AWS EC2 Service - Complete Course

1. Introduction: Hello everyone, welcome to my course. I leave. I do have more than eight years of experience in cloud computing and I have worked for many companies. For an example, IBM. I have multiple certifications ready to AWS, Google, Cloud, and Azure. In today's course, I'm going to discuss about a very important key service of AWS. That is Amazon EC2, which stands for Elastic Compute Cloud. This is the number one services that AWS provides. And after this course, I can guarantee that you will know inside out of the service and you will be a pro to use AWS EC2 service. So without further delay, I'm going to start today's course. 2. EC2 Dashboard Overview: I have logged into my AWS account and navigated to EC2 Console. So in this video, I'm going to discuss about EC2 dashboard. So if we look into the EC2 dashboard in here, we can see multiple sections are multiple functions in here. The first one is instances. So in other words, we can say server. So ec2 is all about servers. So we need servers to run our application and other other stuff. So for that reason, whenever we are referring to instances, we should recall it as a server. So here we can see if we have any servers running. And then we will also discuss about dedicated host in our future videos and the elastic IPs. So whenever we deploy a server, you must have to have an IP address that will be attached to the server so that we can navigate to the server using those IP addresses. And also for security reasons, we need to keep yours to actually login to our server. Then we'll also discuss about load balancers. Suppose if we have multiple servers for a single application, how we're going to distribute our load to those multiple servers. It's a very important service. Then the security group is also one of the security controls that we need to know. It's kind of like a firewall. Snapshot is for backups and volumes system storage, where we will store all of our files and even the operating system of our server. Here. We can also see some other functions like zones. So whenever we deploy a server, we need to define in which soon we will deploy our servers. So the whole AWS ecosystem is divided into multiple region. Here you can see it abuse has a lot of regions. So suppose if you are in, your business, is in us, then you will have these four regions where you can deploy your servers. So first, trying to figure out where our businesses and why I would like to our server to present that. Then we have to select a region, and inside each region will have multiple zones. Zones are the subsection of the regions. So in these stones, we can deploy our servers. And this is how we can create our own IT infrastructure in using the zones and regions. Also, we can see that if our specific region is healthy or not from this service health. And there are tons of stuff you can see in the left panel that we need to cover. 3. EC2 Tags and Limit: In today's video, we're going to discuss about two specific sections that are tags and limits. So let's talk about tax. So tax or we can say pretty much like Liberals. Suppose we are running a big corporations and we need multiple servers. And if we don't level our server saccadic way to live very hard in future to maintain the server. Suppose that you have to make a change. Then how do we know that we serve where it's used for? What reason? In that case, tax going to help us to actually find out the exact servers that we're looking for. If you want to tag our server, we can tag a server at the time of creation or even after the creation, you can just click, we can just create our own tax and attach those tags or labels to our ec2 servers. For instance, like if I click Manage tags in here, right now, I don't have any tax in here because I haven't created any server yet. But here you can see the anatomy of a tag here is pretty much like a key value. So under the key, we need to type. So maybe we will type the, it is like an environment. So what kind of environment? Our services is four and value, maybe we're using it for Prod. So I'm going to type, you're proud. And I will click at tax. But here's the thing. Please select at least one resources. Because if we were to add this tag, it should be attached to any sources. But right now, as we don't have a new sources, but that's where you can't. But in future will definitely add text to our deployed EC2 servers. That's the functionality of tax. And the next section that we're going to discuss that is limits. So if I click limits in here, here you can see a lot of information. So for an instance, the first one is launch configuration auto scaling groups. So here you can see we do have limits for everything. So even if we want to deploy, multiple auto-scaling groups are currently Mrs. 500. Okay, so that means we can't deploy more than 500 auto scaling groups. So Auto Scaling groups are used for scaling our servers. Whenever we get a lot of traffic, or even we can use auto-scaling to actually decrease our server numbers when there are, there is very little traffic on our servers. This is a very cool feature. One good thing about this current limit, these are not hard limit. So if, what if you have a very big organization and you have already used 500 auto-scaling groups. And you need more. In that case, you can create a ticket and AWS support plan and requests the AWS support team to actually increase this limit. We have very good reason. Once they approve the C What's the approved the autoscaling group limit, then this number will change and it can create more and more auto-scaling groups in this way, you can see there are a lot of limits here. You can sell tons of limits in here, like the subnet per VPC rules for VPC security groups. This all limits are here, but these limits are changeable, which is a very good thing. So yeah, so today, we pretty much covered our two specific sections that are taxed at limits. 4. Lauching EC2 Server: In this video, we're going to create our very first EC2 server. I'm very excited. So let's get started. So either the instance section, if we click Launch Instances and new window will pop up. First, we need to name our ec2 server. I'm going to name it Windows test server. And the second option is to select application and OS images. As I have already mentioned, I'm going to create a Windows Server. That's where I'll select these windows Server 2022 base. There are tons of images here. There. There is Amazon Linux image, MacOS, ubuntu, RedHat, and multiple distribution and operating systems. And we can select any one of these according. Turn it. One good thing about this Microsoft Windows Server 2008 basis, it's feature eligible. So what does it mean? That means it is free to use. So if I use this image, we don't have to pay any money to our account. And under description here, we can see the details about how our image configuration. The next section is the instance type. So it's very important to know what type of instance we want to deploy. Because suppose, if you have some sort of workload, which involves a lot of computational work, then you need something that is compute-intensive. Or if you need a server where you will lose some sort of GPU staff, then you need a server that has a very good GPU intensive functionality. So for that reason, if I click in here, here you can see tons of variation of instance. For today's video, I'm going to use T2 micro T2 families are good. One is overall Performance-based is a very good. And one good thing about t2 is there is a specific type of method that is called t2 micro, which is free tier eligible. So if I use this T2 micro width, this Windows Server, then I don't have to pay any money because both are under the free tier. So that's where I'm going to use T2 micro. Here you can also see some configuration here. It's one vCPU and one GB memory, so it's pretty basic. But if you want to have some more compute intensive workload, then here you will have HCP, vCPU or 32 GB memory too. So it all depends on your workload. What kind of work you want to do is in the server. Let's move to the next section. The next section is key here. So what is a key pair? So suppose if we deploy our easy to serve everyone to make sure our server is secure. In order to maintain the security, we need this cube here. So if I click create new cube here, first, when you define a name of our key pair, I'm going to name it Test key, test Windows key. And then we need to select the format of the key that we want. And as I wanted to use it to our DB2, my server.pm is okay for me, so I'm going to use, I going to go with this dot pm and I'll click Create, keep here. Once I click Create keep your, you, you can see the key is already downloaded to my local machine. And please save it in a secure place because you're going to need it to access our server. The next section is network settings. Network settings is where we define our security groups. Security groups are pretty much like the firewall off are easy to server where we can allow or deny requests, like how we want our server to be used. So here we can define that. So under network is sitting create a security group. So as I want to create a new cigarette, good, That's where I'll select this option, creates security group. And here we can define the rules as this is more of a like Windows Server. We definitely the RDP traffic from anywhere. So for secretaries and we can we can change it to custom or we can change it to my IP address. But for time being, I am okay with anywhere because after that test, I'm going to just stop or delete this specific server and HTTPS request. Maybe we can configure that later. So for now, I'm just okay. Just only one rule that is allow RDP traffic from anywhere. The next section, under the configure storage section, we need to select our storage type and storage sides. So 30 GB is quite standard for a Window server. And if I click here, we can see multiple types of storage. The gp120 stands for general purpose SSD. Ssd is good. It's faster than magnetic one. And here we can see GPT-3. Gpt-3 is upgraded version of TB2. And GPT-2 is cheaper and faster, so it's no brainer to use GP three. So I'm going to select GPT-3 with 30 GB of storage. And for timing, just only one root volume is fine. If we want to add additional volume, we can add here. Or after even creating the servers, we can always create a new volume and that is to our existing EC2 servers if we want to. Let's go with all the default settings of add fonts details. Maybe we will discuss this advent details in our future videos. After configuring this is tough. Then we need to go to the summary section. And here we need to define how many servers you want to deploy using this configuration. In our case, we just want to deploy only one server. So that's why one is good. And here we can see our AMI, then our instance type or firewall, and our storage volume type and volume size. And after checking everything just we can click launch our instance. 5. Connecting to EC2 Server: So our ec2 server is deployed. So now we're gonna go to view all instances. And here we can see we do have our Windows Server ready. So let's look into the other sections that are present in here. The first name, you already know what a sudden name of our ec2 server. The second instance density. So whatever resources we deploy in AWS, it must have to have an ID. So in this case for Windows Server here, this is the identifier id of our Windows Server. Then the terrorists instance, the state. So here it's saying it's running, that means it's up and running. And the instance type t2 micro, as we have already configured in our first video. Then the status checks. So this is important thing to discuss about. There are two kinds of status checks. One is system, status check. Its status checks. So it's very important to actually pass both of these statistics, even if one of these checks fails, that means we can't access our server. So it's very important internal alarm status. So we haven't configured in any alarm yet, so that's why it's showing us no alarm. The diode is on. We have all discussed about the AWS region and zone settings. Our server is mainly deployed on US East one zone. Here we have a public IP v4 DNS we can, that we can use to actually access our server. And also here we can see our public IP address that is attached to our server. We don't have any elastic IP will discuss about Elastic IP in future. And yes, also you can see our key name and when our server was launched. So if we want to see some more information, we can see from this section on the details and the security. You can see our security groups that we have created when we deployed our server. Under networking. This is important. So networking here we can see our public IP address or public DNS like that one. Evolutive zone and some very important information here. You can also see our VPC. Vpc stands for Virtual Private Cloud. So that means we created our server inside of our very isolated Virtual Private Cloud to make sure that our server is fully secure. So this is VBC and in future definitely I'll create one more course just to relate it to VPC because it's a very important topic to understand because any resource that we create, most of the resources are deployed inside VPC. So if we don't understand VPC, it clearly, then we will face a lot of confusion. So, yeah, definitely, I'm going to create a course on VPC under storage here we can see our volume and also the volume size and some other informations and monitoring section here we can see multiple matrices like CP utilization now conceptualization. Then the network created like packet in, packet out and some other important key metrics is that we need to follow to actually make sure that our server is up and healthy and tax obviously, by default, there is already one tag that is attached whenever we create a server that is the key as the name and valleys the name of our server, that is Windows Server. Alright, so now let's try to connect to our, the server. So if I click here, connect, the first thing that comes here, we get three options. We can connect by Session Manager, we can connect by RDP client. And third one is easy to serial console. My preferred way is to actually use RDP. So for that, we have to download our remote desktop file is downloaded. And also remember we also downloaded one cube here when we created our servers. So now we need to use that. Keep you too actually get our password. Okay? So if I click Upload private key, so our private key is safety in our machine. So if I click here, I can look at it under here. So this is our private key. So I selected here. This is the key. There is the key that we have and we have to click decrypted password. So now we can see a password that we can use to RDP server, which is great. So I'm just going to copy it, save it somewhere safe so I can reuse it for future videos. Okay, so now we have the password. Now I'm going to click these three dots test server DB section. And here we need to click Connect. Now here you can see we already have the public DNS in here. That username is admin center. Now we need the password. I'm going to paste the password in here. And if I just click okay, then I'm just going to get an a alert. I'm just just click yes. And within a few seconds, we will be able to login to our ec2 server, or we can RDP into our ec2 server, which is great. We can see our new EC2 Windows server. Here we can see our host name. We can say or it's just id, our private IP, public IP and some other information, information. So this is very simple and you can see how powerful is cloud computing and specifically this specific service called Amazon EC2. We just took create a virtual Windows server from scratch within few minutes, and we can use it for our own purpose. And this is great in this way. We can just also create our Linux servers and we can use it for our web application or any sort of infrastructure can use it. So now we can just deploy our servers in any region, any specific need. And we can run our business. 6. EC2 Spot Request: In this video, we're going to talk about different kinds of instance request. So there are three types of instances that we can have. One is on-demand. On-demand is the one that I created earlier. We just requested and it was pretty much like on-demand with a fixed price. And the second one is Reserve Instances. Reserve Instances is like we have to go for a commitments. Suppose we are running a business or an application and we assured that we need that specific server for a long time, for maybe like for five years or maybe one year. Then what we can do, we can go with the Reserve Instances, so it will save us money because if we go for the Reserve Instances, you are making a commitment and so on, sorry, accommodate for it that now AWS will reduce their prices up to like 40 or 50%, which is a very good til, right? Because in any way we can use the server. So if we have a very predicted request or low that we must have to have our server for a certain period of time, then definitely you should go for the reason of his stances. And there is a third one, which is a little bit of complicated but very useful to have. That is Spot Rico is this one. So what is this part request? So let's think about the whole AWS system. So in AWS, what it did provide the gifts as they give us the whole resource of pool, right? So we can deploy our servers and we can run our application and our business in there. So they have a very big number of resources that a lot of resources, and it's very unlikely that all the time, all the resources that they have are being used. So definitely some of the resources are sitting idle. So they are very smart and they came up with a plan to actually and get money out of it. So what did does take do? They created a new EC2 system that is a spot request for the idle resources. We can request for the idle resources. So suppose if we, suppose you are running server for testing or maybe some other workload where you don't really care if the several gut terminated in few minutes and you're okay with it if the server price is low. So in that case, you can definitely use this spot request. So you can request for EC2 servers that are sitting idle. And you can get very, very cheap, easy to servers, maybe like a t percent cheaper than on-demand EC2 server. You can use the server just for the one drawback. That is, once the server is requested from on-demand and your server resources will be terminated within few minutes. And if you're okay with that, then yeah, that's a very good to use. So for requesting is Patrick spot, spot servers. You have to click request spot instances. Here. If you want to create a request manually, you can go with this option as I don't have any template yet, so I'll use this option. Here. We need to define what sort of AMI want to use for our Spot instances. So there are all the images that we already saw under our instance section, right? When we created our servers. So yeah, Windows or Linux, Unix. So let's go with the Linux tool. And we already, we already worked with this QPR thing so we know what is keeping her. So let's select how our previous keeper, which is test Windows key. And then there's some additional settings here we can define what kind of EBS volume we want for our server and volume type. So I'm gonna go with GPT-3 in this case. And here we can also define the IOPS and throughput. Ios means input, output power stack. And so this is a very good indication. Suppose we are expecting a lot of requests, a lot of transactions from our ec2 server, then our app should be higher. If our app get exhausted, then our application, we will freeze. That reason we need to take care of this IF scenario and we have to monitor this IOPS if our eyes are sufficient enough to provide all those transaction volume. So that's a very good thing to know. Here, whenever we click can create an EBS volume, we have two encrypted because if we don't encrypt it, then our files are our information that we put inside EC2. Ebs volume will not be encrypted at rest. So when we click this encrypts thing, that means we are encrypting our information, our files at rest, which is a very good practice. So always remember that tenancy is a very important thing to know. So default one is shared hardware instances. So what does it mean? Shared means like the server that we're deploying, this is sharing the resources. It doesn't have any dedicated instance. If you're working in a very secret thing, then dedicated instances a very good option because dedicated instance it gives us some extra layer of security. So that's the reason we need to use dedicated instance. So for this tutorial, I'm gonna go with the default one. And here we can select the security groups that we want to attach with our new server that will be launched by the Spot Instance section. So the next one is the auto setting public IP. So if you want to have our server, public IP, we need to select, Enable, and then some other information and then the target capacity. So here we will define how many servers we need as a spot request. And here we can select our VPC in which PV cell or service should be deployed, and also the availability zone where we want our service to emitted light. Here. We can define what sort of instance we want to have. And here we can define the vCPU, the mammary, some other information. It's pretty self-explanatory. Here we can select the allocation strategy, which is very interesting. So there are two types, type of strategies. One is price capacity optimized, which is recommended one and the other one is kappa CT optimized. And what is price capacity optimized its request the lowest prices spot instances from your most valuable pools. This is best strategy for balancing standards, prices and interruption risk. So this is a best practice. So let's go with this one. And this is an overview of your old configuration. And once you hear a good thing to see here, if we see the fleet restraint is strong. So that means we do have a lot of resources under this code that we have mentioned. So we have like 40043 meetings since Thai 567 cities Zones, which is pretty great. And just see if I click this Launch button, then we will create our first is Spot Fleet. And if the resources are available according to our needs and our nice, I rarely be deployed in this setting. 7. EC2 Lifecycle Manager Configuration: In this video we're going to cover Elastic Block Store section. So pretty much we're going to cover volume, snapshot and Lifecycle Manager. So we already know what is volume. Volume is the storage that is attached to our AC to DC to server when you create it. So as we have already launched our test EC2 server. When the server, we can see we already have one volume and this volume is attached to a server because the volume is steadies in use. And here we can see some of the information related with volumes, volume size in use, and also the status checks and monitoring if you want to match our volume, whether it's fully operational and so that is volume. And the next one is a snapshot. Snapshot takes a screenshot of the current state of volume. So for instance, if I want to take a snapshot of my current volume, audiologists need to do. I need to click create a snapshot. And we can take a snapshot of volume or instance, I prefer volume because volume is the storage. So if we just take the snapshot of volume, that means we're taking a snapshot of the instance. And also when you're taking a snapshot or just or low volume, it's more accurate and it is not pretty much just looking into some other extra functionality to the instances, it's faster. So here we need to define our column ID. For our case, we have just one volume because we have one server. I'm going to select this and description if you want to, some description for future reference, you can add it from here, from here. And then just need to click create a snapshot. And once you click this button, that means we are, we're taking a snapshot of our volume and the volume will be available as a backup. What if I tell you there is a better way to take a snapshot? So let me, let me share some sort of like idea why we need a better arrangement and how we can implement it. For instance, let's assume we are running a web application and every day we are getting a lot of information, new information. And our ec2 server is very valuable to us because it has all the information. Okay? So we need to take backups are very easy to server. And if for some reason if a server crashes and if it is not functional anymore, and if we lose our data, that means we are losing some very important and valuable information that can help our business. So in that case, we definitely want to have a daily backup. So if we want to take the snapshot daily, manually using the snapshot, that's good, but it's not a very efficient way to do it because it, first of all, it will take time. And second of all, there is no reliability. Maybe we can meet someday, right? So it's always better to do automation. And in order to do that automation, we can use Lifecycle Manager. So if I click Lifecycle Manager here and I click here, we can see the benefits and features like the tech automated snapshots and Amy creation. It built-in cross-region copies. So cross-region is a very good concept. So suppose our server is running in North Virginia region from here. And for some reason for some technical difficulties, if are not Virginia region is down and our backups are also snapshots. So also in this Not virgin region, that means we are pretty much out of our scope. That means we can't make our application functional until these North Virginia region goes up again, which is a very big risk. So we need to come up some sort of disaster recovery plan for that. So the first part of disaster recovery plan is to create a backup in secondary region. That. So suppose if we take the snapshot and copy this snapshot to Ohio, California, or Oregon region. That means even if our north Virginia is totally town, we can just use the snapshot, the snapshot from other region and create our new server and make our application every level again using that region. So it will help us to meet our RTO and RPO. For that reason, cross-region backup is very good. So if I click Next tip in here, so here I'm going to define the whole set of how we want to. Automate our backups. So first we need to four volumes to actually specify what specific volume we want to backup, automated backup. We need to have, we need to define the tax. We need to have the tags to actually target those volumes. So right now we don't have any tags for that reason. I'm not seeing any sort of tags that you can select from here. So let's go back from here and go to our instances. So here is our instance. Then there's Windows Server and go to the tax section. And we cannot create Manage tags. And we're going to add new tag. And here we're going to type in fire on environment. And the value should be proud. You can type any other values if we want to, maybe Dev, staging. And after adding this, I'm going to save it. So that's great. So now if I go here under the tag section, now I do have one tag that is environment and proud. So let me refresh my console once again. And I'm gonna go back to Lifecycle Manager. And I'm going to click Next this tape. And here I'm going to select volume. I'm going to select this tense because I have attached, attached to my instance. So here I will select environment and value is proud. And policy description here, if you want to add some description, we can add description here. Then under the IAM role. So I am stand for identity, identity access management. So this is where we defined or give permission resources to actually have some sort of permission to actually use other resources. And under here, if we see this is the default role of parameter that we are giving to this specific lifecycle policy. So this one is written in JSON format. Here, it's pretty straightforward to read that statement. Effect allows, so we're allowing this specific actions like this, easy to create a snapshot and some other prohibition we are providing in here. And this is the policy and its battery to give it a name, the policy Scripture. Now, we cannot call it proud life cycle policy. If we want to add text to our policy, you can also do it from here. And then the policy status like whatever you want to anabolic or no. So let's enable it. An excellent volume optional. So if we were to explain after volumes, maybe some additional volume, we can select it. In our case, we don't even have an additional volume, so that's the reason it's optional. So we're not going to select this option. Okay? So here we need to schedule, we need to configure the schedule. Schedule name is scheduled one by default. Let's go with this and frequency. How frequently you want to take the backup it daily, weekly, monthly, yearly. So in our case, as this, as we're assuming so important server, we want to go with a daily backup. And every 24 h, that means once every day we're going to take the backup. So here is a time when we want to start our backups. So it's a very important thing to know. Always said, starting time when there is very less traffic to our server. Okay, so maybe at midnight, we can say the time for our starting points so that all the backups and other stuff's going to happen at midnight and it won't affect in our working hours. Okay. A good point to notice and mutation types. So it's also an important thing, retention, suppose it's taking the backup, so we need to have a retention time. So maybe we want to have our previous seven days of backup. Because if we don't have this timeframe, that means every day we're going to have new backups and it's running for a year. That means we have 36, 365 copies of our backup, which can be a lot of storage and we're going to get charged a lot from Amazon for that for that reason, we have to come up with a number. So in our case, I'm going to count, we're going to select seven, so that means we want to keep one, we come back, okay? And then this is the option where we can configure the cross-region copy. So in this case, we can select our target region. So target region, we can select something other than East one because this one is already there, not Virginia. You can select waste one in here. And then the KMS keys and some other information. We can select multiple regions. So if we want to have our coffee and more than in one region, then we can select multiple if we want to have this flexibility. We can also do cross account sharing. Suppose we want to share our snapshot to another AWS account. We can also do that by using this option. Once you, we're all okay with the configuration. We need to review the policy here we can see all the configurations. Once it click Create policy, then this policy will be created and we can have our automated backups every day and the backup will copy to another region and the retention period is seven days. Pretty much you have automated all the things that we can have a sound sleep. 8. EC2 Network and Security: In this video, we're going to discuss about network and security section of AWS EC2. So the first one is security groups. So we already talked about security group, what it is. It is kind of like the firewall of our servers. Let's open any one of these security groups. So we do have four of four or five security groups that are our account. So if I click here, the security group also have a group ID, like our instance ID, right? And I'll say it has a group name, the VPC ID. Vpc is like the eye of VPC where we have created this security group than some other sections. Okay, under the Details section here we can see those information. And inbound rules, what it is inbound rules. Inbound rules are the rules that gives us the permission to actually allow traffic into our servers. So if I click Edit inbound rules, here, you can see just only we have one rule here that is the type RDP. So RDP connection, which is port 3389, TCP and the source is zero.000 is zero. That means any traffic from anywhere. So this is how we define like from everywhere. Okay? So what if I want to add one more rule? So I want to use our server as a web application. So we need to install some IIS configuration and then we need to open port for HTTP and HTTPS for the traffic. What fiction traffic. So once I add rules, so now we have to define what type of rule 12 at. So this is the HTTP and HTTP port is port 80. This is fixed. And as this coming, this is for the request, web request. We want to open it for everyone. So here we can select anywhere IPV4. So once we select it, then we have the same number, that is your dot to dot zero, dot two is less. That means all traffic from anywhere. So what about HTTPS? So we also want to have HTTPS request. And for that reason, if we select so let's search for HTTP S, this one, and the HTTPS port is 443. These ports are very important to know because this force are fixed and for every application this votes, we have to use this forced to open under our ec2 security groups. So we want to also add it for all the IPV4 addresses from anywhere. So once we configure it, we can just save two truths are now our ec2 server. We can exercise to your server using RDP connection are from HTTP or HTTPS request. That's the square root. So that is all about inbound rules. What about our bones rules? What it does? Alright? So outbound rules, so the first rule that it is by default its type is all traffic, so its scope is all traffic and customers everywhere. So that means our from our server, inside our server, we can send request to anywhere. So it's not blocking in sort of outbound request. Okay? So if we want to have some more granular rule, we can delete this and we can add some Morgan rule according to our security compliances and in standards. This is how we can secure our server. And also you can add tags to our security group. The next section that we're going to discuss that is elastic IP address. So remember, once we create our ec2 server, there is an option to actually attach public IP addresses for our ec2 server, even if we go back to our ec2 server in here, under the networking section, we can see our server has elastic, our server has public IP address here. But one thing to remember, this public IP addresses dynamics. So what does it mean? Well, that means like if we stop our server and it started again, this public IP address will change. So here comes the problem with this. So suppose we have a DNS Domain Name System and we want to attach our server to a domain name, e.g. www.abc.com. So the abc.com will be pointing to this IP address. If this IP address changes, then. Our domain name is, will not work because this domain is mapped to it, this IP address. So we need something like a static IP address that can help to actually solve this problem. And exactly this problem can be solved by using Elastic IP address. So if I click allocate Elastic IP, so here we need to select border groups. So here we can select our region where we want to create our elastic IP. And then we can select our IP address pool, that is Amazon pool for IPV4 addresses. It will randomly create our new IP, new elastic IP in here. And we can, once we click allocate, then we'll have our lusty gap in here. And then we can merge these elastic IP to our instances. So if I go in here and see right now, we don't have any elastic IP address because we haven't created it, because we haven't created the Elastic IP when we created the server. So if we match our elastic IP to this server, then what will happen? Then our IP address will be statics. Even if we stop and start our server, our IP address will be the same. So let's create one elastic IP for an example. So I'm going to go with the default setting and allocate. Okay, so now we do have this elastic IP. This elastic IP address is this one. And if I want to allocate this elastic IP with our ec2 server, simply I have to go to the actions setting and we have to go to associate elastic IP address. From here we can see that our server, this one, and we can keep it blank and we can see liked associate. So that means our elastic IP address is the kind of attached to our server. And now, if I do a hard refresh and go back to my instance setting in here. Here I can see under the networking section, the last, the IP address has changed to this one. That means this is elastic. Ip is assigned to our server and it is static now, which is great. We have already discussed about key PRs, how it works, and also just wanted to give you a very brief overview that is like key, this key pair can be used to actually secure our ec2 servers. Also, we can create keep yours from here, we can just define the keep your type, the algorithm, and format that we are mostly comfortable with. So we can select this, go with p, if not p or not p, p k, according to our need, dot P pk is good if you want to use party to connect to our server. And.pm is good for OpenSSH. So it depends I could how we want to connect to our server. Alright, and the last option here that is network interfaces. So we all know that in order to make our setup work, we must have to have a network interface. You don't network interface then how our system will be able to communicate with other system, right? So for that reason, we need network interface. And here you can see already have one nutrient greater favors because when we created the server, it also created a network interface by default. So if we click select this one here we can see all the details like the interface, iterator, interface ID, the VPC in which the it will interface was created, and the subnet where it is situating and also nutrient DFS also has a security group. So it's secret. It is a kind of firewall for network interface. And it also have private IP addresses and all the settings and Flow Logs. Flow logs is an important thing. So flow logs is also kind of filtered with a VPC. So as it is a part of the VPC. So once we get traffic, first, the traffic goes through the VPC. From VPC, it goes to the subnets, from subnets to the interface and interface to our server. So this is the flow. So if we enable this flow logs, that means all the request generated from at the beginning to the end, we can have a logs and it's a good thing to have. It helps us to actually troubleshoot issues. If we face in sort of network issue, we can just view These are not the flow logs and it is much easier in this way. We can also add tags to our to our network interfaces. 9. EC2 Load Balancer Configuration: In this video, we're going to discuss about load balancing and how it works. So there are two sections of a load balancing, that is load balancers, and the second one is target group. So let's start with the target groups first. So what is a target group? So remember we already created or is it just server? And suppose we do have not one. We'd have five EC2 servers. And we want to have a system where we can distribute our traffic to our five EC2 servers in an equal way. So we need two must have a system, right? So for that, we can use load balancers. So if I create a target group first, let's click Create target group. So there are different type of target groups. Two groups. We can create directories for instances, IP address based, lambda function and Application Load Balancer. Okay. So let's create Application Load Balancer for Application Load Balancer, okay, and type group name, we can name it Test. And then we need to set a protocol. So if we select Application Load Balancer, then the only protocol that can be used that is TCP and the port we can select the 4D, what kind of portal want to use. Okay, so let's use port 88 is four ATP. Remember we cleared it under our security group section and here we need to select the VPC for me. I do have on the one VPC, so I'm going to delete that one. And health checks like how you're going to check the health of our target group are the servers that are attached to my target backend. For that, I want to have a HTTPS checkup and health check parties. It will check the root, root directory. And the traffic port, like does it held the threshold is three and another three. So that means it will check up to three Health, uh, 33 points to finalize my server that are attached to my back-end of the sterile group are healthy or unhealthy. The interval is for thirty-seconds. Thirty-seconds, that is three. It's threshold that builds 90 s in total to pass the threshold. And if I click Next, here it is asking for load balancer. If I only have one as they don't have one. So I want to add an application load balancer later because if I don't, I don't have it. So I'm going to click Create target group. So now I do have a new target group, and this group is not attached to any load balancers. Okay. Now let's move to the load balancer section. And this load bars session, let's click Create load balancer. So there are four types of load balancers in total. One is Application Load Balancer. So suppose if you have an application where application, and we do have multiple servers to server location. In that case, we have to use application load balancer to distribute the traffic. So whenever we get a traffic from our clients or customers, that traffic will first come to this load balancer. This load balancer will then distribute our traffic to our target group, from target group to our ec2 servers. It's very simple. And the other one is the network load balancers. So suppose now we are not dealing with an application, web application, then you can go with network load balancing. And it works in layer layer four because Application Load Balancer worthless for an applicant, an ablation bands are worse in layer seven. And then we do have also a gateway load balancer. And the last one is classic load balancer, which is kind of like previous generation. So right now, it's always better to use any one of these three because Classic Load Balancer is the previous generation base. So I'm going to create one application, load balancer, okay? So first I need to give it a name. We're going to call it web application. It LB. Lb stands for Application Load Balancer. And it is internet facing. I'm not creating it for our internal, so that's what I'm going to go with this Internet facing. Then the IP address type, IPV4 is fine with me. Then I have to select the VPC. Then how many ever returns I wanted to be available for this application with Balancer. One thing to remember here, we must satisfy at least true. So in my case I'm going to select this one. And this one too. Going to select the security group. The security group will be attached to our application load balancers. So we're gonna go with the default one. And then we have to add listener. Listener. She's like four. How are you going to accept those requests? The first one is protocols. So you want to go with HTTP and HTTP port is port 80. And now we have to use the variable that we created earlier. So if I click here, drag down, that is a test run HTTP. So d, So what, how it works. So once our load balancer receives the request and it receives a request, if it is a HTTP requests truly suited for TAT, that it will forward the request to our target group that is test. And if I want to add one more listener, I can add it from here. So as our lead have HTTP, if we want to have HTTPS, then I can select it here. So suppose if we're getting some HTTPS requests for our web application, that will be protocol HTTPS and port 443. And here we can select in which tired group we send those requests. Again, I'm going to set it to our test target group. So once we have this configuration, one thing to remember here for this HTTPS request as it requires a SSL certificate. Then if we want to have this HTTPS request, then we must have to define our SSL certificate under here, secure listening setting because it requires SSL for nice, I don't have that little certificate. I need to generate that. For that reason. I'm just going to remove our HTTPS listener for now. And now you see the SSL sexually scar the AWS global accelerator. We don't need it, but it's sometimes this can be useful because it will enhance the capability of our load balancer. Okay, so here we can see the current configurations. And once I hate click Create load balancer, or I forgot to select those two load balancer analytics zones. So now I can see my load balancer in here and it is still in provisioning state, which is totally fine. So in few minutes, we'll have our load balancer in here right. Now I had to go back to the target group and select a test target group. And now we can see no specific easy to serve servers are listed in here. That means once we have our aqueous waste land, it's passed to our load balancer. From load balancer, it will be forwarded to our target groups. Then we need to have some resourceful as easy to serve or at least it or not our target group that can be used to pass traffic to those ec2 server. Now, we would like to add some ec2 servers or not this registered target to handle this traffic. Okay? So now as we just only have only one server, I will select this one and then I want to click include us spending below. So now it's in pending instead. So it is evaluating the health checks. And then I'm going to click Register painting targets once it passes the health check after the 90-second off checkout and then it will show us a healthy. So once we have a request to our, once we have a traffic to our web application, it will go to our load balancer, from load balancer to our target group and from target group to our ec2 server to serve their traffic. This is how we hadn't distributor traffic, e.g. if we have multiple ec2 servers in here, then those traffic will be distributed equally to all those ec2 servers. And this is how we can handle a lot of traffic at the same time, we just have very great functionality from my understanding. 10. EC2 Auto Scaling Configuration: In this video, we're going to discuss about auto scaling. Auto scaling is a very good feature of cloud computing. So suppose it's December and your replication is getting a lot of traffic and your servers that are attached to your load balancers are not able to actually handle all the traffic. So you need to scale up. And it's very hard to actually scale up manually. So we need some sort of automation also for scaling up. Artists killing can help you with that. So once the CPU utilization hits a certain threshold and it will automatically scale, but just spin up new instances to handle the extra traffic. And once the traffics are low than the extra instances can be deleted automatically using this auto-scaling. So that means you are not paying anything extra for our servers. That is great. So daughter screen has two part. One is launch configuration, the second one is auto scaling group. So after the launch configuration, if we click Create launch configuration in here. First we need to have, here you can see we need to have a AMI. But as we don't have an AMI. So first what I would like to do, I want to go back and from this AMI section, it's empty. So what I want to do, I want to go to my instances and I want to click action and the instance setting. Imagine template and create an image. So I want to create an image for my server. So here I got to name it. Test when toes image. And the volume is all okay, and I'm just going to hit Create image. So here I'm seeing that currently creating AMI for this specific instance. So if I go back to my AMI section, here you can see an image is being created, but since students spending instead, it takes some time to complete the process. So I'm going to pause this video and start again once this image is available for us to use it under the launch configuration. Now we can see our MI is available to you, so that's great. So let's go back into our launch configuration and create a launch configuration name it has test. Am I, am, I can fake. Okay, so now we should be able to see RAM. I add my mind, that is good. And instance type, we need to choose the instance type in here. And we're gonna go with T2 micro, like we did earlier for our first server. So I select this one and we need to select some additional configuration, which is options. So let's just go with the default setting and road volume is 30 GB, that's from the previous configuration. And one security group that is totally fine. The existing security group or an existing key. And we're going to use this key and create and launch configuration. Or I need to acknowledge that, okay, This is great. Now, we do have this launch configuration under our launch configuration settings. That's wonderful. Now let's go into auto-scaling groups. So here, let's click Create our scaling group. So let's give it a name like test group. Okay? And now interest rate and template. So maybe the setting that we did earlier with our launch configuration, it may take some time to the Alpha level to be used and our scaling group. So I'm going to pause this video again. I'll resume. It wants this large configuring your shin is available to use. Alright, so now it's available now. So let's select our test him I can't fake. So it has all the configuration that I set up earlier and click Next. And now we dislike or VPC, we actually only have one VBC, so that's good. The default one and devotees on so you can sit on his own. I have choose US East. One is subnet, this one. Next. So here we'd have option to actually add load balancer. So I'm going to attach my existing load balancer that I already created. This one. Test run HTTP load balancer will be attached to it, this convection setting. So the traffic will be pretty much managed by the load balancer and auto-scaling group. That is great. And we can select Next. And here we can define our group size. So desired capacity is how many servers we want to see up and running all the time. And minimum, how many? Several want to have minimum and maximum. So the maximum limit can be like of two for according to our needs. So if our server, one server desert capacity minimum is one. So if one server can't handle the traffic, then we'll spin up some more server to handle the traffic for us. So target tracking scaling capability. So we're going to target cavity by average CP utilization and target volume. Let's put it 80%. So that means if our one server is Katie more than 80 per cent of parallelization, Then we'll spin up new server. Okay? And let's go to next. If we want to add notification instead of vacation to your email address or SNS topic, you can add notification in here. For now. I'm not going to add a notification and I'm going to go next. And losses keep tags. And here is the whole configuration that I have. And if I click create auto scaling group, so it will create the auto scaling group. And from this one everything will be automated. So by default we will have only one server all the time up and running. And if the server CPU utilization is more than 80%, then it will spin up a new server to actually handle the extra traffic that we're getting from the load balancer. So this is a very good thing. So always remember one thing that is, we should always use load balancer and auto-scaling together to get the best kind of like features of Cloud computing. And it will help to actually scale our environment when it's needed and scale down when it's not getting that much of request. 11. Conclusion: Congratulations, I'm really happy that you have made to the final video of this tutorial. I hope you've learned a lot about AWS, EC2. And if you do have any quotients or any sort of doubt will sit in this course. Please feel free to send me a managed under these comments section. And if you have learned a little bit about Cloud computing and specifically about AWS EC2. Please give me a good review and follow me for some amazing detail in future. And I wish you a very wonderful day.