Absolute Beginners Introduction to Amazon Web Services (AWS)

1. Introduction: Hello and welcome to my course on absolute beginners introduction to Amazon Web services. My name is Sai, and I will be the instructor for this course. Now I have designed and created this course by keeping an absolute beginners in my mind. Now let's go ahead and see what this course offers. So in this course, I am going to teach you a lot off important topics that absolute beginner definitely requires when he's starting off with the Amazon Web services. Now let's go ahead and look at the course curriculum and let's see what this course offers . I'm going to start off by giving an introduction to the scores and followed by. I'll be doing the account set up now under this account set up section, we're going to create a AWS account from scratch, and we're going to set it up using the best practices. And we're also going to see how the building ah, alerts are configured and all the best practices that you need to apply when you're logged in as root user. After this, we're going to look at the Identity and Access Management Section. Now here we're going to also apply the best practices that we need toe apply on the route users and we're going to create different groups like administrators and developers testers , and we're going to see how identity and access management can be utilized to create different custom policies. And I'd give different permissions to different users. The next section that we're going to cover is Theater Vitya Services and see a light under the section. I have given a brief introduction to different services offered by Amazon, and we have also covered the command line interface section where and we're going to install the CLI and we're going to see how we can use the command line interface toe interact with Amazon Web services. The next section is basically the overview off. Easy to now. Easy to is one off the important services offered by Amazon and I have covered a lot off important things in under this section. We have seen the overview off aws easy to by giving an introduction to different subsections that offered that are offered in easy to, and we have seen how to launch easy two instances in Windows Lennox and how to connect them . We have also seen how ah the security groups can be created and how they can be utilized to protect your PC. Two instances in the next section I have covered the overview off s tree wherein I have covered a lot of ground on what s trees and like how toe create pockets and object and how toe give permissions to different users. And if you want toe share your objects publicly and stuff like that. So I have covered the bucket policies and I am ah, section as well. And also we have covered how toe access the AWS s three using AWS Eli in the next section, we have covered the AWS free tier where and I have covered a ah, what services are free for one year when you create a new account and ah, that's pretty much it so And then we have concluded this course by giving you the next steps that you need to take in your part to learning Amazon Web services. Now I really think that this is a good starting point for anyone who is looking toe start his carrier, his or her career in Amazon Web services. Because I have covered a lot off ground here with, ah, a lot off best practices and also the important services that are required for an absolute beginner to know to get started here. So I really think this will help you to get a kick start in your carrier and ah, start your way towards cloud computing in Amazon Web services. So I'm looking forward to get started with you all in the course, So I will see you in the next lessons. Thank you. 2. Create a new AWS Account: Hello and welcome back. So this is an exciting lesson where we're going to create our first AWS account. And so let's get started. So the first thing that you have to do is like, go to the Web browser and type in AWS start amazon dot com. So once you're here, you should see a create AWS account button. So ah, want to click this bottom all you got? All you need is basically an email address, and then you have to set some password and then you have to give your account name. So I have an email address created for this, which is going to be hashtag learning tests had gmail dot com and then basically let me give my password. And once I heeded my passport and that I want to give this hashtag learning test account on , then hit Continue. So once you're here, then you can specify what type off account this is. It's a business account, A personal account? No, for this purpose off the lesson I'm just going to choose it is as a personal account, and then I can give in my phone number, and then I'm just basically going toe hide it and then you can give your region. Ah, basically, I'm going to hide all this information anyways. Think so. Once I have this account set up, I can just ah, hit, create account and continue. Ah, the next thing that it's going to ah, basically ask us for a payment information. This is really important because it would if you are spinning up some resources, AWS would like toa d like the money from your credit cards. So, uh, although you have a lot of free tier that's being allocated to a new account for one year, Um, this is just in case if you go over the limits of free tier, then you'll be charged. So I'm gonna pass this video here, and then I'll enter my credit card details and then I'll raise him back. All right, so once you ah, submit your credit card information, it asks you to verify your phone address as well. I mean, the phone number as well. So I'm just gonna key in my phone number and then, ah, give the details here with this Haiti X. I'm just gonna don't call me now, Okay, So I have keep that call your boon, please Entered. Played on your screen. Okay. I entered the four digit number once. I received the call successfully. Very pledges, please return to. Okay, so now that my phone number is also very fight Ah Aiken, just hit. Continue. And then basically ah, I'm just gonna select the basic plan for the support you. If you're established business already and you have some developers working along with you , then I would suggest you to go with the developer plan. But I would stay with the basic plan if you if this is a personal account and you just want to learn. So I'm just gonna select the free account here and now this is basically an optional thing . What we could just go into and hit signing to the council, and I just have to key in my entrance. The email conduct you have used to register this account and it's gonna hit next. But so I'm just gonna enter your password, and we should be good to go. So now we have a registered account, and then we are into the AWS console. So Ah, So this is all it takes to ah, get you started with the new AWS account s so I'll just end this lesson here and we'll continue in the next lessons. So thank you for watching. 3. Setup Billing Part 1: Hello and welcome back. So now that we have our AWS account set up and ready, let's go ahead and set up our billing alert so that we have a proper visibility into how much we are spending and what resources were spending on and like, whether we are in budget or not. So let's get started. So first thing that we're going to do, it's like go into our AWS console and then at the top here, you should see that, uh, under the drop down there would be my account section. So I'm gonna hit my account section there, and it's going to Lourdes, my building dashboard. Not not the building dashboard, but Thea Page account page, which shows all my information. So I'm gonna hide all this information anyways, but you should see your information specific to this account. So basically here, if you scroll down the first important thing that you need to set iss your alternate contact because you never know how if you if you miss any alert there, If there is some important communication that AWS wants to make with you, then if you're not available, then it is always a better idea toe, have alternate contact so that they received those alerts and then take actions necessary at that particular situation. Okay, To put in this information, all you have to do, it's like click at it and you can fill out this particular form and give your details. So the next thing that we're going to do is basically configure our security challenge questions. This is really helpful. When you are lose your access to your route account, you can always contact. It'll be a support toe. Give it back. But if you said the security questions, then you should be able to reset your password by answering the security questions. To edit this, you can just click edit here, and then you can choose any questions that you, um, that your family read, and it is easy for you to remember. So I said, I definitely said yes, you to keep thes things so that you can retrieve your password just in case if you lose it . So I'm just not going to set this right now. The next important thing. It's your I'm user and roll access to billing information are typically in a company Ah, no one uses a root account toe are do our manage your AWS operations because root account is very powerful and it has all the access to all your resources. So it is not a best practice to use your root user for operations. So also, in a big company, what usually happens this, like building is maintained by separate department. The developers maintain the separate part of AWS and, like different people, have different roles and different, um, use cases in a to use the AWS console. So for that of basically, ah, the I I I am, which is the identity and access management should be able to have appropriate permissions so that they can access thes building resources. So if you want to give your accounting team this information so basically by default, it is deactivated. So you'll need toe activate it here so that you can create a identity for them. Ah, for the accounting team toe. Go ahead. Excuse me to go ahead and use this particular, um aws console to retrieve that information. So to do that, just go to hit it and then activate the I am access and hit update. Okay, so now that is done the next. The important thing is basically Ah ah, your communication preferences. I always suggest you to manager communication preferences so that you receive all the latest updates and alerts about the AWS. Ah, recent announcements are best practices, or if there's any tutorials that they want to provide, then you can. It's basically it sent you an email whenever some interesting thing is available, which is really helpful sometimes because you get to know all the latest services. And if if there is something there's some new service that's going to help your use case, then it's better to know your email about that service so you can choose your preferences here, select your email and select your language, and then, uh, put your preferences and then you can save the changes. So once you do that, then you will start receiving the latest alerts here. I'm just gonna close this and go back to the previous one. Okay, so now that we have done our communication preferences, this is basically for the ah oh, if it if if your account is a prior public sector account and it needs some tax information Oh, I think if your organization, you would You need to enter it. But if you're a personal account, and I would just leave it as is and ah, we have selected already. We have already selected our It'll be a support plan for free. If you ever want to change, you can come back to this page and click here, and then you can always tell a cure. Appropriate Planned for the second. I just told you have just chosen a basic plan which is free. So I'm just gonna leave this like this, Okay, so now that we have gone through our Maikon page now let's go ahead and see how our dashboard looks like. So, basically, to go to the dashboard, all you gotta do is click on the dashboard here, and you should see the stats off, How much you are spending this month and how much you spend the last month and how much you're spending. Ah, for it for a specific service. All that kind of information is readily available in the dashboard. Now, this is a pretty brand new account, and we don't have any information here because we didn't use anything at all so far. So once you start using it, you should start seeing information coming in here, So this is really handy. So the next thing that you're going to look at is the Bills part. Oh, here. Once you are billing cycle completes, then you should see a bill coming in here. And that bill will have all the information about what services you used in what location? I mean, the what region. Ah, as you know it, a Prius has, like, several different locations where you can access the AWS from. So so the bill will contain all the information on what, like different services used across different regions. And, uh, so you can also dollar the dollar or print three belts right from this particular pitch. So the next thing that we're going to look here is the cost Explorer. No, Basically, the cost Explorer is basically when you ah launched the cost Explorer, it's going to basically go and ah, search all your resources and it's going to list you by different services saying that Okay , this particular, um, services. Ah, spending this pretty girl moment off dollars and you can visualize, Like to see where you can analyze, Introduce your costs by our by reducing the uses office specific service. If it's that's not much useful to you. So you can hit cost expert here. And it should basically are This usually takes someone off timeto, um, come up here usually turn for ours. But this we just enabled this so we don't have any information here, but once it is ready, you should definitely see information coming in. So now that this is done, that's go to the budget. Now, the budget is an important topic because this is where you're going to set your billing alert saying how much you want to spend and how much, Uh, when do you want to get notified when they started Building limit has to teach or some stuff like that. So let's go ahead and create our budget. So basically, ah, there are different types of budget here, like cost, uses and utilization our civilization. So basically, I'm just gonna choose the cost s So I'm just going to give this, like, monthly marquette, and I'm going to choose a Peter that's monthly. And or maybe you can just do annually anally my I'm just gonna go with monthly for now. So I'm just gonna choose the start date this, uh, today and then days like the end of the month. And I'm saying that my budget is basically $100. So once I have $100 budget here. I'm just going toe. Ah, we can define our budget by saying Okay, this particular ah resource has this particular, um, amount of dollars off spending limit stuff like that. I'm just going I'm not going toe go into the details here. I'm just going to choose to basic ah, $100 budget and then I'm just going to configure a notification. Ah, this notification helps you, Ah, get information about like, let's say your you have your budget of $100 you want to get notified when you're when you spend like, $50 off your budget, or like 50% or 70%. Whatever is the your use case. So I'm just going to do It's like when the actual but jet is it'll costs are greater than 50%. Once it goes about 50% usage. Then I'm going to ah, get a notification toe, my imminent. So I'm just going toe key in my he Millard us here and then I'm going toe create a notification. Alternatively, you can also create in a sense topic, which is essence is basically simple notification service. It's a ah audibly a service which we're going to cover in in the future lessons in the scores. But for now, we'll just put in our email address year and then hit, create. Create the budget. If you want to add more notifications like when it goes about 25%. If you want to get another mortification, let's hit. I'm going to give greater than 75% Ah, then notified us that this particular email so I'm just going to hit create. Okay, so now we have a budget, and, um, this is going to notify as many where our no thresholds are reached for 50% and 75%. And ah, then you have control over how much you are spending in your AWS account. 4. Setup Billing Part 2: hello and welcome back. So in the previous listen, we have created our billing alerts and we have configured our notification so that we get a notification when our our budget goes over 50% and sent for person. So now in this lesson, we'll just walk you through all the other, um, sections that are there in this my account page. And let's close this section. So basically, I'm going to go to the reports part here. Basically, you can generate a report on how your ec2 utilization is and have your reserved instance. Utilization is and all that information. Now, we don't have any information here right now because this is a new account. Once you start spending or start using easy to re sources than you can always come back here and under the report about it and analyze if you are over provisioning or if you're under provisioning, all that kind off things can be done once you have these reports and, um, the next thing that is the cost allocation tax. Basically, ah, when you have cost allocation tax, it is easy for you to build different resources. Let's say you have Q environment production environment, Jurgen gender different tax And you can basically view it in this particular page saying that Okay, this particular attacked resources are ah are spending this amount off budget and that kind of things can be done using cost A location tax. The next thing is the payment information we have already configured are paying payment information when we're creating the account. If you want to change it or at a new card, then you can always come back here and then do it. Okay, so the next thing is the payment history way have not done any payment history so far. Eso Ah, once you do any payment Ah, this is going toe show up here and you can download those, um, payments that you have made so far. The next important thing is the consolidated billing. This can be helpful if you have two different accounts are many different accounts and you want to just be ah, as a whole from one particular account. And you can always do that by that. What? I mean this. Let's say you have three different account when it's for deaf. One is for Q and one is for production. Then you're gonna have 1/4 account just like operations account. And you can link all these three def Q and production accounts on and have a consolidated billing from the root account, which is your operations account. So you can you can do that right now we just have one account, so I'm not going to do anything here. But you can always to get started, and then I that your different accounts in in a pretty great consolidated account. That way you can easily manage stuff so that you just have your billing division or your accounting division managed that particular account, and they can take it from there of the car. Payments are all that starts off. Things can be done from that particular account. And, uh, this is basically, ah, your preferences, your billing preferences or if you're if you if you have a free t erry usage and if you want toe ah, get notified when you're free tier usage is going Ah, or the limits or that kind of stuff you can have. Ah, that difference said here you can basically click here, and then you can shall send all these and then you can saved the preferences. This is really helpful because it's it's it's good to know or when when you're or spending or if you're going over the Freedia limits because right now we're we're using a new account and we get one year of free dear, which is a lot off. Easy to resources for free. I'm going to walk you through all those things as well in the coming lessons. Okay, so the next thing is a credit section time for a time of AWS Also offer some frequent. It's which you can ah, um a veil and then added here so that you can use them insert off being it from your credit card. Oh, if you ever happen to have, ah, a pro McCord which gives you free drinks, then you can enter it here and then you can redeem those, and you can use them to use your AWS resources. The next thing is that back settings. Ah, here in the tax settings, basically, you just give your business legal address and your tax registration number down. This a personal account. I don't have that information, so I'm just not gonna put in there. Yeah, so are devpay is actually now discontinued. So we don't really You're not going to cover this enemy, so Ah, that's it from for in this lesson, we have covered a lot of ground here on my account page. We have covered the dashboard. We have covered the builds. We have covered the different budget options that you can control. Oh, and we have gone through all the different other things that are there in this Maya Khan. Ph. So that's it for this lesson. And I will see you in the next one. Thanks. 5. Understanding Identity & Access Management: hello and welcome back. So in this lesson, we're going to understand what identity and access management east. And also we're going to cover different use cases on and also we'll see one of the best practices. So let's get started. So the first thing that will do is basically sign in tow, our AWS console, and I'm here and basically in the AWS services section. You just going to search? I am. So once you search, you'll see identity and access management. And as this is our new account, the first thing that you're going to do is basically you're going toe. Ah, set up a sign in Europe basically Ah, the signing mural that you see here basically is is having a ah count Ember dark signing dot aws start amazon dot com. So basically the best practices to have this You are a simple way, and this will be used for all the user contact you create. They used this link to logging into your AWS console. Okay, so, to edit this first, you need to goto here, customize and give your account alias name. So what? I would generally do it basically give the root account name here, which is hash tag learning test account and yes, create. So now you can see that the link has changed. Toe hashtag learning test account not signing dot aws start Amazon Norton I'm not pump. So now, now that this is done, the next important thing is basically we need toe get all these warning things into green. We just like the best practices. So we have not created any root access keys. I'll go through like what? Access keys and where we'll be using that. Nobody about it. But will Will will worry about the next important things like it is here. So the first thing that is specified here is basically to activate our M f A on the root account. So basically of your now logged in as root account, that is their conduct which we have used to create this AWS account. So what What is Emma Fe? So basically m a face like a multi factor authentication, which is Ah, he used to secure the count in because like, ah, the road account is very powerful and you can do pretty much everything and it is best practiced toe have it secured using multi factor authentication so that if even though if someone gets us your password without the MF a device they picking on logging in tow your account so let's set that up first, so it will set it up all you got to do. It's like click manager my faith. And you could basically have a virtual Emma Freddie wise all the hardware Emma for device A hardware devices, a physical device that you need to purchase, basically even go to amazon dot com and search for AWS Emma for devising the first option is basically the best option that I've seen so far. But for this example purpose, I'm gonna use the watch elementary device that is basically a Google authenticator app which you can download from your play store or, um, app store from if your IOS or android user and you can set it up. So the first thing is like, I'm gonna choose the actual I'm afraid the wise here and I'm going to hit next. So the next thing is basically it's giving something here, and then I just need to scan this thing in my foot. So I'm gonna grab my phone in a bit. Okay, So I have my phone with me right now, and I'm going to open up the starting to get a wrap. So in the 28 rap or you'll have a blast. Morton, where in your gun? You can add the you're gonna have the barcode. So I'm just gonna hit scan barcode, and then I'm going to scan this Ah, your court that it is here. So once I had that your court into my authenticator app, it will start showing me a 60 chip in. So all you gotta do it's like you have to enter two consecutive six digit pins with Just like once you are right now, my app is showing me a 706850 Now I just have to wait until that 60 that expire, and I get a new one. So once I get those new six digits Ah, let's give me one woman. Okay, so, no, I have the new six digits. So I'm going toe enter those new six digits and then I'm going to hit. Activate what? You let my face. So once you do that, you're in my face now. Sync with your console And the next time you sign into this account is going to ask me for a m f a. So asking us you enter your password, it's the next thing that's going to go ask is the M if it and you need to go to this app and you need to enter that 60 to court and then you will be logged into your AWS console. So Okay, so that is done. The if, you know, with the fresh your I am console, you should see a green tick mark there because we have enabled the Emma Fianna root account . Okay, so Ah, I'll pass this lesson right here and then I'll come back. I'll continue this in the next lesson. Thank you so much. 6. Setup IAM Users & Groups: hello and welcome back. So in the previous lesson, we have ah configured our buffet on our route account. And in this lesson, we're going to go ahead and create some identity and access management users and some groups, and we're going to see what the I'm bastard policies. So let's get started. So the first thing is basically ah of yesterday in the I am control here and let's talk about the identity and access management first. So basically, ah, this is a very important part because the identity and access management is a place where you create your users. You create your groups and you manage who should have, what permissions and so on and so forth. So it is really important to understand this concept because here, if you don't implement things properly, then you end up giving permissions toe. Ah, so the users whom they're not supposed to have the particular access. So it is really an unimportant to understand and manage the users and groups and their policies properly. So let's talk about the ah, I am users first. So now that you're here in the root account, ah, not everyone in your team or your organization can access the AWS through the otakon. So in orderto give them access, you need to create a use. So in the previous lesson, we have customized the signing you're and we're going to use this your or to sign into that . So we for that Let's go ahead and create our first I am user. So I'm going to go to the, um users here in the left side and let's add the user. So here what? I'm going to use us. Basically, I'm going to create three users. Oneness, Adminstrator One is developer and one s tester. So and we're going toe. See how we can give ah and manage permissions to eat off these individual groups. Ah, using groups. And also we'll see how to create the policies. So first thing is, I'm going to add a adminstrator user. So now we haven't administrator user, and I'm just going to choose the AWS console access so we'll talk about the program at Jax is in the in the next lessons because that's a completely different topic and and I'm going to use a custom password for now so that I can sign it into the console in a bit. So I'm going to choose and user must create a new passport. Ah, unit to hit. Click this button because you're going to share it with someone else. I'm just going to leave it as is, because I'm just going to use the same password to log. And now and now that I'm ah, done in this section, I'm just going to hit next permissions. And here I'm not going to give any permissions to this account yet because I will go ahead and create the group's first. And then we'll add our administrator into the administrative group and then manage the policies so that all the administrators have the same level off access hit next review and ah yeah, like discuss. We don't have any permissions to this user yet, and I'm going to hit, create user. I'm going to do the same thing for the for the other two users, which is our developer. And in your case, this would be actually name. Well, I'm just giving this toe demonstrate the example, and we're going toe just the consul axis, and I'm going to give him something password and you're not going to give him any permissions and the same thing for the tester. Programmatic access, permissions, extra view, create user. Okay, so now we have our three different users. But we have not given them any permissions as off now. So it'll give permissions. There is two ways to give it 11 thing is like basically can go to each individual user and give him some certain level off access. That is like he can go in access of particular service called Easy to Your Particular service called S Three. So on and so forth. But we can also manage them on the whole. Let's say you have 10 different administrators. You don't want to go into eat off the user and administrator user and then give him permission. Separately. Soto manage it easily. We go and create the groups so here that it's group section and I'm going to create a group now. So I'm going to create a group called Admin Group and I'm going to hit next and here. I'm going toe. Choose the policy. No policy is the place where you specify what level of fact Cisco's now. If I go here and ah select the administrator taxes if you don't find your light of ah, right away here, you can just search for Administer relaxes. So I'm searching for administrator access. I selected that and then I'm going to create the group. So now this group, where is part of this group will have adminstrator axes? So what I'm going to do Islam. I'm going to add the administrator user to this particular group. So to do that you go to the group's. It's like the group that you want toe, uh, users to and then hit. Add users. Now here we're going to choose T Administrative Group and then we're going toe selective add User now are administrative User has the's permissions. Now, if you want to add more permissions to hear, you can come toe this admin group and attach more policies and these things particular users where is attached to that group? We'll start having those permissions now. You can also give some in line policies where is in line policies like the policy that you create just for that particular group and it cannot be assigned to some other group, so we're not going to cover that part here, but we're going to go into the groups and we're going to create on the group with this group. It's where are all over the developer schools and here we're not going to give the Mandarin state or access because that's not what we want to do. We don't want our developers to have the full access, so we're going to do ec2 full access now, basically easy to It's like elastic, all cloud computer ended. It's like one of the most important services. Start aws off first, where you go and create what your missions and and there's a lot of things that you can do in the sea to. So I'm going to give them all the developers the full access to Easy To because they are going toe work there and then they're going to use up their services. So it's let it toe have their full access. So I'm going to hit next and I'm going to create the group. So now they have Ah, we have the admin group. We have the Death group now inside the deaf group. We're going to go ahead and attach the user developer here. Okay, so now we have the dollar. We're done now the last ah group that we're going toe Ah, create is the tester group, and we're going to give the easy to read only access wherein you don't want your testers to go ahead and spin up a new virtual machine or a new, easy to instance or New Lord. Parents are in sort and so forth. All you are to do it's like basically they want. They just want to go ahead and see what servers are going on and what's the Laden sea and get some different metrics are off them. So we'll just give them read only access so that they can get some information. Art off Ward is happening in our AWS environment. So I'm going to select the easy to read only and then hit next. And then I'm going toe cleared the school. Okay, so now we have our users created and are groups created. So now if you go back to our identity and access management section, you should see that these two are checked green, which is which is like basically we have created our I am users and groups. So I'm going to pass the video here and then we'll continue in the next one. Thank you 7. Apply Password Policy to IAM Users: Okay, so the last thing that we're going to do as a root user here is basically apply, and I am password policy. So basically a password policy is nothing. What Whoever creates a new account, your administrators or if your user score and change their passwords, then there s a specific password policy that need They need toe follow. And you're going to specify that right now. So all I gotta do it's like basically in the home screen. Time went toe. We're still in the IOM section, by the way. So we go here and then we do the manage password policy. Now, here you have different set off options, which is like require at least one upper case, yes, and require at least one lower case. Yes, require at least one number. Yes. Eso You can basically choose whatever the options that fit your company's policy or your accounts policy, whatever it is. And you can also expire the passport off after 30. Nice. Let's say you enable password exploration after 90 days. That means every 90 days the user has to create a new password in orderto make sure that the passwords are rotated and if someone gets a legal access, they can. They congest nobody about it with this, it's going to expand it in every time every 90 days anyways. So that's one thing. And you can also prevent ah password to use. That is, if you reset your password and if you use your old passport than the council will not. I love you so we can say prevent use password reuse 1st 3 times that it's like you can aren't you to use your last three passwords and you can just hit apply password policy and you're basically done. So now if you go to your I am dashboard, you should see everything turned green. Now, this is this means that you are done with your root account usage. And now let's law got off this route account and log in as a administrator user that we have just created. So to do that first you need to copy this control link. Uh, this is because the way you are logged into your ah root account is different. Asked the way you use the way you sign into your I'm user. So basically you copy this you are, and I'm going to sign it out off this account. And here I am just going toe base this Europe into my browser. So once I paste this in Oh, it is basically Ah, it is basically what this is saying. It's like where we are signing in. So basically, we have given a alias name to our account, which is hashtag landing test account. And I'm just going to type in my administrator user and I'm going toe bastard in Boom. Now we're into our administrator user. So if you see here, you should see I'm logged in as an administrator user, and ah, And although further operations in our I am section are in any off, this lesson will be using administrator user. So I'll post this lesson here, and then I'll come back in the next lesson. We're going to create custom policies, and we're going to do some more stuff in the I am section. So thank you for watching 8. Understand IAM Policy & Apply Manage Own MFA policy to Developers & Testers: hello and welcome back. So in the previous lesson, we have finished all the conflagration that was needed on a route account. And now we're logged in tow. Our argument straight account. So ah, let's go back into our I am section and let's see how we can create policies and how we can attach them to users and take ah, um, see how it's going to affect the permissions there. So let's get started. So first thing you're going to do it's like in the services goto. I am so inside this. Now what we're going to do is we're going to go here and treat a policy. So first, let me show you how the policy is created and there how you can attach that policy toe. Your groups are users, so let's go ahead. So first thing you need to do is create policy to create a policy. There's two options. Oneness, the visual editor, wherein you can use the U Y toe. Choose the permissions that you want to create in this policy. Or you could go to the Jason and then used the adjacent syntax toe. Create the policy. So for this example, we're going to create using the visual editor. And this is going to be a quick example off creating the policy where you're creating this policy so that a user can go ahead and start and stop the easy to instance in this particular account. So this is a simple thing. All you gotta do it choose the service now, easy to instance, comes under easy to so you're going toe type in easy to and select the easy to from this So here. Like I said, we need toe Ah, choose three actions off starting and stopping the instant So that's basically going to be under the right section. I believe if I go to write, I should see let's search for start, start instances and stop instances. Now this is just an example, and your use case might be completely different. And you could basically go ahead and choose any other permissions at one that is wide set off permissions like you can choose from. So so for this example, I'm just choosing starting to turn, turn stop instance, and on the resource you can specify what resources the users can start and stop on. Let's say you have ah a couple off environments running in your account like Q A or production, you can basically attack your instances like this environment is Q A or this environment described. And you can specify those ah conditions here saying that a developer can only start or stop instances inside the key way or developer environment, and he cannot start or stop instances in the production instances. So something like that. So that's just a example. And let's go ahead and just select all resources for the skews kids, and I'm not gonna put any conditions. And I'm going to hit review policy now for this policy. We're going to give a name, which is going to be policy stock stop. He seemed to instances policy, toe start or stop PC to instances and hit create policy. Okay, so now our policy is created and ready. And once you see here or the new policy appears here, or you can search for the policy that you've created in this more successful But for this lesson, what we're going to do is select here, and we're going to attach this to our developers. So here, if you're going toe, click attach and we're going to give the permission to the developer group and attach the policy. Okay, so now this policy is attached to the Death group. And although members off the death Group will be able to start and stop instances, So that's how you create a policy. And let's now create another policy wherein basically what it will allow is basically for every user that is logged in, it will allow the user to manage his are her own I m f a. And it will allow him to choose, ah, change the password or update the password or modified the M afraid device. So let's go ahead and create that policy. So first thing you need to do it again, go back to policies and hit, create policy. Now for this part, I'm going to used to Jason and I have already created ages and, uh um, file. And then I'm going to just paste it here. I'll attach it in the resource of section so that you can use that as well in your use cases. So I'm copying this one basted here. So basically this has different bunch off permissions that I've created here. So which is ah listing account aliases or listing Virtual Emma, Freddie Wiese's change password Create Access Key Delete Access Key. There's a wide range of permissions and the D source. The conditions are in such a way that the user can only manage his own credentials, but not any other credentials. Um, in that particular irritably. Second, this is because let's say you are. You have a different You have 10 different developers working under your AWS, and then you and then they they come to you every time they want to change the password are creating new M afraid device. It would be like tedious for you as an administrator toe manage all those things. Now, if you have policy applied in such a way that they can manage their own resources, then it takes about an order a few. So ah, so that's why this particular policy and let's get review policy. Now here. What we're going to do is basically we're going to give a name as ah policy. Uh, ad, uh, manage own buffet, divide buffet and password. No user again. Manage own passwords. And I m f a. Now I'm just going toe select hit. Create policy. Okay, So now we have our policy created. And now what we're going to do is basically select this policy and we're going to attach it to two off our groups. That is our tester group and developer screw. So to do that hit, attach and selected of group and tested group admin group, we don't need to adapt it to admit group because Adminstrator already has, like, the full of permissions. And he don't need toe get this particular policy eso we're going toe select the attach policy now and OK, now all the developers under your death group and all the testers under your tester group would be ableto manage their own policies. I mean, they manage their only afraid devices. So now let's test this particular policy. So what I'm going to do is basically I'm going to longer Azul adminstrator and log back in as the developer conduct have created. So through that strait sign out and know what I'm going to do is basically I'm going to sign again, using our custom sign in Europe. And now I'm going toe enter developer and I'm going to put my password. Okay, so now I'm in. That's a developer, and let's go back to the identity and access management. Now, with our policy in effect, I should be able, tow, manage my own password as unless I should be able to manage my own M every device. Now let's see whether we are able to do that or not. So I'm going to go to the users and see I am able to list the users because the policy allowing me to list the users and I'm going to go to the developer user, which is myself and I'm not going toe I cannot attach myself permissions. So, uh, that's basically this is what it's saying, but I should be able to go to my security credentials and manage my own password so I can go here and I can manage my own past password. I can set my own custom password a year, and then I can, uh, but he said, I mean, reset the password in my next log in which I can do, but I'm not going to do it right now. I can also go ahead and create my own I'm afraid device, so I can select here. I can create the, uh, create the back or and then use my authenticator app toe assigning them a fair device. So as a best practice, you should always ah, tell your is users toe assign the M every device because it is more secure. Way off. Operating your AWS console now. Ah, that's it for this lesson. We have covered a lot of ground in this last to three lessons and I will see you in the next one. Thank you. 9. Enable Cloud Trail to track API Usage : hello and welcome back. So in the previous lesson, we have created our first custom policy and we have tested it out by logging in as a developer. And we have seen the effect off permissions. Ah, in this lesson, we're going to enable our cloud trail. And what this basically does is it gives us visibility in the, um ah, this visibility off. Like who is using your AWS console? Who is logging in longing out, Who is making changes and all those things. Basically, every operation that you do on your AWS account would be logged, and it will be helpful in ah, detecting if some mishap happens. Like if some some critical deserves, has Beene deleted and you want to know who did that and kind of investigate, then this kindof locks would be really helpful to track down the usage. So to do that first thing we need to do is basically longer as a developer and log in as an administrator because he has all the permissions. So I'm just going to basically ah, copy my you are and signing massive administrator. Okay, so now we're going toe goto our cloud trail. No, basically the Cloud trail is a service which tracks all the A P I usage and ah, like you can see here, there's already the uses that has been tracked. Like in our developer account. We have created a watch dilemma for device. Then we have clicked on the delayed for chill. I'm afraid device as an unrestricted V attached a group policy toe Ah, our tester account and a developer account. And we have done much off operations and everything has been logged here. So ah, using the cloud trail, you can also save these events in an s three bucket, which is our story system. And we can ah, we can create Ah, basically triggers. And we can have metrics over this so that we have a better ah, tracking off all the user activity. And ah, these type off logs help us in investigating. If something goes wrong, so are to create a trail all you got to do, it's like click, create trailed and you have to give it a name. So I'm going to give, like, hashtag learning. Oh, our test all activity trade and I am going to apply to all regions. I want all regions to be tracked and all read and write events. And basically ah, if there is a three bucket or any stories accounts that you have created you want all off the If you want to track at the a P. I use age off all the bucket. Then you can select all the buckets here. And if not, you can just leave it are tough it and then you want toe Put this in a specific bucket. So I'm going toe create a bucket. I don't have any buckets created as off now. So I'm going toe select created New s three bucket and I'm going to give it a name s ah cloud trail. Ah, better prefix it with my content. Hashtag learning test Dash Cloud trail Nash All regions now under the advance, you can basically select Ah, which particular part you want toe this to go to. But I'm just going toe choose the basic options here and then I'm going to hit create Now what this does is basically it creates a cloud trail and all the actions are now a logged under this particular trail. And if I go here, uh, under the even history No, this everything should go inside my state bucket and they should be saved there. So this will. This way I can have everything like secured in a one place. And then we can use those logs when a very business city. So Ah, that's it for this lesson. And I will see you in the next one. Thanks. 10. Walking through different services offered by AWS: hello and welcome back. So in this lesson, we're going toe take a quick walk through off different services AWS offers and I'm going to show you the important ones. And I'm also going to tell you which ones were going to cover in this particular course. So let's get started. So the first thing that you have to do is basically log into your AWS console and then, ah, under the services, you can see, just click on all services and you can see a list off different services AWS provides. Now you can see that there are quite a lot off services that AWS offers and it is really hard to cover each and everything under this lesson and the scores. So I'm just going to pick a few important things that I feel that every beginner should know about aws. So the one off, the important thing you need to know is basically about the AWS Compute Compute offers a variety off options on and basically you have easy toe which we're going to cover in the next lessons. The easy to is basically allows you to, um, have a virtual machine Teoh. It allows you to have load balancers, order skating groups and stuff like that of. And the second thing is, the important thing is basically, you know, you have elastic container service. This service allows you to spin up docker containers and orchestrate containers on top off ec2. And you have lambda over and you can execute your several s court. Basically, you're going to have to worry about the server conflagrations and stuff like that. You just need a ah working, Ah, file. Ah, or working cord that that can execute in a standalone fashion. And then you can run that court on Lambda and you can use difference a recess to trigger the Lambda function to run. And you have batch operations. You have elastic beanstalk. Um, you're not going to cover those things. The next important thing that I feel is basically storage on stories you have s Tree now is three is a scalable storage solution that AWS offers, and we're going to cover a lot about a story in the next lessons. Then we have ah professed glacier and stories gateways. Basically, these are different services that AWS storage offers and under the database section, basically ah, the database sections are managed services where, and you don't have to worry about how toe Oprah vision, the data basis are how toe basically manage. The installations are setting up the servers for those databases and stuff like that because it's a managed service. All you got to do is basically use RDS to provisioned your database, and then you just get a console, wherein you can connect to your particular RTs using the appropriate management tool, and you can start using, uh, the databases by creating tables and writing credits and stuff like that. Then you have, ah dynamodb, which is a no sequel solution offered by AWS. Also, this is also a manage solution. Then you have elastic cash where in the service offers you to basically spin up reddest or a meme cash D clusters, and this is also a managed to wrestle You got to do. It's like spin up the resources and you are ready to connect. Then you have Amazon redshift, which just like used for ah, database processing, and we're not going to cover a lot about this in the next important thing is basically you have network in content delivery. You have vpc the VP. C'est like one of the important topics off which is basically, um which tells you, like how your virtual private cloud works. You can configure Ah, different sub net. You have different route tables. Oh, and all the net for confirmation that you want toe create in Europe Public crowd just toe Have a have different use cases off like different architectures that you can implement using ah terribly a CPC or then you have cloudfront, which is a cashing solution and also a content delivery solution. Basically, this allows you toe have utilized the are different availability zones and different edge cache locations which AWS offers, which, which delivers your content toe the users in a in the fastest way possible. So that's one of the important service. Then you have Amazon Route 53 which is a d in a solution offered, which allows you to basically or delegate your hosts. I mean, the delegate, your DNS is two different AWS services like load balancers are. You can pointed to different server I P addresses or you can pointed toe different cloudfront distributions and stuff like that. Then you have a P I get rave it is a managed service again. And you you can basically write up your AP ice. And then you can point those AP ice to a lambda function or any server and stuff like that . And basically, this is also a managed service All you got to do it's like configure saying that what FBI part should be created and where the FBI part should be pointed toe. Then you have direct connect basically direct connect. We're not going to cover a lot about this, but the direct connect they say, Oh, if you want to have a dedicated line between your ah corporate data center to AWS, then you can have a direct connect. This will, in our view, to have a private connection to your AWS resources managing a hybrid environment. We're not going to cover a lot about this, so I'm just going to leave the voces. There are a bunch of developer tools that you can use like or deploy court build and court pipeline. If you want to manage the wops. Ah, using it of your services, then you can check out these developer tools. We're not going to cover a lot about these The next important thing is the management tools you have cloudwatch which is a locking in the metrics management service which AWS offers. You're going to use a lot about this. Basically, this has information about, um, you are Ah, your your activity off different resources like CPU. Use age or laden. See those kind of things. And you can have alarms around those metrics to trigger off different, even start. Ah, that that's appropriate for use your use cases. Then you have a lovely sort of scaling. You can use auto scaling toe dynamically scale your applications. You have cloud formation which is used to have infrastructure A scored. Then you have cloud trail. We have already covered the cloud trail. When and you can see the use of activity, you have conflict. Basically confidence toe Specify are you decide configuration for your AWS account. And then, if something changes in that account configuration than ah, the conflict will let you know that your desired conflagration has been changed and then you can restore back and forth and stuff like that. Ah, these are not that important asses. A beginner perspective. You have media services. If you want to do some stance, courting and streaming services. And you can use the media services if you're industrial in machine learning than AWS offers different machine learning services as well. Oh, if you are interested in analytics, then you have a team a EMR cloud search, different things. But this is too much for the developer today. Toe for a beginner toe go through. But if you're interested, you can always go ahead. Ah, the next important thing is like security, identity and complaints Inside this you have I am which is identity and access management Using this service, basically you decide. Ah, which user? Tohave which particular used the access toe different resources and you can have a granular access control over like what resources are are allowed to be modified by specific users and so on and so forth. So we we have already covered a lot of ground in I am section in the previous lesson. So I think your family up with a soft now. Ah, and you have different other Ah, basically other services Under security, identity and compliance. You can always check it out, but we have covered the important one, which is I am and then you have mobile services. If you want to use AWS in your mobile applications and you can use mobile services which allows use to basically test your yes, your mobile applications and also there are different operations that you can do. Then you have ah, are nvr. We're not going to deal much about it. And, um, then you have I ot witches, like Internet off things if you want. If you're interested in ah I ot devices, then you can always check out the services that AWS offers in this. So ah, that's it for this lesson. I think there are, like different AWS resources, and there are many off them. It's hard to cover each and every service here, but as this is just a beginner introduction to AWS, so we're not going to cover all those. But this is just to give an overview of what different date of your services are being offered. And, um, that's it for this lesson. And I'm going to see you in the next one. Thank you 11. What is AWS CLI and why we need to use it ?: hello and welcome back. So in this lesson, let's talk about what is aws Eli. And also we'll see why we need to use AWS Eli. So basically, AWS Eli stands for command line interface, and it allows you to interact with your AWS services using a command line. So, basically, you can use your terminal in your Kleenex or Mac operating systems, and you can use your command prompt or partial in Windows operating systems. The way it works is basically for every user you can download access keys and secret access keys. You then configure your CIA lie to use those access keys and secret access keys. Then you were user will be able tohave the same permissions that you have your console. So basically you can do every operation that he is able to do in the console using the command line interface. Now you're think like Why would I need a command line interface when I have a console? So basically the reason for that is like not every operation that you want to do with your AWS services. Ah, you cannot do that with console. Let's say, for example, you have a big machine or you have a script that you want to interact with the AWS services , then you cannot make them to go to console, make them log in and do some stuff, right? So in that scenario, you would need some automated way or some they for the, um, system itself to go and interact with the AWS services. So in those scenarios, what you'll do is basically use the AWS. Eli used them in your scripts are used them in your applications, stuff like that, and then you interact with the AWS services. So that is the reason why we need a publius Eli. Now, let me give you an example. Let's say you have a bill machine that builds your application and if you're build, machine wants to put the application in the I mean the belt file in into the S three bucket . Then all you want to do is basically once the building's done, you invoke some AWS eli commands which copies the bill from your local bill Mission toe the S three bucket. Now you can basically control all the permissions to the those access keys and secret access keys just the way you do it on AWS user. Now that makes it that makes all your applications very secure. And also it allows you toe script your functionality so that Ah, there's no change in the way Ah, it interacts with the AWS services. So ah, now that you know what AWS Eli is and why we need to You just use a WC light in the next lesson will download and install our AWS Eli, and we'll also configure our access keys and secret access keys. And let's do some test commands. That's it for this lesson. I'll see in the next one, Thanks. 12. Install AWS CLI & Setup IAM Creds: Hello and welcome back. So this is an exciting lesson. Where of you're going to install our AWS, Eli, and we're going to create our first AWS of access keys and secret access keys, and then we're going to test some aws eli comment. So let's get started. So the first thing that I'm going to do is basically log into my console as an administrator user that we have created in the previous lessons and ah, and we're going toe down. Lordy. Oh, aws Eli Now. So ah, So Donald, the AWS Eli, all you can do it's like basically, go to your go to your browser and then just do a search for download a WSC ally for Windows . Or if you're if you're using a Mac, are ah the next. Then you can basically download the appropriate operating systems portion. Now I'm using every notes operating system, so I'm just gonna choose 64 bit windows installer, and I am going to download it in a downwards. Fuller. So once this download is complete, all we gotta do is basically a simple installer. You just have to hit next and then choose your Donald location, and you would be done. So my dollar is not complete. I'm going to open it up and I'm going toe just hit next except license and then just hit Install. Now it's just going to take like, ah, less than a minute to install this aws. Eli, once it is installed, you can basically open up your power shell or a command line interface command prompt toe test if that's installed successfully. So I'm just going to open up a power shell. Oh, I'm I like using partial. You could use your ah choice off command line interface Command prompt are partial. It should not matter. So I'm just going to do basically aws help. And if something comes up, then that means that my, uh, aws Eli is installed properly. So let me keen that. Okay, so I got back to help options. That means that our aws allies ready on installed properly. Okay, So the next important step now that we're going to do is basically create our access keys and ticket access keys for this administrator user, and we're going to configure it to our probably a sailor. So let's do that. So to do that first, you need to go to your AWS console and then you have to go to your I am services. So inside this you go to your administrator user. I want to create it for my administrator user. So all you got to do is go to the users and you can go to the admin state of here and under security credentials, you should see that there is no ah access keys created for this particular user. So all we got to do it's like, select create access key and it will be created. And this has, ah to access keys. One is access key and another secret access key. Basically, it's like a user name and password. But you have to make sure that you keep them very secure place. Because once someone gets hold off these access keys and Tikrit access key, then that means that they have the entire consul access or they have the entire AWS access and they can do pretty much everything that you can do. So ah, be careful with this hand story to never be secure place. Now what I'm going to do is basically ah, select this. I just don't know these access keys in a folder, and then I'll just save it for future efforts. So the next thing that you have to do it's like, now that you have access keys and take your access keys. Ah, you just have to bring up your power shell back and you need to execute the following comment. So it's It's a simple command, which is ah aws conficker. And then you just give a profile him and ah, this profiling makes it easy for you, toe. Ah, recognize which aws? Ah, um user that your conficker and of to be to be specific about which user you are choosing toe execute the following comment So let's go ahead and set up our access key centigrade access keys. Now all I'm going to do is basically execute this command. Let me clear the screen And here I'm just going to do aws con figure and I'm just going to give that stash profile and I'm going to give this a name. So I'm going to give adman Dash Oh, or else hashtag learning test dash admin. You can give your own name here and it's up to you. So the next thing it's going to do this once I hit Enter, it's going to ask me for the AWS access key. Now the AWS access keys basically the access key that we have generated here. So I'm just going toe copy the access key and I'm going toe based it here. Now I'm going to open up my secret access key here, and I'm going toe Put it in a I'm not going to show that secret access key anyway, so I'm just going to delete delete it after some time. So, uh, let me just copy that my other screen and then pull this back up. Just going to hit enter. It's going to ask me for the secret access key. I'm gonna base the secret access key and then hit Enter. So the default region is Basically I would like to work in the Atlanta region, so I'm just going to give you West one. You can choose your own region. Basically, aws are several different regions like we've discussed in the previous lessons. So I chose the island region, which is your best one, and then I hit enter so I can leave the default out pron option Toby None And now we're all set and configured with our AWS See a lie. So that's it for this lesson. And ah, in the next lesson will test some aws see like amount and see fee If it works for us and ah ah, let's play around. That's it for this lesson. Lt in the next one. Thank you. 13. Test CLI Setup: hello and welcome back. So in the previous lesson, we have installed our AWS, Eli. And also, we have configured our access keys and secret access keys, and we are now ready to use. So basically, in this lesson, what we're going to do is we basically do a test off our AWS ally, and we'll see if that works properly. So so far, we have covered some I am section. So I'm just going to execute some. I am command where and what we'll do is ah, we'll just use our Seelye toe, get all the list off users and in our particular account and let's get started. So first thing is, open up, your command prompt, and it can be partial or a command prompt. Our terminal in the Knicks are, um Mac. So basically, once you're here the way you were going to explore the AWS Eli commenters, Once you know which service you're going to use, you can just do something like this. Let's say I'm going to use the items ever. So you just do aws space. I am. And if you're not sure what commands are available, if you could just do help so once you have help, followed by the I mean like our service followed by help. You get the list off all the commands that you connects, it execute. So once I, uh, executed that command, you can see that these are all the list of command. So I can execute if you hit space. You your populating Maurin restarts. That's that's not in the screen, which is currently visible. So So what we can do. It's like we want toe list, all the user. So So we have list users here. Now, if you're not sure how this list users works, then all you got to do is eight of yes, I am. And then followed by the command name list, Bash users and space. And then again, you quit and help. And then again, you should see the description off that command and how you can use the comment. And what are the input Start are required for that command. So basically, you can see that you can just execute lest users, and then it is. It doesn't have any special options like Fatima Desert. You need to pass in. Oh, this all the like basic options start out there. You could just know if you want to start out by, Let's say ah, um starting talking. Yeah, let's just list all the users are out there, so I'm just going to come out off this command, clear the screen. Okay, so now I'm going to enter our command. AWS I am. And I'm goingto do list dash users and the next important thing. It's like if you have multiple profiles installed in your a confident for your sea life, then you need to specify the profiling. So the profile name is to what we have entered when we're configuring or access keys. So that stash profile and you give hashtag learning best dash. So this would be whatever the profiling that you have entered in your previous lesson. So I find a street enter. I should see all the list off users, which is our administrator, our developer and our tester. So Ah, this is how basically you used the aws your light. And if you're not sure off like what the options are, then you could always use the aws help followed by the service that your that you want. Oh, work with If if you don't want toe. Look up the help commands. This way you could always go toe aws documentation. There is a whole bunch off documentation that created by AWS, and it is, like, very clear with all the detail, examples and use cases using the CIA like So that's it for this lesson. And I will see you in the next one. Thank you for watching. 14. Introduction to EC2 Part 1: hello and welcome back. So now that you know the different services offered by AWS, let's go ahead and explore the most important service and as well as it is, one of the oldest service offered by AWS, which is are easy to now is it too, is basically stands for elastic compute cloud and ah, this offers a lot off important features that that it's like, very important for the cloud computing. So let's go ahead and explore them. So to do that first I'm going to go toe the AWS console and ah, we'll go from there. So once you are in the console, you can just under the AWS services, you can search for easy to and like you can see, it's like virtual servers in the cloud. And let's go ahead and explore the different service different features off this particular AWS ec2 service. So, uh, if once you are inside the easy toe console, you basically end up seeing the dashboard. The dashboard shows you all the information about, like how many instances that are running instances is like basically a watchful server controversial machine in the cloud. So it shows us like harmony. Oh, instances are running, how many dedicated hosts are running and how Maney volumes. Basically, volumes are hard drives and how Maney Keepers keepers is like the security access credit chills that you get to download and to log into your virtual machines. He would use that keepers, and if there are any place when groups, I'll go through all of these in the coming lessons. But this basically dashboard gives us information about all the resources that are provisioned inside this easy to So So this is what the dashboard gives, and this is what it looks like. And the first on the four most important thing is the section here we just incidents a section, So let's go to the instances. So, like I said, basically a instances a virtual machine running in the cloud and you can, ah, launch wide verity off instances with different computer capacities and with different memory options with different price options and which basically suits your various needs that your application might have. So ah, this is where you come and launch your instance and launching instance can be done of your the I mean, the instances can be launched in different operating systems like Windows Lennox, and you can also use Ah, Laura off custom am eyes that have bean shift by and available toe purchase in the AWS marketplace. So this is a very you launch your instance and I'm goingto go into deep dive into launching an instance in windows and the next in the next lesson. So I'm just leaving that part for now. So, uh, in the next thing is basically launched template so launched template is like a launch conflagration, wherein you specify how your instance wants to be launched. Let's say, if you were instance has a specific let's say you have an application and you want to launch instance with a special configuration like it needs a Telemundo flam, it needs to be launched into into sub nets. It needs to be launched in a of a day with a specific volume and stuff like that. So those everything you can figure and former template and then you use that template to launch instance instead off, like specifying all those up options every time you launch a instance. So that is what the launch template dislike, and the next thing is part request. Basically Ah AWS offers or different types off instances like a venue launch an instance. It is basically a on demand instance. But if you if you want, you could also do a spot. Instance where in sport instances are like you go and bid for a specific price for a specific instance type and then you can. If you if your bed goes through, then your instance would be launched. Typically, this is done toe actually lower your compute costs, and the one downside that the spot instances have is basically when your bid is outrun, then your instance automatically gets terminated. So that is the risk where you cannot guarantee the 100% running off your instance all the time. And the next type off instance that AWS offers is basically the reserved instances, so reserving censuses like Ah, basically you're launching an instant a on the mind of whenever you want the instance to be available. But there might be a case where in, like the AWS, might not be able to offer you the instance on demand. And in such cases, the reserved instances come in very handy because of by reserved instances, what happens is when you buy some instances no matter what AWS has to offer you the aws instance. Whenever you require the instance and also of when you do a reserve instance, you get the you pay their like different options off payment like there's partial upfront payment. There is, like, full up front payment stuff like that. So once you decide which up which type off up friend that you want to pay, your ah reserved instance cost is like basically very less compared toa water paper on the mind. So if you know that you want a server which is going to be running all year long, then you can basically go ahead and reserved that instance in that way. Ah, you You're always guaranteed that one particular instance as well as you're guaranteed a very low price, compared toa on demand pricing. So that is what reserved instances is like and the dedicated hosts. So basically the relegated hostess like ah, even your in a virtual and wild mind like aws. What happens is when you launch an instance your instances basically sharing a host machine with it might be with your account itself, or it might be with a account that is like that is a different account, and they might have the C two instances running on the same host. So if your obligation needs a dedicated host, then you can always select the dedicated host. And, ah, what happens. It's like when you launch an instance in your dedicated hosts. There is no other instances that are launched in their particular host, so that it's one thing. If it is something that you require, then you can go ahead for that, and we can just keep about the schedule instances. For now, this is toe basically, plan ahead and save and run it on our schedule and let's go to the images. So basically, the images part in AWS is once you have a ah instance running. You can always take a snapshot off that instance and create any majority off it. So, basically, let's say you have a base every letter. You have 10 different applications that are running in your environment, and you want the base configuration off a base server. Let's say every server has a common like set off bootstrapping software that you want to install, then what you could do. It's like basically launch one instance and install all the required to offer in that particular instance. Then make a snapshot and creating a my out off it am I is basically Amazon machine image. And once you make any major off it, then what you do is basically launch all your applications using that particular a my and, uh, that makes it like every time you launch an instance, you have all the dependencies software that is already installed. So that is one particular use case that I described. But there are, like, several different use cases that come along with a my you can basically share your a my between different accounts. You can basically clear their base created in may am I and then you can sell it in the publish marketplace. The, uh, use cases are like basically, there are many use cases. Now that we know what a my sorry. Let's go to the elastic block storage don't basically elastic block storage is ah, the hot hard drive. Ah, hard drives for your virtual machines and there are two things here. There's volumes and their snapshots. So basically the volume says nothing. What? The hard drive and there are like three types off hard left that you can provision. Oneness basically, are the magnetic discs, which are like the or less the generation hard drives, and they're pretty much slow. And the second thing is like general purpose assessed ease. These are like the most commonly used once, and the 3rd 1 is like provisioned eye ops. Basically, the profession I ups are used if you want, like guaranteed I offer performance for your application. Are your database. Typically, I project my ops are used on the database drives because it needs the consistent amount off performance on the volumes. So that's one thing. So in volumes you can again create different types, different sizes off volumes and AWS offers like, ah, different these three types off volume types. Okay, so the next thing that is there in the elastic block storage is the snapshots. So the statures are just like a backup that you take off a volume and ah that it's like, let's say you have a volume are instance that is running and you want tohave a back off off that volume, you just create a snapshot off it and, ah, when you have a snapshot you can basically create and a my art if it and then used it to launch a new are easy to instance, If that snap shirt is a boot drive snapshot, then you can always create anymore am I order off it and then launch a instance. It can be launched in any off the available designs. So that's one thing about snapshots. And ah, I'll stop this lesson here as this is getting really long, and I will continue in the next one with the rest off the easy to features offered by AWS. Thank you for watching. 15. Introduction to EC2 Part 2: hello and welcome back. So in the previous lesson, we have come covered some off the features offered by AWS. Easy to. And now let's continue with the rest of the features. So, uh, so the next thing that is basically is the network and security. And inside the next work and security, you confined the security groups. So basically, the security groups is nothing but a fireball that you placed in front off a C two instance are easy to resource. Basically, what it does is it has a certain rules which would, ah, did the mind whether or not to send the traffic toe, that particular resource by that, What I mean is, when you have a security group in front off a ah ec2 instance, you can basically filter the traffic that is going that is accessing that specific instance . Let's say you have a, ah, easy to instance, and you just want your, um, board 80 to be exposed to the public Internet. And you you don't want any other port Toby ah, exposed. In that case, what you just do is basically attach security group to your issue two instance, and inside the inbound rules you will just specify which specific port you are allowing and from ah which ah, traffic. Ah, I p address range. You want to allow it So basically you have, like, wide verity off controls. The one limitation is here is basically you can only specify what you're allowing, but you cannot specify what you're restricting. So by default everything is restricted and only the rules that you specify as allowed only those rules are like filter. And one other thing is basically if you have anything ah, like open for inbound then Ah, by default it is also open for our born by that What I mean, It's like let's say if I have Ah, If I have a ah security group with inbound 80 then Ah, if I If a client requests a ah request the easy to instance for for a webpage or something like that. Then he enters in the port 80 then by default in the exit route which is like on the out born 80. It is by default, allowed for that specific connection. So this is about the security groups. There are wide verity off use cases that you can use it to restrict the traffic. Okay, so the next thing that is there in the networking security is the elastic eyepiece. Ah, basically elastic eyepiece are like static I p that you can allocate to your account by default. You can, ah, create five static I peas in a specific region, and you can always extend that by putting a request to the support. So the use cases off this elastic eyepieces. Let's say you have a importer running or a or a worker running, which which needs a static i p. And whenever you launch any instance you want your own one the public i p to be changing In that scenario, you're just create an elastic I p. And a sign that elastic. I do the easy to instance and ah oh, And whenever you ah destroyed that D C two instance and re create a new easy to instance, you can always have the same elastic AP assigned toe. That new instance in that way Ah, you are. You don't have to change any other configuration that that is being used by that elastic. Maybe even if you changed the EEC two instance, so that's one use case and there are many other use cases that that might fit your needs. And the next thing in our network insecurity is basically placement groups. Placement groups is like, ah, basically launching instances in a way that all the easy to instances that are launched are in the same post are like very close, ah, closely packed host, which would result in like offering you a highest performance because the network latency between those hosts are those instances launched in that placement group is very, very, very less, and this will result in the better performance than launching your easy. Two instances in different different coasts are like Nordea Placement group off. One such example is like, Let's say you have a cluster off blastoff instances which are like working together. Uh, let's say you're Jenkins job like your workers and your master are working together in coordination, and then if they all are scattered in different horse than your performance, might get degraded. But if they are all in the same host mission or like in a placement group and very closely clustered, then you might have a better performance art off it. So that's one use case. Our for our placement groups. So the next thing that is there in the African security is basically keep it so this keep areas basically used when you launched a PC two instance. Ah, you assign the keeper by that. What? What happens? It's like when you launch a new instance and ah, you assigned the specific keeper when you want to log in tow that easy to instance. Or if you want toe a society in do that instance, you can just use that private key. Oh, and, uh, use toe access, the easy to instance. So that's one thing. And the next thing is like network interfaces. Ah, here, basically, network interfaces is like a network card that is attached to your PC two instance, so that it has the capability off. It has the networking capabilities like Internet and connected toe, the your internal network and so on and so forth. So that's about the network in security. The next thing that is there here is the load balancing, so load balancing is one off the important topics in easy to end. It is like one of the most widely used thing, so basically, load balancers are also easy to instances behind the scenes, but it is managed by the AWS. So all you gotta do is basically create a load balancer. And then there are there are many different types off load balancers like application load balancer, network load balancer and classic load balancers. But the whole idea here is to have a load balancer which can take in the public traffic declined traffic, and then it basically routes the traffic to different BC two instances behind this so they'll go off. This, Lord Baron said, is to balance the Lord across your different easy to instances that you might have And, uh, the AWS will take care off thieves scaling off the load balancers depends on the depending on the Lord that it is receiving. So there are different options and, ah, there are different use cases which we're going to cover in the next lessons. And the next thing it's like target groups. So target groups are the part off the application load balancers again. It's not. It doesn't come under Ah, the current context. Here, I'll talk about their target groups when we're talking about the application load balancers . Okay, so the next thing here is basically auto scaling now. Orders Killing is also one of the most important topics because basically what orders killing does is like it eliminates the human intervention and it allows you to scale dynamically. Ah, like adding new instances when I were there s a a normal lord that is coming into your load balancer. Then load balancers would trigger some alarms based on your specifications. Like if the Laden sea is too high or if the CPU on the instances are too high then, Ah, the auto scaling will take care off, like adding new instances toe ah, to handle that new Lord And then it would scale down once you, your lord, decreases these all are controlled by a different part of parameters that you send in. And ah, this is basically helps you toe keep your costs low by only scaling to the demand rather than provisioning all the instances our servers beforehand, which is like you do prior to cloud. So this basically allows you to have the cost very low. And, uh, you are performing optimally. The next important thing here is basically the systems manager. Ah, the systems manager is basically to ah that's a whole different section altogether, but it is also combined into the easy to basically systems Manager allows you to run a command across all your feet off instances by specifying attack or by specifying the instance ID's. The reason for having system command systems manager is like, Oh, in the run command. You could you could specify a script or you could have a ah, you could have a script already pretty fine and applauded and ah ah, like apply patches on on the band, like on the fly to all the instances are like download some stuff, toe the instance off when emeritus required. And there are many different use cases that we can go through. Oh, I don't think it is really required at this point off time. Ah, so ah, I think that's it for that sit in the A C two section, we have covered a lot of ground here. Ah, don't get overwhelmed with all these different terminology and different features are not offered any C two. We're going to cover some off the important topics like launching the C two instances and connecting to easy to instances. Ah, that is our goal for this. Ah course. So, uh, I think that's it for this lesson. And I will see you in the next one. Thank you. 16. Part 1: Launch EC2 Instance (Linux): hello and welcome back. So in this lesson, what we're going to do is basically launching new easy to instance and it is going to be a winex instance. So I'm going to show you a step by step process and let's get started. So the first thing that you have to do is basically log into your AWS console and under the AWS services, just type easy to and go into the A C section. So here, uh and I know this is a new Ah, this is basically a new account and we don't have anything running here. And the first thing that you have to deter minus, like basically what region you want to use. So if you want to use any region that is available here, you are free to ah, you start particular region. So for all our examples, I'm just going to use the you Ireland with this you best one and ah, I'll provisional my instances here. So, to launch a new instance, first thing you need to do is basically goto instances stop here and then select launch instance Now, the first thing in the launch instance, wizard is basically you need to choose a Am I So every instance that you launch basically is launched off a My that am I can be a Amazon offered. Am I or am I that is offered in the AWS marketplace or any custom am I that you have built ? So for this example, we're going to choose theano Zahn. Lex, am I which is a base, Am I oh, offered by AWS and its a Kleenex flavour. So basically ah, I'm just going to choose this particular am I here And it is also free tier eligible. That means like it comes under Freedia and you won't have to pay extra money if you're just using it under the free tier limits. So I'm going to choose this. Ah, Nexium, my And once you choose the next am I, the next thing is basically you need to choose your compute capacity. So there is, like white, different range of compute capacity options and memory options that AWS provides. And, ah, like you can choose it based on your application needs. But for this example of, you're going to choose t two dot micro. And like I said again, this is a free two year eligible. That means if you use it under the treaty limits, it's basically free. Oh, and this is goingto be like this for one year off the one year from the date off account creation. So we're going to choose t two dot micro and under the Conficker instance details This This is where you can specify how many number off instances off this type you want to launch. In our case, we're just launching one instant and ah, we're choosing the network, which is a default of VPC. We're not going to go into a deep about virtual private cloud. We're just going to choose the default option whatever is available and ah, the summit the subject. You can basically choose any off the subjects available here. I'm just going to choose you vest one a and, ah, the order saying public I p is enabled by default. If you have a public I p assigned, then basically you can interact with the Internet and ah, the next thing is I am rule. Let's not goingto am role as off Now we'll cover this in a different lesson. So I'm just going to leave this so basically, if you have and I am role. You can specify permissions to that role. And then the easy to instance will have those particular permissions which with which it can interact with the AWS services. But we're not going to use that as off now. And the fourth shutdown behavior is stop. That is, when you stop this instance, it is basically, that is when you shut down that instance it's going to basically going to stop state. And, uh, we don't want to protect it against accidental termination. We don't want detailed cloudwatch monitoring. That is, by default. AWS off gives you, like three monitoring, Like which gifts? Uh, which gets updated every five minutes. But if you have detailed cloudwatch monitoring, it gives you ah metrics every one minute we don't want detail, so we just leave it with the default option there. And Kato Unlimited is basically this Tito class is ah Bastable class off instances where in your computer, which is like the CPU, has a certain amount of credit and within that credit you can basically burst your CPU usage that it's like when you have the CPU use it under 20% none off the crazy pewter. It's are used. But if you go over 20% off your Cebu, then you're burning your CPU credits. And after you can burst only up until you have that amount of credits left in your quarter . But once you're out off that, uh, credit Seaview credits, then you can no longer bust, and your application might just, ah, not have enough CPU to function. But when you choose Tito Limited, what happens is it burst until it has thesis few credits. But after the CPU credits are done, it is going to, ah, bill you for the extra credits that you are using ritual, which is a good option because in that way you don't have toe compromise on your application. Rather, you're just pay for the extra use. It's like you have done with the application, so I'm not going to choose it for now because this is just an example, and under the advanced options you have user data between or going to cover as off. Now, the user data is basically, if you can. This is like a bootstrapping script that you can specify here, and it's going to execute as an administrator when you are launched The instance that's off novia disk not going to do anything with this. So Okay, so the next thing it's like adding this storage. So adding story just like basically attaching the hard right volume Um, you can you can basically like a side in the previous listen, you can have different types off volumes like three general purpose SSD or approach and I ops are throughput up to my such treaty there, like different options that you can choose from. And ah, for this example we're just going to go with a gigabyte off hard right? And I'm going to choose just the SST general purpose because general purpose SSD is under feed here and you can go upto tactic Gebe auf EBS volumes and we're going to select elite on termination that is in this instance is deleted. Your volume also gets deleted if you don't check this off than your volume states even after you led easy to instance. So I'm going to take that and next at tax now it is always a good practice to add the tax to your resources because that way you can easily organize your resources rather than getting confused about like what this instance does are like you don't need to guess when you're working with aws you if you have tax pacified than it is very clear and you can you you get to know easily like what the service is used for. So I'm just going to use name ah, the next instance. Uh, firstly, next instance. And then I'm going toe. I think one pack is enough for now, and I'm going toe configure the security group. And, um, we're just going to select the default security group, which is Ah, just having basically, ah will come. Well, we'll configure the rules required for that security group in when we're launching it. So the next thing is review and launch and before you launch, you can just review, like, what are the options that you have selected here? And the last thing is hitting the launch button. So when you hit the launch party, you would be asked toe, create a select a keeper are creating new key pairs. So as of now, we don't have any keeper, basically, keep it. It's like setting. You can use that private key toe basically retrieve the password are a succession to your limits. Instance. So right now I don't have any keeper, so I'm just going to create a new keeper, and I'm going to give it a name. So the name that I'm going to give it its like, hashtag that hashtag learning best KP So KB's for Keeper And then I'm going to download it So it's going to download in my, uh, downloads folder. And the next thing that I am going to do is basically hit the launch instance. Okay, so now ah, you can just go into the instances tab and then you should be seeing that the instances getting launch now. Typically it takes like 2 to 3 minutes toe or for the instance Toby launched and what I'll do, it's like I'll post this lesson here, and then we'll continue it in the next lesson. Thanks 17. Part 2: Launch EC2 Instance (Linux): Okay, so ah, let's continue from where we left off in the previous lesson. So basically, let's review our easy to instant status launched before we connect to it. So basically, like we have chosen of your velocity to dot Micro and we have assigned it a public i p. There's also a private I p that's being assigned. There's a public Venus, part private DNS. And all the features that we have selected has been applied to our, um, is it too? Instance, So the toe collect in order to connect to your Ah, the next instance on ESA Such that is basically Port 22. You need to go and edit your security groups in order to allow it to connect. So basically, what we can do is go to the security groups because we have selected the default Security Group A and assigned it to our instance. What we need to do is basically open a specific port. Now you can see that the all traffic is allowed between the security group. So basically what this means is, let's say you have two different instances using the same security group than all the traffic is allowed between those two easy to instances and nothing else can come connect to this particular easy to instance. So what we're going to do is basically opened up the port 22 which you could just go here and choose as such, which is poor Tonito. And here the source is basically should be your i p. So I'm just going to choose my i p. It will automatically detect what my i i ps and then put it in here. And then I can just say it's a such for size I p So this way you can have a clear description award award that I p worse and stuff like that. So I just I think the safe and now you should be ready to connect now are to collect the easy toe or to connect to the clinic. 62 instance there are a couple of different options now if you are Ah, if you're on Ah, next are a Mac. Then you kinetically go here. So the instance and then you can hit connect and then it's going to show you the instructions off how to connect. Like basically, you can just ah, copy this particular command and then paste it in your terminal and they should be able to connect it directly. But if you are ah, using a windows toe connect Oh, the sausage. Basically, you need toe download a party. Klein of it is a success client. You can just download that by doing a Google search download for Windows, and you should basically ah, download it and install it now. I have it installed already on my computer, so I'm just going to use that. So what do you need to do? Basically, is open up a party generator, which is already a installed when you install the party. So you open up the party Geant, and you need to create a ah PPK file out off your doctor. I'm file that you have downloaded when you're launching the instance. So basically what you need to do it once you open the Partick e generator. Ah, you Lord The key, which is in my basically downloads. I have a unit to change this toe All files before you see that people file and I just will select the, uh hashtag learning test key. And basically it has imported. Now, now what? I need to do is basically save the private key. So select the safe private key. I don't want toe protect this with their past race, So I just hit Yes, and then I'm going toe. Ah, give the same name. Basically hashtag learning. Just keep escapee and I'm just going to leave it as dot PPK Now it's safe and ah, you should be good to go. So the next thing that you're going to do is basically open up the party itself. So let me open up the parties. Okay, so I have the party open here. Ah, and the next thing that you have to do here is basically copy your public i p address so public I p addresses this one. So I'm just going to copy the public i p address, and I'm going to paste it in the host name. So here, once you put, put it in the host name, the next thing that you have to do is like, you need to put that PPK file that you have created using the partition. So I am going toe. Go to the inn in the left side. You should see as the set section here Once you expand that you'll see ought section and select the ought one. And here you need to select Ah, the file that you have created here. So select brows Go to the place where you have saved it I know loads and you can see the hashtag landing escape KP dot PPK So once you say like that, you're not good to go So once Ah, you have the autumn there you can just open the connection And, uh, you should basically see it alert popping up and asking you toe select yes or no, you can just hit Yes, there. And once you hit yes then it will ask you to log in So by default the next am I that you have chosen Has he used the name set with this basically easy to dash user now hopes easy to dash user now once I hit enter now I should be ah, authenticated And I am in my instance and it is all ready to be used. So basically that's all it takes to launch a easy to instance for in line next and connect it using the party. Oh, and you can basically play around with this instance, you can host a Web application or you can run some worker process. Or you can run some importers anything you want to do with this particular instant. So I really hope that you followed along this launching the easy to instant and I I'm thinking that it's like, easy enough eso doctor for this lesson, and I will see you in the next lesson. Thanks. Bye bye. 18. Part 3: Terminate EC2 Instance (Linux): hello and welcome back. So in the previous lesson, we have successfully launched and connected to our necks easy to instant. Now, in this lesson, let's just go ahead and tolerate the instance that we have launched. So to terminate the instance, all you gotta do it's like basically log into your council, go to your instances, stab in the sea to section and then select instance that you want to talk about it, right, click and go to instant State, and then you can hit. Terminate. Now, once you go to that page, it's going to ask you for a confirmation whether or not to terminate this, then just hit. Terminate. So that's it. And it's going to now go through the shutdown process, and then it's going to terminate. So that's it for this lesson. And I will see you in the next one. Thank you. 19. Launch & Terminate EC2 Instance (Windows): hello and welcome back. So in this lesson, we're going to launch a windows instance, and we'll see how to connect to that. So let's get started. So first thing that you need to do is basically gain log into your AWS console and, uh, go to the ec2 section. So on it services just IBC Toe. And here you just need to go to the instances and then select the launch instance. Now, in the previous lesson, we have selected the Amazon the next. Am I? What? Now what we're going to choose is basically selectee. Ah, Windows Server 2016 base. And also make sure that it is free tier eligible so that you're not charged for it if you're using it under the video limits. So basically, I'm going to choose this assed my am I And then I'm going to choose the teacher Lord Micro , just like the previous lesson, because this is freed here and select configure details. And here Ah, I'm just going to leave with the default and I'm going to choose one a and use enable Ah, for artists and public I, p and ah not using Royal as off now and then I'll just leave everything asked default here and then just go to add storage now. Oh, the free tier allows me to go until 30 kicks off PBS volume. And I'm just going to to study geeks. And I'm going to choose t delete on termination here and the next at Tax. And I'm just going to give the name tag here. And then I'm going toe give. Vin does. For instance, it's going to go first Windows instance. And then I'm going toe hit next, and basically, I'm just going to select again the default security group and I'm going toe hit review and lunch. Ah, and once I review this like basically I've just choosing all the before that's like the early next early next lesson. I'm just going toe hit launch and I'm going toe select the same keep their that we have used for the previous lesson. So I just said I acknowledge and then I hit launch instance. So now the instances being launched here and once the incentives launched um, I'll just passed the lesson here and I'll come back. One sentence is ready. Okay, So are instances coming up and basically before we connect Toe are easy to instance of in the issue to windows Instance we need to open the rdp Ah, port on the security group just like the open up. Such because we're going to Ah, do the remote that stop using rdp off the windows Search through that First, you need to go to the security groups section. You can also go Ah, select the instant. And if you see here, the security groups are not assigned to This is a before one Select that one and you can directly go to the inbound rules here and just like the ssh I'm going toe add a new rule which is going to be my rd people. So if I said said search for RTP So this is our DP, which is 338 line and I'm just going toe Choose my i p here and I'm going to say Rdp for size might be and then I'm going to hit safe. Now the port is ready and let's go back to the instances and CFR instances radiate Okay, So to connect to our windows instance, all you got to do it's like open up the remote desktop connection application in your windows and you select your application here. I mean, the instance here and then type in the public eye privatise 34.245 dot 122.166 and, uh, it connect now it should be able to connect to this. And then it's now going to ask me for the ah user name and password. The user name is always Adminis traitor. If you're using the are based, am I created by Ah, the AWS is going to be the adminstrator. And to get the password, why do you need to do is basically go back to consul again, right? Click the instance and then get windows Password. Now, if you see here, it's asking us the PM file that we have downloaded, which is our keeper. So I'm just going to hit choose and I'm just going to go to my downloads and then I'm going to select my hashtag learning Ah, Ben file, not the PPK, just a pen file and then hit the keep password. Now you get the password understandably generated of when it is launched. And now you can just paste this password in your rdp app and that hit. Okay, now you can see that you're getting connected into the to your it's easy to window 62 instance and ah, that's pretty much it. Now, once you are inside the server, you can again ah, install I s and then host your web application. Or you can use this for any off the worker processes or any imports that you want to do. So ah, let's just wait until this comes up. Okay, so now this ah issue two instance came up and basically it's going to show us all the information. That's bean. Uh, that's being, ah, this usually takes a couple of minutes to refresh and give us the exact information because this is being launched from a my So once the instances completely launched, this will get refreshed and the ah, the exact information will be displayed here. So ah, that's it for this lesson. We we have configured and ah, we created our first. We know cc two instance, and we have connected it using the rdp of you have opened up. The rdp poured on the security group. So I think, um, I really hope that you. You followed along this launch process and understood how toe launched the windows. Insitu. Instant. So the next thing that we're going to do is basically close. This and we'll go ahead and intimate are easy to instance. The government are Windows instance just like we did the next one. So I'm just going to right click the instance and go to Instant State and then hater minute . Okay, so now we have successfully dominated our window cc to instant eso. That's it for this lesson. And I will see you in the next one. Thanks. 20. More about Security Groups: hello and welcome back. So in the previous lessons we have used the security groups. But in this lesson, let's talk more about security groups and see how we can utilize it in our easy to. So basically Ah, let's let me go to security groups first. So basically a security group has in mourning are bound rules. Basically, ah, security group can be attached to your lord balancers your instances or your, um, cash clusters or databases and pretty much all the easy to resource is. So basically, the security group acts like a firewall to filter the traffic that is entering your specific, easy to instance or a resource. So basically, ah, the way you communicate with the instance is on a specific port. It may be a TCP port or a uni people and there are different ports for different purposes, like for your rdp that it's like remote that stop on windows. You support 3389 on TCP and for s a set, you use 20 to a port for TCP, and they're like various different ports used for different use cases. Now you can configure all those rules in the security group and you can basically allow only those of ports and those particular I P Rangers that you recognize and this way what happens? It's like you're or infrastructure is secure and you can. Our white unnecessary exposure off your instant is to the public who who is not supposed to access those instances. So basically, the security group has in models and are born roots. And like I said in the other lessons, if you have a inbound rule open, then by default for that particular request, there is also an hour point open. Even if you don't specify that whether what I mean, it's basically let's say you come in on port number 80 then you go out by port number A TV . Even if you don't have that, our bundle specified. So also you can you can only allow in the security groups. There is no option to deny. So, basically, by default, everything is tonight. If you don't open something, uh, you don't get to access it, but if you but there's nothing like explicitly denying specific traffic, so that is how the security groups work. And, ah, there's also one more thing that I want to show is basically Ah, for your easy to instance, you can have more than one security group at signed. Let's let's say you're working in an organization and you have like, you're VPC Network, which is like, I mean, like your Internet network, your office network that wants to Hardy P. But you don't want anyone else to rdp into that. So you you might have, like different sub nets accessing that particular e easy to resource, then what you can do. It's like basically, you can create a security group VOCES Rdp for your specific organization. And then you can specify all the rules that you want to allow, like all I P addresses off your local network. And then you can have, like a public security group or a private security group where you specify rule saying that . Okay, I want to allow Port 80 and I want to allow port for 43 and ah, some database sports that you want to allow for the known traffic, the new name of that supply without a public security group. And then what you do is like basically, when you are launched, an instance, you can attach your public security group as well as your rt, particularly group both at once. And ah, the instance will allow all the traffic that's being open across the border security groups . So that's how you basically use the security groups. You can also have, ah, rules that specify security group to security group, whether what evidence like let's say you are, Do you have your load balancer and you have your easy to instance and you have your Lord balancer assigned with one security group. Let's say you'll be Lord. You'll be security group and you have a instance security group on the instance, like Instant Security Group. Then you can have rules which allow all the instances that are within this particular security group. Toe this particular Lord balance and let me show that to you by an example. So, basically what I mean it's Let's say you create a security group. Let's just create a security group saying External, you'll be security group and let's say this is for the L. B S G and let's just put it in default, vpc And then let's create this. Now let's also create a another security group calling Public SC and SG for instances. Okay, so now we have to security groups, which is external and public security group. So what you can do, basically is like external security group goes on the load balancers and a public security group goes on the your easy to instances and you can configure your your rule such a way that on your public secretary group, that is your application. Only the load balancers can talkto those instances on a specific port. Soto put that kind of fool. All you gotta do is like go to Public Security group and you editing bundles and you say that you are Port 80 witness your http goes toe. Only this particular security prove, which is external yell be security group and you cannot. You can say you want extra DPS to go toe this particular security group. Now you need your outbound as well. Basically, when you come in the inborn using those rules than you can by default, go out to those rules. But you can also explicitly specify saying that I want to go out on a specific port like on uh, I just want all traffic to be going toe my security group, which is external. And here, what you need to do is basically on the external load, balancer. Ah, security group here, you can say that I can get traffic on its GDP from everywhere and https from everywhere that means. Like basically, clients access the Lord balance our first. So basically usually toe allow all the traffic to be talking to your load balancer on those ports. That is what we are specifying here. But you want only your, um um I mean, but you want your load balancer toe only talk to your public security public instances or the your instances, but not anywhere else. So on the old born rules, you specify saying that, um, that should be And it's a GPS talk on public security group and beauty. So this is basically how you, ah, create your security groups and ah, uh, put rules in such a way that only your filter traffic is talking to the resource is and this is how you secure your AWS resources. So that's it for this lesson. And I will see you in the next one. Thanks 21. What is S3 and Why we need to use it ?: hello and welcome back. So in this lesson, let's talk about edible ancestry and let's see high. We need to use this solution and how it's going to help you in our project. So the first important feature is basically offers US status. Scalable story solution. So by that, what I mean is, basically, you don't have to pre provisioning your storage, specifying like I need fire gets off the stories, or I need five terabytes of storage basically scales according to your needs. So as long as you put your objects, AWS will accommodate the storage and you'll be charged only for the space that you have fused. So that's one off. The important feature started supported by UW accessory. So the second important thing is it offers you a 99.99% availability. So by that, what? I mean, it's like basically, when you store your object on AWS s story, it is available 99.99% off the time. So which in itself is like basically very high availability. And what this means is, ah, basically AWS has three is, um, online for that amount of time and the chances off it going down. It's basically very remote and which makes your application very stable. As the story solution is up most off the time, the next important thing is basically it offers you a 11 9 steer ability which is 99 point 9999999999 durability. So what? This dude ability defiance is basically when you store an object on AWS s tree, it iss safe and secure. So by that ah, what aws means this basically your the chances off your object being destroyed are the stance off your object. Being lost in AWS as three is basically very remote. And the way our AWS achieves this is by replicating your data across different host machines of it in the region that you hosted your object and ah, basically, this will make sure that your object is safe and secure with them. So the next important thing is it offers version ing so basically by abortion ing what they mean, it's like you can have different versions off the same object stored industry. So this allows you to basically go across different versions and let's say you have an image and you have multiple versions off it, and then you can store like different aversions in there. And then basically, you can go back toe the version you like. If you don't like the latest version, you can always go back to the worsen that you I think it's stable. So this offers basically various use cases. Ah, when you're using worsening. So the next important thing is basically it all. First, you A maximum size off five terabytes were object, which in itself is a very huge size for an object, I think because like, um, I don't think there is any fire. Any files are objects which are like fighter bites big and, uh so this basically help you store very big file sizes, and I think it really fits your needs. So the important the next important thing is basically it all first multiple stories classes. So basically water storage classes, stories, classes is nothing but the different options that AWS provides according to your budget meat. Ah, and the storage classes defines like how much availability and durable de percentages are assigned to each off he stories class. So basically, let's say you there are three different stories, classes one. It's like standard one. It's like radios, redundancy or in fact, infrequently accessed or the 3rd 1 is basically glacier. So the first thing is like the Steiner storage, where you get 99.99% of liberty and 99.99 stability. We just like the standard thing and basically the cost off. This is, Ah, a certain amount of dollars per gigabyte per month. So that's one story adoption. The second stories class option is basically you have, Ah, Radio Street and Nancy where in ah, basically the object is not replicated as much as the standard ah, storage class, but in a it in itself offers you a high availability and durability. But then the chances off losing that object is ah, a little bit higher than the standard thing this class, you need to choose a few things that your ah objectives basically reproducible and you don't. Uh, basically, there is not much effect if you basically lose that particular object. So that's one thing, and the next stories classes basically it iss glacier, which is kind of an archiving solution in the industry. And let's a few needs toe archive some off the old files, which you want to just store for compliancy reasons, and you won't want to access it too quickly. Then you basically drop that into a glacier, and the price for storing in glacier and registry tendency are quite lower than what do you pay for these standards. Story solution. So this allows. You do basically choose the appropriate storage class according to your use case. So the next important thing is like how you're going to control the access to your particular object So it'll be accessory offers. You are different options. Basically, you have. I am, and you have bucket policies and you also have the access control list that you can put on your pockets. So basically I am is basically identity and access management, and this you can use toe. Basically apply policies and apply storage permissions to different users within your AWS ecosystem, and it helps you toe control the object. Thea Sesto The objects a very fine level that it's like every object you can define, like how you want toe, have the permissions and like to whom you want to give the permissions. The second thing is like the bucket policies where, and you can basically specify the policy on a bucket itself, and it basically applies to all the objects. But in that bucket and you can again you can have granular access. So we're like, what's shared of it. The users and what's publicly access will end what's publicly not accessible. So those kind of things Okay, so the next thing is basically access to your history itself. So how are you going to interact with your irritably ancestry? So there are a bunch of different faiths, So the first on the easiest way to is access is basically using the AWS console. Uh, if you want to programmatically access your s tree, that's that's one of the important use cases, right? Do you want to use your storage of from your application itself? So AWS offers, like multiple, different esti case, and in different various languages, you can program to access your history like you can. You can access it using doctor, and you can access using java. You have JavaScript libraries bite and like they're like numerous, uh, different STK Zarei Libya's provides, and you can also access it using audibly a C alive, which is the standard See ally in the partial till I you can write Bash script, you contract partial scripts toe interact with your edible ancestry. Now this makes it e very easy to access, and it also allows you to script most off the things that you want to do. Ah, like the interaction with your irritably accessory. Okay, so now that you know different features off, it'll be assessed. Three. Let's go ahead and learn the concept off storage or using. AWS has three pockets and objects. So that's it for this lesson. And I will see you in the next one. Thank you for watching. 22. S3 Buckets & Objects Introduction: Hello and welcome back. So now that you know a little bit about what Aws s three is And like what are the different features? Let's go out and learn the concept off the storage. And what are the important things that you need to know about s tree storage. So the way AWS has three. Ah, storage of work says basically you have bucket. No, buckets are like the root folders are containers. You name it whatever you want. But basically this the just like a main main storage in point where in you put in all your files are objects that you want to store. So some of the features off this bucket is basically it needs a unique name. So it is just like your DNS nor website name is wearing. Basically it is a unique across all different accounts That is not only in your account but across all the aws s three. Ah, and ah, you cannot have a duplicate them and it shouldn't. It should be a DNS compliant name that is basically ah, the name off. This bucket is treated as a unique DNS name and it should be compliant as Indian s so that's one of the important things. So the next important thing is basically this region specific, so you can create a bucket in a certain region. Different there are like different regions are supported by AWS, like Ireland, not Virginia or Ohio are Oregon, and there's like different regions. Start it supports based on your ah demographic needs, like where your main traffic is from. Then you can decide upon like rich region to choose. So that's one important thing. The next important thing. It's like it also supports cross region replication that this let's say you have a bucket name bucket one and then you have another bucket bucket to, and you want to replicate all your objects off bucket, oneto, bucket, toe. Then you can enable cross region replication and AWS behind the scenes replicates it, and it has a special fee that applies toe the replication part and ah, that's basically the standard fees. So the next important thing which buckets aboard this the static website hosting. Basically, you can use your website toe host your static websites like plain HTML, the Oscar pages wherein they can have the same name as a Deena's and you can enable static website hosting and you have a working website we thought even thinking about like you don't have to think about the how to configure server and stuff like that. AWS is to take years off all of that. Okay, so the next thing that comes into the picture when you talk about this three story just the object so every file are every, ah thing that you want to store on the AWS s. Three is in terms off object Now objects are a part off the bucket and you can typically store unlimited number off object in a particular pocket. And like I said, in the last lesson, it meets A. It has a maximum size which is like the five terabytes for object. So the next important thing is basically it has a concept off key value. Look up. Basically, that means like every object that a store in a bucket has a key. Basically, let's say you have a file. Inish is stored in a sub certain folder. Then basically the part to the Fuller is the key and the key itself I mean, the the four lurks within the with which lead to This particular object is also a specific e. So I'm going to show that concept in a bit. So basically, let's say you have this kind off awful a structure when in like you have a test fuller. And under that you have fallen one folder toe 13 different filed filed 15253 Then basically ah, audibly a street. The test folder The route fuller itself as a key. And then you have a bucket name test folder for the one as a separate key. And the contents which has filed 15 to file three Doc txt is also a different key. So when you when you say you want to download all the contents off the test folder, then you basically specify in cli saying that I need all the folders, all folders and files by specifying bucket name slash test folder slash star Are you specifying options? Saying national streakers of which downwards everything after that key. So that's how the concept off AWS s three storage Worse now in the next lesson, let's go ahead and die in tow the console and see the bucket creation process and how we can, um create bucket applaud objects into the S three bucket and so on and so forth. So that's it for this lesson. And I'll see in the next one. Thank you. 23. Create First S3 Bucket: Hello and welcome back. So now that you know a little bit off what a laborious histories. Let's go ahead and find out how to use AWS has three pockets and how to operate objects. So let me go today it of less Estrich console. So basically, AWS esti has a concept off buckets and objects where in the buckets are like a container which can be created in one off the different regions which AWS offers. And one of the important feature off AWS s three bucket is that your bucket name should be unique and it should follow the standards off the DNS. It's just like the DNS veteran. You cannot have duplicate names across multiple regions are multiple accounts and ah, it should be basically unique. So let's go ahead and create our first bucket and let's use all the default settings and like, let's get started. So to create a bucket in your a level SST console, you can just select, click, create pocket and you need to give a bucket team. So basically, if you see her, it is asking us to enter a DNS compliant bucket name. We can just have, like hashtag learning test one bucket name and then the year putting it in a island region . You can choose multiple different regions here. I'm just using the U region, which is Ireland. And if you if you want to copy from the settings from different bucket, you can copy it. But this is our first bucket, so I don't want toe carpet from any other buckets. So the next thing is like we're just going to leave all the default options. Let's talk about each and every feature here in the next lessons. So I'm just going to hit next. I'm just going to leave the before permissions, and I'm going to review it. So basically the name that I'm giving here it's like hashtag learning test one. And, um, I'm choosing the region you Ireland, and I'm choosing all the default options here so I can just know, click, create pocket and now your bucket is basically ready. So now to go into that bucket, you just have to set the bucket and you can see that this pocket is now empty and let's go ahead and upload some objects into it, so basically you can have ah, you can use different ways. Toe put objects into this s three bucket. You can use AWS Estrich console. You can use one off the different SD case offered by AWS for this example. Purpose weaken. Just Ah, dragon Drop in this or you can select upload here and then you can upload your optics into it. So now I have created basically ah, some test folder structure that I want toe upload here and then explain to you how the s three bucket cleats, that particular full of structure and how you can access your resources. So I have this particular folders that I've created with just my test folder. And inside that test Fuller, I have folder one folder to, and I have different files that I've created here. Now, let's upload all these files. Let me put in some data inside this particular file. Last like, 51 let me say this and we put to and for three Okay, so now let me upload this pretty clear that's folder by dragging and dropping it into this particular thing. So let me hit next, and I'm just going toe leave all the Defar permissions here. And like I said, you can have different stories classes like standard, infrequently accessed or radius redundancy. And I just want to put it into standard stories from now and then I'm going toe upload this . Now you can see all the status here saying, like how it supported, uh, now that we have created and uploaded our files, I'll pass this lesson here and in the next lesson. Let's see how to download this are like how to share these particular files with different users and how you can play around with permissions. So that's it for this. Listen, thank you for watching. 24. Bucket Policy & IAM: hello and welcome back. So in this lesson, what we're going to do is basically try to download the files that we have uploaded in our previous lesson. And also we're going to see ah, how toe give access to our different users and also apply bucket policy so that we can publicly share thes file stuff you have uploaded. So let's get started. So the first thing that I want to do is basically goto my bucket in my Estrich console here and then never get to a specific fight. Now, if you try to download a file folder from ah from AWS Control, your you cannot do that. I mean, like, if you select the folder and just to download as it won't work because this is this is not a specific object, because it's just a key that says there is a folder here because it's not a typical for a structure. Now, if you select the file here, then you can basically download it. Ah, and the options are like basically, if you select downward as and then hit right, click and save, then you should be able to basically download this file as a tax document. What are the farm and that you have uploaded in? Now, if you want to publicly share this No, let's say if you want to share this to someone like, Ah, someone like your client or your your friend or something like that. Then what you do is basically ah, select this particular file in the folder. Likely, we goto this, select this file and you can see that the public link is here. So basically saying stus one and then you have your bucket name followed by the but to your file. Now, if I try to open this in a new link, that is basically this is I'm trying to access this ass A, um I'm trying to access this as a basically a public user than what this is saying is like , It's access denied. So if I'm downloading this through the console, I have access to download it. But if I try to access this using this link, it's not allowing me to do so. That is because I am not publicly sharing this particular file, and I'm not allowed to download it publicly. Know what we're going to do is basically, uh, used the bucket policy that I have mentioned in the previous lesson to basically give permission so that this object is like publicly downloadable. So let's go ahead and implement that. So to do that first, for daily to loose, like you can go to a bucket itself and go to the permission step. Now here you would see a bucket policy that click on bucket policy. Right now, you don't have any bucket policy. So basically, Bucket Policy is a Jason's in tax doctor. Put in specifying what action to You're a loving and also on, like what account you are allowing that permissions, and also on what specific objects you're allowing those permissions. So it's like it's difficult to write the car, the Jasons in tax on your own if you're starting with. But AWS has simplified it by giving us a policy generator, which allows you to just like use the U Y 280 Jason's in tax for this pocket policy. So what we're going to do is now you are going to use the policy generator. So to do that first, there's it is here. Ah, you just click on policy generator and you need to choose the type of policy that we want to create. Now there are different, um, policy types that you can create what we're interested in as three pocket policy selectors . Three bucket policy here and then the policy that we want to do is basically allow, not deny. So basically, if you say allow and ah, we want toe like allow all the principal's principle is like basically which account you're giving permissions to. Let's AOL account and the next important thing. It's like STV have already chosen here. And the actions is basically you want, get right. You just want to share it like you can. You can specify even upload options. I mean, like put ah put operations. But now we want to just kill, get object option operation here. So if you say get object and the next thing you are going to do, it's like specify the resource that you want toe put this policy on. So let's say I want all the objects in this particular bucket Toby publicly accessible, so that's what I'm going to do. So if you see here, there is a farm out off, like what you need to do so what I can do is basically I'm just going to say, Ah, copy this guy and I am going to paste it here. And I'm going to replace thes values with my bucket. Me. So let me go back and get my bucket Name witches, Hash tag, Learning test one. So I copied this year and I pasted it here. So the key name, but I want to do is like basically everything. So I'm just giving slash start so I can just click at statement and select generate policy . Now, if you see that I have the policy generated No, all I gotta do is basically select this policy. Copy it. Go back to my story console here based it, and then I just have to hit safe. So once I hit save. Basically, this will validate the policy and apply to the bucket. Now, if you see here suddenly our bucket policy has not turned to public because we have made this object to be publicly available. Now, if I go back to my dis link the link to my file one and if I try to refresh you convey basically it will download the file automatically. If I just refresh. Now if you see, you can see that my fighters opened and it is Basically that means that I have access to that file and I can share this publicly. So this is how you can use the bucket policy. Now, what I'm going to do is basically go back here and take off this pocket policy and make it private again. And then what you're going to do is basically log in as our tester account. Like basically, we have created three different accounts of and we're doing the I am section. Uh, I'll try to log in as the tester account and see if I can basically download this. So what I'll do is basically I'll delete this bucket policy here. And, uh, no, I cannot just take it off. I just have to delete it. Now you can see that it's not publicly accessible anymore. So what I'm going to do s ah, basically log in as a task user in incognito window. Let me pass this for a second here. Okay, So I have now logged in as a tester user that we have created in our I am section eso basically let's goto a street service and see if he can access anything. Now, if you can see here that basically we can't access anything So our first fall to even give a view access to this particular user, Let's go ahead and change some off. The I am permissions for this specific user in our armory straight record. So to do that, I've I'm going back to my administrator account here, and I'm going to the I am section here. So the first thing that I want to do it's like basically create a policy that allows me to basically view the bucket and view all the objects inside each off this bucket. So typically, we want to give the read access, but we don't want the user to basically downward our upload anything to this particular street markets. So to do that first, you need to go to the policies, create a policy and to service. So here I'm going to choose the S three and in the actions regarding basically select all the list options here because we want to list everything and under the read permissions, what do you want to do is basically ah, we want to get the bucket a seal because the council uses thes ah permissions to be even allowed the user to list something. Um, get bucket cars, get bucket, location, get bucket logging. Um, get bucket policy. And you can also say bucket tagging. Um then basically, you'd get object a seal you need list buckets by tag and let's bucket abortions. And I think these are pretty much the permissions that you want hit review policy. Ah, So basically, it's asking us to choose the resource so we can say that resource that we want to do is basically we want to allow all resources to be viewable because this all get and we're not saying, like giving the get object, which allows us to donor. But let's go ahead and a visa policy give this ah, list all pockets. Oh, and objects has three policy. Okay. And then hit Create policy. And now this policy is created. All we gotta do is basically goto attached entities, hit attach and selective tester user that we have created here, so to attach policy. Okay, so now our tester at that tester user has this policy attach. Now let's go back to the test account and hit, Refresh and see if you get the permission. Now, if you refresh, you can see that all the pockets are now visible. Now, if I go to this particular bucket that we have created, go to the test folder and try to download this particular file and you should basically see access denied because we don't have access to download this particular file. So now, to give access to download this particular file, all regarded do is basically go back to our administrator user. And we want to give this particular bucket. Um, let's say if you want to allow your tester toe basically downward stuff from this particular bucket, you need to create another policy, go to policies back here, create policy and then select. There's three service and you want to select the actions off. Basically, ah, you want to get object and you want to basically allow the resource specific resource. You can select the specific resource by adding any art, so basically you want toe. Give the bucket team the bucket name that we want to give us. Hashtag learning test one. So let's say hash tag learning Test one and then the object name is basically you want to allow everything inside that bucket So hit ad and then hit review policy. So you can say now is three policy hash tag learning test one bucket. I need access and then hit. Create policy. Now, once the policy is created now again, you'll select the policy Goto attached entities and added war tester users go back, attach and selected testers in attach policy. Okay, Now our policies attached to this putting protester You said no. Let's go back to this tester hit refresh And now we'll again try to download this object and you should basically see that it allows us to download this particular object. Now, this is how you are manage permissions on esty and this is how you basically granular really specify which objects you want to allow a specific user to access And if you want to share it publicly, you can do it via bucket policy. And if you want to access, give access to ah your users within your aws ecosystem, you can also do That s so I really hope that you understand these concepts and I will see you in the next one. Thank you 25. Using AWS CLI to Upload and Download Objects: hello and welcome back. So in the previous lesson, we have covered a lot of ground on bucket policies, and I am policies toe basically give access to the user to download and upload. So, in this lesson, we're going to do some off these operations using our AWS Eli. So to do that first of year in this AWS console for s tree here. And the other thing that I want to do is basically open up my power shell command prompt. So to a large first, I'm going to do partial, and I have a partial session open here. So basically, we're going to use theater Bs s three copy command, and I'm going to show you how you can browse the help off the AWS Eli, to understand the commands that you need to run. So basically, first we need toe have a file that we want to upload to our specific location. So to do that, first, I'll open my, um, folder where I want to create. So in this folder, I want to just create a new file. I can this create a text document here saying Ciel I upload and inside this I'll just write something, Seal. I applaud. Okay, so now we have an object that we want to applaud and we need to decide where we want opera . Now, here. I want to go into test learning inside this test Fuller in inside the fall of one. I want to upload a new file. So basically, what we need to do is open up our Seelye, and we need to run this following comments. So first thing we need to check, it's like Aws s three and let's to help. Now, when you do a double s s three and help, it's going to basically show you all the options that AWS three command has. So now when you do this, you have ah, the options off if you see here Oh, it can search for more options here. Now you can see the available commands are basically is three c p is for copy. Ls is for list and ah, make bucket move And ah, all these kind off operations here. So the one which we are interested is basically in estrus. CP. Now, when you do s three cp, it can be between your local computer industry bucket or if you can copy from bucket to your local computer or you can do from bucket to bucket. So the thing that we're going to try today is basically the local computer to s three bucket. So let's go ahead and do AWS Astri cp and let's do help. So let's see what the options that a devious history gives us. Now if you see your, um, you have basically oh, are some off the examples here? If you hit space, it gives you it loads more help. So basically, if you see here AWS History cp Ah, whatever the file that you want to upload and basically the bucket name Ah, very want Topol. So what we're going to do is not basically use this particular Sendak's here. So let me come out off this and let's do aws as Three CP and the part. So this particular file So to get to get the parts you can just do right click and go toe details here. So you have this one and I'm going to paste it here and you have Ciel I applaud nor text. So I'm going to do slash CIA lie applaud dot txt and we need to specify the part where we want to actually put it in our bucket. So it is Rs three dash dash, and we want toe even specify the pot to the So basically this, um hashtag learning test one and inside that we have a test folder and folder and inside that we want of interest for the car for under one and inside that we want to give this as ciel. I applaud dot txt Now the important thing that you need to do is basically specify the region, and we're in the EU west want, and we need to supply the profile name profile, which is our hashtag learning tester dash argument. So if you remember in our seal I set up we have created a profile called hashtag learning test Passion meant And now you're going to use this as an administrator to our of bucket. So if I hit enter now, basically, it should applaud that particular file into my, uh uh, this market If I go back to my bucket and hit refresh Ah, you should C a c l I upload files being uploaded here. Now, if I open this up, I can I can honor this. I can share with everyone. So this is how you basically use Astri Copy Command to upload the file to your what do you call the S t bucket? So now what we're going to do is basically go back and try to use the same command toe, download it from the S three bucket to your local computer. So the way you can do it basically is Alexei. Ah, let's say I go back here to my photo one and I delete this particular fight. Now let's say you want to run the same command, a game like s three CP, and you want to download it from this particular location. So in the previous example, we have put the ah file that were down uploading in the first Param Eter. Now, in this case, you want to dollar from this particular pot to your location in this particular fight in this party, reformer. So you're going to copy this pretty good part here based it here and then you're going to specify saying that CIA life a Plourde dot txt now basically are downloading from that bucket to your particular for now. If you hit. Enter. You should see a file getting downloaded in this particular fuller. And there you go. So you have your file uploaded and download it using the best recipe. Comment. So this is how you used the AWS Eli to execute the commands. And it is pretty straightforward and pretty simple. All you got to do it's like, if you are not sure off like what? Command run. You can always use aws help all you got to do, It's like it aws s three and you need toe. Just specify the command help, and it's going to show you all the different options and examples order natively. You can also go to the documentation side off favorably accessory. And then you can find all the list of commands and options that you can supply. Toe used s three using their command line interface. So that's it for this lesson. And I will see you in the next one. Thank you. 26. S3 Versioning Concept: hello and welcome back. So in the previous lesson of you have seen how to use AWS eli toe upload and download files from AWS history buckets. And in this lesson, we're going to go ahead and learn the concept off AWS history pocket washing and let's see how to do that. So toe body for the, uh s three bucket washing is disabled and you need to go ahead and enable it if you want to . So the one thing about AWS s three bucket worsening is basically if you can enable the worsening but you cannot ah, like, want to enable the worsening. You can only suspend the worst thing that it's like, um let's say you enable the worsening and you have multiple versions off your objects uploaded to your history bucket. Then when you suspend apportioning the multiple versions that were applauded will not be deleted. That means you only suspended worsening and the new fuck new objects that you're putting in with laundry version. But the existing objects that were already version will still Aziz, and they will not be deleted. So you need to go ahead and manually delete all abortion starting off, creating if you want to remove these old objects so let's go ahead and enable worsening on our hashtag landing test test one bucket. So to do that, once you go into the bucket Ah, you need to go to the property section here and you can see the worsening tab here. Select the worsening tab and select enable Worsening and hit Save. Now you can see Ah, that the worsening is anyone here. And you can go back to your test folder here. And let's go ahead and upload a second words in Farsi. Ally, upload here. So what I'm going to do is basically open up the folder that we have here and I'm going toe . Did this entry name this asked my version? Do now I'm going to hit save, and then what I'm going to do is basically upload Dragon dropped the same file here in tow . Ah, this bucket here. Oh, and I'm going to hit next, and I'm going to get next next and applaud now. Ah, Once the upload is complete, you can see that it's successful here. Ah, you can. What you can do is basically, um, see that there is two warships off this particular bucket. So off this particular object, you can see that one is created 11. 38. That's when our previous lesson. And, ah, here you can see that there is an object toe washing off. Um, that's new washing that is created here. Now, if you wish to our shared this particular version, you could basically go ahead and download or and see that you can basically view this particular object and they concede act. This is now seal. I applaud Washington. Now this is marked as the default off abortion that you want to use. Now let's say you want to go ahead and, like, delete some other washing so you can go to this version latest version here and select Theo Old previous portion and hit down Lord. Then you can, oh, basically download that specific version with our old version. And if I open this, we can see that this is the first version that we have upload. Now you can also go ahead and delete one off diversions so that you only have one specific question that you would like toa have in your street bucket. So to do, ah, to delete especially portion you need to select the worship here. Um, all you gotta do is basically, um, hit here and you can just put it delete. So basically, what it's going to do is it's going to just put a delete marker there and you can see that the latest version is now toward back to our previous worsen that we have initially uploaded this file last. So ah, that's all it about the worsening. It is very simple. And basically, it is very helpful when you want something, Ah, to keep track off like between different versions, then worsening eyes really helpful. And I really hope that this you understand this concept and thank you for watching 27. S3 Recap: Hello and welcome back. So this is our quickly cap to our AWS history section and so far we have covered a lot of ground in this part. So basically we started off by understanding the different features that AWS history offers . Then we have seen how the buckets and objects work together and the concept off storage, inedible ancestry. Then we went ahead and created our first aid ably assisted bucket. And then we have seen how to use I am and bucket policy to ah give access to different objects and control access between different aws. I am users. And also we have ah, seen how to use a WC ally to upload and download objects from medically assisted bucket or local computer and local computer to eight of the accessory bucket. And then we have also seen how to use aws s three bucket wash inning. So ah, that's it for this section. Oh, I think we have covered a lot of ground and I will see you in the next section. Thank you so much. 28. What is AWS Free Tier ?: Hello and welcome back. I know this is the lesson that you guys are waiting for and this is all about AWS free tier . So in this lesson, we're going to explore award AWS offers in its 1st 12 month period off free tier and let's get started. So to do that first go to the AWS home page, you can go to AWS start amazon dot com and you need to click on pricing. So if you go to the pricing section, then you can see the Freedia option here, select the Freedia option and basically you can see all the services that are available for free. So basically it is showing you the feature thinks. But you can always go to the 12 months three section here to see ah, what other fees or resist that it offers. So basically, you can see that you have ah, Amazon a p a. G. A tree, which you get like one million calls per month, was just like it too much if if you have, if you're just getting started just like a start up or something like that, and you don't have many customers coming, visiting or using your services, then one million AP calls per month. It's like every huge number and basically you can get a lot off it, though. The second thing. Yes, you have Amazon Cloud Directory, which is like one GB storage apartment, and this also comes for Ah, 12 months. Then you have Amazon cloudfront cloudfront days. You can you get a lot out off cloudfront with 50 geeks off cash. Basically, you can use it for static website hosting, or you can use it for streaming services or use storage. I say back in, uh, I mean use. Ah, history has a back and and use cloudfront toe. Deliver the objects. It's It's a good amount of stories that you can get off for free for the 1st 12 months on the next thing, it's like artificial intelligence. Amazon comprehend. You have Amazon connect. You have Amazon. Easy to now this is the important thing that you guys are looking out for. Basically, you get 750 hours off. Easy to ah usage. Let's go ahead and see more details about this because this is what you're going to use primarily now if you go here, you can see that you get 7 50 hours per month Awfully necks are a teal rsl es on Tito Gordon Micro Instance Usage. Basically, if you just used to to learn micro instance, only then you are eligible for free tier. And also you could use 7 50 hours per month off t two dot micro instance usage Ah, on windows. So basically ah, you get a lot of effort Now if you if you if you let's say, like if you open up the calculator and see ah, 7 50 hours So basically sound 50 hours derided by ah ah 24. Basically divided by 30 days you get 25 hours. Basically, it's like you get one whole month free off, like running a C two instance that go for 12 months. That means that you can have, ah, one easy to instance, running all year long for free. That means that you can you can host your web obligation on your t two dot micro for free for such a long time. So that's amazing for a feet here, and you can get a large enough it. Now you have other stuff like aws CFS ah, Amazon block store EBS basically gonna go up to 30 gigs off CBS volume attached to her. Easy to instance. Like I said, easy to our pricing is different. I mean, like the instance price does not include the stories cost because stories is separate. Ah, that's what you get for free 30 gigs. Then you have arms on O E C R, which is used for Docker container industries. And you have transporter. You get 20 minutes off free. You have elastic cash. Then you have ah elasticsearch gamelift. And they're like plenty off services that you can used for free for the 1st 1st year. Ah, The other important thing is like aws s tree, which gives you, like, five gigs off story standard storage for free for one month, and you can basically see like what else it offers. So basically, it's giving us 20,000 getting quest for free and 1 2000 foot requests for free, uh, every month. So that's like expires 12 months after sign up. So you get a lot out off it, and the next important thing that we are interested in is basically elastic load balancing . Because the elastic load balancing is also a one off. The primarily used services in are easy to when you're having a like multiple instances booted up and you want to serve it under the load balancing. Then you have elastic load balancing also under 50 years. So basically, there's a lot that you can do. Ah, in the first year off feet ear from AWS Oh, and it enables you to basically get started, try or some prototypes like try or detest architectures and see if it fits your use cases and if if it suits your budget or not. So this is a great way to start with AWS. Without even spending a single dollar, you can you can get a lot or off it. And I really suggest you, too will get started with this and try to implement Ah, the services that you get for free and, uh, and Happy Cloud Computing. So that's it for this lesson, and I will see you in the next one. Thank you 29. Conclusion & Next steps: Hello and welcome back. So this is our conclusion to our course on absolute beginners introduction toe Amazon Web services. I really hope that you guys have learned some news topics in this course, and it will really help you to get kickstarted in your Amazon Web services career pot. So here are some off the next things that you need to do after this course. So basically, you need to ah, check out my other courses off. AWS and Terra Form learned to set up production infrastructure in this course. I have ah, basically covered a lot off important topics that you require when you're setting up infrastructure for the production enterprise company. And, um, you get to learn a lot off core concepts off like how to set up vpc how toe automate your server's configuration, how to order scale, how to do develops, how to perform monitoring and scaling. And I've covered a lot of stuff in this particular course and that will give you a in depth understanding off vpc ec2 and all the important core services. And the other course that I have is a simple course which is serving static angler five applications using AWS history and cloudfront You can extend the, uh, the topics that you have learned in this particular course about history by setting up a angler five static application in Stree and serving it using cloudfront Ah, here also have covered a lot off important stuff and this is a simple and small course that you can ah cover it within an hour. The next thing that you have to do is basically ah, check out my Facebook and YouTube channels In this channels, I typically give ah interviews, best practices and tips for free. And every week I upload one video about AWS best practices and tips. So keep checking out these social channels and also check out my other courses. Toe basically learn new things about AWS. So that's it for this lesson. I'm signing off and thank you for joining this course.