existing game way. We will save it as am I. And that am way will be used way the developers. So whenever they will create an instance, they will find that this is reconfigured. So in summary creation off somewhere three steps process in the force. Chester, we need to select existing Emily and we will create an instance off that particulary Emily once for Sister Pearl done. Then in the second District, we need to configure the created instance with our required configuration. For example, in this case, we project in will install readies application on the instance. Once it is being done, then they will save it, as am I and publish it, toe the community and wait. You will get an option. Over here. There are certain community them a mite which you want to use it. You can use it toe the same way. They can also publish their my so that developers can use it. So, no, let's jump into the creation process of course, the stuff we will come over here into the quickest aren't. And here we will select the am I to create an instance. We have selected it. Now we need to click on contribute and instance. Details will come over here and here. You can provide that whenever you were creating for a my purpose. You can do it. Either you provide the Buddhist trip on that time, what will happen that it will install the required applications at the time of creation. Off instance. Who can do it with this? Where as well. Or you can create an instance and do the installation off required applications. After launching it on one's done, you can make a copy off it. So in this example, just consider that we are going to launch this a C two instance and just consider that we have installed or required applications. For example, we can provide a tag over here. Whichever tag we want. Toe white name, silver click on security group. We will keep it as is No, we will launch it. So this is the easy to condition process. Once we create this one, then we will get an instance and on that instance, you can configure your application, which I already mentioned here. We can create a new keep here and we can tell that And my demo once it is being done, we can don't load the keep here, save it and launch the instance. So it will create an instance which we have already seen. This process. Now you can go there. You will find that winning a street. But it will create No, it has been created. No. Considered that you have opened the instance and install the application, whichever the required applications and close it. So no. You want to make a copy off your instance as a name. Toe that forced to step you need to do You need to first come over here and the Stop it. So you need to come here. Click on the stop Once it is being a stop. Then you will make a copy off this instance as a name. I so no, it is being stopped. So what we need to do? We need to come over your click on actions. Images created me. So here you need to provide the details off the image. So we will give it a name called I am a demo and if you want to provide a description, you can provide it. We will use the same one. One point to remember we're here is that if you're instances encrypted the same thing, it will return. So that means for your instances encrypted, you will get the encrypted option over here. But if your enemy is not encrypted, then you will not get this option. So you will get the not encrypted option over here. So our previous is not encrypted that the reason it is giving us the North encrypted. And here we have a probe isn't where New Orleans. So you can use it that way as well. But we're staying intact with this demo with the given options. So now what we need to do we need to click on creating Mito. Once it is being done, then we will get the copy off that emitting the in my section and here you will see that the status is bending. That means it is creating it. So this is being created. No, no, let's looking toe, doctor, you can launch the in instance from the same way from the area itself. One thing. If we want to make it public and private, then you can come over here and modify the image permissions. So, guys, this is what I wanted to demonstrate you in decision. See in the next six until then. Bye bye. Take care. 24. AWS CloudWatch: Hello, guys. Thanks for joining the station in this session. We're going toe. Discuss about the AWS Cloud watch. This service is one of the mostly used. So this afraid of Louis? So let's start our discussion on eight of Louis Cloud would. So what is the basic purpose off it of Louis Cloud? What so basically eat of Louis Cloudwatch monitors either blew its resources on the applications, which we run on eight of Louis in real time. We use clothed was toe collect and track matrices. These matrices air basically variables which we can use to measure our resources and applications. So to understand it better, let's jump into the aid of Louis Cloudwatch console and we will look into the things. What are the things have level over there. So we are into eight of Louis management concert. Let's go into the cloud was dashboard toe, go into the cloud was dashboard. We need to come over here and there is something called management and government and where you can find the cloudwatch option who can click over here and it will take us to the dashboard cloud. Was that so? This is the home page of cloud work. So basically, it gives us all the mattresses about every AWS services which we use. So in my case, I'm not using any of the resources. But see you earlier. I have created some off the easy to instant Sylvan's. I created the C two instance I'm getting all this option over here. But there is no particular matrices is being set up for these resources as it is not being configured yet. We have set of this alarm at the beginning off the course, if you remember. So if we're using the resources off rate of Louis, then you will get all those details over here and you will get to know about resources. Pest free dashboard. So here, this is not limited. Toe this page it of Louis, provide us the capability to create our own dashboard. You should come here if you click on, create dashboard and we need to provide the name off this dashboard. See the blue, the mobile. Once you provide that click on create dashboard and here we can set the mattresses, the different kind of graph you can set up. For example, if you're tryingto creator dashboard which has compare metrics over time so you can click over here, Click on configured. So here we're finding these option and it has 107 mattresses in North Virginia. Reason so that the reason we're getting this 107 over here and we can set up as per your requirements supposed that if we want to set up for CPU said we can search it for so it has easy to put Instance. Mattress, you can click it to see you Here it is displaying the earlier usage off CPU, which we have created in some of the demos. So looking toe that so it is giving all the information. If you click over here, if you want to see that, you can find it over here. Well, these are the instances which we have waited while doing the demo for other applications. We have created these number of easy two instances in each of the stations. That's what it is displaying over here on this is not limited. So this mattress it, you can come up with your own matrices as well. So this is the way you can add graphs to your dashboard. So no moving further. Even feature is also pretty much used very miserably, as it enables any off the infrastructure to respond on a real time basis. Supposed that you wanted to track some unusual pattern off your easy two instances and you want the notification on a real time basis, then you can use this so as the name. Such is that imagine CLOUDWATCH e. When delivers a near real time stream off the stomach vents that describes injures in eight of Louis resources to make it complete process, you will see that three things is walking together. One. This 1st 1 is determining why keeping an eye. And then there is a certain rules on the bases off that these I will work and after that, any event will happen. What it will do, it will trigger some action, and that action is a specific toe, the targets. So here, one point to remember that imagine Cloudwatch uses different various services toe build the entire process, for example, clothed what uses a 1,000,000 simple notification services which we were looking toe further in this course. So Cloudwatch uses notification services to notify the users in case off any events. Aws cloud What is also used along with Easy toward to a scaling managed feature. Suppose in case if any outage will happen for any off the instance. So that means there is an event called out it. So in that scenario, it will send the notification, and it will do. The remediation of steps will do the auto scaling. There is other services called AWS Cloud Trail Go along with it of Louis Cloudwatch. So basically eight of Louis crowd trail enables to monitor the holes made toe the aid of Louis clothes or a P A for our count, which includes Call made by eight of Louis management concert heat of Lewis, come on line into fists and other services as well. Suppose that if you enable or say, toned on the logging functionality off cloud drill, then cloudwatch right. The locks toe the imagine as three bucket that is being a specified at the time off, setting off the cloud trail. So here we're talking about law to understand how weight of loose cloud was worth. I wanted toe So you one of the diagram that helps us toe understanding the how we'd of Louis Cloudwatch work. So let's jump into the diagram and then we will discuss. So if you look into this diagram, then you will find that AWS Cloud, which is basically a mattress repository, for example, resources that uses clothed war Easy to instant, puts mattresses into the repository, and we retrieve the statistic based on that. Mattresses on one of the best feature is it is not limited to the Metris says, which is being provided weight of Louis. We can also define our own matrices and put into the repository we have also probe isn't toe configure alarm actions to a stop start order mini and easy to instance, when certain criteria are met and this is not just limited to the information notification a lot, we can create the action able alarm as well. So what does this acceptable alarmists? So basically we can create alarm that initiate it, W a C c. Toward to a scaling eight of Louis Simple notifications always actions on our rehab. So overall, VWs cloudwatch is pretty much a straight forward services which we use basically for monitoring purpose. And we can use this service along with other services off eight of Louis to design the resilient process in place for cloud infrastructure with aid of Louis. So on this north, I wanted to restore decision. See you in the next season till then. Well, why take you? 25. Make EC2 Instance As Webserver: Hello, guys. Thanks for joining decision in decision. We're going toe. Create an easy to instant and make that easy Twins instance as a Web Sobel. And in that WEP Lobo, we will host an estimate file, and then we will access it with the public i p. So let's jump in tow the aid of Louis management console. So we're into the aid of Louis management console. So let's suppose discuss about water the steps which were going toe take in this exercise. So in the first test, triple will create an easy two instance and one CC two instances being created. Then we belong in tow that, for instance, with the Help Off Party as I'm using Windows Machine that the reason I'm using party. If you are using Lee next machine, then you can use directly assess such connection to access. The easy to instance and once reacts is the C two instance. Then we will install a purchase over within the easy to instance, to install a budget so we will execute some common, and once it is being done, we will create an estimate file, and that is Tim. Will file will display the meta data information. No easy to an instance. So let's execute the steps which we have discussed. No. So, first we will goto the compute section and select the easy to instance. And we will create any C two instance over here. So no, we're into Et tu dashboard. We will click on launch instance and here you can select the free tier only and we're going to use the 1st 1 click Select. And here we will select default option. Next, we will click on configure Instance details year. We will leave the before configuration and then we will click on next at the storage. So once it has been done again, click on next attack. We will add some tag as we were going to create a rep. Sobel So name it has a collapsible. If you want to give another time, you can give it another time. In tournament name all living commuted environment. Click on next. Conficker security group Here we will create a new security group. So provider name demo. You see two wears reps over and give the description as with so we have given the same name is description. So this security group already has assess it. We confuse either my i p or I'm going to stay with anywhere so that it will be accessible from any of the eyepiece. No, we learned another rule for Port 80. So that has to to be request will come and we can access it again. We're going to keep it as anywhere. So we have inserted with the protocol assess that was already existing. We have in certain arrested two p way because we are hosting you, Tessa Web server, and to access their steam ill. We need s TTP protocol. No click on reviewing loan. So it is giving us the warning that it is open to the world. That is fine. We know it. Just click on loan. And here we're going to create a new keep here, give it a name which we have used earlier them. Luisito wears Web. Sobel, download the keep it. We will save it. Now we need to click on launch. Instance it, which is launching the instance. So just go into the easy to dashboard. So it is still creating. So, no, it has created the easy to instance. No, we will goingto party software and connect the CC two instance So let me open the party application. But prior to that, we need to generate the PPK key using the PEM file which we have downloaded the the steps which I have already mentioned in one off our earlier session. So if you have any doubt, you can refer those. So we have opened the Partick a generator Now, Lord the key So too Lord the key We need to grab that m file So here is the perm file selected open. Done. Now we need to save it as a private key so that our party can recognize it as a PPK so we can give it a name again. Demo Easy to as webs over save it It is being saved. Now close it. So now we will open the party application and connect the easy to instant. You know, we open their party applications. Who here we need to write easy to hyphen user at and we need to grab the i p public ap. So grab it from here, pasted and at such connection we need toe Goto ought on browse the key which we have just generated for this This is the key which we have generated. Opening it open now we will go back session and here we will give with the name. So just give it a name with the machine and save it. Now we will open it and looking toe that whether it is connecting to easy to instance or not yes, it connected. So it is connected now. So what we need to do we need to type pseudo So don't let me make it full sized screen. So no, we're into full more So what we need to do We need to install the STT pds over for a party . So to do that first we need to run the update sold that we have all the thing up to write off debt, whiteness way and in tow Put operated. So it is done. No, no, we need toe. Clear it. So after that, we need to install, though as to t pds application. That is a patches over Young stole STT PD minus y in tow. It is installing a party as TPD soft, so no, we haven't started off watches over. So here I wanted to let you know something. Ready? Interesting and important when we're working with either of Louis management console. So it is very easy to get the information about easy to instance how we go into the AWS management console and whatever the information, the meta information we want to grab for this. Easy to instance, we will come over here and we will grab it. But suppose we want toe grab this meta information from from easy to console. So how do we can grab this information? So to grab this information from the easy tunes instance tw it's has provided and you were really toe access the meta data information. So let's do it. No So let's first clear it now. Also, to access the meta data information, we will be using girl as TTP 169 not to 44.169 Don't to 44 Last latest Last Met today talking pinto. So it will give us these information these meta data information when we access it. For example, if we want to access the instance I d than what we need to do. We need to use the same mural and put instance idee over there. And then we will equally how to do that. Put a semi colon and ICO in tow. So it has returned. Instance I d So what we're going to do, we are goingto bring this instance I d in one of this team Will, We will create an estimate which will display this idea in tow that as Tamil and we will access that as chairman. So this is the thing which we will do it. No. So no clear it. So now what we need to do, we need to put it into esteem and folder for party toe. Do that. We need to write goal as TTP again. I will use the rear one which we have used it. And here what we need to do passage auto as a team and we will create inestimable and address. Really, we need to put this a stimulus that where the fruit of blue slash 60 minutes last index dot as demon. So this file it will create at this location to Yemen now in tow. So it has created the file called indexed or test email at that location where the blood of Louis Human no very find that whether our easy to instants working as a Web server. So how do we can very fight? We can go back to the AWS console and grab the public ap and open that public. I've seen Tour browser, so we're intuitive Lewis management console. So we will grabbed I p. We have Graham diaper. Now we will put it into the browser and here we will access it. So no, we try to access it once you click on it. So it is not treatable. Why? Because we haven't started the SOBO Apache. So what? We need to extract it. So how to do that? We need toe again. Go back to the easy to concern and the start. The so To do that, we need to write service as TPD start. No, we need to go back to the roser and play to access the Web page again. So let's do it. We're here. No, no. Again. Try to access it. Yes. See, you regard the instance I d So this is what I wanted to demonstrate to you. But prior to closing the station, I wanted to tell you that in the next session we're going to learn about bootstrapping process. So how towboat a strap, our easy to instance at the time, off creation off et to instant. So that means suppose that if I want to create a Web Sahwas at the time of creation off easy to instance, toe water, their steps required to do that Because, as you see that here, it has so many steps required to make an easy two instance as a Web server. And suppose that if we require more than 20 webs over, so that means we need toe create an easy two instance and go one by one in each machine and do the installation off a party. So So this is really dread Gary task to ease this thing. What we will do, we will create a Buddhist trapping, which we will place at the time off creation off Easy to instance. So the exit gate this is for this session. So in the next session, till then, buh bye. Take care 26. EC2 Bootstrap: Hello, guys. Thanks for joining the station in this session. We're going to look into easy toe. Put the straps who let's jump into the AWS management console and create the Buddhist trap for installing the Apache Isobel STT PDs over while creation off. Easy to instance. So we're into it of Louis management console. So prior to writing the Buddhist trap, let's discuss about toward the exercises which were going toe perform in this lavish. If you remember that in our last session we have created a web Sobel. Along with that, we have created an estimable file and that has table file. We deployed in toe a party reps over aan den. We have access that s team will file from the browser and to make an easy two instance as a web so over we have gone through various a steps where we have first created the easy to instance. And then we log in tow that easy to instance, with the help off party application. After that, we have manually installed apart. It's over. And then we have deployed this team and so there are various steps involved in that. Who is that process? What I'm going to do in this lab. I will create an easy two instance and also write a Buddhist wrapper script that will install the STT PD. So well, that is a party s over. And then it will grab the meta data information. And from that meta data information, it will grab the instance I d and put it into index dot html. And once it is being done, it will start the service for a party s over, that is STD PD. So now let's execute their steps to execute the steps. We need to come over here and select the easy to from the compute. So we're into easy to dashboard. So now we need to click on launch instance. So here again, we need to click on free two year only and select the first option. And here we need to click on configure instance details. We will leave all these options the default option, and we will come over here and within the user data section. We need to specify the Buddhist traps. So let's trade the boldest trapped who We will start it like this. Then we need to install the TT pds after told TPD. So after that, we need toe check contract. Once it is being done, we need to call the meta data link. If you remember that, we need to write cool as TTP Colon 169 Talk to try for thought. 169 not toe four Greatest meta high phone data slash and chance I d When we will put it Toto as table four girl where slash w w do that is Deimel class indexed or test email. And then afterwards we need to start the service. 22 pretty start. So that's it. So then we will proceed four, though, and click on next time. The storage? No. Here. We need to click on again at text here. We cannot attack on. Give it to me. We're going to create a web Sobel. So give it to the web Server elected Have already done not clear that The reason we're getting the option. No click on next. Contribute security group. We're going to use the existing security group. So we have used last time this one. So we will use this one only. What if we want to create? We can create, but this is OK we will click contribution launch And here we will click on launch. We're going to use the same. We see too Que pill, which we have created earlier. We will acknowledge it. Launch instance. No, it is launching. So click on the instance 80. So it is creating No. So it is created. No, no, we need to grab this I p on. We will check that whether it is excessive will or not. Click in tow. CEO, we're getting the index door test email and it is giving us the instance I d So look here. For instance, 86 year zero toe and it is returning the same 60 of the roto. So all this thing we have done with the help of bootstrapping. So this is what Karl as a bootstrap. So that's it. Guys, this is what I want you to demonstrate you in this session. So in the next session till then, Bob, I take you 27. AWS Elastic Load Balancing: Hello. Guys will come to another station in this session. We're going to look into elastic load balancing. So in this aspect, we will learn about what, Actually, elastic load balancing is what is the benefit off load balancer. We were looking toe How elastic load balancing work. And we will also configure elastic load balancer in this lab. But prayer toe jumping into the lab. I wanted to give you some overview about the elastic load. Well, and so guys work is elastic load balancing. So basically elastic load balancing as one of the mechanism by which you can distribute the incoming traffic, other, different web so over distribution off traffic is not only limited to webs over it can be distributed to multiple targets like containers and I p addresses. But for this lab, we are going to stick with the BC two Instances, which is working as a Web server. So, guys, the questions comes over here is what is the benefit we're achieving by using elastic load balancing. Then I can say that elastic load balance give us the capability to design for high aval ability infrastructure along with four tolerance infrastructure for our application. So What does it mean to in limine language? We can understand that? Suppose if we're having an application and which is running, we hand the load, balancer and load balance. It is associated with multiple Web server and in case, if any, of the Web. So what is going down? It will not affect our application. Our application is a still accessible, as we are accessing through elastic load balancer toe. This behaviour is called fault tolerance and suppose a scenario where a request to our application is getting increased. So in that scenario we can easily add Web, Sobel toe handle the request and this is called Scaling Within AWS. We can achieve all this with auto scaling that we will discuss in for the season off the course now coming back toe high availability. High availability is mainly related with the $4 in case of failure off. Any reps over still were able to access our application without knowing that there is something or, say some reps over what field. So no moving photo. We will understand that how elastic load balance of work to understand it better, how it works. Let's jump into a diagram and then we will discuss their No, we're into diagram. Let's understand that how it actually works. So basically a load balance that accept incoming traffic complain and drugs request to its registered Web server. That is, anyone off these instances, which is have a level in three different availability zone. The load balancer also monitors the health all these reps over and ensures that it route their traffic toe. The hell the Web server in key. If load balancer detects an unhealthy Web server, the stops routing traffic with that particular webs over, it wouldn't be resumes. Who wrote the traffic toe? That particular Web server when it I didn't to find that the Web's over is healthy again while doing the configuration off load balance except the incoming traffic we need to express if I, the listeners so here regard a new tome that is called Listener. So what Actually listeners is a listener is a process that actually checked for connection requests. So basically, this listener, configured with the protocol and the port numb for connections from clients, toe the Lord balancer. We will see all these inaction when we've configured the load balancer. So now enough of theory. Let's movinto aws console and we will configure the load balance. So let's jumps into eight of Louis console now. So we're into AWS console, but pride toe configuring the elastic load balancer. We will understand that what we are going to do in this lab in this lab First, we will create an easy two instance, and then we will create an elastic load balance. Then we will do the configuration for elastic load balancer, where the traffic for accessing the easy to instance will come from. He'll be this lab. I'm keeping it simple with only once over, because I wanted to demonstrate you how to configure. He'll be in this lab or or to a scaling and other high availability demonstration. I have kept different sessions. So let's create any city instance with Bootstrap, which we have discussed earlier, and that Buddhist Rabil in store the Apaches sober. And it will also create an estimable file and that as German filed, we will access from Lord Balance or Deanna's after configuration. So let's click on easy to. So we're into easy to dashboard and here we need to click on launch instance. So now you're familiar with all these steps and here you can select free tier only. And then we will select the first auction. And here we will keep the things simple and we will click on contributing stance details. And here we will keep the things the fall here. I want to discuss about one point to remember regarding or to assign public i p. When it comes to configuring elastic load balance, though, at that time we will get two options for setting off the load balancer that is Internet raising, load balancer or internal load balancer. So if we're going with Internet facing load balancer, then we should make sure that all the Web server should have public eyepiece then only load balance are able to communicate with the Web servers. That is easy to instances from the Internet. Other type of flowed balances, internal load balancer that is mainly a specific for internal load balancing. Within the BBC. It is mainly required if you want to configure load balance of four databases than in that scenario, we use internal load balancer that is not accessible from the Internet. So now moving for though we will come over here and we will provide the user data. That is our bootstrapping. Remember that we can quickly type it. That has been rash here revealed Install it and stole the STT pds off Pretty check conference. So I have typed it. Once it is being done, we need to click on next time the storage Here we will leave the default option. We need to come here. We will click on attack. We will provide a tag Web sober, then work. So we need to mention Web server. Then we need to click on Con Trigger Security group. We need to set up a security group over here. We will provide our name them or you will be provider description. I'm going to copy the same one. And here we need to open the TTP. So we need to come eo on selected TTP. We will keep it open. So here another point to remember which I wanted to discuss over here that this web So war is accessible from the load balancer. So that means the I P should be mentioned over here or you'll be or say load balancer I p o for Lord Balance. Why? It is Because Because the traffic is coming from the load balancer, so that the reason we need to configure the security group or load balancer. But for the time being, we will leave it as open for all and click on review and launch. Now here we need to press launch and we need to generate a key peer. We already have a key pair Ito have created earlier. And here I can acknowledge it and launch in stances. So now it is creating the easy to instant. So now let's configure the load balancer. To do that, we need to come over here. Click on Lord Balancer, Click on Create load balancer. So we will be getting these three options. So basically, 1st 1 is the application load balancer, the network load balancer and classic load balance. And so we're going to use the application Lord balance and we will click on Create. So we will give a name for this case. We will give them a will. Be on then here. Way have discussed about. There are two kind of configuration. Most one is the Internet racing and another one is the internal. So we are going to use it for Internet facing. So we will keep this election as is We have also discuss about listeners. So here we need to specify the port number on the protocol. So here we are specifying as TTP and 80 we can also specify STT ps for the stitch ups you need to specify for for three or four this demo I'm keeping it for STT people to call along with the port 80 So moving for though here we have so many or availabilities on six have little It is on as we are working on not were genial reason So we need to select select all the sex You can also specify the tax if you want, but we're keeping it as its next We need to play con conficker security sitting So here it is telling that we don't have any secure listener as we are using s TTP critical with 80 put That's fine for this demo. No moving for the click on next configure security group here we're going to use the demo You'll be security group Then we will click on next country routing So this configuration is is the configuration related to routing from here? You will decide that where you want to road the traffic. So let's now fill in the details. So here we're goingto provide a name demo. You'll be target group. Our target is in stunts time as we're voting the traffic toe Web sober. That is an easy to instance. So here it would be fine. Health checked, refined check on the options. So these are the sum of their default values. In case if it is going beyond this values, then they consider it webs over is not healthy, and they will stop transferring the traffic through that particular Web server for, in our case for this example for this example, you just keep it. Has this the four adoption? After configuring routing, we need to click on Register Target. So here, basically, we can specify the sober what which are. The servers, which is being registered with this year, will be so now we need to click on add to register so that it will be registered with the CLB. Now click on next reveal. So these are the things which we have configured click on create. So this will create the load balancer for us, so it has created a load, balancer. We need to close it. And then we will find that this demo Welby has been created. That is a load balancer. And the details off this is you will find over here and the listeners We have configured this list. Now it has given the monitoring option as well. That is associated with the matrices cloudwatch. So these are the mattresses you can have for monitoring purposes. So we have target groups so we can look into that. So here we can find the target group over here. Click over here. So it is being registered with the nudity. So no test that whether our rental, what is accessible from the Lord balancer. So to do that to come here, click on description and grab the DNS name. So that means our webpage will be accessible from this U R l So we need to come here. Pay straight. Memento. Yes, CEO, We are able to access the index dot html was being created when we have created the C two instance with the help off Buddha. Strap on. We are accessing it through the Lord balancer. No, this is what I wanted to demonstrate you indecision. But prior to closing this session, I wanted toe. You should clean up your although resource is from made of Louis as it is chargeable so it is always a good idea. Toe clean up after practicing so a steps will clean up the set up. First you need to clean up the Lord balances than target group. Then is he to instantly let's do it. Come you and click on actions. And here we need to select Delete delete. After that we need to come here. Click on Target Group here we will get the target group. Then we need to select your delete. Yes. So it deleted also. No. We need to go back to the instances BC to any chance it and select for instance click on dominate in within the instances you need to select dominate. So this will dominate it and it will clean up. You can also come you and select door Security group as well. It is deleting. It is dominating. You need to come here. We have created a security group. You need to select the six security group actions and delete security. That's it. So this is what I wanted to demonstrate you in this session. So in the next session, until then, Bob, I take you 28. CONCEPTS Amazon Simple Storage Services: Hello, guys. Thanks for joining Decision in decision. We're going to discuss about a major industry that is the stand for simple stories service . So let's start our discussion. So what is image on simple story service or say what is a magician s three? So basically image in simple stories. So this is a story service for the internet. This service provide a simple web interface that we can use to a store and retrieve any amount of data at any time from anywhere on the web. So no tried toe going in towards detailed discussion. I want that we should look into the S three concepts to let's look into the S three concept . So these are the five key concept or so jargon Zor say terminology off as three, that you will get well working with test three. So let's discuss about one by one. So the first concept is buckets. So every time you work with this three, you will hear the dome buckets. So basically a bucket is a container for objects stored in S three or in a simple tone, we can say that every object within a street contained in a bucket. Now moving for the we were looking toe objects of what is There's three objects. So in s three bucket. Whatever. You will restore us tour as an object. Objects are the fundamental entities stored in image industry. So where does this object princes? Object consists off object data and the meta data data represent anything which you want to restored with the ministry. Like text Well, or your video will in any other kind of royal or any other kind off information which you want to historian. Oh, here comes the question. What is meta data? So basically, meta data is nothing but data about data. That means meta data contains information about the data which is stored within a street market as an object. For example, if he was told a file than meta data off that file, it's something like when the file is being created within three. Work it when it was mortifying. What is the wasn, as it supports, wasn't ing as well. Who such kind of information is called meta data. That is data about data, and it comes in the form off name value pairs that basically used to describe the object. No moving for the we will look into another concept that is called keys. So what is keys within the street? Home in the Keys is related to the identity off the object. So in simple Dome, a key is the unique identifying for an object within a bucket. So one point to remember over here is that every object in on Bucket has exactly one key, and the combination off a bucket key. And wasn't I? D? Uniquely identifies each object from the development perspective. Every object in Amazonas three can be uniquely address through the combination off the bucket name G and optionally awards and as a Web service and point no moving for the let's discuss about regions. So what is regions? So regions related to geographical aid of Louis region were a Madonna's three Willis toward the buckets that we create. So it is always recommended to choose our nearest reason to restore the market so that it will help us to optimizing the latency and minimize the cost. And sometimes it helps toe address regularly requirements. So what does it mean in certain scenarios? Some companies don't want their data belongs to other regions support considering their data security now moving for the we will discuss able data consistency. Image industry provides read after right consistency for port. So new objects in our history work it. So in a simple tone, we can say that data consistency is mainly related toe the mechanism by which you can store the data. And once you retrieve the data, you will get the same data and return. So what does it mean? Let's understand with a better example, Suppose that whenever you put an object into the S three bucket Soto achieve higher availability. A 1,000,000 as three replicated the data across multiple. Sir, What's within eight of Louis Data Center? So, in case of failure, you can get the data which you have saved it to know Coming back to know. We understand that Tammi Jonas three concept. No, we will move further and we will look into some of the features off history. So let's look into the features and the features we're going to discuss about the Imagine S three classes, bucket policies, aid of Louis, identity and access management, which we have already discussed. But we will discuss here with the perspective off a street, then we will also look into access. Control is we will discuss about poisoning and we will discuss the vote water. The operations, which is being supported by AWS, has three. But first, let's look in tow the image on as three classes. So what is Amazonas? Three classes? Basically, history comes with a variety off levels and which is coming with different pricing model along with the different durability and have liability. So if we look in tow this chart, then you will find that it is nearly six type of storage classes. That means, as three comes in sick types off. Offering that means 1st 1 is the standard, which is designed for frequently. In this offering, Aid of Louis provides durability off 11 nines that is, 99.9 time 9% and availability off 99.99%. And to achieve the high availability, it is replicated toe more than three zones, or at least three zones. In such offering, there is no commitment. That means you use and pay for usage, no moving further to the other offering that is a standard infrequent access, this particular kind off a storage classes basically designed for long lip, infrequently accessed data. It is really a good option off a storied if you want to restore infrequent data, which is something like the data with you access on a weekly basis or monthly within such kind of later you can store in such storage class and AWS provide the same kind of durability and availability. Same like a standard one. In such offering backup is also have a level in three availability zone, or more than three of availability zone. But here you should at least committed for 30 days, and you will retrieve the data people that, as positive military will feed the third kind off a storage class is really very interesting, one that is intelligent, tearing this kind off, offering a sort A will for those scenario where your data retrieval pattern is no different and your retrieval is changing as sport need basis. So in such offering durability and availability of similar, like what we have seen in a surrendered and this turn Dirda year, they're dealing frequent. Texas, along with the availability zones, that is, it supports, or it takes back up in three every level. It is ALS and more But here also commitment needed for at least 30 days. There is no retrieval Peasley, the child monitoring and automation be on a par object bases moving toe, the another storage class that is one's own infrequent Texas. This is a good choice for our own critical later. Their durability is similar to what we have seen in earlier stories. Classes or the availability is different from the other three, and it is 99.5% and the availability zone. It is at every level toe only one of lividity zone, and the freer structure is based upon the retrievals. In this kind of stories class your data is not highly of level as it is belong to a single availability zone. So in case off, really your or any disaster off that particular availability zone, you will not get the data back now moving for the We will look into a storage plus Cordless here. So let's hear is basically designed for long term rate archiving. But their retrieval is little slow, which is ranging from minute to our AWS provide same kind of a durability for Glacier, which it provides for other fourth but availability. Boys it is not a straightforward forced. You need toe restored the archive data and then you will get the 99.99% availability and the backup is placed within three of live elitism or more. But here the commitment needed in 90 days and retrieval way you first need toe restore the data before access it. And here also the charges is as Bert db basis. So another kind of storage classes are others which is not recommended by AWS. And it suits in scenario where infrequent access of data and that data should be known Critical data and there, dude, ability of ability and of lividity. Jones matches the same which we have discussed for the standard a standard a year and intelligent eating. So no moving further, we will discuss about bucket policies. But prior to discussing about the bucket policies, we must have to understand that what actually policies is with the needle bluest policies provide on my canon. Well, we can define the access control tudo resources off radar blew it. So in the same aspect, bucket polices relied centralized access control, toe markets and objects. Please don't over there 80 off conditions including which operations are allowed which operations are not alone. Operations. We will discuss for that in the same session with the help of policies, bucket policies we can define, who will access the work it and who will. No taxes the bucket with the needle bluest. The policies are expressed in the access policy language that basically enabled centralized management off omissions on the permission which is attached to a bucket which will be applicable toe each of the object that belongs to that particular bucket. No moving for, though, that today the bluest identity and access management. We have a Tory drill session on this topic, which we have discussed earlier. If you haven't gone through that session, I would such is that you can go through that session from the image industry bucket perspective we can use. I am with Imagine s three toe control The type off axis ah, user or group off user has access to a specific parts. Often imagine three bucket off our AWS accounts. So let's proceed further and let's discuss about access control list. So is here. This is again another mechanism by which we can control the access often eight of Louis Resources. So basically, it's he answer one off the resource based access policy options that we can use to manage access to our buckets and their objects. We can use its heels to grand, basic read great permissions, other AWS accounts. So here comes point to remember for the seals, and the point to remember is that you can grant permissions only two other accounts. You can't grant permission to users in in your account. You was re asking that in what scenario you can use a seals. So suppose a bucket owner allows other AWS accounts toe upload objects, permission toe. These accounts can only be managed using object issue by the aid of Louise Ciccone. That won't stop object now moving for the let's discuss about worsening so basically worsening usedto keep multiple was and often object in one bucket. So what is the benefit out off it? So basically the functionality off worsening help us toe prevent from accidentally overrating or deleting object and provide us a way to retrieve the previous words and often object. No moving for the let's discuss about operations in the three offering, we can for form various operations like we can create an object, we can write an object. We can read an object. We can relate an object. So these are the operations we, which region really perform to a free lake. Enough of theory is being done. Let's stop decision over here. And in the next session we will do the labs. And whatever we have discussed, we will perform those exercises in aid of Louis management console. So that's it for decision seeing the next session till then, Bob, I take it. 29. LAB Amazon Simple Storage Services: Hello, guys. Thanks for joining the session in this session. We're going to do lab with a 1,000,000 history. Basically, in this session, we will look into all the thing which we have discussed in your theory section while doing the lab. We will also discuss some of the points to remember while walking with s three. So let's jump into the AWS management console toe were in tow. Eight of Louis management console To access the three you need to come toe the a stories section and click on history. So here you will find the option. This work done to create a bucket alerts click on Create Work it. And here you will find these options. It is the Richard based screamed where we need to provide first name and region than country. Get often and we need to provide the set formation. And it again, at the last stage it will be was the review option. While creating a bucket, we must have to remember that it should be a start with lower case and the name should be unique on the name is notice Patrick for the region, it is a global thing. Make sure that you will be providing a unique name so that he'd of Lewis will create it. So let's try to give a name, for example, if you try to give a per case than it will through another, and it will tell that given name into a lower kids. So another point to remember is that we're giving something like this and let's straight to create it for So it is telling that this bucket is already exists. So you make sure that you will be providing a unique name. Let's give a unique name. So I have given the name look like it is going to be a union and then up towards what we will do. We will select the region to make sure that you will be selecting the nearest region for my kids. It is this your pits Wickman way. Then in the next step, we're getting that copy settings from an existing bucket. So see you. You can copy the settings if you have any existing bucket and where you have set up some permission, some rules that you want to replicate it with this bucket, you can use it to here you can choose, but In my case, I don't have any existing bucket, so I will leave it blank and I will click on next. On the moment you friend is the 1st 1 You will get this blue tick mark after that. Here in the contribute options we need toe await the poisoning If we want to enable poisoning on this bucket and you need to click on this. So here comes another point to remember is if you enable the worsening then you can't disable it. You only suspend of poisoning and to enable poisoning you need to check Mark. This I believe it has is there is another option you were getting over here. It's over. Access logging So so well, access logging is mainly related to the logging. If you enable this, then we will get the information about who he is. Accessing our bucket. How many times he's accessing. So all these information will be captured in this longing. No moving further. We have other option called tax tax is similar to what we have seen earlier, where we can provide the key value pair and it is very useful when you want to attract that which book it is associated with rich environment. For example, if you are associating this, book it with the development environment or some testing tournament or some production in wonderment on any other purpose for which you are keeping this bucket, you can create the time it of Louis is three on super weight object level logging. So what it means, it means that suppose if we're uploading any files and you want to track that, who has access that file and how many times they treat me access from which I p it is being access. All these details will be captured with this object level logging, but for that you need to enable eight of Louis Cloud Print Service, and that comes with additional costs to hear you have chosen the respective dress. In our case, I'm not going to choose anything. So let's move for them and look into the another option that is called set permissions. So here you will get options to provide the access to the users or who belongs to other recount. If you remember that we have discussed about its years in or theory section where we discuss about way we use the seals so by default. Local public access. This is being in ableto. That means if you try to access it from the browser than it will through the access denied it. We were looking toe that forced. So I'm going to keep this default option here. You're finding some other option called Manus system permission Supposed that if we want to provide access to any program which will write something within this bucket and you need to enable the toe currently by default, it is being disabled that the reason you're getting don't granted many on a three log delivery group rate of taxes toe this bucket. Other option. You will get that grant image industry log delivery group rate access to this bucket. We're going to stick with the default permission and we're going to click on next. Now here, we're getting an option. Toe the view. You can reveal that at a certain point of time. You want to change any of the thing you can come radically and click on it. E on. You conceded that once you are happy with this thing, you come here and click on create bucket. So we have successfully created a market No we need to upload the object for the object, which is goingto be a file, which I have already mentioned about this. So let's click on this. So we had inside the work it and you will find the option over here that you can upload an object. We can set the properties object properties, and we can also said the object permission. So let's upload a file. Soto upload the file. You need to click on upload and select a file. Now our file is being uploaded. We will click on next, so we're into set permissions and let's look into the options. What other options have a level over here? So you will find that manage juices, who is donor and what kind off access I am having what kind of permission. So here I have read permission. I'm doughnut so that the reason I'm having read and write books and suppose if you want to provide access to other AWS sickle, then you need to use addict Con Burton and once you click on it, then it will provide you the option to give the name which it won't You want to give the access to this particular fight. Currently, no need to provide access, so just clear it. Now here. This is pretty much interesting that if you look into that, then you will find it is giving an option to manage the public permission and currently test during the warning that you can't give because pocketable policy is blocking public access so we can't give it no click on next year, we will get an option to choose the storage class. You remember that we have discussed able to storage. Plus, on the year we're getting the options like a standard, intelligent eating standard. I gain frequent Texas 1 June infrequent access glace year unless you're deeper cape. So we have a right to your options you can choose. So choose the storage class as per your need for my case. I'm going to stick with the standard that wins. We will use it. People use it. That means it is an a standard option, and the availability Jones it supports is greater than equal to three. If you have any doubt aboard this, you can refer our teary section where we have discussed all these thing in detail. Now moving for the Let's look into other options. Water, the other options given over here. So here we are, getting the encryption option so you can choose the aid of Lewis. Came is must turkey on, um, a journalist. Three master key, whichever you want. So you can choose any of the thing for encryption? No moving for the there is something called meta data, which is to say it doesn't name value here. Once you define it, you can't modify it. So that is the one off the restriction so you can check the header ordered. The headers we have, You can choose anyone, whichever it's what you need now, moving further and you need to specify the value as well. So no moving for the ones who decided the storage class encryption meta data. Then we need to click on next. Here we will get the option to review it. Once you're happy with everything, you just click on upload. Once you uploaded the file, then you will get the file over here. Now you can select it once it is being uploaded. Just select this file. Then it will given option about what are the things ever level. So here you will find that this file is being accessible with this location. Let's cooperate straight to access it. We're getting access denied. Why? We're getting access denied because we have said that public access blocked to access this Well, we need toe unblock it. So let's do it. So to do that, you need to come here, select the permissions, and here you will get an option. Public access. You can provide access toe particular user as well or any of the records. But for the time being were using everyone. And we're going to give read access, which is giving us the warning that it is accessible to everyone. That is fine for the devil purpose. And click on save the here. You need to also provide the he seals. For that was select anyone off them. I have selected read. I haven't provided any right object permissions. Then we will click on Save. Now we will go back and try to access this file. Just repress it. No, we can't access it way because it is blocked that bucket level. So we need to go to the bucket level and we need toe enable it. So to do that, let's come back and click on them were as three CP little tree little tree that is our bucket name. And here you need to click on permissions and then you need to click on it. It Here it is during their block, all public access. Click on it it. And here you need toe the select it and click on Save. So it is telling that it is accessible by outside war. So that is fine. Confirm No. Go back to the file, which we have applauded the object your selected and provide a permission again. Lead. It was not accepting. So here you need toe select everyone permission and click on read object provide to read access Save notice said yes. So let's go into the location and again try to access it Just ripped presage were able to access the file No, we have seen how to create a bucket how to upload an object toe a bucket. And if we're not giving a public access to the bucket level irrespective off public taxes given toe the object that is not accepting because the public access is not set or c block at the bucket level, then you are not able to access the objective. So it is giving us a point off conclusion that if you have an object and you want to access that object than public permissions should be allowed at the bucket level as well as the object we will. Then only you are able to access the file over here. So no proceed for the click on its three and management council. So once it is being done that's looked at what are the options, which is being every level? You will get the option the file format, and you can use a 1,000,000 net 10 toe. Analyze your market me to seek welcome very kind of her thing so you can use amid unit in. So always says you want to analyze what our kids. We have only one file, so there is no need. So here you can see the option off wasn't in control here. We haven't enabled any kind of wasn't so that the reason we're getting one option, but if you have enabled the worsening, then you will find multiple option over here. No moving further. Let's look into the property's Suppose we want to change any of the properties and then you need to come over here and select those property. You want to change the storage class, you come here, click on a storage class, then you will get the option to change that. A storage class for that particular object. We want to enable encryption. You can do it from here. All the properties, like metal, later tax off the club. All those things you can manage from this time. Same kind of option you will get for the bucket level as well. You click over here and then you will find the properties option for bucket level. So where you can manage the worsening. If you want to enable worsening, you can come back. This will give option while creating on that time you have decided that you are not going toe enable the worsening but later point off when you decided that I want to enable the worsening. Then you need to come here, select the market on which book it you want to enable click on properties and then you need to select the worsening. If you click over here, then it will give you the option. As I already mentioned that once it is enabled, it can be suspended, but you can't disable it. Cancel it. Then afterwards, there is a permissions. You can change the permission as well. We have already used this one. You can set up the access control list. You can apply the bucket policies if you design any kind of a policy using policy language . Next, we have courts conflagration that is maybe basically related with the cross original associating, which is a mechanism that uses there is no less Tito behaviors Hotel Broza toe give over of application running at one origin and that is access to the selected resources, probably different origin. So you can specify the headers over here. So no moving. For though we have something called management within the management, you can get an option toe, create life cycle. So to do that, you can come here and you need to specify the rules. What will happen, which even object which is coming toe this particular bucket so it will associate it with this particular life cycle. You can specify that demo Thanks cycle and here you can specify any tags, so let's leave it. So how it is going to be transition. So the current wasn't and the previous world's any fair when they will, any worsening, you can choose it. So what will happen to the previous wasn't but just select anyone off them. And if you want to do a transition, click on a transition. What will happen that supposed that if we need off the words. And if you enable that the Lear wasn't you want, we store it in tow. The place here so forced it will go through the standard infrequent access A storage. And after 30 days, we warned that that file should move through the place here than you can come here and you can collect it. Here it is, giving us a warning. Our file is very small. And if we're keeping it into place here than it is used cost for you, well, that is the reason it is giving us the warning. But it is a demo purpose. So I'm leaving it, as is I acknowledge selected. Click on next. Here. You considered the exploration policy what will happen afterward? Time. So you can specify in that After certain days off time, this file get deleted and you don't want to it storage so you can set, Does it Violations policy. And once it is bowing down, click on next and save. So this way you can clear the life cycle rules. So we're going to dilate it. Selected desirable late cycle rules confirm So it is gone here you consider the replication policy. Then you have an option for analytics. You can check that. What is the uses pattern? And then you will get an option for mattresses. So basically, these are the things which is related for management off this bucket. If we want to associate the thing for the management, they already told that. Okay, suppose that if any object is coming in tow this pockets you can associate the life cycle route. After 30 days, it is going to sit in standard infrequent access, a storage class and after 60 date, it is going to sustain toe the place here toe all this thing you can set a pinto, the lifecycle ruling that you can associate it. So we have already disabled it. No, we need to move for though, on goto the millions history and select the market and delete it. Just confirm it. You need to read the name so that it would delete that particular bucket couldn't from. So are as three work. It has been deleted now. So this is what I wanted to demonstrate you in decision to you in the next days. Until then, Bob, I take you. 30. CONCEPTS AWS CloudFront: Look, guys, Thanks for joining decision in decision. We're going to look in tow aid of Louis clothes front. So this so what? We have seen various services that is designed for a specific focus. So in the same aspect, eight of Louis Cloudfront is also designed for for the specific purpose and the purpose is the DNC improvement off a content? So what it means. So as we know that AWS is a spread it across all around the world, its presence and five continent within five continent, it is a spread across 22 geographic regions and out off 22 regions. It has total number off 69 availability Jones. It has won 55 locations in 65 cities across 29 countries. So to discuss in more detail, let's jump in towards Agra, where we will have a detailed discussion about cloudfront so prior to understanding that how cloudfront workforce To understand that what is expedient, that is content delivery network and what is the edge locations? So basically a content delivery network or we can say that content distribution network is a geographical distributed network, a proxy servers within the data centers The goal off Cdn is to provide high every ability and high performance by distributing the service that is related to the end users. So you can understand it like this way. Suppose that if you have an application and that application is hosted in US reason and when the application is access way this year, Pacific Region User than the request will hope through issuer Pacific US reach So this process off hoping the request from one region to another and when it is getting the response. Then again, it needs toe hope from US region to a CIA Pacific region. So the entire life cycle Oh, for request response will take more time to serve the application, toe the user to improve the latency CD and will help us. So whenever you access the application first time, so the application will be cares toe the nearest location obsidian and whenever you access it first time it would take more time. But from second time one word it will be very much fast as it doesn't hop through one location or save one region to another reason as it is being cast in tow the same region. So this is what content delivery network used for. It helps us to wish gas the application for the distribution, no moving further and discuss the edge locations. So what is this? Location and edge location is where End user access services. Located at eight of Louis, they're located in most of the major cities around the world, and they're specifically used by Cloudfront to distribute Contento and user to reduce latency so you can consider it like front and for the Soviet re access, which are located in AWS Cloud. Now proceed for the rest. Discuss about how cloudfront works or to understand that how chlor print works. Let's look in tow this diagram in the diagram. You are looking into a user access our website and requests for estimates file. Then Deena's roots. Take the request toe the edge location that can best solve the request, typically the nearest as location in terms off latency route. The request toe that is location at the Edge location. Cloudfront checks its cash for the requested file whether the file is available or not, and suppose if it is available in the cash, then cloudfront returns them. So the user who requested the file and suppose if the fines are not in the cash, Cloudfront compares the request with their specification in our distribution and forwards the request for the files to our origins over for the corresponding file type, for example, it may look into imagine as three bucket for the requested file. Then afterwards, the origins over sends back the file toe the edge location as it is represented in the diagram. And as soon as the first bite derives from the origin, CLOUDFRONT begins to forward the files to the user and along with that a step globe front. Also, add the files toe the cash in the is location for the next time someone request those fights cloudfront. So the request from there's location only. So this is the way how cloudfront work. So this is the thing which I wantedto discuss in this session. In the next session, we will do the lab for Cloudfront where we will configure the cloudfront so that it will deliver our content. So see you in the next six. Until then. Bye bye. Take care 31. LAB AWS CloudFront: Hello, guys. Welcome to another session in decision. We're going to do lab for eight of Louis Cloudfront. So let's look into the steps, water their steps we're going to follow. So these are the steps which we're going to perform in this lab. So to configure cloudfront, we will first create as three bucket and upload. The content will upload and you made over here. And then we will create the cloudfront distribution and configure it once it is being done . Then we will create an esti able file that as table file has the reference off three meat and that references off cloudfront distribution, which we have created in the second step. And once it is being done, then we relaxes the file a stable file and we will very find that whether our images loading or not using cloudfront distribution, let's jump into the AWS management console, performed these steps. So we're in tow AWS management console. So let's create as three work it first to create a three. Work it, you need to goto the storage and click on a story. Click here. So here we will create a bucket. We ate a bucket. We will click on Create Book It better that I have already explained in one off our session and here you will provide a unique name we're going to provide. And that should be in the small kids, which I have mentioned earlier. The move. And here you should provide a unique name so used to a great demo. Oh, friend, to the reason over here nearest reason for my kids it is that's your Prestwick. One way click on Next we leave it. The default option will click on next again. And here we will de select the local public access. Then click on next and here we will click on Create Bucket. So our work it God created now go inside the bucket and upload an object to click on upload Witter cornered filed And here we will select any Wait for it. Then we will click on next thing here the set permission. We will provide it as a public as it is that the more we will choose the grand public read access toe this object it is giving us warning. That is fine. Next and here we relieve the option as it click on Next on Click on upload. It has applauded their trial. So we have performed the first step. That is, we have created eyes. Three bucket. We have applauded the country, no moving toe. The second step, that is a creator cloudfront distribution and configure. So let's go into the AWS management pencil. So here you can click on services and here you will get into the network and content delivery you need to select cloudfront. And here you need to click on create distribution. We have to select the Web and here we need to specify the bucket, which is going to be origin for this distribution. So we will select this bucket which we have created, and we will leave all the options as is. So let's look into the options, which is being every level over here. So you will find that there are various configuration is every level which you can set toe as but your project need. So let's look in tow one by one. So origin domain name, which we already provided where we have given the reference off our rest Reebok it, then we have origin pot. This is an optional field. You can use this configuration when you want cloudfront to request your country from her directory office. Three. Work it, then you can specify Like this. Use last on the name of the folder. You can specify you over here, it residing. This s three. Work it as we don't have. We can leave it as is next. Moving toe the origin 90 origin 90 is being auto populated. If you want to change, you can change it moving toe Another option that is a district bucket access basically this configuration you can use when you want that nobody can access the content using as three You, Earl And you only want to distribute the contrary or serve your content through cloudfront . Then you can choose the yes option Over here. This is useful in a scenario where we're using signed cookies to restrict the access to our content. On that time. It is really very helpful. So for this demo, we will keep it. As is the default option. No, no moving photo origin custom had us. If you have any custom headers, then on that time you can use it over here. So this is related to the origin settings? No moving forward and we will look into default cash behavior settings. So here the part pattern configuration here mints and a strict as treatments forward. All requests to the origin Unspecified way, the origin whatever the origin setting we have provided over here. So it will forward the request toe that origin now moving for though the we were protocol policy. So here you can choose that s TTP and STT ps particle as we're configuring the web cloudfront So that means with the help of this configuration, you are telling that the content can be accessed using either STP or as TTP s protocol. If you want to specify only https, then you can use the third option. And suppose if we want your all content will be accessed through STT PS irrespective off users typing as TTP request, then you will use those second option. So what will happen that when user type the web address using s TTP, then it will be redirected toe STT ps no moving photo, another option or say another conflagration that is allowed us to two p method. So here you can specify that. What are the operations you want to perform, if any request is coming from restaurant pH to access the content off as three using cloudfront with the rest API eyes or any of the Web service technologist now moving for the Let's discuss about three level encryption conflict reliable encryption configuration used when we're using the private content. So on that time you will get this option enables. Currently, we're having a public content, so that means it is accessible from anywhere. So that's why it is they will over here. Let this was about another configuration that is cast as TTP methods. So this configuration is directly bind with the allowed US to Tippi method, whichever you will choose. You will get the option over here. If you specify that you can get the option over here. What has TTP method you want to cast for This guy should behave between the report case we're using Get and head in cash based on selected request traitors configuration. You can specify whether you want cloudfront toe cash your object based on these values. So we will discuss about these Well, is no non option means cloudfront doesn't cash your object based on header values. Then we have other option called waitlist and here you can specify which header you want to cash your objects. But in our case, we're using S three that the reason it was telling that avoid using white listing headers. So these are the headers, which is why it listed had us white list Header means it is a recommended from aid of Louis . If you have any custom headers, you can insert those as well and moving further, we will have another option that is called All So all cloud friend doesn't cast the object that are associated with this cash behavior instead, what cloudfront do cloudfront cents every request to the origin? But we're going to stick with the default configuration that is none. No moving toe, the other conflagration that is object cashing. With this configuration, you can control your object How long the object is stained the cloudfront cash. If you don't want to change any configuration, then you should stick with the origin cachet, headers. But if you want to customize it, then you need to select customize option and then afterwards you need to mention minimum T teal DT. Let's turn for time to live and also maximum tea till The third option, which you're getting over here, is the default eat eel that is a representation off 24 hours period time that is coming 86,400 this values representation off seconds. If you calculate 60 multiplied by 60 multiplied were 24. Then you will find this value 86,400. That is a representation off 24 hours. Next configuration item is forward cookies. This option doesn't apply to an image honest three bucket unless it's configured as a website ID point. It is used to specify whether we want chloroform toe forward cookies to our origins over and again here, we're finding various options like wait list and all. You can mention the white list, which are the white list cookies. And if you choose all cloudfront forward all cookies, regardless off how many cookies your application is using now moving to the another conflagration that is credit string forward and cashing. So this is mainly related to the query string configuration, where you can specify forward all cash based on wait list for query, string forwarding and cashing a specified the credit string perimeter that you want cloudfront to use as a basis for cashing no moving further to the other conflagration that is a smoothie streaming. So this configuration basically used for media distribution using Microsoft IAEA sober. So in our case, we're sticking with No, no, moving further. So restrict We were access Has two options. One is yes, Another one is no Jews. Yes, if you want request for object that match the path pattern which we have a specified over here, the path pattern for this cash behavior to use public, you are else and you should choose No when you want request for object That master part pattern for this cash behavior to use signed you worlds There is another configuration that is called compress object automatically complex object automatically. Configuration has also two options that is yes and no choose yes, when you want, cloudfront can compress your content so that downloads are faster because the files are a smaller and that helps your way pages render faster for your users, we're sticking, nor with the set up there is another conflagration that is called Lambda Function associations. In this configuration us specify the image and resource name off lambda function that you want to add a trigger for If you're not understanding all this lambda function, just leave it. Just consider it as a way by which we can automate the process. With the need of Louis, I will be covering all this lambda function in another course for this course it is out off a school. So just consider that it is one of the way by which you can automate the processes within your ws. No, we understand that default cash behavior settings, no moving toe, the distribution settings. So first is the price class that is mainly related with the pricing thing. Then there is another conflagration that is AWS ref, Weap related toe, the Web application firewall that helps you to monitor the STD PNDs TTP its request that are forwarded toe cloudfront and it tells you to control the access to your content. There is another conflagration that is alternate domain name. This is an optional configuration you can use when you want to specify one or more domain names that you want to use. You are ill for your objects. There is other conflagration that is assistant certificate. You can assign your pseudo SSL certificate by choosing customers. It's a certificate option in the other configuration item that is supported, as typically wasn't where you can specify the which protocol was enough. STP you want to use? There is another conflagration that is called the full truth object This configuration. You can use it when you want cloudfront to return When of you were request points to your route. You are ill when you specify the default route. Object Inter. Only the object name. For example, the root off your site. If it is indexed or test email, then you should specify one leader. Index daughters Tamil with ordo slash What I mean to say that you don't specify like this. You should, especially for anyone leaned, extorted female when you're using it. In our example, we're not using it. There is another configuration that is logging. It has to option when his own under the one is off. If you're choosing on option, then you need to specify image on his three bucket that you want cloudfront to his true access logs. Cloudfront records information about each end user request for an object and his toes. The filing a specified image on this three bucket no moving further. There is another configuration that is an apple. I PV sick. If you want to use this particle, you can use it so by default to deserve a level. If you don't want to use it, just uncheck this one. And if you have any comment, you can specify over here. And there is last configuration that is distribution in ST if you're selected enabled. That means as soon as the distribution is fully deployed, you can deploy links that you the distributions domain name and users can retrieve content . So these other details which I have discussed about all the configuration item off the cloudfront. If you have any doubt about any off the configuration than you can refer, these i e. Con. That is for information. And it will also give you the details. Vote what this field is used for so you can refer this icon anytime whenever you have any doubt about any of the configuration now moving for, though, we will click on create distribution with the default option in this lab, we're going to use only this configuration we're providing and keeping all the things as default option. So let's click on create distribution. So it is in progress. The status is in progress once it is being completed, then I will come back one. No, I'm just pausing it now. Cloudfront distribution has been created on deployed. Now let's look into the next to step What we have to do now we have completely creation office three bucket and creation off cloudfront distribution and configuration. Also, we have completed now the total step we need to create an estimate file and we will access with the CLOUDFRONT Deena's and we will use the cats image which we have applauded while creation off s three bucket. And when we have created that's true. A bucket on that. We have applauded and he made off cats. Let me show the image. So this is the image we will use in our as Tamil Page and we will access the estimable paid from our cloudfront Venus. So let's create an estimate file and then we will upload that estimable file U S three bucket and that his team will file. We relaxes through cloudfront venous. So now let me show you The cloud for Indian is so let's jump into AWS management console toe Grab the Deena's off cloudfront. You need to click on I d. And here you need to click on origin and origin groups. And this is the part that is the DNS part off cloudfront. So we will use this one. So now we will create an estimable file, and then we will upload it to this three bucket and that we relaxes through this. Dennis, that is cloud friendliness. So let me open visuals to the accord. So I'm into visual story accord. Let's create a file as Tim and file. To do that, we need to go to the file new file and here we will create an esteem will find to do that for Save it, say, Vitter's Estermann, give it a name. My cats No test chairman save No, We will write that female coat. So I will use the snippet over here as human five. And here we will provide the title my cats from clothes front demo And within that we can access the image to add an image. So here we can access image And here we need to provide the source. What is the source we're going to use here? We will use their Dennis off cloud friends who? Let's grab their Deena's. I will copy this dreariness and then I will paste over here after that Here, we need to make sure that we will be passing as TTP the object which we want to access from the history to let me grab the name of the object with industry. I am in tow My bucket. I will click on this bucket and here this is the name we want. So grab this name Onda We will paste here So that means this images coming from Cloudfront Deena's so see a really using cloudfront nearness to access this a me off s three bucket No , save it given old name my cats Cloudfront demo and then we will upload it in tow. The s three bucket This is Tamil Pale and this has terrible filed. We will access from Cloudfront Lianis. So let me upload this fine to do that. Let's go toe There's three bucket So I am into his three bucket. Come here, Click on upload add files And here my cats daughters demon we click on next and here we will grant the permission as a public access. Then click on next, next and upload. So it is uploaded now? No, we need to access. This is terrible trial using cloud for venous. So let's do it. Let's go toe cloudfront console. Grab the being this name. Come here slash my cats. No test email in tow. And CEO, we are accessing my cats detail. So this is accessing from Cloudfront Deena's. And this is how you can configure cloudfront Now we have done the exercises. Now, as YSL, we need toe Goto the management console and we can remove every services which we have used as it is a demonstration since it will be chargeable. So make sure that you can remove everything. You should come here and post removed their distribution. And then we will remove this tree. Work it so we will forced visible. It is desirable, dissembling. And then everything will take time. So I'm pausing. The video, once it will do is able We will proceed for the No, it is done. Let's select it and delete s still it close. No, Wardo, there's three. Work it and we will delete those three. Work it. So we're into his three workers selected and let's delete it. No select action. And over here, you need to select delete. Click on delete once it is being done. No, we need to delete the bucket. To do that, go to the Amazon s three. Select the bucket and click on delete. And here you need toe past the bucket name and then confirm. So we have deleted. So we have deleted the work. It no, check that, whether it is accessible so it is gone. So we have cleaned up everything. Now let's move to the diagram. And let's look into that what we have learned. So in this exercise, we have created as three bucket uploaded the content and then we have created a cloudfront distribution. We have configured it. We have gone through all the configuration details off cloudfront distribution, and afterwards we have created a steam l file on in that estimate file. We have used clothes front, DNS name to access the content off a story bucket. So this is how we can figure the cloudfront. So this is what I wanted to demonstrate you in decision. I hope you in your decision. See you in the next session Till then, buh bye. Take care 32. AWS Route53: Hello, guys. Thanks for joining the session in this session. We're going to look in tow eight of fluid through 50 through service. So let's understand that why we use Route 53 or say what is the purpose of Route 53 within eight of Louis ecosystem? So, basically, Emily on Route 53 is a highly every level and s callable domain name system that is DNS Web service. Route 53 can be used to perform mainly three functions that first domain registration Second dean is rooting. Authorities held checking off a job Lewis Resources, so let's discuss about all these three points in more detail. So let's discuss it for domain registration, as we all know, that every website needs the name and that name should be registered so that people can access it. So here, the first function or fruit with 23 comes into picture. That is domain registration. You can register your domain using Route 53 so, no, let's understand that how domain registration works. Suppose that you want to create a website called the Blood of Low Dot I want to learn A W's auto making dot com can control that whether the name is every level or not. In case if it is not every level, then you have to select another name. Once you found on the name is available, then you can registered the domain name withdrew 53. While doing the registration, you should provide the name and your contact details. When we registered the domain withdrew 53 and what it does, it creates a host schedule that has the same name as our domain, and then it will assign a set of four names. So it was toe the hosted zone. Suppose someone uses a browser to accept our website that is w w dot I want to loan it. W it's automation. Not then these names or was till the browser where to find the resources like webs over or an average honest three bucket and retrieving any amount of data from anywhere on the Web. In the northward, it gets the name servers from the host regional and adds them toe the domain, and at the end of the registration process, it sends information to the register for the domain here. The registrar's Amazon Register, incorporated now afterwards reached US cents our information toe. The registry for the Domain Registry is a company that sells domain registration for one or more top level domains such as DOT com. So here now the registries toes the information about our doom in in their own database and also store some off the information in the public. Who is database. So, no, let's jump into the AWS management console where I will show you from where you can register your domain. So let's jump into AWS management console. So we're in tow eight of Louis Management Concert Toe Goto the Route 53. You need to go to the network and content delivery, and here you can find that route 53 Click on it. So we're in tow route with 23 console, and here you will find these full activity can perform. So mainly we're interested in tow domain registration. So we need to click on good to starter now, once you click, couldn't get the starter. No. So you will find that were in tow register domains, and here you can click on register domain, and then here you need to check that whether the domain is available or not. For example, I want toe greater name. I want toe automation, something like that. Check the availability. It will check that so it is available now, but it will cost you $12. So we're not proceeding from here. So just I wanted to show you that from where you can check the domain name. Once you have decided the name, then you can proceed photo at toe the card so that domain is registered to you. Moving for the cancel it. Let's go back to the discussion and in earnest earned under the function that is Dennis routing. So no, let's understand that. However, John Drew 53 routes traffic toe the domain. So what's happened that a user opens off Web browser and enters the website address? The request for website is routed toe ordinance, result for which is typically managed by the Internet service provider. Then the DNS resulted for the Internet. Service providers forwards the request for the requested website for the in its route names over. Then there. Deena's result will forward the request for our requested website again, but this time toe one off the deal. The names of worse for dot com domains in this example the names of all for dot com domain response to the request with the names off the four route 53 names over that are associated with the requested website Domain Dinner. The Step five. The Deena's result would choose a Route 53 names over and forwards the request for requested website names over. In this example, it will request for www example dot com. Toe the names over the Step six. The Route 53 names over looks in the examples or compost Red Zone for the doublet of Ludo example dot com record and get the associative value. That is I p. Address for us, a Web server, and it returns the I P address toe. The DNS result will know where the Step seven Dina sizzle will finally has die. Pierre dressed that the user needs the result returns that well toe the Web browser and then afterwards, at a strip, ate the Web. Rosa Sense of request for the requested website. In this example, factors delude of Ladakh example dot com. So the i P address that it got from the dean result for and this is where the our country is reside, which is a Web so over running on Amazon, easy to instance, or might be an image honest three bucket that it's configured as a website and point. And that last Step nine, the Web Slovo who turns the weapons that is requested for. And in this example, we had using the blood of loot example dot com that displays the webpage within the browser . So this is how am 100 53 routes traffic to the domain now moving for the Let's discuss about third function off Route 53 that is health. Check off the aid of Louis Resources. So let's jump into a diagram and then we will discuss a 1,000,000 route preparatory helps. Ex Function is one of the function of Route 53 that we can use to monitor the health off our aid of Louis Resources. We can use Route 53 to monitor Web server and email servers with the help of Route 53 cloud what we can design a full blown monitoring system in place for our it of Louis resources. Both of the services can help us to design a monitoring application where, at any point of time, any of the resources is going down that Route 53 will notify the Cloudwatch and Cloud would send a notification toe the users with the help of cloud notification service. So that means three services comes into picture. One is the Route 53. Another one is cloudwatch that we will use for alarm and the those over, says VW Assassin, a service that a simple notification service that is mainly used that is mainly used to send a notification. To resent the system, you need to create a health check and that specify values that define how you want the health check toe work. So in this definition process, you need to define the endpoint, which you want that Route 53 should monitor. You can also specify the protocol that you want. Imagine Route 53 to use toe for home the check on STP STP Assorted sippy. You need to also specifying that how frequently Route 53 to send a request to the end point This process of definition, it's called requesting tobel unique to also specify that how many consecutive times the endpoint must fail to respond to request before Route 53 Considerate on healthy and the definition for this process is called failure Trestle definition. We're configuring the Route 53. We have an option for notification. That is how we want to notify when Route 53 detects that the endpoint is unhealthy. And when we do configuration for notification, Route 53 automatically search the cloudwatch alarm cloudwatch uses. Imagine simple notification service that is essence to notify users that an endpoint is unhealthy. So this is how it of Louis Route 53. Soviets checks the health off our AWS resources. So no, let's look what we have learned so far. So in this session we have launched a revolt Route 53 services. What is the functions of Route 53? We have gone through domain registration process, and we have seen that hardiness rooting works. And at last we have seen that how well taking process or the function off Road 53 that is held checking is working. And this is what I want you to discuss in decision seeing the nexus. Until then, Bob, I take you 33. CONCEPT AWS Relational Database Service(RDS): hello guys will come to another session in this session. We're going to discuss about eight of Louis Relational database service. So let's jump into the diagram. And there we will discuss. So guys eight of Louis Relational database always is another kind of service, which eight of Louis offers leader Blewitt Sarnia Service makes it easier to set up, operate and scale a relational database in the AWS cloud it a bliss RDS provides cost efficient. The sage will capacity or in in the ST Standard Relational database and manages Common database. Administration does. So you must re asking that Why do you want a man? Is relational database Soviet? So I will tell you it is because imagine RD is takes over many off the difficult or tedious management task for relational database photo under stranded with her. Let's understand the flow of the database management process. Generally, what we do when we want to set up a data with environment, we buy your so it's over. We will get CPU memory story along with I also managing these hardware. It's really, really cumber sometimes, and this is not related to a single so over. Suppose in case if our application lord is getting increased too, and we want another little bit. So where in days then we also need to take care off scaling by our own. So here, another complexity off scaling comes into picture. And with all these processes, there is a huge cost and world with hardware, along with the maintenance costs, which is an overhead for any organization. But if you're adopting with the image on our ideas, these are split apart so that we can scale them independently. If we need more, see views, psyops or more storage, we can easily locate the with the help of imagine RDS services. Imagine RDS manages backup software patching automatic failure, detection and recovery with Imagine RDS services. We can have automated back up off home when we need them, or we can manually create our old backup snapshot. And we can use these backups to restore eateries in case of failure in majority is restored , process works reliably and efficiently another point of motivation to use the majority of service with the majority of service. We get higher availability with the primary instance and are synchronised secondary instant that week and fail over to win problems. Soccer. No moving for the let's understand about the basic building block off. Imagine our ideas that is deviance. Chances for DB instance is an isolated a terrorist involvement in the heat of Louis cloudy . Every instance can contain multiple user data bases. We can access our TV instance by using the same tools and applications that we use with the standalone database. Since then, we can create and modify your database instrument by using the AWS command line interface. Imagine rds ap eight or with the AWS management console in the lab station or afraid of Louis RDS. We will use AWS management console to create the idea service. So no, let's look into the databases, which is being supported by the AWS RDS services. So these are the deviants. Chances, which is being supported by our ideas are they support my school Warrior, Devi, Oracle Fortress Equal and Sequel. So both of these are the database engine which runs on Libyan stances. Each of these data Vlissingen has its own supported features and eat wasn't offer. Devi Indian may include specific creatures. Additionally, East defending has a set off barometers in a deeply perimeter group that controlled the behavior of databases that it manages. One question must be triggering in your mind that, however, the competitions and the memory capacity because each application has differently willow competition and memory. How are these? Can manage all this for different deviance. Transit were here. I would like to tell you that Aid of Louis Rd. A service where ideal Devi instance. Classes basically imagine. Idea supports three types. Off instance. Classes That is the standard memory off to my stand but stable performance. No, let's discuss about Debbie Instances. Storage. Give instance. The stories comes in three types that are magnetic general purpose assist e and prove is, and I hopes the the story straight differs in performance. Character restricts and praised E db instance has been the moment Mac stories requirements , depending on this tortoise type and the database engine it support. But it is really important to have self recently story so that our database have room to grow sufficiently stories. Make sure that features for the D V engine have room to write content or log entries. No, let's move further than discuss about security. A security group controls the access toward a DB instance and it controls way lying access to I p Address ranges. Or imagine easy twins Chances that us specify a 1,000,000 are ideas. Uses deep security groups, three pieces security groups and easy to security. Here, a diva security group control access to a DB instance that is not a no. BBC repeats. A security group controls access to Algerian stance, Insider re PC and easy to security group control access to an easy to instruct and can be used with the deviance tents now moving for the Let's discuss about monitoring off billions chances. Monitoring is an important part of maintaining the reliability, availability and performance off. Imagine RD is here. I would like to give you some tips regarding monitoring, and this tips is not related only to the monitoring RDS service. It is applicable to any of the resources afraid of Louis. Whenever you start monitoring, you must create a monitoring plan that includes answers to these questions. And the questions are what are your monitoring gold's. What resources will you monitor? How often will you monitor these resource is monitoring tool? Will you use who will perform the monitoring us and who should be notified when something goes wrong. So these are the question you should answer prior to setting up any off the monitoring off resources in your plan. The next step you can do in the monitoring set up is to establish a baseline for normal. Imagine RDS performance in your environment by measuring performance at various time and under different load conditions. As you monitor, imagine rd it. You should consider a strong historical monitoring data. This is toward data will give you a baseline to compare against with current performance data. I didn't define normal performance pattern and performance and families and provide methods to address issues. Generally acceptable values for performance mattresses depends on what your baseline look like and what your application is doing. Investigate consistent or trending variants from your baseline. I would recommend that you should follow these matrices or so set of these matrices to monitor your VW's DB instances that is high CPU, RAM consumption, discuss space consumption, network traffic database connections and I ops mattresses. Now enough of theory. So here I want to stop the session. In the next session, we will do a lab on imagine ideas where we will create a my sick will give the engine using image on our idea services. That is going to be really fun. Exercise to see in the next instant. Until then, Bob, I take you. 34. LAB AWS Relational Database Service(RDS): Hello, guys. Thanks for joining the session in decision. We're going to do a lap on eight of Louis Relational database service. That is our ideas. So let's look into the exercises. What are the exercises? Which we're going to perform in this lab. So in this lab, we are going to create my esque will db instance. And then afterwards, we will download and install a sequel plane that is equal plaint workbench. And we will use that sequel plane to connect toe this my sequel db instance. And once it is being done, then we will believe their db instance. So let's jump in tow the aid of Louis management console. And from there we will use the RDS console and create the bicycle baby. Instance. So we are intuitive Lewis management console. And here you need toe click on our ideas, which is on database section. Click on our ideas. Then it will take us tow RDS console. Now we need to click on create databases and here we will get the option to choose the data creation methods. So we're going to choose the standard create, and here we need toe up for engine option. We have a variety of options. Have a level over here. But we will choose my sequel for this lab. Once it is being done, then we need to select the free tier as we're practicing on it. Then afterwards we need to specify the database. Instance Name here we will provide that rds underscore demo. Under the school instance, you can select the same thing. So here the naming convention is not being supported. So what we need to do, we need to change. It will put hyphens. It will take and then we will proceed for the We will take the name and we will keep the same name or as a master user name. And afterwards we need to provide the passport once it is being done. Then we will proceed for the and confirmed the passport, the same passport and here db instance side which I already mentioned about this thing in our theory section. Here we are getting an option was stable classes for two free tier and we are getting DBT to micro, which has one virtual CPU and one DV off ram for this particular devi instance which is coming with free tier now moving for the We have always storage again. We're sticking with the default option. That is general purpose. SSD and Allah created a story which we're getting with. The free tier is 20 GB. No moving for though we don't have option for Marty. Easy as we're using free to you. Then we will proceed further and look into the connectivity. So this is pretty much important. So you should focus on two things while setting off the connectivity. Need to click on a distal connectivity configuration. And here you should make sure that you will be choosing Yes, if you will not choose Yes. Then you are not able to connect to the this DB two instance on another option. You should make sure that you will be choosing create new for this three pc security group . So here you need to specify that the security group name are deists Demo SG Now we will proceeding for the We're just living as is no preference. So eight of Lewis will pick any off the availability zone over here and then we have the port number. We will leave it as is the database authentication. We're going with a password authentication over here, we have also optioned to set of the backup along with the monitoring, so you can click over here. You should provide the name of the data, miss. What would be the initial name? We are going to give it as our Deace Demo TV and then afterwards we will leave it as it's for backup retention. We can provide one day if you have any option to select the window size off the back up. When this black of filtered kick daughter, you can select this and you can specify your start time. Then we have an option for monitoring. Here you can select the monitoring it was selected. Then you are able to provide the configuration for that. So we will leave it as is. And there is a maintenance. We know that you can also specify if you will select that. Think that you need to respect. We find that when the maintenance will walk up, we're going to stick with the default preference. That is no preference. And there is another option we're getting over here. Resolution protection. So if you enable this relation protection, then you are not able to delete the database, so we are not going to stick with it. We will leave it as is now here. The pricing. It is telling that we're going to get 7 50 yards off our ideas. If we're using Cretier along with that, we are getting 20 GB off general purposes stories That is office city type. And then we have 20 GB off automated backup storage. Now, we are happy with this thing. Now we need toe to think you should make sure Well, clicking on career data with the 1st 1 which I already mentioned that you should select the public accessible. Yes. And here you have provided the create new no click on create database. So here the instance Name is not good. So we need to give some name of when you let it be like rt is devil Instance Cope It changed the password. We can keep the same name so that we will not forget. So as it is a demo So we will leave it as is now what we will do, we will take concrete data bits so it will take five minutes to create the database. So it started Now if you will see you. You will find that went to the creating street. So we will wait for it And once which is being done, then I will come back. So I'm pausing the video now. So no, the database has been created over you. CEO, you're getting successfully created. Data bits? No, we will proceed toe the second exercise. So now what we will do. We will Don't know this sequel client from where you are in. So let's grab the u. N. So this is the US from where we need to download the client. That is my sequel Client workbench. So Corp it I have provided you this link in tow the resource section so you can use that. So we will come here. Open the browser is the US and we will go to the u R l and we will grab the disclaim. We really click on download and here you need to click on this. No, thanks. Just to start my download and it will give you this file. Click on, say filed. Once it is being downloaded, then we will get this m s a file we need to right click and click on install his two started installing. So here in the region you need to click on next. For your case, you will be getting complete or custom option. You need to select complete option, as I have already installed, so that the reason I'm getting this option and then you need to click on next, then next and you will get the install option. So click on install. Once the installation is being done, then you need toe a penda, my sequel, Client workbench. So click on finish. So let's proceed further. So we have created our my sequel Live. Instance. We have downloaded and installed the sequel claim. No, we will open this SQL client that is my sequel were Bent Client, and then we will connect with that client to do this. My sequel databases, which we have created at the roster step. So let's open the my sequel claim. Workmates were into my sequel, Workbench client Soto Connect to the data with You need to click on this plus icon and here you need to provide our ideas. Demo connection. Let's give a name, and here we need to specify the endpoint. So let's grab the endpoint from Made of Louis RDS console. Soto, grab it. You will be getting view credential detail. You need to click on this. And here you will get this option. Click on copy. It is being copied. Now we will go to the workbench client that it might sequel Weapons client. And here you need to specify that. And the user name? No, we need to grab the user name. So here, we need to grab this user name, which we have a specified at the time of creation. Copy. Go back to my sequel Client Workbench. And here you should based it on the password. You need to specify Over here. Store in world Here, you can disperse. Why the passport? Okay, no test the connection authorities successfully done No. Next we need to click. OK, And here, right click, open connection. So it is taking time. Now we have connected to the AWS rds, my sequel database engine. So if you create anything over here that will be created in tow eight of Louis rds, my sequel database engine. So we have completed the sex is now moving further. So we have connected. We have created my secretive instant. Then we have downloaded and installed sequel plant What we did in the last two step we have connected to the my sequel date of its No. Next we need to delete that deviance tents which we have created. So let's jump into the my sequel workbench plaint and we will close that. So first we will close this one and then we will go to AWS Management Council and from there we will delete the db instance. So we're here now. So close this one. And now what we need to do we need toe, select this one and go to the action and click on delete And here you need to de select it . Then you need toe, acknowledge it and here you need to specify that. Delete me. Then you will get an option toe relief so you can click on it. So it will take another five minutes to relieve this rds instance. And once it is being done, then we will done with this slap it is still the leading. So let's wait for it. I'm going to pause the video. No, Once it is being done, then I will show you So no, the databases being completely deleted. If you will repress this based, then you will find that the data with has gone now. So just repress it. You will find that there is no date of its presence. No instances being prison. So let's jump into the exercises. What are the exercises we have performed so that we will wrap it. So in this lab we have gone through creation or for my secretly re instances. Then we have downloaded and installed sequel plane. And with the help of sequel plane, we have connected to the mites equal later with and at the end of the session, we have deleted that instance. So this is what I wanted to demonstrate you in decision seeing the nexus. Until then, Bob, I take you. 35. Project Design High Availabity AWS Infrastructure: Hello, guys. Thanks for joining the session in this session. We're going toe to a project where we will design the high availability eat of Louis infrastructure. So far, we have learned so many services afraid of Louis. Now it's time to design a more meaningful project. Or let's jump into the diagram to understand what we are going to design in this project. So there's basically we're going to design this infrastructure where we are having a deformed BPC along with elastic load balance, and they're too easy to in stances, which is being configured within two different travel ability zone. So we will listen such infrastructure where, at any point of time in if any of the easy to instance is going out off service and another , easy to instance will automatically come as replacement of help off auto scaling. So now let's look into the design elements off this project. So in this project, we're going to use easy to, which is going to be converted into am I? Then we're going to use Security group, Target Group, Launch Configuration, Auto Scaling Group and the scaling Policy. These thing you will come to know in this project some of the things which we have already gone through, like easy toe A my security group Target group as well. Some of the thing which you will find over here in the new for you. That's okay. If we're not able to understand that once we will do the project and you will come to know that what is the significance off all these elements? So now let's jump into the aid of Louis Management console and we will do the first step. We will create an easy to instant. And then afterwards we will create any. Am I with the help off that easy to instance, alerts jump into the AWS management console. No weird intuitive with management console. No, we will goto the easy to dashboard. No, we need to click on launch instantly. Concretely only like the first World taken Next, configure instant details. So here we will keep the things default. The only thing we need to change over years that we need to provide the voter strapped on that Right? Some voter strap over here. So I have written this cripple. This mood disturbance crypt is very straight forward. This cripple senior, we're installing the institute PD. That is a process over. And they were doing the check conflict. And then off reports were creating an STM ill and placing it into a specified location. And then up toward at the last line, we're starting the service. So that is STD pretty services. That is a project. So no moving for the click on next time the story. So click on next time dagger. We will give a tag. Your name give and for template was done. We need to configure security group Li con security group here we can add another rule for a city. People open the Port Authority. We will keep it as a global if you want. Then you can provide any of the people for this session. We're going to keep it open so that it will be accessible from they. Any Avery? No, moving for the kick on review and launch. Now click on launch. So here we need to select the existing keep here. I already have, like this one, and I acknowledge click on launching stance It, which is launching now. We need to click on the Instant Sadie. It will take it there. So it is still creating. It takes usually one minute, so it is created. No, no. Let's verify that whether this issue to instance is solving our weapons or not. As this easy twins chances working as over apps over. So how do we can verify that? We need to grab the saipi and we need to come over here and based it. And until yeah, it is solving or repeat as we're getting the whatever we have. Bootstraps, which is displaying over here now moving for the Brits looking toe the diagram. So we have created the easy to instance. No. Next we need to create toe. Am I using that easy to instant the Let's jump into the AWS management concern? No here to create an image on machine image, you need to come, you know, click connection goto image. Click on creative mate And here you need to provide our name, observer me and leave everything as it We want to provide the description. You can come over here and provide the description as well, and then you need to click on creating mate. It has created an image, so it is in a process to create that image So that's what it is telling. So close it. We need to goto the am I So here we will get that information. So it is still creating So that the reason it is telling that it is in a pending yesterday So we will wait for it. So no, it has created and we made No, We will go ahead and delete the easy to instance. So we will go to is it for instance? And here we need to select the actions and stands the state. And here we need to select the toe minute. Yes, terminate This no longer needed as we have created the army that we will use in launch Contra Gration. So it is dominated. No, no. We will move further and delete the security group which we have created with this instance . We will come here and click on security groups and here we will come here and select action on delete security group. Yes, delete No more further. Let's jump into the diagram and let's look into that What we need to don't next. So, no, we have created the C two instance with the use of this Is he two instance we have generated an image. No, we need to configure elastic load balancer. Now let's go back toe eight of Louis management console. So here, now we need to play can load balancer, no click on create load balancer And here we need to choose application, load, balance and click on Create. No, we will Esposito your name. Web server. You'll be it should be Internet facing. And here we need to specify into two of the availability zone availability Zone, Zone one and the zone toe. So let's go ahead. And so here. We need to specify that 1st 1 on the 2nd 1 and make sure that you will be choosing the public's cabinet as I'm having only once of net over here. Little because Yes, while choosing the Cabinet, it must be a public sub net. No click on next conflagration security setting. So we don't have security group. So click on next Configure security group And here we will create a new security group. We will give it a name and here we have a specify your name. That is where So we'll be security group remaining conflagration. We will keep it as is so no click on next country grouting. No, we need to a specified target group over to name Web servers are groups or know everything looks good. Three cornered, one cell check setting. So these are the recently metal health. You can change it as well if you want, but we will keep it as is what It was a different configuration which is providing here to know we will click on next register target. They're going to keep it as is as there is nothing to configure because this will be taken cared by auto scaling group. So no click on next review. No click on Create. So, Lord well, answer is now creating it is probably isn't now close over here. So here it is. Provisioning site is still provisioning it. We will wait for it now we will do the configuration for or to a scaling group. So here we will click on or to a scaling group, click on Create Auto Scaling Group Toe configuring Auto Scaling Group contents to Esther. Process One is to select the launch conflagration on other ones to create an auto scaling group. So let's get this started. Click Konger two started so here We need to choose the A m I, which we have created earlier as a long configuration. So to say, legal am I which we have created earlier. We need to come here, look on my am eyes and it will give us the same way which we have created. We need to click on select and we're going to select 32 micro click on contribute details or give it a name. So I have given a name. Website was launched configuration So here we don't need to do anything. All thing comes from am I know. Click on next and I store it. So click on next configure security group. So we need to configure it a security group over here. So this set up is really interesting what we need to do. First we need to provide a name to let me provide it. So now provided the name. So here we need to click on add rules and select as TTP. So here we need to provide the I before load balancer because this instance is getting access from the Lord Balancer toe. Do that. We need to write SG so we will get the webs over he'll be which we have created the security group earlier. Provide that or that it will be accessible from the load. Balancer only know click on review Condoned configuration. We will click on launch configuration, create launch conflagration. After that, we need to select the repair, which we already have. I'm acknowledging it create launch configuration so forced the strip was completed. No, we're into second District. We need to configure the auto scaling group over here, so provide a name, so auto scaling group. So this is important in the group side. We need to have specified that at any point of time, home in number off instance would be running. So we had a specifying at least to any point of time and throw in the sub net section. We need to specify which off the availability zone belongs. Toe this auto scaling group. You go to the diagram, then you will find that we have especially fired, have little kids on one and have level it is on to. So these two Jones reward do we have level into the or to a scaling group. So to do that, we need to specify the sudden and details or let's do it. So here we need to choose Liberty John one and then 21 A and one B. So no click on it once details. And here we need to click on the load balancing glee. If you haven't created the target group, you will get an option over here. But we have created already. So we're getting the option here. We need to select it and health check time. We're going to perform hell me and every 32nd the hell tickle happened. Now click on next Configure Skilling policies. So this is really very important. If you remember that we have. It's with fried that at any point of time how many number off, easy to instance will be executing in this auto scaling group were specified to. So this is really important. Supposed that if we want to increase and decrease the size off the easy to instances, that means if the Lord off, the traffic is getting increased and you want to increase the number off instances and we need to come here and select the Yucel Skilling policies, we have earlier provided the size two. So at any point of time it will maintain to number off. Easy to instances. But suppose if we want to a scale up on the scale down, so what you need to do, you need to come here on their. Specify that, and you need to click on our new alarm, and here you need to set of the configuration for alarm. Suppose that ive utilization is going more than 80%. Then you have to specify it and click on Create a lamp. It will send a notification with the help of notification services. In the same way, you will also do it for the decrease groups say you suppose that's a pretty litigation is going below the uses off 60% then you degrees it and he'll after that. What action you need to take. Suppose that if it is getting increased mortality person than number off instances, you want to run this three. You can also add the steps as well. For this case, we're going to stick with. Keep this group at this any sensei's, so that at any point of time it will maintain at least two number off instances. So no click on next configure notification. We can also add the notification over here. But we're going to a strict with the D for adoption. We're not going to have any kind of mortification. So what? This notification contains just looking toe that And here If at any point of time, if we're launching our dominating or if any of the condition is meeting, check over here, then it will send the notification. For example, if you are easy to instances freed to terminate or fail to launch, then you will get the notification work for this session. We're not creating any kind of notification. Now we need to click on next configure tax, so give it a name. Now we will click on review. No click on Create or to a schooling group will create the auto Scaling Group. So it created No, we need to click on close. So it has created So at any point of time, it should run two instances currently there is no instances it will run. No. So, no, you will find that it is running two instances, so we will look into those instances. We will go here and we will check that instances. So, no, you will find that these twins. Chances is running and which is coming from auto webs. Over. So this is art, or perhaps over and which is being created by the auto Scaling Group. One thing I wanted to show you over here is that we haven't registered any kind of for easy to instance in Target Group. But if we will go there, then you will find that these two instances is being registered. As we mentioned, it should be taken care way or to its killing group. So, CEO, click over here and click on targets. Then you will find that it is being registered. Two instances is being registered, which belongs toa order Web server. So this is what I wanted to show you. Now it's time to test it. So to do that, we need to click a load balancer. We need to grab the D in its name. So here we will grab this genus name and try to access it. What? It is coming. Let's see, you know, have grabbed it. Come. You compose a right to access it? Yeah, we're getting the project landing, which next we re lured. Testing what we need to do. We need to goto the instances and we will delete one, and we will wait for some time and we will look into that. The auto scaling will bring back that instance again so that it will maintain to healthy instances at any point of time. So let's do it. Select one trick actions. Instant state dominate is dominant, and we will wait for some time and we will find that the other instance will come back again because we're maintaining two instances at any point of time. So it is dominated. So we will wait for 30 seconds as well. The health check at 32nd as we have a specified in the configuration. So here you will find that it is started creating the easy to instance as it has to maintain to number offense chance at any point of time. The auto scaling group that the reason it is creating another instant what they did it had checked that there were only one instance is running and after that, trying that it is not matching with the auto scaling configuration toe to match it. It has created another instance, and it know that which one was deleted earlier. It was related in this availability zone. So again it has placed toe the same reverently results of CEO. So it has bring back the easy to instance which was deleted or which was terminated to maintain the true number often stances as which we have a specified earlier in tow, the auto scaling group configuration. So this set up is called high availability set up. So this is what I wanted to demonstrate you in decision. So no, go back to diagram. So we have designed this infrastructure. There's a higher level infrastructure with the help of Porto a scaling group. And to design all this thing, we have used all these elements where we have use easy to instances am I? Then we have created elastic load balancer security group Target Group. We have used launch conflagration. Then we have set up auto scaling group and we have also gone toe a scaling policies where we have keep the initial size two. And with the use off all these elements, we have designed the higher liberty infrastructure on Arab Lewis. I hope you enjoyed this project prior to closing the station. I want to tell you that don't forget toe. Clean up your AWS resources to do that. Let's jump into the AWS management console. So first we need to delete the auto scaling group. We need to come over here. This clean up is pretty much required else. It is chargeable, so make sure that you will clean up all the resources selected action delete. It's to be so No. Once you relieved this or to his killing group, it will delete the instances as well. Then after that we need toe. Delete the launch configuration. We need to come. You click on launch configuration selected. Action. Delete the launch configuration next to Goto the load balancer, Select the load balancer. Click on actions on delete. No, we need toe. Delete the target group to always make a practice to delete first load balancer and then the target group. So here you need to select the target group. Delete. Yes, I checked that the Roadway Skilling Group is deleted or not going toe that is still deleting Goto The instances verify that instances what is happening toe the instances. So it is certain down as we're deleting the auto scaling group just omitted it. No, no projector or to a scaling group again. So it gone known. Now we need to delete the security group. We need to come over here and click on Security Group, which we have created. So we will delete that security group. Now we will select those security group Condell it Security Group. Yes, Delete. So select elite security group. Just delete that last we need toe Come your air Might We have created a image that also needs to be deleted. So we need to select you. Click on, be Register No, very five wants goto the easy to dashboard So everything is clean there. Snap shirt is existing. We need to come here and select that snapshot on delete it. So let's select it on delete to know again Go and verify that So everything is zero. That's fine. Keep where is not chargeable. That's fine if you take existing more than once it is Okay. So this is what I wanted to demonstrate you in decisions here in the next session. Till then, Bob, I take you