YouTube Transkripti:
AWS Certified Cloud Practitioner Certification Course (CLF-C02) - Pass the Exam!

Videoları baştan sona izlemeye gerek yok — tam transkripti al, anahtar kelimeleri ara ve tek tıkla kopyala.

Paylaş:

AutoDub

YouTube'daki Yabancı Videoları Anla

YouTube'u Türkçe Seslendirmeyle İzle

Dil engellerini aş, dünyanın dört bir yanındaki kaliteli içeriklerin keyfini çıkar

Ücretsiz Kullan

Video Transkripti

Video Özeti

Summary Requirements

Core Theme: The AWS Certified Cloud Practitioner (CLF-C02) certification is an entry-level credential for understanding AWS cloud fundamentals, core services, and essential operational aspects like security and pricing. The course aims to provide comprehensive study materials, including lectures, hands-on labs, and practice exams, to prepare individuals for this foundational certification.
Key Points:
- The AWS Certified Cloud Practitioner (CLF-C02) is AWS's entry-level certification covering cloud fundamentals, core services (compute, storage, network, databases), and operational aspects (security, billing, pricing, support).

Mind Map

Genişletmek için tıkla

Tam etkileşimli Mind Map'i keşfetmek için tıkla

hey this is Andrew Brown over here on

free Camp bringing you another free

Cloud certification study course and

this time we are looking at the ads

Cloud practitioner also known as the clf

C02 and the way we're going to achieve

ads certification is through lectur

content Hands-On labs and as always I

provide you a full free practice exam

the best way to support uh more free

study courses like this one is to

purchase the optional paid additional

materials it's going to help you on your

exam and it's going to allow me to

produce more of these uh great Cloud uh

certification study courses if you don't

know me I'm Andrew Brown and this is the

fourth time I've taught this uh

certification so it's really refined at

this point and I've taught a bit of

everything in the cloud so we've looked

at ads Azure gcp terraform kuber denes

you name it I've taught it uh but that's

about it and I will see you in class in

the next video ciao [Music]

[Music]

hey this is Angie Brown and we are at

the start of our journey asking the most

important question first which is what

is the adus cloud practitioner well it's

ad's entrylevel certification that's

going to teach you things like the cloud

fundamentals so we're talking cloud

Concepts architectures deployment models

it's a close look at adus core Services

which would be our compute our storage

our Network or databases and it's a

quick look at the vast amount of adus

services and functionality around adus

so we're looking at identity security

billing pricing support and a lot more

stuff and we'll get into that in the

course and we'll even look at the exam

guide outline but uh yeah there is a lot

of stuff um the course code for this

certification is now the clf C02 the old

one was the

c01 uh the way to know if there is a new

course is if this becomes the c03 if you

see that then this course um may be out

of date um but uh yeah right now it's

the C02

um often people refer to this

certification as the CCP to stand for

the certified clock practitioner how you

want to refer to it is up to you but uh

there are a few ways of describing this

certification I want to point out that

adus is the leading cloud service

provider in the world and the cloud

practitioner is the most common starting

point for people breaking into the cloud

so even if you're going to uh utilize

another cloud service provider I'm just

going to say that you're going to get a

really good uh Foundation with this

certification even if it's not the uh

same provider uh so who is the

certification for well consider the

cloud practitioner if you are new to

cloud and you're learning the

fundamentals you are at the executive

management or sales level and you need

to acquire strategic information about

Cloud for adoption or

migration or you are a senior Cloud

engineer or Solutions architect who

needs to reset or refresh their adus

knowledge after working uh with cloud

services or adus for multiple years

um it's always a surprise that when I

come back and I refresh this course uh

the things that have changed and it's

very easy to miss those things so yeah

this this certification is for everybody

so what is the value of the

certification well this uh certification

provides the most expansive view

possible of cloud architecture and ads

it'll uh we I would describe this as

having a bird's eye view or the 50,000

ft view so with that in mind uh the idea

here is to promote big picture thinking

we're zooming out and assessing the

cloud or itus landscape for things like

changes Trends opportunities um and it's

important to understand about being

strategic about the approach and process

for your journey and that's why I like

the certification so much and I strongly

uh recommend it for everybody's Journey

so what is the value of the

certification well it's not a difficult

exam uh it's it's not going to validate

that you can build Cloud workloads so if

you are trying to obtain a technical

implementation role like develop Cloud

developer Cloud engineer devops engineer

uh it's not going to be enough to attain

those technical Cloud roles um but it

could help short list your resume for

interviews um the exam covers content

not found in other certifications so it

is recommended as an essential study

guide uh for your adus journey do not

skip this one uh some people like to go

straight to the solution architect and

then they realize that they didn't set a

good foundation or they just have gaps

uh in their knowledge which could really

help them out in their careers so really

do not skip this one um I like to make

these road maps to give you an idea uh

in terms of where you can go after this

certification so here is uh all the

certifications currently that has

notice that I have the data engineer

it's a really small one it just became

uh came out as a beta exam it's not as

hard as the professionals it's just

where I place it on this diagram um but

the idea is that we have a lot of

different ways that we can navigate or

uh work through these certifications

these can generally map to particular

roles in the cloud so uh very often

people go right to the uh Solutions

architect I'm just getting my pen out

here but very often this is the approach

that'll go straight to here uh right

after the solution architect because

they're very similar um in terms of uh

scope and Challenge and difficulty where

the solution architect is a broad

certification just like the cloud

practitioner but it's more focused on

the technical knowledge uh whereas this

one of course is much more broad the

cloud prer

and then after that people will

generally go for the developer or the

CIS office administrator in my personal

opinion I really do think that people

should study all three Associates and do

all three Associates at the same time uh

because really I don't find that uh it

makes sense to leave out the ssops admin

or developer knowledge um it's just the

way that itus Engineers their

certifications but when you go to other

ones like let's say Google they only

have one associate and they have all the

um they call Cloud engineer and it has

everything in it and so uh again I just

feel like you should take all three but

you decide what works for you um and you

know you can see that there are various

routes but I want to just make it very

clear that certifications do not

validate programming they do not uh make

you do technical diagramming they don't

necessarily make you do code management

and there's many other technical skills

that are required for obtaining

technical roles like these roles um and

that is not the purpose of certification

certification is supposed to give you

knowledge specifically on us and so just

understand that you need to make sure

you get those skills uh somewhere else I

do try to uh slot in a lot of these uh

technical skills uh where I can and so

if you're uh if we're doing something in

the course and you're wondering why are

we doing this when it's not on the

certification it's because I'm trying to

give you those adjacent skills uh so

that you are successful um in the future

okay so how long does it take to uh

study to pass this exam well depends

right it depends but if you're a

beginner we're probably looking at 30

hours so this is someone who's never

used datab bus or cloud provider before

uh you've never written code or had a

technical role if you're experienced uh

your study time is going to be very low

like as low as 6 hours even lower uh if

possible um especially if you've already

taken the certification I sat it um uh

blind right I didn't look up anything

and I passed it uh no problem um but uh

so it says here you know if we've

practiced we have experience working

with ads if we have an equivalent

experience in another cloud service

provider some people are coming over

from Azure or gcp so they can kind of

map their knowledge over to adabs or if

they have a strong background in

technology uh you might really be

already familiar with these kind of

offerings from

another uh like from another discipline

and so your study time can be really low

but I would say that um you know the

average study time is probably 24

hours so yes it's closer to the beginner

level but that's the average study time

that we found and so it's basically a

split between 50 lectures and Labs so

labs are Hands-On skills and 50% with

practice exams uh a lot of people forget

that practice exams are part of the

study process so make sure that you do

do that uh we do recommend a study a

study time of one to two hours a day uh

for 14 days uh what does it take to pass

the exam we're still going on with this

here but you know you have to watch

those lecture videos and memorize key

information this is a knowledge based

exam it's not a uh it does not test your

skills so knowledge is key here uh you

should do Hands-On Labs uh we call those

follow alongs within your own account uh

this is just going to help uh sment the

knowledge in your head it really makes a

a huge difference so really do those

Hands-On labs and get practice exams to

simulate the real exam you absolutely

need to do this because if you don't

you're going to find that you did all

the study materials and then uh the exam

is its own uh Beast so make sure that

you go get some practice exams there's a

lot of places that you can get uh get

them from uh we offer a full free

practice exam I think we're the only

provider that does this but um we give

you like a full free practice exam and

we also have some paid ones so the best

way to support this this content that we

produce is to purchase our additional

paid materials uh if you don't have the

money that's okay we still have at least

one full free practice exam to help you

out you can find that over at exampro doco

doco cfy

cfy

C02 it looks like it know but it's a

zero uh let's talk about the content

outline so there are four domains and

you have to understand that each domain

has its own waiting this is going to

determine how many questions in that

domain will show up on your exam the

first one is cloud Concepts so that's

for 24% so we're looking at between 15

to 16 questions domain two is about

security and compliance so that's 30%

it's a a quite high up there so we have

about 1920 questions for cloud

Technologies and services it's 34% so

understanding the offerings of ads is

the most important thing in the exam

it's the highest percentage here so we

we're going to definitely get 22

questions and then uh we have domain

four so billing pricing and support

where it's at 12% so we have eight

questions not a lot for billing pricing

support definitely important because

it's very easy to get overbuild in the

stuff but just you know point out that

you need to know a wide range of adus

services you need to know about core

Services more in depth so where do you

take this exam well you can take it at

the um at an inperson test center or

online from the convenience of your own

home I personally like to take it in a

test center if there's one near me I

used to live in Toronto now I don't so

there's no test centers near me and so I

have to do it online it's just so much

less stressful walking into a building

and everything is uh controlled whereas

at home you might have a lot of things

going on and that can cause a lot of

stress but you know do what makes sense

for you so adus delivers the exams via

Pearson View and so uh there's pearon

view they have the online system which

you do uh you install on your computer

and then they also have a network of

test centers their partner with uh

previously adabs also offered it via PSI

um they don't do this anymore I'm not

sure why they changed this before it was

only PSI then they added Pearson and now

they've dropped PSI so your only option

is Pearson view I just want to point out

what a project exam means it means that

it's it's someone is supervising uh your

um your exam while you're taking it so

you're not cheating so it's very common

that when you check in they're going to

ask to look around your room you might

even have to talk to them uh and it's

just again to make sure that what you do

is um your exam was legit legit so when

they issue your badge you know it's for

real anyway let's talk about grading

here so the passing grade here is 700

out of a a th000 points and so you need

to get around 70% to pass ads like many

other CL providers use scaled scoring so

um that doesn't mean if you get exactly

70% that you'll pass but uh I mean more

less it works out to to be that okay so

the response types uh we have here well

first of all we have 65 questions and

there are 50 questions that are scored

and then there's 15 that are unscored

and if that sounds bizarre I mean I I

agree with you I think it's odd that

they give you 15 unscored questions but

the reason ads will do this is that they

want to introduce new questions um to

help test against the difficulty of the

exam um because you know maybe some

people know more than uh what they're

expecting so they can adjust the

difficulty of the exam I think that they

use it as an anti-che mechanism as well

but from the test taker it can get a bit

stressful because you can get 15 really

crazy wild questions that were not in

your um uh course studies and it's just

a of us testing things out and so I just

want to point out don't get stressed out

when you take this exam and you get a

really funny question it's probably one

of those unscored questions but on top

of that you know there are 15 scored

questions you can get wrong so you can

get a total of 30 questions wrong on

this exam and pass I just want to make

that uh really clear there there is no

penalty for wrong questions so

absolutely always submit an answer and

take your best guess the format of the

questions are multiple choice and

multiple answer so you know it's not too

stressful in terms of uh the formatting

of questions um there are again 15

unscored questions of the exam they will

not count towards your final score why

are there unscored questions uh they're

there to evaluate the introduction of

new questions they're there to determine

if the exam is too easy and the passing

score of the question difficulty needs

to be increased to discover users who

are attempting to cheat the exam or

steal dump exam questions if you

encounter questions you've never studied

for uh that seemed really hard keep your

cool and remember that they may be

unscored questions just really want to

emphasize that there in terms of the

duration you get 1.5 hours so you have

about 1.5 minutes per question your exam

time is 90 minutes your seat time is 120

Minutes what are we saying when we say

seat time this is the time it takes uh

or that you should allocate for the full

exam uh that includes uh things like

reviewing the instructions uh showing on

uh showing the online Proctor your

workspace reading accepting the NDA

completing the exam provide the feedback

at the exam so a lot of people go okay

my exam start star in or I have 90 or 90

minutes exam but really you want to show

up 30 minutes prior uh because that

checking process can be really really

stressful so you know just consider that

uh the full scope of time you need to

dedicate for these exams this uh

certification is valid for 36 months so

that's 3 years before recertification

some other providers uh like Azure if

you do the fundamentals it's forever um

other ones have require you to refresh

every year other ones um you don't have

to take the full exam you have a

reassessment that is free inabus likes

to do it this way the nice thing though

is that when you do pass a certification

um somewhere adus allows you to get the

next exam half off uh so at least there

are cost saving mechanisms if you do

pass an exam for the next follow-up

certification but yeah uh that is pretty

much a breakdown of uh the exam guide we

will go and take a look at the actual

exam guide so we can uh understand the

full scope of what's in there uh but

yeah we'll see you in the next one okay [Music]

[Music]

ciao hey everybody it's Andrew Brown and

we are here on the training and

certification page on the adus website

and what I want to do here is I want to

pull up the exam guide so that we can um

make sure that we know exactly what it

is that we're getting ourselves into uh

we did cover this in summary in the

previous video but uh I think it's

always useful for you to know exactly

where these things are

adabs is always changing their marketing

pages and I've already noticed a few

changes here so um just understand

that's the nature of cloud notice here

that it's talking about the uh beta exam

certification so even earlier we talked

about the data engineer or we at least

showed it on our journey map and it's

not even it's not even 100% out beta so

you can see we're kind of prepping for

the future here I also want to point out

that they have this like certifications

path uh thing and I I don't really like

it because I don't think it's very

accurate so the first thing they show is

Solutions architect and they don't even

say you need to get the other two

associate certifications which you

absolutely should do if before you go

for your Solutions architect

professional the data analytics is no

longer a uh certification that adus is

producing so this is an out-of-date

document so I just want you to

understand that these are marketing

Pages they're here to maximize the

amount of certifications you need to

obtain my goal is not to make you take

every certification my goal is to make

sure that you are prepared uh to do the

job and I just want to you know help you

avoid going down the certification route

and getting too many certifications that

aren't going to benefit you so just take

these with a grain of salt when you're

reading them okay so anyway what I want

to do is drop this down and go to Cloud

partitioner um and here on the cloud

cloud practitioner page if we scroll on

down we got prepare for the exam and

here we'll click the exam guide and

it'll open up a PDF and it'll give us

all the information we need to know this

is what AB has been doing for a long

time is making these um exam guide p F

which I really like uh but anyway the

first thing we should do is confirm the

course code so this one says CF CO2 so

we know we are on the right track and

then down below here it says this exam

validates the candidates ability to

complete the following task I want to

highlight some key words

explain understand describe and identify

so understand that this certification is

not checking whether you know how to do

Cloud it's more if you understand Cloud

um and the majority of aable

certifications in fact all of them are

multiple choice and multiple answers so

they can't really check if you were able

to do something in Cloud so just

understand the limits of certifications

at least eight of the certifications

based on their testing mechanisms so

when it says Target candidate it's

saying uh where you should be in order

to pass this exam and so they're

suggesting that if you had six months of

exposure to adabs uh with Cloud design

implementation operate operation then uh

you should be able to pass it it's just

weird uh worded strangely because it

makes it sound like you should have this

experience um before you even start

studying which is not true they just

mean like if you want to pass it you

don't need six months to pass this exam

that's crazy you just need what we

recommended which was um the amount of

hours we said the average hours is 24

hours so um I'm not sure why they put

six months I guess it's just they're for

those who are really having a hard time

with Cloud they give you a lot of uh um

scope for room there but you can see

they're pointing out from non it

backgrounds recommended knowledge Cloud

concept security core Services economics

that's that's just a repeating of the

domains um notice it says job tasks that

are out of scope is

coding um Cloud architecture design load

performance and testing I'm highlighting

these three because I just want to point

out that in associate level professional

specialty they actually do ask questions

around troubleshooting implementation

and I suppose they do architectural

design but they never ever ever No

certification in 8s is going to test

your coding skills architectural diagram

skills and they're not really good about

load and performance testing they have

like use case scenarios but um just

understand again the limits of the

certifications coming down below to the

response types we got our multiple

choice our multiple

response um so that's pretty clear there

there is uh 50 scored questions there's

15 unscored questions so that is very clear

clear

the uh uh the the the point system is

based out of a thousand to th points the

lowest you can get is 100 points I don't

know how that works why like why can't

you get zero points I don't know the

passing score is

700 so that's what we need to score

there then down below here it's just

talking about the course outline and it

actually has a comparison of the old clf

co1 so we can take a look there and see

what actually has changed so down below

here we have our Cloud Concepts as

security compliance our Cloud technology

services our billing pricing support and

then it comes in and starts describing

all this stuff now I need to make it

very clear how inabus makes their exams

they give you a huge list of things you

need to learn but if you learn um each

one of these things you can end up

overstudying or you'll find that the

like the exam guide outline is not one

to one I'll give you an example we'll

look at something else I'm going to go

to Hashi Corp here for a second hashy

Corp terraform

certification as a as an example of how

different adus certifications are so for

hashicorp they will this is their exam

guide they'll give you each of these

items and you can be 100% sure that

every single thing every one one of

these things will show up on the exam

one to one so it's very easy to know

exactly what you need to study for um

and uh if you know all these things

you'll you will pass in ad us they list

all these things but they won't all show

up they they're pulling from a very

large pool so to kind of narrow down

what you need to study you need to have

a good sense of um overall everything

and and you're just going to get some

things wrong but um anyway coming back

here the first Cloud Concepts they're

talking about the benefits of

cloud so we have a section on benefits

of cloud and so they talk about the

value proposition so there's like six or

nine of them I forget have a multiple

slides on that and so we're talking

about economics scale benefits of global

infrastructure advantages of high

availability elasticity and uh agility I

think we call these Cloud architecture

terminologies because they're not really

benefits I mean they are benefits of

cloud but I I like to group them a

little bit differently then we have

identified design principles for Abus

Cloud so we have the well architect

framework this uh was for the most part

never in the clf co1 for 90% of its

history and then they decided maybe like

last year or something to add it in um

and and uh before even wasn't even the

solution architect associate but now

it's even at this level and that's

totally fine you only need to know it at

a very high level so um it's not too

difficult to learn but it it's a white

paper it's a PDF that um you know just

describes how adus thinks that you

should design uh your architecture then

we have understand the benefits of

strategies and migration to the cloud so

we have Cloud adoption strategies Cloud

adoption framework so um this was this

was not in the last exam but luckily I

included it because I thought it was

something that was very important and so

I already have it in the certification

course even from the last one they

actually do ask quite a few questions

around the cloud adoption framework but

when you look at and again this one's

like a white paper just like this one

above here and we'll talk about what

white papers are if you you never heard

that term uh it'll make sense in the

course but the cloud adoption framework

um there's not a lot to it but the exam

they'll ask you a lot of questions

around it so you just have to have good

common sense um about uh choosing those

answers if that makes sense um

identifying appropriate migration

strategies sure I guess so I never got

any snowball questions um they they say

snowball here go down below here

understand concepts of cloud

economics so cost Savings of moving to

Cloud aspects of cloud

economics uh fixed cost compared with

variable cost

they're talking about um Opex Opex and

capex understanding the associate of on premise

premise

environments uh understand the

difference between licensing strategies

and adabs never ever really ever

mentioned uh bring your own licenses

ever in their certification courses and

I never got this on the exam and other

people I sat for the new exam never uh

encountered this still good to know but

I'm just saying that I don't know why

it's listed in here because it's

definitely not on the exam but it is a

good thing to not the basic level

understand the concept of right sizing

um and maybe I'll go back and make a

slide on that CU I don't think I

actually make a deliberate slide on that

but I think what they mean there is

understanding uh like how horizontal

scaling and stuff uh stuff like that

works but um you get no questions on the

exam for right sizing at least not from

its technical definition like that

identify benefits of

automation I think there might have been

one question of saying like hey which

one lets you automate stuff and you just

chose Cloud information but they really

don't talk a whole they don't ask a lot

of questions on the exam about IAC

infrastructure as a code identifying uh

manag ad services this is something they

do a lot in exams like describe a

service you pick it we have security and

compliance so we have the Ed shared

responsibility model you absolutely need

to know that that for sure always always

appears on the exam um customers

responsibility they'll do this a lot

they'll say like they'll give you a

scenario of um of like a typical

workload or resource and then you have

to uh determine if it's the customers's

responsibility or adab Us's

responsibility describing responsibility

the customer adus share so again this is

just all the share responsibility model

still here describing how itus respons

responsibilities and customer

responsibilities can shift depending on

the the service used so yeah this is

basically the share responsibility model

understand the cloud security governance

compliance so uh a compliance governments

governments

Concepts benefits of cloud security

they don't really talk about that uh

They Don't Really directly ask that in

the exam but yes we do cover that where

to capture and locate logs that are

associated with Cloud security they

absolutely do not ask that on the exam

I'm not sure why that's here um identify

where to find A's compliance information

that will absolutely be on the exam

understanding compliance needs among

Geographic locations and

industries sure I mean they're talking

about we have a slide in this in the um

Global infrastructure but it's um

like data sovereignty and like gov cloud

and things like that describing how

customers secure resources for ads so

just generally knowing the security

services y that absolutely is on the

exam identifying different encryption

options um I never got this on my exam I

never heard of anyone else getting this

but um if they are going to talk about

this they're probably going to talk

about it around

S3 recognizing services that Aid in

governance and compliance absolutely

absolutely for sure that the you will

get questions around uh things like fips

or Hippa or like common common

compliance certifications not specific

datab best but just in general um here

they're just talking about specific

Security Services this is kind of a

repeat of what they're talking about up

here um but there's the same there's

identity service governance service it's

all the same thing here recognizing

compliance requirements that uh vary

among ad Services sure identify itus

management capabilities so they're

talking about IM am um the itus root

account we got it uh separate slide on

that uh principal of lease privilege

absolutely absolutely will they will ask

that there a single sign on also known

as Adis am identity Center I don't know

anyone who's gotten this as a question

on their

exam but uh it's we got a slide for

it understanding access Keys yep we

cover that PO uh password policies

credential storage Secrets manager

systems manager um just a bunch of stuff

identify components and resources of

security describing a security features

so acl's uh ad US wff security groups

they really don't ask these on the exam

so I'm just trying to make a point that

they're asking for all this stuff and

they don't even it doesn't even show up

in the exam so um and you know we can

just keep going and going through this

and I could keep telling you what is and

isn't but if you go down below it gets

even crazier because they go any of this

stuff could show up in the exam it's

just like a big list it's

crazy so you know I know that seems

stressful but you know just follow

follow follow me uh in this course and I

you will absolutely pass if you go

through my content you'll have no issue

there and we'll avoid all the stuff that

doesn't show up and don't stress out

about this exam guide now let's go take

a look here and see where the rebalance

has changed so notice here that this

went from 26% to 24% they never used to

do this so I really appreciate this is

now in the exam guide but we got 25 to

30% 33 to 34% 16 to 12% why they would

reduce this one I don't know but it is

is a shuffle whatever um they of course

increased uh the technology section more

and did some basic rewarding support

should have always been in there so it

was always under that section but uh

it's nice that they labeled it as such

um so notice here it says no content was

deleted from the exam and um this was

the largest struggle for me for the

certification because I already made all

the content for the last one my old one

is not expired and I was struggling

because I already had this as well this

is the only thing that they added that

was new to the certification and then

they just rework these numbers here and

so um you know I just I added I did add

more I added more Labs I added more um

other stuff there but I'm just going to

say like I don't know why they did an

update from co1 to CO2 because barely

anything changed now I shouldn't say

that the exam questions did change I

noticed that the exam questions um the

quality of them kind of uh have dropped

I wondering if they're using generative

AI to generate out questions or or

something but um there's something the

quality of questions are are definitely

um different and I would say that

they're more uh they're not worded as

clearly as they used to be for whatever

reason um but anyway you'll still be

okay it's totally fine uh

recategorization of clf CO2 and so they

just did a shuffle of um of these points

and I again I really don't think that

the the new one is better how useful is

this exam guide I should probably give

them survey feedback but anyway just

give you an idea how much stuff there is

in here do not stress out just stick

with the course you'll absolutely pass

uh and uh you know hopefully that gives

you uh some better confidence there but

we'll see you in the next one uh chiao [Music]

[Music]

chiao hey this is Andrew Brown from exam

Pro and what we're looking at here is a

free practice exam that I provide with

you uh for this course and all you have

to do is sign up on exam Pro you don't

even need to credit card and you can

redeem uh the free available content

here and this is really up to date and

very well simulates what you will see on

the actual exam and it's a full set full

65 questions so you're getting a real

simulation here but what I'm going to do

is just start it off here we're not

going to do the whole thing I'm just

going to click through and show you a

couple of them so you have an idea um

the level of difficulty these questions

are so the first question we got

presented with here is which a support

plans provide access to the seven core

for trusted advisor checks and so that

is a question that you might need to

answer I don't want to spoil this for

you so I'm not going to tell you the

answer I will go to the next one so a

large accounting firm wants to utilize

OS to store customer accounting

information in archive storage and must

store this information for 7 years due

to Regulatory Compliance which dat

service meets this requirement so the

first one you'll notice this one is

multiple choice or sorry multiple

answers so you have to select multiples

before you can submit your answer and

the next one here is is just a single

choice so those are the two types of

questions you will see on the exam

they're not going to ask you anything

about coding you're not going to see any

kind of code um in terms of length

that's pretty much what we'll see in

terms of the uh questions I think in

many cases I wrote a little bit more

more like um in the style the solutions

architect associate to make it slightly

more difficult just so that you're a

little bit overprepared so if you do

well on these practice exams you're

going to do uh well on the real exam

okay okay so I just wanted to kind of

get you that exposure there [Music]

[Music]

okay hey everyone it's Andrew Brown and

I have opened our exam simulator this is

on the exam Pro platform and this is the

freet uh that I promised uh folks in the

course so no cost to go get this one you

just have to sign up and and access it

but the reason I have it open is because

I really want to talk about a very

specific type of question that we've

included in here that will not appear on

your exam

so uh for those who are familiar with

Azure certifications um at the associate

level or higher there's this question

type called a case study and what a case

study is I'll I'll just pull it up here

but I believe uh in this randomization

of this practice exam set I think it's

this one here but what a case study is

it gives you a scenario that you have to

read through or a a a case study about a

company so you read about the company

you look at the objective its

requirements and constraints this stuff

can all be different there could be

diagrams all sorts of stuff in here but

the idea is that you are contextualizing

a business use case and they're going to

be asked a series of questions uh

multiple choice multiple select and it

all ties back to that case study so the

reason we included this is that um we

believe that this is going to give you

better comprehension and a higher chance

of passing so it's not going to appear

in your exam but we include it uh as an

extra challenge to you so that you have

um a higher chance of passing now if you

don't like this we do have other

practice exams they of course are paid

that uh that are just the normal style

which is all multiple choice multiple

select for um this this course the cloud

practitioner um but you know we do have

them in half of the practice exam sets

because uh again I think that it's going

to be good for you so hopefully you see

that as a bonus but I just wanted to

give you a heads up um about this uh

because you'll encountering me like what

the heck is this um the other thing I

want to point out is that when you enter

a case study it's like having a mini

exam within your exam so once you've

answered all these questions uh you

can't go back and and um you can while

you're within the case study but if you

get to the end of this and submit the

case study you can't go back and update

it so just be aware of that um and you

know again hopefully you like this we

love feedback to hear what people like

but it's just they always appeared in

Azure exams and uh we want to see them

in ad us ones as well because I think

they're just really good for uh testing

your knowledge but anyway we'll see you

in the next one okay ciao [Music]

[Music]

hey everyone it's Andrew Brown your

favorite Cloud instructor and what I

want to do in this video is to show you

um a unique feature that is in our

platform um just in case you come across

it while you're while you're uh doing

the materials I can't remember if it's

in the free or paid tier I believe it's

in the paid tier so I'm not trying to

upsell anyone but I just want to make

sure people are aware of that while they

are um taking this course but sometimes

what you'll see in the follow along so

like for example we have S3 down here

here which is for uh Cloud simple

storage uh and I don't have them always

included in the videos but um at some

point I might do that but the idea is

that um we have these validators and

validators what they can do is they can

verify uh whether you actually have uh

the resources uh deployed in your cloud

account um so it's like an additional

check to make sure that you did it right

so for example we have this one for S3

so it says set up an S3 bucket it is

account validation so this tool perform

perms an automated check on your

personal cloud infrastructure to confirm

its alignment with the build project

requirements make sure you input precise

values for your infrastructure

components so let's go through that and

show you this I'm showing this as an

example but you know you'll see them in

other in other follow alongs and lookout

for for that stuff I believe in the

to-do it'll even show it uh here so if

you watch the video and you watch it to

the end or you press that button there

but you'll get your your uh your star uh

for that but the way it works let's go

through it so the first thing is I want

to uh click on this new run button and

then what we'll do is we'll have an

agreement so this agreement is

confirming that you understand that you

are using your own cloud account uh and

we are going to uh need to get readon

access to it and just understand that

you are using uh you're providing us

access to account that is your own

account and it's not your company's

account because obviously we don't want

to get in trouble for accessing data

that we're not supposed to have and you

don't want to get in trouble for that so

that's just a a friendly reminder so I'm

going to click the I agree and the

accept the next thing it's going to ask

for is your adus account ID the region

that you're deploying in and then it

there might be additional uh parameters

that it wants to know so that we can

test against it so what I'm going to do

is just log into my adus account it'll

just take me a moment and we'll fill

this out for real okay now of course I'm

filling out this example here but I just

want to point out that um uh you know

you're just going to have to follow this

procedure and it'll be slightly

different for each one uh for that okay

be back in just a second all right so

I'm logged into

and uh one of my ad accounts I have a

lot of them I think this one is my

developers one so uh for this particular

follow long you would have created an S3

bucket right and so um what I'm going to

do here is go to S3 and I already know

what to do so it's not too hard for me

but I'm going to go ahead and create

myself a new bucket I'm going to make

note of the region that I'm deploying in

so S3 is a bit unique because it shows

Global but you are still deploying to a

specific region so we'll go ahead and

create that bucket I'm just going to say

my validator bu it as a test notice

where it's deploying Us East one I could

change that to anything else like ca

Central um I am in Canada so doesn't

hurt to deploy where I am and we'll go

here and go all the way down and I'm

going to go and create this bucket okay

so um that bucket name was I forget it

was like something like validator and so

what I need to do is copy that name

we'll go back over here and so it's

asking for the bucket name so there's

the bucket name we need the it account

ID that always appears in the top right

corner and they have a nice um clipboard

button there to get that in there and

the region so we deploy that in CA

Central 1 so it says there CA Central

one you're always using this uh

programmer's name not the full name but

this this fun handle you can see them

all here on the right hand side if

you're not sure about that but what

we'll do is go back over here we'll

paste in that user region and so what

this is going to do is create a um a

cloud formation template that's going to

give access to us to uh your account so

we'll go ahead and hit save and continue

and so now we uh We've inputed our

parameters those have been saved and now

it's saying we need to access your Cloud

resources so we want you to generate

this cloud formation template we're

going to press the button we'll wait a

moment and we can either download this

template or use the ads CLI to run it um

the CLI command is a lot easier to use

and I'm going to recommend that you

always do that and uh so what we're

going to do is generate out this CLI

command and we're going to get this

oneline command and I'm going to go back

over to AWS sorry I know I'm going

really fast but it's just how it is and

at the top left corner we have this

little button here that's for cloud

shell we're going to open it up I know

coding scary but it's really important

to get as much coding experience or

scripting as you can so strongly

recommend you follow along here but uh

it's going to open up and once it's it's

open we can paste that in now sometimes

this wants to have some kind of EBS

storage so you might have to say yes and

wait a little bit um that's just the

norm for cloud storage but I'm going to

go back here I'm going to copy this

command okay and we're going to go back

over here I'm going to right click and

paste and uh this always happens when

there's a multitext line we got a pop up

here and we're just going to review it

looks good so notice it has a template

URL so that's the template it's pulling

in um there's temporary credentials to

uh to allow that uh it's going to create

a stack name called exam Pro validation

and it's going to say capability I named

I am now this might fail because I've

done it before but we'll go ahead and

paste it in I'm going to hit enter

and it looks like it's creating the

stack so we'll go over to cloud

here and I'll just get this out of the

way I don't want that open right now and

so I'm just going to give this a

refresh and did that create that right

now that was the name of the stack right

exam Pro validation that is correct and

if I go over

here uh what's the date today I don't

even know

cuz that might be an older date I mean

it's November so I I don't think that

one worked because I already had it uh

working there before um so what I'm

going to do

here I'm going to go ahead and delete

this one okay so I just want to point

out like if you're doing multiple

validators in the system you always have

to roll it back tear it down okay like

the old one so I'll delete that one

again because I just don't have a strong

confidence that it was actually deployed

so I'll be back in just a moment as it

tears down

all right it actually did uh finish

tearing down so that is um there but I'm

going to go back here I'm going to

attempt to run this command again so go

ahead and copy this and I will paste it

in again we'll say paste and I'll hit

enter and uh says already existed in the

sack well what are you talking about

it's definitely uh definitely not there

that's what I thought I would get as an

error the first time

around so this is CA Central 1 oh you

know what it is I'm in North Virginia so

you got to be very careful with your um

your regions so I go over

here so I I did I did delete one that

was from another one that's why I was

confused because I thought it already

existed I have to delete it out th this

is normal and Cloud right so just

understand that when I do follow alongs

I don't edit out the tricky Parts

because I know it makes it a little bit

confusing but it really does help to uh

demonstrate uh how confusing Cloud can

be and how to work through those

problems but over here see Central so

this is deployed 11:15 that's the date

that I've deployed this on so that makes

sense uh here uh so we just got to be

very uh aware of that so this is in C

Central one uh but we'll go back over

here and so this is done so we know that

it's done because it's here it's in the

region that we expected to be in so now

the uh the permissions are done we can

run the polar so what the polar is going

to do is it's now going to pull data

from your account uh uh and that way

we're going to uh be able to then

validate whether things are correct so

we'll go ahead and run the pull and

notice it says S3 API list buckets it

flashed it really quickly but the way

this tool works is it's actually using

the adus CLI underneath so I'm just

going to go ahead and just show you what this

this

is uh and just show you a quick

reference here so the C is a pratic way

to um uh access uh information uh for

eight of us we probably show that

somewhere in this course and so the

command was running I believe was I

should know I coded this was S3

API and then it was like list

buckets uh list buckets so that's the

command it ran so really what the

validator did it it did ads S3 API list

buckets okay and if you notice this it

returns back Json so we get back the

payload that's what we are storing in

our own itus account which by the way we

delete after a period of time I don't

remember how much time but we don't hold

on to your data for cuz we don't really

want it um but yeah so here it's

returning back that data and so

somewhere in here that there the the

buckets in here right so we've pulled

that data and it's there and so now we

can run the validator we'll click run

validator and it's super fast because we

already have the data downloaded and

it's doing one check here so it says

should have bucket matching name so you

can see it's it's doing it's loading

from a Json file that's called S3 API

list buckets we always name our the Json

files after the commands and it's

looking through buckets so if we go over

here all the top here for a moment you

can see buckets so it's looking with in

this array and it's trying to match a

name called my validator bucket which

which which you provided to

us so somewhere in here I have a lot of

buckets in this account somewhere in

here uh there it is it's there and so

that's how that works um but yeah just

look out for those validators um and uh

try to run them and and validate that uh

you are able to uh do this stuff okay

but we'll see you in the next one okay

ciao oh wait wait wait wait wait wa wait

I didn't show you how to clean up I'm

just running off screen here so once you're

you're

done uh what you can do is you can go

over to cloud formation here and you

should do this is go ahead and delete

the stack okay um because that's going

to tear down the permissions so that we

no longer have access to your account um

so that's kind of an important thing to

do um but uh we'll go ahead and the

other thing about these permissions is

that we're only asking for exactly what

we need access to so in this in this uh

permissions it only generate up to get

access to uh the S3 bucket specifically

what we're accessing for so even if you

left it up it's usually okay it's safe

but um you know if there's no reason for

us to have access anymore you should all

obviously delete it um but yeah that one

is now gone and so now we are absolutely

done I'm going to go ahead and just

close this out here but yeah hopefully

uh that makes it pretty clear how

validators work in our system and you

see the benefit uh to getting that uh

check in your real account [Music]

[Music]

ciao hey this is Andrew Brown from exam

Pro and we are at the start of our

journey asking the most important

question first which is what is cloud

computing so cloud computing is the

practice of using a network of remote

servers hosted on the internet to store

manage and process data rather than a

local server or personal computer and so

when we're talking about on premise you

own the servers you hire the IT people

you pay or rent the real estate you take

all the risks but with a cloud provider

uh someone else owns the servers someone

else hires the IT people someone else

pays or rents the real estate and you

are responsible for configuring cloud

services and code and someone takes care

of the rest of it for you [Music]

[Music]

okay so to understand cloud computing we

need to look at the evolution of cloud

hosting going all the way back to 1995

where if you wanted to host your website

or web app you'd have to get a dedicated

server so that would be one physical

machine dedicated to a single business

running a single project a site or an

app and as you can imagine these are

expensive because you have to uh buy out

right the hardware have a place to store

it the network connection having a

person to maintain it um but it did give

you a guarantee of high security um and

they still do as of today so this model

hasn't gone away but it's been

specialized for a particular use case

then came along the virtual private

server so the idea is we still had one

physical machine but now we were able to

subdivide our machine into submachines via

via

virtualization and so essentially you're

running a machine within a machine and

so you had better utilization of that

machine um running multiple web apps as

opposed to having a physical machine per

project so you got better utilization

and isolation of resources and so uh

these two options still required you to

purchase a machine machine a dedicated

machine and so that was still kind of

expensive but then came along shared

hosting and so if you remember uh the

mid 2000s like with GoDaddy or HostGator

or any of those sites where you had

really cheap hosting the idea is that

you had this one physical machine shared

by hundreds of businesses and the way

this worked it relied on uh tenants

underutilizing their resources so you

know you wouldn't have a submachine in

there but you'd have a folder with

permissions that you could use um and so

you would really share the cost and this

was very very cheap um but you were

limited to whatever that machine could

do and you were very restricted in terms

of the functionality you had and there

was just poor isolation meaning that you

know if one person decided to utilize

the server more they could hang up all

the all the websites on that single

server then came along Cloud hosting and

the idea is that you have um multiple

physical machines that act as one system

so this is distributed computing and so

the system is abstracted into multiple

cloud services

and the idea is that you basically get

the advantages of a lot of the things

above so it's flexible you can just add

more servers um it's scalable it's very

secure because you get that uh virtual

isolation you get it extremely at a low

cost because you're sharing that cost

with the users where in the shared

hosting it might be hundreds of

businesses we're looking at thousands of

businesses and it was also highly

configurable because it was a full

virtual machine now uh Cloud actually uh

still includes all of these types of of

Hosting they haven't gone away uh but

it's just the idea that you now have

more of a selection for your use case uh

but hopefully that gives you an idea uh

what cloud hosting looks like and it

really has to come down to distributed computing

computing [Music]

[Music]

okay hey this is Andrew Brown from exam

Pro and before we talk about AWS we need

to know what is Amazon so Amazon is an

American multinational computer

technology corporation headquartered in

Seattle Washington and so this is the

Seattle skyline with the Bas needle and

Amazon was founded in 1994 by Jeff Bezos

and the company started as an online

store for books and expanded to other

products so as you can see this is Jeff

Bezos a long time ago and he has this

interesting spray painted sign and his

desk is held up by cinder blocks and it

looks like his uh desk is like an old uh

table or something and he's working

really late and he used to be a

millionaire at this time and he would be

driving into work in his Honda Accord

because you know he just his motivation

was always to put all the money back in

the company so it really shows that he

worked really hard and it did pay off

because Amazon has expanded uh Beyond

just an online Ecommerce store into a

lot of different things such as cloud

computing which is Amazon web services

Digital streaming such as Amazon Prime

video Prime music they bought twitch.tv

they owned the Whole Foods Market

grocery store they have all this

artificials intelligence they own low

orbit satellites uh and a lot more stuff

it's hard to list at all and so Jeff

Bezos today is not the um the CEO it's

actually Andy jasse is the current CEO

of Amazon he was previously the CEO of

AWS so Jeff Bezos can focus on space

travel so there you [Music]

[Music]

go hey this is Andrew Brown from exam

Pro and we are taking a look at Amazon

web services and this is the name that

Amazon calls their cloud provider

service and it's commonly referred to

just as AWS so here is the old logo

where we see the full name and here is

the new logo but I like showing the old

logo because it has these cubes which

best represent what AWS is and it is a

collection of cloud services that can be

used together under a single unified API

uh to build uh a lot of different kinds

of workloads so adus was launched in

2006 and is the leading cloud service

provider in the world I put an aster

there because technically uh adus exist

before 2006 and a cloud service provider

uh which is what adus is is often

initialized as CSP so if you hear me

saying CSP I'm just saying cloud service

provider okay so just time to look at

the timeline of when Services rolled out

the first one came out in uh 2004 it was

simple Q service sqs and this service

still exists as of today but at the time

it was the only service that was

publicly available so it wasn't exactly

a cloud service provider at this time

and it was neither ads it was just sqs

but then a couple years later we had

simple storage service also known as S3

which was launched uh in March of 2006

and then a couple months later we had

elastic compute Cloud also known as ec2

um and ec2 is still uh like the most

used service within AWS and is like the

backbone for pretty much everything

there then in 2010 it was reported that

all of amazon.com's retail sites had

migrated to AWS so even Amazon was using

ads uh Full Steam and to support

industrywide training and and skill

standardization ads began offering a

certification program for computer

Engineers on April 2013 uh and this is

the type of certifications that we are

doing as we speak um so I just want you

to know that ads was the one leading uh

Cloud certifications and we just want to

take a look here at the executive level

as of today the CEO is Adam he's the

former CTO of Tableau and he spent a

decade with adus as a VP of Marketing

sales and support so he was there he had

left for a bit and now he is back then

we have uh wner and he's the CTO of AWS

he's been uh the CTO for pretty much the

entire time aw existed with the

exception of some time of the first year

he's famous for uh quoting everything

fails all the time and then there's Jeff

bar who's the chief evangelist so um if

you're ever wondering who is writing all

the blog posts and talking about anys

[Music]

all right so what I want to do here is

expand on what is a cloud service

provider also known as a CSP just

because there's a lot of things out in

the market there that might look like a

CSP uh but they actually are not so

let's go through this list and see what

makes a CSP so this is a company which

provides multiple cloud services ranging

from tens to hundreds of services those

cloud services can be chained together

to create cloud architectures those

cloud services are accessible via a

single unified API so in ad's cases that

is the adus API um and from that you can

access the CLI the SDK the Management

console those cloud services utilize

metered building based on usage so this

could be per second per hour uh vpcu

memory storage things like that those

cloud services have Rich monitoring

built in so you know every API action is

tracked and you have access to that so

this case it's a cloud trail and the

idea here is those cloud services have

infrastructure as a service offering so

IAS that means they have networking

compute uh storage databases things like

that those cloud services offers

automation via infrastructure as code so

you can write code to set everything up

and so here's just kind of a example of

an architecture where we have a very

simple uh web application running on ec2

behind a load bouncer with the domain

with r 53 but the idea is just to show

you that you know you're changing these

things together if a company offers

multiple cloud services under a single

UI but do not meet most of or all of

these requirements it would just be

referred to as a cloud platform so when

you hear about twilio or Hashi Corp or

datab bricks those are Cloud platforms

and adab US Azure gcp are cloud service providers

providers [Music]

[Music]

okay all right let's take a look here at

the landscape of CL service providers

this is generally broken down into tier

one tier 2 tier three but I've modified

it to give each tier its own name as I

don't like to think of them as rankings

and more so that uh these cloud service

providers are specialized uh for a

particular thing um and I've also added

a fourth tier because you know the

internet has always talked about three

tiers but there really is a fourth tier

and I wanted to make sure we had uh the

full scope here included so in the top

tier you're going to recognize uh some

common names there Amazon web service

Microsoft Azure Google Cloud platform

and Alibaba cloud in North America and

Europe uh adab us Azure and gcp are

known as The Big Three um but Alibaba

cloud is huge as well if you're in the

Asia region specifically China so it's

really just going to be dependent on

where you live where uh which are

considered the most um commonly known or

popular uh but we'll talk about that

here in a moment but the reason um I

call tier one top tier is that these are

you know very well-known providers

they're ear early to Market they have

strong synergies between their services

um they're just really good cloud

service providers you cannot go wrong

with uh these providers then we have our

tier two or I would call our mid- tier

uh these are backed by really well-known

tech companies but I would just say that

um their ability to become top tier uh

did not work out the way they planned so

IBM at one point was looking to be a top

tier provider um but they just did not

keep up with um AWS and and they just

slipped into this mid tier and kind of

specialized at least for a while into ml

AI services and now they're just more

like very expensive um Enterprise uh managed

managed

infrastructure for their existing

clientele Oracle um very very

inexpensive that's their play they try

to uh be the cheapest but their uh

service um overall is not uh fun to use

interestingly enough believe Microsoft

Azure was just signing a contract to use

Oracle Cloud so it's not unusual for

some of these cloud service providers or

these organizations to use other

providers because they want to use their

Global infrastructure but uh yeah Oracle

cloud is uh not doing that great there

are other ones in the Asia region like

Hawaii cloud and 10cent Cloud I honestly

don't know a whole lot about them but

they do show up on the magic quadrant so

it's possible in the Asia region that

these are are the big three and uh AWS

Azure and gcp do not play a larger role

but from our perspective I put them into

that mid tier because they just don't

have Global uh awareness or Global um

market dominance like the other three uh

up there looking at the light tier uh

these were traditionally virtual private

servers so they just specialized in that

and they turn to offer more core

infrastructure service offerings so we

have a vulture we saw it was pronounced

voler but it's actually vulture digital

ocean and aimi connected Cloud which was

formerly known as Leno or lenoe um so

they merg their companies together and I

mean they want to be like a cloud

service providers but they're very very

light in terms of their offering so um

you know they'll have things like

serverless and being able to run uh

kubernetes cluster and some cloud

storage and stuff but they won't have

things like um the the same level of of

event driven um metered billing or or

other kinds of uh functionality that you

you come to expect in the top tiers but

you know if you're working with a

smaller organization they are a lot

simpler to uh to utilize so they are a

great introduction to Cloud for

companies that find the top tier uh too

complex and then looking at the fourth

tier I call this the private tier this

is basically software that you can

deploy onto your own uh machines and

your data centers to get the same same

kind of um functionality that you would

if you were using let's say adabs or any of these other providers and um you know

of these other providers and um you know previously I would put open stack into

previously I would put open stack into the mid tier because in a sense that it

the mid tier because in a sense that it was kind of like a cloud service

was kind of like a cloud service provider that was using uh quite a bit

provider that was using uh quite a bit but I didn't feel like it had had good

but I didn't feel like it had had good fit there so that's why we made this a

fit there so that's why we made this a fourth tier and we have a few different

fourth tier and we have a few different softwares we have open stack apachi

softwares we have open stack apachi Cloud stack those are both open source

Cloud stack those are both open source and there's VMware vpar I have an aster

and there's VMware vpar I have an aster there because it's not really the same

there because it's not really the same thing but it is used a lot everywhere to

thing but it is used a lot everywhere to manage a lot of virtual machines and so

manage a lot of virtual machines and so I I kind of feel like it should fit in

I I kind of feel like it should fit in there but that gives you kind of an idea

there but that gives you kind of an idea of the landscape of cloud and we'll see

of the landscape of cloud and we'll see you in the next

you in the next [Music]

[Music] one so how do we determine who is the

one so how do we determine who is the leader in Cloud well one way of

leader in Cloud well one way of indicating that is the Gardner magic

indicating that is the Gardner magic quadrant for cloud so the magic quadrant

quadrant for cloud so the magic quadrant is a series of market research reports

is a series of market research reports published by the IT consulting firm Gard

published by the IT consulting firm Gard that rely on proprietary qualitative

that rely on proprietary qualitative qualitative data analysis methods to

qualitative data analysis methods to demonstrate market trends such as

demonstrate market trends such as Direction maturity and participants so

Direction maturity and participants so it says a series of reports uh but the

it says a series of reports uh but the only thing I've ever seen are these

only thing I've ever seen are these Graphics where they show um a uh the the

Graphics where they show um a uh the the quadrant it's a it's a diagram that

quadrant it's a it's a diagram that summarizes all the information so I

summarizes all the information so I think you have to you might have to pay

think you have to you might have to pay to access uh the reports um because it's

to access uh the reports um because it's definitely not just uh publicly

definitely not just uh publicly accessible knowledge and I don't think

accessible knowledge and I don't think they would show all of uh how this stuff

they would show all of uh how this stuff is calculated but uh let's just take a

is calculated but uh let's just take a look at this graphic here so notice we

look at this graphic here so notice we have challengers in the top left corner

have challengers in the top left corner leaders in the top right corner in the

leaders in the top right corner in the bottom left corner we have Niche players

bottom left corner we have Niche players and then in the bottom right corner we

and then in the bottom right corner we have Visionaries so the idea here is

have Visionaries so the idea here is that The Closer you are to this top

that The Closer you are to this top Corner uh the better you are doing and

Corner uh the better you are doing and the one that is closest to it is Amazon

the one that is closest to it is Amazon web services followed with Microsoft

web services followed with Microsoft pretty close uh in second Google to the

pretty close uh in second Google to the left Alibaba Cloud next Oracle and we

left Alibaba Cloud next Oracle and we have IBM 10cent and Hawaii and there are

have IBM 10cent and Hawaii and there are other players but they are so small that

other players but they are so small that they are not showing up there and we

they are not showing up there and we showed that in the landscape of csps or

showed that in the landscape of csps or um maybe this is only for first they

um maybe this is only for first they consider what we call First tier or top

consider what we call First tier or top tier cloud service providers it's really

tier cloud service providers it's really useful to look at last year's uh mq and

useful to look at last year's uh mq and to see how things have moved so it looks

to see how things have moved so it looks like uh it uh Microsoft has shifted a

like uh it uh Microsoft has shifted a little bit forward here and gone a

little bit forward here and gone a little bit closer to

little bit closer to Google has cifically moved up and um

Google has cifically moved up and um Alibaba Cloud it seems to be moving more

Alibaba Cloud it seems to be moving more uh to the right um and again I'm just

uh to the right um and again I'm just showing what their movements were from

showing what their movements were from this year to that year so they are over

this year to that year so they are over here now Oracle is way over here now and

here now Oracle is way over here now and for whatever reason Huawei cloud is on

for whatever reason Huawei cloud is on the board so it's interesting to see how

the board so it's interesting to see how they move another thing that's um

they move another thing that's um interesting here is that this one is

interesting here is that this one is 2022 of June and this one is July of

2022 of June and this one is July of 2021 and

2021 and right now as the time I'm recording this

right now as the time I'm recording this video it's 2023 near the end of the year

video it's 2023 near the end of the year um and I could not find a 2023 one so

um and I could not find a 2023 one so even if it says June or July they will

even if it says June or July they will release these out in October November

release these out in October November Etc way later in the year and so for

Etc way later in the year and so for whatever reason they have yet to make um

whatever reason they have yet to make um the latest one available so I'm still

the latest one available so I'm still curious to see what that is here so I'm

curious to see what that is here so I'm just giving you the information that we

just giving you the information that we have but you can look at this stuff um

have but you can look at this stuff um basically on the the Garder website if

basically on the the Garder website if you want to see

you want to see um any of these magic quadrants for any

um any of these magic quadrants for any of the industries there and what I find

of the industries there and what I find is that if a compan is doing really well

is that if a compan is doing really well they'll always post it on their website

they'll always post it on their website so it's very easy to find the uh Magic

so it's very easy to find the uh Magic quadrant for cloud on the a website

quadrant for cloud on the a website because they're the leader so they

because they're the leader so they definitely want to show that there uh

definitely want to show that there uh but yeah there you

but yeah there you [Music]

[Music] go so a cloud service provider can have

go so a cloud service provider can have hundreds of cloud services that are

hundreds of cloud services that are grouped into various types of services

grouped into various types of services but the four most common types of cloud

but the four most common types of cloud services for infrastructures of service

services for infrastructures of service uh and I call these the four core would

uh and I call these the four core would be compute so imagine having a virtual

be compute so imagine having a virtual computer that can run applications

computer that can run applications programs and code networking so imagine

programs and code networking so imagine having virtual Network defining internet

having virtual Network defining internet connections or network isolation between

connections or network isolation between services or outbound to the internet

services or outbound to the internet storage so imagine having a virtual hard

storage so imagine having a virtual hard drive that can store files databases so

drive that can store files databases so imagine a virtual database for storing

imagine a virtual database for storing reporting data or a database for general

reporting data or a database for general purpose web applications and uh AWS in

purpose web applications and uh AWS in particular has 200 plus cloud services

particular has 200 plus cloud services and I want to clarify what cloud

and I want to clarify what cloud computing means because notice that we

computing means because notice that we have cloud computing Cloud networking

have cloud computing Cloud networking cloud storage Cloud databases but the

cloud storage Cloud databases but the industry often just says cloud computing

industry often just says cloud computing to refer to all categories even though

to refer to all categories even though uh it has computer in the name so just

uh it has computer in the name so just understand when someone says cloud

understand when someone says cloud computing uh they don't just generally

computing uh they don't just generally mean the subcategory they're talking

mean the subcategory they're talking about all of cloud okay

about all of cloud okay [Music]

[Music] so adus has a lot of different cloud

so adus has a lot of different cloud services and I just want to kind of go

services and I just want to kind of go quickly over the types of categories

quickly over the types of categories that we can encounter here and just

that we can encounter here and just mention the four core so any CSP that

mention the four core so any CSP that has IAS will always have these four core

has IAS will always have these four core service offerings we have computes so

service offerings we have computes so Nat this would be ec2 VMS storage this

Nat this would be ec2 VMS storage this could be something like EBS virtual hard

could be something like EBS virtual hard drives database so that could be RDS SQL

drives database so that could be RDS SQL databases networking and content

databases networking and content delivery but really it's networking uh

delivery but really it's networking uh and this would be VPC so private Cloud

and this would be VPC so private Cloud Network okay so uh let's just look at

Network okay so uh let's just look at all the categories that are outside the

all the categories that are outside the four core so there could be analytics

four core so there could be analytics application integration arvr ads cost

application integration arvr ads cost management blockchain business

management blockchain business application containers customer

application containers customer engagement developer tools and user

engagement developer tools and user Computing game Tech iot Machine Learning

Computing game Tech iot Machine Learning Management governance Media Services

Management governance Media Services migration uh and transfer mobile Quantum

migration uh and transfer mobile Quantum technology s robotics satellites

technology s robotics satellites security identity and compliance if

security identity and compliance if there was more I would not be surprised

there was more I would not be surprised but you can see there's a lot of stuff

but you can see there's a lot of stuff that's going on

here so let's take a look at all the ITA services that are available to us so if

services that are available to us so if you're on the marketing website which is

you're on the marketing website which is adab.

adab. amazon.com what you'll see in the top

amazon.com what you'll see in the top left corner is products and so these are

left corner is products and so these are all the categories and for whatever we

all the categories and for whatever we want if it's like ec2 we can go into

want if it's like ec2 we can go into here and we can read all about it so

here and we can read all about it so usually we'll have our overview all

usually we'll have our overview all right and that's not very useful and

right and that's not very useful and then we'll go over to features and so

then we'll go over to features and so this is can be kind of useful to get

this is can be kind of useful to get some basic information and pricing which

some basic information and pricing which is something you'll do a lot in AWS is

is something you'll do a lot in AWS is you're always going to be going to a

you're always going to be going to a service looking up its price and so

service looking up its price and so you'll make your way over uh here every

you'll make your way over uh here every single one is different uh a very

single one is different uh a very important page would be like getting

important page would be like getting started so this will give you basic

started so this will give you basic information but what I do is I like to

information but what I do is I like to go all the way down to the bottom here

go all the way down to the bottom here and find my way over to the

and find my way over to the documentation so I'll go here to

documentation so I'll go here to documentation to get that deeper

documentation to get that deeper knowledge about that service and as you

knowledge about that service and as you can see things get pretty deep with AWS

can see things get pretty deep with AWS in terms of the information they have so

in terms of the information they have so hopefully that gives you an idea of the

hopefully that gives you an idea of the scope also when you're logged into AWS

scope also when you're logged into AWS and this will be when we create our

and this will be when we create our account uh you can explore all the

account uh you can explore all the services this way as well so these are

services this way as well so these are all the ad Services uh but you just

all the ad Services uh but you just notice that there's two ways to uh

notice that there's two ways to uh explore them where this is actually you

explore them where this is actually you just actually utilizing the services and

just actually utilizing the services and then the marketing website is you

then the marketing website is you reading about them and learning all

reading about them and learning all about them

about them [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are looking at the evolution

Pro and we are looking at the evolution of computing your cloud service provider

of computing your cloud service provider has all of these offerings and the idea

has all of these offerings and the idea is that you need to choose the one that

is that you need to choose the one that meets your use case a lot of times this

meets your use case a lot of times this all has to come around the utilization

all has to come around the utilization of space that's what we're trying to

of space that's what we're trying to illustrate here in this section here and

illustrate here in this section here and the trade-offs of why you might want to

the trade-offs of why you might want to use some of these offerings okay for

use some of these offerings okay for dedicated we're talking about a uh a

dedicated we're talking about a uh a physically a physical server wholly

physically a physical server wholly utilized by single customer that's

utilized by single customer that's considered single tenant and uh for

considered single tenant and uh for Google Cloud we're talking about um

Google Cloud we're talking about um single node clusters and bare metal

single node clusters and bare metal machines where you have control of the

machines where you have control of the virtualization so you can install any

virtualization so you can install any kind of hypervisor or virtualization you

kind of hypervisor or virtualization you wanted the system the trade-off here

wanted the system the trade-off here though is that you have to guess upfront

though is that you have to guess upfront what your capacity is going to be and

what your capacity is going to be and you're never going to 100% utilize that

you're never going to 100% utilize that machine because it's going to have to be

machine because it's going to have to be a bit under in case the utilization goes

a bit under in case the utilization goes up that's you're choosing the CP use and

up that's you're choosing the CP use and the memories you're going to end up

the memories you're going to end up overpaying because you're uh you'll have

overpaying because you're uh you'll have under underutilized server uh it's not

under underutilized server uh it's not going to be easy to vertically scale

going to be easy to vertically scale it's not like you can just say resize it

it's not like you can just say resize it because the machine you have is what you

because the machine you have is what you have right you can't add more I mean I

have right you can't add more I mean I suppose they can insert more memory for

suppose they can insert more memory for you but that's a manual migration uh so

you but that's a manual migration uh so it's very difficult um and replacing the

it's very difficult um and replacing the server is also very difficult okay so

server is also very difficult okay so you're limited by the host operating

you're limited by the host operating system it's not virtualized so whatever

system it's not virtualized so whatever is on there is on there um and that's

is on there is on there um and that's that's what your apps are going to have

that's what your apps are going to have access to if you decide to run more than

access to if you decide to run more than one app which is not a good practice for

one app which is not a good practice for these kind of machines uh you're going

these kind of machines uh you're going to end up with uh resource sharing where

to end up with uh resource sharing where one machine might utilize more than the

one machine might utilize more than the others technically with a dedicated

others technically with a dedicated machine you have a guarantee of security

machine you have a guarantee of security privacy and full utility of the

privacy and full utility of the underlying resources I put an aster

underlying resources I put an aster there because yes it's more secure but

there because yes it's more secure but uh but it's up to you to make sure that

uh but it's up to you to make sure that it's more secure so you have that's up

it's more secure so you have that's up to your skills of security right whereas

to your skills of security right whereas if you had a virtual machine or anything

if you had a virtual machine or anything above that there's more responsibility

above that there's more responsibility on the cloud service provider to just

on the cloud service provider to just provide a secure machine and they can do

provide a secure machine and they can do a better job than you so why would you

a better job than you so why would you use a dedicated machine well maybe

use a dedicated machine well maybe you're doing high performance Computing

you're doing high performance Computing where you need these machines like very

where you need these machines like very close together and you have to choose

close together and you have to choose what kind of virtualization you need to

what kind of virtualization you need to have okay so then we're looking at

have okay so then we're looking at virtual machines the idea here is you

virtual machines the idea here is you can run a machine within a machine the

can run a machine within a machine the way that works is we have a hypervisor

way that works is we have a hypervisor this is a software layer that lets you

this is a software layer that lets you run the virtual machines uh the idea

run the virtual machines uh the idea here is now it's multi-tenant you can

here is now it's multi-tenant you can share the cost with multiple customers

share the cost with multiple customers you're paying for a fraction of the

you're paying for a fraction of the server uh you'll still end up overpaying

server uh you'll still end up overpaying for the underutilized virtual machine

for the underutilized virtual machine because a virtual machine is just like

because a virtual machine is just like you have to still say how many V vcpus

you have to still say how many V vcpus how much memory and your app is you you

how much memory and your app is you you don't want an app that uses 100% right

don't want an app that uses 100% right you want to use exactly the amount you

you want to use exactly the amount you need but you can see here you know

need but you can see here you know there's still going to be some

there's still going to be some underutilization uh you are limited by

underutilization uh you are limited by the guest operating system now but now

the guest operating system now but now it's virtualized so at least it's very

it's virtualized so at least it's very easy to uh possibly migrate away if you

easy to uh possibly migrate away if you choose to run uh more than one app on a

choose to run uh more than one app on a virtual machine it it can still run into

virtual machine it it can still run into resource sharing conflicts uh it's

resource sharing conflicts uh it's easier to export or import images for

easier to export or import images for migration it's easier to vertically or

migration it's easier to vertically or horizontally scale okay and virtual

horizontally scale okay and virtual machines are the most common and popular

machines are the most common and popular offering for compute because people are

offering for compute because people are just very comfortable with those then

just very comfortable with those then you have containers and the idea is you

you have containers and the idea is you have a virtual machine running these

have a virtual machine running these things called containers the way they do

things called containers the way they do that is similar to a hypervisor but

that is similar to a hypervisor but instead you have um like here is a

instead you have um like here is a Docker demon so it's just a um a

Docker demon so it's just a um a container uh software layer okay to run

container uh software layer okay to run those containers there different kinds

those containers there different kinds Docker is the most popular uh and the

Docker is the most popular uh and the great thing is you can maximize the uh

great thing is you can maximize the uh the the capacity because you can easily

the the capacity because you can easily add new containers resize those

add new containers resize those containers use up the rest of the space

containers use up the rest of the space it's a lot more flexible okay uh your

it's a lot more flexible okay uh your containers will share the same

containers will share the same underlying OS but they are more

underlying OS but they are more efficient than multiple VMS uh multiple

efficient than multiple VMS uh multiple apps can run side by side without being

apps can run side by side without being limited uh by the the same OS

limited uh by the the same OS requirements and not cause conflicts

requirements and not cause conflicts during resource sharing so containers

during resource sharing so containers are really good but you know the

are really good but you know the tradeoff is there a lot more work to

tradeoff is there a lot more work to maintain then you have functions

maintain then you have functions functions go an even step further and

functions go an even step further and the idea is that you uh the the

the idea is that you uh the the containers where we where we talked

containers where we where we talked about that's a lot of work to maintain

about that's a lot of work to maintain now the cloud service provider is taking

now the cloud service provider is taking care of those containers generally

care of those containers generally sometimes not it depends if it's

sometimes not it depends if it's serverless or not but the idea is that

serverless or not but the idea is that you don't even think about this is

you don't even think about this is called seress compute but you don't even

called seress compute but you don't even think about uh the OS or anything you

think about uh the OS or anything you just know that what your runtime is you

just know that what your runtime is you run Ruby or python or node and you just

run Ruby or python or node and you just upload your code and you just say uh I

upload your code and you just say uh I want this to be able to run uh uh for

want this to be able to run uh uh for this long uh and use this amount of

this long uh and use this amount of memory okay you're only responsible for

memory okay you're only responsible for your code and data nothing else it's

your code and data nothing else it's very cost effective you only pay for the

very cost effective you only pay for the time the code is running uh and VMS only

time the code is running uh and VMS only run when there is code to be executed

run when there is code to be executed but because of that there is this

but because of that there is this concept of cold starts and this is uh

concept of cold starts and this is uh where the machine has to spin up and so

where the machine has to spin up and so sometimes requests can be a bit slow so

sometimes requests can be a bit slow so there's a bit of tradeoff there but

there's a bit of tradeoff there but functions or serverless compute is

functions or serverless compute is generally one of the best offerings as

generally one of the best offerings as of today but most people are still

of today but most people are still getting kind of comfortable with that

getting kind of comfortable with that Paradigm

Paradigm [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at the

Pro and we are taking a look at the types of cloud computing and the best

types of cloud computing and the best way to represent this is a stacked

way to represent this is a stacked pyramid and we'll start our way at the

pyramid and we'll start our way at the top with SAS also known as software as a

top with SAS also known as software as a service so this is a product that is run

service so this is a product that is run and managed by the cloud service

and managed by the cloud service provider you don't have to worry about

provider you don't have to worry about how the service is maintained it just

how the service is maintained it just works and remains available so examples

works and remains available so examples of this and actually uh the first uh

of this and actually uh the first uh company to coin this was actually

company to coin this was actually Salesforce um then there's things like

Salesforce um then there's things like Gmail office through 65 so think

Gmail office through 65 so think Microsoft Word Excel things like that

Microsoft Word Excel things like that and they run the cloud okay and SAS is

and they run the cloud okay and SAS is generally designed for customers in mind

generally designed for customers in mind then came along platforms of service um

then came along platforms of service um also known as pass and these focus on

also known as pass and these focus on the development or sorry the deployment

the development or sorry the deployment and management of your apps so you don't

and management of your apps so you don't worry about provisioning configuring or

worry about provisioning configuring or understanding the hardware or operating

understanding the hardware or operating system and so here we' have things like

system and so here we' have things like elastic beant stock Heroku which is very

elastic beant stock Heroku which is very popular among developers that just want

popular among developers that just want to launch their code or Google app

to launch their code or Google app engine and that is the old logo but

engine and that is the old logo but that's the logo I like to use because I

that's the logo I like to use because I think it looks cool and so these are

think it looks cool and so these are intended for developers the idea is that

intended for developers the idea is that you just deploy your code um and the

you just deploy your code um and the platform does the rest

platform does the rest then there is infrastructure as a

then there is infrastructure as a service um there's no way to say that

service um there's no way to say that like it's easy to say SAS or pass but

like it's easy to say SAS or pass but there's no easy way to say IAS so this

there's no easy way to say IAS so this is the basic building blocks for cloud

is the basic building blocks for cloud it it provides access to networking

it it provides access to networking features computers and data storage

features computers and data storage space and the idea here is you don't

space and the idea here is you don't worry about the IT staff data centers

worry about the IT staff data centers and hardware and so that would be like

and hardware and so that would be like Microsoft Azure AWS Oracle Cloud things

Microsoft Azure AWS Oracle Cloud things like that and these are for

like that and these are for administrators okay so there you go

administrators okay so there you go [Music]

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at cloud

and we are taking a look at cloud computing deployment models starting

computing deployment models starting with public cloud and the idea here is

with public cloud and the idea here is that everything when I say everything

that everything when I say everything I'm talking about the workloads the

I'm talking about the workloads the projects the code is built on the cloud

projects the code is built on the cloud service provider so here is a diagram

service provider so here is a diagram where we have a ec2 instance a virtual

where we have a ec2 instance a virtual machine running her application and then

machine running her application and then we have our database in RDS and we have

we have our database in RDS and we have the internet coming into our adus

the internet coming into our adus account and so everything is contained

account and so everything is contained all of our infrastructure is within AWS

all of our infrastructure is within AWS all right uh and so this is known as

all right uh and so this is known as being Cloud native or Cloud first and I

being Cloud native or Cloud first and I put an aster beside Cloud native because

put an aster beside Cloud native because that was a term uh that was used prior

that was a term uh that was used prior to cloud service providers to refer to

to cloud service providers to refer to Containers or open- Source um uh models

Containers or open- Source um uh models being deployed and being mobile other

being deployed and being mobile other places so just understand that it has

places so just understand that it has two meanings but in the context of this

two meanings but in the context of this Cloud native just being like native to

Cloud native just being like native to the cloud like using Cloud to begin with

the cloud like using Cloud to begin with okay then we have private Cloud so

okay then we have private Cloud so everything built on a company's data

everything built on a company's data center uh and being built on a data

center uh and being built on a data center is known as being on premise

center is known as being on premise because that is where the data center

because that is where the data center resides near where you work and so here

resides near where you work and so here you could be using Cloud but you'd be

you could be using Cloud but you'd be using openstack which would be a private

using openstack which would be a private Cloud so here we have our on- premise

Cloud so here we have our on- premise Data Center and uh the internet's coming

Data Center and uh the internet's coming into our data center and we're running

into our data center and we're running on open stack where we can launch

on open stack where we can launch virtual machines and a database okay

virtual machines and a database okay then there's the concept of a hybrid

then there's the concept of a hybrid Cloud so using both on premise and a

Cloud so using both on premise and a cloud service provider together and so

cloud service provider together and so the idea here is we have our on premise

the idea here is we have our on premise Data Center and then we have an

Data Center and then we have an established connection maybe it's a VPN

established connection maybe it's a VPN connection maybe it is a direct

connection maybe it is a direct connection um but the idea is that we're

connection um but the idea is that we're bridging that connection and uh

bridging that connection and uh utilizing both our private and our

utilizing both our private and our public uh stuff to uh create a cloud

public uh stuff to uh create a cloud workload then there is a fourth one

workload then there is a fourth one called cross Cloud um some sometimes

called cross Cloud um some sometimes it's known as multicloud and sometimes

it's known as multicloud and sometimes it's erroneously referred to as hybrid

it's erroneously referred to as hybrid Cloud but it generally is not hybrid

Cloud but it generally is not hybrid Cloud okay the idea here is when you're

Cloud okay the idea here is when you're using multiple Cloud providers and so

using multiple Cloud providers and so one example here could be using services

one example here could be using services like Azure Arc so Azure Arc allows you

like Azure Arc so Azure Arc allows you to extend your um control plane uh so

to extend your um control plane uh so that you can deploy containers for

that you can deploy containers for kubernetes in um Azure within Amazon eks

kubernetes in um Azure within Amazon eks within gcp kubernetes engine but you

within gcp kubernetes engine but you know being cross Cloud doesn't

know being cross Cloud doesn't necessarily mean that you're running a

necessarily mean that you're running a uh using a service that use Works across

uh using a service that use Works across the cloud and manages it it could just

the cloud and manages it it could just mean using multiple providers at the

mean using multiple providers at the same time another service that is

same time another service that is similar to Azure Arch but is for a

similar to Azure Arch but is for a Google Cloud uh platform is also know as

Google Cloud uh platform is also know as anthos um adab us has traditionally not

anthos um adab us has traditionally not been um cross Cloud uh friendly and so

been um cross Cloud uh friendly and so we haven't seen any kind of developments

we haven't seen any kind of developments there where we see uh these other

there where we see uh these other services that are or cloud service

services that are or cloud service providers behind AWS trying to promote

providers behind AWS trying to promote to uh grab more of the market share

to uh grab more of the market share [Music]

[Music] okay so let's talk about the different

okay so let's talk about the different deployment models and what kind of

deployment models and what kind of companies or organizations are still

companies or organizations are still utilizing uh for these particular

utilizing uh for these particular categories so for cloud again this is

categories so for cloud again this is where we fly utilizing cloud computing

where we fly utilizing cloud computing hybrid is a combination of public cloud

hybrid is a combination of public cloud and on-prem or private cloud and then on

and on-prem or private cloud and then on Prem is deploying resources on premise

Prem is deploying resources on premise using virtualization Resource Management

using virtualization Resource Management tools sometimes called private cloud or

tools sometimes called private cloud or could be utilizing something like open

could be utilizing something like open stack so for companies that are starting

stack so for companies that are starting out today or are small enough to make

out today or are small enough to make the leap from virtual private server to

the leap from virtual private server to a cloud service provider this is where

a cloud service provider this is where we're looking at Cloud so we're looking

we're looking at Cloud so we're looking at startups SAS offerings new projects

at startups SAS offerings new projects and companies um so maybe this would be

and companies um so maybe this would be like base camp Dropbox Squarespace then

like base camp Dropbox Squarespace then for hybrid these are organizations that

for hybrid these are organizations that started with their own data center but

started with their own data center but can't fully move to Cloud due to the

can't fully move to Cloud due to the effort or migration or security

effort or migration or security compliance so we're talking about Banks

compliance so we're talking about Banks fintech Investment Management large

fintech Investment Management large professional servic providers Legacy on

professional servic providers Legacy on Prem so maybe CIBC which is a bank deoe

Prem so maybe CIBC which is a bank deoe uh the CCP or CPP investment board and

uh the CCP or CPP investment board and then for on premise these are

then for on premise these are organizations that cannot run on cloud

organizations that cannot run on cloud due to strict Regulatory Compliance or

due to strict Regulatory Compliance or the sheer size of the organization or

the sheer size of the organization or they just have like an outdated uh idea

they just have like an outdated uh idea of what cloud is so they just have a lot

of what cloud is so they just have a lot of uh difficulties in terms of politics

of uh difficulties in terms of politics adopting Cloud um so this would be

adopting Cloud um so this would be public sector like government super sens

public sector like government super sens of data like hospitals large Enterprise

of data like hospitals large Enterprise with heavy regul insurance companies um

with heavy regul insurance companies um so again hospitals maybe AIG the

so again hospitals maybe AIG the government of Canada and so I shouldn't

government of Canada and so I shouldn't say that they aren't using Cloud but um

say that they aren't using Cloud but um you know because uh adabs and all the

you know because uh adabs and all the cloud service providers have um uh

cloud service providers have um uh public sector offering so um you know

public sector offering so um you know I'm just trying to Stage as an example

I'm just trying to Stage as an example of things that could be still using on

of things that could be still using on premise so you know I know the

premise so you know I know the government Canada definitely uses uh

government Canada definitely uses uh cloud in a lot of ways same with AIG and

cloud in a lot of ways same with AIG and hospitals but you know generally these

hospitals but you know generally these are the the last holdouts of on Prem

are the the last holdouts of on Prem because there really isn't a a good

because there really isn't a a good reason to be fully on premise anymore uh

reason to be fully on premise anymore uh but again there are some things that are

but again there are some things that are still doing that

still doing that [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are at the start of our

Pro and we are at the start of our journey creating ourselves an adus

journey creating ourselves an adus account so what you need to do is go to

account so what you need to do is go to adab us. amazon.com if you don't have a

adab us. amazon.com if you don't have a lot of confidence how to get there just

lot of confidence how to get there just type in adus into Google and then click

type in adus into Google and then click here on the link where it says adabs

here on the link where it says adabs amazon.com it'll take you to the same

amazon.com it'll take you to the same place now notice we have a big orange

place now notice we have a big orange button in the top right corner so this

button in the top right corner so this says sign into the OS console um it's

says sign into the OS console um it's the if it's the first time you've ever

the if it's the first time you've ever been to this website so if I go ads.

been to this website so if I go ads. amazon.com Incognito it will have the

amazon.com Incognito it will have the create anus Account button um I don't

create anus Account button um I don't know why they don't keep this consistent

know why they don't keep this consistent across the board but I wish they did but

across the board but I wish they did but if you are on the screen you can click

if you are on the screen you can click here or there um but if you do see

here or there um but if you do see something that doesn't say uh you know

something that doesn't say uh you know create an account or or Etc you can just

create an account or or Etc you can just sign

in okay and then down below you can hit create a new a account so that's the way

create a new a account so that's the way you're going to get in there and so

you're going to get in there and so you're going to put an email a password

you're going to put an email a password and create an adist account name um I've

and create an adist account name um I've created this so many times and it's so

created this so many times and it's so hard to set up new emails I'm not going

hard to set up new emails I'm not going to do this again it's not complicated

to do this again it's not complicated but one thing I need to tell you is that

but one thing I need to tell you is that you do need to have a credit card you

you do need to have a credit card you cannot create an account without a

cannot create an account without a credit card um and for those who are in

credit card um and for those who are in places where maybe you don't have a

places where maybe you don't have a traditional credit card maybe you can

traditional credit card maybe you can get a prepaid one so up here here in

get a prepaid one so up here here in Canada we have a company called coo and

Canada we have a company called coo and so coo is um a Visa debit card and so

so coo is um a Visa debit card and so it's basically a virtual prepaid credit

it's basically a virtual prepaid credit card and so these do work on the

card and so these do work on the platform as well so if you have a

platform as well so if you have a traditional credit card or possibly

traditional credit card or possibly could find one of these uh you still

could find one of these uh you still have to load up with money but it does

have to load up with money but it does give you a bit more flexibility to

give you a bit more flexibility to create that account so what I want you

create that account so what I want you to do is go through that process

to do is go through that process yourself it's not complicated and I'll

yourself it's not complicated and I'll see you on the other end okay

so once you finished creating your account you should be within the adus

account you should be within the adus Management console and this is the page

Management console and this is the page you're always going to see when you log

you're always going to see when you log in it's always going to show the most

in it's always going to show the most recent Services here um and you'll

recent Services here um and you'll notice in the top right corner that I

notice in the top right corner that I have my account called exam Pro if

have my account called exam Pro if you're wondering how do you change that

you're wondering how do you change that name what you do is go to my accounts

name what you do is go to my accounts here and once there you'll have your

here and once there you'll have your account settings up here if you go to

account settings up here if you go to edit uh you can change that name here

edit uh you can change that name here okay so you know sometimes when you

okay so you know sometimes when you create your account you don't like the

create your account you don't like the account name that you gave it and so

account name that you gave it and so that's your opportunity to fix it um but

that's your opportunity to fix it um but once we're in our account what I want

once we're in our account what I want you to do is immediately log out because

you to do is immediately log out because I want you to get familiar with the way

I want you to get familiar with the way you log into AWS because it is a bit um

you log into AWS because it is a bit um different than other providers and so I

different than other providers and so I don't want you to uh get hung up later

don't want you to uh get hung up later on with your account so I've logged out

on with your account so I've logged out I'm going to go ahead and log back in so

I'm going to go ahead and log back in so you can click the orange button or what

you can click the orange button or what I like to do is drop down my account and

I like to do is drop down my account and go to adus Management console it's a lot

go to adus Management console it's a lot more clear and you notice we're going to

more clear and you notice we're going to have two options root user and I am user

have two options root user and I am user so this is what I'm talking about for

so this is what I'm talking about for the confusion so when you log into your

the confusion so when you log into your root user account you all are always

root user account you all are always using an email and when you're logging

using an email and when you're logging as an I am user you're actually going to

as an I am user you're actually going to be entering the account ID or account

be entering the account ID or account Alias but what we'll do is go to the

Alias but what we'll do is go to the root user and this is the email you use

root user and this is the email you use to sign up with the account so for me uh

to sign up with the account so for me uh I I called this one Andrew plus sandbox

I I called this one Andrew plus sandbox exampro doco I'm going to go to next

exampro doco I'm going to go to next sometimes you get this character box

sometimes you get this character box it's very annoying but it happens time

it's very annoying but it happens time to time and so what I'm going to do is

to time and so what I'm going to do is just go ahead and type that in

just go ahead and type that in okay and hopefully it likes it and then

okay and hopefully it likes it and then I'm just going to enter in my

I'm just going to enter in my password all right and I'll be back into

password all right and I'll be back into my account and so notice it takes me

my account and so notice it takes me back to abis Management console so the

back to abis Management console so the root account is not something we want to

root account is not something we want to be generally using uh except for um very

be generally using uh except for um very particular use cases and we do cover

particular use cases and we do cover that in the course uh but what I want

that in the course uh but what I want you to do is go set yourself up with a

you to do is go set yourself up with a proper account and so what we'll do is

proper account and so what we'll do is go to the top here and type in and this

go to the top here and type in and this stands for identity and access

stands for identity and access management and we'll click on I

management and we'll click on I here and on the left hand side we're

here and on the left hand side we're going to see a bunch of options here um

going to see a bunch of options here um and so notice right away we get to the I

and so notice right away we get to the I am dashboard where it's going to start

am dashboard where it's going to start to make some recommendations for us the

to make some recommendations for us the first one is always to add MFA

first one is always to add MFA multiactor

multiactor authentication another thing you can do

authentication another thing you can do is set an account Alias so you can see

is set an account Alias so you can see that I've set one here prior so if I

that I've set one here prior so if I just go ahead and remove it the way we'd

just go ahead and remove it the way we'd have to log in is via the account Alias

have to log in is via the account Alias uh which is the same as the account ID

uh which is the same as the account ID and so I don't really like that so I'm

and so I don't really like that so I'm going to just rename it to Deep Space 9

going to just rename it to Deep Space 9 and uh these are unique so you have to

and uh these are unique so you have to pick something that is unique to you so

pick something that is unique to you so it could be your company name or things

it could be your company name or things like that it's going to make it a lot

like that it's going to make it a lot easier to log in uh when we create our

easier to log in uh when we create our additional user here so we'll come back

additional user here so we'll come back to MFA at some point here what I want

to MFA at some point here what I want you to do is go over to users and go

you to do is go over to users and go ahead and make yourself a new user and

ahead and make yourself a new user and so I'm going to call this one Andrew

so I'm going to call this one Andrew Brown and I'm going to enable

Brown and I'm going to enable programmatic access I'm going to enable

programmatic access I'm going to enable adus Management console so this one's

adus Management console so this one's going to allow me to use the apis to

going to allow me to use the apis to programmatically work with ads and this

programmatically work with ads and this one here is going to allow me to just

one here is going to allow me to just log into the console which is uh pretty

log into the console which is uh pretty fair here so now that I have this we can

fair here so now that I have this we can autogenerate it or give it a custom

autogenerate it or give it a custom password I'm just going to autogenerate

password I'm just going to autogenerate for the time being and here it says You

for the time being and here it says You must create a new password at the next

must create a new password at the next sign in which sounds fair to me and we

can go ahead and create ourselves a new group so it's pretty common to create a

group so it's pretty common to create a group called admin and notice here this

group called admin and notice here this is where we're going to have a bunch of

is where we're going to have a bunch of different policies so the first one here

different policies so the first one here which is admin and access provides full

which is admin and access provides full access to AO services and resources and

access to AO services and resources and this pretty much gives you almost nearly

this pretty much gives you almost nearly almost the same capabilities as the um

almost the same capabilities as the um AWS root user account uh and so that's

AWS root user account uh and so that's going to be okay because we are an admin

going to be okay because we are an admin in our account so I'll checkbox that on

in our account so I'll checkbox that on but I just want to show you here if you

but I just want to show you here if you Dro down filter policies and you went to

Dro down filter policies and you went to adus manage job functions these are a

adus manage job functions these are a bunch of uh pre-made uh adus uh policies

bunch of uh pre-made uh adus uh policies that you could apply uh to different

that you could apply uh to different users so what's really popular after the

users so what's really popular after the administrator access is to usually give

administrator access is to usually give the power user access and so this one

the power user access and so this one allows um a user to do basically

allows um a user to do basically anything they want with the exception of

anything they want with the exception of management of users and groups so you

management of users and groups so you know it could be that that's something

know it could be that that's something that you'd want to do for some of your

that you'd want to do for some of your users I just don't want to have any

users I just don't want to have any trouble so I'm going to give us um admin

trouble so I'm going to give us um admin access here and we're going to go ahead

access here and we're going to go ahead and create this

and create this group and so here is the group that we

group and so here is the group that we are creating we're going to go next we

are creating we're going to go next we can apply our tags if we want I'm not

can apply our tags if we want I'm not going to bother we're going hit next

going to bother we're going hit next review and then hit create

review and then hit create user all right and so now what it's

user all right and so now what it's doing is it's showing us the access ID

doing is it's showing us the access ID and the access uh key secret that we can

and the access uh key secret that we can use to programmatically access AWS and

use to programmatically access AWS and then there's a password here so I'm

then there's a password here so I'm going to go ahead and show it and what

going to go ahead and show it and what I'm going to do is just copy this into a

I'm going to do is just copy this into a clipboard anywhere

and so I'm just copying that off screen here because I'm going to need it to log

here because I'm going to need it to log in and I'm just going to remember my

in and I'm just going to remember my username as well all right and so what

username as well all right and so what we'll do is go ahead and hit

we'll do is go ahead and hit close so what I'll do is go back to my

close so what I'll do is go back to my dashboard here and remember I set my

dashboard here and remember I set my account Alias as Deep Space 9 but we

account Alias as Deep Space 9 but we could also use the account ID to log in

could also use the account ID to log in I'm just going to grab my account ID off

I'm just going to grab my account ID off screen here and what I want to do now is

screen here and what I want to do now is go ahead and log out and now log into

go ahead and log out and now log into this I user and this is the one that you

this I user and this is the one that you should always be using uh within your ad

should always be using uh within your ad account you shouldn't be using your root

account you shouldn't be using your root user account so what I'll do is go over

user account so what I'll do is go over to I am user here and notice now that it

to I am user here and notice now that it says account ID so 12 digits or the

says account ID so 12 digits or the account alas so here I can enter in uh

account alas so here I can enter in uh these numbers here or I can enter in my

these numbers here or I can enter in my Alias which is Deep Space 9 and again

Alias which is Deep Space 9 and again you'll have to come up with your own

you'll have to come up with your own creative uh one there for yourself and

creative uh one there for yourself and we'll go ahead and hit next and so

we'll go ahead and hit next and so notice what it's going to do is now ask

notice what it's going to do is now ask me what my IM am username name is so I

me what my IM am username name is so I defined mine as Andrew Brown and then uh

defined mine as Andrew Brown and then uh we had an autogenerated a password there

we had an autogenerated a password there so that we had saw and so I'm going to

so that we had saw and so I'm going to place that in there we'll go ahead and

place that in there we'll go ahead and hit sign in and so now right away it's

hit sign in and so now right away it's going to ask me to reset the password so

going to ask me to reset the password so I'm going to put the old password in

I'm going to put the old password in there and so now I need a new password I

there and so now I need a new password I strongly recommend that you generate out

strongly recommend that you generate out uh your passwords to be very strong I

uh your passwords to be very strong I like to go to password generator and

like to go to password generator and I'll drop this down and I'll do

I'll drop this down and I'll do something really long like 48 characters

something really long like 48 characters and um if you don't like

and um if you don't like weird characters you can take those out

weird characters you can take those out there sometimes it loads here so you got

there sometimes it loads here so you got to try it

to try it twice um and I'm going to go down to

twice um and I'm going to go down to whoops

whoops 48 there we go and so that's pretty darn

48 there we go and so that's pretty darn long so I'm going to copy that off

long so I'm going to copy that off screen here so I do not

screen here so I do not forget and you probably would want to

forget and you probably would want to put this in a password manager something

put this in a password manager something like Dashlane or some sort of thing like

like Dashlane or some sort of thing like that and we'll go ahead and we will

that and we'll go ahead and we will paste that in and we'll see whoops I

paste that in and we'll see whoops I don't want Google to save it uh and

don't want Google to save it uh and we'll see if it takes it and so there we

we'll see if it takes it and so there we go so what I'll do is now log out and

go so what I'll do is now log out and I'll make sure my new password works

I'll make sure my new password works because you really don't want to have

because you really don't want to have problems later so we'll type in Deep

problems later so we'll type in Deep Space 9 Andrew Brown again this is going

Space 9 Andrew Brown again this is going to be based on what your uh what you

to be based on what your uh what you have set and we'll go ahead and log in

have set and we'll go ahead and log in and there I am and so now notice there

and there I am and so now notice there doesn't say um exam Pro whatever it says

doesn't say um exam Pro whatever it says Andrew Brown at Deep Space 9 so it's

Andrew Brown at Deep Space 9 so it's using the county ellias and showing the

using the county ellias and showing the name and that's how I'm going to know

name and that's how I'm going to know whether I'm the root account user or

whether I'm the root account user or whether I'm logged in as an I am user

whether I'm logged in as an I am user all right so there we

all right so there we [Music]

[Music] go okay so now that we have the proper

go okay so now that we have the proper user account to log in I just want to

user account to log in I just want to point out uh about regions so in the top

point out uh about regions so in the top right corner you'll notice it says North

right corner you'll notice it says North Virginia here it possibly will say

Virginia here it possibly will say something completely else for you but

something completely else for you but what you'll do is you'll click and drop

what you'll do is you'll click and drop that down and you'll see a big list of

that down and you'll see a big list of regions and so so sometimes when I log

regions and so so sometimes when I log in ads it likes to default me to U East

in ads it likes to default me to U East uh Us East Ohio but I honestly like to

uh Us East Ohio but I honestly like to launch all my stuff in Us East North

launch all my stuff in Us East North Virginia even though I'm in Canada I

Virginia even though I'm in Canada I probably should be using the Canada

probably should be using the Canada central region down here um but the

central region down here um but the default region is going to be based on

default region is going to be based on your locality okay so just understand

your locality okay so just understand that it might be different I strongly

that it might be different I strongly recommend for um all of our follow

recommend for um all of our follow alongs you run in Us East one because us

alongs you run in Us East one because us east1 is the original um the original

east1 is the original um the original region and it also has the most access

region and it also has the most access to Ada services and some adaa Services

to Ada services and some adaa Services um such as like billing and and cost and

um such as like billing and and cost and things like that are only going to show

things like that are only going to show up in Us East uh North Virginia so just

up in Us East uh North Virginia so just to make our lives a lot easier we're

to make our lives a lot easier we're going to set it there but I want you to

going to set it there but I want you to understand that some services are Global

understand that some services are Global Services meaning that it doesn't matter

Services meaning that it doesn't matter what region you're in it's going to

what region you're in it's going to default to Global and one example could

default to Global and one example could be cloudfront so if I jump over to

be cloudfront so if I jump over to cloudfront here for a

cloudfront here for a moment and uh we do seem to have uh some

moment and uh we do seem to have uh some CLR distributions here from a prior uh

CLR distributions here from a prior uh follow along but notice up here that it

follow along but notice up here that it now says Global so CLR does not require

now says Global so CLR does not require a region selection let's make our way

a region selection let's make our way over to

over to S3 all right and this one's also Global

S3 all right and this one's also Global so again this one does not require a

so again this one does not require a region selection but if you go over to

region selection but if you go over to something like

ec2 okay this has a region dependency so just be really careful about that

just be really careful about that because a lot of times you'll be doing a

because a lot of times you'll be doing a follow along and you'll be like why

follow along and you'll be like why aren't these resources here or whatever

aren't these resources here or whatever and it's because this got switched on

and it's because this got switched on you and it can happen at any time so

you and it can happen at any time so just be uh cautious or aware of that

just be uh cautious or aware of that [Music]

[Music] okay so one of the major advantages of

okay so one of the major advantages of using ads or any cloud service provider

using ads or any cloud service provider is that it utilizes metered billing so

is that it utilizes metered billing so that is different from a fixed cost

that is different from a fixed cost where you'd say Okay I want a server for

where you'd say Okay I want a server for x amount of dollars every month but the

x amount of dollars every month but the way ATS works is that it's going to

way ATS works is that it's going to build you on the hour on the second

build you on the hour on the second based on a bunch of factors and so

based on a bunch of factors and so you're going to be able to get services

you're going to be able to get services at a lower cost however if you choose an

at a lower cost however if you choose an expensive service and you forget about

expensive service and you forget about it or there's misconfiguration where you

it or there's misconfiguration where you thought you were launching something

thought you were launching something that was cost effective but turned out

that was cost effective but turned out to be very expensive you could end up

to be very expensive you could end up with a very large Bill very very quickly

with a very large Bill very very quickly and so uh that is a major concern for a

and so uh that is a major concern for a lot of people utilizing Cloud but

lot of people utilizing Cloud but there's a lot of great toolings built

there's a lot of great toolings built into ads to allow you to catch yourself

into ads to allow you to catch yourself if you happen to make that mistake and

if you happen to make that mistake and before we go ahead and learn how to do

before we go ahead and learn how to do that I want to show you uh some place

that I want to show you uh some place where you could end up having excessive

where you could end up having excessive spend without knowing it so one example

spend without knowing it so one example and this is actually happened to me when

and this is actually happened to me when I first started using AWS uh before I

I first started using AWS uh before I even knew about all the billing tools is

even knew about all the billing tools is I wanted to launch a reddis uh instance

I wanted to launch a reddis uh instance and so you you just have to watch you

and so you you just have to watch you don't have to do this but um elasticache

don't have to do this but um elasticache is a service that allows you to launch

is a service that allows you to launch either a mem cach or

either a mem cach or uh database and I just wanted to store a

uh database and I just wanted to store a single value and so I went here and I

single value and so I went here and I scrolled down it looked all good and I

scrolled down it looked all good and I hit create but I wasn't paying attention

hit create but I wasn't paying attention because apparently itus likes to default

because apparently itus likes to default the no type here to the cash

the no type here to the cash r6g do llarge all right and you know you

r6g do llarge all right and you know you might think that adus has your best

might think that adus has your best interest in play and most services are

interest in play and most services are pretty good they they make sure that

pretty good they they make sure that they're either free or very low spend

they're either free or very low spend but some of these and elastic cash is an

but some of these and elastic cash is an older service where they just have these

older service where they just have these weird defaults so um you know if we were

weird defaults so um you know if we were to go look up this the

to go look up this the RG6 uh

RG6 uh large all right and look at its

spend all right and we would go over here whoops I think I went to the China

here whoops I think I went to the China One but if we were to go over here and

One but if we were to go over here and look for that instance I'm just trying

look for that instance I'm just trying to find it here for cost this

to find it here for cost this one down

one down below um this doesn't say pricing does

below um this doesn't say pricing does it say our pricing

it say our pricing here here it is so this one cost

here here it is so this one cost um this one costs about 2 cents per hour

um this one costs about 2 cents per hour it doesn't sound like a lot but if we go

it doesn't sound like a lot but if we go here and we do the math we say 730 730

here and we do the math we say 730 730 is the amount of hours in a month that

is the amount of hours in a month that is

is $150 okay so if you don't know about

$150 okay so if you don't know about that and forget about that that's going

that and forget about that that's going to be $150 and I'm going to tell you

to be $150 and I'm going to tell you that it used to be a lot higher I'm

that it used to be a lot higher I'm pretty sure they used to have it default

pretty sure they used to have it default to something like like this or that

to something like like this or that because I remember I did this and I had

because I remember I did this and I had a bill that came in that was like $3,000

a bill that came in that was like $3,000 USD and I'm in Canada so like $3,000 USD

USD and I'm in Canada so like $3,000 USD is like a million dollars up here and so

is like a million dollars up here and so I remember um it was a big concern and I

I remember um it was a big concern and I freaked out but that was okay because

freaked out but that was okay because all I had to do was go to support and

all I had to do was go to support and what I had done is I went to the support

center and I had opened a support case and I just said hey I had this really

and I just said hey I had this really big Bill so you go here right and you

big Bill so you go here right and you look for billing and uh you look for

look for billing and uh you look for something like charging query or

something like charging query or misspend and you say you know um you

misspend and you say you know um you know like help my bill's too

know like help my bill's too high and you just say like you explain

high and you just say like you explain the problem saying hey you know I was

the problem saying hey you know I was using elastic cash and it was set to a

using elastic cash and it was set to a large default and I wasn't aware about

large default and I wasn't aware about it can you please give me back the money

it can you please give me back the money and the great thing is that ads is going

and the great thing is that ads is going to give you a free pass if it's your

to give you a free pass if it's your first time where you've had a

first time where you've had a misspending they generally will say Okay

misspending they generally will say Okay um you know don't do it again and if it

um you know don't do it again and if it happens again you will get build but go

happens again you will get build but go ahead and learn how to set up billing

ahead and learn how to set up billing alerts or things like that okay so just

alerts or things like that okay so just so you know don't freak out if you do

so you know don't freak out if you do have a really high Bill you're going to

have a really high Bill you're going to get a single free pass but now that we

get a single free pass but now that we know that let's go learn uh how to set

know that let's go learn uh how to set up a budget

up a budget [Music]

[Music] okay all right so now that we've had a

okay all right so now that we've had a bit of a story about um over spend for

bit of a story about um over spend for misconfiguration let's learn how to

misconfiguration let's learn how to protect ourselves against it and we're

protect ourselves against it and we're going to go ahead and set up a budget so

going to go ahead and set up a budget so go to the top here and type in budget

go to the top here and type in budget and what that will do is bring us over

and what that will do is bring us over to the billing dashboard another way to

to the billing dashboard another way to get here is to go click at the top here

get here is to go click at the top here and go to my billing dashboard and then

and go to my billing dashboard and then you'll see the leftand menu here and so

you'll see the leftand menu here and so the great thing about budgets is that

the great thing about budgets is that the first two are free it says there is

the first two are free it says there is no additional charge for any those

no additional charge for any those budgets you pay for configured us usage

budgets you pay for configured us usage but I'm pretty sure that that's not true

but I'm pretty sure that that's not true because it used to be ABS budget reports

because it used to be ABS budget reports okay so that cost

okay so that cost something it used to be that Abus

something it used to be that Abus budgets um after success enabled will

budgets um after success enabled will occur 10 cents daily so in addition to

occur 10 cents daily so in addition to budget monitor you can add actions to

budget monitor you can add actions to your budgets the first two action enable

your budgets the first two action enable budgets are free okay so just be aware

budgets are free okay so just be aware that just because it says there's no

that just because it says there's no additional charge read into it because

additional charge read into it because sometimes the the Fine Line will tell

sometimes the the Fine Line will tell you it does cost something but I know

you it does cost something but I know that the first two are free what we'll

that the first two are free what we'll do is go ahead and create a budget just

do is go ahead and create a budget just going to close these other tabs here

going to close these other tabs here since we have no need for them and we're

since we have no need for them and we're going to be presented with a bunch of

going to be presented with a bunch of budget types uh we're considered about

budget types uh we're considered about cost today so we're going to go with a

cost today so we're going to go with a cost

cost budget and notice we can change the

budget and notice we can change the period from monthly to daily to

period from monthly to daily to quarterly to annually if you change it

quarterly to annually if you change it to daily um you won't get forecasting so

to daily um you won't get forecasting so I don't want that today but a monthly is

I don't want that today but a monthly is pretty good you can have a reoccurring

pretty good you can have a reoccurring which is strongly recommended and then

which is strongly recommended and then you can put a fixed cost notice that I

you can put a fixed cost notice that I already have some spend on this account

already have some spend on this account so it was like 25 bucks last month I'm

so it was like 25 bucks last month I'm going to set it my uh budget here to

going to set it my uh budget here to $100 and you can add filters here to um

$100 and you can add filters here to um uh filter that cost out so if you want

uh filter that cost out so if you want to say only for this region or things

to say only for this region or things like that you could do that uh notice

like that you could do that uh notice that this is my spend over here um so

that this is my spend over here um so this is my budget and that's the actual

this is my budget and that's the actual cost notice my cost has been going up

cost notice my cost has been going up the last few months because I've been

the last few months because I've been doing things with this account and so

doing things with this account and so what I'll do is say simple budget here

what I'll do is say simple budget here we'll hit

we'll hit next and so now it's asking us if we

next and so now it's asking us if we want to configure alerts we probably do

want to configure alerts we probably do so you'd hit ADD alert and then you'd

so you'd hit ADD alert and then you'd set a threshold like 80% or you could

set a threshold like 80% or you could say an absolute value and then you put

say an absolute value and then you put your emails like Andrew exampro

your emails like Andrew exampro doco and I want to point out that this

doco and I want to point out that this is using um itus

is using um itus SNS or it should be anyway so Amazon SNS

SNS or it should be anyway so Amazon SNS has no upfront cost based on your stuff

has no upfront cost based on your stuff here so even though you're filling out

here so even though you're filling out an email you know and it maybe it

an email you know and it maybe it doesn't show it but I'm pretty sure that

doesn't show it but I'm pretty sure that this would create an SNS

this would create an SNS topic but what we'll do is hit next here

topic but what we'll do is hit next here we have an alert so we're just uh

we have an alert so we're just uh reviewing actually this is for attaching

reviewing actually this is for attaching any actions so maybe we want some kind

any actions so maybe we want some kind of follow-up thing to happen here so we

of follow-up thing to happen here so we say add

say add action and uh require specific I and

action and uh require specific I and permissions on your

permissions on your behalf okay sure so I guess you could

behalf okay sure so I guess you could follow up actions that's no different

follow up actions that's no different than um a building alarm but we're not

than um a building alarm but we're not really worried about that right now I'm

really worried about that right now I'm not going to bother with an action and

not going to bother with an action and we'll go ahead and create a

we'll go ahead and create a budget and so here it's going to say

budget and so here it's going to say that our budget is $100 it's going to

that our budget is $100 it's going to show us the amount use forecast amount

show us the amount use forecast amount current budget sometimes this takes time

current budget sometimes this takes time to uh show up so I'm going to hit

to uh show up so I'm going to hit refresh and see if it shows up

refresh and see if it shows up yet there we go so notice we have

yet there we go so notice we have forecasted amount $23 current budget Etc

forecasted amount $23 current budget Etc forecasted budget uh forecasted versus

forecasted budget uh forecasted versus budget so it's pretty straightforward on

budget so it's pretty straightforward on how that works U I'm just curious if it

how that works U I'm just curious if it actually created an SNS event so I'm

actually created an SNS event so I'm going to go over here because a lot of

going to go over here because a lot of services utilize SNS so if I go over

services utilize SNS so if I go over here default Cloud watch alarm um so I

here default Cloud watch alarm um so I think this is something I had created

think this is something I had created before so I'm going to go ahead and just

before so I'm going to go ahead and just delete it says default Cloud watch

delete it says default Cloud watch alarms I'm going to just click into here

alarms I'm going to just click into here and see what I

and see what I have

have confirmed so I think it might have used

confirmed so I think it might have used this when we created it but um the

this when we created it but um the reason I'm bringing up SNS is that

reason I'm bringing up SNS is that there's a lot of services that allow you

there's a lot of services that allow you to uh email yourself for alerts and it

to uh email yourself for alerts and it always integrates with this service and

always integrates with this service and so I just want kind of want to point

so I just want kind of want to point that out so that you remember what SNS

that out so that you remember what SNS is for um but yeah so setting up a

is for um but yeah so setting up a budget is not too hard so there you

budget is not too hard so there you [Music]

[Music] go all right so now that we've set a

go all right so now that we've set a budget what I want to talk to you about

budget what I want to talk to you about is the free tier and the free tier is

is the free tier and the free tier is something that is available to you uh

something that is available to you uh for the first 12 months of a new adus

for the first 12 months of a new adus account and allows you to utilize adus

account and allows you to utilize adus services without incurring any cost to

services without incurring any cost to you and so it's in your advantage to

you and so it's in your advantage to utilize this free tier um as you are

utilize this free tier um as you are experimenting and learning cloud so if

experimenting and learning cloud so if you want to learn about all the

you want to learn about all the offerings what you do is go to Google

offerings what you do is go to Google type in adus free tier and you'll get

type in adus free tier and you'll get this page that explains all the sorts of

this page that explains all the sorts of things here so you can get uh 750 hours

things here so you can get uh 750 hours on ec2 RDS things like that there are

on ec2 RDS things like that there are stipulations in terms of what it would

stipulations in terms of what it would be so here this is a T2 or T3 micel mic

be so here this is a T2 or T3 micel mic uh micro running Linux Red Hat um or

uh micro running Linux Red Hat um or other type of os's okay so there are uh

other type of os's okay so there are uh details you have to read the fine print

details you have to read the fine print some services are only available for the

some services are only available for the first two months things like that so

first two months things like that so it's going to highly vary based on

it's going to highly vary based on service but it's worth giving us a read

service but it's worth giving us a read in areas that you are interested in now

in areas that you are interested in now the thing is is how do you know that you

the thing is is how do you know that you are still in the free tier or you go

are still in the free tier or you go outside of it and that's what I want to

outside of it and that's what I want to talk to you about right now so I am

talk to you about right now so I am actually in another ad account so no in

actually in another ad account so no in the top right corner it says brown. laap

the top right corner it says brown. laap or hyphen laptop exampro doco sometimes

or hyphen laptop exampro doco sometimes I will switch into different a accounts

I will switch into different a accounts during these fall alongs so I can best

during these fall alongs so I can best show you um you know the settings so if

show you um you know the settings so if you make your way over to

you make your way over to billing and actually I should show you

billing and actually I should show you up here if we go to my dealing B

up here if we go to my dealing B dashboard just trying to be consistent

dashboard just trying to be consistent here and you go to the left- hand side

here and you go to the left- hand side to billing preferences what you can do

to billing preferences what you can do is enable receive free tier usage alerts

is enable receive free tier usage alerts and then put your email in there and

and then put your email in there and save that and so turn on this feature to

save that and so turn on this feature to receive email alerts when your adabs

receive email alerts when your adabs service usage is approaching or exceeded

service usage is approaching or exceeded databus free tier usage limits if you

databus free tier usage limits if you wish to receive these alerts etc etc etc

wish to receive these alerts etc etc etc right and while you're there I want you

right and while you're there I want you to also checkbox receive billion alerts

to also checkbox receive billion alerts so I can show you how to set a billion

so I can show you how to set a billion uh a billi alert and AD us says you know

uh a billi alert and AD us says you know budgets are a new thing but bliing

budgets are a new thing but bliing alerts are still something that we use

alerts are still something that we use as of today so if you checkbox that on

as of today so if you checkbox that on we'll be able to see your cost if we go

we'll be able to see your cost if we go back here uh it should show you um it's

back here uh it should show you um it's because I'm out of the free tier on this

because I'm out of the free tier on this account but it would show you in the

account but it would show you in the alerts you know your usage there so

alerts you know your usage there so example here is if we scroll down this

example here is if we scroll down this is the documentation tracking your AIS

is the documentation tracking your AIS free tier usage you would see like a box

free tier usage you would see like a box like this and would say hey your free

like this and would say hey your free tier usage limit is here and you're over

tier usage limit is here and you're over it okay so that generally would show up

it okay so that generally would show up on this panel here but again I'm outside

on this panel here but again I'm outside of the free tier so I'm not seeing it

of the free tier so I'm not seeing it here um today okay so you know hopefully

here um today okay so you know hopefully that is clear um but yeah there you go

that is clear um but yeah there you go [Music]

[Music] all right so we created ourselves a

all right so we created ourselves a budget we're monitoring our free tier

budget we're monitoring our free tier but there's another way that we can

but there's another way that we can monitor our spend and that is through

monitor our spend and that is through building alerts or alarms and it is the

building alerts or alarms and it is the old way before uh we had it was budget

old way before uh we had it was budget this is the only way you could do it but

this is the only way you could do it but I still recommend it because there is a

I still recommend it because there is a bit more flexibility here with this

bit more flexibility here with this service and so I wanted to teach you

service and so I wanted to teach you early on so that you know it's available

early on so that you know it's available to you or if you want to play around

to you or if you want to play around with it in the future so what you'll do

with it in the future so what you'll do is go to the top here and type typ in

is go to the top here and type typ in cloudwatch and cloudwatch is one of

cloudwatch and cloudwatch is one of those Services where it's actually a

those Services where it's actually a collection of services so there's

collection of services so there's cloudwatch alarms cloudwatch logs

cloudwatch alarms cloudwatch logs cloudwatch metrics those are all

cloudwatch metrics those are all Individual Services and Abus loves to

Individual Services and Abus loves to update their interface so sometimes

update their interface so sometimes you'll be present with this option to uh

you'll be present with this option to uh change the latest interface I'm going to

change the latest interface I'm going to try out the new interface here um and

try out the new interface here um and that is one challenge with datab is you

that is one challenge with datab is you always have to expect that they're going

always have to expect that they're going to change the UI on you and you're going

to change the UI on you and you're going to have to work through it so just

to have to work through it so just understand that I try to keep my videos

understand that I try to keep my videos up to dat as best I can but part of the

up to dat as best I can but part of the challenge is getting used to that so

challenge is getting used to that so this is what they have today I don't

this is what they have today I don't know if they're going to stick with this

know if they're going to stick with this but this is what it looks like but what

but this is what it looks like but what I want you to do is make your way over

I want you to do is make your way over to alarms on the left hand

to alarms on the left hand side and notice that we actually have a

side and notice that we actually have a section just for billing which is

section just for billing which is interesting I don't remember them having

interesting I don't remember them having that before so it's new so uh here it

that before so it's new so uh here it says Abus Cloud watch help can help you

says Abus Cloud watch help can help you monitor the charges of Abus Bill

monitor the charges of Abus Bill remember that we had to turn that on get

remember that we had to turn that on get 10 free alarms with 1,000 free email

10 free alarms with 1,000 free email notifications each month as part of the

notifications each month as part of the free here so understand that if you

free here so understand that if you create billing alarms they do cost money

create billing alarms they do cost money um as well if you go over that limit but

um as well if you go over that limit but you sure get a lot 10 free alarms is

you sure get a lot 10 free alarms is quite a bit what we'll do is go ahead

quite a bit what we'll do is go ahead here and create ourselves alarm we're

here and create ourselves alarm we're going to go and choose a metric and so

going to go and choose a metric and so here are the options we can choose from

here are the options we can choose from and so we I think would like um billing

and so we I think would like um billing and see we can do buy service or total

and see we can do buy service or total estimated charge we're going to do a

estimated charge we're going to do a total estimated charge we can only

total estimated charge we can only select USD I've never seen any other

select USD I've never seen any other currency over there and so here we kind

currency over there and so here we kind of get this little graph where we can

of get this little graph where we can see stuff um but this is a lot more

see stuff um but this is a lot more powerful than budgets because you can do

powerful than budgets because you can do anomaly detection uh so like here it

anomaly detection uh so like here it will actually check base between a range

will actually check base between a range as opposed to just going through a

as opposed to just going through a particular value but what I'll do is

particular value but what I'll do is just set a value here like uh $50 right

just set a value here like uh $50 right so notice that it sets the line up here

so notice that it sets the line up here and this is my current spend here right

and this is my current spend here right and so back to anomaly detection this is

and so back to anomaly detection this is a lot smarter so uh the idea is that if

a lot smarter so uh the idea is that if something is outside inside this band of

something is outside inside this band of a certain amounts um then it would alert

a certain amounts um then it would alert okay but I'm going to go back here I'm

okay but I'm going to go back here I'm just going to set this to

just going to set this to $50 and that looks okay to me you can

$50 and that looks okay to me you can change the period 6 hours is fine um and

change the period 6 hours is fine um and there's additional configuration that's

there's additional configuration that's fine as well we're going to go ahead and

fine as well we're going to go ahead and hit next uh and so the idea is that um

hit next uh and so the idea is that um you know if it passes that red line it

you know if it passes that red line it will go to an in alarm State and then

will go to an in alarm State and then what it will do is uh we want to uh have

what it will do is uh we want to uh have it to trigger an s topic so I would

it to trigger an s topic so I would generally just create a new one here

generally just create a new one here we'll just say my billing

we'll just say my billing alarm Okay and then here we'll just set

alarm Okay and then here we'll just set the email Andre exam

the email Andre exam pro. and we will go ahead and create

pro. and we will go ahead and create that topic and so that is now set I

that topic and so that is now set I don't know if it would uh confirm it we

don't know if it would uh confirm it we might have to go to our email to confirm

might have to go to our email to confirm it so notice it says pending

it so notice it says pending confirmation so what it has done is it

confirmation so what it has done is it sent me out an email and it wants me to

sent me out an email and it wants me to click that link to confirm um that I

click that link to confirm um that I want to subscribe to it so I might just

want to subscribe to it so I might just do that offc screen to show you here

do that offc screen to show you here okay so I'm just going to pull up my

okay so I'm just going to pull up my email here just give me a

moment okay and so if I come back here this is the email that came in so I'm

this is the email that came in so I'm just going to confirm that subscription

just going to confirm that subscription says I'm confirmed good and if I refresh

says I'm confirmed good and if I refresh this page we can now see that that that

this page we can now see that that that is confirmed all right so we'll scroll

is confirmed all right so we'll scroll down here so we can uh trigger an

down here so we can uh trigger an autoscaling action so maybe you know if

autoscaling action so maybe you know if you have too many servers you say hey

you have too many servers you say hey the cost is too much shut down those

the cost is too much shut down those servers there's ec2 actions things like

servers there's ec2 actions things like that so these are kind of similar to um

that so these are kind of similar to um budgets right there's system manager

budgets right there's system manager actions I imagine all these things are

actions I imagine all these things are available in budgets as well but budgets

available in budgets as well but budgets just makes it a little bit easier to

just makes it a little bit easier to look at so I just say my simple building

look at so I just say my simple building alarm

alarm here we'll hit

here we'll hit next all right we'll hit create alarm

next all right we'll hit create alarm and there you go so billing alarms don't

and there you go so billing alarms don't have like forecasting and things like

have like forecasting and things like that um but you know they are they do

that um but you know they are they do have their own kind of special utility

have their own kind of special utility and so I utilize both okay so there we

and so I utilize both okay so there we go we'll just go back to our Management

go we'll just go back to our Management console move on to the next

console move on to the next [Music]

[Music] one so one of the strongest

one so one of the strongest recommendations that Abus gives you is

recommendations that Abus gives you is to say to set MFA on your adus root user

to say to set MFA on your adus root user account so that's something we're going

account so that's something we're going to do right now so make sure you're

to do right now so make sure you're logged into the root user account so I'm

logged into the root user account so I'm going to go log out as my IM user I'm

going to go log out as my IM user I'm going to go back and log in and I'm

going to go back and log in and I'm going to log in as my uh root user here

going to log in as my uh root user here so to do that no sometimes it will be

so to do that no sometimes it will be expanded as the I am user click and sign

expanded as the I am user click and sign into root user here we'll have root user

into root user here we'll have root user I'm going to go ahead and enter my email

I'm going to go ahead and enter my email that I used and if you do switch

that I used and if you do switch accounts frequently they will ask you

accounts frequently they will ask you these silly captures which drive me

these silly captures which drive me crazy but uh you know it happens you

crazy but uh you know it happens you probably won't encounter it as much as I

probably won't encounter it as much as I do and so I'm going to go ahead and grab

do and so I'm going to go ahead and grab my password here and paste it on in and

my password here and paste it on in and so now that I'm in what I want want to

so now that I'm in what I want want to do is make my way over to I

do is make my way over to I am and I'm going to go and look for

am and I'm going to go and look for users actually sorry just right here add

users actually sorry just right here add an MFA root user we're going to go ahead

an MFA root user we're going to go ahead and hit add

and hit add MFA all right and so that's going to

MFA all right and so that's going to bring us to this screen and so here we

bring us to this screen and so here we can activate our MFA and so we have a

can activate our MFA and so we have a few options here so we have virtual MFA

few options here so we have virtual MFA device u2f security key other Hardware

device u2f security key other Hardware like a uh Gem Gem gy Alto token so you

like a uh Gem Gem gy Alto token so you know I generally use this because I have

know I generally use this because I have a security key and I want to show you

a security key and I want to show you what I'm talking about so this is how I

what I'm talking about so this is how I log into my machine or my ad account

log into my machine or my ad account this is a security key an UB key that

this is a security key an UB key that sits on my desk I tape it so it doesn't

sits on my desk I tape it so it doesn't fall fall off the cord but the idea is

fall fall off the cord but the idea is that when I log in I have to press this

that when I log in I have to press this little button here to double confirm

little button here to double confirm before I get into my account uh but if

before I get into my account uh but if you don't have a security key you can

you don't have a security key you can just use a virtual MFA and all that

just use a virtual MFA and all that means is you're going to um use

means is you're going to um use something on your phone to log in so

something on your phone to log in so we'll click continue here and so it says

we'll click continue here and so it says install a compatible app on your mobile

install a compatible app on your mobile phone or device and so if you click and

phone or device and so if you click and open this what it will do is tell you

open this what it will do is tell you about some things that you can use um so

about some things that you can use um so if we scroll down to

if we scroll down to Virtual here they suggest uh if you have

Virtual here they suggest uh if you have Android iPhone so AI dual mobile last

Android iPhone so AI dual mobile last path Microsoft authenticator Google

path Microsoft authenticator Google Authenticator so Google Authenticator

Authenticator so Google Authenticator Microsoft authenticator and a I have all

Microsoft authenticator and a I have all those three installed um honestly aie

those three installed um honestly aie has the the nicest simplest um UI but

has the the nicest simplest um UI but I'm using Microsoft authen authenticator

I'm using Microsoft authen authenticator quite a bit so anyway whichever you want

quite a bit so anyway whichever you want to do it's fine but what we'll have to

to do it's fine but what we'll have to do is go back here and then it says use

do is go back here and then it says use your virtual MFA app on your device

your virtual MFA app on your device camera to scan your QR code so once you

camera to scan your QR code so once you have one of those apps installed like

have one of those apps installed like aie or whatever one you want what you're

aie or whatever one you want what you're going to do is open up the application

going to do is open up the application and I can't tell you exactly where it is

and I can't tell you exactly where it is but you'll have to hit add account in

but you'll have to hit add account in your in your app and then from there it

your in your app and then from there it will ask you to scan your QR code and so

will ask you to scan your QR code and so once you're ready you hit show The QR

once you're ready you hit show The QR code you hit scan the QR code on your

code you hit scan the QR code on your phone I'm holding my phone up to my my

phone I'm holding my phone up to my my um uh my computer screen here and it's

um uh my computer screen here and it's going to find it and I'm just going to

going to find it and I'm just going to take a moment here to rename the account

take a moment here to rename the account so I can tell what it is so I'm just

so I can tell what it is so I'm just naming it a

naming it a WS sandbox cuz that's what I call this

WS sandbox cuz that's what I call this account and I'm going to go ahead and

account and I'm going to go ahead and save that

save that and so now what I can do is enter uh two

and so now what I can do is enter uh two consecutive MFA codes now this always

consecutive MFA codes now this always confused me what they wanted here but

confused me what they wanted here but the idea is that you're going to see one

the idea is that you're going to see one code right whatever is on the screen

code right whatever is on the screen right now so I'm going to type in it it

right now so I'm going to type in it it says

says 734

734 051 and I'm going to wait until the new

051 and I'm going to wait until the new code shows up so there's like a timer in

code shows up so there's like a timer in all these apps and they go across the

all these apps and they go across the screen or they count down and so you

screen or they count down and so you have to wait for that to happen and so

have to wait for that to happen and so I'm just going to wait here a little bit

and once I get the new number here this one is

one is 07153 0 I'm going to hit assign MFA and

07153 0 I'm going to hit assign MFA and there we go and I can't tell you how

there we go and I can't tell you how many times I like messed that up because

many times I like messed that up because I didn't understand the consecutive

I didn't understand the consecutive numbers but you're just waiting for uh

numbers but you're just waiting for uh the number that's on the screen to enter

the number that's on the screen to enter it in and then enter the next one in to

it in and then enter the next one in to turn on MFA and so now your account is

turn on MFA and so now your account is protected and every time you log in

protected and every time you log in you're going to have to enter in MFA so

you're going to have to enter in MFA so let's log out and see what that looks

let's log out and see what that looks like so we'll go ahead and sign

like so we'll go ahead and sign in and uh again we'll put in our root

in and uh again we'll put in our root user account here we'll type in 74m

user account here we'll type in 74m 32t

32t submit and I need to go grab my password

submit and I need to go grab my password so that's in my password manager just

so that's in my password manager just give me a moment

here and now it wants the MFA code so this is in my phone and so I'm going to

this is in my phone and so I'm going to go enter it in so this one says 475

go enter it in so this one says 475 841 all right we'll hit

841 all right we'll hit submit okay and there we go so that's

submit okay and there we go so that's going to happen every single time we

going to happen every single time we want to log in uh I'm going to tell you

want to log in uh I'm going to tell you that if you get one of these they're so

that if you get one of these they're so much easier to use because you just

much easier to use because you just press the button okay so that's why I

press the button okay so that's why I have this because I cannot stand

have this because I cannot stand entering the code in time and time again

entering the code in time and time again um but you know those are your options

um but you know those are your options there

there [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we looking at the concept of

Pro and we looking at the concept of innovation waves so when we're talking

innovation waves so when we're talking about Innovation waves we're talking

about Innovation waves we're talking about krava or k waves which are

about krava or k waves which are hypothesized cyclik phenomena in the

hypothesized cyclik phenomena in the global World economy and the phenomenon

global World economy and the phenomenon is closely connected with technology

is closely connected with technology life cycles so here is an example where

life cycles so here is an example where each wave is irreversibly changes the

each wave is irreversibly changes the society on a global scale and if you

society on a global scale and if you look across the top we can kind of see

look across the top we can kind of see what they're talking about so we have

what they're talking about so we have steam engine cotton uh Railway and steel

steam engine cotton uh Railway and steel electric engineering chemistry

electric engineering chemistry pet chemicals automobiles information

pet chemicals automobiles information technology and so the idea is that cloud

technology and so the idea is that cloud technology is the latest wave and I'm

technology is the latest wave and I'm not sure if you'd fit web 3 in there as

not sure if you'd fit web 3 in there as well ml AI but maybe they're all part of

well ml AI but maybe they're all part of the same wave or they're separate waves

the same wave or they're separate waves but generally they're broken up based on

but generally they're broken up based on this

this prde here where it says perspective

prde here where it says perspective recession depression and movement uh

recession depression and movement uh Improvement sorry and so this is the

Improvement sorry and so this is the common pattern of wave where we see a

common pattern of wave where we see a change of supply and demand and so if

change of supply and demand and so if we're seeing this we know that we are in

we're seeing this we know that we are in a wave and where we are in a wave

a wave and where we are in a wave [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are looking at the concept of

Pro and we are looking at the concept of a burning platform so burning platform

a burning platform so burning platform is a term used when a company abandons

is a term used when a company abandons old technology for new technology with

old technology for new technology with the uncertainty of success and can be

the uncertainty of success and can be motivated by fear that the

motivated by fear that the organization's future surv uh survival

organization's future surv uh survival hinges on digital transformation and

hinges on digital transformation and just to kind of give you a visualization

just to kind of give you a visualization here is a literal burning platform

here is a literal burning platform platform so imagine you have to jump to

platform so imagine you have to jump to it jump from it to make a change so um

it jump from it to make a change so um you know burning platform could be you

you know burning platform could be you know stop using on Prem and start using

know stop using on Prem and start using cloud or maybe it going from Cloud to

cloud or maybe it going from Cloud to web 3 um and that's generally the idea

web 3 um and that's generally the idea when we talk about a burning

when we talk about a burning [Music]

[Music] platform so I just want to quickly show

platform so I just want to quickly show you that digital transformation

you that digital transformation checklist that I mentioned and the way

checklist that I mentioned and the way you can get to it is by typing in

you can get to it is by typing in digital transformation aw us and so it

digital transformation aw us and so it should bring you to the public sector

should bring you to the public sector page and here it is so we click there

page and here it is so we click there and all it is is a PDF uh so it's not

and all it is is a PDF uh so it's not new it's from 2017 but that doesn't mean

new it's from 2017 but that doesn't mean that it's not uh valid anymore uh it's

that it's not uh valid anymore uh it's just that that's when it was made so we

just that that's when it was made so we scroll on down and we can see

scroll on down and we can see transforming vision and so we have a

transforming vision and so we have a checklist there so if we click into this

checklist there so if we click into this uh we can see things like communicate a

uh we can see things like communicate a vision of what success looks like Define

vision of what success looks like Define a clear governance strategy including

a clear governance strategy including the framework of achieving goals uh

the framework of achieving goals uh build a cross functional team identify

build a cross functional team identify tech technical uh part ERS they talk

tech technical uh part ERS they talk about Shifting the culture and then down

about Shifting the culture and then down below I assume that this one is related

below I assume that this one is related to that one it's unusual because you

to that one it's unusual because you know they just have a checklist here but

know they just have a checklist here but then they have a sub checklist which

then they have a sub checklist which must be clear to that so reorganize

must be clear to that so reorganize staff into smaller teams things like

staff into smaller teams things like that so it's not super complicated

that so it's not super complicated you'll see each category go go Cloud

you'll see each category go go Cloud native they'll have a

native they'll have a checklist um you know and if you are at

checklist um you know and if you are at at the executive level or the sales

at the executive level or the sales level or trying to convince your VPS or

level or trying to convince your VPS or stuff like that give this a read it

stuff like that give this a read it might give you something uh useful in

might give you something uh useful in the end uh to help better communicate

the end uh to help better communicate that transformation for you

that transformation for you [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are looking at the evolution

Pro and we are looking at the evolution of computing power so what is computing

of computing power so what is computing power it's the throughput measured at

power it's the throughput measured at which a computer complete computational

which a computer complete computational tasks and so uh what we're pretty much

tasks and so uh what we're pretty much used to right as of these days is

used to right as of these days is general computing so good example here

general computing so good example here would be a Zeon CPU processor uh that's

would be a Zeon CPU processor uh that's more of a high-end processor not

more of a high-end processor not something you'd find your home computer

something you'd find your home computer but when we're talking about data

but when we're talking about data centers specifically uh um you know

centers specifically uh um you know inabus data centers Zeon CPU processors

inabus data centers Zeon CPU processors or what you're going to come across uh

or what you're going to come across uh then came along a new type of compute

then came along a new type of compute which is GPU Computing um when we're

which is GPU Computing um when we're talking about Google uh Cloud they have

talking about Google uh Cloud they have tensor Computing and so this is where I

tensor Computing and so this is where I get the 50 times faster based on that

get the 50 times faster based on that metric and so I didn't have an exact

metric and so I didn't have an exact metric here for AWS as um solution for

metric here for AWS as um solution for this mid tier of computing power so I

this mid tier of computing power so I just borrowed that 50 times there but

just borrowed that 50 times there but the idea is that GP Computing or tensor

the idea is that GP Computing or tensor Computing uh is is 50 times faster than

Computing uh is is 50 times faster than traditional CPU and generally that's

traditional CPU and generally that's going to be used for uh very specialized

going to be used for uh very specialized tasks when you're doing machine learning

tasks when you're doing machine learning or AI so it's not something you're going

or AI so it's not something you're going to uh be doing for your regular uh web

to uh be doing for your regular uh web workloads but just understand that all

workloads but just understand that all of these uh fits so we're not getting

of these uh fits so we're not getting rid of general computing we're just

rid of general computing we're just adding uh new levels to compute then

adding uh new levels to compute then there's the latest which is uh Quantum

there's the latest which is uh Quantum Computing and so here we have an example

Computing and so here we have an example of the rig R retti 16q Aspen 4 and so it

of the rig R retti 16q Aspen 4 and so it literally looks like it's out of um

literally looks like it's out of um science fiction and this thing is like a

science fiction and this thing is like a 100 million times faster it is super

100 million times faster it is super Cutting Edge and we don't even know

Cutting Edge and we don't even know exactly how it works and there's not

exactly how it works and there's not even anything that's very applicable

even anything that's very applicable that we can use this for but the idea is

that we can use this for but the idea is that we're not done with the evolution

that we're not done with the evolution of of computing power things are going

of of computing power things are going to get a lot faster once we solve this

to get a lot faster once we solve this last one here and so a service offering

last one here and so a service offering here would be for general computing

here would be for general computing you're looking elastic compute Cloud ec2

you're looking elastic compute Cloud ec2 so we have a variety of different uh

so we have a variety of different uh instance types and they're all going to

instance types and they're all going to have different types of Hardware with

have different types of Hardware with different types of general computing um

different types of general computing um for GPU Computing this is a specialized

for GPU Computing this is a specialized chip that adus has produced called the

chip that adus has produced called the adus um and I don't know how to say it

adus um and I don't know how to say it but we'll just abbreviate it to infer so

but we'll just abbreviate it to infer so adus infer chip um and this was designed

adus infer chip um and this was designed as a direct competitor to uh gcps uh

as a direct competitor to uh gcps uh tensor Computing uh unit the t uh TPU um

tensor Computing uh unit the t uh TPU um so this is intended for AI ml workloads

so this is intended for AI ml workloads but it works with not just um tensor

but it works with not just um tensor flow but it works with any machine

flow but it works with any machine learning framework so that is one

learning framework so that is one advantage it has over uh tpus um and

advantage it has over uh tpus um and then the last one here is adus brackets

then the last one here is adus brackets so you can actually use quantum

so you can actually use quantum Computing as a service on adus you uh as

Computing as a service on adus you uh as of even today um the way adus is able to

of even today um the way adus is able to do this is they work with Caltech so

do this is they work with Caltech so that's the California

that's the California technology um University or Institute

technology um University or Institute I'm not sure the name of it there um so

I'm not sure the name of it there um so it's not exactly adus producing this but

it's not exactly adus producing this but adus is doing this as a partnership to

adus is doing this as a partnership to give Quantum Computing accessible to you

okay so I'm here in the ab console because I just want to prove to you that

because I just want to prove to you that you can use quantum Computing on AWS

you can use quantum Computing on AWS it's that accessible so all you'd have

it's that accessible so all you'd have to do is go to the top here type in

to do is go to the top here type in bracket uh and then you make it over to

bracket uh and then you make it over to Amazon bracket and so here uh you can

Amazon bracket and so here uh you can like set up Quantum tasks the first time

like set up Quantum tasks the first time you set it up you got to uh go through

you set it up you got to uh go through this process here um I think I have to

this process here um I think I have to go through this onboarding to be able to

go through this onboarding to be able to show you the next steps so I'm going to

show you the next steps so I'm going to go ahead and enable bracket in this abis

go ahead and enable bracket in this abis account okay and I'm not going to launch

account okay and I'm not going to launch anything I'm just going to try just kind

anything I'm just going to try just kind of show you a little bit of what is

of show you a little bit of what is accessible to you because it's not super

accessible to you because it's not super exciting but the fact that you can do it

exciting but the fact that you can do it is kind of interesting so here I am on

is kind of interesting so here I am on the inside here and we have all these

the inside here and we have all these different types of quantum Computing so

different types of quantum Computing so d-wave I know I I NQ uh retti things

d-wave I know I I NQ uh retti things like that and then down below these are

like that and then down below these are the quantum processing units the qpu and

the quantum processing units the qpu and then down below you have the simulators

then down below you have the simulators so you can kind of simulate uh these

so you can kind of simulate uh these things here um so I think that's kind of

things here um so I think that's kind of interesting uh but in terms of the cost

interesting uh but in terms of the cost like if you scroll on down here um so

like if you scroll on down here um so abis bracket is part of Theus free tier

abis bracket is part of Theus free tier it gives you one free hour of quantum

it gives you one free hour of quantum circuit simulation time per month during

circuit simulation time per month during the first 12 months so it's free to do

the first 12 months so it's free to do uh a circuit simulation but if you

uh a circuit simulation but if you actually want to run it on the actual

actually want to run it on the actual Hardware you can see the cost there's

Hardware you can see the cost there's the per task price the per shot price

the per task price the per shot price things like that uh what could you do

things like that uh what could you do with this I don't know there's things

with this I don't know there's things called like quad bits or something like

called like quad bits or something like that and I can't imagine that you're

that and I can't imagine that you're going to be doing anything useful but I

going to be doing anything useful but I think it's just more so like you are

think it's just more so like you are sending out quad bits or whatever they

sending out quad bits or whatever they are and you're observing them um but

are and you're observing them um but what you could do with them I have no

what you could do with them I have no idea but it's just exciting that you can

idea but it's just exciting that you can do that I didn't have any spend just by

do that I didn't have any spend just by activating that I'm just kind of just

activating that I'm just kind of just showing you there okay

showing you there okay [Music]

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are looking at the benefits of

and we are looking at the benefits of cloud and this is a summary of reasons

cloud and this is a summary of reasons why an organization would uh consider

why an organization would uh consider adopting or migrating to utilizing

adopting or migrating to utilizing public cloud and so we'll quickly go

public cloud and so we'll quickly go through the list here uh because in the

through the list here uh because in the followup slides we actually go into them

followup slides we actually go into them a bit more detailed so we have agility

a bit more detailed so we have agility page a go economy of scale Global reach

page a go economy of scale Global reach security reliability High availability

security reliability High availability scalability um and elasticity so the

scalability um and elasticity so the thing is is that eight of us had this

thing is is that eight of us had this before it was called the six advantages

before it was called the six advantages of cloud but they have reworked it to

of cloud but they have reworked it to include additional items um and so where

include additional items um and so where you see these uh sub bullets here those

you see these uh sub bullets here those are the original six as you see 1 2 3 4

are the original six as you see 1 2 3 4 five six and so I kind of just put them

five six and so I kind of just put them where they kind of uh fall under the new

where they kind of uh fall under the new categories there and you'll notice that

categories there and you'll notice that has included High availability

has included High availability elasticity reliability and security as

elasticity reliability and security as uh new on here okay and so the thing is

uh new on here okay and so the thing is is that

is that um I have always always even in my

um I have always always even in my original uh uh I think in my original

original uh uh I think in my original cloud practitioner had Cloud

cloud practitioner had Cloud architecture as a separate section and

architecture as a separate section and included all these things in here so

included all these things in here so it's a great thing to see that abis has

it's a great thing to see that abis has included it um but in terms of how I

included it um but in terms of how I organized this course we're not going to

organized this course we're not going to cover them in this section because I

cover them in this section because I have the cloud architecture section so

have the cloud architecture section so just understand that we will come to

just understand that we will come to those eventually and I would just say

those eventually and I would just say that adab us is still missing something

that adab us is still missing something on this list which is Fault tolerance so

on this list which is Fault tolerance so you know my list like this except I

you know my list like this except I would add fault tolerance to it so you

would add fault tolerance to it so you have everything there um and Disaster

have everything there um and Disaster Recovery okay so the benefits of cloud

Recovery okay so the benefits of cloud is a reworking expansion of the six

is a reworking expansion of the six advantages of the cloud and we will look

advantages of the cloud and we will look at the original six advantages um and

at the original six advantages um and then look at another one that is more of

then look at another one that is more of a generalized one that I I've used

a generalized one that I I've used across my courses so that we fully

across my courses so that we fully understand the benefits

understand the benefits [Music]

[Music] okay all right let's take a look here at

okay all right let's take a look here at the six advantages to Cloud defined by a

the six advantages to Cloud defined by a and so these are still uh part of 's

and so these are still uh part of 's marketing Pages um but you know it's

marketing Pages um but you know it's interesting because you can't find the

interesting because you can't find the benefits of the cloud in a single page

benefits of the cloud in a single page on any at least the time of making this

on any at least the time of making this so there's a bit of Disconnect between

so there's a bit of Disconnect between the um exam guide and the actual

the um exam guide and the actual marketing material but that's okay I

marketing material but that's okay I fill it all in for you so you know I'm

fill it all in for you so you know I'm just again noting that the six advantage

just again noting that the six advantage of cloud was the original description

of cloud was the original description for cloud benefits and we'll go through

for cloud benefits and we'll go through them okay so the first is trade Capital

them okay so the first is trade Capital expense for variable variable expense so

expense for variable variable expense so you can pay on demand meaning that

you can pay on demand meaning that there's is no upfront cost and you pay

there's is no upfront cost and you pay for only what you consume or you pay by

for only what you consume or you pay by the hour minutes or seconds so instead

the hour minutes or seconds so instead of paying for upfront costs of data

of paying for upfront costs of data centers and servers the next is benefit

centers and servers the next is benefit from uh massive Eon uh economies of

from uh massive Eon uh economies of scale so you are sharing the cost with

scale so you are sharing the cost with other customers to get unbeatable

other customers to get unbeatable savings hundreds of thousands of

savings hundreds of thousands of customers utilizing a fraction of your

customers utilizing a fraction of your server stop guessing capacity so scale

server stop guessing capacity so scale up or down to meet the current needs

up or down to meet the current needs launch and Destroy Services whenever so

launch and Destroy Services whenever so instead of paying for idle or

instead of paying for idle or underutilized servers we have increase

underutilized servers we have increase Speed and Agility so launch resources

Speed and Agility so launch resources within a few clicks and minutes instead

within a few clicks and minutes instead of waiting days or weeks of your it to

of waiting days or weeks of your it to implement the solution on premise we

implement the solution on premise we have stopped spending money on running

have stopped spending money on running and maintaining data centers so focus on

and maintaining data centers so focus on your customers developing and

your customers developing and configuring applications so instead of

configuring applications so instead of operations such as racking stacking and

operations such as racking stacking and powering servers the last is Go Global

powering servers the last is Go Global in minutes so deploy your app in

in minutes so deploy your app in multiple regions around the world with a

multiple regions around the world with a few clicks provide load latency and a

few clicks provide load latency and a better experience for your customers at

better experience for your customers at minimal cost the six advantage of the

minimal cost the six advantage of the cloud still apply and um I like to

cloud still apply and um I like to include them here because they just have

include them here because they just have a different kind of lens or or or uh

a different kind of lens or or or uh angle when you're looking at this stuff

angle when you're looking at this stuff and so we've looked at the six

and so we've looked at the six advantages of cloud and now let's take a

advantages of cloud and now let's take a look at the next slide my reworking of

look at the next slide my reworking of the six advantage of the cloud to be

the six advantage of the cloud to be more generalized

more generalized [Music]

[Music] okay all right I just wanted to show you

okay all right I just wanted to show you where that six advantages of cloud

where that six advantages of cloud computing comes from it's part of the

computing comes from it's part of the itus documentation so I typed it in here

itus documentation so I typed it in here and you can see that it is still around

and you can see that it is still around uh and so it's unusual because this used

uh and so it's unusual because this used to be part of the marketing website it

to be part of the marketing website it had those nice little Graphics um but

had those nice little Graphics um but for whatever reason it's over here now

for whatever reason it's over here now in the overview of Amazon web services

in the overview of Amazon web services and by the way if you're starting

and by the way if you're starting starting out with adabs this is a very

starting out with adabs this is a very light read but it is a good read uh to

light read but it is a good read uh to get started with we obviously cover all

get started with we obviously cover all this stuff in the course um but you know

this stuff in the course um but you know maybe you'll get something different

maybe you'll get something different here but the idea is that Abus has

here but the idea is that Abus has definitely expanded on this but for

definitely expanded on this but for whatever reason this documentation

whatever reason this documentation hasn't changed so just understand that I

hasn't changed so just understand that I polyfilled that for you in this course

polyfilled that for you in this course [Music]

[Music] okay all right so this is the seven

okay all right so this is the seven advantages to Cloud I said six but I

advantages to Cloud I said six but I meant to say seven and so um you know

meant to say seven and so um you know since I've created fundamental courses

since I've created fundamental courses for all the Clusters providers I started

for all the Clusters providers I started to notice kind of a trend and so what I

to notice kind of a trend and so what I did is I normalized it into my own seven

did is I normalized it into my own seven advantages and this actually Maps up

advantages and this actually Maps up really well to the new benefits of the

really well to the new benefits of the cloud so it looks like OS was thinking

cloud so it looks like OS was thinking the same as I was

the same as I was um with the exception of those Cloud

um with the exception of those Cloud architect stuff which I keep in a

architect stuff which I keep in a separate section but let's go through it

separate section but let's go through it and see what is here so the first is

and see what is here so the first is cost effective you pay for what you

cost effective you pay for what you consume no upfront cost on demand

consume no upfront cost on demand pricing so pay as you go P YG with

pricing so pay as you go P YG with thousands of customers sharing the on uh

thousands of customers sharing the on uh sharing the cost of resources adabs used

sharing the cost of resources adabs used to refer to this always as on demand

to refer to this always as on demand pricing and Azure always said pay as you

pricing and Azure always said pay as you go and so it looks like adus now uses

go and so it looks like adus now uses both on demand and pay as you go to

both on demand and pay as you go to describe them which is great um but

describe them which is great um but there you you go then we have Global so

there you you go then we have Global so launch workloads anywhere in the world

launch workloads anywhere in the world just choose a region it's secure so

just choose a region it's secure so cloud provider takes care of physical

cloud provider takes care of physical security cloud services can be secured

security cloud services can be secured by default or you have the ability to

by default or you have the ability to configure access down to a granular

configure access down to a granular level uh it's reliable so data backup

level uh it's reliable so data backup Disaster Recovery data replication fault

Disaster Recovery data replication fault tolerance it's scalable increase or

tolerance it's scalable increase or decrease resources and services based on

decrease resources and services based on demand uh elastic so automate scaling

demand uh elastic so automate scaling during spikes and drop in demand current

during spikes and drop in demand current so the underlying hardware and and

so the underlying hardware and and managed uhof software is patched

managed uhof software is patched upgraded and replaced by the cloud

upgraded and replaced by the cloud provider without interruption to you so

provider without interruption to you so I think this is one that isn't on the

I think this is one that isn't on the benefits of the cloud which is a really

benefits of the cloud which is a really good one um but uh yeah that's the

good one um but uh yeah that's the [Music]

[Music] seven hey this is Angie Brown and we're

seven hey this is Angie Brown and we're taking a look at Aus Global

taking a look at Aus Global infrastructure so what is it well the

infrastructure so what is it well the adus global infrastructure is a globally

adus global infrastructure is a globally distributed hardware and data centers

distributed hardware and data centers that are physically networked together

that are physically networked together to act as one large resource for the end

to act as one large resource for the end customers so what does that mean well if

customers so what does that mean well if you look at the globe on the right hand

you look at the globe on the right hand side and that Globe is really cool

side and that Globe is really cool because adab us used to have a website

because adab us used to have a website where you could uh see a 3D uh globe and

where you could uh see a 3D uh globe and see where all their resources are for

see where all their resources are for whatever reason they took it down but I

whatever reason they took it down but I still have the screenshot of it but the

still have the screenshot of it but the idea is that um the global

idea is that um the global infrastructure represents all that

infrastructure represents all that hardware and the connectivity between

hardware and the connectivity between that Hardware around the world so what

that Hardware around the world so what kind of resources are we talking about

kind of resources are we talking about we're talking about regions we're

we're talking about regions we're talking about availability zones direct

talking about availability zones direct connections uh pops also known as as

connections uh pops also known as as point of presence local zones wavelength

point of presence local zones wavelength zones uh and we should point out that

zones uh and we should point out that Abus has millions of active users uh or

Abus has millions of active users uh or customers and tens of thousands of

customers and tens of thousands of Partners globally so they really are uh

Partners globally so they really are uh kind of everywhere um and if you're

kind of everywhere um and if you're wondering well what are all these

wondering well what are all these resources that's what we're going to get

resources that's what we're going to get into next we're going to break down what

into next we're going to break down what all these particular resources are

all these particular resources are because you definitely need to know what

because you definitely need to know what they are but hopefully that gives you at

they are but hopefully that gives you at a high level that adus has this thing

a high level that adus has this thing called Global infrastructure okay

called Global infrastructure okay [Music]

[Music] hey this is Andrew Brown and we are on

hey this is Andrew Brown and we are on the marketing website for adabs under

the marketing website for adabs under Global infrastructure and this is a

Global infrastructure and this is a great way if you want to explore more

great way if you want to explore more and make sense of that Global

and make sense of that Global infrastructure so if we scroll on down

infrastructure so if we scroll on down here we have a nice map and it's kind of

here we have a nice map and it's kind of indicating as to where those regions are

indicating as to where those regions are notice that there is uh ones in red

notice that there is uh ones in red which are coming soon the Canada West

which are coming soon the Canada West they've been talking about that for I

they've been talking about that for I think a couple years now so still

think a couple years now so still waiting for those but you know just like

waiting for those but you know just like every cloud service provider they're

every cloud service provider they're always expanding looks like we can get a

always expanding looks like we can get a full list here here um and it should

full list here here um and it should indicate where when they launched and if

indicate where when they launched and if they're launching more things so you

they're launching more things so you know that is a nice little list uh that

know that is a nice little list uh that we can get access to but if we go all

we can get access to but if we go all the way to the top across the top we can

the way to the top across the top we can go to Regions and azs uh and this is

go to Regions and azs uh and this is where we should get better information

where we should get better information this is definitely different from before

this is definitely different from before and I don't think the top of canidate is

and I don't think the top of canidate is supposed to look like that but uh I

supposed to look like that but uh I guess it's the best that they can do so

guess it's the best that they can do so uh what I want to point out on these

uh what I want to point out on these pages is uh the terms of uh the number

pages is uh the terms of uh the number of resources so I'm just going to bump

of resources so I'm just going to bump up the font because it's a little bit

up the font because it's a little bit small even for me if we go on down below

small even for me if we go on down below here you can see that it's describing um

here you can see that it's describing um let's say a particular region so here in

let's say a particular region so here in Canada we can see uh we have three

Canada we can see uh we have three availability zones and when it launched

availability zones and when it launched sometimes they have these Asters on here

sometimes they have these Asters on here so it says located in the Montreal uh

so it says located in the Montreal uh metropolian area so that's a good

metropolian area so that's a good indicator because central Canada could

indicator because central Canada could mean Toronto could mean Winnipeg so

mean Toronto could mean Winnipeg so that's why they put the asterisk on

that's why they put the asterisk on there um but just notice that what

there um but just notice that what you'll usually see for availability

you'll usually see for availability zones you'll never see anything beyond

zones you'll never see anything beyond six I'm not sure why but that seems to

six I'm not sure why but that seems to be the max usually when a region

be the max usually when a region launches it should have three

launches it should have three availability availability zones I think

availability availability zones I think in the past there might have been some

in the past there might have been some that did not have um at least three and

that did not have um at least three and the reason why it's important to have

the reason why it's important to have three in a zone is that is how we get

three in a zone is that is how we get high availability uh the way you do that

high availability uh the way you do that is you should have um let's say we're

is you should have um let's say we're talking about compute that compute

talking about compute that compute should be um running redundantly into

should be um running redundantly into two other uh data centers in your region

two other uh data centers in your region to ensure um that you have up time in

to ensure um that you have up time in case the other two go out so just make

case the other two go out so just make note of that if you're coming from Azure

note of that if you're coming from Azure Azure uh will launch things without

Azure uh will launch things without having all of their uh zones uh gcp is

having all of their uh zones uh gcp is really good where they'll always at

really good where they'll always at least have three so uh each provider

least have three so uh each provider Works a little bit differently there um

Works a little bit differently there um but yeah you can see here for North

but yeah you can see here for North America we just scroll through here you

America we just scroll through here you can find your particular area and look

can find your particular area and look at the map uh and wonder why it's so

at the map uh and wonder why it's so distorted but yeah hopefully that gives

distorted but yeah hopefully that gives you kind of an idea there and if you

you kind of an idea there and if you want to explore any of these other uh

want to explore any of these other uh particular offerings you absolutely can

particular offerings you absolutely can of course we do cover in the course so

of course we do cover in the course so it's not really necessary to do that but

it's not really necessary to do that but I thought uh it'd be nice to show you

I thought uh it'd be nice to show you this page okay

this page okay [Music]

[Music] ciao hey this is Andrew Brown from exam

ciao hey this is Andrew Brown from exam Pro and we are taking a look at a

Pro and we are taking a look at a regions and regions are geographically

regions and regions are geographically distinct locations consisting of one or

distinct locations consisting of one or more availability Zone and so here is a

more availability Zone and so here is a world map showing you all the regions

world map showing you all the regions that abos has in the world and the blue

that abos has in the world and the blue ones represent regions that are already

ones represent regions that are already available to you and the orange ones

available to you and the orange ones represent ones that adus is planning to

represent ones that adus is planning to open so adus is always expanding their

open so adus is always expanding their infrastructure uh in the world so always

infrastructure uh in the world so always expect there to be uh more upcoming ones

expect there to be uh more upcoming ones every region is physically isolated from

every region is physically isolated from independent of every other region in

independent of every other region in terms of location Power and Water Supply

terms of location Power and Water Supply and the most important region that you

and the most important region that you should give attention to Is Us East one

should give attention to Is Us East one uh in particular so this is Northern

uh in particular so this is Northern Virginia it was ad's first region where

Virginia it was ad's first region where we saw the launch of SQ us and S3 uh and

we saw the launch of SQ us and S3 uh and there are a lot of uh special use cases

there are a lot of uh special use cases where things only work in Us East ones

where things only work in Us East ones and we'll find that out here in a moment

and we'll find that out here in a moment what I do want to show you is what it

what I do want to show you is what it looks like for an architectural diagram

looks like for an architectural diagram when you are seeing a region so notice

when you are seeing a region so notice that we have this um uh little flag here

that we have this um uh little flag here it says Us East one US West one and

it says Us East one US West one and inside of it we have an E2 instance so

inside of it we have an E2 instance so that is going to represent a region in

that is going to represent a region in our architectural diagrams uh but let's

our architectural diagrams uh but let's look at some of the facts here and

look at some of the facts here and understand why Us East or Us East one is

understand why Us East or Us East one is so important so each region generally

so important so each region generally has three availability zones and that is

has three availability zones and that is by intention and we will talk about that

by intention and we will talk about that when we get to the availability Zone

when we get to the availability Zone section some new users are limited to

section some new users are limited to two or uh to two uh but generally

two or uh to two uh but generally there's always three okay new Services

there's always three okay new Services almost always become available first in

almost always become available first in Us East and specifically Us East one not

Us East and specifically Us East one not all services are available in all

all services are available in all regions all your billing information

regions all your billing information appears in Us East one so that's a US1

appears in Us East one so that's a US1 particular thing uh the cost of AA

particular thing uh the cost of AA Services vary per region and so if you

Services vary per region and so if you were on the marketing website or forious

were on the marketing website or forious Global infrastructure you can see uh

Global infrastructure you can see uh here in North America they will say like

here in North America they will say like when it launched how many availability

when it launched how many availability zones and there might be some conditions

zones and there might be some conditions so you'll notice there's like asteris uh

so you'll notice there's like asteris uh beside these things here or um in this

beside these things here or um in this one particular there's an asteris saying

one particular there's an asteris saying hey there are three zones but generally

hey there are three zones but generally you're limited to two Okay when you

you're limited to two Okay when you choose a region there are four factors

choose a region there are four factors you need to consider uh what are the

you need to consider uh what are the Regulatory Compliance does this region

Regulatory Compliance does this region meet what is the cost of this Inus

meet what is the cost of this Inus service in this region what in services

service in this region what in services are available in this region and what is

are available in this region and what is the distance distance or latency to my

the distance distance or latency to my end users and those are those four

end users and those are those four factors that you should remember

factors that you should remember [Music]

[Music] okay all right so we just talked about

okay all right so we just talked about adus regions now let's talk about uh how

adus regions now let's talk about uh how that affects our services versus

that affects our services versus regional and Global Services so Regional

regional and Global Services so Regional services are scoped based on what is set

services are scoped based on what is set in the adus Management console on the

in the adus Management console on the selected region so you have this drop

selected region so you have this drop down and that's what you'll do you'll

down and that's what you'll do you'll say Okay I want to have resour sources

say Okay I want to have resour sources in Canada or in Europe uh so this will

in Canada or in Europe uh so this will determine where a na service will be

determine where a na service will be launched and what will be seen within

launched and what will be seen within the ad Services console you generally

the ad Services console you generally don't explicitly set the region for a

don't explicitly set the region for a service at the time of creation I

service at the time of creation I explicitly mentioned this because when

explicitly mentioned this because when you use something like gcp or Azure when

you use something like gcp or Azure when you create the resource that's when you

you create the resource that's when you select the region but ads is it has this

select the region but ads is it has this kind of global thing which is unique to

kind of global thing which is unique to their platform um then there's the

their platform um then there's the concept of Global Services so some a

concept of Global Services so some a Services operate across multiple Reg

Services operate across multiple Reg and the region will be fixed to the word

and the region will be fixed to the word Global and for these that's services

Global and for these that's services like S3 cloudfront R 53 am so the idea

like S3 cloudfront R 53 am so the idea is if you were to go over to cloudfront

is if you were to go over to cloudfront and go into the cloudfront console

and go into the cloudfront console you'll notice that it will just say

you'll notice that it will just say Global and you can't switch out of that

Global and you can't switch out of that uh for these Global Services um at the

uh for these Global Services um at the time of creation it's a bit different so

time of creation it's a bit different so we were saying up here for regional ones

we were saying up here for regional ones that you don't select the region but

that you don't select the region but when you are clearing Global Services if

when you are clearing Global Services if you're using something like I am there

you're using something like I am there is no concept of region because they're

is no concept of region because they're just globally available so you don't

just globally available so you don't have to determine a subset of regions if

have to determine a subset of regions if you're using S3 bucket that has to be in

you're using S3 bucket that has to be in one region so you actually do have to

one region so you actually do have to select a region at time of creation um

select a region at time of creation um and then there's something like Cloud

and then there's something like Cloud firm distributions where you are

firm distributions where you are choosing a group of regions so you

choosing a group of regions so you either say all of the world or only

either say all of the world or only North America which is more like

North America which is more like geographic distribution so you don't say

geographic distribution so you don't say the region in particular but you know

the region in particular but you know hopefully that gives you a distinction

hopefully that gives you a distinction between Regional services and Global

between Regional services and Global [Music]

[Music] Services hey this is Andrew Brown from

Services hey this is Andrew Brown from exam Pro and we are taking a look at

exam Pro and we are taking a look at availability zones so availability zones

availability zones so availability zones commonly abbreviated as a and I'll

commonly abbreviated as a and I'll frequently be using the term a is

frequently be using the term a is physical locations made up of one or

physical locations made up of one or more data centers so a data center is a

more data centers so a data center is a secured building that contains hundreds

secured building that contains hundreds or thousands of computers uh and this is

or thousands of computers uh and this is one of my favorite Graphics I like to

one of my favorite Graphics I like to show of course uh you know ads would

show of course uh you know ads would never have a dog um in their data center

never have a dog um in their data center but I just thought that would be fun a

but I just thought that would be fun a region will generally contain three

region will generally contain three availability zones and I say generally

availability zones and I say generally because there are some cases where we

because there are some cases where we will see uh less than three so there

will see uh less than three so there might be two um data centers within a

might be two um data centers within a region will be isolate from each other

region will be isolate from each other um so there will be in different

um so there will be in different buildings but they will be close enough

buildings but they will be close enough to provide low latency and that is

to provide low latency and that is within the uh 10 milliseconds or less so

within the uh 10 milliseconds or less so it's very very low uh it's common

it's very very low uh it's common practice to run workloads in at least

practice to run workloads in at least three azs to ensure Services remain

three azs to ensure Services remain available in case one or two data

available in case one or two data centers fail and this is known as high

centers fail and this is known as high availability and this generally is

availability and this generally is driven based on Regulatory Compliance so

driven based on Regulatory Compliance so a lot of companies uh you know they have

a lot of companies uh you know they have to at least be running in 3 A's and

to at least be running in 3 A's and that's why itus tries to always have at

that's why itus tries to always have at least three azs within a region uh A's

least three azs within a region uh A's are represented by a region code

are represented by a region code followed by a letter so here you know

followed by a letter so here you know you'd have us East one which would be

you'd have us East one which would be the region and then the a would

the region and then the a would represent the particular availability

represent the particular availability Zone in that region um so a subnet which

Zone in that region um so a subnet which is related to availability zones is

is related to availability zones is associated with a uh two availability

associated with a uh two availability zones so you never choose an a when

zones so you never choose an a when launching resources you always choose a

launching resources you always choose a subnet which is then Associated to an a

subnet which is then Associated to an a a lot of services um you know don't even

a lot of services um you know don't even require you to choose a subnet because

require you to choose a subnet because they're fully managed by AWS but in the

they're fully managed by AWS but in the case of like virtual machines you're

case of like virtual machines you're always choosing a subnet okay so here is

always choosing a subnet okay so here is a graphical uh representation or a

a graphical uh representation or a diagram that's representing two

diagram that's representing two availability zones so here we have the

availability zones so here we have the region Us East 1 and US West 2 and then

region Us East 1 and US West 2 and then we have our 2 a so here is 1 a and 1 B

we have our 2 a so here is 1 a and 1 B and so these are effectively the subnets

and so these are effectively the subnets okay and so within those subnets then

okay and so within those subnets then you can see or availability zones you

you can see or availability zones you will see that we have two virtual

will see that we have two virtual machines okay so the US east1 region has

machines okay so the US east1 region has six azs and I thought that's just kind

six azs and I thought that's just kind of like a fun fact because it is the

of like a fun fact because it is the most out of every single one um I don't

most out of every single one um I don't think anyone comes close to us East one

think anyone comes close to us East one but of course it is the most popular it

but of course it is the most popular it is the uh first uh um region or so it's

is the uh first uh um region or so it's not a surprise that that has that many

not a surprise that that has that many [Music]

[Music] a okay so we just covered regions and

a okay so we just covered regions and availability zones but I really want to

availability zones but I really want to make it clear uh what they look like so

make it clear uh what they look like so I kind of have a visual representation

I kind of have a visual representation so let's say we have our adus region and

so let's say we have our adus region and in this particular one we have Canada

in this particular one we have Canada Central which in particular is Montreal

Central which in particular is Montreal so CA Central 1 uh and the idea here is

so CA Central 1 uh and the idea here is that a region has multiple availability

that a region has multiple availability zones so here you can see that we have

zones so here you can see that we have uh 1 a one 1B and 1D for some reason

uh 1 a one 1B and 1D for some reason adus decided to uh not launch 1 C maybe

adus decided to uh not launch 1 C maybe it's haunted who knows you know um and

it's haunted who knows you know um and then within your um availability zones

then within your um availability zones they are made up of one or more data

they are made up of one or more data centers so just understand that an a is

centers so just understand that an a is not a single data center but could be a

not a single data center but could be a collection of buildings and that these

collection of buildings and that these azs um are interconnected with high

azs um are interconnected with high bandwidth low latency networking they're

bandwidth low latency networking they're fully redundant dedicated to metrof

fully redundant dedicated to metrof fiber providing high throughput low

fiber providing high throughput low latency networking between so just very

latency networking between so just very fast Connections in between

fast Connections in between and all traffic between azs is encrypted

and all traffic between azs is encrypted and these azs are within 100 km so about

and these azs are within 100 km so about 60 mil uh of each other

60 mil uh of each other [Music]

[Music] okay so what I want to do here is just

okay so what I want to do here is just show you uh how regions and availability

show you uh how regions and availability zones work with some different adus

zones work with some different adus services so you have a general idea when

services so you have a general idea when you are selecting uh a region or a and

you are selecting uh a region or a and when you're not so within AOS when you

when you're not so within AOS when you want to select a region you're going to

want to select a region you're going to go up here and it and this is going to

go up here and it and this is going to apply to Regional Services a very famous

apply to Regional Services a very famous example of a regional service would be

example of a regional service would be ec2 so we go over to ec2 which is

ec2 so we go over to ec2 which is elastic uh cloud computing or compute

elastic uh cloud computing or compute whatever I just forget the name of it

whatever I just forget the name of it and what we can do is go over to

and what we can do is go over to instances I'm going to launch an

instances I'm going to launch an instance I'm not going to complete the

instance I'm not going to complete the process I just want to show you what

process I just want to show you what would happen when you go select some

would happen when you go select some things here so I'm going to go with

things here so I'm going to go with Amazon L 2 um we're going to just go to

Amazon L 2 um we're going to just go to uh next here and so here here is where

uh next here and so here here is where we're going to select um our

we're going to select um our availability zone so up here we have

availability zone so up here we have North Virginia that's our region and

North Virginia that's our region and when I say we're selecting availability

when I say we're selecting availability Zone we're actually selecting the subnet

Zone we're actually selecting the subnet so so here we are choosing a subnet and

so so here we are choosing a subnet and a subnet is associated to a availability

a subnet is associated to a availability Zone and every single um uh region has a

Zone and every single um uh region has a default VPC and that VPC has uh subnets

default VPC and that VPC has uh subnets set up and the subnets are defaulted to

set up and the subnets are defaulted to each of the availability zones available

each of the availability zones available so USC 1 has six of them so this server

so USC 1 has six of them so this server is going to launch in Us East 1B so this

is going to launch in Us East 1B so this is a regional service okay uh then we

is a regional service okay uh then we have Global Services like S3 so we go

have Global Services like S3 so we go over to

over to S3 and it says it's Global right and so

S3 and it says it's Global right and so we're going to go ahead and create our

we're going to go ahead and create our bucket and so here we choose the region

bucket and so here we choose the region so we go down we're going to say the

so we go down we're going to say the region we want to be in but we don't

region we want to be in but we don't choose the availability Zone because

choose the availability Zone because there's nothing to um uh choose because

there's nothing to um uh choose because adabs is going to run these in multiple

adabs is going to run these in multiple A's and it doesn't matter to you what

A's and it doesn't matter to you what it's doing there okay um so there's that

it's doing there okay um so there's that and then there's something like

and then there's something like cloudfront so Cloud front's a little bit

cloudfront so Cloud front's a little bit uh different here so we go over to

uh different here so we go over to cloudfront and we create ourselves a

cloudfront and we create ourselves a distribution um and so yeah if if you

distribution um and so yeah if if you don't have that option there because

don't have that option there because sometimes databus has like a splash

sometimes databus has like a splash screen just click on the left hand side

screen just click on the left hand side then go to

then go to distributions okay and so here well they

distributions okay and so here well they changed it again on me they're always

changed it again on me they're always changing this UI but if we scroll on

changing this UI but if we scroll on down it should allow us to

down it should allow us to change um change where this is going to

change um change where this is going to launch it's like Global stuff like that

launch it's like Global stuff like that literally they just recently changed

literally they just recently changed this and that's why I'm

this and that's why I'm confused uh we'll scroll on down

confused uh we'll scroll on down here it used to

here it used to be maybe it's under

be maybe it's under Legacy

Legacy additional

additional customized oh it's here sorry okay so

customized oh it's here sorry okay so noce here the price class that says use

noce here the price class that says use the edge locations for best performance

the edge locations for best performance North America and Europe North America

North America and Europe North America Europe Asia middle uh Middle East and

Europe Asia middle uh Middle East and Africa so we're not choosing a

Africa so we're not choosing a particular region we're picking a

particular region we're picking a geographical area and so those are

geographical area and so those are pretty much the major um uh uh examples

pretty much the major um uh uh examples of that uh then there's of course things

of that uh then there's of course things like in I am where you don't even say

like in I am where you don't even say where it is so you go into I am you know

where it is so you go into I am you know and if I create something like a group

and if I create something like a group uh over here a user group whoops

uh over here a user group whoops here I say create group you know I'm not

here I say create group you know I'm not saying oh this is for this particular

saying oh this is for this particular region or something like that okay so

region or something like that okay so yeah hopefully that makes

yeah hopefully that makes [Music]

[Music] sense hey this is Andrew Brown from exam

sense hey this is Andrew Brown from exam Pro and let's take a look here at fault

Pro and let's take a look here at fault tolerance specifically for Global

tolerance specifically for Global infrastructure and so before we jump

infrastructure and so before we jump into that let's just Define some fault

into that let's just Define some fault terminology here uh so let's describe

terminology here uh so let's describe what a fault domain is so a fault domain

what a fault domain is so a fault domain is a section of a network that is

is a section of a network that is vulnerable to damage if a critical

vulnerable to damage if a critical device or system fails and the purpose

device or system fails and the purpose of a fault domain is that if a failure

of a fault domain is that if a failure occurs it will not Cascade outside that

occurs it will not Cascade outside that domain limiting the possible damage and

domain limiting the possible damage and so uh there's this very popular meme

so uh there's this very popular meme called This is fine where uh there's

called This is fine where uh there's obviously a serious problem but uh the

obviously a serious problem but uh the person's not freaking out and I gave it

person's not freaking out and I gave it some context to say well the reason

some context to say well the reason they're not freaking out because they

they're not freaking out because they know that this is a fault domain and

know that this is a fault domain and nothing outside of this room is going to

nothing outside of this room is going to be affected okay so you can have fault

be affected okay so you can have fault domains nested inside of other fault

domains nested inside of other fault domains uh but generally they're grouped

domains uh but generally they're grouped in something called fault level so a

in something called fault level so a fault level is a collection of fault

fault level is a collection of fault domains um and the scoping of a fault

domains um and the scoping of a fault domain could be something like a

domain could be something like a specific specific servers in a rack an

specific specific servers in a rack an entire Rack in a data center an entire

entire Rack in a data center an entire room in a data center the entire data

room in a data center the entire data set are building and it's really up to

set are building and it's really up to the cloud service provider to define

the cloud service provider to define those boundaries of a domain adus

those boundaries of a domain adus abstracts it all way so you don't have

abstracts it all way so you don't have to think about it but just to compare it

to think about it but just to compare it against something else when you're using

against something else when you're using Azure you actually Define your fault

Azure you actually Define your fault domain so you might say like okay

domain so you might say like okay uh make sure that this workload is never

uh make sure that this workload is never running on the same VM on the same rack

running on the same VM on the same rack for these things uh and you know you

for these things uh and you know you might like to have that level of control

might like to have that level of control but I really like the fact that itus

but I really like the fact that itus just abstracts it away I'm not sure how

just abstracts it away I'm not sure how they segment their uh their their fault

they segment their uh their their fault domains but they they definitely are

domains but they they definitely are some broader ones which we'll describe

some broader ones which we'll describe right now so when we're looking at an

right now so when we're looking at an abis region this would be considered a

abis region this would be considered a fault level and then within that fault

fault level and then within that fault level you would have your uh

level you would have your uh availability zones and these would be

availability zones and these would be considered fault domains and of course

considered fault domains and of course those data centers can have have uh

those data centers can have have uh fault domains within them okay like

fault domains within them okay like maybe you know they have everything in a

maybe you know they have everything in a particular room and that room is secure

particular room and that room is secure so like if there's a fire in that room

so like if there's a fire in that room it's not going to affect the other room

it's not going to affect the other room things like that um so each Amazon

things like that um so each Amazon region is designed to be completely

region is designed to be completely isolated from the other Amazon region

isolated from the other Amazon region the uh they achieve this with the

the uh they achieve this with the greatest possible fault tolerance and

greatest possible fault tolerance and stability uh each availab availability

stability uh each availab availability zone is also isolated but the

zone is also isolated but the availability Zone in a region are

availability Zone in a region are connected through low latency links each

connected through low latency links each availability zone is designed as an

availability zone is designed as an independent failure Zone

independent failure Zone and so here we have some kind of

and so here we have some kind of different language that adus is using um

different language that adus is using um I've never experienced this terminology

I've never experienced this terminology in other any other cloud service

in other any other cloud service provider so I kind of feel like it's

provider so I kind of feel like it's something that it us made up but

something that it us made up but basically a failure Zone they're just

basically a failure Zone they're just basically saying a fault domain but

basically saying a fault domain but let's kind of expand on their fault uh

let's kind of expand on their fault uh failure Zone terminology so availability

failure Zone terminology so availability zones are physically separated within a

zones are physically separated within a typical Metropolitan region and are

typical Metropolitan region and are located in lower risk uh flood planes

located in lower risk uh flood planes discret uninterruptible power supply so

discret uninterruptible power supply so UPS and an on-site backup uh generation

UPS and an on-site backup uh generation facilities uh Data Centers located in

facilities uh Data Centers located in different azs are uh designed to be

different azs are uh designed to be supplied by independent substations to

supplied by independent substations to reduce the risk of an event on the power

reduce the risk of an event on the power grid impacting more than one

grid impacting more than one availability Zone availability zones are

availability Zone availability zones are all redundantly connected to multiple

all redundantly connected to multiple tier one Transit providers and we'll

tier one Transit providers and we'll talk about what those are uh in an

talk about what those are uh in an upcoming slide and just one thing I want

upcoming slide and just one thing I want to note here is that when you adopt

to note here is that when you adopt multi-az you get high availability so if

multi-az you get high availability so if an application is partitioned across A's

an application is partitioned across A's companies are better isolated and

companies are better isolated and protected from issues such as power

protected from issues such as power outages lightning strikes tornadoes

outages lightning strikes tornadoes earthquakes and more so that's the idea

earthquakes and more so that's the idea behind you know why we want to run in

behind you know why we want to run in multi-az okay because of these fault

multi-az okay because of these fault [Music]

[Music] domains hey this is Andrew Brown from

domains hey this is Andrew Brown from exam Pro and we're talking about the

exam Pro and we're talking about the adus global Network so the global

adus global Network so the global Network represents interconnections

Network represents interconnections between a global infrastructure and it's

between a global infrastructure and it's commonly referred to as the backbone of

commonly referred to as the backbone of AWS so is EC to so just understand that

AWS so is EC to so just understand that that could be used in more than one way

that could be used in more than one way but think of it as a private express way

but think of it as a private express way where things can move fast between data

where things can move fast between data centers and uh one thing that is

centers and uh one thing that is utilized a lot to get data in and out of

utilized a lot to get data in and out of AWS very quickly is Edge locations they

AWS very quickly is Edge locations they can act as on and off ramps uh to the ad

can act as on and off ramps uh to the ad Global Network of course you can uh get

Global Network of course you can uh get to the network through pops which we'll

to the network through pops which we'll talk about um you know in the upcoming

talk about um you know in the upcoming slides here but let's just talk about

slides here but let's just talk about Edge locations and what services use

Edge locations and what services use them so uh when we're talking about

them so uh when we're talking about things that are getting on to the adus

things that are getting on to the adus network we're looking at things like

network we're looking at things like Abus Global accelerator adus S3 transfer

Abus Global accelerator adus S3 transfer acceleration and so uh these use agile

acceleration and so uh these use agile locations as an on-ramp to quickly reach

locations as an on-ramp to quickly reach adus resources and other regions by

adus resources and other regions by traversing the fast adus Global Network

traversing the fast adus Global Network notice that the names in it say

notice that the names in it say accelerator acceleration so the idea is

accelerator acceleration so the idea is that they are moving really fast okay on

that they are moving really fast okay on the other side when we talk about like

the other side when we talk about like an offramp or looking at Amazon

an offramp or looking at Amazon cloudfront which is a Content

cloudfront which is a Content distribution Network this uses Edge

distribution Network this uses Edge locations to uh as an offramp to provide

locations to uh as an offramp to provide at the edge storage and compute near the

at the edge storage and compute near the end user uh and one other thing that is

end user uh and one other thing that is kind of always utilized in the global

kind of always utilized in the global Network are VPC end points now these

Network are VPC end points now these aren't using Edge locations but the idea

aren't using Edge locations but the idea here is that this ensures your resources

here is that this ensures your resources stay within the Aus Network and do not

stay within the Aus Network and do not Traverse over the public internet so you

Traverse over the public internet so you know if you have uh you know a resource

know if you have uh you know a resource running in Us East one and one in uh EU

running in Us East one and one in uh EU it would and they never have to go to

it would and they never have to go to the Internet it would make sense to

the Internet it would make sense to always enforce it to stay within the

always enforce it to stay within the network because it's going to be a lot

network because it's going to be a lot faster so there you

faster so there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are taking a look at point of

Pro and we are taking a look at point of presence also known as Pop and this is

presence also known as Pop and this is an intermediate location between anabis

an intermediate location between anabis region and the end user and this

region and the end user and this location could be a data center or a

location could be a data center or a collection of Hardware so for AWS a

collection of Hardware so for AWS a point of presence is a data center owned

point of presence is a data center owned by AWS or trusted partner that is

by AWS or trusted partner that is utilized byus Services related for

utilized byus Services related for Content delivery or expediated upload so

Content delivery or expediated upload so a pop res could be something like an

a pop res could be something like an edge location or Regional Edge cache so

edge location or Regional Edge cache so as an example over here we see an S3

as an example over here we see an S3 bucket and it has to go through Regional

bucket and it has to go through Regional Edge cache and then get to an edge

Edge cache and then get to an edge location let's go Define what those are

location let's go Define what those are so an edge location are data centers

so an edge location are data centers that hold cache copies on the most

that hold cache copies on the most popular files so web pages images and

popular files so web pages images and videos so that the delivery of the

videos so that the delivery of the distance to the end users are reduced

distance to the end users are reduced then you have Regional Edge locations

then you have Regional Edge locations and these are data centers that hold

and these are data centers that hold much larger caches of less popular files

much larger caches of less popular files to reduce a full round trip and also to

to reduce a full round trip and also to reduce the cost of transfer

reduce the cost of transfer [Music]

[Music] fees so to kind of help put pops more in

fees so to kind of help put pops more in presence just in the general sense here

presence just in the general sense here is a uh diagram I got from Wikipedia

is a uh diagram I got from Wikipedia that kind of just shows a bunch of

that kind of just shows a bunch of different networks and notice where the

different networks and notice where the pop is it's on the edge or the

pop is it's on the edge or the intersection of uh two networks so here

intersection of uh two networks so here you know we have um you know tier three

you know we have um you know tier three and then there's tier two and there's

and then there's tier two and there's this pop that is in between them okay so

this pop that is in between them okay so tier one networks is a network that can

tier one networks is a network that can reach every other network on the

reach every other network on the internet without purchasing IP transit

internet without purchasing IP transit or paying for peering and so the inabus

or paying for peering and so the inabus availability zones or A's are all

availability zones or A's are all redundantly connected to multiple tier

redundantly connected to multiple tier one Transit providers

one Transit providers [Music]

[Music] okay all right so let's take a look at

okay all right so let's take a look at somea services that are utilizing pops

somea services that are utilizing pops or Edge locations for Content delivery

or Edge locations for Content delivery or expediated upload so Amazon

or expediated upload so Amazon cloudfront is a Content delivery network

cloudfront is a Content delivery network service and the idea here you point your

service and the idea here you point your website to cloudfront so that it will

website to cloudfront so that it will route requests to the nearest Edge

route requests to the nearest Edge location cache it's going to allow you

location cache it's going to allow you to choose an origin so that could be a

to choose an origin so that could be a web server or storage that will be the

web server or storage that will be the source of the cach and cach is the

source of the cach and cach is the content of what origin would return to

content of what origin would return to various Edge locations around the world

various Edge locations around the world then you have Amazon S3 transfer

then you have Amazon S3 transfer acceleration this allows you to generate

acceleration this allows you to generate a special URL that can be used by the

a special URL that can be used by the end users to upload files to a nearby

end users to upload files to a nearby Edge location once a file is uploaded to

Edge location once a file is uploaded to an edge location it can move much faster

an edge location it can move much faster within the adus network to reach S3

within the adus network to reach S3 then at the end here you have adus

then at the end here you have adus Global accelerator you can find the

Global accelerator you can find the optimal path from the end user to your

optimal path from the end user to your web servers so Global accelerators are

web servers so Global accelerators are deployed within Edge location so you

deployed within Edge location so you send user traffic to an edge location

send user traffic to an edge location instead of directly to your web

instead of directly to your web application this service is really

application this service is really really great for if let's say you are

really great for if let's say you are running a web server in Us East one and

running a web server in Us East one and you just don't have the time uh to set

you just don't have the time uh to set up infrastructure in other regions you

up infrastructure in other regions you turn this on and you basically get a

turn this on and you basically get a boost okay

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and let's take a look at itus direct

and let's take a look at itus direct connect so this is a private or

connect so this is a private or dedicated connection between your data

dedicated connection between your data center office collocation and AWS and so

center office collocation and AWS and so the idea here is imagine if you had a

the idea here is imagine if you had a fiber optic cable running from your uh

fiber optic cable running from your uh data center all the way to your ads so

data center all the way to your ads so that it feels like uh when you're using

that it feels like uh when you're using your stuff on your data center like your

your stuff on your data center like your local virtual machines that uh there's

local virtual machines that uh there's like next to no latency okay so Direct

like next to no latency okay so Direct Connect has two very fast network

Connect has two very fast network connection options we have have the

connection options we have have the lower bandwidth which is at 50 to 500

lower bandwidth which is at 50 to 500 megabytes per second and then you have

megabytes per second and then you have the higher bandwidth which is 1 GB to 10

the higher bandwidth which is 1 GB to 10 gbes per second so using Direct Connect

gbes per second so using Direct Connect helps reduce Network costs increase

helps reduce Network costs increase bandwidth throughput so great for hi

bandwidth throughput so great for hi trffic networks provides a more

trffic networks provides a more consistent Network experience than a

consistent Network experience than a typical internet-based connection so

typical internet-based connection so reliable and secure U I do want to point

reliable and secure U I do want to point out the term collocation if you never

out the term collocation if you never heard of that before a collocation or a

heard of that before a collocation or a carrier hotel is a data center where

carrier hotel is a data center where equipment space and bandwidth are

equipment space and bandwidth are available for rental uh to retail

available for rental uh to retail customers and I do want to also point

customers and I do want to also point out that even though it says private up

out that even though it says private up here and this is the language that AWS

here and this is the language that AWS used I usually just say dedicated but

used I usually just say dedicated but the connection is private but that

the connection is private but that doesn't necessarily mean it's secure

doesn't necessarily mean it's secure okay so uh we'll talk about that when we

okay so uh we'll talk about that when we reach ads vpns and how we can use that

reach ads vpns and how we can use that with direct connect to make sure our

with direct connect to make sure our connections are secure

connections are secure [Music]

[Music] okay all right so let's take a look at

okay all right so let's take a look at what a direct connect location is so a

what a direct connect location is so a direct connect location our trusted

direct connect location our trusted partner data centers that you can

partner data centers that you can establish a dedicated highspeed low

establish a dedicated highspeed low latency connection from your on- premise

latency connection from your on- premise to AWS so an example of a partner data

to AWS so an example of a partner data center would be one like here in Toronto

center would be one like here in Toronto the Allied data center so you can tell

the Allied data center so you can tell that's right down in uh the Toronto

that's right down in uh the Toronto Center and so you would use this uh uh

Center and so you would use this uh uh as part of direct connect service to

as part of direct connect service to order and establish a connection

order and establish a connection [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at local

Pro and we are taking a look at local zones which are Data Centers located

zones which are Data Centers located very close to densely populated areas to

very close to densely populated areas to provide singled digigit millisecond low

provide singled digigit millisecond low latency performance so thinks like 7

latency performance so thinks like 7 milliseconds for that area so here is a

milliseconds for that area so here is a map of uh local zones that exist and

map of uh local zones that exist and ones that are coming out I believe the

ones that are coming out I believe the orange ones are probably ones that are

orange ones are probably ones that are on their way and so to use a local Zone

on their way and so to use a local Zone you do need to opt in so you got to go

you do need to opt in so you got to go talk to AWS probably open a support

talk to AWS probably open a support ticket to get access to it the first one

ticket to get access to it the first one to ever be launched was uh the LA one uh

to ever be launched was uh the LA one uh and so um you know when you want to see

and so um you know when you want to see it looks just like a an availability

it looks just like a an availability Zone it's going to show up under

Zone it's going to show up under whatever region that is because these

whatever region that is because these are always tied to existing regions so

are always tied to existing regions so the la1 is tied to us West uh region and

the la1 is tied to us West uh region and the AZ would look like us West 2 hyphen

the AZ would look like us West 2 hyphen LAX hyphen 1A okay so only specific a

LAX hyphen 1A okay so only specific a Services have been made available so

Services have been made available so there's particular ec2 types EBS Amazon

there's particular ec2 types EBS Amazon FSX application load balancer Amazon VPC

FSX application load balancer Amazon VPC they probably have extended it to more

they probably have extended it to more services do you need to know that for

services do you need to know that for the exam no but you know the point is is

the exam no but you know the point is is that there's a limited subset of things

that there's a limited subset of things that are available the purpose of local

that are available the purpose of local zone is to support highly demanding

zone is to support highly demanding application sensitive Delancy so media

application sensitive Delancy so media and entertainment electronic design and

and entertainment electronic design and automation adte machine learning so it

automation adte machine learning so it kind of makes sense like you look at La

kind of makes sense like you look at La they're in the media entertainment and

they're in the media entertainment and so they're dealing with lots of media

so they're dealing with lots of media content so it has to be really low for

content so it has to be really low for them

okay hey this is Andrew Brown from exam prep and we are taking a look at Abus

prep and we are taking a look at Abus wavelength zones and these allow for

wavelength zones and these allow for Edge Computing on the 5G networks and

Edge Computing on the 5G networks and applications will have ultra low latency

applications will have ultra low latency being as close as possible to the users

being as close as possible to the users so Abus has partnered with various

so Abus has partnered with various telecom companies to utilize their 5G

telecom companies to utilize their 5G networks so we're looking at Verizon

networks so we're looking at Verizon vhone kddi SK Telecom and so the idea

vhone kddi SK Telecom and so the idea here is that you will create a subnet

here is that you will create a subnet tied to a wavelength Zone and then and

tied to a wavelength Zone and then and just think of it as like an availability

just think of it as like an availability Zone but it's a wavelength Zone and then

Zone but it's a wavelength Zone and then you can launch your VMS to the edge of

you can launch your VMS to the edge of the targeted 5G Network so that's the

the targeted 5G Network so that's the network you're using uh AWS to deploy an

network you're using uh AWS to deploy an ec2 instance and then when users uh

ec2 instance and then when users uh connect to you know those radio tower

connect to you know those radio tower those um cell towers they're going to be

those um cell towers they're going to be routed to um you know nearby hardware

routed to um you know nearby hardware that is running those virtual machines

that is running those virtual machines okay and that's all it is it's just it's

okay and that's all it is it's just it's just uh ec2 instances um but you know

just uh ec2 instances um but you know the advantage here is that it's like

the advantage here is that it's like super super low latency okay

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at data

and we are taking a look at data residency so this is the physical or

residency so this is the physical or geographical location of where an

geographical location of where an organization or Cloud resources reside

organization or Cloud resources reside and then you have the concept of comp uh

and then you have the concept of comp uh compliance boundaries so a Regulatory

compliance boundaries so a Regulatory Compliance so legal requirement by

Compliance so legal requirement by government or organization that

government or organization that describes where data and Cloud resources

describes where data and Cloud resources are allowed to reside and then you have

are allowed to reside and then you have the idea of data sovereignty so data

the idea of data sovereignty so data sovereignty is the jurisdictional

sovereignty is the jurisdictional control or legal Authority that can be

control or legal Authority that can be asserted over data because its physical

asserted over data because its physical location is within a uh jurisdictional

location is within a uh jurisdictional boundary and so the reason we care about

boundary and so the reason we care about this stuff is that if we want to work

this stuff is that if we want to work with the Canadian government or the US

with the Canadian government or the US government and they're like hey you got

government and they're like hey you got to make sure that you know if you want

to make sure that you know if you want to work with us all the data has to stay

to work with us all the data has to stay in Canada and you need to give them that

in Canada and you need to give them that guarantee so data residency is not a

guarantee so data residency is not a guarantee it just says where your data

guarantee it just says where your data is right and compliance boundaries are

is right and compliance boundaries are those um controls that are in place to

those um controls that are in place to say okay this is going to make sure that

say okay this is going to make sure that data stays where we want to be and data

data stays where we want to be and data of sovereignty is just like the idea of

of sovereignty is just like the idea of the scope of the the legal the legal

the scope of the the legal the legal stuff that ties in with compliance

stuff that ties in with compliance boundaries so how do we do that on AWS

boundaries so how do we do that on AWS well there's a few different ways but um

well there's a few different ways but um let's just take a look at some ways that

let's just take a look at some ways that we can meet those compliance boundaries

we can meet those compliance boundaries one uh which is very expensive but also

one uh which is very expensive but also very cool is adamus outposts so this is

very cool is adamus outposts so this is a physical rack of servers that you can

a physical rack of servers that you can put in your data center and you'll know

put in your data center and you'll know exactly where the data resides because

exactly where the data resides because you know it's physical if it's in your

you know it's physical if it's in your data center and you're in Canada that's

data center and you're in Canada that's where it's going to be okay uh and I

where it's going to be okay uh and I believe that you know there is only a

believe that you know there is only a subset of uh adus services that are

subset of uh adus services that are available here but you know that is one

available here but you know that is one option to you another is using like um

option to you another is using like um services for governance so like one

services for governance so like one could be adus config this is a policy as

could be adus config this is a policy as a code service so you can create rules

a code service so you can create rules to continuously check adus resource

to continuously check adus resource configuration so if they deviate from

configuration so if they deviate from your expectations you're alerted orus

your expectations you're alerted orus config can in some cases Auto remediate

config can in some cases Auto remediate so if you were expecting you know um you

so if you were expecting you know um you know you had an adus account and you're

know you had an adus account and you're saying this account is only to be used

saying this account is only to be used for candid reason resources and somebody

for candid reason resources and somebody launches let's say something in another

launches let's say something in another region then you could get an alert or

region then you could get an alert or tell it was config to go delete that

tell it was config to go delete that resource okay now if you want to prevent

resource okay now if you want to prevent people from doing it uh Al together

people from doing it uh Al together that's where IM policies come into play

that's where IM policies come into play so these can be written explicitly to

so these can be written explicitly to deny access to specific adus regions and

deny access to specific adus regions and you know this is great if you're

you know this is great if you're applying to users or roles but if you

applying to users or roles but if you wanted to have it organizational wide

wanted to have it organizational wide across all of your um AIS accounts you

across all of your um AIS accounts you can use something called a service

can use something called a service control policy that is just an i policy

control policy that is just an i policy that is used within 's organizations

that is used within 's organizations that makes it organizational wide

that makes it organizational wide [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are looking at ads4

Pro and we are looking at ads4 government so to answer that we first

government so to answer that we first have to understand what is public sector

have to understand what is public sector so public sector includes public goods

so public sector includes public goods and government services such as military

and government services such as military law enforcement infrastructure public

law enforcement infrastructure public transit public education Healthcare and

transit public education Healthcare and the government itself so AOS can be

the government itself so AOS can be utilized by the public sector or

utilized by the public sector or organizations developing Cloud workloads

organizations developing Cloud workloads for the public sector and AES to achieve

for the public sector and AES to achieve this by meeting Regulatory Compliance

this by meeting Regulatory Compliance programs along with specific governance

programs along with specific governance and security controls so this could be

and security controls so this could be meeting the requirements with HIPPA fed

meeting the requirements with HIPPA fed ramp um cjis uh and fips okay so IIs has

ramp um cjis uh and fips okay so IIs has a special regions or special regions for

a special regions or special regions for us regulation called gov Cloud which

us regulation called gov Cloud which we'll talk about next

we'll talk about next [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at govcloud

Pro and we are taking a look at govcloud and to understand what govcloud is we

and to understand what govcloud is we need to know what fedramp is so fedramp

need to know what fedramp is so fedramp stands for federal risk and

stands for federal risk and authorization Management program it's a

authorization Management program it's a US government-wide program that provides

US government-wide program that provides a standardized approach to security

a standardized approach to security assessment authorization continuous

assessment authorization continuous monitoring for cloud products and

monitoring for cloud products and services so that we know what fed ramp

services so that we know what fed ramp is what is gocloud well uh and again

is what is gocloud well uh and again it's not particular to AWS because Azure

it's not particular to AWS because Azure has go Cloud as well but a cloud service

has go Cloud as well but a cloud service provider like inabus or Azure J will

provider like inabus or Azure J will offer an isolated region to run fed ramp

offer an isolated region to run fed ramp workloads and so in it's called govcloud

workloads and so in it's called govcloud and these are specialized regions that

and these are specialized regions that allow customers to host sensitive

allow customers to host sensitive controlled unclassified information and

controlled unclassified information and other types of regulated workloads so

other types of regulated workloads so govcloud regions are only operated by

govcloud regions are only operated by you uh by US citizens on us soil they

you uh by US citizens on us soil they are only accessible to us entries and

are only accessible to us entries and root account holders who pass a

root account holders who pass a screening process customers can

screening process customers can architect secure Cloud solutions that

architect secure Cloud solutions that comply with fed ramp uh do the doj's uh

comply with fed ramp uh do the doj's uh criminal justice Information Systems

criminal justice Information Systems security policy the US International

security policy the US International traffic and arms regulation uh uh export

traffic and arms regulation uh uh export Administration regulations the

Administration regulations the Department of Defense cloud computing

Department of Defense cloud computing security requirements and guides so if

security requirements and guides so if you want to work with the US government

you want to work with the US government you want to uh engineer and use gov

you want to uh engineer and use gov Cloud

Cloud [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we're taking a look at uh

Pro and we're taking a look at uh running adab us China so adus China is

running adab us China so adus China is the adus cloud offering in mainland

the adus cloud offering in mainland China adus China is completely isolate

China adus China is completely isolate intentionally from adus Global to meet

intentionally from adus Global to meet Regulatory Compliance for mainland China

Regulatory Compliance for mainland China so that means that if you make a

so that means that if you make a workload on the adus global uh you can't

workload on the adus global uh you can't uh interact with it within the adus

uh interact with it within the adus China One okay it's basically treated

China One okay it's basically treated like a a completely separate service

like a a completely separate service like adus has its own Chinese version uh

like adus has its own Chinese version uh and so adus China is on its own domain

and so adus China is on its own domain at

at amazon.cn and for everybody else that's

amazon.cn and for everybody else that's what's considered Global so when I'm

what's considered Global so when I'm using adus from Canada or use it from

using adus from Canada or use it from the US or from India or from Europe or

the US or from India or from Europe or wherever that is the adus global okay so

wherever that is the adus global okay so in order to operate in adus China

in order to operate in adus China regions you need to have a Chinese

regions you need to have a Chinese business license so ICP license not all

business license so ICP license not all services are available in China so uh

services are available in China so uh you will not have the use of Route 53 uh

you will not have the use of Route 53 uh and you might say well why not just run

and you might say well why not just run in Singapore you it was Global and you

in Singapore you it was Global and you could do that but the advantage of

could do that but the advantage of running in mainland China means that you

running in mainland China means that you would not have to Traverse the great

would not have to Traverse the great firewall okay so all your traffic is

firewall okay so all your traffic is already within China so you don't have

already within China so you don't have to uh deal with that Abus has two

to uh deal with that Abus has two regions in mainland China so uh there's

regions in mainland China so uh there's this one here which is the northwest

this one here which is the northwest region operated by NS WCF and then you

region operated by NS WCF and then you have the one in Beijing North one

have the one in Beijing North one operated by sinnet so you know iTab us

operated by sinnet so you know iTab us just could not meet the the compliance

just could not meet the the compliance requirement so they had to partner with

requirement so they had to partner with local providers uh or data centers and

local providers uh or data centers and so that is how that works

so that is how that works [Music]

[Music] okay all right so I want to show you how

okay all right so I want to show you how you get over to the um Chinese adus

you get over to the um Chinese adus Management console so this one is adab.

Management console so this one is adab. amazon.com that is the global one for

amazon.com that is the global one for everyone outside of mainland China but

everyone outside of mainland China but if you want to run resources uh on data

if you want to run resources uh on data centers within mainland China this is at

centers within mainland China this is at amazon.cn and so it looks very similar

amazon.cn and so it looks very similar if you go to create a free account

if you go to create a free account you're going to fill in this stuff but

you're going to fill in this stuff but uh notice that you need to have your

uh notice that you need to have your business registration certificate uh and

business registration certificate uh and additional information in order to run

additional information in order to run these data centers down below that ad is

these data centers down below that ad is partnered with also notice that the logo

partnered with also notice that the logo doesn't say AWS in it and there's a good

doesn't say AWS in it and there's a good reason for that if I type in AWS

reason for that if I type in AWS trademark

trademark China uh adus is actually banned from

China uh adus is actually banned from using the adus logo in China uh for

using the adus logo in China uh for whatever reason it's a weird reason if

whatever reason it's a weird reason if you ever want to read about it but

you ever want to read about it but that's why you don't see AWS here all

that's why you don't see AWS here all right um so yeah there you go

right um so yeah there you go [Music]

[Music] hey this is Andre Brown from exam Pro

hey this is Andre Brown from exam Pro and we are looking at sustainability for

and we are looking at sustainability for adus Global infrastructure and before we

adus Global infrastructure and before we talk about that let's talk about the

talk about that let's talk about the climate pledge so Amazon co-founded the

climate pledge so Amazon co-founded the climate pledge to achieve Net Zero

climate pledge to achieve Net Zero carbon emissions by 2040 across all of

carbon emissions by 2040 across all of Amazon's businesses which includes AWS

Amazon's businesses which includes AWS if youall want to find out more

if youall want to find out more information go to to

information go to to sustainability. amazon.com there's a lot

sustainability. amazon.com there's a lot of great information there and you'll

of great information there and you'll learn exactly how uh is achieving this

learn exactly how uh is achieving this in particular like their data centers

in particular like their data centers it's very interesting okay so adus Cloud

it's very interesting okay so adus Cloud sustainabil goals are composed of three

sustainabil goals are composed of three parts the first is renewable energy so

parts the first is renewable energy so adus is working towards having their

adus is working towards having their adus Global infrastructure powered by

adus Global infrastructure powered by 100% renewable energy by

100% renewable energy by 2025 and Abus purchases and retires

2025 and Abus purchases and retires environmental attributes to cover the

environmental attributes to cover the non-renewable energy for Abus Global

non-renewable energy for Abus Global infrastructure so they would purchase

infrastructure so they would purchase things like renewable energy credits

things like renewable energy credits also known as Rec's guarantees of

also known as Rec's guarantees of Origins so go the second Point here is

Origins so go the second Point here is cloud efficiency so adus infrastructure

cloud efficiency so adus infrastructure is 3.6 times more energy efficient than

is 3.6 times more energy efficient than the medium of us Enterprises data

the medium of us Enterprises data centers surveyed so that's going to

centers surveyed so that's going to really rely on that survey surveys are

really rely on that survey surveys are not always that great so you know take

not always that great so you know take that with a grain of salt okay then we

that with a grain of salt okay then we have water uh stewardship so uh direct

have water uh stewardship so uh direct evaporative technology to cool our data

evaporative technology to cool our data centers use of non portable uh water for

centers use of non portable uh water for cooling purposes so the recycling water

cooling purposes so the recycling water on-site water treatment allows us to

on-site water treatment allows us to remove us them to remove scale forming

remove us them to remove scale forming minerals and reuse Waters uh for more

minerals and reuse Waters uh for more Cycles water efficiency metrics to

Cycles water efficiency metrics to determine and monitor optimal water use

determine and monitor optimal water use for each adus region and you'll find

for each adus region and you'll find that water plays a large part on uh

that water plays a large part on uh making these um uh these data centers

making these um uh these data centers very efficient

very efficient [Music]

[Music] okay so I just wanted to show you where

okay so I just wanted to show you where you get to that sustainability

you get to that sustainability information so I just went to Adis

information so I just went to Adis Global infrastructure you click

Global infrastructure you click sustainability

sustainability and that's going to bring us over to

and that's going to bring us over to whoops I have my Twitter open there to

whoops I have my Twitter open there to the sustainability in the cloud so if

the sustainability in the cloud so if you want to read a bunch of stuff here

you want to read a bunch of stuff here about things that are going on that it

about things that are going on that it us is up to see uh how they are

us is up to see uh how they are progressing with renewable energy um

progressing with renewable energy um there's Cloud efficiency up here so you

there's Cloud efficiency up here so you know how are they being efficient it's

know how are they being efficient it's worth the read to really understand that

worth the read to really understand that there's a lot of water involved like

there's a lot of water involved like reducing water in data centers I thought

reducing water in data centers I thought that was really interesting um I mean

that was really interesting um I mean they have as podcast but I don't think

they have as podcast but I don't think there's really much to it a bi-weekly

there's really much to it a bi-weekly podcast of bite-sized stories about how

podcast of bite-sized stories about how Tech makes the world better that's not

Tech makes the world better that's not necessarily A sustainability podcast

necessarily A sustainability podcast it's just the invis podcast in general

it's just the invis podcast in general there's a download Center um Amazon's

there's a download Center um Amazon's 2020 sustainability reports so I guess

2020 sustainability reports so I guess you can download the reports to see what

you can download the reports to see what is going on there so we can download the

is going on there so we can download the progress here and see what they've been

progress here and see what they've been up

up to okay so there's a bunch of numbers

to okay so there's a bunch of numbers things like that okay very short reports

things like that okay very short reports but hey at least you can download them

but hey at least you can download them okay so just in case you're uh very

okay so just in case you're uh very interested in sustainability all

interested in sustainability all [Music]

[Music] right hey this is Andrew Brown from exam

right hey this is Andrew Brown from exam Pro and we are taking a look at Abus

Pro and we are taking a look at Abus ground station so this is a fully

ground station so this is a fully managed service that lets you control

managed service that lets you control satellite Communications process data

satellite Communications process data and scale your operations without having

and scale your operations without having to worry about building or managing your

to worry about building or managing your own ground station infrastructure and so

own ground station infrastructure and so when we're talking about ground station

when we're talking about ground station a really good way to cement what the

a really good way to cement what the service is is just think of a big anten

service is is just think of a big anten ey dish that's pointing into the sky

ey dish that's pointing into the sky trying to communicate with satellites

trying to communicate with satellites because that's essentially what the

because that's essentially what the service is doing so the use cases here

service is doing so the use cases here could be for weather forecasting surface

could be for weather forecasting surface Imaging communications video broadcasts

Imaging communications video broadcasts and to use ground station the idea is

and to use ground station the idea is that you would schedule a contact so

that you would schedule a contact so that's where you're selecting a

that's where you're selecting a satellite a start and end time and the

satellite a start and end time and the ground location and then you use an a

ground location and then you use an a ground station ec2 Ami and Amazon

ground station ec2 Ami and Amazon machine image to launch ec2 instances

machine image to launch ec2 instances that will Uplink and downlink uh data

that will Uplink and downlink uh data during the the contact or receive

during the the contact or receive downlink data in an Amazon S3 bucket a

downlink data in an Amazon S3 bucket a use case could be something like you are

use case could be something like you are a company you've reached an agreement

a company you've reached an agreement with a satellite image provider to use

with a satellite image provider to use their satellites to take photos for a

their satellites to take photos for a specific region or time or whatever and

specific region or time or whatever and so the idea is that you are using adus

so the idea is that you are using adus ground station to communicate uh to that

ground station to communicate uh to that company satellite and download that s uh

company satellite and download that s uh that image data to your S3 bucket okay

hey this is andreww brown and we are looking at Aus outposts and this is a

looking at Aus outposts and this is a fully managed service that offers the

fully managed service that offers the same Aus infrastructure Services apis

same Aus infrastructure Services apis tools to virtually any data center

tools to virtually any data center co-cation space or on premise facility

co-cation space or on premise facility for a truly consistent hybrid experience

for a truly consistent hybrid experience and just to kind of summarize it it's a

and just to kind of summarize it it's a rack of servers running adaba stuff on

rack of servers running adaba stuff on your physical location okay so before we

your physical location okay so before we jump into the service or technology

jump into the service or technology itself uh let's talk about what is a

itself uh let's talk about what is a rack server or just a rack so it's a

rack server or just a rack so it's a frame designed to and organized it

frame designed to and organized it equipment so here's an example of a 42u

equipment so here's an example of a 42u rack uh and there's the concept of rack

rack uh and there's the concept of rack heights so the U stands for rack units

heights so the U stands for rack units or U spaces uh with it equal to 1.75 in

or U spaces uh with it equal to 1.75 in and the industry standard rack is a 48 U

and the industry standard rack is a 48 U um so that is a 7t rack so a full size

um so that is a 7t rack so a full size rack cage is commonly the 42 High okay

rack cage is commonly the 42 High okay and uh in it you might have equipment

and uh in it you might have equipment that is of different sizes so they could

that is of different sizes so they could be one u 2 U 3 U or 4 U high so here's

be one u 2 U 3 U or 4 U high so here's an example of you know of an interior of

an example of you know of an interior of a rack and notice that like one u 2 U 4

a rack and notice that like one u 2 U 4 U they're all a little bit shaped

U they're all a little bit shaped differently uh but they give you kind of

differently uh but they give you kind of an idea of um you know what those are so

an idea of um you know what those are so it Outpost comes in three form factors

it Outpost comes in three form factors the 42 U the one U and the 2 U so the uh

the 42 U the one U and the 2 U so the uh the first one here the 42u this is

the first one here the 42u this is basically a full rack of servers

basically a full rack of servers provided bys so you're not just getting

provided bys so you're not just getting the frame it actually comes with you

the frame it actually comes with you know servers uh and so adus delivers it

know servers uh and so adus delivers it to your Preferred Physical site fully

to your Preferred Physical site fully assembled and ready to be rolled into

assembled and ready to be rolled into the final position it is installed by

the final position it is installed by adus and the rack needs to be simply

adus and the rack needs to be simply plugged in to the power and network and

plugged in to the power and network and there's a lot of details about um the

there's a lot of details about um the specs on this on the adus website so you

specs on this on the adus website so you know I'm not going to go through them

know I'm not going to go through them all here um then there are servers that

all here um then there are servers that you can just Place into your existing

you can just Place into your existing racks so we have the one U so this is

racks so we have the one U so this is suitable for 19in y 24 in deep cabinets

suitable for 19in y 24 in deep cabinets it's using UST uh Gravitron 2 um CPUs

it's using UST uh Gravitron 2 um CPUs and you can have up to 64 virtual CPUs

and you can have up to 64 virtual CPUs we have 128 gigabytes uh 4 terabytes of

we have 128 gigabytes uh 4 terabytes of local

local NVM storage um and then you have the U

NVM storage um and then you have the U or sorry the 2 U so suitable for 19in

or sorry the 2 U so suitable for 19in wide 36 in deep Intel processors up to

wide 36 in deep Intel processors up to 128 virtual CPUs 256 gbt of memory 8

128 virtual CPUs 256 gbt of memory 8 terab of local nvme storage so there you

terab of local nvme storage so there you go

[Music] let's take a look at Cloud architecture

let's take a look at Cloud architecture terminologies before we do let's talk

terminologies before we do let's talk about some of the roles that are around

about some of the roles that are around uh doing Cloud architecture so the first

uh doing Cloud architecture so the first is Solutions architect this is a role in

is Solutions architect this is a role in a technical organization that Architects

a technical organization that Architects a technical solution using multiple

a technical solution using multiple systems via researching documentation

systems via researching documentation and experimentation and then you have

and experimentation and then you have the cloud architect this is a Solutions

the cloud architect this is a Solutions architect that is focused solely on

architect that is focused solely on architecting Technical Solutions using

architecting Technical Solutions using cloud services under understand that in

cloud services under understand that in the uh actual Marketplace a lot of times

the uh actual Marketplace a lot of times Solutions architect is used to describe

Solutions architect is used to describe both a cloud architect and a Solutions

both a cloud architect and a Solutions architect and you know these are going

architect and you know these are going to highly vary based on your locality

to highly vary based on your locality and how companies want to use these

and how companies want to use these terms but this is just me broadly

terms but this is just me broadly defining them here so just don't take

defining them here so just don't take them as a perfect word in terms of what

them as a perfect word in terms of what they're representing so a cloud

they're representing so a cloud architect needs to understand the

architect needs to understand the following terms and factors uh and

following terms and factors uh and Factor them into their designed

Factor them into their designed architecture based on the business

architecture based on the business requirements so we have the idea of

requirements so we have the idea of availability your ability to ensure

availability your ability to ensure service remains available scalability

service remains available scalability your ability to grow rapidly or

your ability to grow rapidly or unimpeded elasticity your ability to

unimpeded elasticity your ability to shrink and grow to meet the demand fault

shrink and grow to meet the demand fault tolerance your ability to prevent a

tolerance your ability to prevent a failure disaster recover your ability to

failure disaster recover your ability to recover from a failure and there are a

recover from a failure and there are a couple other things that uh that should

couple other things that uh that should be considered they're not terminologies

be considered they're not terminologies but they're definitely important to a

but they're definitely important to a Solutions architect or Cloud architect

Solutions architect or Cloud architect and uh these are things you always need

and uh these are things you always need to consider uh as well and this is just

to consider uh as well and this is just me talking to my Solutions architect

me talking to my Solutions architect friends where they'll always ask me

friends where they'll always ask me these two questions after presentation

these two questions after presentation they'll say how secure is the solution

they'll say how secure is the solution and how much is this going to cost all

and how much is this going to cost all right and so for the terminologies up

right and so for the terminologies up here we're going to Define these right

here we're going to Define these right away and we're going to figure these out

away and we're going to figure these out throughout the course we have two giant

throughout the course we have two giant sections just on cost and security alone

sections just on cost and security alone uh so there we

uh so there we [Music]

[Music] go the first term we're looking at is

go the first term we're looking at is high availability and this is your

high availability and this is your ability for your service to remain

ability for your service to remain available by ensuring there is no single

available by ensuring there is no single point of failure and or you ensure a

point of failure and or you ensure a certain level of performance so the way

certain level of performance so the way we're going to do that on ews is you'd

we're going to do that on ews is you'd want to run your workload across

want to run your workload across multiple availability zones to ensure

multiple availability zones to ensure that if one or two availability zones

that if one or two availability zones became unavailable your servers or

became unavailable your servers or applications remain available because

applications remain available because those other um those other servers are

those other um those other servers are going to be there and the way we would

going to be there and the way we would accomplish that is via elastic load

accomplish that is via elastic load balcer so a load balancer allows you to

balcer so a load balancer allows you to evenly distribute traffic to multiple

evenly distribute traffic to multiple servers in one or more data center if a

servers in one or more data center if a data center or server becomes

data center or server becomes unavailable or unhealthy the load

unavailable or unhealthy the load bouncer will route the traffic to only

bouncer will route the traffic to only the available data centers within the

the available data centers within the server and understand that just because

server and understand that just because you have additional servers doesn't mean

you have additional servers doesn't mean that you are uh you're available you

that you are uh you're available you have to you might need to meet a

have to you might need to meet a particular threshold of availability so

particular threshold of availability so you might need to have at least two

you might need to have at least two servers always running to meet the

servers always running to meet the demand so it's based on the the demand

demand so it's based on the the demand of traffic

of traffic [Music]

[Music] okay let's take a look here at high

okay let's take a look here at high scaleability so this is your ability to

scaleability so this is your ability to increase your capacity based on on the

increase your capacity based on on the increasing demand of traffic memory and

increasing demand of traffic memory and computing power and we have the terms

computing power and we have the terms vertical scaling so scaling up um this

vertical scaling so scaling up um this is where you upgrade to a bigger server

is where you upgrade to a bigger server and then there's horizontal scaling

and then there's horizontal scaling scaling out this is where you add more

scaling out this is where you add more servers of the same size and the great

servers of the same size and the great thing about scaling out or adding

thing about scaling out or adding additional servers is that you're also

additional servers is that you're also going to get um High availability so if

going to get um High availability so if you do need two servers it's always

you do need two servers it's always better to you know add an additional

better to you know add an additional server as opposed to having a larger

server as opposed to having a larger server but it's going to be very

server but it's going to be very dependent on a lot of factors okay

[Music] so scalability and elasticity seem very

so scalability and elasticity seem very similar but there is a crucial

similar but there is a crucial difference and this is your ability to

difference and this is your ability to automatically increase or decrease Your

automatically increase or decrease Your Capacity based on the current demand of

Capacity based on the current demand of traffic memory and computing power again

traffic memory and computing power again it's the it's the fact that it happens

it's the it's the fact that it happens automatically and you can go both ways

automatically and you can go both ways increase or decrease so for horizontal

increase or decrease so for horizontal scaling we have the concept of scaling

scaling we have the concept of scaling out so add more servers of the same size

out so add more servers of the same size and then scaling in removing

and then scaling in removing underutilized servers of the same size

underutilized servers of the same size and vertical scaling is generally hard

and vertical scaling is generally hard for traditional architectures so you'll

for traditional architectures so you'll usually only see horizontal scaling

usually only see horizontal scaling described with elasticity um and the way

described with elasticity um and the way we would accomplish uh being highly

we would accomplish uh being highly elastic is using autoscaling groups asgs

elastic is using autoscaling groups asgs and this is an naus feature that will

and this is an naus feature that will automatically add or remove servers

automatically add or remove servers based on scaling rules you define based

based on scaling rules you define based on those metrics

on those metrics [Music]

[Music] okay let's talk about being highly fault

okay let's talk about being highly fault tolerant so this is your ability for

tolerant so this is your ability for your service to ensure there is no

your service to ensure there is no single point of failure preventing the

single point of failure preventing the chance of failure and the way we could

chance of failure and the way we could do that is with fail overs so this is

do that is with fail overs so this is when you have a plan to shift traffic to

when you have a plan to shift traffic to a redundant system in case the primary

a redundant system in case the primary system fails a very common example is

system fails a very common example is having a copy or secondary uh uh uh of

having a copy or secondary uh uh uh of your database where all ongoing changes

your database where all ongoing changes are synced the secondary system is not

are synced the secondary system is not in use until a fail over occurs and it

in use until a fail over occurs and it becomes the primary database so when

becomes the primary database so when we're talking about databases on abs

we're talking about databases on abs this is the concept of RDS multi-az so

this is the concept of RDS multi-az so this is when you run a duplicate standby

this is when you run a duplicate standby database in another availability Zone in

database in another availability Zone in the case your primary database

the case your primary database [Music]

[Music] fails and last here is high durability

fails and last here is high durability so this is your ability to recover from

so this is your ability to recover from a disaster and to prevent the loss of

a disaster and to prevent the loss of data so solutions that recover a

data so solutions that recover a disaster uh from a disaster is known as

disaster uh from a disaster is known as disaster recovery so do you have a

disaster recovery so do you have a backup how fast can you restore the

backup how fast can you restore the backup does your backup still work how

backup does your backup still work how do you ensure current live data is not

do you ensure current live data is not corrupt and so maybe a solution ads

corrupt and so maybe a solution ads would be using Cloud endurer which is a

would be using Cloud endurer which is a disaster recovery uh service which

disaster recovery uh service which continuously replicates your machines in

continuously replicates your machines in a lowcost staging area in your target AB

a lowcost staging area in your target AB account and preferred region enabling

account and preferred region enabling fast and reliable recovery in the case

fast and reliable recovery in the case of an IT data center fails

of an IT data center fails [Music]

[Music] okay so to understand Disaster Recovery

okay so to understand Disaster Recovery we need to know more about uh things

we need to know more about uh things around it like business continuity plans

around it like business continuity plans BCPS and RTO and rpos so a BCP is a

BCPS and RTO and rpos so a BCP is a document that outlines how a business

document that outlines how a business will continue operating during an

will continue operating during an unplanned disruption in services so it's

unplanned disruption in services so it's basically the plan that you're going to

basically the plan that you're going to execute uh if that happens and so here

execute uh if that happens and so here we have a disaster and you can see that

we have a disaster and you can see that there's a chance of data loss and

there's a chance of data loss and downtime and these two um uh factors as

downtime and these two um uh factors as RPO and RTO are going to define the

RPO and RTO are going to define the length of these durations so recovery

length of these durations so recovery Point objective is the maximum

Point objective is the maximum acceptable amount of data loss after an

acceptable amount of data loss after an unplanned data loss incident

unplanned data loss incident Express this amount of time so how much

Express this amount of time so how much data are you willing to lose and then

data are you willing to lose and then recovery time objective so the maximum

recovery time objective so the maximum amount of downtime your business can

amount of downtime your business can tolerate without inuring a significant

tolerate without inuring a significant financial loss so how much time you're

financial loss so how much time you're willing to go down okay so those are the

willing to go down okay so those are the two there and now let's go take a look

two there and now let's go take a look at the disaster recovery options that we

at the disaster recovery options that we can use to define in our our

can use to define in our our [Music]

[Music] BCP so now let's take a look at our

BCP so now let's take a look at our disaster recovery options uh and based

disaster recovery options uh and based on what you choose they're going to be a

on what you choose they're going to be a trade of cost versus time to recover

trade of cost versus time to recover based on the rpos your RTO of course and

based on the rpos your RTO of course and so sometimes this is rep represented

so sometimes this is rep represented vertically like a a thermostat or you

vertically like a a thermostat or you can do it horizontally here um both are

can do it horizontally here um both are valid ways of displaying this

valid ways of displaying this information but I just have it

information but I just have it horizontally here today and so we have

horizontally here today and so we have low or high or you could say um even

low or high or you could say um even though I don't have it written here this

though I don't have it written here this could be cold or this could be hot okay

could be cold or this could be hot okay so um on the left hand side we got

so um on the left hand side we got backup and restore pilot light warm

backup and restore pilot light warm standby multi-active site notice we're

standby multi-active site notice we're using the like the words like pilot

using the like the words like pilot light warm things that are relating to

light warm things that are relating to temperature so again cold and hot all

temperature so again cold and hot all right so let's just walk through what

right so let's just walk through what each of these things conceptually do uh

each of these things conceptually do uh in terms of architecture so when you're

in terms of architecture so when you're doing a backup and restore you're back

doing a backup and restore you're back you basically back up your data and at

you basically back up your data and at the time of Disaster Recovery you're

the time of Disaster Recovery you're just going to restore it to New

just going to restore it to New infrastructure uh for a pilot light the

infrastructure uh for a pilot light the data is replicated to another region

data is replicated to another region with the minimal Services running to

with the minimal Services running to keep on replicating that data and so you

keep on replicating that data and so you might have some core Services running a

might have some core Services running a warm standby is a scale down copy of

warm standby is a scale down copy of your infrastructure so you basically

your infrastructure so you basically have everything that you would

have everything that you would absolutely need to run an application

absolutely need to run an application but the idea is it's not at scale and so

but the idea is it's not at scale and so at any time when there's an incident

at any time when there's an incident you're going to scale up to the capacity

you're going to scale up to the capacity that you need and then you have

that you need and then you have multi-site active active where you you

multi-site active active where you you have a scaled up copy of your

have a scaled up copy of your infrastructure in another region so

infrastructure in another region so basically everything you have

basically everything you have identically in another region and so in

identically in another region and so in terms of the rpos and the RTO for back

terms of the rpos and the RTO for back and restore you're looking at hours uh

and restore you're looking at hours uh with the pilot light you're looking at

with the pilot light you're looking at 10 minutes with a warm standby you're

10 minutes with a warm standby you're looking at minutes and multi sight uh

looking at minutes and multi sight uh active active you're looking at uh real

active active you're looking at uh real time so you know hopefully that gives

time so you know hopefully that gives you an idea of you know the difference

you an idea of you know the difference in terms of scale but let's just look at

in terms of scale but let's just look at more detail so for a backup and restore

more detail so for a backup and restore this is for low priority use cases

this is for low priority use cases restore data after event deploy

restore data after event deploy resources after an event and it's very

resources after an event and it's very cost effective uh for pilot light this

cost effective uh for pilot light this is where you have less stringent RTO and

is where you have less stringent RTO and rpos so you're going to be just running

rpos so you're going to be just running your core Services uh you're going to

your core Services uh you're going to start and scale resources after the

start and scale resources after the event and this is a little bit more

event and this is a little bit more expensive this is uh very good for warm

expensive this is uh very good for warm standby is good for business critical

standby is good for business critical services so you scale resources after

services so you scale resources after the event uh and it's uh almost very

the event uh and it's uh almost very it's very it's costly but it's not as

it's very it's costly but it's not as expensive as a multi-site active active

expensive as a multi-site active active so you get zero downtime near zero loss

so you get zero downtime near zero loss uh you have it's great for Mission

uh you have it's great for Mission critical services and it's just as

critical services and it's just as expensive as your original uh structure

expensive as your original uh structure so you're basically doubling the class

so you're basically doubling the class there

there [Music]

[Music] okay so we already defined RTO but let's

okay so we already defined RTO but let's redefine it again based on what adus

redefine it again based on what adus describes in their white paper and just

describes in their white paper and just look at how it Maps against um the

look at how it Maps against um the disaster recovery option so re recovery

disaster recovery option so re recovery time objective is the maximum acceptable

time objective is the maximum acceptable delay between the interruption of

delay between the interruption of service and restoration of service this

service and restoration of service this objective determines the uh what is

objective determines the uh what is considered an acceptable time window

considered an acceptable time window when service is unavailable and is

when service is unavailable and is defined by the organization and so this

defined by the organization and so this is the diagram found in the white paper

is the diagram found in the white paper and so on the left hand side we have

and so on the left hand side we have cost and complexity here and then

cost and complexity here and then lengths of serious Interruption and what

lengths of serious Interruption and what you can see here is that the cost and

you can see here is that the cost and complexity for a multi- sight active

complexity for a multi- sight active active is very high but the length of

active is very high but the length of service Interruption is zero and then as

service Interruption is zero and then as we go down we have warm standby so it's

we go down we have warm standby so it's significantly like at least half uh the

significantly like at least half uh the complexity of that one then we have our

complexity of that one then we have our pilot light down here and back up and

pilot light down here and back up and restore but notice backup restore takes

restore but notice backup restore takes the longest amount of time and notice

the longest amount of time and notice here we have a recovery time objective

here we have a recovery time objective so in your BCP you kind of Define where

so in your BCP you kind of Define where that is based on the cost of business

that is based on the cost of business impact so you might have to calculate

impact so you might have to calculate that saying okay what is our cost over

that saying okay what is our cost over time based on the length of service

time based on the length of service Interruption where do we want our RTO to

Interruption where do we want our RTO to be what is the acceptable recovery cost

be what is the acceptable recovery cost and this is where you're going to decide

and this is where you're going to decide what you want to do so here we have

what you want to do so here we have pilot light and backup and restore and

pilot light and backup and restore and so this company has to decide whether

so this company has to decide whether they want to do a pilot light or they're

they want to do a pilot light or they're going to do a backham restore but it

going to do a backham restore but it sounds like this is where they're going

sounds like this is where they're going to be which is at the pilot uh light for

to be which is at the pilot uh light for what is acceptable in their business use

what is acceptable in their business use case

case [Music]

[Music] okay let's do the same for RPO so

okay let's do the same for RPO so recovery Point objective is the maximum

recovery Point objective is the maximum acceptable amount of time since the last

acceptable amount of time since the last data recovery point the objective

data recovery point the objective determines what is considered an

determines what is considered an acceptable loss of data between the last

acceptable loss of data between the last recovery point and the interruption of

recovery point and the interruption of service and it's defined by the

service and it's defined by the organization again we pulled this from

organization again we pulled this from the a white paper for disaster recovery

the a white paper for disaster recovery and and uh we have cost and complexity

and and uh we have cost and complexity but this time it's replaced with data

but this time it's replaced with data loss before service Interruption so uh

loss before service Interruption so uh for multisite again it's going to be

for multisite again it's going to be very expensive and high up here as you

very expensive and high up here as you notice it's not like a perfect um uh

notice it's not like a perfect um uh curve it's just it's a bit different in

curve it's just it's a bit different in terms of what it looks like so here we

terms of what it looks like so here we have warm stand standby pilot light um

have warm stand standby pilot light um and so you'll see that the data loss is

and so you'll see that the data loss is um not a big deal but for backup and

um not a big deal but for backup and restore it really juts out there so you

restore it really juts out there so you can see that you can get pretty good

can see that you can get pretty good good results just with the pilot light

good results just with the pilot light and the cost and complexity is very low

and the cost and complexity is very low again we have to look at our cost and

again we have to look at our cost and business impact so we got to follow that

business impact so we got to follow that line and we need to see where our

line and we need to see where our acceptable uh recovery cost is and so uh

acceptable uh recovery cost is and so uh you're going to notice that uh we have a

you're going to notice that uh we have a bit of an intersection here okay and so

bit of an intersection here okay and so we need to determine you know like are

we need to determine you know like are we going to be doing a warm standby

we going to be doing a warm standby looks like we have the cost to do it um

looks like we have the cost to do it um uh but you know it just really depends

uh but you know it just really depends you know do we want to be down here or

you know do we want to be down here or down there okay so hopefully that helps

down there okay so hopefully that helps and visualize that information for

and visualize that information for [Music]

[Music] you hey this is Andrew Brown from

you hey this is Andrew Brown from exampro and what I want to show you here

exampro and what I want to show you here is a real world architectural diagram I

is a real world architectural diagram I created this a while ago this is a

created this a while ago this is a previous version of the um exam Pro or

previous version of the um exam Pro or technically teacher seat platform uh

technically teacher seat platform uh that powers The Learning Experience uh

that powers The Learning Experience uh for by class certifications and so I'm

for by class certifications and so I'm hoping that by giving you some exposure

hoping that by giving you some exposure you'll absorb some information here uh

you'll absorb some information here uh and that will carry through to really

and that will carry through to really help you cement what these services do

help you cement what these services do and how they work together

and how they work together um now you might be asking how did I

um now you might be asking how did I make this well I'm in Adobe XD it's by

make this well I'm in Adobe XD it's by Photoshop or sorry Adobe it's free to

Photoshop or sorry Adobe it's free to download but there's a lot of options

download but there's a lot of options out there and but the first thing you'll

out there and but the first thing you'll need is those AWS architectural icons so

need is those AWS architectural icons so these are free on AWS you can download

these are free on AWS you can download them in PowerPoint download them as

them in PowerPoint download them as asset as svgs and pgs which is what I

asset as svgs and pgs which is what I have done and start using them in your

have done and start using them in your um uh whatever software you like there's

um uh whatever software you like there's also third party providers out there so

also third party providers out there so like there's Lucid charts I love Lucid

like there's Lucid charts I love Lucid charts but I don't use it to make

charts but I don't use it to make architectural diagrams uh for AWS um but

architectural diagrams uh for AWS um but you know you can drag drop and stuff and

you know you can drag drop and stuff and they already have the library there and

they already have the library there and there's a bunch of them that you can

there's a bunch of them that you can choose from so uh you know that's

choose from so uh you know that's interesting but let's take a look at one

interesting but let's take a look at one that we can download maybe everyone's

that we can download maybe everyone's familiar with PowerPoint so here is the

familiar with PowerPoint so here is the adus architectural icons and the reason

adus architectural icons and the reason I'm showing you this is not because it

I'm showing you this is not because it just contains icons but it also suggests

just contains icons but it also suggests how you should build them so if I go

how you should build them so if I go through here they'll give you a

through here they'll give you a definition of those system elements uh

definition of those system elements uh how they would look like here so we have

how they would look like here so we have our group icons our layer group our

our group icons our layer group our service icons res icons where they

service icons res icons where they should go uh and then they have some

should go uh and then they have some interesting guidelines of like dos and

interesting guidelines of like dos and don'ts so here's like a simple example

don'ts so here's like a simple example of a get to an S3 bucket um here's an

of a get to an S3 bucket um here's an example of using VPC subnets and things

example of using VPC subnets and things like that on the inside um and then you

like that on the inside um and then you can see kind of like all the groups that

can see kind of like all the groups that we

we have and it'll show all like the uh the

have and it'll show all like the uh the um arrows it's a big faux PA to make U

um arrows it's a big faux PA to make U diagonal arrows that's just something

diagonal arrows that's just something eight of us toine but you'll see a lot

eight of us toine but you'll see a lot of people do them anyway

of people do them anyway and then you'll see all the icons so do

and then you'll see all the icons so do you have to make them like ad a suggest

you have to make them like ad a suggest no but you know if if you like the way

no but you know if if you like the way they look that is fine everyone just

they look that is fine everyone just does whatever they want honestly so

does whatever they want honestly so anyway now that we've seen you know how

anyway now that we've seen you know how we can go get the resources to make our

we can go get the resources to make our own I have Adobe XD open up here and so

own I have Adobe XD open up here and so I just kind of want to walk you through

I just kind of want to walk you through what's going on here so again I said

what's going on here so again I said this is a a

this is a a traditional um architecture meaning that

traditional um architecture meaning that it's powered by virtual machines and so

it's powered by virtual machines and so what we need to look for uh is ec2

what we need to look for uh is ec2 because that's where it's going to start

because that's where it's going to start that's our virtual machine and you'll

that's our virtual machine and you'll notice we have one here so there's a T2

notice we have one here so there's a T2 um uh that's running over here and then

um uh that's running over here and then over here we have a T2 okay so uh we

over here we have a T2 okay so uh we have a blue and a green environment so

have a blue and a green environment so this is our running environment so I'm

this is our running environment so I'm just going to zoom on in here okay so

just going to zoom on in here okay so the web app would be running on this and

the web app would be running on this and um and then on the outside here we have

um and then on the outside here we have an autoscaling group and so autoscaling

an autoscaling group and so autoscaling groups allow us to um manage a group of

groups allow us to um manage a group of ec2 instances and they will

ec2 instances and they will automatically scale if the demand

automatically scale if the demand increases or or or decline so if this

increases or or or decline so if this machine can't handle it it will just

machine can't handle it it will just automatically provision a new one and so

automatically provision a new one and so I've contained it in this environment

I've contained it in this environment here because I'm representing a blue

here because I'm representing a blue green deploy meaning that when I deploy

green deploy meaning that when I deploy this will get this will be the

this will get this will be the environment that replaces things and so

environment that replaces things and so you can see I have a lot of lines being

you can see I have a lot of lines being drawn around here so um over here we

drawn around here so um over here we have uh um parameter store so parameter

have uh um parameter store so parameter store is a place where we can store our

store is a place where we can store our environment variables um or application

environment variables um or application configuration variables and so I have

configuration variables and so I have this line going here and it's just

this line going here and it's just saying we're going to take these

saying we're going to take these environment variables and put them into

environment variables and put them into the application okay uh and then there's

the application okay uh and then there's also uh the database credential so here

also uh the database credential so here we are using postgress over here so and

we are using postgress over here so and then we need the database credential so

then we need the database credential so we're grabbing those database

we're grabbing those database credentials those are stored in Secrets

credentials those are stored in Secrets manager and we're giving to the

manager and we're giving to the application so the app knows how to

application so the app knows how to connect to the database and this one

connect to the database and this one knows how to uh configure it okay then

knows how to uh configure it okay then we have um a bunch of uh buckets here

we have um a bunch of uh buckets here for different organiz ganizations and so

for different organiz ganizations and so you know S3 is for storage so this is a

you know S3 is for storage so this is a way we're going to um store a variety of

way we're going to um store a variety of things so like user data assets

things so like user data assets artifacts Cloud information templates so

artifacts Cloud information templates so some of this is for the app some of them

some of this is for the app some of them is for the infrastructure so that's one

is for the infrastructure so that's one thing there okay then over here we have

thing there okay then over here we have u a cicd pipeline so we have code

u a cicd pipeline so we have code Pipeline and so code pipeline is

Pipeline and so code pipeline is triggered by GitHub so we put our code

triggered by GitHub so we put our code in GitHub and when that happens it's

in GitHub and when that happens it's going to do a code build so that's going

going to do a code build so that's going to build out a server

to build out a server um and then from there it's going to run

um and then from there it's going to run another code build server and then from

another code build server and then from there it's going to then um uh uh use

there it's going to then um uh uh use code deploy and so code deploy is going

code deploy and so code deploy is going to trigger a deploy what it will do is

to trigger a deploy what it will do is create a new environment so it's going

create a new environment so it's going to create a copy of this um sorry it's

to create a copy of this um sorry it's going to create a cop this is actually

going to create a cop this is actually the environment that's running so we'll

the environment that's running so we'll copy that and that will be our new

copy that and that will be our new environment right okay and so when the

environment right okay and so when the deploy is done it will swap and then

deploy is done it will swap and then that environment will become this new

that environment will become this new one

one um and so you know again this is

um and so you know again this is actually really the the running server

actually really the the running server it's just kind of easy to get hung up on

it's just kind of easy to get hung up on this one but the idea here is that um

this one but the idea here is that um you know that's how deployment works but

you know that's how deployment works but let's say uh you know we want to get uh

let's say uh you know we want to get uh traffic to this actual instance this is

traffic to this actual instance this is going to come through the internet and

going to come through the internet and the internet's going to probably go to

the internet's going to probably go to rid 3 so ref3 is used for domain names

rid 3 so ref3 is used for domain names so this' be like exampro doco

so this' be like exampro doco teacher.com we pass that over to our

teacher.com we pass that over to our elastic load balancer which in this case

elastic load balancer which in this case is an application load bouncer that's

is an application load bouncer that's why it's called ALB and that's going to

why it's called ALB and that's going to distribute the traffic there if we

distribute the traffic there if we wanted to run the server in another um

wanted to run the server in another um in another availability zone so that we

in another availability zone so that we make it highly available um you know ALB

make it highly available um you know ALB the elastic load bouncer application

the elastic load bouncer application load balcer is going to uh have some

load balcer is going to uh have some traffic go here and some traffic go

traffic go here and some traffic go there so this is just uh the blue

there so this is just uh the blue environment or whichever the current

environment or whichever the current environment is over here now when we

environment is over here now when we want to deploy new versions we're going

want to deploy new versions we're going to use launch templates and launch

to use launch templates and launch templates um uh are necessary when using

templates um uh are necessary when using Autos scaling groups so um you know you

Autos scaling groups so um you know you do have to Define launch template it

do have to Define launch template it just says like what is the shape of this

just says like what is the shape of this instance type like what's this family

instance type like what's this family what should it be and then we need an

what should it be and then we need an Amazon machine image so our Amazon

Amazon machine image so our Amazon machine image is custom built because we

machine image is custom built because we are installing all the stuff that we

are installing all the stuff that we want on it and so in order to automate

want on it and so in order to automate that process we are using um SSM

that process we are using um SSM automation documents so SSM stands for

automation documents so SSM stands for systems manager and automation allows

systems manager and automation allows you to automate that step so what it's

you to automate that step so what it's going to do is launch an instance

going to do is launch an instance install Ruby install postgress download

install Ruby install postgress download the codebase then it's going to create

the codebase then it's going to create that Ami and then um it will do a bunch

that Ami and then um it will do a bunch of other stuff here as well and this is

of other stuff here as well and this is going to run weekly or actually at the

going to run weekly or actually at the time uh it was running nightly so we're

time uh it was running nightly so we're doing nightly builds so that we would

doing nightly builds so that we would always get the latest um updates to our

always get the latest um updates to our server um because it's a virtual machine

server um because it's a virtual machine there could always be uh new updates for

there could always be uh new updates for that Linux version or Amazon machine Li

that Linux version or Amazon machine Li version we were using and then there's a

version we were using and then there's a bunch of other stuff here so you know um

bunch of other stuff here so you know um hopefully that kind of gives you an idea

hopefully that kind of gives you an idea like the complexity of it and you know

like the complexity of it and you know this is how I like to make my

this is how I like to make my architectural diagrams very in detailed

architectural diagrams very in detailed so that we can um look at them but yeah

so that we can um look at them but yeah if that was too much that's fine but you

if that was too much that's fine but you know that's just the complexity of it if

know that's just the complexity of it if you build your own you'll start to

you build your own you'll start to really grasp this stuff pretty well

really grasp this stuff pretty well [Music]

[Music] okay so what I want to do is just show

okay so what I want to do is just show you how high availability is built into

you how high availability is built into some ad Services where in other cases

some ad Services where in other cases you have to explicitly choose that you

you have to explicitly choose that you want something to be highly available uh

want something to be highly available uh so what I'm going to do is make my way

so what I'm going to do is make my way over to S3 and so with S3 this is where

over to S3 and so with S3 this is where you can create S3 buckets and this

you can create S3 buckets and this allows you uh to store things and so the

allows you uh to store things and so the great thing about S3 is that it's

great thing about S3 is that it's basically serverless storage so the idea

basically serverless storage so the idea is that you're just going to choose your

is that you're just going to choose your region and by default it's going to

region and by default it's going to replicate your data across multiple um

replicate your data across multiple um uh data centers or azs and so this one's

uh data centers or azs and so this one's already highly available by default with

already highly available by default with the standard tier uh so that is

the standard tier uh so that is something that's really nice but other

something that's really nice but other services uh you know like ec2 the idea

services uh you know like ec2 the idea is that you are going to launch yourself

is that you are going to launch yourself an ec2 instance so we launch that one

an ec2 instance so we launch that one and the problem with this is that if you

and the problem with this is that if you launch a single

launch a single ec2 that is not highly available because

ec2 that is not highly available because it's a single server running in a single

it's a single server running in a single um AZ so here you know we would choose

um AZ so here you know we would choose our subnet our subnet is our

our subnet our subnet is our availability Zone but you'd have to

availability Zone but you'd have to launch at least two additional servers

launch at least two additional servers and then you'd have to Route um uh you'd

and then you'd have to Route um uh you'd have to uh have something that would

have to uh have something that would balance uh the traffic to the to the

balance uh the traffic to the to the three which is a load balcer and so in

three which is a load balcer and so in this case you have to construct your

this case you have to construct your high availability then you have services

high availability then you have services like elastic beanock this is a platform

like elastic beanock this is a platform as a service um and we'll go to

as a service um and we'll go to environments here I'm not sure I wasn't

environments here I'm not sure I wasn't showing up there um and so the idea is

showing up there um and so the idea is that with elastic beant stock I'm just

that with elastic beant stock I'm just going to click on the main service here

going to click on the main service here you're going to go ahead and uh create

you're going to go ahead and uh create your application or create your

your application or create your environment you probably want to create

environment you probably want to create an environment first here okay and so I

an environment first here okay and so I would choose a web server and then the

would choose a web server and then the idea is I just name so my application

idea is I just name so my application here my uh environment and then down

here my uh environment and then down below you go configure more options

below you go configure more options whoops it wants me to choose everything

whoops it wants me to choose everything that's totally

that's totally fine and we say configure more options

fine and we say configure more options we're not going to create it because um

we're not going to create it because um we don't want to create one but the idea

we don't want to create one but the idea is that uh you you could choose whether

is that uh you you could choose whether you want this to be high highly

you want this to be high highly available or not so see it says single

available or not so see it says single instance so free tier uh and then if you

instance so free tier uh and then if you choose this what it's going to do it set

choose this what it's going to do it set up a bunch of stuff for you so it's

up a bunch of stuff for you so it's going to set up an application load

going to set up an application load balancer for you it's going to set up

balancer for you it's going to set up Auto scaling groups for you to make it

Auto scaling groups for you to make it highly available it's going to run at

highly available it's going to run at least uh between 1 to four instances so

least uh between 1 to four instances so this does everything that uh ec2 you'd

this does everything that uh ec2 you'd have to do manually setting up so that's

have to do manually setting up so that's really

really nice okay so you know some options have

nice okay so you know some options have that if we make it our way over to RDS

that if we make it our way over to RDS and again we're not cating anything

and again we're not cating anything we're just looking at the options it

we're just looking at the options it gives us when we uh start things these

gives us when we uh start things these up

up here we'll make our way over to RDS when

here we'll make our way over to RDS when it gives us a moment here

and if we go ahead and create ourselves a new

database and we look at something like a postgress database notice that we have a

postgress database notice that we have a production option and a Dev test option

production option and a Dev test option and so I mean usually it shows us the

and so I mean usually it shows us the price down here so even test Dev is $118

price down here so even test Dev is $118 which is not true you can make it

which is not true you can make it cheaper than that but the idea is that

cheaper than that but the idea is that when you choose between these two

when you choose between these two options um it's going to set up uh

options um it's going to set up uh multi-az it's going to that means that

multi-az it's going to that means that it's going to run a an additional um uh

it's going to run a an additional um uh database in another availability Zone

database in another availability Zone replicate that data over so that it

replicate that data over so that it stays highly available um you know it's

stays highly available um you know it's going to have autoscaling uh uh part of

going to have autoscaling uh uh part of it and so some Services you just choose

it and so some Services you just choose it abstractly so you just have to

it abstractly so you just have to understand what highly availability is

understand what highly availability is going to mean underneath so hopefully

going to mean underneath so hopefully that kind of gives you a picture of high

that kind of gives you a picture of high availability on

availability on [Music]

[Music] AWS hey this is Andrew Brown from exam

AWS hey this is Andrew Brown from exam Pro and we are looking at adus

Pro and we are looking at adus application programming interface also

application programming interface also known as adus API so before we talk

known as adus API so before we talk about uh the API let's describe what

about uh the API let's describe what application programming interface is so

application programming interface is so an API is software that allows two

an API is software that allows two applications or services to talk to each

applications or services to talk to each other and the most common type of API is

other and the most common type of API is via HTTP requests and so the ads API is

via HTTP requests and so the ads API is actually an HTTP API and you can

actually an HTTP API and you can interact with it by sending HPS requests

interact with it by sending HPS requests using an application interacting with

using an application interacting with apis like Postman and so here's kind of

apis like Postman and so here's kind of an example of what a request would be

an example of what a request would be that would be sent out and so the way it

that would be sent out and so the way it works is that each ad a service

works is that each ad a service generally has a service endpoint so see

generally has a service endpoint so see where it says monitoring that's going to

where it says monitoring that's going to be Cloud watch so sometimes they're

be Cloud watch so sometimes they're named after the services sometimes the

named after the services sometimes the name is a bit obscure and of course you

name is a bit obscure and of course you can't just call an uh call an API

can't just call an uh call an API request without authenticating or

request without authenticating or authorizing and so you have to sign your

authorizing and so you have to sign your request and so that's a process of

request and so that's a process of making a separate request uh with your

making a separate request uh with your adus credentials to get back a a

adus credentials to get back a a temporary token uh in order to authorize

temporary token uh in order to authorize that and I don't have room to show it

that and I don't have room to show it but the thing is is that what you'd be

but the thing is is that what you'd be also going along with those requests

also going along with those requests would be to provide an action so when

would be to provide an action so when you look at um the adus API it will show

you look at um the adus API it will show you a bunch of actions that you can call

you a bunch of actions that you can call they're basically the same ones you'll

they're basically the same ones you'll see in the IM policies so it could be

see in the IM policies so it could be like describe ec2 instances Or List

like describe ec2 instances Or List buckets um and they can also be

buckets um and they can also be accompanied with parameters okay so you

accompanied with parameters okay so you know we're probably not going to show

know we're probably not going to show you how to uh make an API request

you how to uh make an API request directly because that's not something

directly because that's not something that you would generally do um but what

that you would generally do um but what you would do is you'd probably use the

you would do is you'd probably use the abis Management console which is powered

abis Management console which is powered by the API use the Adis SDK which is

by the API use the Adis SDK which is powered by the API or using the ad CLI

so we'll cover all those three [Music]

[Music] okay all right so what I want to do is

okay all right so what I want to do is just point you to where you'd find the

just point you to where you'd find the resources to use the API program

resources to use the API program automatically uh we're not going to

automatically uh we're not going to actually use the API because there's a

actually use the API because there's a lot more to it uh than what I'm going to

lot more to it uh than what I'm going to show you here but at least you'll be

show you here but at least you'll be familiar with how the API works so I'm

familiar with how the API works so I'm on the ads. amazon.com website if you

on the ads. amazon.com website if you type in docs the type top there it's

type in docs the type top there it's going to bring you to the main

going to bring you to the main documentation and what we're looking for

documentation and what we're looking for if we scroll on down there should be a

if we scroll on down there should be a general reference area where we have

general reference area where we have service endpoints if we click into here

service endpoints if we click into here it's going to uh talk about um how a

it's going to uh talk about um how a service endpoint is structured and if we

service endpoint is structured and if we go down to abis API we can see some

go down to abis API we can see some additional information of course to use

additional information of course to use um the API you're going to have to sign

um the API you're going to have to sign API requests first which is not a super

API requests first which is not a super simple process but you have to use an

simple process but you have to use an authorization header um and send along

authorization header um and send along uh some credentials and things like that

uh some credentials and things like that so if you want to know what service

so if you want to know what service endpoints are available to you if you

endpoints are available to you if you search service endpoints list for AWS

search service endpoints list for AWS this is the big list and so if I was to

this is the big list and so if I was to go down here and look for ec2 uh might

go down here and look for ec2 uh might be a common example here it's going to

be a common example here it's going to tell us what the points are and as you

tell us what the points are and as you can see they are Regional based but the

can see they are Regional based but the idea here is that I could take something

idea here is that I could take something like this okay I could grab that and

like this okay I could grab that and using something like

using something like Postman I could go and create a new

Postman I could go and create a new request and it's probably a post I'm not

request and it's probably a post I'm not sure what it's supposed to be it's

sure what it's supposed to be it's probably a post and then you'd set your

probably a post and then you'd set your authorization header there might even be

authorization header there might even be one in here for adabs see where it says

one in here for adabs see where it says adabs signature so you can go here and

adabs signature so you can go here and put your access key and secret within

put your access key and secret within here um so that's something nice about

here um so that's something nice about Postman so it's going to do the signing

Postman so it's going to do the signing requests for you so that makes your life

requests for you so that makes your life a lot easier and then from there what

a lot easier and then from there what you do is you go to your body and you'd

you do is you go to your body and you'd want to enter in Json so to do Json

want to enter in Json so to do Json would probably be raw you drop down the

would probably be raw you drop down the format Json and then you'd send your

format Json and then you'd send your payload whatever it is so I again I

payload whatever it is so I again I haven't done this in a while because

haven't done this in a while because it's not a very common uh thing that I

it's not a very common uh thing that I have to do like describe ec2 instances

have to do like describe ec2 instances but there probably is like an action and

but there probably is like an action and some additional information that you'd

some additional information that you'd send along um so you know hopefully that

send along um so you know hopefully that gives you kind of an idea how the API

gives you kind of an idea how the API works but you know you should never Pro

works but you know you should never Pro uh in practice ever have to really work

uh in practice ever have to really work with the API uh This Way directly

with the API uh This Way directly [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are looking at the itus

Pro and we are looking at the itus Management console so the itus

Management console so the itus Management console is a web-based

Management console is a web-based unified console to build manage and

unified console to build manage and monitor everything from simple web apps

monitor everything from simple web apps to complex Cloud deployments so when you

to complex Cloud deployments so when you create your adus account and you log in

create your adus account and you log in that is what you're using the adus

that is what you're using the adus Management console and I would not be

Management console and I would not be surprised uh if you're watching this

surprised uh if you're watching this video and they've already changed um the

video and they've already changed um the default page here since AOS loves to

default page here since AOS loves to change the UI on us all the time uh but

change the UI on us all the time uh but uh the way you would access this is via

uh the way you would access this is via console. ab. amazon.com when you click

console. ab. amazon.com when you click sign in or go to the console that's the

link that it's going to uh and so the idea here is that you can point and

idea here is that you can point and click to manually launch and configure

click to manually launch and configure adus Resources with limited programming

adus Resources with limited programming knowledge this is known as click Ops

knowledge this is known as click Ops since you can perform all your system

since you can perform all your system operations via clicks okay

[Music] let's talk about the adus Management

let's talk about the adus Management console in brief here so you know of

console in brief here so you know of course when you're on the homepage you

course when you're on the homepage you go to adus Management console and you

go to adus Management console and you will end up logging in and from there we

will end up logging in and from there we will uh make our way over to the adus

will uh make our way over to the adus Management console when I say adus

Management console when I say adus Management console I'm referring to uh

Management console I'm referring to uh this homepage but I'm also referring to

this homepage but I'm also referring to anything that I'm doing in this web UI

anything that I'm doing in this web UI whether it's a subservice or not so you

whether it's a subservice or not so you know a lot of times people just call

know a lot of times people just call this the dashboard uh or the homepage um

this the dashboard uh or the homepage um but you know it is technically cre the

but you know it is technically cre the adus Management console but everything

adus Management console but everything is the adus Management console you can

is the adus Management console you can drop down Services here if there's some

drop down Services here if there's some that you like you can favorite them on

that you like you can favorite them on the left hand side I don't find that

the left hand side I don't find that particularly useful you can see the most

particularly useful you can see the most recent ones here they'll also Show

recent ones here they'll also Show recently up here as well we have the

recently up here as well we have the search at the top notice that there's a

search at the top notice that there's a hotkey for alt S I don't think I ever

hotkey for alt S I don't think I ever use it but if I was to type in a service

use it but if I was to type in a service like ec2 it's going to get me the

like ec2 it's going to get me the services and then down below it's the

services and then down below it's the subfeatures of it so if I just click

subfeatures of it so if I just click into that there into this you this is

into that there into this you this is the main this is a service console so I

the main this is a service console so I would call this the ec2 console or the

would call this the ec2 console or the ec2 service console so if you ever hear

ec2 service console so if you ever hear me saying go to the ec2 console that's

me saying go to the ec2 console that's what I'm saying and you'll notice here

what I'm saying and you'll notice here like there is stuff on the left hand

like there is stuff on the left hand side so I come back here ec2 image

side so I come back here ec2 image Builder ec2 Global views these are

Builder ec2 Global views these are considered services but if you drop down

considered services but if you drop down it says top features or you go down here

it says top features or you go down here it says dashboard limits Amis you go

it says dashboard limits Amis you go over here uh the ec2 dashboard limits

over here uh the ec2 dashboard limits Amis are here and limits are somewhere

Amis are here and limits are somewhere here right there so okay so those kind

here right there so okay so those kind of map over pretty well plls and

of map over pretty well plls and documentation knowledge based articles

documentation knowledge based articles Marketplace I don't think I've ever

Marketplace I don't think I've ever touched those in my life uh this here is

touched those in my life uh this here is the cloud shell so if you click it it

the cloud shell so if you click it it will launch a cloud shell we'll cover

will launch a cloud shell we'll cover that when we get to that section here we

that when we get to that section here we have this little bell it tells us about

have this little bell it tells us about open issues I think this is for the

open issues I think this is for the personal health dashboard yeah it says

personal health dashboard yeah it says PhD in the bottom left corner or left

PhD in the bottom left corner or left corner so if I open that up it'll bring

corner so if I open that up it'll bring up the PHD the personal health dashboard

up the PHD the personal health dashboard all right uh our region selector our

all right uh our region selector our so nothing super exciting here but just

so nothing super exciting here but just kind of giving you a bit of a tour so

kind of giving you a bit of a tour so that you know there are some things you

that you know there are some things you can do um can you change the look of

can do um can you change the look of this I don't think right now as of yet

this I don't think right now as of yet um there is any way I'm sure AOS is

um there is any way I'm sure AOS is thinking about it because it's been a

thinking about it because it's been a high uh request that's in demand but uh

high uh request that's in demand but uh this is what it looks like as of today

this is what it looks like as of today [Music]

[Music] okay all right so I just want to

okay all right so I just want to describe what a service console is so an

describe what a service console is so an an a service each have their own

an a service each have their own customized console and you can access

customized console and you can access these consoles by searching the service

these consoles by searching the service name so you would go ahead and type in

name so you would go ahead and type in ec2 and then what we refer to this

ec2 and then what we refer to this screen as as the ec2 console the reason

screen as as the ec2 console the reason I'm telling you this is that when you're

I'm telling you this is that when you're going through a lot of labs or follow

going through a lot of labs or follow alongs you'll hear the instructor say go

alongs you'll hear the instructor say go to the ec2 console go to the stagemaker

to the ec2 console go to the stagemaker console go to the RDS console what

console go to the RDS console what they're telling you is to go type the

they're telling you is to go type the the name of the service and go to um

the name of the service and go to um that particular Services uh console okay

that particular Services uh console okay uh some a service consoles will act as

uh some a service consoles will act as an umbrella console containing many adus

an umbrella console containing many adus services so uh you know VPC console ec2

services so uh you know VPC console ec2 console systems manager console

console systems manager console stagemaker console uh cloudwatch console

stagemaker console uh cloudwatch console these all contain multiple services so

these all contain multiple services so you know for um for ec2 you might say

you know for um for ec2 you might say okay well I need a security group

okay well I need a security group there's no security group console it's

there's no security group console it's under the ec2 console okay uh so just be

under the ec2 console okay uh so just be aware of

aware of [Music]

[Music] that so now I want to show you some of

that so now I want to show you some of the service consoles to kind of

the service consoles to kind of distinguish how they might vary per per

distinguish how they might vary per per service okay so if we were to look up

service okay so if we were to look up ec2 um and we just did look at this but

ec2 um and we just did look at this but the interesting thing is that some uh

the interesting thing is that some uh consoles the ec2 console uh is the home

consoles the ec2 console uh is the home for other databus services and you just

for other databus services and you just have to learn this over time to know

have to learn this over time to know that so for instance elastic Block store

that so for instance elastic Block store is its own service but it's tightly uh

is its own service but it's tightly uh linked to ec2 instances so that's why

linked to ec2 instances so that's why they always have it here same thing with

they always have it here same thing with Amis uh security groups same thing with

Amis uh security groups same thing with that so these are interesting because

that so these are interesting because these are basically part of virtual

these are basically part of virtual networking and so you think they'd be

networking and so you think they'd be under the VPC console but they are

under the VPC console but they are actually under here with ec2 and so load

actually under here with ec2 and so load balancing Auto scaling groups tightly

balancing Auto scaling groups tightly coupled to um uh to ec2 if we make our

coupled to um uh to ec2 if we make our way over to

VPC um you know here it's going to contain all the new stuff does it have a

contain all the new stuff does it have a new experience no I guess this is the

new experience no I guess this is the newest one it looks a bit old and a

newest one it looks a bit old and a little bit new here but you know we have

little bit new here but you know we have a lot of different things here like fire

a lot of different things here like fire firewalls vpns Transit gateways traffic

firewalls vpns Transit gateways traffic mirroring we make our way over to Cloud

mirroring we make our way over to Cloud watch okay and cloudwatch has uh very uh

watch okay and cloudwatch has uh very uh focused Services they're all actually

focused Services they're all actually named and this is more like a s feels

named and this is more like a s feels more like a single service where you

more like a single service where you have these very focused um Services

have these very focused um Services where you have alarms logs metrics

where you have alarms logs metrics events insights right but you're going

events insights right but you're going to notice that like the UI highly varies

to notice that like the UI highly varies so we had looked at Cloud watch and then

so we had looked at Cloud watch and then we had looked at U VPC and looks like

we had looked at U VPC and looks like this and then we looked at ec2 and it

this and then we looked at ec2 and it looked like that and so there is

looked like that and so there is inconsistencies because each um Service

inconsistencies because each um Service uh Team like that work on per service or

uh Team like that work on per service or whatever they have full control over

whatever they have full control over their UI and so some of them are in um

their UI and so some of them are in um uh different states of updating so some

uh different states of updating so some people might have updated the left-and

people might have updated the left-and column but this part is old or you might

column but this part is old or you might click around like under something else

click around like under something else like ec2 dashboard um or maybe a better

like ec2 dashboard um or maybe a better example might be Amis I remember we're

example might be Amis I remember we're in here something looked old here yeah

in here something looked old here yeah see these are the old buttons and that's

see these are the old buttons and that's just how it is so everything is very uh

just how it is so everything is very uh modular and so they get updated over

modular and so they get updated over time so that is the challenge that

time so that is the challenge that you're dealing with you're always having

you're dealing with you're always having like three different versions that are

like three different versions that are cobbled together in each uh um UI one

cobbled together in each uh um UI one thing that I found really interesting is

thing that I found really interesting is that um VPC has its own console

that um VPC has its own console Management console but if you were to

Management console but if you were to look up this in the uh the SDK so if I

look up this in the uh the SDK so if I was to look up um ABS

was to look up um ABS SDK uh

SDK uh ec2 okay I'm just looking up r Ruby here

ec2 okay I'm just looking up r Ruby here as an example because that's what I know

as an example because that's what I know how to do um if you look under here

how to do um if you look under here let's say you want to pragmatically work

let's say you want to pragmatically work with vpcs you think that it would have

with vpcs you think that it would have its own top level VPC because it has in

its own top level VPC because it has in the console its own uh its own

the console its own uh its own Management console but actually VPC is

Management console but actually VPC is tightly coupled ec2 and so when you want

tightly coupled ec2 and so when you want to pragmatically use VPC you're going to

to pragmatically use VPC you're going to be um using actually ec2 uh as as how it

be um using actually ec2 uh as as how it was built so the the the what I'm trying

was built so the the the what I'm trying to get is the apis don't one to one

to get is the apis don't one to one match with this kind of stuff and so

match with this kind of stuff and so it's just kind of interesting that

it's just kind of interesting that there's those kind of uh differences uh

there's those kind of uh differences uh but again it's not that big of a deal

but again it's not that big of a deal I'm just trying to say like you know

I'm just trying to say like you know keep your mind open when you're looking

keep your mind open when you're looking at this stuff

at this stuff [Music]

[Music] okay so every adist account has a unique

okay so every adist account has a unique account ID and the account ID can be

account ID and the account ID can be easily found by dropping down the

easily found by dropping down the current user in the global navigation so

current user in the global navigation so what I'm going to do is pull up my pen

what I'm going to do is pull up my pen tool here and just show you it's right

tool here and just show you it's right there uh the ab account ID is composed

there uh the ab account ID is composed of 12 digits and so it could look like

of 12 digits and so it could look like this or this or this theab account ID is

this or this or this theab account ID is used when logging in uh with a nonroot

used when logging in uh with a nonroot user account uh but generally a lot of

user account uh but generally a lot of people like to set their own Alias

people like to set their own Alias because it's tiring to remember your

because it's tiring to remember your account uh ID the uh you use it when

account uh ID the uh you use it when you're creating cross account R so you'd

you're creating cross account R so you'd have the target account d The Source

have the target account d The Source account ID to gain access to resources

account ID to gain access to resources in another a account when you're uh

in another a account when you're uh dealing with the support cases ads will

dealing with the support cases ads will commonly ask you what your account ID is

commonly ask you what your account ID is so they can identify

so they can identify the account that they want to look at

the account that they want to look at and it is generally good to keep your

and it is generally good to keep your account ID private as it is one of the

account ID private as it is one of the many components used to dentify an

many components used to dentify an account for an attack by malicious actor

account for an attack by malicious actor uh so you don't have to be overly

uh so you don't have to be overly sensitive with it but you know try to

sensitive with it but you know try to hide it when you can when it's easy

hide it when you can when it's easy [Music]

[Music] okay all right so let's talk about the

okay all right so let's talk about the account ID which appears up here in the

account ID which appears up here in the top right corner uh where you can get

top right corner uh where you can get the account ID it also appears in IM am

the account ID it also appears in IM am so if we go over to I am and you look on

so if we go over to I am and you look on the right hand side it should show you

the right hand side it should show you the example here it keeps on trying to

the example here it keeps on trying to take us to the old dashboard that's fine

take us to the old dashboard that's fine um but you'll notice that it's over here

um but you'll notice that it's over here and I don't have MFA turned on because

and I don't have MFA turned on because I'm in my IM user account but it should

I'm in my IM user account but it should be turned on on everything that's given

be turned on on everything that's given but uh you know I just want to show you

but uh you know I just want to show you where it is and also where you might be

where it is and also where you might be using it so one example where you would

using it so one example where you would use you would need to know your account

use you would need to know your account ID would be something like creating a

ID would be something like creating a cross account policy so I went here and

cross account policy so I went here and went to policy and went create policy

went to policy and went create policy um and we went to maybe it's a roll I

um and we went to maybe it's a roll I think we actually sorry we want a cross

think we actually sorry we want a cross account roll it's not the policy sorry

account roll it's not the policy sorry we go here and we say I want to access

we go here and we say I want to access something in another A's account what we

something in another A's account what we have to do is specify the account ID

have to do is specify the account ID specify the accounts that can use this

specify the accounts that can use this role so you give I think the the ID of

role so you give I think the the ID of the other

the other account okay and so that is one place

account okay and so that is one place where you use it another place would be

where you use it another place would be when you're creating policies so if I go

when you're creating policies so if I go back to policies here I can create a

back to policies here I can create a policy

policy here and I can just choose something

here and I can just choose something like S3

like S3 okay and I'll just choose a list and

okay and I'll just choose a list and under the request

under the request conditions I might specify I think the

conditions I might specify I think the account IDE it should be in

account IDE it should be in here um I know I can limit based on

here um I know I can limit based on account

account ID principal account

so you could do principal account so if I just looked up this here ABS principal

account and you just got to get used to Googling things because that's always

Googling things because that's always what's happening here and so we should

what's happening here and so we should be able to specify an account ID yeah

be able to specify an account ID yeah like that so that would be the principle

like that so that would be the principle there so if I just took that and doesn't

there so if I just took that and doesn't matter what it is we just put the value

matter what it is we just put the value in

in here um string equals this add I should

here um string equals this add I should be able to go over here and now see the

be able to go over here and now see the full statement no sometimes that happens

full statement no sometimes that happens because we don't have it fully filled

out but um yeah so that pretty much that's pretty much how we use it like it

that's pretty much how we use it like it would normally show up as that so if I

would normally show up as that so if I just go ahead and go next the policy

just go ahead and go next the policy contains an error you are required to

contains an error you are required to choose a

choose a resource what do you mean the resource

resource what do you mean the resource is this right oh down here okay sorry uh

is this right oh down here okay sorry uh so we'll just say all resources then we

so we'll just say all resources then we flip over now it's valid and so here we

flip over now it's valid and so here we can see our condition saying only from

can see our condition saying only from this account ID that it is allowed um

this account ID that it is allowed um other places we're going to see account

other places we're going to see account IDs are in um ARS right so if we had an

IDs are in um ARS right so if we had an ec2 instance we don't have one launched

ec2 instance we don't have one launched right now but if I was to go ahead and

right now but if I was to go ahead and oh maybe we have some prior ones yeah so

oh maybe we have some prior ones yeah so if I was to checkbox this

if I was to checkbox this here and you might not have any prior

here and you might not have any prior ones so there might not be nothing for

ones so there might not be nothing for you to see but if you look for the

you to see but if you look for the AR where's our AR

sometimes it doesn't show the Arn in the services sometimes it does I wish that

services sometimes it does I wish that abot always showed the Arn to make our

abot always showed the Arn to make our lives a bit easier but it could be

lives a bit easier but it could be because of other reasons why but even

because of other reasons why but even though we don't have the R I think it

though we don't have the R I think it shows us shows us the owner ID and so

shows us shows us the owner ID and so that's the account uh the account ID

that's the account uh the account ID number you can tell because it's 12

number you can tell because it's 12 digits so hopefully that gives you kind

digits so hopefully that gives you kind of a tour of the account ID and what its

of a tour of the account ID and what its purpose is in the account okay

[Music] all right let's take a look at it tools

all right let's take a look at it tools for Powershell so what is Powershell

for Powershell so what is Powershell Powershell is a task Automation and

Powershell is a task Automation and configuration management framework is a

configuration management framework is a command like shell and a scripting

command like shell and a scripting language so here it is over here uh if

language so here it is over here uh if you are a Windows user you're used to

you are a Windows user you're used to seeing this because it has a big blue

seeing this because it has a big blue window so unlike most shells which

window so unlike most shells which accept and return text Powershell is

accept and return text Powershell is built on top of the net common language

built on top of the net common language runtime CLR and accepts and Returns the

runtime CLR and accepts and Returns the net objects so uh has a thing

net objects so uh has a thing called the adus tools for Powershell and

called the adus tools for Powershell and this lets you interact with the adus API

this lets you interact with the adus API via Powershell commandlets commandlets

via Powershell commandlets commandlets is a special type of command in

is a special type of command in powerwell in the form of the capitalized

powerwell in the form of the capitalized verb and noun so in this case it'd be

verb and noun so in this case it'd be new hyphen S3 bucket so you know we

new hyphen S3 bucket so you know we looked at the a CLI and that is

looked at the a CLI and that is generally for bash um uh you know shells

generally for bash um uh you know shells and so po shell is just another type of

and so po shell is just another type of shell that's very popular and I just

shell that's very popular and I just wanted to highlight it for those people

wanted to highlight it for those people that are uh you know used to using

that are uh you know used to using Microsoft workloads or azure workloads

Microsoft workloads or azure workloads uh that this actually exists

uh that this actually exists [Music]

[Music] okay all right let's take a look at the

okay all right let's take a look at the pow shell tools um I actually haven't

pow shell tools um I actually haven't used this one yet so I'm kind of curious

used this one yet so I'm kind of curious I am out of Windows machine so if I was

I am out of Windows machine so if I was to um open CM or

to um open CM or Powershell and you probably can't see

Powershell and you probably can't see this but if I just bring this over here

this but if I just bring this over here if I type in Powershell on my

if I type in Powershell on my computer you'll notice that I have it um

computer you'll notice that I have it um so that's how you would launch it looks

so that's how you would launch it looks like a blue screen here okay um if

like a blue screen here okay um if you're on a Mac you're not going to have

you're on a Mac you're not going to have that but that's totally fine we don't

that but that's totally fine we don't need to have a Windows machine to use

need to have a Windows machine to use Powershell because we can go ahead and

Powershell because we can go ahead and use cloud shell so make sure you're in a

use cloud shell so make sure you're in a region that supports Cloud shell so I

region that supports Cloud shell so I switch back to North Virginia uh this is

switch back to North Virginia uh this is not important for the exam but it's just

not important for the exam but it's just kind of fun for me to go through this

kind of fun for me to go through this with you and if you just like want to

with you and if you just like want to watch uh here and so I want to change

watch uh here and so I want to change this over to Powershell so I imagine

this over to Powershell so I imagine that it must be over

that it must be over here um so how do we change to

here um so how do we change to Powershell so we'll type in ad us po or

Powershell so we'll type in ad us po or it us Cloud

it us Cloud shell power shell like how do we do

shell power shell like how do we do it okay and so I'm just going to scroll

it okay and so I'm just going to scroll down

down here so the following shells are

here so the following shells are pre-installed uh The Bash the power

pre-installed uh The Bash the power shell the Z shell you can identify them

shell the Z shell you can identify them by that yeah of course to switch to New

by that yeah of course to switch to New Shell enter the Shell's program name in

Shell enter the Shell's program name in the command line prompt oh wow that's

the command line prompt oh wow that's easy so um if we want

easy so um if we want pwsh do we just type pwsh let's find out

give it a moment to think oh there we go okay so now we're using Powershell and

okay so now we're using Powershell and so I would think that ads would give

so I would think that ads would give this pre-installed for us so if we go

this pre-installed for us so if we go over here to the instructions and we

over here to the instructions and we scroll on down there's probably like oh

scroll on down there's probably like oh wait like I don't use Powershell a lot

wait like I don't use Powershell a lot it's very easy to install modules um

it's very easy to install modules um I've done it before but I never remember

I've done it before but I never remember how to do it but let's just see what we

how to do it but let's just see what we can find here so I want the

can find here so I want the documentation for Powershell here and

documentation for Powershell here and I'm going to go to the um the maybe the

I'm going to go to the um the maybe the reference here because I just want to

reference here because I just want to see some examples for the commandlets

see some examples for the commandlets and so we'll look for S3 again never

and so we'll look for S3 again never done this before but I'm always great at

done this before but I'm always great at jumping uh into these things and all I

jumping uh into these things and all I want to do is just list out the buckets

want to do is just list out the buckets so I'm going to just search for the word

so I'm going to just search for the word list um and just see if I can find

list um and just see if I can find something very simple

something very simple here and calls to get the list buckets

here and calls to get the list buckets API operation so I think that is what

API operation so I think that is what we're going to be doing here so I'm

we're going to be doing here so I'm going to click into that okay

going to click into that okay and then from there what I'm going to do

and then from there what I'm going to do is just see if I can copy this command

is just see if I can copy this command so we will go ahead and copy this and

so we will go ahead and copy this and paste it in here and I like how we got

paste it in here and I like how we got this little shell here so we can tweak

this little shell here so we can tweak it so we need the bucket name but I

it so we need the bucket name but I don't want to return a list of all the

don't want to return a list of all the buckets owned by the author so we don't

buckets owned by the author so we don't have a bucket name that we want

have a bucket name that we want explicitly set here so it's required

explicitly set here so it's required false so we can remove that okay we'll

false so we can remove that okay we'll look at the next one select required

look at the next one select required false use the select command to control

false use the select command to control the command L output the default is

the command L output the default is bucket specifying select will result in

bucket specifying select will result in turning all the whole

turning all the whole buckets for that specifying the

buckets for that specifying the name uh but it says it's not required so

name uh but it says it's not required so let's just take that out as well I don't

let's just take that out as well I don't think we need any of these actually

think we need any of these actually let's just go and put that in there and

let's just go and put that in there and I think that there must be something we

I think that there must be something we need to put in front of that right well

need to put in front of that right well let's just see what

happens uh the term is not recognized as the name of the command L function

the name of the command L function script is operable so I think we're

script is operable so I think we're missing something in front of

missing something in front of here we'll go to the user guide here

here we'll go to the user guide here quickly and we'll get to the getting

quickly and we'll get to the getting started I just want a super simple

started I just want a super simple example

example here new bucket get bucket well let's

here new bucket get bucket well let's try this one here because they have it

try this one here because they have it here and so it should just work

right I'm going change this to us East one

the term new bucket is not recognized as the name of the commandlet function so

the name of the commandlet function so I'm guessing that the commandlets not

I'm guessing that the commandlets not installed I would have thought that they

installed I would have thought that they would have installed it by default so I

would have installed it by default so I guess what we'll do is look at how to

guess what we'll do is look at how to install it so installing

install it so installing on Linux I

suppose so you can install the modulized version

so you can install the modulized version of the Powershell on computers to

of the Powershell on computers to install adus tools on Linux PW H to

install adus tools on Linux PW H to start Powershell core session so I guess

start Powershell core session so I guess that's how you must start it on Linux

that's how you must start it on Linux and then install the module this way so

and then install the module this way so yeah I said it's easy to install these

yeah I said it's easy to install these things we'll hit

things we'll hit enter cross your fingers hope this works

enter cross your fingers hope this works hope this is

fast I'm just going to take a look here peek forward here if you are not uh if

peek forward here if you are not uh if you're notified the repository is UN

you're notified the repository is UN trusted you're asked if you want to

trusted you're asked if you want to trust anyway just hit Y so we're waiting

trust anyway just hit Y so we're waiting for that here um you're installing this

for that here um you're installing this module from usted repository it's funny

module from usted repository it's funny that it's untrusted by but it's by AWS

that it's untrusted by but it's by AWS maybe that's some kind of drama between

maybe that's some kind of drama between Microsoft not letting AWS have an

Microsoft not letting AWS have an official module there but it looks like

official module there but it looks like it should be installed now so if I type

it should be installed now so if I type in get S3 buckets

in get S3 buckets here um unless I typed it wrong that

here um unless I typed it wrong that still doesn't seem to be working if I go

still doesn't seem to be working if I go up here and try to create a new bucket

up here and try to create a new bucket still does not recom recognize the

still does not recom recognize the command command lit here so there must

command command lit here so there must be more going on

be more going on here um

if you notified you can now install the module for each

module for each service okay well what did we

service okay well what did we do you're installing the the the modules

do you're installing the the the modules from untrusted if you trust it change

from untrusted if you trust it change the uh change it installation policy

the uh change it installation policy value by running set policy command are

value by running set policy command are you sure you want to install this module

you sure you want to install this module from the PS Gallery so I said yes and I

from the PS Gallery so I said yes and I gave it a capital Y and it didn't do

gave it a capital Y and it didn't do anything

anything else so

else so oh hold on here so this is the installer

oh hold on here so this is the installer and then here is the actual tool that we

and then here is the actual tool that we want to install so it install to oh so

want to install so it install to oh so we just installed this thing and now we

we just installed this thing and now we use this thing to install S3

use this thing to install S3 okay great not hard

okay great not hard okay and so we'll just say yes to

okay and so we'll just say yes to all and so that's going to install I

all and so that's going to install I guess everything oh we said ec2 and S3

guess everything oh we said ec2 and S3 well we didn't need both but that's fine

well we didn't need both but that's fine and so what I'm going to do is go get

and so what I'm going to do is go get bucket and so now recognizes it lists

bucket and so now recognizes it lists out the items here we can go and create

out the items here we can go and create ourselves a new bucket so we'll do that

ourselves a new bucket so we'll do that okay we'll make our way back over

okay we'll make our way back over databas Management console we'll go to

databas Management console we'll go to S3 just because I don't need all these

S3 just because I don't need all these buckets lying around here and I'm going

buckets lying around here and I'm going to go ahead and delete some of these

to go ahead and delete some of these buckets here so we'll say

buckets here so we'll say delete my bucket great and we'll go to

delete my bucket great and we'll go to this one here and say delete my bucket

this one here and say delete my bucket excellent all right so we have an idea

excellent all right so we have an idea how to use Powershell and so Powershell

how to use Powershell and so Powershell is just really popular because of it's

is just really popular because of it's the way you do inputs is very

the way you do inputs is very standardized and the outputs that come

standardized and the outputs that come so it's very popular um and a very

so it's very popular um and a very powerful scripting tool that's or CLI

powerful scripting tool that's or CLI tool as well so uh you know hopefully

tool as well so uh you know hopefully that's that was interesting for you but

that's that was interesting for you but what we'll do is just close these off

what we'll do is just close these off here and go back to our our homepage

here and go back to our our homepage always just clicking that logo there and

always just clicking that logo there and there we

there we [Music]

[Music] go so Amazon resource names uniquely

go so Amazon resource names uniquely identif AWS resources and ARS are

identif AWS resources and ARS are required to specify resource and

required to specify resource and Ambiguously across all of all of AWS so

Ambiguously across all of all of AWS so the AR has the following format

the AR has the following format variations so there's a few different

variations so there's a few different things here but just notice here that

things here but just notice here that sometimes it has a resource ID or it has

sometimes it has a resource ID or it has a path so with a resource type or could

a path so with a resource type or could be separated by a colon so the partition

be separated by a colon so the partition um could either be ads China or gov

um could either be ads China or gov Cloud because this is basically the adus

Cloud because this is basically the adus uh portal or URL that are completely

uh portal or URL that are completely separated from each other uh as we

separated from each other uh as we talked about those earlier in the course

talked about those earlier in the course uh then there's the service identifier

uh then there's the service identifier so ec2 S3 IM am pretty much every

so ec2 S3 IM am pretty much every service has their own uh service that uh

service has their own uh service that uh name here that would be identified then

name here that would be identified then the region would be pretty obvious Us

the region would be pretty obvious Us East one CA Central 1 you'd have a count

East one CA Central 1 you'd have a count ID which would be 12 digits uh the

ID which would be 12 digits uh the resource ID uh could be a name or a pass

resource ID uh could be a name or a pass so like for um IM users we have user Bob

so like for um IM users we have user Bob this is an ec2 instance and most of the

this is an ec2 instance and most of the irns are accessible via the AAS

irns are accessible via the AAS Management console and you can usually

Management console and you can usually click the r to copy to your clipboard so

click the r to copy to your clipboard so here is it is for an S3 bucket and

here is it is for an S3 bucket and notice that it's a little bit different

notice that it's a little bit different because it is a global Service AWS

because it is a global Service AWS there's no reason to specify the region

there's no reason to specify the region or the account ID or uh anything else

or the account ID or uh anything else there like the resource type so straight

there like the resource type so straight away we already know it's a bucket so we

away we already know it's a bucket so we can just say my bucket so that one's

can just say my bucket so that one's really short but in other cases it's

really short but in other cases it's really long so here it is for a load

really long so here it is for a load balcer and it has all the information

balcer and it has all the information there and notice that like this has a

there and notice that like this has a pass this is low bouncer app my server

pass this is low bouncer app my server will be and then it has the ID okay for

will be and then it has the ID okay for paths and ARS they can also include a

paths and ARS they can also include a wild card Aster and we'll see these like

wild card Aster and we'll see these like with IM policies or or paths these are

with IM policies or or paths these are really useful when you are doing um uh

really useful when you are doing um uh policies where you have to specify AR

policies where you have to specify AR you want to say a group of things and

you want to say a group of things and things like that so there you

things like that so there you [Music]

[Music] go all right so now let's take a look at

go all right so now let's take a look at Amazon resource name or also known as

Amazon resource name or also known as Arn um and so ARS are used to reference

Arn um and so ARS are used to reference objects they're very commonly used when

objects they're very commonly used when you're using the CLI or the SDK to

you're using the CLI or the SDK to reference to something um the easiest

reference to something um the easiest example is S3 right so we go over to S3

example is S3 right so we go over to S3 here and we create ourselves a new

here and we create ourselves a new bucket um so I'll go ahead and create

bucket um so I'll go ahead and create ourselves a new one here we'll say my

ourselves a new one here we'll say my new bucket I'm just going to put a bunch

new bucket I'm just going to put a bunch of numbers in here it doesn't matter

of numbers in here it doesn't matter we'll hit create bucket and what we will

we'll hit create bucket and what we will see if we click into this is the orange

see if we click into this is the orange should be under

should be under properties and there it is okay so so

properties and there it is okay so so there are many cases where you might

there are many cases where you might want to use the RN and a lot of times

want to use the RN and a lot of times you'll just copy it and uh a very common

you'll just copy it and uh a very common example would be again with I am

example would be again with I am policies so we go over to I am policies

policies so we go over to I am policies right and I want to get to policies here

right and I want to get to policies here to save myself some trouble and we

to save myself some trouble and we create a

create a policy you know I might want to restrict

policy you know I might want to restrict someone to use only that bucket so I say

someone to use only that bucket so I say S3 okay and then I'm going to say um I

S3 okay and then I'm going to say um I want to be able to read and write from a

want to be able to read and write from a particular bucket we go drop down the

particular bucket we go drop down the resources here and so here we have a lot

resources here and so here we have a lot of

of options um maybe I'll just get rid of

options um maybe I'll just get rid of the read

the read option and I'm going to actually expand

option and I'm going to actually expand right because it's just creating too

right because it's just creating too much work for me here and I just want to

much work for me here and I just want to have um put put object that's that's the

have um put put object that's that's the what we use to put something into a

what we use to put something into a bucket so we expand the resource here

bucket so we expand the resource here and notice it says add the irn so we go

and notice it says add the irn so we go here and we could type the bucket name

here and we could type the bucket name so do that or we just paste it on in

so do that or we just paste it on in here at the top so it's probably easier

here at the top so it's probably easier just to grab it

just to grab it sometimes but if you don't know an AR a

sometimes but if you don't know an AR a lot of times you can just expand this

lot of times you can just expand this and then fill it in and that's how you

and then fill it in and that's how you get an AR so put that there let's list

get an AR so put that there let's list oh you could also do it that way which

oh you could also do it that way which is easier too and so now if I go to Json

is easier too and so now if I go to Json is it valid there we go so here it's

is it valid there we go so here it's saying um this policy allows somebody to

saying um this policy allows somebody to put an object into this particular

put an object into this particular bucket and so that would be an example

bucket and so that would be an example where we would use um an R okay or if

where we would use um an R okay or if you're doing uh if you're using uh a the

you're doing uh if you're using uh a the support you might have to use an R to um

support you might have to use an R to um to get help from support saying hey look

to get help from support saying hey look at this particular resource exactly here

at this particular resource exactly here and then the the cloud support engineer

and then the the cloud support engineer can help you

can help you [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are looking at the adus

Pro and we are looking at the adus command line interface but before we do

command line interface but before we do that we got to Define some terms so what

that we got to Define some terms so what is a CLI so a command line interface

is a CLI so a command line interface processes commands to computer program

processes commands to computer program in the form of lines of text operating

in the form of lines of text operating system Implement a command line

system Implement a command line interface in a sh L okay so then we have

interface in a sh L okay so then we have a terminal so a terminal is a text only

a terminal so a terminal is a text only interface so it has input output

interface so it has input output environment then you have a console this

environment then you have a console this is the physical computer to physically

is the physical computer to physically input information into a terminal then

input information into a terminal then you have the shell a shell is the

you have the shell a shell is the command line program that users interact

command line program that users interact uh with to input commands popular shell

uh with to input commands popular shell programs are bash uh zsh Powershell and

programs are bash uh zsh Powershell and uh you might remember this one MS DOS

uh you might remember this one MS DOS prompt so this has been around for

prompt so this has been around for obviously a very long time so maybe this

obviously a very long time so maybe this kind of primes your mind for what is a

kind of primes your mind for what is a shell and just so you know people

shell and just so you know people commonly erroneously use terminal shell

commonly erroneously use terminal shell or console generally describe

or console generally describe interacting with a shell so if we say

interacting with a shell so if we say shell or console or terminal we're just

shell or console or terminal we're just talking about the same thing but there

talking about the same thing but there is technically a difference between

is technically a difference between these three things but most people do

these three things but most people do not care and I wouldn't worry about it

not care and I wouldn't worry about it too much okay so now let's take a look

too much okay so now let's take a look at the itus command line interface which

at the itus command line interface which allows you to programmatically interact

allows you to programmatically interact with the itus API via entering single or

with the itus API via entering single or multi-line commands into a shell and

multi-line commands into a shell and then here I say or terminal but really

then here I say or terminal but really it's just the shell Okay so so uh here

it's just the shell Okay so so uh here is an example of one so we're trying to

is an example of one so we're trying to describe uh ec2 instances and then we're

describe uh ec2 instances and then we're getting the output because we asked to

getting the output because we asked to have it back in this table like view so

have it back in this table like view so the a CLI is a python executable program

the a CLI is a python executable program so python is required to install the a

so python is required to install the a CLI the a CLI can be installed on

CLI the a CLI can be installed on Windows Mac Linux Unix the name of the

Windows Mac Linux Unix the name of the ca program is AWS you'll notice that up

ca program is AWS you'll notice that up here in the top left corner there's a

here in the top left corner there's a lot more to this but this is all we need

lot more to this but this is all we need for now okay

for now okay [Music]

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at the Aus CLI

and we are taking a look at the Aus CLI and the easiest way to get started with

and the easiest way to get started with this is actually via the cloud shell so

this is actually via the cloud shell so you'll notice this little icon here in

you'll notice this little icon here in the top right corner that is cloud shell

the top right corner that is cloud shell and it's going to allow us to um uh

and it's going to allow us to um uh pratically do things without having to

pratically do things without having to set up our own environments so if I just

set up our own environments so if I just click that there okay uh and I say do

click that there okay uh and I say do not show again close and by the way if

not show again close and by the way if you don't see Cloud shell here it could

you don't see Cloud shell here it could be your region so like if I go to Canada

be your region so like if I go to Canada Central it doesn't have it there and so

Central it doesn't have it there and so if I was to search cloudshell

if I was to search cloudshell here okay it's going to say it's only

here okay it's going to say it's only supported in those regions so that's a

supported in those regions so that's a bit annoying but once Cloud shell loads

bit annoying but once Cloud shell loads it already has our uh credentials loaded

it already has our uh credentials loaded within our account and so this is going

within our account and so this is going to save us a lot of time in terms of uh

to save us a lot of time in terms of uh you know trying to get set up with the

you know trying to get set up with the exception that you have to wait for this

exception that you have to wait for this environment to create so it takes a

environment to create so it takes a little bit of time but it's not that bad

little bit of time but it's not that bad um and while that is waiting what I'll

um and while that is waiting what I'll do is show you actually how you would

do is show you actually how you would install the CLI yourself so if we typed

install the CLI yourself so if we typed in itus CLI

in itus CLI install all right and uh we went here

install all right and uh we went here the way you would install I believe it's

the way you would install I believe it's a python library but if we went to

a python library but if we went to version two and we just said Linux uh

version two and we just said Linux uh you go down here they have instructions

you go down here they have instructions so you just curl it unzip it and do

so you just curl it unzip it and do that um so you know if it's this and

that um so you know if it's this and then once it's installed you'll have the

then once it's installed you'll have the a CLI commands this is still going so

a CLI commands this is still going so you know maybe I can show you what it

you know maybe I can show you what it would be like to install the CLI by hand

would be like to install the CLI by hand so if we want to do that one easy way to

so if we want to do that one easy way to do this is if we just go to GitHub

do this is if we just go to GitHub doesn't matter what repository I'm just

doesn't matter what repository I'm just looking for anything here and if I open

looking for anything here and if I open up git pod so if we go on the top here

up git pod so if we go on the top here and type in git pod

and type in git pod uh.com maybe

uh.com maybe that I just want to see

that I just want to see whoops maybe it's get

whoops maybe it's get pods

that oh get pod you're not giving me oh you know what it's doio that's why okay

you know what it's doio that's why okay so if we go back here sorry and we type

so if we go back here sorry and we type in

in doio what this will do is launch me a

doio what this will do is launch me a temporary environment and so this is

temporary environment and so this is outside of AWS so I'd actually have to

outside of AWS so I'd actually have to install the CLI so this would be a great

install the CLI so this would be a great opportunity to show you how to install

opportunity to show you how to install the CLI I'm just doing it this way

the CLI I'm just doing it this way because git pod is free to use and um

because git pod is free to use and um you know it's going to set up an

you know it's going to set up an environment and how let us simulate

environment and how let us simulate installing the CLI so here is the CLI

installing the CLI so here is the CLI here I'm going to see if I can bump up

here I'm going to see if I can bump up the font um let's make the font as large

the font um let's make the font as large as we can go light or dark dark sounds

as we can go light or dark dark sounds good to me

good to me and so if we type in

AWS give it a moment we can see that we have uh the command here so if I say ABS

have uh the command here so if I say ABS S3 LS whoops it should be able to list

S3 LS whoops it should be able to list things out in a bucket so this is what's

things out in a bucket so this is what's currently in the bucket if you're

currently in the bucket if you're wondering how do I know what these

wondering how do I know what these commands are I can just type in a CLI

commands are I can just type in a CLI commands Okay and if we go here um and

commands Okay and if we go here um and we go to the CLI ref reference then we

we go to the CLI ref reference then we have um anything we want here right so

have um anything we want here right so we go down here and I just want to see

we go down here and I just want to see what's running in S3 and I go here and I

what's running in S3 and I go here and I scroll on down it's going to show me

scroll on down it's going to show me commands like copy move remove sync uh

commands like copy move remove sync uh MBR RB uh list

MBR RB uh list right and if you're looking for a

right and if you're looking for a particular command you go down and say

particular command you go down and say okay I'll look at LS here and it will

okay I'll look at LS here and it will explain to me all the little options

explain to me all the little options that we can do with it and then it will

that we can do with it and then it will always give me examples right so I can

always give me examples right so I can see examples like that so if I wanted to

see examples like that so if I wanted to move something into an S3 bucket so

move something into an S3 bucket so let's say I want to create a new S3

let's say I want to create a new S3 bucket um we'll type in AWS S3 and just

bucket um we'll type in AWS S3 and just hit enter and it should tell

hit enter and it should tell us um the sub commands maybe if I do

us um the sub commands maybe if I do like help like

this and if we scroll on down so I guess it just pulls up documentation let's

it just pulls up documentation let's hoping it would give us like a tiny

summary okay so what we can do here because I want to create a

because I want to create a bucket type in like

bucket type in like buckets if you don't know something you

buckets if you don't know something you just go ads S3 CLI create bucket we'll

just go ads S3 CLI create bucket we'll go

go here um and then what I do is I always

here um and then what I do is I always just go to examples here so here have

just go to examples here so here have ads S3 API create bucket and I know it's

ads S3 API create bucket and I know it's unusual there's an S3 and there's an S3

unusual there's an S3 and there's an S3 API I don't know why that is but it's

API I don't know why that is but it's always been that way and I I just don't

always been that way and I I just don't question it anymore and so here I can go

question it anymore and so here I can go ahead and create a new bucket so I'll

ahead and create a new bucket so I'll just go ahead and paste that command in

just go ahead and paste that command in I do want to change it up a bit here

I do want to change it up a bit here because this name could be that has to

because this name could be that has to be unique so just to make sure I get

be unique so just to make sure I get what I want I'm putting random numbers

what I want I'm putting random numbers in here we're going to choose the region

in here we're going to choose the region as us East one if I wanted to do other

as us East one if I wanted to do other things here I could scroll up and look

things here I could scroll up and look at some Flags here

at some Flags here so uh it looks all fine to me so I think

so uh it looks all fine to me so I think I'll go back here and just

I'll go back here and just hit uh

hit uh paste okay and so it created that bucket

paste okay and so it created that bucket for me if I go over to

S3 and we'll wait here a moment we can see that bucket now exists if I wanted

see that bucket now exists if I wanted to place something in that bucket what I

to place something in that bucket what I can do is just like touch a file so I'll

can do is just like touch a file so I'll just say um touch touch is a Linux

just say um touch touch is a Linux command to make just an empty file so

command to make just an empty file so we'll say um

we'll say um hello.txt and then it'll be a S3

hello.txt and then it'll be a S3 um it would be SP to copy it and I'm

um it would be SP to copy it and I'm going to give it the local path

going to give it the local path hello.txt and then I need to give it the

hello.txt and then I need to give it the bucket address so it' be S3 colon SL SL

bucket address so it' be S3 colon SL SL the bucket name so we named it this I'm

the bucket name so we named it this I'm not going to try to type that in by hand

not going to try to type that in by hand because it's too hard and then I want to

because it's too hard and then I want to say where I want to put this file so I'm

say where I want to put this file so I'm going to say hello.txt and if I'm right

going to say hello.txt and if I'm right that should work as expected and so it

that should work as expected and so it says I uploaded that file I make my way

says I uploaded that file I make my way back over to S3 I refresh there is the

back over to S3 I refresh there is the file if I want to copy this file back

file if I want to copy this file back locally um all I have to do I'm just

locally um all I have to do I'm just going to remove I'm going to delete the

going to remove I'm going to delete the original hello txt file LS to show you

original hello txt file LS to show you that there's nothing there and what I

that there's nothing there and what I need to do oops is just revert this so

need to do oops is just revert this so instead of saying the address

instead of saying the address here we can go and type in

here we can go and type in hello.txt and if I do LS there's the

hello.txt and if I do LS there's the file if you don't know what the address

file if you don't know what the address is of the bucket um a lot of times you

is of the bucket um a lot of times you can go here and find it so it should be

can go here and find it so it should be because they're always changing this UI

because they're always changing this UI on me but we'll go to properties here

on me but we'll go to properties here and there that's the

Arn uh usually a good way to find it is if you go into an actual object so if

if you go into an actual object so if you go here it'll give you the full URL

you go here it'll give you the full URL so I could have grabbed that and I could

so I could have grabbed that and I could have just pasted that in there um but

have just pasted that in there um but you know you learn after time it's not

you know you learn after time it's not hard to remember this S3 Co SL the

hard to remember this S3 Co SL the unique name I do want to show you how to

unique name I do want to show you how to install it by hand so here I'm in git

install it by hand so here I'm in git pods um I'm not sure how I can change

pods um I'm not sure how I can change this to a dark theme because I really

this to a dark theme because I really don't like this on my eyes we'll go down

don't like this on my eyes we'll go down below here to color

below here to color theme and we'll say get PA dark there we

theme and we'll say get PA dark there we go and so this is a temporary workspace

go and so this is a temporary workspace so when I close it it'll be gone so

so when I close it it'll be gone so that'll be totally fine and so I'm going

that'll be totally fine and so I'm going to typee in AWS to see that it's not

to typee in AWS to see that it's not installed we're going to go over here

installed we're going to go over here this runs Linux by default so I already

this runs Linux by default so I already know that I'm going to use Linux we want

know that I'm going to use Linux we want to use version two here um

to use version two here um so for the latest version use this

so for the latest version use this command for a specific version no we

command for a specific version no we just want the generic one so I'm going

just want the generic one so I'm going to go ahead and copy this whoops yes

to go ahead and copy this whoops yes allow we'll paste that in we'll hit

allow we'll paste that in we'll hit enter okay then we'll take the next

command paste that in hit enter we'll go take the next command

we'll go take the next command here we'll hit

here we'll hit enter you can now run uh AWS so we type

enter you can now run uh AWS so we type AWS and there's the command so uh the

AWS and there's the command so uh the only thing is that if we do AWS S3 LS

only thing is that if we do AWS S3 LS it's not going to work because we don't

it's not going to work because we don't have any credentials set so we'll give

have any credentials set so we'll give it a moment to think so it says unable

it a moment to think so it says unable to locate credentials you can configure

to locate credentials you can configure credentials by running adus configure so

credentials by running adus configure so we type in ad

we type in ad configure and by the way if this font is

configure and by the way if this font is too small I believe I can bump it up

too small I believe I can bump it up like

like this not a great way to do it but um it

works and so it says ads access key ID so what we can do is go over to

IM and what I'm looking for is my particular user over

particular user over here and if you remember when we first

here and if you remember when we first created our account it generated out

created our account it generated out access key so I go to security

access key so I go to security credentials and so we have a key here

credentials and so we have a key here but I need the secret so this key is

but I need the secret so this key is useless to me so I'm going to go ahead

useless to me so I'm going to go ahead and deactivate

and deactivate it just cuz I don't even want this key

it just cuz I don't even want this key and I'm going to create myself a new key

and I'm going to create myself a new key so I'm going to have an access ID in

so I'm going to have an access ID in secret whenever you generate these out

secret whenever you generate these out never ever ever ever ever show anyone

never ever ever ever ever show anyone what these are these are your yours and

what these are these are your yours and yours alone okay so this is cloud shell

yours alone okay so this is cloud shell we're fine we're just going to close

we're fine we're just going to close that for now and I'm going to go back

that for now and I'm going to go back over to get pods here and hit enter so

over to get pods here and hit enter so that's the ID I'm going to go grab the

that's the ID I'm going to go grab the secret

secret hit enter paste and I want it to go to

hit enter paste and I want it to go to us East one to save myself some trouble

us East one to save myself some trouble uh you can change the output from Json

uh you can change the output from Json to tables I'm going to leave it as the

to tables I'm going to leave it as the default here and so now if I type ABS S3

default here and so now if I type ABS S3 LS I get a list and so if I want to grab

LS I get a list and so if I want to grab that file there I'm going to grab that

that file there I'm going to grab that S3 U and we type in a S3 API or sorry

S3 U and we type in a S3 API or sorry it's just LS sorry or sorry CP and we're

it's just LS sorry or sorry CP and we're going to paste that link in and we're

going to paste that link in and we're going to say hello.txt

and I must have done the command wrong it's because we're missing S3 here I

it's because we're missing S3 here I just hit up on the keyboard to get that

just hit up on the keyboard to get that command back and so I type in LS for

command back and so I type in LS for list and I mean I have some other code

list and I mean I have some other code here so you know again any repo you want

here so you know again any repo you want on GitHub doesn't really matter uh but

on GitHub doesn't really matter uh but you'll see there is that file probably

you'll see there is that file probably shouldn't have used this one because it

shouldn't have used this one because it makes a bit of a

makes a bit of a mess um but yeah it's pretty

mess um but yeah it's pretty straightforward just to one thing to

straightforward just to one thing to show you is where those credentials are

show you is where those credentials are stored so by default they're going to be

stored so by default they're going to be stored in um it's going to be in the

stored in um it's going to be in the hidden directory in your root or your

hidden directory in your root or your home directory called ad. credentials so

home directory called ad. credentials so if I just do like LS here you can see

if I just do like LS here you can see there's a config file and a credentials

there's a config file and a credentials file cat lets me print out the contents

file cat lets me print out the contents of that file so I go here and it's

of that file so I go here and it's saying the default region is us east1

saying the default region is us east1 this is a tomel file even though it

this is a tomel file even though it doesn't have a toml on the end of it I

doesn't have a toml on the end of it I just know by looking at it that's what

just know by looking at it that's what it is config lets you set uh defaults

it is config lets you set uh defaults that are going to apply to all of your

that are going to apply to all of your credentials and then uh within the

credentials and then uh within the credential file here is the actual

credential file here is the actual credentials so if you wanted to just set

credentials so if you wanted to just set them you could go in here and just set

them you could go in here and just set them in here you can also set multiple

them in here you can also set multiple credentials so if I go here and I'm

credentials so if I go here and I'm going to open up and buy because I'm not

going to open up and buy because I'm not sure how to open it up here in the main

sure how to open it up here in the main one but if you wanted multiple accounts

one but if you wanted multiple accounts you do like exam Pro and then you just

you do like exam Pro and then you just repeat these with different keys right

repeat these with different keys right and then when you wanted to use an a CLI

and then when you wanted to use an a CLI command actually I'm going to go back

command actually I'm going to go back here for a

second okay and if you want to um and by the way I'm using VI you never

and by the way I'm using VI you never use Vim it's it's a bit tricky to use uh

use Vim it's it's a bit tricky to use uh you might want to use Nano instead if

you might want to use Nano instead if you're if you're kind of new to this uh

you're if you're kind of new to this uh because this will use like regular key

because this will use like regular key key cuts and then down below it shows

key cuts and then down below it shows you what it is so this is like control X

you what it is so this is like control X or alt X alt X NOP contr X there we go

or alt X alt X NOP contr X there we go um but anyway so if I go into this file

um but anyway so if I go into this file and I delete the original one right and

and I delete the original one right and now I try to

do um this command here even though we already have that file it should either

already have that file it should either hang or complain I Could Just Kill that

hang or complain I Could Just Kill that by doing control C if I do ads S3

by doing control C if I do ads S3 LS notice that it's hanging so unable to

LS notice that it's hanging so unable to locate credentials because there's no

locate credentials because there's no default one but if I go and I put

default one but if I go and I put profile and I say exam

Pro right it it'll now use that profile so that's the way we do it um but

so that's the way we do it um but hopefully that gives you kind of a a

hopefully that gives you kind of a a crash course into the CLI um so yeah

crash course into the CLI um so yeah there you go okay so I'm just going to

there you go okay so I'm just going to go ahead and close these off you can

go ahead and close these off you can delete this bucket if you don't want it

delete this bucket if you don't want it it's probably a good idea to delete this

it's probably a good idea to delete this here and I'm just going to say

here and I'm just going to say permanently delete

permanently delete okay very very good okay close that off

okay very very good okay close that off and yeah that's the introduction to the

and yeah that's the introduction to the CLI so yeah there you

CLI so yeah there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are taking a look at

Pro and we are taking a look at development kits uh so a software

development kits uh so a software development kit or SDK is a collection

development kit or SDK is a collection of software development tools and one

of software development tools and one installable package so you can use the

installable package so you can use the AWS SDK to programmatically create

AWS SDK to programmatically create modify delete or interact with adabs

modify delete or interact with adabs resources so the adabs SDK is offered in

resources so the adabs SDK is offered in a variety of programming languages so we

a variety of programming languages so we have Java python nodejs Ruby go.net PHP

have Java python nodejs Ruby go.net PHP JavaScript C++ and so here would be an

JavaScript C++ and so here would be an example of uh some rub code where we are

example of uh some rub code where we are creating ourselves um an S3 bucket so

creating ourselves um an S3 bucket so we're just uploading a file there

we're just uploading a file there [Music]

[Music] okay okay so now what I'm going to do is

okay okay so now what I'm going to do is show you how to use the adabs SDK and so

show you how to use the adabs SDK and so uh to do that uh we're going to need

uh to do that uh we're going to need some kind of IDE um a a basically code

some kind of IDE um a a basically code editor and so we had looked at G pods

editor and so we had looked at G pods which is a thirdparty service and that's

which is a thirdparty service and that's fine but let's take a look at Cloud9

fine but let's take a look at Cloud9 because that is built into AWS so if I

because that is built into AWS so if I just type in Cloud9 here and go over to

just type in Cloud9 here and go over to IDE I'm going to launch myself a new

IDE I'm going to launch myself a new environment so I'll hit create I'm going

environment so I'll hit create I'm going just say my SDK

just say my SDK environment EnV if you if you have hard

environment EnV if you if you have hard time typing environment like me and we

time typing environment like me and we have some options so create an new2

have some options so create an new2 instance for direct access create it via

instance for direct access create it via assistance manager run a remote with SSH

assistance manager run a remote with SSH I'm going to leave it as the default

I'm going to leave it as the default then we have the option to choose what

then we have the option to choose what size I want to leave it on T2 micro

size I want to leave it on T2 micro because that is the free tier then we're

because that is the free tier then we're going to scroll on down we have Amazon

going to scroll on down we have Amazon Linux 2 Linux Ami I'm going to stick

Linux 2 Linux Ami I'm going to stick with uh Amazon link 2 and we can have it

with uh Amazon link 2 and we can have it turn off after 30 minutes a great option

turn off after 30 minutes a great option for us here and we'll go ahead and hit

for us here and we'll go ahead and hit next and we'll hit create

next and we'll hit create environment and so we're going to have

environment and so we're going to have to wait a little bit for this to launch

to wait a little bit for this to launch it'll take a few minutes as that is

it'll take a few minutes as that is going let's go to Google type in itus

going let's go to Google type in itus SDK um to get to the main page and so

SDK um to get to the main page and so the idea here is that there are a bunch

the idea here is that there are a bunch of different languages you can use C++

of different languages you can use C++ go Java javascript. net node.js PHP

go Java javascript. net node.js PHP Python and Ruby uh and so I'm a really

Python and Ruby uh and so I'm a really big fan of Ruby I've been using Ruby

big fan of Ruby I've been using Ruby since 2005 and so that's what we're

since 2005 and so that's what we're going to do it in it's also really easy

going to do it in it's also really easy to use and it's a really great language

to use and it's a really great language so um you know down below it's just

so um you know down below it's just showing you that there's all these

showing you that there's all these different things but if we go down to

different things but if we go down to the SDK here and we click on

the SDK here and we click on Ruby we we have examples where we have

Ruby we we have examples where we have the developer guide the API reference

the developer guide the API reference and so this tells you how to get started

and so this tells you how to get started even here it's saying like hey go get

even here it's saying like hey go get started with Cloud9 which is great as

started with Cloud9 which is great as well I suppose um and so here it might

well I suppose um and so here it might show you how to install it um and when

show you how to install it um and when we open up the API references this is

we open up the API references this is what it looks like so a lot of times

what it looks like so a lot of times when I want to do something I know it's

when I want to do something I know it's like I want to do something with S3 so I

like I want to do something with S3 so I scroll on down here and I look for

scroll on down here and I look for S3

S3 right and then I just kind of like uh

right and then I just kind of like uh scroll around and look you know what I

scroll around and look you know what I mean sometimes I have to expand it go

mean sometimes I have to expand it go into the client every API is a slightly

into the client every API is a slightly different so you do have to kind of

different so you do have to kind of figure out how to navigate that I'm

figure out how to navigate that I'm actually under S3 right now so I'm

actually under S3 right now so I'm looking for for the client and I just

looking for for the client and I just know this for memory that this is where

know this for memory that this is where it is so first you create yourself a

it is so first you create yourself a client and then you can do API

client and then you can do API operations so if I wanted to like list

operations so if I wanted to like list buckets I just search the word list and

buckets I just search the word list and I just scroll on down and there it is I

I just scroll on down and there it is I click into that and I have an example of

click into that and I have an example of how to list a bucket so I'm going to go

how to list a bucket so I'm going to go back to Cloud9 and it is ready and it

back to Cloud9 and it is ready and it started in dark mode um if yours is not

started in dark mode um if yours is not in dark mode which really honestly why

in dark mode which really honestly why wouldn't you want dark mode um if we go

wouldn't you want dark mode um if we go up to I think it's like file where is it

up to I think it's like file where is it uh preferences here here got to click

uh preferences here here got to click the Cloud9 option and I'm just seeing if

the Cloud9 option and I'm just seeing if it like remembers my settings I really

it like remembers my settings I really like two two soft tabs here but uh there

like two two soft tabs here but uh there should be something for themes down

should be something for themes down below and

below and so

so um that doesn't seem like that's it used

um that doesn't seem like that's it used to be like a oh here it is if you go

to be like a oh here it is if you go here and just choose like whatever you

here and just choose like whatever you want I'm on jet dark here and so if it's

want I'm on jet dark here and so if it's on classic light or something you don't

on classic light or something you don't like you can fix that there um but I'm

like you can fix that there um but I'm just going to go here and just fiddle

just going to go here and just fiddle with my

with my settings because I really like to use

settings because I really like to use Vim uh keys I don't recommend this if

Vim uh keys I don't recommend this if you are uh to change this if you are not

you are uh to change this if you are not a programmer but I'm just going to

a programmer but I'm just going to change it so that I can type here

change it so that I can type here efficiently so I'm just looking for the

efficiently so I'm just looking for the option

option here and they moved it on me where did

here and they moved it on me where did they move

they move it it probably be like key

it it probably be like key bindings ah Bim mode there we go again

bindings ah Bim mode there we go again don't do that this is just for me so I

don't do that this is just for me so I can uh move around in a different way so

can uh move around in a different way so what I want to do and by the way looks

what I want to do and by the way looks like this default screen we could have

like this default screen we could have just changed it here I just clicked

just changed it here I just clicked through all that for nothing it was here

through all that for nothing it was here the entire time but um what we need is

the entire time but um what we need is we need to make sure that we have our

we need to make sure that we have our credentials so if we type in ads um S3

credentials so if we type in ads um S3 LS that's like my sanity check that I

LS that's like my sanity check that I always like to do to make sure I have

always like to do to make sure I have credentials notice that we didn't have

credentials notice that we didn't have to set up any credentials it was already

to set up any credentials it was already on this machine which was really nice

on this machine which was really nice and so I'm going to create a new file

and so I'm going to create a new file here and it's okay if you don't know

here and it's okay if you don't know anything about Ruby we're just going to

anything about Ruby we're just going to have fun here and just follow along so

have fun here and just follow along so I'm going to do example RB I'm going to

I'm going to do example RB I'm going to make sure Ruby's installed by doing Ruby

make sure Ruby's installed by doing Ruby hyphen V so it is installed which is

hyphen V so it is installed which is great uh you need a gem file so say new

great uh you need a gem file so say new gem file

gem file here and if we go back to the

here and if we go back to the installation guide uh we need the gem

installation guide uh we need the gem STK

STK here actually I'm going to look at how

here actually I'm going to look at how to generate a gem file gem file because

to generate a gem file gem file because there's some stuff that goes to the top

there's some stuff that goes to the top of those

of those files like this

files like this here I think we just need this line here

here I think we just need this line here so I'm just going to grab that whoops

so I'm just going to grab that whoops paste that in allow

paste that in allow good and uh I you can do gem ads SDK

good and uh I you can do gem ads SDK that will install everything but uh we

that will install everything but uh we only want to work

only want to work with S3 and so this is going to vary

with S3 and so this is going to vary based on each language but I know that

based on each language but I know that if we type in S3 we'll just get S3 and

if we type in S3 we'll just get S3 and that's all we really need and so once we

that's all we really need and so once we have that what we'll need to do is use a

have that what we'll need to do is use a bundle install so we're going to make

bundle install so we're going to make sure we're in the correct directory I'm

sure we're in the correct directory I'm going to type in LS down below notice

going to type in LS down below notice the gem file is there uh and by the way

the gem file is there uh and by the way the fonts are too small I should

the fonts are too small I should probably bump those up let's see how we

probably bump those up let's see how we can do

can do that uh editor size font user

settings good luck trying to find today um project

today um project no you think it'd have to be under user

no you think it'd have to be under user settings

settings right ah here it is okay so um this is

right ah here it is okay so um this is for

for probably the editor so we'll go to 18

probably the editor so we'll go to 18 here Co code editor

here Co code editor here I'm I'm trying to find the one for

here I'm I'm trying to find the one for the terminal probably over

the terminal probably over here there we

here there we go much easier okay so notice we have

go much easier okay so notice we have example. RB and Gem file so we're in the

example. RB and Gem file so we're in the correct directory make sure I save that

correct directory make sure I save that I'm going to type in bundle

I'm going to type in bundle install that's going to install the gems

install that's going to install the gems give it a moment there it's going to

give it a moment there it's going to fetch notice that installed um the adabs

fetch notice that installed um the adabs sdks S3 and everything that it was

sdks S3 and everything that it was dependent on and so now if we go over to

dependent on and so now if we go over to our example. RB file really when you're

our example. RB file really when you're coding for the cloud you can pretty much

coding for the cloud you can pretty much copy paste everything so over here we

copy paste everything so over here we found this code here for S3 list buckets

found this code here for S3 list buckets um and so I'm going to go ahead and

um and so I'm going to go ahead and paste that on in okay and I know it

paste that on in okay and I know it looks really complicated but we can

looks really complicated but we can quickly simplify this so I know that

quickly simplify this so I know that this is just the output so I don't need

this is just the output so I don't need that okay and in Ruby you don't need

that okay and in Ruby you don't need parentheses or curries if uh if you

parentheses or curries if uh if you don't have anything things there and so

don't have anything things there and so all I need to do is Define a client so

all I need to do is Define a client so if I click uh I go to the top here of

if I click uh I go to the top here of this file I think we're in the client

this file I think we're in the client right

right now all the way to the top all the way

now all the way to the top all the way to the top

to the top here that's what we need

here that's what we need okay and so I'm going to paste that in

okay and so I'm going to paste that in now uh we can set the region here so I'm

now uh we can set the region here so I'm going to say Us East

going to say Us East one right and then you'd have your

one right and then you'd have your credentials um because the credentials

credentials um because the credentials are on the machine in the um credentials

are on the machine in the um credentials file they're going to autoload here I

file they're going to autoload here I believe so I don't think I need to set

believe so I don't think I need to set them so I'm just going to take that out

them so I'm just going to take that out here for a

here for a second okay and I can do this if I want

second okay and I can do this if I want this is just slightly different syntax

this is just slightly different syntax it might be easier to read if I do it

it might be easier to read if I do it this way for

this way for you okay and I don't need double client

you okay and I don't need double client there so we have the client I like to

there so we have the client I like to name this like S3 so I know what it is

name this like S3 so I know what it is and I put puts for the response I'm

and I put puts for the response I'm going to do

going to do inspect and so puts is like print okay

inspect and so puts is like print okay and so now if I type in bundle exact

and so now if I type in bundle exact let's just make sure that it's in the

let's just make sure that it's in the context of our bundler file Ruby

context of our bundler file Ruby example. RB um we have a syntax error on

example. RB um we have a syntax error on this line here unexpected thing

this line here unexpected thing here oh it's because of this it's

here oh it's because of this it's because I commented it out so I'm just

because I commented it out so I'm just going to do curly parenthesis comment

going to do curly parenthesis comment out

out here

here okay actually to make it a bit easier

okay actually to make it a bit easier I'm just going to bring this down like

I'm just going to bring this down like this okay and we'll paste that there

okay and we'll try this again un initialized constants ad to us

again un initialized constants ad to us oh yeah we have to require it so we have

oh yeah we have to require it so we have to require Abus SDK S3 I think we'll hit

to require Abus SDK S3 I think we'll hit up and uh we got a struck back so it is

up and uh we got a struck back so it is working we are getting an object back if

working we are getting an object back if we want to play around with this a bit

we want to play around with this a bit more I'm just going to install another

more I'm just going to install another gem called pry pry allows us to um

gem called pry pry allows us to um inspect code so we're going to do bundle

inspect code so we're going to do bundle install and I'm going to go back to Ruby

install and I'm going to go back to Ruby here I'm going to put a binding pry in

here I'm going to put a binding pry in here and then if I hit up and I do

here and then if I hit up and I do bundle exact Ruby example.

bundle exact Ruby example. RB um I installed it right install

yes undefine method pry oh because I have to require it

pry oh because I have to require it again bad habit

again bad habit here okay we'll hit up and so now I have

here okay we'll hit up and so now I have an Interactive shall and I can kind of

an Interactive shall and I can kind of analyze that object so we have a

analyze that object so we have a response so if I type in RSP here I have

response so if I type in RSP here I have the structure object I can type in

the structure object I can type in buckets here okay and it's showing me a

buckets here okay and it's showing me a bucket I can give it get its

bucket I can give it get its name

name um oh I think it's an array so I think

um oh I think it's an array so I think I'd say like I'd say like zero here or I

I'd say like I'd say like zero here or I could say first this is just the how the

could say first this is just the how the Ruby language works we say name I get

Ruby language works we say name I get the name creation date okay so you get

the name creation date okay so you get the idea whatever you want to do you

the idea whatever you want to do you know you search for it you just say I

know you search for it you just say I want to delete a bucket I want to create

want to delete a bucket I want to create a bucket right and you look for it so I

a bucket right and you look for it so I say create bucket here I click on this

say create bucket here I click on this and I can see the options and they are

and I can see the options and they are always really good about giving me an

always really good about giving me an example and then down below they always

example and then down below they always tell you all the parameters that you

tell you all the parameters that you have there so that's how the SDK Works

have there so that's how the SDK Works uh but yeah the credentials were uh soft

uh but yeah the credentials were uh soft loaded here but you could easily provide

loaded here but you could easily provide them yourself I should just show you

them yourself I should just show you that before anything else just because

that before anything else just because there's some variations there

there's some variations there um and I'm just trying to look for it

um and I'm just trying to look for it because it is separate

because it is separate code so you could do this this is one

code so you could do this this is one way of doing it so you could do it

way of doing it so you could do it separate from the code so if you only

separate from the code so if you only wanted to configure it

wanted to configure it once right because you could you could

once right because you could you could have a lot of clients you wouldn't want

have a lot of clients you wouldn't want to keep on like for each client you

to keep on like for each client you wouldn't want to put region in every

wouldn't want to put region in every time so I could take this and put this

time so I could take this and put this right here

right here okay and this is the file here where we

okay and this is the file here where we have the credentials so this would be

have the credentials so this would be our um our access key and our ID and so

our um our access key and our ID and so you never want to put your code directly

you never want to put your code directly just in here so if I open up if we go

just in here so if I open up if we go cat you would never want to do this but

cat you would never want to do this but I'm just going to show as an example

I'm just going to show as an example here uh

here uh credentials oops I got to get out of

credentials oops I got to get out of this

this exit ads

credentials oh do they not even show it on this machine which would be smart we

on this machine which would be smart we wouldn't really want to see our

wouldn't really want to see our credentials here uh hit up say

credentials here uh hit up say LS oh no it's there okay

LS oh no it's there okay cat

cat whoops

whoops credentials there it is okay so you know

credentials there it is okay so you know if we look here we can see that there

if we look here we can see that there are credentials set it's a little bit

are credentials set it's a little bit different we have this like session

different we have this like session token I guess it's to make sure that

token I guess it's to make sure that this expires over time but if I was to

this expires over time but if I was to take these okay and I was just to paste

take these okay and I was just to paste them in

here that's one way you would do it um you never ever want to do this ever ever

you never ever want to do this ever ever ever ever you never want to do this

ever ever you never want to do this because you'll end up committing that to

because you'll end up committing that to your code um so this is really dirty to

your code um so this is really dirty to do so I don't ever recommend to do it um

do so I don't ever recommend to do it um if you wanted to have this apply to

if you wanted to have this apply to everything you could put it up here and

everything you could put it up here and so now when we call the client we don't

so now when we call the client we don't have to do it um of course if the

have to do it um of course if the they're loaded on the machine you don't

they're loaded on the machine you don't have to do it the other thing is like if

have to do it the other thing is like if you if you want you could load them in

you if you want you could load them in Via environment variables that's usually

Via environment variables that's usually what you want to do so you say ads uh

what you want to do so you say ads uh access

access key right and then we say environment

key right and then we say environment databus access

databus access secret and so you'd set those by doing I

secret and so you'd set those by doing I think it's like an

think it's like an export um environment

export um environment variables set in Linux you think I know

variables set in Linux you think I know after like 15 years of doing this but I

after like 15 years of doing this but I never remember so you type in export so

never remember so you type in export so you go down into oops here you type in

you go down into oops here you type in export and you just say something like

export and you just say something like I'm going to just show an example to see

I'm going to just show an example to see if it works so I'm going to say hello

if it works so I'm going to say hello world okay and if I do uh hello like

world okay and if I do uh hello like that Echo see it prints it out so that's

that Echo see it prints it out so that's how you would set it you'd set those

how you would set it you'd set those there but there's actually very specific

there but there's actually very specific ones that adabs uses for um the API and

ones that adabs uses for um the API and it's these ones here so you always want

it's these ones here so you always want to use

to use those okay so you put that in

those okay so you put that in there and that in there but of course

there and that in there but of course you know like if they're already said in

you know like if they're already said in your machine you don't have to even

your machine you don't have to even specify those cuz it would Auto load

specify those cuz it would Auto load those environment variables I don't

those environment variables I don't think they're set right now if we type

think they're set right now if we type in Echo just take a look here are they

in Echo just take a look here are they going to get autoloaded

going to get autoloaded here no so but anyway so we could go

here no so but anyway so we could go here just as an

here just as an example and well actually they just show

example and well actually they just show them right here so you see your access

them right here so you see your access key but we go and we type in um

key but we go and we type in um export and I going paste the key in

export and I going paste the key in there and I'm going to go to the front

there and I'm going to go to the front of it we're type adab us access key ID

of it we're type adab us access key ID equals enter and so now if I did echo on

equals enter and so now if I did echo on this ads access key ID okay it shows up

this ads access key ID okay it shows up but I just want to show you how it can

but I just want to show you how it can kind of vary and those conditions around

kind of vary and those conditions around it so yeah that is the adus SDK um and

it so yeah that is the adus SDK um and yeah a lot of times you're just copying

yeah a lot of times you're just copying pasting code and just kind of tweaking

pasting code and just kind of tweaking it you're not really writing uh real

it you're not really writing uh real programming okay so hopefully that is

programming okay so hopefully that is less intimidating so I'm just going to

less intimidating so I'm just going to close these off and I want to close down

close these off and I want to close down this Cloud9

this Cloud9 environment

environment um I might have to reopen this up in

um I might have to reopen this up in another tab

another tab and go to the Management console here

and go to the Management console here and then go over to Cloud9 and just

and then go over to Cloud9 and just close this tab and then while go ahead

close this tab and then while go ahead as and delete this environment oops I'll

as and delete this environment oops I'll just type delete here even if you didn't

just type delete here even if you didn't it would turn off after 30 minutes and

it would turn off after 30 minutes and you have that free tier so it's not that

you have that free tier so it's not that big of a deal it's up to you whether you

big of a deal it's up to you whether you want to use Cloud9 or G pods Cloud9 is

want to use Cloud9 or G pods Cloud9 is really good because it allows you to um

really good because it allows you to um uh it allows you to uh use it runs on a

uh it allows you to uh use it runs on a virtual machine right so you have a a

virtual machine right so you have a a container run time there and so it's

container run time there and so it's very easy to run containers on it um

very easy to run containers on it um whereas in like I've had some issues

whereas in like I've had some issues with G pods but um yeah those are the

with G pods but um yeah those are the two

two [Music]

[Music] okay let's take a look at itus Cloud

okay let's take a look at itus Cloud shell which is a browser based Shell

shell which is a browser based Shell built into the adus Management console

built into the adus Management console and so Cloud shell is scoped per region

and so Cloud shell is scoped per region it has the same credentials as the loged

it has the same credentials as the loged in user and it's a free service so this

in user and it's a free service so this is what it looks like and the great

is what it looks like and the great thing about this is that you know if you

thing about this is that you know if you have a hard time setting up uh your own

have a hard time setting up uh your own shell or terminal on your computer um or

shell or terminal on your computer um or maybe you just don't have access or

maybe you just don't have access or privilege to do so it's just great that

privilege to do so it's just great that databus makes this uh available to you

databus makes this uh available to you and so what you can do is click the

and so what you can do is click the shell icon up at the top and that will

shell icon up at the top and that will expand this here some things to note

expand this here some things to note about Cloud shell is that it has some

about Cloud shell is that it has some pre-installed tools so it has the CLI

pre-installed tools so it has the CLI python nodejs git make pip pseudo tar

python nodejs git make pip pseudo tar t-mo Vim WG vim and more it includes 1

t-mo Vim WG vim and more it includes 1 gab of storage free per adus region it

gab of storage free per adus region it will save your files in a home directory

will save your files in a home directory available for future sessions for the

available for future sessions for the same adus region uh and it can support

same adus region uh and it can support more than a single shell environment so

more than a single shell environment so it has bash Powershell and

it has bash Powershell and zsh um and so Adis Cloud shell is

zsh um and so Adis Cloud shell is available in select regions so when I

available in select regions so when I was in my Canada region I was like

was in my Canada region I was like where's the little shell icon but I

where's the little shell icon but I realized it's limited for some areas

realized it's limited for some areas [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at

Pro and we are taking a look at infrastructure as code also known as IAC

infrastructure as code also known as IAC and this allows you to write a

and this allows you to write a configuration script to automate

configuration script to automate creating updating or destroying your

creating updating or destroying your Cloud infrastructure the way you can

Cloud infrastructure the way you can think of IC it's a blueprint of your

think of IC it's a blueprint of your infrastructure and it allows you to

infrastructure and it allows you to easily share version or inventory your

easily share version or inventory your Cloud

Cloud infrastructure so adus has two different

infrastructure so adus has two different offerings for IAC the first is cloud

offerings for IAC the first is cloud formation uh a a commonly abbreviated to

formation uh a a commonly abbreviated to CFN and this is a declarative I tool and

CFN and this is a declarative I tool and then you have Aus cloud development kit

then you have Aus cloud development kit commonly known as cdk which is an

commonly known as cdk which is an imperative IAC tool so let's just talk

imperative IAC tool so let's just talk about the difference between declarative

about the difference between declarative and imperative and then we'll look at

and imperative and then we'll look at these tools a little bit closer uh each

these tools a little bit closer uh each okay so declarative means what you see

okay so declarative means what you see is what you get it's explicit it's more

is what you get it's explicit it's more of aose but uh there is zero chance of

of aose but uh there is zero chance of misconfiguration unless the file is so

misconfiguration unless the file is so big that you're missing something uh

big that you're missing something uh commonly declarative files are written

commonly declarative files are written in things like Json yaml XML so for

in things like Json yaml XML so for cloud formation it's just Json and yaml

cloud formation it's just Json and yaml uh and so that's that side there so for

uh and so that's that side there so for imperative you say what you want and the

imperative you say what you want and the rest is filled in so it's implicit uh

rest is filled in so it's implicit uh it's less for both you could end up with

it's less for both you could end up with some misconfiguration that's totally

some misconfiguration that's totally possible uh but it does more than

possible uh but it does more than declarative and you get to use your

declarative and you get to use your favorite programming language maybe

favorite programming language maybe python JavaScript actually cdk does not

python JavaScript actually cdk does not support Ruby right now but I just have

support Ruby right now but I just have that in there just as a general

that in there just as a general description of what imperative is

description of what imperative is [Music]

[Music] okay all right so just a quick look at

okay all right so just a quick look at cloud formation so cloud formation

cloud formation so cloud formation allows you to write infrastructures code

allows you to write infrastructures code as either Json or yaml the reason why it

as either Json or yaml the reason why it was adus started with Json and then

was adus started with Json and then everybody got sick of writing Json and

everybody got sick of writing Json and so they introduced jaml which is a lot

so they introduced jaml which is a lot more concise which you see on the right

more concise which you see on the right hand side so cloud formation is simple

hand side so cloud formation is simple but it can lead to large files or is

but it can lead to large files or is limited in some regards to creating

limited in some regards to creating Dynamic repeal infrastructure compared

Dynamic repeal infrastructure compared to cdk Cloud information can be easier

to cdk Cloud information can be easier for devops engineers who do not have a

for devops engineers who do not have a background in web programming languages

background in web programming languages a lot of times they just know scripting

a lot of times they just know scripting and this basically is scripting since

and this basically is scripting since cdk generates outloud information it's

cdk generates outloud information it's still important to be able to read and

still important to be able to read and understand Cloud information in order to

understand Cloud information in order to debug IAC Stacks knowing cloud formation

debug IAC Stacks knowing cloud formation is kind of a cloud essential when you go

is kind of a cloud essential when you go into the other tiers of AWS um like

into the other tiers of AWS um like Solutions architect associate

Solutions architect associate professional or any of the associates

professional or any of the associates you need to know Cloud information

you need to know Cloud information inside and out

inside and out [Music]

[Music] okay okay so what I want to do now is

okay okay so what I want to do now is introduce you to infrastructure as code

introduce you to infrastructure as code and so we're going to take a look at

and so we're going to take a look at cloud formation and so we were just

cloud formation and so we were just using Cloud d for the STK so we're going

using Cloud d for the STK so we're going to go back and create ourselves a new

to go back and create ourselves a new Cloud9 environment because we do have to

Cloud9 environment because we do have to write uh some code so I'll go ahead and

write uh some code so I'll go ahead and hit create here and I'm going to just

hit create here and I'm going to just say uh CFN that's sort for cloud

say uh CFN that's sort for cloud formation example and we'll hit next

formation example and we'll hit next step and we'll create ourselves a new

step and we'll create ourselves a new environment T2 micro uh Amazon x 2 is

environment T2 micro uh Amazon x 2 is totally fine we'll hit next it'll delete

totally fine we'll hit next it'll delete after 30 minutes we'll be fine we're

after 30 minutes we'll be fine we're within the free tier we're going to give

within the free tier we're going to give this a moment to load up um and remember

this a moment to load up um and remember you can set your theme your your

you can set your theme your your keyboard mode whatever you want as that

keyboard mode whatever you want as that loads and as that's going we're going to

loads and as that's going we're going to look up cloud formation and so cloud

look up cloud formation and so cloud formation is very intimidating at first

formation is very intimidating at first but once you get through the motions of

but once you get through the motions of it it's not too bad um so we'll go to

it it's not too bad um so we'll go to the user guide here as we always do if

the user guide here as we always do if you go to the getting

you go to the getting started it's going to just tell us some

started it's going to just tell us some things it's going to read about yaml

things it's going to read about yaml files um I don't think I really need to

files um I don't think I really need to read much about this here so I think

read much about this here so I think we'll just go start looking up some

we'll just go start looking up some codes so something that might be

codes so something that might be interesting to launch is an ec2 instance

interesting to launch is an ec2 instance cloudformation so that's what I'll do is

cloudformation so that's what I'll do is I'll type in what I want so in E2

I'll type in what I want so in E2 instance and I'll just start pasting in

instance and I'll just start pasting in code so we scroll on down below

code so we scroll on down below here going to go to examples because I

here going to go to examples because I want a small example here this is

want a small example here this is something that I might want to do and

something that I might want to do and we're going to give that a moment here

we're going to give that a moment here it's almost

it's almost done you can do it ad bu come on as that

done you can do it ad bu come on as that is going I'm going to open a new tab I'm

is going I'm going to open a new tab I'm going to make my way over to cloud

going to make my way over to cloud formation okay

and um you can see I have some older Stacks here notice Cloud9 when we create

Stacks here notice Cloud9 when we create an environment actually creates a cloud

an environment actually creates a cloud formation stack which is kind of

formation stack which is kind of interesting um but if we go here we can

interesting um but if we go here we can create a stack and we can create a file

create a stack and we can create a file and upload it here

and upload it here so okay this is good I'm going to go

so okay this is good I'm going to go ahead and make a new

ahead and make a new file we're going to call it

file we're going to call it template. yaml um just so you know yaml

template. yaml um just so you know yaml can be y ml or Y ml there's a big debate

can be y ml or Y ml there's a big debate as to which one you use um I think that

as to which one you use um I think that adabs likes it when you use the full

adabs likes it when you use the full version so I just stick with

yaml I'm going to double click into that and so in the cc2 example I'm just going

and so in the cc2 example I'm just going to copy this okay and I'm going to paste

to copy this okay and I'm going to paste this in

this in here and I'm going to type in

here and I'm going to type in resources oops

capital okay so that's a resource I want to create

to create um when you create Cloud information you

um when you create Cloud information you always have a template version so I just

always have a template version so I just need a basic example here at the

need a basic example here at the top I guess that's a simple one is like

top I guess that's a simple one is like a Hello World

Bucket maybe we should do a bucket because it'll be a lot

easier we don't have to make our Liv super hard here okay um but what I'm

super hard here okay um but what I'm looking for is the version because

looking for is the version because that's the first thing that you

that's the first thing that you specify I'm just trying to find it

specify I'm just trying to find it within an example

within an example here oh for freak's sakes cloud

here oh for freak's sakes cloud formation

formation version if I don't have the format

version if I don't have the format version it's going to complain there it

version it's going to complain there it is okay so we'll copy that we'll go back

is okay so we'll copy that we'll go back over

over here we'll paste that in there it might

here we'll paste that in there it might be fun to do like an output here so I'm

be fun to do like an output here so I'm going to do like an output

going to do like an output outputs and uh maybe instead of doing

outputs and uh maybe instead of doing this we'll type in ads S3

C formation because what I'm looking for

formation because what I'm looking for is what we can set as output so we'll

is what we can set as output so we'll say return values

say return values here

here um maybe we just

um maybe we just want Returns the domain

want Returns the domain name so we'll just say

name so we'll just say um

um value ref that that's going to get the

value ref that that's going to get the reference for it and we have to say

reference for it and we have to say hello

string say outputs cloud formation example and even though I've written

example and even though I've written tons of cloud information it's just like

tons of cloud information it's just like if you're not doing it on day in day out

if you're not doing it on day in day out you start to forget what it is so here

you start to forget what it is so here for outputs we need a logical ID

for outputs we need a logical ID description value and Export

description value and Export so um that is what I want so I'm going

so um that is what I want so I'm going to go ahead and copy that back here

to go ahead and copy that back here this is just so that when we run it

this is just so that when we run it we're going to be able to observe an

we're going to be able to observe an output from the cloud information file

output from the cloud information file okay so the logical ID is whatever we

okay so the logical ID is whatever we want so hello bucket

want so hello bucket domain it's funny because this is how

domain it's funny because this is how you do do um kind of that would be the

you do do um kind of that would be the format for terraform I was getting them

format for terraform I was getting them mixed up so the

mixed up so the domain of the bucket the value here is

domain of the bucket the value here is going to be

going to be ref

ref hello bucket

hello bucket domain

here B name oh you know what export is for uh

name oh you know what export is for uh cross Stacks we don't need to do that

cross Stacks we don't need to do that okay so that's fine so what we'll do is

okay so that's fine so what we'll do is set that and we'll take out our old one

set that and we'll take out our old one and so this should create us an S3

and so this should create us an S3 bucket so with Cloud information you can

bucket so with Cloud information you can uh provide a template here by providing

uh provide a template here by providing a URL or you can upload a file directly

a URL or you can upload a file directly so um I'm just trying to decide here how

so um I'm just trying to decide here how I want to do this you can also use a

I want to do this you can also use a sample file or create a template in the

sample file or create a template in the designer I'm going to go over to the

designer I'm going to go over to the designer because then we can just like

designer because then we can just like paste in what we want so if I go over to

paste in what we want so if I go over to yamel here and we go back over here I

yamel here and we go back over here I copy

copy this I'm just going to paste this in

this I'm just going to paste this in here

and we're going to hit the refresh button nobody ever uses the designer but

button nobody ever uses the designer but this is just kind of a easy example for

this is just kind of a easy example for me to uh place this in

here it's not really working maybe I got to go to template dude here

to go to template dude here refresh there we go so there's our

refresh there we go so there's our bucket it's nice to have a little

bucket it's nice to have a little visualization and I believe this is

visualization and I believe this is going to work as expected so now that we

going to work as expected so now that we have have our designer template I think

have have our designer template I think if we hit close what's this button say

if we hit close what's this button say validate template probably a good idea

validate template probably a good idea validating the template template

validating the template template contains errors unresolved resource

contains errors unresolved resource dependency in the output block of the

dependency in the output block of the template

template hello domain

hello domain it seems like it should be

fine let's go whoops let's go back over

whoops let's go back over here that's what I did said reference

here that's what I did said reference that

that value oh uh maybe it's get a trib

value oh uh maybe it's get a trib okay it's get ATT

okay it's get ATT sorry get a trib Cloud information can't

sorry get a trib Cloud information can't remember if there's an r on the end of

remember if there's an r on the end of it oh it's just at this is if you're

it oh it's just at this is if you're trying to get a return intrinsic value

trying to get a return intrinsic value so a reference is like what the default

so a reference is like what the default one is but when every time we do like a

one is but when every time we do like a logical name and attribute that's how we

logical name and attribute that's how we get that there so uh what I'm going to

get that there so uh what I'm going to do here is just hit refresh and I'm

do here is just hit refresh and I'm going to validate that one more time now

going to validate that one more time now it's valid if I hover over this is going

it's valid if I hover over this is going to upload it create the

to upload it create the stack we could save this save

stack we could save this save it oh we can save it in an S3 bucket so

it oh we can save it in an S3 bucket so we'll say

we'll say hello bucket and so now we have this URL

hello bucket and so now we have this URL so I'm going to copy it honestly I never

so I'm going to copy it honestly I never use this editor so it's kind of

use this editor so it's kind of interesting I'm going to

interesting I'm going to leave and we probably could hit create

leave and we probably could hit create stack but I just find it a bit easier if

stack but I just find it a bit easier if we just kind of do it through uh this

we just kind of do it through uh this here so go back create the stack we're

here so go back create the stack we're going to paste in the URL we're going to

going to paste in the URL we're going to say

say next and we're going to say uh my new

next and we're going to say uh my new stack and I didn't see what the name of

stack and I didn't see what the name of the bucket was oh there's no name so

the bucket was oh there's no name so it's going to randomize that's perfect

it's going to randomize that's perfect so we'll go next we have a bunch of

so we'll go next we have a bunch of options here we'll hit hit

options here we'll hit hit next we'll give it a moment here I guess

next we'll give it a moment here I guess we have to review it create the stack

we have to review it create the stack and this is the part where we watch so

and this is the part where we watch so it says create in progress and we wait

it says create in progress and we wait and we hit refresh

and we hit refresh and we can see what's happening trying

and we can see what's happening trying to create a

bucket and if we go to resources this is this is a lot easier to track because

this is a lot easier to track because you can see all the resources that are

you can see all the resources that are being

created if you notice that when you use the C uh when you're using databas

the C uh when you're using databas management call create s bucket it's

management call create s bucket it's instantaneous but like with Cloud

instantaneous but like with Cloud information there's a bit of delay

information there's a bit of delay because there's some communication going

because there's some communication going on board but here it is and notice if we

on board but here it is and notice if we go to our outputs this is the the value

go to our outputs this is the the value of the bucket domain name if we were to

of the bucket domain name if we were to make it with self-hosting which is not

make it with self-hosting which is not what we're doing with it we could also

what we're doing with it we could also have an export name which would be used

have an export name which would be used for cross referencing Stacks which is

for cross referencing Stacks which is not something we uh care to do um but

not something we uh care to do um but yeah that's how you create a stack that

yeah that's how you create a stack that way um but you know we can also do it

way um but you know we can also do it via the SDK here so what I can do um is

via the SDK here so what I can do um is look up what is the Adis uh CLI cloud

look up what is the Adis uh CLI cloud formation because they have their own

formation because they have their own commands here if I go here

commands here if I go here there's a new one and there's an old one

there's a new one and there's an old one so if we go create

stack yeah there's things like this like create stack

create stack update um so if we wanted to do it this

way okay and I copied this here I'm just going to put this in my read me here for

going to put this in my read me here for a

second uh so here what you do is you say my new stack

my new stack and you could provide the template URL

and you could provide the template URL or you could specify the local path here

or you could specify the local path here so we have like a template body so I'm

so we have like a template body so I'm going to go ahead and grab

going to go ahead and grab that okay this would be like

that okay this would be like yaml and um I need to specify this file

yaml and um I need to specify this file here so template.

here so template. yaml and I'm just going to go PWD here

yaml and I'm just going to go PWD here to get the full

to get the full path

path okay and I'm going just paste that in

okay and I'm going just paste that in there whoops

okay I'm going to do LS okay so that gives us the full path to the file you

gives us the full path to the file you can also specify the template URL um and

can also specify the template URL um and so this should work as well if I take

so this should work as well if I take this and paste that on as a

command unable to locate parameter file oh there's three three triple slashes

oh there's three three triple slashes there we'll just fix that

there we'll just fix that there

there paste unable to load param file no such

paste unable to load param file no such file directory and there's a t

file directory and there's a t missing okay be like don't be like me

missing okay be like don't be like me and make sure you don't have spelly

and make sure you don't have spelly mistakes okay I can type clear down here

mistakes okay I can type clear down here so I can see what I'm doing we'll hit

so I can see what I'm doing we'll hit enter

enter whoops unable to load the parameter file

whoops unable to load the parameter file no such file or

directory home well I you didn't want the for slash so another thing we can

the for slash so another thing we can try to do I think it will take it

try to do I think it will take it relative so if I do this it should work

relative so if I do this it should work I don't ever remember having to specify

I don't ever remember having to specify the entire path and err occurred while

the entire path and err occurred while calling the crate stack my stack name

calling the crate stack my stack name already exists if I go back over here

already exists if I go back over here give this a refresh oh that's what we

give this a refresh oh that's what we named our stack the the one that we did

named our stack the the one that we did so I'm going to say stack two

okay template format unsupported structure when calling the create stack

operation are you kidding me I do this all the

all the time template body y file cloud

formation unsupported structure take a look

here oh you know what I think uh this one's out of date that's why so what we

one's out of date that's why so what we can do is go to our old stack here and

can do is go to our old stack here and we can actually see the template I can

we can actually see the template I can go ahead and copy this whoops and we can

go ahead and copy this whoops and we can go ahead and paste that in there and

go ahead and paste that in there and then now what I can do

then now what I can do so you know that's that's the reason why

so you know that's that's the reason why it wasn't working okay so we'll hit

it wasn't working okay so we'll hit enter um unsupported

enter um unsupported structure it should be

supported let's see if Cloud information can help us

can help us out um apparently there was very

out um apparently there was very unhelpful error message for batting so

unhelpful error message for batting so try the validate template option I

try the validate template option I wonder if we could just do

wonder if we could just do this maybe if that would help

this maybe if that would help here I'm just hitting up to try to run

here I'm just hitting up to try to run it

it again nope I guess we can try to

again nope I guess we can try to validate it here it's like I'm not

validate it here it's like I'm not having much luck here

having much luck here today so we'll just say this here maybe

today so we'll just say this here maybe it's not even loading that file where it

okay created so for whatever reason I must have had a a bug there and so

must have had a a bug there and so putting sometimes putting on one line

putting sometimes putting on one line helps that out because I must have had

helps that out because I must have had an obvious mistake there and now we can

an obvious mistake there and now we can see the stack is cating it's doing the

see the stack is cating it's doing the exact same thing it's creating uh a

exact same thing it's creating uh a different bucket though if we go over to

different bucket though if we go over to our S3

here again you know you don't need to be able to do this yourself to pass the

able to do this yourself to pass the exam it's just so I'm just trying to

exam it's just so I'm just trying to show you like what it is so you kind of

show you like what it is so you kind of absorb any kind of knowledge about

absorb any kind of knowledge about what's going on here notes down below it

what's going on here notes down below it uses the stack name followed by uh the

uses the stack name followed by uh the re The Logical name of the resource

re The Logical name of the resource there okay um and what we'll do is wait

there okay um and what we'll do is wait for that to create once that's created

for that to create once that's created we can go ahead and delete these Stacks

we can go ahead and delete these Stacks we could also use the ad us Cloud

we could also use the ad us Cloud information to say like delete stack but

information to say like delete stack but I don't want to uh bore you with that

I don't want to uh bore you with that today and so we'll hit refresh here wait

today and so we'll hit refresh here wait for those Stacks to

for those Stacks to vanish okay those are gone uh what I'm

vanish okay those are gone uh what I'm going to do is kill this Cloud9

going to do is kill this Cloud9 environment

environment uh if there's a way to do it from here I

uh if there's a way to do it from here I have never known how to do it go back to

have never known how to do it go back to your dashboard well that's nice to know

your dashboard well that's nice to know we'll go ahead and just delete

we'll go ahead and just delete this okay we'll close that Tab and so

this okay we'll close that Tab and so now we are all in good shape and so that

now we are all in good shape and so that was our introduction to Cloud

was our introduction to Cloud information

information [Music]

[Music] okay let's take a look here at cdk so

okay let's take a look here at cdk so cdk allows you to use your favorite

cdk allows you to use your favorite programming language to write

programming language to write infrastructure as code and technically

infrastructure as code and technically that's not true because they don't have

that's not true because they don't have Ruby and that's my favorite but anyway

Ruby and that's my favorite but anyway uh some of the languages include nodejs

uh some of the languages include nodejs typescript Python

typescript Python java.net and so here's an example of

java.net and so here's an example of typescript typescript was the first

typescript typescript was the first language that was um introduced for cdk

language that was um introduced for cdk It's usually the most upto date so not

It's usually the most upto date so not always does cdk reflect exactly what's

always does cdk reflect exactly what's in cloud formation but I think they're

in cloud formation but I think they're getting better at that okay so cdk is

getting better at that okay so cdk is powered by cloud formation it generates

out cloud formation templates so there is an intermediate step uh it does

is an intermediate step uh it does sometimes feel a bit slow so I don't

sometimes feel a bit slow so I don't really like that but you know it's up to

really like that but you know it's up to you uh cdk has a large library of

you uh cdk has a large library of reusable Cloud components called cdk

reusable Cloud components called cdk constructs at constructs dodev this is

constructs at constructs dodev this is kind of the concept of terraform modules

kind of the concept of terraform modules and is really really useful uh and

and is really really useful uh and they're really well ridden um and they

they're really well ridden um and they can just reduce a lot of your effort

can just reduce a lot of your effort there CD cdk comes with its own CLI um

there CD cdk comes with its own CLI um and I didn't mention this before but

and I didn't mention this before but cloud formation also has its own uh CLI

cloud formation also has its own uh CLI okay cdk pipelines uh are are allow you

okay cdk pipelines uh are are allow you to quickly set up cicd pipelines for CD

to quickly set up cicd pipelines for CD K projects that is a big pain point for

K projects that is a big pain point for cloud formation where you have to write

cloud formation where you have to write a lot of code to do this whereas um this

a lot of code to do this whereas um this cdk has that off the bat makes it really

cdk has that off the bat makes it really easy for you cdk also has a testing

easy for you cdk also has a testing framework for unit and integration

framework for unit and integration testing I think this might be only

testing I think this might be only limited to typescript because I didn't

limited to typescript because I didn't see any for the rest of the languages

see any for the rest of the languages but um you know I wasn't 100% sure there

but um you know I wasn't 100% sure there uh this one thing about cdk is that it

uh this one thing about cdk is that it can be easily uh confused with SDK

can be easily uh confused with SDK because they both allow you to

because they both allow you to pragmatically work with AWS uh using

pragmatically work with AWS uh using your favorite language but the key

your favorite language but the key difference is that cdk ensures uh itap

difference is that cdk ensures uh itap poent uh of your infrastructure so what

poent uh of your infrastructure so what that means that's such a hard word to

that means that's such a hard word to say but what that means is that um you

say but what that means is that um you know if you use this cdk to say give me

know if you use this cdk to say give me an a virtual machine you'll always have

an a virtual machine you'll always have a single virtual machine uh because it's

a single virtual machine uh because it's trying to manage the state of the file

trying to manage the state of the file whereas uh when you use SDK if you run

whereas uh when you use SDK if you run it every time you'll end up with more

it every time you'll end up with more and more servers uh and it's not really

and more servers uh and it's not really managing States so hope hopefully that

managing States so hope hopefully that is clear between the difference

is clear between the difference [Music]

[Music] there okay so we looked at cloud

there okay so we looked at cloud formation but now let's take a look at

formation but now let's take a look at cdk cloud formation or cloud formation

cdk cloud formation or cloud formation Cloud development kit it's just like

Cloud development kit it's just like cloud formation but you use a a

cloud formation but you use a a programming language in order to uh

programming language in order to uh Implement your infrastructure as a code

Implement your infrastructure as a code I don't use it very often I don't

I don't use it very often I don't particularly like it but um you know if

particularly like it but um you know if you are a developer and you don't like

you are a developer and you don't like writing Cloud information files and you

writing Cloud information files and you want to have something that's more

want to have something that's more programmatic you might be used to that

programmatic you might be used to that um this I think should be deleting cuz

um this I think should be deleting cuz we were deleting the last one here and

we were deleting the last one here and notice how it's grayed out I can't

notice how it's grayed out I can't select it so don't worry about that

select it so don't worry about that create a new one we'll say cdk example

create a new one we'll say cdk example we'll hit next T2 micro ec2 instance

we'll hit next T2 micro ec2 instance Amazon X2 you know the drill it's all

Amazon X2 you know the drill it's all fine here we're go ahead and create

fine here we're go ahead and create ourselves a new environment we're going

ourselves a new environment we're going to let that spin up there and as that's

to let that spin up there and as that's going we're going to look up uh adus

going we're going to look up uh adus cdk so Adis cdk um and we probably want

cdk so Adis cdk um and we probably want to go to GitHub for this

to go to GitHub for this okay because it is open source and so I

okay because it is open source and so I want to go to getting

want to go to getting started and I have used this before but

started and I have used this before but I never can remember how to use it

I never can remember how to use it probably the easiest way to uh use this

probably the easiest way to uh use this is by using

is by using typescript

typescript so here's an example initialize the

so here's an example initialize the project make directory cdk oh first we

project make directory cdk oh first we got to install it right so give that a

got to install it right so give that a moment so this is node you know how we

moment so this is node you know how we did like bundle install this is like the

did like bundle install this is like the same thing but for uh typescript install

same thing but for uh typescript install or update the it was cdk CLI from npm we

or update the it was cdk CLI from npm we recommend using this version etc etc so

recommend using this version etc etc so again we're just waiting for that to

again we're just waiting for that to launch but uh as we wait for that it's

launch but uh as we wait for that it's very simple we're just going to install

very simple we're just going to install it create a directory um go into that

it create a directory um go into that directory initialize the example here

directory initialize the example here it's setting up an

it's setting up an sqsq which is um it's quite a complex

sqsq which is um it's quite a complex example um but you can see it's code

example um but you can see it's code right and then we run cdk deploy and

right and then we run cdk deploy and we'll deploy it and then hopefully we'll

we'll deploy it and then hopefully we'll have that

have that resource so again we're just waiting for

resource so again we're just waiting for cloud

n there we go so Cloud9 is more or less ready a terminal seems like it's still

ready a terminal seems like it's still thinking and we have a JavaScript one

thinking and we have a JavaScript one which I do not care about there we go

which I do not care about there we go there's our environment we're going to

there's our environment we're going to make sure we have mpm so we can type in

make sure we have mpm so we can type in mpm great it says version

mpm great it says version 8.1.0 and so this is asking for 10

8.1.0 and so this is asking for 10 okay I don't know if this gives us like

okay I don't know if this gives us like MVM installed MVM it does so what we can

MVM installed MVM it does so what we can do is do MVM list that stands for node

do is do MVM list that stands for node version manager Ruby has one as well and

version manager Ruby has one as well and so it's telling us what version we're on

so it's telling us what version we're on I want to update um looks like we have a

I want to update um looks like we have a pretty uh pretty new version but what I

pretty uh pretty new version but what I want is the latest version of oh but

want is the latest version of oh but that's node version that's not

that's node version that's not necessarily mpm so we'll do node version

necessarily mpm so we'll do node version Oh 17 okay we're well well in the uh

Oh 17 okay we're well well in the uh range of the new stuff so what I'm going

range of the new stuff so what I'm going to do is scroll down we're going to grab

to do is scroll down we're going to grab this link here or this code here hit

this link here or this code here hit enter and that's going to install the

enter and that's going to install the adus cdk so it

adus cdk so it says uh file already exists oh so maybe

says uh file already exists oh so maybe it's already installed on the

machine um cdk we'll type in cdk because of course adus wants to make

cdk because of course adus wants to make it very easy for us this software has

it very easy for us this software has not been tested with what was that

not been tested with what was that warning uh with node 1701 you may

warning uh with node 1701 you may encounter runtime issues great AWS

encounter runtime issues great AWS you're like the one that installed this

you're like the one that installed this stuff here so we get a bunch of the

stuff here so we get a bunch of the commands which is great and so what

commands which is great and so what we'll do is follow their simple

we'll do is follow their simple instructions we'll say hello

instructions we'll say hello cdk we will CD into

cdk we will CD into this and um now what we can do is run

this and um now what we can do is run cdk andit and this language

cdk andit and this language here and so that's going to do a bunch

here and so that's going to do a bunch of stuff creates tons of files it's

of stuff creates tons of files it's going to vary based on uh what you're

going to vary based on uh what you're using like which language because cdk

using like which language because cdk comes available in a variety of

comes available in a variety of languages so if we type in ads

languages so if we type in ads cdk um documentation

here notice up here python java.net so I think it has more than just those three

think it has more than just those three languages but um you know I wish it

languages but um you know I wish it supported more like yeah see here is C

supported more like yeah see here is C Java but I I really wish there was a

Java but I I really wish there was a ruby so we'll give this a moment here to

ruby so we'll give this a moment here to get installed and I will see you back

get installed and I will see you back here when it is done

okay okay uh it turns out I only had to wait like a second there but it says

wait like a second there but it says there's a newer version of the cdk you

there's a newer version of the cdk you probably should install it but I just

probably should install it but I just want to get going here so as long as I

want to get going here so as long as I don't run into any issues I do not care

don't run into any issues I do not care um but anyway so looking at this and I

um but anyway so looking at this and I again I rarely ever look at this but I'm

again I rarely ever look at this but I'm a developer so it's not too hard for me

a developer so it's not too hard for me to figure out but under the lib this is

to figure out but under the lib this is our stack that we're creating and here

our stack that we're creating and here is it is loading in sqs it's loading in

is it is loading in sqs it's loading in SNS and then the core Library it's

SNS and then the core Library it's creating an sqs q and it's setting the

creating an sqs q and it's setting the visibility of that timeout it's also

visibility of that timeout it's also creating an SNS topic so those are two

creating an SNS topic so those are two resources that we expect to be created

resources that we expect to be created if we scroll on down to the getting

if we scroll on down to the getting started it just says cdk deploy so what

started it just says cdk deploy so what we'll do is go ahead and hit enter and

we'll do is go ahead and hit enter and let that do whatever it wants to do

and it is thinking there we go so here we have IM statement changes so it's

we have IM statement changes so it's saying this deployment will potentially

saying this deployment will potentially make potential sensitive changes

make potential sensitive changes according to your current security

according to your current security approval options there is there may be

approval options there is there may be security related changes not in this

security related changes not in this list do you want to deploy sure we'll

list do you want to deploy sure we'll hit

hit why deploying creating cloud formation

why deploying creating cloud formation change set so cdk is using cloud

change set so cdk is using cloud formation underneath it's not

complicated um and as that is going going what we'll do is we'll make our

going what we'll do is we'll make our way over to our IUS amazon.com

way over to our IUS amazon.com console and if we go over to cloud

console and if we go over to cloud formation we'll see if we see anything

yet so it's creating a stack here we can click into it we can go over to our

click into it we can go over to our events see that things are being created

events see that things are being created this is always a confusing so I always

this is always a confusing so I always go to resources to see what is

go to resources to see what is individually being created and they're

individually being created and they're all done so we go over here and they

all done so we go over here and they exist so here it says that we have a Q

exist so here it says that we have a Q called this right sometimes they have

called this right sometimes they have links you can link through it so notice

links you can link through it so notice here I can click on the topic and get to

here I can click on the topic and get to that resource in SNS which is nice for

that resource in SNS which is nice for sqs I'm just going to type in sqs

sqs I'm just going to type in sqs enter uh and there it is okay so we

enter uh and there it is okay so we don't really understand what those are

don't really understand what those are we could delete the stack this way

we could delete the stack this way there's probably a cdk way to delete the

there's probably a cdk way to delete the stack so uh cdk

destroy I assume that's what it is destroy okay so we'll type in cdk

Destroy give it a moment we're going to say

yes okay it's deleting in progress we can even go back here and double

thinking and again you know if we deleted these for real it would take

deleted these for real it would take like a second but uh you know sometimes

like a second but uh you know sometimes they're just

slow sometimes it's because a resource can get hung as well um but uh I don't

can get hung as well um but uh I don't think anything is a problem so here we

think anything is a problem so here we can see what the problem is not not

can see what the problem is not not necessarily a problem but it's just the

necessarily a problem but it's just the sqs is taking a long longer time to

sqs is taking a long longer time to delete where the SNS subscriptions a lot

faster so I'll just see you back here in a moment okay okay so after a short

a moment okay okay so after a short little wait there it finally finished uh

little wait there it finally finished uh I just kept oning refresh until I saw it

I just kept oning refresh until I saw it deleted and so it's out of there and so

deleted and so it's out of there and so we'll get rid of our Cloud9 environment

we'll get rid of our Cloud9 environment since we are done with it so type in

since we are done with it so type in Cloud9 up at the

Cloud9 up at the top and we'll go ahead and delete and we

top and we'll go ahead and delete and we will go ahead and delete this here thank

will go ahead and delete this here thank you and we will go back to our adabs

you and we will go back to our adabs amazon. console here just so we can get

amazon. console here just so we can get our bearing straight here and there we

our bearing straight here and there we [Music]

[Music] go all right let's take a look here at

go all right let's take a look here at the adus toolkit for vs code so adus

the adus toolkit for vs code so adus toolkit is an open source plugin for vs

toolkit is an open source plugin for vs code to create debug deploy it was

code to create debug deploy it was resources since vs code is such a

resources since vs code is such a popular uh editor uh these days I use

popular uh editor uh these days I use Vim but it's very popular um I figured I

Vim but it's very popular um I figured I should make sure you're aware of this um

should make sure you're aware of this um plugin so it can do four things you get

plugin so it can do four things you get the Abus Explorer this allows you to

the Abus Explorer this allows you to explore a wide range of adus resources

explore a wide range of adus resources linked to your adus account uh and

linked to your adus account uh and sometimes you can view them sometimes

sometimes you can view them sometimes you can delete them it's going to vary

you can delete them it's going to vary per service and what's available there

per service and what's available there then you have the adabs cdk Explorer

then you have the adabs cdk Explorer this allows you to explore your Stacks

this allows you to explore your Stacks defined by cdk uh then you have Amazon

defined by cdk uh then you have Amazon elastic uh container service ECS this

elastic uh container service ECS this provides intellisense for ECS task

provides intellisense for ECS task definition files intense means that when

definition files intense means that when you type uh and you uh you'll get like

you type uh and you uh you'll get like Auto completion but you'll also get a

Auto completion but you'll also get a description as to what it is that you're

description as to what it is that you're typing out then there is serverless

typing out then there is serverless applications and this is pretty much the

applications and this is pretty much the main reason to have Theus toolkit allows

main reason to have Theus toolkit allows you to create a debug deploy service

you to create a debug deploy service applications via Sam and CFN so uh there

applications via Sam and CFN so uh there you can see the command pallet and you

you can see the command pallet and you can kind of access stuff there

can kind of access stuff there [Music]

[Music] okay let's take a look here at access

okay let's take a look here at access keys so an access key is a key and

keys so an access key is a key and secret required to have programmatic

secret required to have programmatic access to adus resources when

access to adus resources when interacting with the adabs API outside

interacting with the adabs API outside of the adus Management console so uh

of the adus Management console so uh access key is commonly referred to as

access key is commonly referred to as adus credentials so someone says adus

adus credentials so someone says adus credentials so generally you're talking

credentials so generally you're talking about the access key not necessarily

about the access key not necessarily your um username and password to log in

your um username and password to log in so a user must be granted access to use

so a user must be granted access to use access key so when you're creating a

access key so when you're creating a user you can just checkbox access key um

user you can just checkbox access key um you can always do the after the fact but

you can always do the after the fact but it's good to do that as you're creating

it's good to do that as you're creating the user and then you can generate an

the user and then you can generate an access key and secret so you should

access key and secret so you should never share your access keys with anyone

never share your access keys with anyone they are yours if you give them to

they are yours if you give them to someone else is like giving them the

someone else is like giving them the keys to your house it's dangerous uh

keys to your house it's dangerous uh never commit access keys to a code base

never commit access keys to a code base uh because that is a good place uh for

uh because that is a good place uh for it to get leaked at some point you can

it to get leaked at some point you can have uh two active keys at any given

have uh two active keys at any given time you can deactivate access Keys

time you can deactivate access Keys obviously delete them as well access

obviously delete them as well access Keys have whatever access a user has to

Keys have whatever access a user has to adus resources so uh you know if you can

adus resources so uh you know if you can do it inabus Management console so can

do it inabus Management console so can the key so access keys are to be stored

the key so access keys are to be stored in the ads. adabs credentials uh file so

in the ads. adabs credentials uh file so um and if you're not familiar with Linux

um and if you're not familiar with Linux this Tilda here this actually represents

this Tilda here this actually represents your home folder so whether you're on

your home folder so whether you're on Windows or Linux that's going to be your

Windows or Linux that's going to be your home folder and then you have this

home folder and then you have this period AWS that means that it's a hidden

period AWS that means that it's a hidden folder but you can obviously access it

folder but you can obviously access it and so in the it's just a toml like file

and so in the it's just a toml like file I think it's toml um but I never uh 100%

I think it's toml um but I never uh 100% verified that it's toml it looks just

verified that it's toml it looks just like toml uh and so what you'll have

like toml uh and so what you'll have here is your uh default profile and so

here is your uh default profile and so this is what you would use um or this is

this is what you would use um or this is what uh any of your tools you use like

what uh any of your tools you use like the CLI or anything else would

the CLI or anything else would automatically use if um if you did not

automatically use if um if you did not specify a profile you can of course

specify a profile you can of course store multiple access keys and then give

store multiple access keys and then give it a profile name um so if you are doing

it a profile name um so if you are doing this for the first time you might just

this for the first time you might just want to type in ads config and it'll

want to type in ads config and it'll prompt and you'll just enter them in

prompt and you'll just enter them in there as well I think that's that's the

there as well I think that's that's the default one when you're using the

default one when you're using the SDK uh you would rather probably use

SDK uh you would rather probably use environment variables because this is

environment variables because this is the safest way to access them when you

the safest way to access them when you are writing code all right um so there

are writing code all right um so there you

you [Music]

[Music] go all right let's talk about access

go all right let's talk about access Keys access keys are are very important

Keys access keys are are very important to your account um and so what we'll do

to your account um and so what we'll do is go to IM if you are the root user you

is go to IM if you are the root user you can go in and you can uh generate access

can go in and you can uh generate access keys for people um but generally you're

keys for people um but generally you're doing it yourself for your own account

doing it yourself for your own account so I go to users I'm going to click into

so I go to users I'm going to click into mine here and we'll go over to Security

mine here and we'll go over to Security credentials and here you're going to

credentials and here you're going to notice access keys and one thing that is

notice access keys and one thing that is interesting is that you can only ever

interesting is that you can only ever have two access keys at a time so if I

have two access keys at a time so if I hit create I'm just going to close that

hit create I'm just going to close that notice that the button is grayed out I

notice that the button is grayed out I can uh uh deactivate them if I feel that

can uh uh deactivate them if I feel that I haven't used them in a while and I can

I haven't used them in a while and I can make them active again so I can bring

make them active again so I can bring them back into access or what I can do

them back into access or what I can do is um make them in active right and then

is um make them in active right and then I can delete them and so what I

I can delete them and so what I recommend right even if you do not want

recommend right even if you do not want to programmatically be using your

to programmatically be using your account for anything you always want to

account for anything you always want to fill up both these and the reason why

fill up both these and the reason why and this is for security reasons is that

and this is for security reasons is that if somebody wanted to come in and uh uh

if somebody wanted to come in and uh uh get into your account what they would do

get into your account what they would do is they would try to find a user um

is they would try to find a user um where they have access to them and then

where they have access to them and then they would try to generate out a key so

they would try to generate out a key so if both these keys are Tak up so if you

if both these keys are Tak up so if you generate up both these

generate up both these Keys okay and this is the one you want

Keys okay and this is the one you want to use you deactivate the other one okay

to use you deactivate the other one okay we're not going to use that one and so

we're not going to use that one and so now there's no way for them to fill up

now there's no way for them to fill up that other slot okay and so that is my

that other slot okay and so that is my strong recommendation to you but there's

strong recommendation to you but there's again only ever two here I'm just going

again only ever two here I'm just going to uh Delete both of these so that when

to uh Delete both of these so that when we want to uh do whatever next in a

we want to uh do whatever next in a tutorial we'll go generate that out okay

tutorial we'll go generate that out okay go ahead and clear that

go ahead and clear that out so hopefully that is enough for you

out so hopefully that is enough for you to understand what to do with these

to understand what to do with these access Keys okay so I'm going to go back

access Keys okay so I'm going to go back here there you

here there you [Music]

[Music] go let's take a look here adus

go let's take a look here adus documentation which is a large

documentation which is a large collection of technical documentation on

collection of technical documentation on how to use adus Services which we can

how to use adus Services which we can find at doc. adab. amazon.com uh and so

find at doc. adab. amazon.com uh and so this is kind of like the landing page

this is kind of like the landing page where you can see all the guides and API

where you can see all the guides and API references if you expand them in there

references if you expand them in there uh into ec2 and you click on the user

uh into ec2 and you click on the user guide you can see HTML in PDF format

guide you can see HTML in PDF format Kindle and you'll notice there's a link

Kindle and you'll notice there's a link to GitHub and that's because all of

to GitHub and that's because all of these docs are open source and you can

these docs are open source and you can contribute to them if you choose to do

contribute to them if you choose to do so I've done so multiple times in the

so I've done so multiple times in the past it's quite fun so adus is very good

past it's quite fun so adus is very good about providing detailed information

about providing detailed information about every adus service and the basis

about every adus service and the basis of this course and any adus

of this course and any adus certification will derive mostly from uh

certification will derive mostly from uh the adus documentation so I like to say

the adus documentation so I like to say that I'm not really coming up with new

that I'm not really coming up with new information I'm just uh taking what's in

information I'm just uh taking what's in the docs and trying to make it more

the docs and trying to make it more digestible and I think that's the thing

digestible and I think that's the thing is like the docs are really good you can

is like the docs are really good you can read them end to end but they are very

read them end to end but they are very dense um and so it can be a bit hard to

dense um and so it can be a bit hard to figure out what you should read and what

figure out what you should read and what you should not um but uh they are a

you should not um but uh they are a really great resource and you should

really great resource and you should spend some time in there

spend some time in there [Music]

[Music] okay so I just want to quickly show you

okay so I just want to quickly show you the adabs documentation like give you a

the adabs documentation like give you a bit of a tour of it so if we go to ad.

bit of a tour of it so if we go to ad. amazon.com and type in docs and I'm sure

amazon.com and type in docs and I'm sure you might have seen this through other

you might have seen this through other tutorials but the idea is that you have

tutorials but the idea is that you have basically documentation for basically

basically documentation for basically any possible service that you want and a

any possible service that you want and a lot of times you'll click into it and

lot of times you'll click into it and what you'll get are these little boxes

what you'll get are these little boxes and they'll show you different guides

and they'll show you different guides and it's going to vary based on service

and it's going to vary based on service but a lot of times there's a user guide

but a lot of times there's a user guide there's an API reference those are the

there's an API reference those are the two that you'll see there if we go to

two that you'll see there if we go to something simpler like

something simpler like S3 that might be a simpler example yeah

S3 that might be a simpler example yeah user guide API API reference and so all

user guide API API reference and so all of these are on GitHub right if you open

of these are on GitHub right if you open these up the documentation is here if

these up the documentation is here if you find something you don't like you

you find something you don't like you can submit issues and uh and correct

can submit issues and uh and correct things you can even submit your own

things you can even submit your own examples I have um I have uh committed

examples I have um I have uh committed uh example code to the uh docs

uh example code to the uh docs specifically for AI services so you

specifically for AI services so you might be looking at examples that I

might be looking at examples that I implemented or even Ruby examples since

implemented or even Ruby examples since I really like to promote Ruby on AWS you

I really like to promote Ruby on AWS you can download as a PDF or you can take it

can download as a PDF or you can take it as HTML a lot of times you're going to

as HTML a lot of times you're going to the user guide and the way I build the

the user guide and the way I build the courses here is actually go through and

courses here is actually go through and I read these end to end so you know if

I read these end to end so you know if you wanted to do that and you wanted to

you wanted to do that and you wanted to be like me uh you can do that or you can

be like me uh you can do that or you can just watch my courses and save yourself

just watch my courses and save yourself the trouble and not worry about

the trouble and not worry about everything that is here but generally

everything that is here but generally the documentation is extremely extremely

the documentation is extremely extremely good there are some exceptions like

good there are some exceptions like Amazon Cognito where the content is good

Amazon Cognito where the content is good but it's just not well organized so I

but it's just not well organized so I would say it best out of every other

would say it best out of every other provider they they have the most

provider they they have the most complete documentation uh they generally

complete documentation uh they generally don't keep their examples or like

don't keep their examples or like tutorials within here it's usually

tutorials within here it's usually pretty light they'll have some examples

pretty light they'll have some examples um but like they like they have adus

um but like they like they have adus Labs separately so you type AB Labs

Labs separately so you type AB Labs GitHub right you go here and a lot of

GitHub right you go here and a lot of stuff is in here instead so you have a

stuff is in here instead so you have a lot of great tutorials and examples over

lot of great tutorials and examples over there okay um but yeah pretty much

there okay um but yeah pretty much that's all there is to it is there

that's all there is to it is there consistency between documentations no

consistency between documentations no they kind of vary um you know but uh

they kind of vary um you know but uh it's all there is my point and they're

it's all there is my point and they're always keeping up to date so yeah that's

always keeping up to date so yeah that's all you need to know about the inabus

all you need to know about the inabus documentation

documentation [Music]

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at the Shared

and we are taking a look at the Shared responsibility model which is a cloud

responsibility model which is a cloud security framework that defines the

security framework that defines the security obligations of the customer

security obligations of the customer versus the cloud service provider in

versus the cloud service provider in this case we're talking about AWS and

this case we're talking about AWS and they have their own shared

they have their own shared responsibility model it's this big ugly

responsibility model it's this big ugly blob here um and the thing is is that

blob here um and the thing is is that every single CSP has their own variant

every single CSP has their own variant on the model uh so they're generally all

on the model uh so they're generally all the same but some visualizations make it

the same but some visualizations make it a little bit uh easier to understand or

a little bit uh easier to understand or they kind of uh include a little bit

they kind of uh include a little bit more information at different parts of

more information at different parts of it and so just to get make sure that you

it and so just to get make sure that you have well-rounded knowledge I'm going to

have well-rounded knowledge I'm going to go beyond the aws's shared

go beyond the aws's shared responsibility model and just show you

responsibility model and just show you some variants uh there's also variants

some variants uh there's also variants not just per uh CSP but also the type of

not just per uh CSP but also the type of cloud deployment model and sometimes

cloud deployment model and sometimes these are also scoped uh based on a

these are also scoped uh based on a cloud service category like compute or

cloud service category like compute or machine learning uh and these can uh

machine learning uh and these can uh result in specialized share

result in specialized share responsibility models so that's what

responsibility models so that's what we'll look at in this section

we'll look at in this section [Music]

[Music] okay all right so let's take a look at

okay all right so let's take a look at the ad Shar responsibility model and so

the ad Shar responsibility model and so I've reworked the graphic because it is

I've reworked the graphic because it is a bit hard to uh digest and so I'm

a bit hard to uh digest and so I'm hoping that this way will be a little

hoping that this way will be a little bit easier for you I cannot include the

bit easier for you I cannot include the in and of here just because we're

in and of here just because we're limited for space but don't worry we'll

limited for space but don't worry we'll follow that up with the next slide here

follow that up with the next slide here so there are two people that are

so there are two people that are responsible or two um organizations that

responsible or two um organizations that are responsible the customer and AWS and

are responsible the customer and AWS and on aws's side they're going to be

on aws's side they're going to be responsible for or anything that is

responsible for or anything that is physical so we're talking about Hardware

physical so we're talking about Hardware Global infrastructure so the regions the

Global infrastructure so the regions the availability zones The Edge locations

availability zones The Edge locations the physical security so think of all

the physical security so think of all that Hardware that's there those data

that Hardware that's there those data centers um everything like that then

centers um everything like that then there's also software the services that

there's also software the services that they're offering and so um you know this

they're offering and so um you know this extends to all their services but

extends to all their services but generally it breaks down to the four

generally it breaks down to the four core and so we're talking about compute

core and so we're talking about compute storage database and networking okay and

storage database and networking okay and when we say networking we're talking

when we say networking we're talking about like physically setting up the wi

about like physically setting up the wi and also you know the software to set up

and also you know the software to set up the routing and all that kind of stuff

the routing and all that kind of stuff there uh now looking at the customer

there uh now looking at the customer side of it they're responsible for

side of it they're responsible for configuration of managed services or

configuration of managed services or thirdparty software so the platforms

thirdparty software so the platforms they use so whether they choose to use a

they use so whether they choose to use a particular type of os uh the

particular type of os uh the applications so if they want to use like

applications so if they want to use like Ruby on Rails uh am so identity and

Ruby on Rails uh am so identity and access management so if you uh create a

access management so if you uh create a user and you grant them permissions if

user and you grant them permissions if you give them things they're not

you give them things they're not supposed to have access to that's on you

supposed to have access to that's on you right then there's configur of virtual

right then there's configur of virtual infrastructure and systems so that would

infrastructure and systems so that would be choosing your OS that would be uh the

be choosing your OS that would be uh the networking so there could be networking

networking so there could be networking on the um the virtual machines

on the um the virtual machines themselves or we could be talking about

themselves or we could be talking about Cloud networking in this case then there

Cloud networking in this case then there are firewalls so we're talking about

are firewalls so we're talking about virtual fire walls again they could be

virtual fire walls again they could be on the virtual machine or it could be

on the virtual machine or it could be configuring like knackles or security

configuring like knackles or security groups on AWS then there's security

groups on AWS then there's security configuration of data uh and so there is

configuration of data uh and so there is client side data encryption so if you're

client side data encryption so if you're moving something from S3 from your local

moving something from S3 from your local machine to S3 you might need to encrypt

machine to S3 you might need to encrypt that first before you send it over then

that first before you send it over then there's server side encryption so that

there's server side encryption so that might be turning on server side

might be turning on server side encryption within S3 or turning it

encryption within S3 or turning it encryption on your EBS volume then

encryption on your EBS volume then there's networking traffic protection so

there's networking traffic protection so you know that's turning on VPC flow log

you know that's turning on VPC flow log so you can monitor them turning on AIS

so you can monitor them turning on AIS guard Duty so that it can detect

guard Duty so that it can detect anomalies with your traffic or or

anomalies with your traffic or or activities within your um adus account

activities within your um adus account and then there's customer data so that's

and then there's customer data so that's the data that you upload on the behalf

the data that you upload on the behalf of your customer customers or yourself

of your customer customers or yourself and what you decide to um you know like

and what you decide to um you know like what levels of sensitivity that you want

what levels of sensitivity that you want to lock it down do you want to use

to lock it down do you want to use Amazon Macy to see if there's any public

Amazon Macy to see if there's any public facing uh personally identifi

facing uh personally identifi information that's up to you so there's

information that's up to you so there's a lot here and honestly it's a lot

a lot here and honestly it's a lot easier than you think um instead of

easier than you think um instead of thinking about this big diagram what I

thinking about this big diagram what I do is I break it down into this and so

do is I break it down into this and so we have the in and the of and that's

we have the in and the of and that's what I said I could not fit on the um

what I said I could not fit on the um previous slide there the idea is

previous slide there the idea is customers are responsible for the

customers are responsible for the security in the cloud so that's your

security in the cloud so that's your data and configuration so if it's data

data and configuration so if it's data that's resigning on there or there

that's resigning on there or there something you can configure you are

something you can configure you are responsible for it on the adus side they

responsible for it on the adus side they are responsible for the security of the

are responsible for the security of the cloud so if it's anything physical or

cloud so if it's anything physical or Hardware the operation of managed

Hardware the operation of managed services or Global infrastructure that's

services or Global infrastructure that's going to be on them and this in and of

going to be on them and this in and of thing is very important for the exam so

thing is very important for the exam so you should absolutely know the

you should absolutely know the difference between the two this is kind

difference between the two this is kind of an adist concept I don't see any

of an adist concept I don't see any other cloud service provider talking

other cloud service provider talking about in and of uh so you definitely

about in and of uh so you definitely need to know it

need to know it [Music]

[Music] okay so one variant we might see for the

okay so one variant we might see for the uh shared responsibility model would be

uh shared responsibility model would be on the types of cloud computing this

on the types of cloud computing this could also be applicable to the types of

could also be applicable to the types of uh deployment models but we're doing

uh deployment models but we're doing types of cloud computing here and so we

types of cloud computing here and so we have the customers responsibility and

have the customers responsibility and then the cloud service providers

then the cloud service providers responsibility so we're seeing on

responsibility so we're seeing on premise infrastructure as a service

premise infrastructure as a service platform as a service and software as as

platform as a service and software as as a service and so when you are on Prem

a service and so when you are on Prem you're basically responsible for

you're basically responsible for everything apps data runtime middleware

everything apps data runtime middleware OS virtualization servers storage

OS virtualization servers storage networking basically everything and just

networking basically everything and just by adopting the cloud you're almost

by adopting the cloud you're almost cutting your responsibilities in half

cutting your responsibilities in half here so now the cloud service provider

here so now the cloud service provider is going to be responsible for the

is going to be responsible for the physical networking uh the physical

physical networking uh the physical storage those physical servers and

storage those physical servers and because they're offering virtual

because they're offering virtual machines to you they're setting up a

machines to you they're setting up a hyper visor uh on your behalf so

hyper visor uh on your behalf so virtualization is taking care of for you

virtualization is taking care of for you and so um you know if you launch an ec2

and so um you know if you launch an ec2 instance you know you're going to have

instance you know you're going to have to choose the OS so that's why you're

to choose the OS so that's why you're responsible whatever middleware there

responsible whatever middleware there the runtime so whatever kind of programs

the runtime so whatever kind of programs you install on it uh the data that

you install on it uh the data that resides on it and any kind of like major

resides on it and any kind of like major applications okay then we have platform

applications okay then we have platform as a service uh and so you know the

as a service uh and so you know the class service provider is going to take

class service provider is going to take even more responsibility there so when

even more responsibility there so when we're talking about this we're thinking

we're talking about this we're thinking like a elastic beant stock right so you

like a elastic beant stock right so you know the you just choose what you want

know the you just choose what you want and it's all managed so you might say I

and it's all managed so you might say I want a ruby on real server but you're

want a ruby on real server but you're not saying what OS you need um you're

not saying what OS you need um you're not uh saying exact you might say what

not uh saying exact you might say what version of Ruby you want but you don't

version of Ruby you want but you don't have to manage it if it breaks uh or it

have to manage it if it breaks uh or it might be managed updates and things like

might be managed updates and things like that the last thing here is like

that the last thing here is like software as a service and this is

software as a service and this is something where the CSP is responsible

something where the CSP is responsible for everything so if you're thinking of

for everything so if you're thinking of a of a software's a service think of

a of a software's a service think of like Microsoft Word where you're just

like Microsoft Word where you're just writing

writing uh you know writing stuff in there and

uh you know writing stuff in there and you know you you are responsible for

you know you you are responsible for where you might choose to store your

where you might choose to store your data but the data is like still handled

data but the data is like still handled by the cloud service fighter because you

by the cloud service fighter because you know it's on the cloud so on their

know it's on the cloud so on their servers right um so yeah hopefully that

servers right um so yeah hopefully that gives you kind of an idea across types

gives you kind of an idea across types of cloud computing

of cloud computing [Music]

[Music] responsibilities all right so what I

responsibilities all right so what I want to do here is just shift the lens a

want to do here is just shift the lens a bit and look at the share responsibility

bit and look at the share responsibility model if we were just uh observing a

model if we were just uh observing a subset of cloud services such as compute

subset of cloud services such as compute and so we're going to see

and so we're going to see infrastructures of service platform as a

infrastructures of service platform as a service software as a service and now we

service software as a service and now we have function as a service and so that's

have function as a service and so that's what I mean when we shift the lens we

what I mean when we shift the lens we get new information uh and so you can

get new information uh and so you can just see that you really don't want to

just see that you really don't want to look at this uh from one perspective

look at this uh from one perspective okay so starting at the top here we have

okay so starting at the top here we have bare metal uh and so iTab Us's offering

bare metal uh and so iTab Us's offering is called the ec2 bare metal instance

is called the ec2 bare metal instance and this is where you basically get the

and this is where you basically get the whole machine uh you can configure the

whole machine uh you can configure the entire machine with with the exception

entire machine with with the exception of the physical machine itself so as a

of the physical machine itself so as a customer you can install the host OS um

customer you can install the host OS um uh the host OS so the operating system

uh the host OS so the operating system that runs on the physical machine and

that runs on the physical machine and then you can install your own hypervisor

then you can install your own hypervisor um and then databas is going to be

um and then databas is going to be responsible for the rest the physical

responsible for the rest the physical machine now normally The Next Step Up

machine now normally The Next Step Up would be dedicated but dedicated doesn't

would be dedicated but dedicated doesn't exactly give you more responsibility it

exactly give you more responsibility it gives you more Assurance because it's a

gives you more Assurance because it's a single tenant virtual machine and that's

single tenant virtual machine and that's why I kind of left it out here um but

why I kind of left it out here um but we'll see it in the next slide that it

we'll see it in the next slide that it is kind of on the model and shares the

is kind of on the model and shares the same spot as uh ec2 um but ec2 is a

same spot as uh ec2 um but ec2 is a virtual machine and so um here the

virtual machine and so um here the customer is responsible for the guest OS

customer is responsible for the guest OS so that means that you can choose what

so that means that you can choose what OS you want whether it is Ubuntu or

OS you want whether it is Ubuntu or Debian or Windows but that's not the

Debian or Windows but that's not the actual OS that is running on the

actual OS that is running on the physical machine and so you're not going

physical machine and so you're not going to have control of that ads is going to

to have control of that ads is going to take care of that then there's the

take care of that then there's the container runtime so you know you you

container runtime so you know you you can install Docker on this or any kind

can install Docker on this or any kind of container layer that you want um so

of container layer that you want um so that's another thing that you can do so

that's another thing that you can do so ads is going to be responsible for the

ads is going to be responsible for the hypervisor uh the physical machine and

hypervisor uh the physical machine and the host OS all right then looking at

the host OS all right then looking at containers it says more than one

containers it says more than one offering for containers but we'll just

offering for containers but we'll just look at ECS here and so um this is where

look at ECS here and so um this is where you are going to uh have uh you don't

you are going to uh have uh you don't you don't install the guest OS right the

you don't install the guest OS right the guest OS is already there for you what

guest OS is already there for you what you are going to do is choose your

you are going to do is choose your configuration of containers you're going

configuration of containers you're going to uh deploy your containers you're

to uh deploy your containers you're going to determine where you need to

going to determine where you need to access storage for your containers or

access storage for your containers or attach storage to your containers and

attach storage to your containers and adus is going to be responsible for the

adus is going to be responsible for the guest OS it it the and there might not

guest OS it it the and there might not even be a guest OS but there the host OS

even be a guest OS but there the host OS the guest OS the hypervisor the

the guest OS the hypervisor the container runtime uh and you're just

container runtime uh and you're just responsible for your containers okay

responsible for your containers okay then going to the next level here we

then going to the next level here we have platform as a service and so this

have platform as a service and so this one also is a little bit odd where it

one also is a little bit odd where it fits um because the thing is is that

fits um because the thing is is that this could be using anything underneath

this could be using anything underneath it could be using containers it could be

it could be using containers it could be using virtual machines um and so that's

using virtual machines um and so that's where it doesn't exactly fit well on a

where it doesn't exactly fit well on a linear graph but let's just take a look

linear graph but let's just take a look at some things here so this is where

at some things here so this is where you're just uploading your code uh you

you're just uploading your code uh you have some configuration of the

have some configuration of the environment you have options of

environment you have options of deployment strategies um the

deployment strategies um the configuration of the associated services

configuration of the associated services and then Abus is going to be responsible

and then Abus is going to be responsible for the servers the OS the networking

for the servers the OS the networking the storage the security so it is taking

the storage the security so it is taking on more responsibility than

on more responsibility than infrastructures of service um whereas

infrastructures of service um whereas you know adus is just going to be

you know adus is just going to be responsible that so if it's a virtual

responsible that so if it's a virtual machine it's being under uh under the

machine it's being under uh under the use is going to be responsible for this

use is going to be responsible for this customer stuff okay you're not if it's

customer stuff okay you're not if it's containers then Abus is going to be

containers then Abus is going to be responsible for this but it just depends

responsible for this but it just depends on how that platform is a service is set

on how that platform is a service is set up actually the way elastic beanock is

up actually the way elastic beanock is set up is that you actually have access

set up is that you actually have access to all that infrastructure and you can

to all that infrastructure and you can fiddle with it and so in that case um

fiddle with it and so in that case um whereas like if you were to use Heroku

whereas like if you were to use Heroku which is a a third party provider um you

which is a a third party provider um you know they would take care of all this

know they would take care of all this stuff up here um and so you would not

stuff up here um and so you would not have to worry about it but on AWS you

have to worry about it but on AWS you actually are responsible for uh the

actually are responsible for uh the underlying infrastructure because you

underlying infrastructure because you can you can configure it you can touch

can you can configure it you can touch it so that's where you know again these

it so that's where you know again these do not fit perfectly you can't look at

do not fit perfectly you can't look at platform as a service meaning that um

platform as a service meaning that um you're not responsible for certain

you're not responsible for certain things it really comes down to the

things it really comes down to the service offering okay then we're taking

service offering okay then we're taking a look at software of service so on AWS

a look at software of service so on AWS um this is is going to be something like

um this is is going to be something like um Amazon work docs which is I believe a

um Amazon work docs which is I believe a competitor uh not a very popular

competitor uh not a very popular competitor but a competitor to Microsoft

competitor but a competitor to Microsoft SharePoint and this is for Content

SharePoint and this is for Content collaboration so as the customer you're

collaboration so as the customer you're responsible for the contents of the

responsible for the contents of the document management of the files

document management of the files configuration of sharing access controls

configuration of sharing access controls and the databas is responsible for the

and the databas is responsible for the servers the OS networking the the

servers the OS networking the the storage the security and everything else

storage the security and everything else so you know if you use a Microsoft Word

so you know if you use a Microsoft Word Doc and you type stuff in it you say

Doc and you type stuff in it you say where to say it that's what you're

where to say it that's what you're responsible for okay the last one here

responsible for okay the last one here on the list is our functions here and so

on the list is our functions here and so 's offer is it Lambda and so as the

's offer is it Lambda and so as the customer all you're doing is you're

customer all you're doing is you're uploading your code and databus is going

uploading your code and databus is going to take care of the rest so deployment

to take care of the rest so deployment container runtime networking Storage

container runtime networking Storage security physical machine basically

security physical machine basically everything um and so you're really just

everything um and so you're really just left to uh develop okay so you know

left to uh develop okay so you know hopefully that gives you kind of an idea

hopefully that gives you kind of an idea and again you know we could have thrown

and again you know we could have thrown in a few other services like what we

in a few other services like what we could not fit on this slide here was um

could not fit on this slide here was um uh adus fargate which is a a serverless

uh adus fargate which is a a serverless container as a function or sorry

container as a function or sorry serverless serverless container as a

serverless serverless container as a service or container as a service so uh

service or container as a service so uh you know that has its own unique

you know that has its own unique properties in the model as well okay so

properties in the model as well okay so let's just have kind of a visualization

let's just have kind of a visualization on a linear graph here so we have the

on a linear graph here so we have the customers responsibility on the left

customers responsibility on the left hand side and itus is responsibility on

hand side and itus is responsibility on the right and we'll look at our broad

the right and we'll look at our broad category so we got bare metal dedicated

category so we got bare metal dedicated virtual machines containers and

virtual machines containers and functions and so no matter uh which uh

functions and so no matter uh which uh type of compute you're using using

type of compute you're using using you're always responsible for your code

you're always responsible for your code for um containers you know if uh you

for um containers you know if uh you know like uh the functions when you're

know like uh the functions when you're using functions there are pre-built

using functions there are pre-built containers so you say I want to use Ruby

containers so you say I want to use Ruby and there's a ruby container and you

and there's a ruby container and you don't have to configure it but obviously

don't have to configure it but obviously um you know when you are using container

um you know when you are using container service you are configuring that

service you are configuring that container you are responsible for it for

container you are responsible for it for um virtual machines you know you're

um virtual machines you know you're responsible for the runtime so you can

responsible for the runtime so you can install a container runtime on there or

install a container runtime on there or install a bunch of different packages

install a bunch of different packages like Ruby and stuff like that uh the

like Ruby and stuff like that uh the operating system you have control over

operating system you have control over in the virtual machines for the

in the virtual machines for the dedicated and we saw with bare metal you

dedicated and we saw with bare metal you have both uh controls of the host OS and

have both uh controls of the host OS and the guest OS and then only bare metal

the guest OS and then only bare metal allows you to have control of the

allows you to have control of the virtualization where you can install

virtualization where you can install that hypervisor so hopefully that gives

that hypervisor so hopefully that gives you an idea of compute and it is

you an idea of compute and it is offering there and also kind of how

offering there and also kind of how there's a lot of little caveats when

there's a lot of little caveats when we're looking at the Shared

we're looking at the Shared responsibility model okay

[Music] all right so I have one more variant of

all right so I have one more variant of the share responsibility model and this

the share responsibility model and this one is actually what is used by Google

one is actually what is used by Google so um we're going to apply to AWS and uh

so um we're going to apply to AWS and uh see how it works so let's just kind of

see how it works so let's just kind of redefine share responsibility model or

redefine share responsibility model or just in a slightly different way so we

just in a slightly different way so we fully understand it so the share

fully understand it so the share responsibility model is a simple

responsibility model is a simple visualization that helps determine what

visualization that helps determine what the customer is responsible for and what

the customer is responsible for and what the CSP is responsible for related to

the CSP is responsible for related to AWS and so across the top we have

AWS and so across the top we have infrastructure as a service platform as

infrastructure as a service platform as a service software as a service but

a service software as a service but remember there's other ones out there

remember there's other ones out there like functions and service it's just not

like functions and service it's just not going to fit on here um okay so and then

going to fit on here um okay so and then uh along the side here we have content

uh along the side here we have content access policies usage deployment web

access policies usage deployment web application security identity operations

application security identity operations access and authentication network

access and authentication network security remember that's Cloud

security remember that's Cloud networking security the guest OS data

networking security the guest OS data and content audit logging now we have

and content audit logging now we have the actual traditional networking or

the actual traditional networking or physical networking storage and

physical networking storage and encryption and here we're probably

encryption and here we're probably talking about the physical storage

talking about the physical storage Harden kernel IPC uh the boot the

Harden kernel IPC uh the boot the hardware and so then here we have our

hardware and so then here we have our bars so we have the csp's responsibility

bars so we have the csp's responsibility and the customer responsibility so when

and the customer responsibility so when we're looking at a SAS software as a

we're looking at a SAS software as a service uh the customer is going to be

service uh the customer is going to be responsible for the content remember

responsible for the content remember like think of like a word processor

like think of like a word processor you're writing the content the access

you're writing the content the access policies like say I want to share this

policies like say I want to share this document with someone the usage like how

document with someone the usage like how you utilize it can you upgrade your plan

you utilize it can you upgrade your plan things like that then next on our list

things like that then next on our list here is platform as a service so

here is platform as a service so generally uh you know platform is a

generally uh you know platform is a services for developers to De develop

services for developers to De develop and deploy applications and so they will

and deploy applications and so they will generally have more than one deploy

generally have more than one deploy strategy and uh you know there might be

strategy and uh you know there might be some cost-saving measures to choose like

some cost-saving measures to choose like uh you might have to pay additional for

uh you might have to pay additional for security uh or you it's up to you to

security uh or you it's up to you to configure in a particular way or you

configure in a particular way or you might have to integrate it with other

might have to integrate it with other services uh and you know we saw that

services uh and you know we saw that pass is not a perfect uh definition or

pass is not a perfect uh definition or fit because you know when we look at

fit because you know when we look at elastic bean stock if you have access to

elastic bean stock if you have access to those resources and you can change the

those resources and you can change the underneath then you might have more

underneath then you might have more responsibility there than you think that

responsibility there than you think that you would okay the next one here is

you would okay the next one here is infrastructure the service and so this

infrastructure the service and so this is extending to Identity so who's

is extending to Identity so who's allowed to uh you know log into your

allowed to uh you know log into your adabs account operations the things that

adabs account operations the things that they're allowed to do in the account

they're allowed to do in the account access and authentication do they have

access and authentication do they have to use MFA uh things like that network

to use MFA uh things like that network security obviously you can configure the

security obviously you can configure the security of your uh Cloud infrastructure

security of your uh Cloud infrastructure or Cloud Network um you know so you know

or Cloud Network um you know so you know do you isolate everything a single VPC

do you isolate everything a single VPC how do you set up your security groups

how do you set up your security groups things like that uh we know with virtual

things like that uh we know with virtual machines you can set up the guest OS

machines you can set up the guest OS there's data and content but remember

there's data and content but remember that bare metal is part of the uh

that bare metal is part of the uh infrastructure service offering and so

infrastructure service offering and so that's where we'd see Hardware or not

that's where we'd see Hardware or not Hardware but you'd have the host o the

Hardware but you'd have the host o the host Os or virtualization and so this

host Os or virtualization and so this again is not a perfect representation uh

again is not a perfect representation uh but it generally works okay and then

but it generally works okay and then last and list there um or just looking

last and list there um or just looking at what the ads is responsible for auto

at what the ads is responsible for auto logging so of course adus has cloud

logging so of course adus has cloud trail which is for uh uh logging uh API

trail which is for uh uh logging uh API um events but Auto loging could be

um events but Auto loging could be things that are uh internally happening

things that are uh internally happening with those physical servers then the

with those physical servers then the networking the physical storage uh

networking the physical storage uh Harding the kernel OS has I think what's

Harding the kernel OS has I think what's called the Nitro system where they have

called the Nitro system where they have like a security chip that's uh installed

like a security chip that's uh installed on all their servers then it's the the

on all their servers then it's the the boot OS uh and then the hardware itself

boot OS uh and then the hardware itself okay so just remember the customer is

okay so just remember the customer is responsible for the data

responsible for the data and configuration of access controls

and configuration of access controls that reside in AWS so if you can

that reside in AWS so if you can configure it or you can put data on it

configure it or you can put data on it you're responsible forward okay the

you're responsible forward okay the customer is responsible for the

customer is responsible for the configuration of cloud services and

configuration of cloud services and granting access to users via permissions

granting access to users via permissions right so if you give uh one of your

right so if you give uh one of your employees access to do it um you know

employees access to do it um you know even if it's their fault it's your fault

even if it's their fault it's your fault so remember that um and again the CSP is

so remember that um and again the CSP is generally responsible for the underlying

generally responsible for the underlying infrastructure we say generally because

infrastructure we say generally because you know there's edge cases like bare

you know there's edge cases like bare metal and coming back to adses in the

metal and coming back to adses in the cloud and of the cloud so in the cloud

cloud and of the cloud so in the cloud so if you configure it or store it then

so if you configure it or store it then you the customer responsible for it and

you the customer responsible for it and of the cloud if you cannot configure it

of the cloud if you cannot configure it then the CSP is probably responsible for

then the CSP is probably responsible for it

it [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are looking at the share

Pro and we are looking at the share responsibility model from the

responsibility model from the perspective of architecture and if

perspective of architecture and if you're getting sick of share

you're getting sick of share responsibility model don't worry I think

responsibility model don't worry I think this will be the last

this will be the last slide in this section but let's take a

slide in this section but let's take a look here so we have uh less

look here so we have uh less responsibility more responsibility at

responsibility more responsibility at the bottom so what we have down here is

the bottom so what we have down here is traditional or virtual machine

traditional or virtual machine architecture so Global Workforce is most

architecture so Global Workforce is most familiar with this kind of architecture

familiar with this kind of architecture and there's lots of documentation

and there's lots of documentation Frameworks and support so maybe this

Frameworks and support so maybe this would be using elastic beanock with

would be using elastic beanock with platform as a service or using ec2

platform as a service or using ec2 instances alongside with autoscaling

instances alongside with autoscaling groups uh code deploy uh load balancers

groups uh code deploy uh load balancers things like that the next level here is

things like that the next level here is microservices or containers this is

microservices or containers this is where you mix and match languages better

where you mix and match languages better utilization of resources so maybe you're

utilization of resources so maybe you're using fargate which is seress containers

using fargate which is seress containers or elastic container service or elastic

or elastic container service or elastic kubernetes service for containers and at

kubernetes service for containers and at the top here we have serverless or

the top here we have serverless or commonly with functions as a service so

commonly with functions as a service so there are no more servers you just worry

there are no more servers you just worry about the data or uh and the code right

about the data or uh and the code right so literally just functions of code and

so literally just functions of code and so you could be using the amplify

so you could be using the amplify serverless framework or maybe abess

serverless framework or maybe abess Lambda for creating serverless

Lambda for creating serverless architecture so there you go

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are looking at Computing Services

and we are looking at Computing Services and before we jump into uh the entire

and before we jump into uh the entire Suite of Computing Services they was

Suite of Computing Services they was have let's just talk about ec2 for a

have let's just talk about ec2 for a moment which allows you to launch

moment which allows you to launch virtual machines so what is a virtual

virtual machines so what is a virtual machine well a virtual machine or VM is

machine well a virtual machine or VM is an emulation of a physical computer

an emulation of a physical computer using software server virtualization

using software server virtualization allows you to easily create copy resize

allows you to easily create copy resize or migrate your server multiple VMS can

or migrate your server multiple VMS can run on the same physical servers so you

run on the same physical servers so you can share the cost with other customers

can share the cost with other customers so imagine if your server or computer

so imagine if your server or computer was an executable file on your computer

was an executable file on your computer okay so that's the kind of way you want

okay so that's the kind of way you want to think about it when we launch a VM uh

to think about it when we launch a VM uh we call it an instance and so ec2 is

we call it an instance and so ec2 is highly configurable server where you can

highly configurable server where you can choose the Ami so the Amazon machine

choose the Ami so the Amazon machine image that affects options such as

image that affects options such as amount of CPUs or vcpus virtual CPUs

amount of CPUs or vcpus virtual CPUs amount of memory so Ram the amount of

amount of memory so Ram the amount of network bandwidth the operating system

network bandwidth the operating system so whether it's Windows Ubuntu Amazon 2

so whether it's Windows Ubuntu Amazon 2 uh the ability to attach multiple

uh the ability to attach multiple virtual hard drives for storage so

virtual hard drives for storage so elastic Block store um and so the Amazon

elastic Block store um and so the Amazon machine image is a predefined

machine image is a predefined configuration for AVM so just remember

configuration for AVM so just remember that and so ec2 is also considered the

that and so ec2 is also considered the backbone of ads because the majority of

backbone of ads because the majority of a services are using uc2 as the

a services are using uc2 as the underlying servers whether it's S3 RDS

underlying servers whether it's S3 RDS 10B or lambdas that is what it's using

10B or lambdas that is what it's using so um what I say also it's just because

so um what I say also it's just because when we talk about the it Network that

when we talk about the it Network that is the backbone for Global

is the backbone for Global infrastructure and the networking at

infrastructure and the networking at large and so ec2 is for the services

large and so ec2 is for the services [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro so we just looked at what ec2 is

Pro so we just looked at what ec2 is well let's look at more of the broader

well let's look at more of the broader services for computing and these are the

services for computing and these are the more uh common ones that you'll come

more uh common ones that you'll come across there's definitely more than just

across there's definitely more than just what we're going to see on the single

what we're going to see on the single slide here so we'll break this down with

slide here so we'll break this down with virtual machines containers and then

virtual machines containers and then serverless for for virtual machines

serverless for for virtual machines remember that's an UL ation of a

remember that's an UL ation of a physical computer using software and ec2

physical computer using software and ec2 is the main one but for our VM category

is the main one but for our VM category we have Amazon light sale this is a

we have Amazon light sale this is a manage virtual server service it is the

manage virtual server service it is the friendly version of ec2 virtual machines

friendly version of ec2 virtual machines so when you need to launch a Linux or

so when you need to launch a Linux or Windows server but you don't have much

Windows server but you don't have much adus knowledge you could launch a

adus knowledge you could launch a WordPress here and uh you could hook up

WordPress here and uh you could hook up your domain and stuff like that um so

your domain and stuff like that um so this is a very good options for

this is a very good options for beginners we have containers so

beginners we have containers so virtualizing an operating system or Os

virtualizing an operating system or Os to run multiple workloads on a single OS

to run multiple workloads on a single OS instance so containers are generally

instance so containers are generally used in microservice architecture when

used in microservice architecture when you divide your application into smaller

you divide your application into smaller applications that talk to each other so

applications that talk to each other so here we would have ECS elastic container

here we would have ECS elastic container service this is a container

service this is a container orchestration service that supports

orchestration service that supports Docker containers launches a cluster of

Docker containers launches a cluster of servers on these2 instances with Docker

servers on these2 instances with Docker installed so when you need Dockers a

installed so when you need Dockers a service or you need to run containers we

service or you need to run containers we have elastic container registry ECR this

have elastic container registry ECR this is a repository of container images so

is a repository of container images so in order to launch a container you need

in order to launch a container you need an image an image just means a save copy

an image an image just means a save copy a repository just means a storage that

a repository just means a storage that has Version Control we have ECS fargate

has Version Control we have ECS fargate or just fargate now people are kind of

or just fargate now people are kind of forgetting that it's it runs on ECS

forgetting that it's it runs on ECS these days that's why I have it in there

these days that's why I have it in there it is a servess orchestration container

it is a servess orchestration container service is the same as ECS ex except you

service is the same as ECS ex except you pay on demand per running containers so

pay on demand per running containers so with ECS you have to keep a ec2 server

with ECS you have to keep a ec2 server running even if you have no containers

running even if you have no containers is running so it manages the underlying

is running so it manages the underlying server so you don't have to scale or

server so you don't have to scale or upgrade the ec2 server so there's the

upgrade the ec2 server so there's the advantage over ECS okay then we have

advantage over ECS okay then we have elastic kubernetes service eks this is a

elastic kubernetes service eks this is a fully managed kubernetes service kuber

fully managed kubernetes service kuber or so kubernetes commonly rated to K8 is

or so kubernetes commonly rated to K8 is an open-source orchestration software

an open-source orchestration software that was created by Google is generally

that was created by Google is generally the standard for managing microservices

the standard for managing microservices so when you need to run kubernetes as a

so when you need to run kubernetes as a service then we have serverless category

service then we have serverless category so when the underlying servers are

so when the underlying servers are managed by B to us you don't worry or

managed by B to us you don't worry or configure servers saus Lambda is a

configure servers saus Lambda is a serverless function service you can run

serverless function service you can run code without provisioning or managing

code without provisioning or managing servers you upload small pieces of code

servers you upload small pieces of code choose much uh how much memory how how

choose much uh how much memory how how long you want the function to run is

long you want the function to run is allowed to run before timing out and you

allowed to run before timing out and you are charged based on the runtime of the

are charged based on the runtime of the Serv function rounded to the nearest 100

Serv function rounded to the nearest 100 milliseconds so there you

milliseconds so there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and what I want to do is just show

Pro and what I want to do is just show you a variety of different Computing

you a variety of different Computing Services on AWS so I'm going to try to

Services on AWS so I'm going to try to launch them and uh we're not going to do

launch them and uh we're not going to do anything with them just going to Simply

anything with them just going to Simply launch them okay so the first I want to

launch them okay so the first I want to show you is ec2 and by the way we will

show you is ec2 and by the way we will go more in depth in ec2 later on in this

go more in depth in ec2 later on in this course here um but what I'm going to do

course here um but what I'm going to do is go ahead and launch the instance

is go ahead and launch the instance don't worry about all this stuff but

don't worry about all this stuff but just choose the Amazon Linux 2 so it's

just choose the Amazon Linux 2 so it's in the free tier all right we're going

in the free tier all right we're going to choose an instance type of a T2 micro

to choose an instance type of a T2 micro so that's part of the free tier it's

so that's part of the free tier it's going to be set as one all these options

going to be set as one all these options are fine I want you to go ahead and

are fine I want you to go ahead and review and launch we're going to launch

review and launch we're going to launch and I don't want to generate on any key

and I don't want to generate on any key pair I'm going to proceed without a key

pair I'm going to proceed without a key pair I'm going to acknowledge that

pair I'm going to acknowledge that because I don't want it and that's all

because I don't want it and that's all there is to launching an ec2 instance

there is to launching an ec2 instance and so I can go here and view my

and so I can go here and view my instances and what you'll see is it's

instances and what you'll see is it's pending okay and usually it has like a

pending okay and usually it has like a little spinning icon maybe they've

little spinning icon maybe they've updated it since

updated it since then so I go here it's hard to see

then so I go here it's hard to see because there's all these terminated

because there's all these terminated ones but I don't need to do anything

ones but I don't need to do anything with it I just wanted to show you the

with it I just wanted to show you the actions that you'd have to do to launch

actions that you'd have to do to launch it actually we'll leave it alone maybe

it actually we'll leave it alone maybe we'll see it when it's launched the next

we'll see it when it's launched the next one I want to show you is e elastic

one I want to show you is e elastic container

container service um and wow this this is old

service um and wow this this is old let's go let's get the new experience

let's go let's get the new experience please so old okay checkbox that

please so old okay checkbox that on and we'll hit get started and we'll

on and we'll hit get started and we'll say create a

say create a cluster and we have some options here

cluster and we have some options here networking only ec2 Linux plus

networking only ec2 Linux plus networking uh for use with either ads

networking uh for use with either ads fargate or external windows

fargate or external windows um uh this is if you're doing fargate

um uh this is if you're doing fargate which we're not doing right now fargate

which we're not doing right now fargate is part of elastic container service it

is part of elastic container service it used it well used to be it is called ECS

used it well used to be it is called ECS fargate but it us markets it as a

fargate but it us markets it as a separate service we'll go to next and

separate service we'll go to next and say my ECS

say my ECS cluster um we can create an empty

cluster um we can create an empty cluster but that would make it a fargate

cluster but that would make it a fargate cluster which we don't want there's an

cluster which we don't want there's an ond demand server look it's M6 I large

ond demand server look it's M6 I large if you're very afraid of a lot of spend

if you're very afraid of a lot of spend here you don't have to do this you can

here you don't have to do this you can just watch me do it and just learn

just watch me do it and just learn well what I'm going to do is try to find

well what I'm going to do is try to find something super cheap so I want a T2

something super cheap so I want a T2 micro or a T3 micro T2 micro is part of

micro or a T3 micro T2 micro is part of the free tier I don't know if we get to

the free tier I don't know if we get to choose T2 anymore in here they might not

choose T2 anymore in here they might not let

let you there it is you know T3 micro is

you there it is you know T3 micro is great too I just whatever says it's free

great too I just whatever says it's free that's what I'm going to go for number

that's what I'm going to go for number of instances one the Amazon lytic

of instances one the Amazon lytic version is fine I don't care about a key

version is fine I don't care about a key pair uh use the existing VPC I don't

pair uh use the existing VPC I don't want to have to make a new one select

want to have to make a new one select the existing ones

the existing ones okay uh let it create a new security

okay uh let it create a new security group that's totally fine allow those to

group that's totally fine allow those to be fine create a new role that's fine

be fine create a new role that's fine create okay and so that's going to

create okay and so that's going to create ourselves a

create ourselves a cluster um I'm going to just make a new

cluster um I'm going to just make a new tab here let's just check on our ec2

tab here let's just check on our ec2 instance and so if we look at our ec2

instance and so if we look at our ec2 instance it is running okay great so it

instance it is running okay great so it has a private IP address it has a public

has a private IP address it has a public IP address all right um there's not much

IP address all right um there's not much we can do with it I can't even log into

we can do with it I can't even log into it because we didn't generate out a key

it because we didn't generate out a key pair L times you want to name these

pair L times you want to name these things so I just go here and name it my

things so I just go here and name it my server okay go back to our ECS instance

server okay go back to our ECS instance and the cluster is ready so we'll go

and the cluster is ready so we'll go here and oh nice we got a new UI and so

here and oh nice we got a new UI and so if we wanted to deploy something as a

if we wanted to deploy something as a service or a

service or a task

task um we would need to create a t template

um we would need to create a t template like a task definition

like a task definition file uh they don't have a new UI for

file uh they don't have a new UI for this you're being redirected to the

this you're being redirected to the previous version console because this

previous version console because this isn't available in the new experience

isn't available in the new experience yet of course it isn't so we can create

yet of course it isn't so we can create a new task definition file that's what's

a new task definition file that's what's used to run it it's basically like a

used to run it it's basically like a Docker file composed file whatever you

Docker file composed file whatever you want um we have fargate or ec2 we are

want um we have fargate or ec2 we are doing ECS so we're going to have to do

doing ECS so we're going to have to do ec2 so we'll say my ECS uh Tas def

ec2 so we'll say my ECS uh Tas def file um task Ru opt optional IM roll I

file um task Ru opt optional IM roll I don't need one network mode I I don't

don't need one network mode I I don't care um and then this is the idea is

care um and then this is the idea is that because a container allows you to

that because a container allows you to use up a particular amount of the um

use up a particular amount of the um thing we don't have to use all of the

thing we don't have to use all of the memory so we should look up what a T2

memory so we should look up what a T2 micro is because I don't even remember

micro is because I don't even remember what size it is okay T2 micro AWS so we

what size it is okay T2 micro AWS so we go here we look at the instance types

go here we look at the instance types and we're going to flip over to T2 and

and we're going to flip over to T2 and it says that it's one

it says that it's one vcpu one gab of memory so what I'll do

vcpu one gab of memory so what I'll do one yeah yeah one okay that's fine so

one yeah yeah one okay that's fine so what we want and this is in megabytes so

what we want and this is in megabytes so we'll say 500 megabytes and um I don't

we'll say 500 megabytes and um I don't know if we can do less than one but I'm

know if we can do less than one but I'm going to do one

going to do one here

here um the task CPU must be an integer

um the task CPU must be an integer greater than or equal to 128 okay fine

greater than or equal to 128 okay fine 128 oh I guess it's 1024 would utilize

128 oh I guess it's 1024 would utilize the whole thing so I could say

the whole thing so I could say 512 okay and this is where we would add

512 okay and this is where we would add our

our container so

container so I don't do this every day so I don't

I don't do this every day so I don't remember how to do this we'll say my

remember how to do this we'll say my container um and I need a repository

container um and I need a repository here so I need like dockerhub Hello

World okay I don't care what it is I just need a image that's

simple and I'm looking for the address here

um I'm hoping that's just this dockerhub

URL so it' be something like this right docker.io probably Docker IO Docker

docker.io probably Docker IO Docker image um Docker Hub URL in

ECS okay goes to show how often I'm launch launching these things so

launch launching these things so repository URL Docker image so I think

repository URL Docker image so I think that what we're going to do here

I would really just like the URL please

please reviews

reviews tags where is

tags where is it where is it it's somewhere here

uh well let's just try it we'll go and we'll type in says image and tags so

we'll type in says image and tags so docker.io

docker.io hello world I really need an image ID

hello world I really need an image ID image URL hello

image URL hello world Docker

world Docker Hub they're not making my life easy here

today anything I just want to see like a single example docker.io

docker iio URL

URL examples

examples ECS this is what it's like you know this

ECS this is what it's like you know this is what you're going to be doing if you

is what you're going to be doing if you are um you know a cloud engineer you're

are um you know a cloud engineer you're going to be Googling a lot and just

going to be Googling a lot and just trying to find examples

trying to find examples here so here it says docker.io the name

here so here it says docker.io the name the host name okay so we'll just try it

the host name okay so we'll just try it okay so I think that the the the name

okay so I think that the the the name here is underscore and then it's hello

here is underscore and then it's hello world and that's what's throwing me off

world and that's what's throwing me off here

here right Docker

IO just hold on here repository URL and then there's the

here repository URL and then there's the tag I don't know if like is the tag

tag I don't know if like is the tag going to be like latest view available

going to be like latest view available tags latest okay so what I'll do

tags latest okay so what I'll do here and that's the thing you got to

here and that's the thing you got to have a lot of confidence too so hard

have a lot of confidence too so hard limits soft limit um do I have to set

limits soft limit um do I have to set it do I have to set any of these things

it do I have to set any of these things can I just go to the bottom and hit

can I just go to the bottom and hit add looks like I

add looks like I can okay so we'll scroll on down create

can okay so we'll scroll on down create we create our task definition file which

we create our task definition file which is fine we're going to go back to our

is fine we're going to go back to our cluster it's going to bring us back to

cluster it's going to bring us back to the new experience we're going to click

the new experience we're going to click into this

into this cluster holy smokes uh we're going to

cluster holy smokes uh we're going to hit

hit deploy and we are going to choose

deploy and we are going to choose service that means it's going to

service that means it's going to continuously run task means that when

continuously run task means that when it's done running it ends we're going to

it's done running it ends we're going to choose our family our version that's

choose our family our version that's that's the task definition file there is

that's the task definition file there is not compatible with the selected compute

that okay some maybe some you have to like code it so that it continuously

like code it so that it continuously runs I don't care we don't need to run a

runs I don't care we don't need to run a service here the selected task

service here the selected task definition is not compatible with the

definition is not compatible with the selected compute strategy

why uh can you double check if you're using fargate strategy instead of the

using fargate strategy instead of the ec2 uh blog designed for the ec2

ec2 uh blog designed for the ec2 strategy so probably what it's

strategy so probably what it's suggesting is that the the strategy file

suggesting is that the the strategy file I made is not for the right one here Tas

I made is not for the right one here Tas [Music]

[Music] definitions go back over

definitions go back over here well what's wrong with it

task roll none my container so what I'm going to do because I don't trust this

going to do because I don't trust this just going to go ahead and delete this

just going to go ahead and delete this can I delete this how do I delete

can I delete this how do I delete this oh boy

this oh boy actions deregister

actions deregister deregister we'll create a new one and so

deregister we'll create a new one and so it us has tools like it us co-pilot um

it us has tools like it us co-pilot um CLI to make this a lot easier because

CLI to make this a lot easier because you can see this is very frustrating but

you can see this is very frustrating but I chose this

I chose this so my task

so my task def requires compatibility of

512 add container we're going

container we're going to uh was it docker.io

here and we'll just say uh 512 which is fine I don't care about any port

fine I don't care about any port mappings I'm just reading it carefully

mappings I'm just reading it carefully here to see what it wants we'll say 512

here to see what it wants we'll say 512 maybe because I didn't specify them it's

maybe because I didn't specify them it's complaining this looks fine we'll hit

add okay constraints type this all looks

okay constraints type this all looks fine so we'll try this

fine so we'll try this again and so we now have our file let's

again and so we now have our file let's see if we can just run this task from

see if we can just run this task from here you

here you see2 this is just another way to do it

see2 this is just another way to do it so we just choose the cluster this is

so we just choose the cluster this is actually a lot easier to do it this is

actually a lot easier to do it this is old old old Eh this is ugly and so now

old old old Eh this is ugly and so now it launches so you know if you have

it launches so you know if you have trouble one way then just do it another

trouble one way then just do it another way and uh sometimes it'll work here so

way and uh sometimes it'll work here so I don't expect this task to really work

I don't expect this task to really work in any particular way if it's pending

in any particular way if it's pending that that's fine if it fails that's fine

that that's fine if it fails that's fine if it's successful that's fine I don't

if it's successful that's fine I don't care I just want to go through the

care I just want to go through the motion so it was successful it it ran

motion so it was successful it it ran and then it stopped I don't know if we

and then it stopped I don't know if we could see like the output anywhere

could see like the output anywhere probably what it would do is it would

probably what it would do is it would log out something like into somewhere

log out something like into somewhere and so I don't know if like there's logs

and so I don't know if like there's logs turned on for this if I go over to like

turned on for this if I go over to like Cloud watch logs maybe I could see

Cloud watch logs maybe I could see something a lot of these services will

something a lot of these services will automatically create cloudwatch logs so

automatically create cloudwatch logs so sometimes you can just go look at them

sometimes you can just go look at them there so we'll drop down we'll go to log

there so we'll drop down we'll go to log groups

groups here there is some stuff here um there's

here there is some stuff here um there's a couple that I created from before just

a couple that I created from before just go ahead delete

go ahead delete those and so what I'm looking for is

those and so what I'm looking for is like ECS so no there's no logging

like ECS so no there's no logging happening here which is totally fine so

happening here which is totally fine so that is ECS um for fargate it's pretty

that is ECS um for fargate it's pretty much uh the same the difference is that

much uh the same the difference is that fargate is like it has to start up and

fargate is like it has to start up and run so it's a lot slower to

run so it's a lot slower to watch okay

watch okay and now let's go take a look at a

and now let's go take a look at a Lambda okay so this is our serverless

Lambda okay so this is our serverless compute so we go ahead and create

compute so we go ahead and create ourselves a function uh we can start

ourselves a function uh we can start from a blueprint that doesn't sound too

from a blueprint that doesn't sound too bad and I personally like Ruby so no I'm

bad and I personally like Ruby so no I'm not getting much here but we can do is

not getting much here but we can do is look for something like hello do we have

look for something like hello do we have like a hello

like a hello world there we go hello world and we'll

world there we go hello world and we'll click that we'll say my hello

click that we'll say my hello world uh it's going to create those

world uh it's going to create those permissions that's fine it's showing us

permissions that's fine it's showing us the code it's very simple okay it's

the code it's very simple okay it's going to console log out these values

going to console log out these values not a very good hello world function

not a very good hello world function doesn't even say hello world how can you

doesn't even say hello world how can you call it a hello world function if it

call it a hello world function if it doesn't say hello world I don't

doesn't say hello world I don't understand so we're going to go ahead

understand so we're going to go ahead and create this function usually doesn't

and create this function usually doesn't take this

take this long okay so uh here is our function

long okay so uh here is our function here is our code notice that this is

here is our code notice that this is Cloud9

Cloud9 okay and you can even move that over to

okay and you can even move that over to Cloud9 they didn't have this button here

Cloud9 they didn't have this button here before that's kind of cool I hit test

before that's kind of cool I hit test they used to have it up

they used to have it up here but I guess they wanted to make it

here but I guess they wanted to make it more obvious so they moved it down here

more obvious so they moved it down here which is nice so what I can do is hit

which is nice so what I can do is hit this oops my test it's going to send a

this oops my test it's going to send a payload here to the actual function uh

payload here to the actual function uh and it's going to tell us if it

worked okay so can I run my test go over here to test

here to test they changed it a bit so I guess I

they changed it a bit so I guess I created there it succeeded so I have my

created there it succeeded so I have my logs okay so it's it's going to Output

logs okay so it's it's going to Output those values there so there are the

those values there so there are the three values which basically is

three values which basically is nothing maybe you were supposed to set

nothing maybe you were supposed to set those an environment variable but you

those an environment variable but you can see you're just uploading uh some

can see you're just uploading uh some code right it's just a bit of code it's

code right it's just a bit of code it's not like a full app or anything so we

not like a full app or anything so we launched an E2 container we did a a um

launched an E2 container we did a a um sorry ec2 instance a container we did a

sorry ec2 instance a container we did a seress function there's other things

seress function there's other things like EKF yes but that is really really

like EKF yes but that is really really hard to set up okay cuz you'd have to

hard to set up okay cuz you'd have to use like kubernetes commands and stuff

use like kubernetes commands and stuff like that and my kubernetes knowledge is

like that and my kubernetes knowledge is always very poor um I'm just taking a

always very poor um I'm just taking a peek here to see if they've updated it

peek here to see if they've updated it so yeah you create the cluster but like

so yeah you create the cluster but like deploying it is forget it I'm just

deploying it is forget it I'm just trying to think if there's anything else

trying to think if there's anything else I kind of want to show you um no those

I kind of want to show you um no those are the main three I would say so I'm

are the main three I would say so I'm pretty happy with that um what I'm going

pretty happy with that um what I'm going to do is go and kill all these things so

to do is go and kill all these things so we're going to go over to Lambda okay

we're going to go over to Lambda okay and I'm going to go ahead and delete

and I'm going to go ahead and delete this as you saw ECS was the hardest and

this as you saw ECS was the hardest and no matter how many times I've built

no matter how many times I've built things on ECS and I've deployed full

things on ECS and I've deployed full things on ECS I can't remember I always

things on ECS I can't remember I always have so much trouble with task

have so much trouble with task definition files it's unbelievable we'll

definition files it's unbelievable we'll go over to our cluster

here and ECS cluster up here make sure you're

and ECS cluster up here make sure you're not in the fargate cluster I know I'm

not in the fargate cluster I know I'm clicking really fast but there's just so

clicking really fast but there's just so many things to click and I'm going to

many things to click and I'm going to click into this cluster we're going to

click into this cluster we're going to go hit edit because this is running an

go hit edit because this is running an ec2 instance right I need to destroy it

ec2 instance right I need to destroy it um it just took me back to the old one

um it just took me back to the old one here um I want to delete no I want to

here um I want to delete no I want to delete the cluster click back

delete the cluster click back here where do I delete it up

here here I can't checkbox anything uh how do I delete this do I

anything uh how do I delete this do I have to delete the task first maybe so

have to delete the task first maybe so we'll go here I mean it's already

we'll go here I mean it's already stopped there's nothing to

stopped there's nothing to do

edit uh huh account settings wow this is

settings wow this is confusing

confusing okay how to delete ECS

okay how to delete ECS cluster got to be kidding me I have to

cluster got to be kidding me I have to actually look this up so open the USS

actually look this up so open the USS console from navigation in the

console from navigation in the navigation choose clusters and the new

navigation choose clusters and the new turn off the E uh turn off new ECS

turn off the E uh turn off new ECS experience and choose the old console

experience and choose the old console the delete cluster workflow is not

the delete cluster workflow is not supported in the EC ECS console are you

supported in the EC ECS console are you serious then

serious then why why do you have it like why even let

why why do you have it like why even let people use the new experience if that

people use the new experience if that you don't have all the functionality

you don't have all the functionality there um oh I was going to give it

there um oh I was going to give it feedback but it didn't let me here it

feedback but it didn't let me here it says uh I need to delete an ECS cluster

no okay so I'm here there's my big ugly

here there's my big ugly cluster delete

cluster delete cluster okay so yeah it it's a struggle

cluster okay so yeah it it's a struggle okay like things are always changing on

okay like things are always changing on me but uh you just have to have

me but uh you just have to have confidence and if you've done it a few

confidence and if you've done it a few times you know that you can do it right

times you know that you can do it right um and that's one of the biggest

um and that's one of the biggest Hang-Ups to Cloud I would say so it's

Hang-Ups to Cloud I would say so it's going to take a few minutes apparently

going to take a few minutes apparently to delete the cluster as that is going

to delete the cluster as that is going let's let's go over to ec2 I didn't

let's let's go over to ec2 I didn't close it I kept this tab

close it I kept this tab open and uh there's our ec2

open and uh there's our ec2 instance we can go ahead and terminate

instance we can go ahead and terminate that instance terminate

okay and if this says it's terminating then we're in good shape Terminator is

then we're in good shape Terminator is shutting down that's fine and notice

shutting down that's fine and notice here that's the ECS instance just make

here that's the ECS instance just make sure you shut down the my server not the

sure you shut down the my server not the um the ECS instance cuz that's to stop

um the ECS instance cuz that's to stop and so this has already terminated but

and so this has already terminated but if we go back here notice that it says

if we go back here notice that it says that it's not done but

that it's not done but clearly clearly has shut

clearly clearly has shut down okay so I'm going to wait here for

down okay so I'm going to wait here for a bit even though I know it's been

a bit even though I know it's been deleted maybe it's deleting things like

deleted maybe it's deleting things like the autoscaling group so we go down

the autoscaling group so we go down below

below here right so that's probably what it's

here right so that's probably what it's doing it's probably trying to destroy

doing it's probably trying to destroy the auto scaling

the auto scaling group but it doesn't show any here so it

group but it doesn't show any here so it must have already destroyed

must have already destroyed it yeah so task Services delete so I'll

it yeah so task Services delete so I'll be back here in a bit but I know it's

be back here in a bit but I know it's safe it's already deleted but I'll see

safe it's already deleted but I'll see you back here in a bit okay so I waited

you back here in a bit okay so I waited literally a second and it's now deleted

literally a second and it's now deleted so we deleted our Lambda we deleted our

so we deleted our Lambda we deleted our oh did we delete our

oh did we delete our Lambda good

Lambda good question now I'm not really worried

question now I'm not really worried about the Lambda because I guess we did

about the Lambda because I guess we did but I'm not really worried about it

but I'm not really worried about it because um you know at when it rests at

because um you know at when it rests at idle it's not costing us anything where

idle it's not costing us anything where the EC s and the ec2 are backed by ec2

the EC s and the ec2 are backed by ec2 instances so we do have to shut those

instances so we do have to shut those down okay and again remember make sure

down okay and again remember make sure you're in the correct region sometimes

you're in the correct region sometimes that gets flipped over and then you

that gets flipped over and then you think those resources are gone but

think those resources are gone but they're actually not they're just

they're actually not they're just running in another region so uh there

running in another region so uh there you

you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we're taking a look at higher

Pro and we're taking a look at higher performance Computing Services on AWS so

performance Computing Services on AWS so before we do we got to talk about the

before we do we got to talk about the Nitro system so this is a combination of

Nitro system so this is a combination of dedicated hardware and lightweight

dedicated hardware and lightweight hypervisor enabling faster Innovation

hypervisor enabling faster Innovation and enhanced security all new ec2

and enhanced security all new ec2 instant types use the nitro system and

instant types use the nitro system and the Nitro system is designed uh by AWS

the Nitro system is designed uh by AWS okay so this is made up of a few things

okay so this is made up of a few things we have Nitro cards these are

we have Nitro cards these are specialized cards for vpcs EBS instant

specialized cards for vpcs EBS instant storage and uh controller cards you have

storage and uh controller cards you have Nitro security chips these are

Nitro security chips these are integrated into the motherboard protects

integrated into the motherboard protects Hardware resources and we have the Nitro

Hardware resources and we have the Nitro hypervisor this is the lightweight hyper

hypervisor this is the lightweight hyper visor memory and CPU allocation bare

visor memory and CPU allocation bare metal like performance there's also uh

metal like performance there's also uh Nitro enclaves but you that's a bit out

Nitro enclaves but you that's a bit out of scope here but that's has to do with

of scope here but that's has to do with like ec2 isolation Okay uh then we have

like ec2 isolation Okay uh then we have bare metal instances so you can launch

bare metal instances so you can launch ec2 instances that have no hypervisor so

ec2 instances that have no hypervisor so you can run workloads directly on the

you can run workloads directly on the hardware for maximum performance and

hardware for maximum performance and control we have the M5 the R5 um ec2

control we have the M5 the R5 um ec2 instances that can run bare metal

instances that can run bare metal there's other ones I believe I've seen

there's other ones I believe I've seen as well but um you know if you are

as well but um you know if you are running bare metal you can just go

running bare metal you can just go investigate at the time of okay we have

investigate at the time of okay we have bottle rocket this is a Linux based open

bottle rocket this is a Linux based open source operating system that is purpose

source operating system that is purpose built by adus for running containers on

built by adus for running containers on VMS or bare metal hosts then uh let's

VMS or bare metal hosts then uh let's just Define what HBC is so it's a

just Define what HBC is so it's a cluster of a hundred of thousands of

cluster of a hundred of thousands of servers with fast connections between

servers with fast connections between each of them with the purpose of

each of them with the purpose of boosting Computing capacity so when you

boosting Computing capacity so when you need a supercomputer to perform

need a supercomputer to perform computational problems too large to run

computational problems too large to run on a standard computer or computers or

on a standard computer or computers or would take too long this is where you

would take too long this is where you know HBC comes into play one solution

know HBC comes into play one solution here is databus parallel cluster which

here is databus parallel cluster which is uh an adus supported open source

is uh an adus supported open source cluster management tool that makes it

cluster management tool that makes it easy for you to deploy and manage higher

easy for you to deploy and manage higher performance Computing HBC clusters on

performance Computing HBC clusters on AWS so hopefully that gives you an idea

AWS so hopefully that gives you an idea of this stuff

of this stuff [Music]

[Music] okay all right so let's take a look at

okay all right so let's take a look at HPC or high performance Computing on AWS

HPC or high performance Computing on AWS so HPC is for uh running large complex

so HPC is for uh running large complex simulations and deep learning workloads

simulations and deep learning workloads in the cloud with a complete Suite of

in the cloud with a complete Suite of high performance Computing product

high performance Computing product Services gains Insight faster and

Services gains Insight faster and quickly move from idea to Market blah

quickly move from idea to Market blah blah blah blah blah it's for ML or very

blah blah blah blah it's for ML or very complex scientific Computing stuff these

complex scientific Computing stuff these run at least on C5 NS okay and the way

run at least on C5 NS okay and the way it works is that you use this um CLI

it works is that you use this um CLI called P cluster or a parallel compute U

called P cluster or a parallel compute U or a parallel cluster stuff and so let's

or a parallel cluster stuff and so let's see if we can get this installed very

see if we can get this installed very easily um so what I'm going to

easily um so what I'm going to do is see how hard it is to install

do is see how hard it is to install stall now I don't recommend you running

stall now I don't recommend you running this cuz I don't know what it's going to

this cuz I don't know what it's going to cost me and if I make a misconfiguration

cost me and if I make a misconfiguration I don't want you to have that spend here

I don't want you to have that spend here but I don't think it's that dangerous so

but I don't think it's that dangerous so I'm going to go back over to us East one

I'm going to go back over to us East one here I'm going to open up

cloudshell and I'm going to give it a moment to load and so as that is loading

moment to load and so as that is loading let's take a look at how we would go

let's take a look at how we would go ahead and install this so install the

ahead and install this so install the current parallel um it was parallel I

current parallel um it was parallel I think we just copy that line

think we just copy that line okay and so we have to wait for our

okay and so we have to wait for our environment to spin up all right so once

environment to spin up all right so once it has spun up we will install it and

it has spun up we will install it and then we will jump over to this tutorial

then we will jump over to this tutorial here okay so we'll give this a

moment and after waiting a little while here it looks like our shell is ready it

here it looks like our shell is ready it looks like it's in bash um I'm just

looks like it's in bash um I'm just going to type in ads S3 LS that's a

going to type in ads S3 LS that's a sanity

sanity check okay and it works that's great so

check okay and it works that's great so go back over here and I'm going to go

go back over here and I'm going to go back up to install for

back up to install for Linux and what I need is that single

Linux and what I need is that single command where is

command where is it so I'm certain that we already have

it so I'm certain that we already have Linux or python installed but I just

Linux or python installed but I just want the command to install

want the command to install it we saw it a moment ago here I'm just

it we saw it a moment ago here I'm just going to back out till I can find

it uh one more there it is so it's under oh it's this link here and that's what I

oh it's this link here and that's what I talk about the documentations being

talk about the documentations being tricky sometimes you have to click these

tricky sometimes you have to click these uh headings here to find stuff so this

uh headings here to find stuff so this is the first time installing it so we'll

is the first time installing it so we'll grab that usually you're supposed to

grab that usually you're supposed to create in Virtual environments with

create in Virtual environments with python I don't care this is my cloud

python I don't care this is my cloud shell it doesn't matter to me so we're

shell it doesn't matter to me so we're going to go ahead and download that and

going to go ahead and download that and hopefully it is fast and it was super

hopefully it is fast and it was super fast which was really nice and so what

fast which was really nice and so what we'll do is go check out the pcluster

version okay and that looks fine to me I'm going to go down below here to run

I'm going to go down below here to run our first job um the returns the it

our first job um the returns the it gives outputs I don't think we need to

gives outputs I don't think we need to configure it because we already have our

configure it because we already have our CLI so what I'm going to do is go ahead

CLI so what I'm going to do is go ahead and create ourselves a new cluster um

and create ourselves a new cluster um beginning cluster creation configuration

beginning cluster creation configuration file config not found so I guess we do

file config not found so I guess we do have to configure

this configure and it's asking what region do

configure and it's asking what region do we want to be in um if I have us East

we want to be in um if I have us East one I would choose it for some reason

one I would choose it for some reason it's all the way for number 13 that is

it's all the way for number 13 that is not a lucky number but I'm going to

not a lucky number but I'm going to choose it anyway anyway no key pair

choose it anyway anyway no key pair found in Us East one region please

found in Us East one region please create one of the following um so create

create one of the following um so create an ec2 key

an ec2 key pairs uh no options found for ec2 key

pairs uh no options found for ec2 key pairs that's fine so what what I'll do

pairs that's fine so what what I'll do is go over

is go over here and we'll go over to

ec2 and we will go over to key pairs key pairs key pairs key pairs we'll create

pairs key pairs key pairs we'll create ourselves a new new one here so we'll

ourselves a new new one here so we'll say um HPC key pair or just my

say um HPC key pair or just my HPC so we know what it it's for we have

HPC so we know what it it's for we have putty or PM we're going to do pem

putty or PM we're going to do pem because we're on Linux we'll create that

because we're on Linux we'll create that and notice that it downloaded the pem

and notice that it downloaded the pem down down here and we're going to need

down down here and we're going to need that for later um and so what I'll

that for later um and so what I'll do as I'll type in P cluster here again

do as I'll type in P cluster here again configure we'll choose 13 we'll choose

configure we'll choose 13 we'll choose number one here

number one here uh allowed values for the scheduler I

uh allowed values for the scheduler I have no idea what these are uh let's

have no idea what these are uh let's choose the number one allowed values for

choose the number one allowed values for the operating system Amazon L 2 I know

the operating system Amazon L 2 I know what that is minimum cluster size one

what that is minimum cluster size one maximum cluster size two head notice

maximum cluster size two head notice instance oh T2 micro you can do that

instance oh T2 micro you can do that yeah let's do it I didn't know we could

yeah let's do it I didn't know we could do that enter compute type uh T2 micro

do that enter compute type uh T2 micro sure so I thought that we'd have to use

sure so I thought that we'd have to use a c5n but I guess apparently not

a c5n but I guess apparently not automate VPN uh VPC creation yes of

automate VPN uh VPC creation yes of course network configuration so allow

course network configuration so allow values for the network configuration uh

values for the network configuration uh head node in a public subnet and and

head node in a public subnet and and compute Fleet in a private subnet uh

compute Fleet in a private subnet uh head node in compute yeah we'll do it in

head node in compute yeah we'll do it in the both just to make our lives easier I

the both just to make our lives easier I don't care first one sounds more secure

don't care first one sounds more secure of course and so oh it's creating Cloud

of course and so oh it's creating Cloud information sack wow this is easy I

information sack wow this is easy I thought this was going to be super

thought this was going to be super painful okay so we'll go over here we'll

painful okay so we'll go over here we'll go take a look at what cloud formation's

go take a look at what cloud formation's doing all

doing all right now I don't care if we actually

right now I don't care if we actually run a task on here but it was just

run a task on here but it was just interesting to go through the process to

interesting to go through the process to see how hard it was and we will go look

see how hard it was and we will go look at what resources are being created so

at what resources are being created so it's creating an internet gateway so

it's creating an internet gateway so it's literally creating a isolate VPC

it's literally creating a isolate VPC for it which is totally fine I guess um

for it which is totally fine I guess um it's creating a subnet it's creating a

it's creating a subnet it's creating a route table refresh

route table refresh here um I'm not sure how much it wants

here um I'm not sure how much it wants to create here it just looks like VPC

to create here it just looks like VPC that's all it's creating I thought maybe

that's all it's creating I thought maybe the ec2 instances would show up here but

the ec2 instances would show up here but maybe it's going to launch that on a

maybe it's going to launch that on a need be

basis okay so that's all created oh now it's doing a VPC

it's doing a VPC Gateway I think VPC gateways cost money

Gateway I think VPC gateways cost money let's go take a look here VPC

pricing yeah there's a uh transfer fee so just be careful about that you know

so just be careful about that you know and you just can just watch along here

and you just can just watch along here you don't have to do

you don't have to do it default route depends on public so

it default route depends on public so now it's creating ec2

route I don't know what an ads ec2 route is I've never seen that before sometimes

is I've never seen that before sometimes what we can do is go into ec2 and then

what we can do is go into ec2 and then take a look on the left hand side you

take a look on the left hand side you see anything in here we don't know what

see anything in here we don't know what it is we just type in ec2 route cloud

it is we just type in ec2 route cloud formation sometimes cloud formation is

formation sometimes cloud formation is great for figuring out what a component

great for figuring out what a component is not all components are represented in

is not all components are represented in the um inabus um Management console so

the um inabus um Management console so specify route in the route table oh it's

specify route in the route table oh it's just a route

just a route okay and we'll go back here we'll

okay and we'll go back here we'll refresh so that is done is the stack

refresh so that is done is the stack done created complete good we'll go back

done created complete good we'll go back to our Cloud shell it says you can edit

to our Cloud shell it says you can edit your configuration file or simply do Etc

your configuration file or simply do Etc so now let's see if we can create the

so now let's see if we can create the cluster I assume this would create ec2

cluster I assume this would create ec2 instances so the job schedule you are

instances so the job schedule you are using is sge this is deprecated in

using is sge this is deprecated in future use parallel cluster well should

future use parallel cluster well should have told me okay there is a new version

have told me okay there is a new version of 301 parallel available I don't

of 301 parallel available I don't understand because I just installed it

understand because I just installed it right we'll go back to cloud formation

right we'll go back to cloud formation just going to probably create nested

just going to probably create nested Stacks which that's what I thought it

Stacks which that's what I thought it would do n Stacks means that it's

would do n Stacks means that it's Reliant so there's one main one and then

Reliant so there's one main one and then there's uh children stack so go here see

there's uh children stack so go here see what resources it's creating oh whole

what resources it's creating oh whole bunch of stuff wow so many things that

bunch of stuff wow so many things that sqs Q

sqs Q SNS uh network interface a Dynamo DB

SNS uh network interface a Dynamo DB table Yeah you you probably don't want

table Yeah you you probably don't want to run this you just want to watch me do

to run this you just want to watch me do it and then we go into here it's

it and then we go into here it's creating uh an ec2 volume so that's

creating uh an ec2 volume so that's going to be

going to be EBS and then here we

EBS and then here we have uh a log group I don't know why

have uh a log group I don't know why they separated those out seem very

they separated those out seem very necessary we are waiting on the elastic

necessary we are waiting on the elastic IP that always takes forever ever

IP that always takes forever ever creating elastic IP root instance

creating elastic IP root instance profile that is the IM Ru for

profile that is the IM Ru for it that didn't take too long these these

it that didn't take too long these these take a long time I I never know why

take a long time I I never know why create a roll it's really easy but

create a roll it's really easy but attaching an I am policy you're always

attaching an I am policy you're always waiting for

waiting for those um so I'm going to just stop it

those um so I'm going to just stop it here I'll be back in a second because I

here I'll be back in a second because I don't want to have to make you watch me

don't want to have to make you watch me stare at the screen here okay all right

stare at the screen here okay all right so after a really really long wait um

so after a really really long wait um and it always takes some time there it

and it always takes some time there it finally created I'm not sure what it's

finally created I'm not sure what it's made I mean we generally saw over here

made I mean we generally saw over here in the outputs but usually the cost that

in the outputs but usually the cost that I'm worried about is whatever it's

I'm worried about is whatever it's launching under uc2 it might not even

launching under uc2 it might not even have launched any servers here we're

have launched any servers here we're going to take a look here see if there's

going to take a look here see if there's anything so we have a master and a

anything so we have a master and a compute and they're T2 micros so seems

compute and they're T2 micros so seems pretty safe here um this compute is not

pretty safe here um this compute is not running yet so I'm assuming that this is

running yet so I'm assuming that this is like the machine machine that does the

like the machine machine that does the Computing and maybe if you had multiple

Computing and maybe if you had multiple machines here like that would be the

machines here like that would be the cluster where I could manage multiple

cluster where I could manage multiple computes um I'm not particularly sure

computes um I'm not particularly sure but let's just keep going through the

but let's just keep going through the tutorial and see what we can do the next

tutorial and see what we can do the next step is we need to get this pem key in

step is we need to get this pem key in our Cloud shell here so this I don't

our Cloud shell here so this I don't know where this is but what I'm going to

know where this is but what I'm going to do is I'm going to move it to my desktop

do is I'm going to move it to my desktop I'm doing this off screen by the way so

I'm doing this off screen by the way so I'm moving it to my desktop and then I'm

I'm moving it to my desktop and then I'm just going to go and upload the file

just going to go and upload the file okay and there it is so we'll say open

okay and there it is so we'll say open and we'll say

and we'll say upload and it's going to upload it here

upload and it's going to upload it here onto this machine and I believe this is

onto this machine and I believe this is on like uh I think this used as an EFS

on like uh I think this used as an EFS instance like if you're wondering where

instance like if you're wondering where the storage for cloud shell is if we go

the storage for cloud shell is if we go over here I think it's

over here I think it's EFS is

EFS is it h i don't know where it is okay maybe

it h i don't know where it is okay maybe it's just a maybe it's somewhere else

it's just a maybe it's somewhere else okay I can't remember where it is but

okay I can't remember where it is but anyway um so

anyway um so now it's created the cluster can I hit

now it's created the cluster can I hit enter here

enter here here okay can I create a tab like if I

here okay can I create a tab like if I quit this is it going to kill it it

quit this is it going to kill it it exited it which is I think it's fine I

exited it which is I think it's fine I don't think it stopped running and so

don't think it stopped running and so now if I do an LS there's my key and so

now if I do an LS there's my key and so we can go back to our instructions just

we can go back to our instructions just have too many tabs open here drag this

have too many tabs open here drag this all the way to the left here and so we

all the way to the left here and so we can try to use our key here to log in so

can try to use our key here to log in so what I'm going to do is

go here and we'll say my HPC pm and see if that works we'll say

if that works we'll say yes and permission denied it is required

yes and permission denied it is required your private key is not accessible

your private key is not accessible that's because we have to chamod

that's because we have to chamod it um um I never remember the command

it um um I never remember the command anymore because I rarely SSH into

anymore because I rarely SSH into machines but if we go to

machines but if we go to connect and we go to SSH client it'll

connect and we go to SSH client it'll tell us what we need to

tell us what we need to run chamad 400 okay so that's what we

run chamad 400 okay so that's what we need to do is we need to do a chamad 400

need to do is we need to do a chamad 400 just wanted to grab that code

just wanted to grab that code there okay and now if we hit up we

there okay and now if we hit up we should SSH into the machine there we

should SSH into the machine there we are we are in the

are we are in the instance we'll type in exit and so now

instance we'll type in exit and so now we want to run our job on this

we want to run our job on this machine and if we go back over to here I

machine and if we go back over to here I guess we can go create our first job so

guess we can go create our first job so I'm just doing this in VI

and I'm going to paste that in yep and I don't want the first line oh

yep and I don't want the first line oh okay that's perfect

okay that's perfect great right

great right quit oh there's no file name hold on

quit oh there's no file name hold on here so I need to name this file

here so I need to name this file something so I'm going to say job

something so I'm going to say job Dosh and we're going to paste that again

Dosh and we're going to paste that again here we'll say

here we'll say paste and I don't know if that's cut off

paste and I don't know if that's cut off yeah it is okay great is that one okay

I don't trust that the first line is there so what I'm going to

there so what I'm going to do is go back to our tutorial here it's

do is go back to our tutorial here it's shebang SL bin SL

shebang SL bin SL bash

bash uh this then that slash bin SL bash just

uh this then that slash bin SL bash just double check it looks good to me we're

double check it looks good to me we're going to quit that I'm just going to

going to quit that I'm just going to make sure that it is what it we said it

make sure that it is what it we said it is so job sh looks correct to me good

is so job sh looks correct to me good and so we'll try to run our job here so

and so we'll try to run our job here so I'm going to say

I'm going to say Q um job.

Q um job. sh

sh LS and I guess it really depends on what

LS and I guess it really depends on what we decided to use when we set up that

we decided to use when we set up that thing I can't remember what we choose as

thing I can't remember what we choose as our Q we do Q

our Q we do Q stat oh okay okay okay so I think the

stat oh okay okay okay so I think the thing is like you see how we have sge I

thing is like you see how we have sge I think that that's what we use to queue

think that that's what we use to queue up jobs and so we have to have that

up jobs and so we have to have that install probably so

install probably so install configure surid

Linux oh boy that looks like a lot of work so I don't think we need to do

work so I don't think we need to do anything further here but as far as

anything further here but as far as understand the idea is that you're

understand the idea is that you're choosing uh some kind of way to manage

choosing uh some kind of way to manage these and so I'm not sure what cu Q sub

these and so I'm not sure what cu Q sub is let's go look up what that is what is

is let's go look up what that is what is Q sub oh that is the sun grid engine

Q sub oh that is the sun grid engine okay so how do we installed

that um I'm just going to see if we can install it so I'm going to do I think

install it so I'm going to do I think this is using

this is using yum so if I do clear here

yum so if I do clear here clear yum install Q sub let's see if I

clear yum install Q sub let's see if I can do

can do it s kud yum install Q sub no package

it s kud yum install Q sub no package available Amazon Linux 2 Q sub because

available Amazon Linux 2 Q sub because that's probably what we're running in

that's probably what we're running in Cloud

shell Q sub doesn't tell us how to install

install it that's

it that's great so that's probably what it is and

great so that's probably what it is and so in order to use this we would have to

so in order to use this we would have to install that sun whatever whatever and

install that sun whatever whatever and then we go through we do Q sub it would

then we go through we do Q sub it would queue it up um we could do qat cat hello

queue it up um we could do qat cat hello and destroy it that's pretty much all we

and destroy it that's pretty much all we really need to know to understand this

really need to know to understand this um it would have been nice to queue up a

um it would have been nice to queue up a job and see it work but you know we're

job and see it work but you know we're getting kind of into a hairy territory

getting kind of into a hairy territory here and I think that we fundamentally

here and I think that we fundamentally understand how this does work so what

understand how this does work so what I'm going to do is I'm going to go here

I'm going to do is I'm going to go here I'm going to remove the job Dosh here

I'm going to remove the job Dosh here and I want to destroy this

and I want to destroy this cluster um so I'm going to do pcluster

cluster um so I'm going to do pcluster commands to figure out what all the

commands to figure out what all the commands are and there's probably a

commands are and there's probably a delete command so we'll go back up

here B cluster where is our crate so we'll say

delete okay and so what that's going to do is just tear down all the stuff

do is just tear down all the stuff now so if we go over to cloud formation

okay and it looks like it's destroying so yeah I'll see you here uh back in a

so yeah I'll see you here uh back in a bit when it's all destroyed okay all

bit when it's all destroyed okay all right so after a short little wait there

right so after a short little wait there it has destroyed it been so long that I

it has destroyed it been so long that I uh my connection vanished but just make

uh my connection vanished but just make sure if you did follow along for

sure if you did follow along for whatever reason uh you know make sure

whatever reason uh you know make sure that the stuff is deleted and it looks

that the stuff is deleted and it looks like it did not destroy uh this so I'm

like it did not destroy uh this so I'm going to go ahead and delete that that's

going to go ahead and delete that that's just VPC stuff so I'm not too worried

just VPC stuff so I'm not too worried about it I know that's going to roll

about it I know that's going to roll back no problem and so I'm going to

back no problem and so I'm going to consider this done so I'm going to make

consider this done so I'm going to make my way back to the Management console

my way back to the Management console close this stuff up and we are good to

close this stuff up and we are good to go uh for our next

go uh for our next [Music]

[Music] thing hey this is Andrew Brown from exam

thing hey this is Andrew Brown from exam Pro and we're taking a look at Edge and

Pro and we're taking a look at Edge and hybrid Computing Services so what is

hybrid Computing Services so what is Edge Computing when you push your

Edge Computing when you push your Computing workloads outside of your

Computing workloads outside of your network to run close to the destination

network to run close to the destination location uh so an example would be

location uh so an example would be pushing Computing to run on phones iot

pushing Computing to run on phones iot devices external servers not within your

devices external servers not within your Cloud Network

Cloud Network what is Hy Computing when you're able to

what is Hy Computing when you're able to run workloads on both your on premise

run workloads on both your on premise Data Center and the a uh VPC okay so we

Data Center and the a uh VPC okay so we have a few Services here starting with

have a few Services here starting with ads Outpost this is a physical rack of

ads Outpost this is a physical rack of servers that you can put into your data

servers that you can put into your data center ads Outpost allows you to use

center ads Outpost allows you to use adus API and services uh such as ec2 WR

adus API and services uh such as ec2 WR in your data center then we have adus

in your data center then we have adus wavelength this allows you to build and

wavelength this allows you to build and launch your applications in a telecom

launch your applications in a telecom data center by doing this your

data center by doing this your applications will have ultra low latency

applications will have ultra low latency since they will be pushed over the 5G

since they will be pushed over the 5G Network and be closest as possible to

Network and be closest as possible to the end user um so they've partnered

the end user um so they've partnered with things like Verizon Vodaphone uh

with things like Verizon Vodaphone uh business and a few others but those are

business and a few others but those are the two noticeable ones okay we have

the two noticeable ones okay we have VMware Cloud on AWS so this allows you

VMware Cloud on AWS so this allows you to manage on premise virtual machines

to manage on premise virtual machines using VMware uh within ec2 instances the

using VMware uh within ec2 instances the data center must uh be using uh VMware

data center must uh be using uh VMware for virtualization for this to work okay

for virtualization for this to work okay then we have AB local zones which are

then we have AB local zones which are Edge uh data centers Loc at outside of

Edge uh data centers Loc at outside of the adus region so you can use adus

the adus region so you can use adus closer to the edge destination when you

closer to the edge destination when you need faster Computing storage databases

need faster Computing storage databases in populated areas that are outside of

in populated areas that are outside of AWS region you could do this there's

AWS region you could do this there's some other Edge offerings on AWS that

some other Edge offerings on AWS that aren't listed here like sagemaker has

aren't listed here like sagemaker has what's called like Neo stage maker let

what's called like Neo stage maker let you do Edge Computing with um ml but I

you do Edge Computing with um ml but I mean this is good enough

mean this is good enough [Music]

[Music] okay all right so I wanted just to show

okay all right so I wanted just to show an example of edge computer

an example of edge computer because we didn't cover it in our

because we didn't cover it in our generic uh compute and so there's a

generic uh compute and so there's a variety of services that allow you to do

variety of services that allow you to do Edge Computing like wavelength and so um

Edge Computing like wavelength and so um I've never actually launched wavelength

I've never actually launched wavelength before and I think that uh you have to

before and I think that uh you have to request it so if I go over to support

request it so if I go over to support here again I've never done this before

here again I've never done this before but I'm sure we can figure it out pretty

but I'm sure we can figure it out pretty easily I feel that if we create a

case um maybe it's like service limit we type in wavelength here NOP not

limit we type in wavelength here NOP not there

there so how do we get wavelength wavelength

so how do we get wavelength wavelength AB us

here okay how do I use wavelength AWS

whoops and sometimes what I'll do is go to the docs here here opt into

to the docs here here opt into wavelength zones before you specify

wavelength zones before you specify wavelength zone for resource or service

wavelength zone for resource or service you must opt into it to opt in go to the

you must opt into it to opt in go to the Adis console okay so we'll go to

ec2 and then it's going to say use the region selector in the navigation bar to

region selector in the navigation bar to select the region which supports your

wavelength so I know that there's stuff in uh Us West because of Las Vegas right

in uh Us West because of Las Vegas right or not Las Vegas but Los Angeles right

or not Las Vegas but Los Angeles right so if we go over here there's definitely

so if we go over here there's definitely that over there on the navigation pane

that over there on the navigation pane on the ec2 dashboard under account

on the ec2 dashboard under account attributes select

zones okay do we see zones here

here zones oh ec2

zones oh ec2 dashboard zones let's go check here

dashboard zones let's go check here again on the navigation pane choose ec2

again on the navigation pane choose ec2 dashboard we are there

right and under account attributes uh settings account

settings account attributes oh over here okay oh it's

attributes oh over here okay oh it's here

here zones and so there we have two zones and

zones and so there we have two zones and we see switch regions to make uh zones a

we see switch regions to make uh zones a different

different region okay so under Zone groups turn on

region okay so under Zone groups turn on wavelengths Zone groups

wavelengths Zone groups okay nothing there so I'm just going to

okay nothing there so I'm just going to switch over to another one

switch over to another one here maybe

here maybe Oregon maybe uswest 2 oh look at all the

Oregon maybe uswest 2 oh look at all the stuff we have here I've never seen these

stuff we have here I've never seen these before okay so here is the wavelength

before okay so here is the wavelength one so that is the Los Angeles

one so that is the Los Angeles one we can go ahead and enable this

one we can go ahead and enable this before disabling The Zone group I'm not

before disabling The Zone group I'm not sure what zone groups cost so wavelength

sure what zone groups cost so wavelength Zone pricing again you might just want

Zone pricing again you might just want to watch me do this because it might

to watch me do this because it might cost money um and so you might not want

cost money um and so you might not want to have to spend for

to have to spend for that

pricing uh provides mobile networks wavelengths are available across

wavelengths are available across whatever learn about the data transfers

whatever learn about the data transfers in price about ec2

in price about ec2 instances okay so what's the

instances okay so what's the price if we go into

here all right so what I'm going to suggest to use don't do this but I'm

suggest to use don't do this but I'm going to do it and we're just going to

going to do it and we're just going to see what the experience is like okay so

see what the experience is like okay so I'm going to update my zone so now I

I'm going to update my zone so now I have this one we'll say enable I'm going

have this one we'll say enable I'm going to assume that it has to do with like

to assume that it has to do with like data transfer

data transfer costs okay and uh we're going to go over

costs okay and uh we're going to go over to

ec2 and we're going to go over to instances

instances here we're going to launch an instance

here we're going to launch an instance and we're going to see if we we have

and we're going to see if we we have that available now I don't know if we're

that available now I don't know if we're restricted to particular

restricted to particular uh instances I assume we can launch a

uh instances I assume we can launch a Linux machine it' be really weird if we

Linux machine it' be really weird if we couldn't you know we'll go over to

couldn't you know we'll go over to configuration and what we want to do is

configuration and what we want to do is choose uh the zone so how do we do it so

choose uh the zone so how do we do it so once it's turned on confirmation confirm

once it's turned on confirmation confirm it configure your network so create a

it configure your network so create a VPC create a carrier Gateway so you can

VPC create a carrier Gateway so you can connect your resources into the VPC to

connect your resources into the VPC to the telecommunication Network holy

the telecommunication Network holy smokes This is

smokes This is complicated but it's just kind of

complicated but it's just kind of interesting to see like the process

interesting to see like the process right

right you know it's not for our use case but

you know it's not for our use case but uh carrier Gateway

uh carrier Gateway right and as I do this I always check up

right and as I do this I always check up all the costs here so I say carrier

all the costs here so I say carrier Gateway pricing AWS because maybe that's

Gateway pricing AWS because maybe that's where the price

where the price is okay if you don't get a pricing page

is okay if you don't get a pricing page then usually that's hard to say

then usually that's hard to say logically isolated virtual

logically isolated virtual networks again it's not telling me

networks again it's not telling me what um to use carrier you need to opt

what um to use carrier you need to opt into at least one one wavelength Zone

into at least one one wavelength Zone but I did

but I did right and sometimes what happens is that

right and sometimes what happens is that it just takes time for the optin to to

it just takes time for the optin to to go so go here manage the Zone settings

go so go here manage the Zone settings that was a lot easier way so we have one

that was a lot easier way so we have one it's we're opted in right here

it's we're opted in right here okay

okay and okay we'll we'll go here again if

and okay we'll we'll go here again if that one didn't work

that one didn't work um we can try so I guess these are all

um we can try so I guess these are all the regions Denver things like

the regions Denver things like that can I opt opt into this one opt

in it's not super exciting like all we're going to do is launch an ec2

we're going to do is launch an ec2 instance but you know we'll go through

instance but you know we'll go through the process here a

the process here a bit and I don't know why I can't create

bit and I don't know why I can't create one so we'll go back over to the

one so we'll go back over to the instructions

instructions here crate so you can connect so create

here crate so you can connect so create a route table using the VPC to the route

a route table using the VPC to the route table so I think that's as far as we're

table so I think that's as far as we're going to get here because I'm not seeing

going to get here because I'm not seeing any options here but the idea was that

any options here but the idea was that we would have to create a carrier

we would have to create a carrier Gateway we'd update our route tables and

Gateway we'd update our route tables and all we would be doing is launching an

all we would be doing is launching an ec2 instance so you know it's no

ec2 instance so you know it's no different than launching it you just

different than launching it you just choose a different subnet so I think

choose a different subnet so I think you'd have to create a subnet for that

you'd have to create a subnet for that zone and launch it in there and that

zone and launch it in there and that would be Edge Computing another example

would be Edge Computing another example of edge Computing would be something

of edge Computing would be something like via cloudfront which we have uh

like via cloudfront which we have uh these um Edge functions or not Edge

these um Edge functions or not Edge functions yeah functions here and so

functions yeah functions here and so these are functions that are deploy to

these are functions that are deploy to cloudfront

cloudfront so my cloudfront

function and these would be deployed to um Edge locations right and all you can

um Edge locations right and all you can use here is Javascript so here's an

use here is Javascript so here's an example of one and um I'm fine with this

example of one and um I'm fine with this development live this function is not

development live this function is not published we'll go to

published we'll go to test test the function it's

test test the function it's good publish publish that function and

good publish publish that function and so

so the advantage of this is that you know

the advantage of this is that you know if you have functions that are in it was

if you have functions that are in it was Lambda there's a chance of cold start um

Lambda there's a chance of cold start um whereas if they're deployed on the edge

whereas if they're deployed on the edge here there's still probably a cold start

here there's still probably a cold start but it's going to be a lot faster

but it's going to be a lot faster because it's a lot closer to the edge

because it's a lot closer to the edge location so um you know it's just a

location so um you know it's just a different uh different cases but yeah

different uh different cases but yeah there was one where we're launching ec2

there was one where we're launching ec2 workload into wavelength which we

workload into wavelength which we couldn't complete which is totally fine

couldn't complete which is totally fine and then we have these functions on the

and then we have these functions on the edge there's other uh Edge Computing ser

edge there's other uh Edge Computing ser like within Sage maker you can deploy I

like within Sage maker you can deploy I think it's called like Neo sagemaker and

think it's called like Neo sagemaker and then for iot devices those are obviously

then for iot devices those are obviously on the edge so you can deploy those as

on the edge so you can deploy those as well uh but generally that gives you an

well uh but generally that gives you an idea of edge Computing

idea of edge Computing [Music]

[Music] okay hey it's Andrew Brown from exam Pro

okay hey it's Andrew Brown from exam Pro and we're looking at cost and capacity

and we're looking at cost and capacity management Computing Services so before

management Computing Services so before we talk about them let's define what is

we talk about them let's define what is cost management so this is how do we

cost management so this is how do we save money and we have capacity

save money and we have capacity management how do we meet the demand of

management how do we meet the demand of traffic and use usages through adding or

traffic and use usages through adding or upgrading servers so let's get to it the

upgrading servers so let's get to it the first are the different types of EC

first are the different types of EC pricing models so you got spot instances

pricing models so you got spot instances reserved instances saving plans these

reserved instances saving plans these are ways to save on Computing by paying

are ways to save on Computing by paying up in full or partially or by committing

up in full or partially or by committing to a yearly contract or multi-year

to a yearly contract or multi-year contract uh or by being flexible about

contract uh or by being flexible about the availability Interruption to

the availability Interruption to Computing Services we have adus batch so

Computing Services we have adus batch so this plans schedules and executes your

this plans schedules and executes your batch computer workloads across the full

batch computer workloads across the full range of adist computing Services which

range of adist computing Services which can utilize spot instances to save money

can utilize spot instances to save money we have aist compute Optimizer so

we have aist compute Optimizer so suggest how to reduce cost and improve

suggest how to reduce cost and improve performance by using machine learning to

performance by using machine learning to analyze uh you uh your previous usage

analyze uh you uh your previous usage history we have ec2 auto scan groups so

history we have ec2 auto scan groups so asgs these automatically add or remove

asgs these automatically add or remove ec2 servers to meet the current demand

ec2 servers to meet the current demand all of traffic they will save you money

all of traffic they will save you money and meet capacity since you only run the

and meet capacity since you only run the amount of servers you need then we have

amount of servers you need then we have elb so elastic load balcer so this

elb so elastic load balcer so this distributes traffic to multiple

distributes traffic to multiple instances we can reroute traffic from

instances we can reroute traffic from unhealthy instances to healthy instances

unhealthy instances to healthy instances and can Route traffic to ec2 instances

and can Route traffic to ec2 instances running in different availability zones

running in different availability zones and then we have elastic beant stock

and then we have elastic beant stock here which is easy for deploying web

here which is easy for deploying web applications without developers having

applications without developers having to worry about setting up and

to worry about setting up and understanding the underlying ad Services

understanding the underlying ad Services similar to Heroku it's a platform as a

similar to Heroku it's a platform as a service so not all of these are about

service so not all of these are about cost some of them are about capacity

cost some of them are about capacity management like elb um but yeah yeah

management like elb um but yeah yeah there you

there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are looking at the types of

Pro and we are looking at the types of storage services and no matter what

storage services and no matter what cloud service provider you're using

cloud service provider you're using they're usually broken down into these

they're usually broken down into these three where we have blocks file and um

three where we have blocks file and um uh object okay so let's take a look at

uh object okay so let's take a look at the first so this is going to be for

the first so this is going to be for Block storage so for AWS this is called

Block storage so for AWS this is called elastic Block store data is split into

elastic Block store data is split into evenly split blocks directly accessed by

evenly split blocks directly accessed by the operating system and supports only a

the operating system and supports only a single right volume so imagine you have

single right volume so imagine you have an application over here and that

an application over here and that application is using a virtual machine

application is using a virtual machine that has a specific operating system and

that has a specific operating system and then it has a drive mounted to it uh

then it has a drive mounted to it uh could be using FC or uh scuzzy here um

could be using FC or uh scuzzy here um but the idea here is when you need a

but the idea here is when you need a virtual Drive attached to your VM is

virtual Drive attached to your VM is when you're going to be using block okay

when you're going to be using block okay the next one here is for um file or it's

the next one here is for um file or it's just basically a file system so this is

just basically a file system so this is Aus elastic file storage so the file is

Aus elastic file storage so the file is stored with data and metadata

stored with data and metadata multiple connections via a network share

multiple connections via a network share supports multiple reads writes locks the

supports multiple reads writes locks the file so over here uh we could have an

file so over here uh we could have an application but it doesn't necessarily

application but it doesn't necessarily have to be an application and so it's

have to be an application and so it's using NASA exports as the means to uh

using NASA exports as the means to uh communicate and so the protocols here

communicate and so the protocols here can be NFS or SMB which are very common

can be NFS or SMB which are very common uh file system protocols and so the idea

uh file system protocols and so the idea here is when you need a file share where

here is when you need a file share where multiple users or VMS need to access the

multiple users or VMS need to access the same drive so this is pretty common

same drive so this is pretty common where you might have multiple virtual

where you might have multiple virtual machines and you just want to act as

machines and you just want to act as like one uh Drive uh one example that

like one uh Drive uh one example that could be like let's say you're running a

could be like let's say you're running a Minecraft server you're only allowed to

Minecraft server you're only allowed to have one world on a particular single

have one world on a particular single drive but you want to be able to have

drive but you want to be able to have multiple virtual machines to maximize

multiple virtual machines to maximize that compute that'd be a case for that

that compute that'd be a case for that um so there you go then the last one

um so there you go then the last one here is like object storage and so fors

here is like object storage and so fors this is called Amazon simple storage

this is called Amazon simple storage service or also known as S3 so object is

service or also known as S3 so object is stored with data metadata and a unique

stored with data metadata and a unique ID scales with limmited uh uh with

ID scales with limmited uh uh with limited no file limit or storage limit

limited no file limit or storage limit so there's really very there's very

so there's really very there's very little limit to this it just basically

little limit to this it just basically scales up supports multiple reads and

scales up supports multiple reads and wrs so there are no locks and so the

wrs so there are no locks and so the protocol here we're going to be using

protocol here we're going to be using htps and API so when you just want to

htps and API so when you just want to upload files and not have to worry about

upload files and not have to worry about the underlying infrastructure not

the underlying infrastructure not intended for high uh I op so input and

intended for high uh I op so input and outputs per seconds okay so depending on

outputs per seconds okay so depending on how fast you have to do your read and

how fast you have to do your read and wrs are going to determine uh you know

wrs are going to determine uh you know whether you're going uh this direction

whether you're going uh this direction or the other way um or you know how many

or the other way um or you know how many need to actually connect at at the same

need to actually connect at at the same time and whether it has to be connected

time and whether it has to be connected as a mount drive to the virtual machine

as a mount drive to the virtual machine [Music]

[Music] okay hey it's Andrew Brown from exam Pro

okay hey it's Andrew Brown from exam Pro and we're going to do a short

and we're going to do a short introduction into S3 because on the

introduction into S3 because on the certified Cloud practitioner they ask

certified Cloud practitioner they ask you a little bit more than they used to

you a little bit more than they used to and so we need to be a bit familiar with

and so we need to be a bit familiar with S3 because it is um at least I think

S3 because it is um at least I think that Abus considers its Flagship uh

that Abus considers its Flagship uh storage

storage service and it really is one of the

service and it really is one of the earliest Services it was the second one

earliest Services it was the second one ever launched okay so what is object

ever launched okay so what is object storage or object based storage so data

storage or object based storage so data storage architecture that manages data

storage architecture that manages data as objects as opposed to other storage

as objects as opposed to other storage architectures so file systems where uh

architectures so file systems where uh these are others right so which manages

these are others right so which manages data as files and a hierarchy and block

data as files and a hierarchy and block storage which manages data as blocks

storage which manages data as blocks with with ins sectors and tracks that

with with ins sectors and tracks that get stored on an actual uh drive and so

get stored on an actual uh drive and so uh the idea here is we have S3 which

uh the idea here is we have S3 which provides basically unlimited storage you

provides basically unlimited storage you don't need to think about the underlying

don't need to think about the underlying infrastructure the S3 console provides

infrastructure the S3 console provides interface for you to upload and access

interface for you to upload and access your data okay so we have the concept of

your data okay so we have the concept of S3 object so objects contain your data

S3 object so objects contain your data they are like files but objects may

they are like files but objects may consist of a key this is the name of the

consist of a key this is the name of the object a value the data itself made up

object a value the data itself made up of a sequence of bytes the version ID

of a sequence of bytes the version ID when versioning enabled the version of

when versioning enabled the version of the object metadata additional

the object metadata additional information attached to the object and

information attached to the object and then you have your S3 buckets so buckets

then you have your S3 buckets so buckets hold objects buckets can also have

hold objects buckets can also have folders which in turn hold objects S3 is

folders which in turn hold objects S3 is a universal name space so bucket names

a universal name space so bucket names must be unique it's like having a domain

must be unique it's like having a domain name okay and one other interesting

name okay and one other interesting thing is an individual object can be

thing is an individual object can be between Z bytes and up to 5 terabytes so

between Z bytes and up to 5 terabytes so you have unlimited storage but you can't

you have unlimited storage but you can't have uh files of uh incredible size uh I

have uh files of uh incredible size uh I mean 5 terabytes is a lot but nothing

mean 5 terabytes is a lot but nothing beyond that for a single file but just

beyond that for a single file but just understand that you can actually have a

understand that you can actually have a zerob byte file uh and for like

zerob byte file uh and for like associate certifications that can be a

associate certifications that can be a an actual question so that's why it's

an actual question so that's why it's [Music]

[Music] there all right let's take a look at S3

there all right let's take a look at S3 storage classes um and so for the

storage classes um and so for the certified Cloud practitioner we need to

certified Cloud practitioner we need to know generally what these are for

know generally what these are for associate levels we need more detail

associate levels we need more detail than we have here but let's get through

than we have here but let's get through it so adus offers a range of S3 storage

it so adus offers a range of S3 storage classes that trade retrieval time

classes that trade retrieval time accessibility durability for cheaper

accessibility durability for cheaper storage and so the farther down we go

storage and so the farther down we go here the more cost effective uh it

here the more cost effective uh it should get uh pending uh you know

should get uh pending uh you know certain conditions okay so when you put

certain conditions okay so when you put something into S3 it's going to go into

something into S3 it's going to go into the standard uh tier the default tier

the standard uh tier the default tier here and this is uh incredibly fast it

here and this is uh incredibly fast it has

has 99.99% availability 119 durability and

99.99% availability 119 durability and it's replicated across 3 azs and so uh

it's replicated across 3 azs and so uh you know we have this cheaper meter here

you know we have this cheaper meter here here on the left hand side and that

here on the left hand side and that would apply this is very expensive and

would apply this is very expensive and it's not actually expensive but it is

it's not actually expensive but it is expensive at scale when you can uh

expensive at scale when you can uh better optimize it with these other

better optimize it with these other tiers so just understand that um then

tiers so just understand that um then you have the S3 intellig tiering so this

you have the S3 intellig tiering so this uses ml to analyze objects and usage and

uses ml to analyze objects and usage and determine the appropriate storage class

determine the appropriate storage class dat is moveed to the most cost effective

dat is moveed to the most cost effective access tier without any performance

access tier without any performance impact or added overhead then you have

impact or added overhead then you have S3 standard IIA which stands for

S3 standard IIA which stands for infrequent access this is just as fast

infrequent access this is just as fast as S3 standard but it's cheaper if you

as S3 standard but it's cheaper if you access the files less than once a month

access the files less than once a month there's going to be an additional

there's going to be an additional retrieval fee applied so if you do try

retrieval fee applied so if you do try to retrieve data as frequently as S3

to retrieve data as frequently as S3 standard it's going to actually end up

standard it's going to actually end up costing you more so you don't want to do

costing you more so you don't want to do that okay then you have S3 one zone IIA

that okay then you have S3 one zone IIA so as it says it's running in a single

so as it says it's running in a single zone so it's as fast as S3 standard but

zone so it's as fast as S3 standard but it's going to have lowered availability

it's going to have lowered availability but you're going to save money okay

but you're going to save money okay there is one caveat though your data

there is one caveat though your data could get destroyed because it's

could get destroyed because it's remaining in a single uh a so if that a

remaining in a single uh a so if that a or data centers um suffer a catastrophe

or data centers um suffer a catastrophe you're not going to have a duplicate of

you're not going to have a duplicate of your data to retrieve it okay um and

your data to retrieve it okay um and then you have S3 Glacier so for

then you have S3 Glacier so for long-term clothed storage retrieval of

long-term clothed storage retrieval of data can take minutes to hour

data can take minutes to hour but it's very very very cheap and then

but it's very very very cheap and then you have S3 Glacier uh deep archive

you have S3 Glacier uh deep archive which is the lowest cost storage class

which is the lowest cost storage class but the data retrieval is 12 hours and

but the data retrieval is 12 hours and so you know um all of these here to here

so you know um all of these here to here these are all going to be in the same uh

these are all going to be in the same uh a S3 console or Amazon S3 console S3

a S3 console or Amazon S3 console S3 Glacier is basically like its own

Glacier is basically like its own service but it's part of S3 so kind of

service but it's part of S3 so kind of lives in this weird State there's one

lives in this weird State there's one here that we didn't have on the list

here that we didn't have on the list here which is S3 outputs because it has

here which is S3 outputs because it has its own storage class and doesn't

its own storage class and doesn't exactly fit well into um this kind of

exactly fit well into um this kind of linear cheaper uh thing here

linear cheaper uh thing here [Music]

[Music] okay hey it's Andrew Brown from exam Pro

okay hey it's Andrew Brown from exam Pro and we are taking a look at the ous snow

and we are taking a look at the ous snow family so this is storage and compute

family so this is storage and compute devices used to physically move data in

devices used to physically move data in or out of the cloud when moving data

or out of the cloud when moving data over the Internet or Prov private

over the Internet or Prov private connection that is too slow difficult or

connection that is too slow difficult or costly so we have snow cone snowball

costly so we have snow cone snowball Edge and snow mobile and so there

Edge and snow mobile and so there originally was just snowball and and

originally was just snowball and and then they came out with snowball Edge uh

then they came out with snowball Edge uh and Edge introduced Edge Computing

and Edge introduced Edge Computing that's why there's Edge in the name but

that's why there's Edge in the name but pretty much all of these devices have

pretty much all of these devices have Edge Computing uh and they do

Edge Computing uh and they do individually come with some variant so

individually come with some variant so with the snowball a snow cone it comes

with the snowball a snow cone it comes in two sizes where it has 8 terabyt of

in two sizes where it has 8 terabyt of usable storage and then there's one with

usable storage and then there's one with 14 terabytes of usable storage for

14 terabytes of usable storage for snowball Edge it technically has like

snowball Edge it technically has like four versions but I'm going to break it

four versions but I'm going to break it down to two for you we have storage

down to two for you we have storage optimized where we have 80 terab of you

optimized where we have 80 terab of you um uh of usable storage there and then

um uh of usable storage there and then compute optimize

compute optimize 3.9.5 terab and even though it's not

3.9.5 terab and even though it's not here you get a lot of vcpus and

here you get a lot of vcpus and increased memory which could be very

increased memory which could be very important if you need to do Edge

important if you need to do Edge Computing before you send that over to

Computing before you send that over to AWS and then last here we have

AWS and then last here we have snowmobile which can store up to 100

snowmobile which can store up to 100 pedabytes of storage um in the uh

pedabytes of storage um in the uh Associates I cover these in a lot more

Associates I cover these in a lot more detail because there's so much more

detail because there's so much more about these like the security of them

about these like the security of them how they're tamper proof like how they

how they're tamper proof like how they have networking buil in the the

have networking buil in the the connection to them but you know for this

connection to them but you know for this exam that's just too much information um

exam that's just too much information um you just need to know that there are

you just need to know that there are three uh three ones in the family and

three uh three ones in the family and generally what the sizes are and that

generally what the sizes are and that they're going to be all placed into

they're going to be all placed into Amazon S3 what's interesting is that you

Amazon S3 what's interesting is that you know snowmobile only does 100 pedabytes

know snowmobile only does 100 pedabytes but adabs markets it as you can move

but adabs markets it as you can move exabytes of of um content because you

exabytes of of um content because you can order more than one of these devices

can order more than one of these devices so they'll market it saying like

so they'll market it saying like snowball EDG is when you want to move

snowball EDG is when you want to move pedabytes of data and snowball mobile is

pedabytes of data and snowball mobile is when you want to move exabytes but you

when you want to move exabytes but you can see that a single thing isn't in the

can see that a single thing isn't in the exabyte it's just in the petabyte

exabyte it's just in the petabyte [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at all the

Pro and we are taking a look at all the itaba storage services in brief here so

itaba storage services in brief here so let's get to it so the first is simple

let's get to it so the first is simple storage service S3 this is a seress

storage service S3 this is a seress object storage service you can upload

object storage service you can upload very large files and an unlimited amount

very large files and an unlimited amount of files you pay for what you store you

of files you pay for what you store you don't worry about the unine file system

don't worry about the unine file system or upgrading the dis size you have S3

or upgrading the dis size you have S3 Glacier this is a cold storage service

Glacier this is a cold storage service it's designed as a lowcost storage

it's designed as a lowcost storage solution for archiving and long-term

solution for archiving and long-term backup it uses previous generation uh

backup it uses previous generation uh HDD drives to get that low cost and it's

HDD drives to get that low cost and it's highly secure and durable we have

highly secure and durable we have elastic Block store EBS this is a

elastic Block store EBS this is a persistent block storage service it is a

persistent block storage service it is a virtual hard drive in the cloud and you

virtual hard drive in the cloud and you attach to ec2 instances you can choose

attach to ec2 instances you can choose different kinds of hard drives so SSD

different kinds of hard drives so SSD iops SSD throughput HDD and um a cold

iops SSD throughput HDD and um a cold hhd okay we have elastic file storage so

hhd okay we have elastic file storage so EFS it is a cloud native NFS file system

EFS it is a cloud native NFS file system service so file storage uh you can mount

service so file storage uh you can mount to multiple ec2 instances at the same

to multiple ec2 instances at the same time when you need to share files

time when you need to share files between multiple servers we have storage

between multiple servers we have storage Gateway this is a hybrid cloud storage

Gateway this is a hybrid cloud storage service that extends your on premise

service that extends your on premise storage to the cloud we got three

storage to the cloud we got three offerings here file Gateway so extend

offerings here file Gateway so extend your local storage to Amazon S3 volume

your local storage to Amazon S3 volume Gateway caches your local drive to S3 so

Gateway caches your local drive to S3 so you have a continuous backup of the

you have a continuous backup of the local files in the cloud tape Gateway so

local files in the cloud tape Gateway so stores files onto virtual tapes for

stores files onto virtual tapes for backing up your files on very

backing up your files on very costeffective long-term storage we got

costeffective long-term storage we got one more page here cuz there's a lot of

one more page here cuz there's a lot of services here we have adab us snow

services here we have adab us snow family so these are storage devices used

family so these are storage devices used to physically migrate large amounts of

to physically migrate large amounts of data to the cloud and so we have

data to the cloud and so we have snowball and snowball Edge these are

snowball and snowball Edge these are briefcase size data storage devices

briefcase size data storage devices between 50 to 80 terabytes I don't

between 50 to 80 terabytes I don't believe snowball is available anymore

believe snowball is available anymore it's just snowball Edge uh but it's good

it's just snowball Edge uh but it's good to have all of them in here so we can

to have all of them in here so we can see what's going on we have snowmobile

see what's going on we have snowmobile this is a cargo container filled with

this is a cargo container filled with racks of storage and compute that is

racks of storage and compute that is transported a semi trailer tractor truck

transported a semi trailer tractor truck to transfer up to 100 pedabytes of data

to transfer up to 100 pedabytes of data per trailer I don't think we're going to

per trailer I don't think we're going to be ordering that anytime soon cuz that's

be ordering that anytime soon cuz that's pretty darn expensive but that's cool we

pretty darn expensive but that's cool we have snow cone this is a very small

have snow cone this is a very small version of snowball that can transfer 8

version of snowball that can transfer 8 terabytes of data we have adab us backup

terabytes of data we have adab us backup a fully managed backup service that

a fully managed backup service that makes it easy to centralize and automate

makes it easy to centralize and automate the backup of data across multiple a

the backup of data across multiple a services so ec2 EBS RDS TB EFS storage

services so ec2 EBS RDS TB EFS storage Gateway you create the backup plans we

Gateway you create the backup plans we have Cloud endure disaster recovery so

have Cloud endure disaster recovery so continuously replicates your machine in

continuously replicates your machine in a lowcost staging area in your target

a lowcost staging area in your target abl's account and preferred region

abl's account and preferred region enabling fast and reliable recovery in

enabling fast and reliable recovery in case of it data center failures we have

case of it data center failures we have Amazon FSX this is a feature Rich and

Amazon FSX this is a feature Rich and highly performant file system that can

highly performant file system that can be used for uh windows so that would be

be used for uh windows so that would be using SMB or Linux which uses luster and

using SMB or Linux which uses luster and so there we have the Amazon FS FSX for

so there we have the Amazon FS FSX for Windows file server so use SMB protocol

Windows file server so use SMB protocol and allow you to mount FSX to Windows

and allow you to mount FSX to Windows servers and then the luster one which

servers and then the luster one which uses uh Linux luster file system it

uses uh Linux luster file system it allows you to mount F FSX Linux servers

allows you to mount F FSX Linux servers are there any storage Services missing

are there any storage Services missing here not really I mean you could count

here not really I mean you could count elastic container repository as one but

elastic container repository as one but um that's kind of something else or you

um that's kind of something else or you could also count maybe um uh code commit

could also count maybe um uh code commit but you know I kind of put those in a

but you know I kind of put those in a separate category where we where those

separate category where we where those are in our developer tools or our

are in our developer tools or our containers

containers [Music]

[Music] okay all right so what I want to do is

okay all right so what I want to do is show you around S3 so we'll make our way

show you around S3 so we'll make our way up here and type in

up here and type in S3 and we'll let it load here and what

S3 and we'll let it load here and what we're going to do is create a new bucket

we're going to do is create a new bucket if you do not see the screen just click

if you do not see the screen just click on the side here go to buckets and we'll

on the side here go to buckets and we'll create ourselves a new bucket so bucket

create ourselves a new bucket so bucket names are unique so let say my

names are unique so let say my bucket and we'll just pound in a bunch

bucket and we'll just pound in a bunch of numbers I'm sure you're getting used

of numbers I'm sure you're getting used to making buckets in this um in this

to making buckets in this um in this course so

course so far um so if we scroll on down notice

far um so if we scroll on down notice that it says block public access

that it says block public access settings for this bucket this is turned

settings for this bucket this is turned on uh like the blocking is turned on by

on uh like the blocking is turned on by default because S3 buckets are the

default because S3 buckets are the number one thing that are a point of

number one thing that are a point of entry for malicious actors where people

entry for malicious actors where people leave their buckets open so if we want

leave their buckets open so if we want to uh Grant access to this bucket for

to uh Grant access to this bucket for people to see this publically we'd have

people to see this publically we'd have to turn this off okay but for now we're

to turn this off okay but for now we're going to leave that on you can version

going to leave that on you can version things in buckets which is pretty cool

things in buckets which is pretty cool you can turn on encryption which you

you can turn on encryption which you should turn on by default and use the

should turn on by default and use the Amazon S3 key on the certified Cloud

Amazon S3 key on the certified Cloud partitioner it's going to ask you about

partitioner it's going to ask you about client side encryption and server side

client side encryption and server side encryption so you definitely want to

encryption so you definitely want to know what these are I'm going to turn it

know what these are I'm going to turn it off for the time being so we can kind of

off for the time being so we can kind of explore uh here by oursel here um then

explore uh here by oursel here um then there's object lock so we can lock files

there's object lock so we can lock files so that um you know they're you know

so that um you know they're you know people aren't writing to them multiple

people aren't writing to them multiple times so we'll go ahead and create a

times so we'll go ahead and create a bucket and it's very quick so here is

bucket and it's very quick so here is the new bucket we made and you'll notice

the new bucket we made and you'll notice we have nothing here which is totally

we have nothing here which is totally fine if I go to

fine if I go to properties um you know we can see that

properties um you know we can see that uh we can turn on Buck conversing turn

uh we can turn on Buck conversing turn on encryption what I'm going to do is

on encryption what I'm going to do is I'm going to go grab some files I

I'm going to go grab some files I remember I saved uh some files recently

remember I saved uh some files recently here I'm just going to make a new folder

here I'm just going to make a new folder called Star Trek I just have some

called Star Trek I just have some graphics you can pull anything off the

graphics you can pull anything off the internet you want to do this

internet you want to do this yourself U but I'm just going to prepare

yourself U but I'm just going to prepare a folder here it'll take me a

a folder here it'll take me a moment

moment okay just a

okay just a moment okay great so now I have my

moment okay great so now I have my folder prepared and so what I want to do

folder prepared and so what I want to do is upload my first file so I can go here

is upload my first file so I can go here in upload and actually I can upload

in upload and actually I can upload multiple files you can even add a folder

multiple files you can even add a folder which is nice and so in here if I want

which is nice and so in here if I want to upload these files here whoops I'll

to upload these files here whoops I'll just select multiples I'll hit open

just select multiples I'll hit open it'll cue them up which is really nice

it'll cue them up which is really nice we can see the destination details here

we can see the destination details here if we want to turn it versioning on we

if we want to turn it versioning on we could there uh we could apply

could there uh we could apply permissions for outside access but we

permissions for outside access but we have uh things turned on but what's

have uh things turned on but what's really important is the properties where

really important is the properties where we have these different tiers and So

we have these different tiers and So based on the tier that you use the lower

based on the tier that you use the lower you go at least it should be the cheaper

you go at least it should be the cheaper it's going to get uh but it's going to

it's going to get uh but it's going to have some tradeoffs and we cover that

have some tradeoffs and we cover that through the course then there's that

through the course then there's that server side encryption um and I'm going

server side encryption um and I'm going to hit upload we'll just individually

to hit upload we'll just individually turn it on so you're going to see this

turn it on so you're going to see this progress go across the top these have

progress go across the top these have all been uploaded I'm going to cck click

all been uploaded I'm going to cck click on my destination bucket and so what we

on my destination bucket and so what we can do is we can uh open these if

can do is we can uh open these if they're images they'll show us right

they're images they'll show us right here in the browser we can download them

here in the browser we can download them so if we need to get them again all

so if we need to get them again all right we can create a folder here and

right we can create a folder here and just say Star Trek or Enterprise

just say Star Trek or Enterprise D Enterprise D

D Enterprise D here okay but it's not really easy it's

here okay but it's not really easy it's not like I can drag this into there um I

not like I can drag this into there um I might be able there's no move option so

might be able there's no move option so you'd actually have to copy it into the

you'd actually have to copy it into the destination and then delete the old one

destination and then delete the old one it's not like using a file system you

it's not like using a file system you know um there's a lot more work involved

know um there's a lot more work involved but you know it's a great storage

but you know it's a great storage solution um so let's look at concpt so I

solution um so let's look at concpt so I have this selected here if I click into

have this selected here if I click into it I can go to permissions I can go to

it I can go to permissions I can go to versions see that I'm looking for H

versions see that I'm looking for H encryption here we go so if I turn it on

encryption here we go so if I turn it on I can enable encryption and I can choose

I can enable encryption and I can choose whether I want to use an Amazon S3 key

whether I want to use an Amazon S3 key so

so SS S3 so an encryption key that Amazon

SS S3 so an encryption key that Amazon S3 creates manages and uses for you then

S3 creates manages and uses for you then you have

you have ibus SS KMS and I believe this uses AES

ibus SS KMS and I believe this uses AES up here which is totally fine then you

up here which is totally fine then you you have KMS down here and it's

you have KMS down here and it's interesting because they're like ads

interesting because they're like ads will manage the key for you and then

will manage the key for you and then this one ads will manage the key for you

this one ads will manage the key for you it's just slightly different this one of

it's just slightly different this one of course is a lot simpler there's not many

course is a lot simpler there's not many reasons not to turn on encryption but U

reasons not to turn on encryption but U I'm going to go turn this one so that it

I'm going to go turn this one so that it is encrypted

is encrypted here and just because it's encrypted

here and just because it's encrypted doesn't mean we can't access the file I

doesn't mean we can't access the file I can still download it I can still view

can still download it I can still view it because databus is going to decrypt

it because databus is going to decrypt it right so if I go and click on this

it right so if I go and click on this one and I say open okay even though it's

one and I say open okay even though it's encrypted I can still view it right it

encrypted I can still view it right it just means that it's encrypted on the

just means that it's encrypted on the storage right so if somebody were to

storage right so if somebody were to steal that hard drive whatever hard

steal that hard drive whatever hard drive it's sitting on on ads if they

drive it's sitting on on ads if they didn't figure it out it's encrypted

didn't figure it out it's encrypted they're not going to be able to open up

they're not going to be able to open up the file right so that is the logic

the file right so that is the logic there but through here um I can get it

there but through here um I can get it something that's really interesting with

something that's really interesting with um um S3 is the ability to um uh have

um um S3 is the ability to um uh have life cycle events so I'm just kind of

life cycle events so I'm just kind of looking where that is it's usually in

looking where that is it's usually in the bucket so if I go to management up

the bucket so if I go to management up here I can set up a life cycle rule and

here I can set up a life cycle rule and what I can do is say like move this to

what I can do is say like move this to deep

deep storage okay and then I can say what it

storage okay and then I can say what it is that I want to filter so maybe it's

is that I want to filter so maybe it's like data.

like data. jpg I can say apply to all objects in

jpg I can say apply to all objects in the bucket I acknowledge that and we say

the bucket I acknowledge that and we say move current versions of objects between

move current versions of objects between storage classes and I checkbox that on

storage classes and I checkbox that on and I can say move them to Glacier after

and I can say move them to Glacier after 30 days I think if I go lower it'll

30 days I think if I go lower it'll complain uh probably when I save there

complain uh probably when I save there and so the idea is that we can move

and so the idea is that we can move things and distort some so maybe you

things and distort some so maybe you have files coming in down below it's

have files coming in down below it's showing you here right so a file is

showing you here right so a file is uploaded and then after 30 days then

uploaded and then after 30 days then move them in the glacier so we save

move them in the glacier so we save money okay that's a big advantage of S3

money okay that's a big advantage of S3 there's a lot of things going on in S3

there's a lot of things going on in S3 here like you can turn on

here like you can turn on um uh wherever it is you can turn

um uh wherever it is you can turn on web hosting so you can turn this into

on web hosting so you can turn this into like a website down below here there's a

like a website down below here there's a whole whole bunch of things that you can

whole whole bunch of things that you can do okay so uh we're not going to get

do okay so uh we're not going to get into that because that's just too much

into that because that's just too much work but uh you know we learned the

work but uh you know we learned the basics of S3 so what I want to do to

basics of S3 so what I want to do to delete this I have to empty it first

delete this I have to empty it first watch it'll be like you cannot delete it

watch it'll be like you cannot delete it you need to empty the bucket first so go

you need to empty the bucket first so go ahead and empty it and I'll say my

ahead and empty it and I'll say my bucket

empty or sorry I guess I have to type in permanently

permanently delete

delete [Music]

[Music] Perman delete no they used to oh yeah I

Perman delete no they used to oh yeah I can copy it okay great and so once the

can copy it okay great and so once the bucket is is emptied I can go back to

bucket is is emptied I can go back to the

bucket and I'll go back one layer and then I'll go ahead and delete my

then I'll go ahead and delete my bucket and you can only have so many

bucket and you can only have so many buckets I think it's like a 100 you have

buckets I think it's like a 100 you have like a 100

like a 100 buckets how many buckets can you have in

buckets how many buckets can you have in a

a WS 100 buckets yeah I was

WS 100 buckets yeah I was right and I think if you wanted to know

right and I think if you wanted to know how many you Pro there's probably like a

how many you Pro there's probably like a service limits page service limits

service limits page service limits service

service quotas so you go here you say a Services

S3 how many buckets 100 right there okay so you know that gives you kind of an

so you know that gives you kind of an idea what's going on there but there you

idea what's going on there but there you go that's

S3 all right so let's go take a look at elastic Block store which is uh virtual

elastic Block store which is uh virtual hard drives for ec2 so what I'm going to

hard drives for ec2 so what I'm going to do is make my way over to the ec2

do is make my way over to the ec2 console because that is where it's at

console because that is where it's at and on the left hand side if we scroll

and on the left hand side if we scroll on down you'll see elastic block volumes

on down you'll see elastic block volumes or elastic Block store volumes and so we

or elastic Block store volumes and so we can go here and the idea is we can go

can go here and the idea is we can go ahead and create ourselves a volume and

ahead and create ourselves a volume and what you'll notice is that we have a few

what you'll notice is that we have a few different options here we have general

different options here we have general purpose provisioned iops cold HDD

purpose provisioned iops cold HDD throughput optimized magnetic magnetic

throughput optimized magnetic magnetic being um basically like uh physical tape

being um basically like uh physical tape that you can use to back up like the old

that you can use to back up like the old school stuff and so you have all these

school stuff and so you have all these options here and you can choose the size

options here and you can choose the size so when you change these options you're

so when you change these options you're going to notice that some things are

going to notice that some things are going to change like the through uh

going to change like the through uh throughput or iops so notice that

throughput or iops so notice that general purpose is fixed at between 300

general purpose is fixed at between 300 to 3,000 and notice that it goes from 1

to 3,000 and notice that it goes from 1 Gigabyte to how many ever that is that's

Gigabyte to how many ever that is that's a lot there and so it's not too

a lot there and so it's not too complicated but in practicality I don't

complicated but in practicality I don't really create volumes this way what I do

really create volumes this way what I do is I'll just go launch an ec2 instance

is I'll just go launch an ec2 instance so I'll say launch ec2 instance and

so I'll say launch ec2 instance and we'll choose Amazon lytic 2 and again

we'll choose Amazon lytic 2 and again you know if we haven't done the uc2 uh

you know if we haven't done the uc2 uh follow along we'll cover all this stuff

follow along we'll cover all this stuff in more detail don't worry about about

in more detail don't worry about about it um we go to configure instance then

it um we go to configure instance then we go to add storage and this is what

we go to add storage and this is what you're going to be doing when adding EBS

you're going to be doing when adding EBS volumes um to your ec2 instances and

volumes um to your ec2 instances and you'll notice we always have a root

you'll notice we always have a root volume that's attached to the ec2

volume that's attached to the ec2 instance that we cannot remove we can

instance that we cannot remove we can change the size up here I believe the oh

change the size up here I believe the oh it shows us right here that we have up

it shows us right here that we have up to 30 gigabytes so sometimes you might

to 30 gigabytes so sometimes you might want to Max that out to take advantage

want to Max that out to take advantage of the free tier you notice we can also

of the free tier you notice we can also change uh this there might be some

change uh this there might be some limitations in terms of the root volume

limitations in terms of the root volume so notice that we have a few more

so notice that we have a few more options here we can have a cold HDD or

options here we can have a cold HDD or HDD as our root volume uh notice we have

HDD as our root volume uh notice we have a delete on termination so EBS volume

a delete on termination so EBS volume persists independently from the running

persists independently from the running life so you can choose to automatically

life so you can choose to automatically delete uh EBS volume when the associated

delete uh EBS volume when the associated instance is terminated so if you take

instance is terminated so if you take this off if the ec2 instance is deleted

this off if the ec2 instance is deleted the volume will still remain which could

the volume will still remain which could be something that's important to you uh

be something that's important to you uh for encryption here um you might want to

for encryption here um you might want to turn it on and so generally adus always

turn it on and so generally adus always has a KMS manage key which is free so

has a KMS manage key which is free so you checkbox that on it will be

you checkbox that on it will be encrypted uh you can turn it on later um

encrypted uh you can turn it on later um but you can never turn encryption off

but you can never turn encryption off but you should always uh turn encryption

but you should always uh turn encryption on and so just be aware to turn that on

on and so just be aware to turn that on you can also add file systems down below

you can also add file systems down below here but maybe we'll talk about that

here but maybe we'll talk about that later because I think that gets

later because I think that gets into um e EFS okay so that is a

into um e EFS okay so that is a different type of file storage there but

different type of file storage there but that's pretty much all there is to it uh

that's pretty much all there is to it uh you just go ahead and create uh your

you just go ahead and create uh your volume there and then it would show up

volume there and then it would show up under EBS we could take snapshots of

under EBS we could take snapshots of them to back them up that goes to S3 but

them to back them up that goes to S3 but that's all we really need to know here

that's all we really need to know here [Music]

[Music] okay all right let's take a look at

okay all right let's take a look at elastic file uh system or EFS uh storage

elastic file uh system or EFS uh storage manage file storage what does EFS stand

manage file storage what does EFS stand for EFS system elastic file system okay

for EFS system elastic file system okay sorry and so what we can do is go ahead

sorry and so what we can do is go ahead and create a file system here so I'm

and create a file system here so I'm going to say my EFS and the great thing

going to say my EFS and the great thing is that it basically a serverless so

is that it basically a serverless so it's only going to be white you consume

it's only going to be white you consume right so what you store and what you

right so what you store and what you consume um and I think that's what it's

consume um and I think that's what it's going to be based on we have to choose a

going to be based on we have to choose a VPC I want to launch it in my default

VPC I want to launch it in my default VPC and we have the choice of regional

VPC and we have the choice of regional or one zone um I guess this is going to

or one zone um I guess this is going to be based on what gets backed up to S3

be based on what gets backed up to S3 possibly so onezone probably is more

possibly so onezone probably is more cost effective but I'm going to choose

cost effective but I'm going to choose Regional and that's a new Option I never

Regional and that's a new Option I never noticed before I just opened it up to

noticed before I just opened it up to see a few more things here we have

see a few more things here we have General Max IO bursting provision things

General Max IO bursting provision things like that we'll hit next

like that we'll hit next we'll choose our

we'll choose our azs and uh then you might have to set up

azs and uh then you might have to set up a policy so I'm going to hit next here

a policy so I'm going to hit next here you'll go ahead and hit create so you

you'll go ahead and hit create so you know this is really interesting but the

know this is really interesting but the trick to it is really mounting it to a

trick to it is really mounting it to a dc2 instance and that's kind of the pain

dc2 instance and that's kind of the pain okay so if we go into this um you have

okay so if we go into this um you have to mount it and there are commands for

to mount it and there are commands for it so like EFS mounting Linux

it so like EFS mounting Linux commands Okay

commands Okay I've done this in my Solutions architect

I've done this in my Solutions architect associate uh but you know again I'm not

associate uh but you know again I'm not doing on a regular basis so I don't

doing on a regular basis so I don't remember and so if we go here I'm just

remember and so if we go here I'm just trying to see if we can see some code

trying to see if we can see some code that tells us how to mount it so

that tells us how to mount it so mounting on an E2 uh uh ec2 Linux

mounting on an E2 uh uh ec2 Linux instance with the EFS Mount helper um so

instance with the EFS Mount helper um so I don't know if they had that before but

I don't know if they had that before but that sounds interesting so pseudo Mount

that sounds interesting so pseudo Mount hyphen T the file system the EFS

hyphen T the file system the EFS mounting

mounting Point yeah this looks a lot easier I

Point yeah this looks a lot easier I than what we had before okay so before I

than what we had before okay so before I had to enter a bunch of weird commands

had to enter a bunch of weird commands but now looks like they've boiled it

but now looks like they've boiled it down to single command but once you have

down to single command but once you have your EFS

your EFS instance

instance um I'm going to assume that there is an

um I'm going to assume that there is an entry point here just clicking around

entry point here just clicking around here seeing what we can see I would

here seeing what we can see I would imagine we have to create an access

imagine we have to create an access point so my access

point so my access point sure I don't know if it's going to

point sure I don't know if it's going to let me just do that it did and so I

let me just do that it did and so I would imagine that you probably use an

would imagine that you probably use an access point let's go back here ifs

access point let's go back here ifs Mount point I think that's the same

Mount point I think that's the same thing I think the mount point and the

thing I think the mount point and the access point you create access points

access point you create access points and that's what you use uh we can go

and that's what you use uh we can go here we can attach it so oh yeah here's

here we can attach it so oh yeah here's the command

the command so um Mount via DNS or Mount via IP

so um Mount via DNS or Mount via IP address

address so it doesn't look too hard we can try

so it doesn't look too hard we can try to give it a go I haven't done it in a

to give it a go I haven't done it in a while it looks like they've made it

while it looks like they've made it easier so maybe we'll try it out okay so

easier so maybe we'll try it out okay so we go to ec2 here

we go to ec2 here and I'm going to launch an instance I'm

and I'm going to launch an instance I'm going to choose Amazon

going to choose Amazon 2 okay we're going to go and choose that

2 okay we're going to go and choose that and then we want to choose a file

and then we want to choose a file system and

system and so it's going to mount to here okay and

so it's going to mount to here okay and storage is fine all this is fine and I'm

storage is fine all this is fine and I'm going to go ahead and launch

going to go ahead and launch this and and I need a new key pair so

this and and I need a new key pair so create a new key pair um this will be

create a new key pair um this will be for EFS example

for EFS example okay we're going to download that key

okay we're going to download that key pair there we're going to launch this

instance okay and then we're going to go view this and as that is launching what

view this and as that is launching what I'm going to do is open up my cloud

I'm going to do is open up my cloud shell and I'm going to want to upload

shell and I'm going to want to upload this pen so again like before I'm going

this pen so again like before I'm going to drag it to my desktop off screen and

to drag it to my desktop off screen and then what I'm going to do is upload this

then what I'm going to do is upload this file so I have

file so I have it EFS example okay we're going to

it EFS example okay we're going to upload

upload it because I just want to see if we can

it because I just want to see if we can access that EFS volume and so if I do

access that EFS volume and so if I do LS that's our old one which I can delete

LS that's our old one which I can delete by the way I'm never going to use that

by the way I'm never going to use that anytime soon

anytime soon yes LS and I'm going just delete the

yes LS and I'm going just delete the hello text there so it's a bit cleaner

hello text there so it's a bit cleaner for what we're doing and so we need to

for what we're doing and so we need to chod that

chod that 400 uh EFS

400 uh EFS example and we saw that's how like if

example and we saw that's how like if you want to try to connect to a server

you want to try to connect to a server remotely that's what you do right so I

remotely that's what you do right so I believe that the drive is

believe that the drive is mounted if I go to storage does it show

mounted if I go to storage does it show up

up here doesn't show up under

here doesn't show up under here but

here but um what we're waiting for are these two

um what we're waiting for are these two status checks to pass and then we can

status checks to pass and then we can SSH into this machine

and I'm just going to go back here and take a look here so using the EFS Mount

take a look here so using the EFS Mount helper so pseudo Mount hyphen T EFS TLS

helper so pseudo Mount hyphen T EFS TLS this volume to EFS and so I imagine it's

this volume to EFS and so I imagine it's going to mount it to EFS here using the

going to mount it to EFS here using the NFS client so I guess it just depends on

NFS client so I guess it just depends on what we're going to have available to us

what we're going to have available to us even if the status checks haven't passed

even if the status checks haven't passed I'm going to try to get into this

I'm going to try to get into this anyway um so what we can do is click on

anyway um so what we can do is click on this grab the public IP address we'll

this grab the public IP address we'll type in

type in SSH uh ec2 hyphen user at sign paste

SSH uh ec2 hyphen user at sign paste this in hyphen I EFS example pem I

this in hyphen I EFS example pem I usually don't log in Via

usually don't log in Via SSH um but you know just for this

SSH um but you know just for this example I will and so I want to see if

example I will and so I want to see if this drive

this drive exists usually be under mount right

exists usually be under mount right there it is okay so it already mounted

there it is okay so it already mounted for us so I can do touch hello

for us so I can do touch hello world. text

world. text say pseudo

say pseudo here I can say pseudo VI I'm going to

here I can say pseudo VI I'm going to open up the file and say hello from

open up the file and say hello from another computer

another computer okay and so I've saved that file and

okay and so I've saved that file and what I want to do

what I want to do now

now oops oh okay sorry I'm in the cloud

oops oh okay sorry I'm in the cloud shell here but what I want to do now is

shell here but what I want to do now is I want to kill this

I want to kill this machine okay and what I'm going to do is

machine okay and what I'm going to do is spin up another ec2 instance I'm going

spin up another ec2 instance I'm going to see if when I mount that if that file

to see if when I mount that if that file is there if it actually worked but wow

is there if it actually worked but wow that is so much easier than before I

that is so much easier than before I can't tell you how hard it was to attach

can't tell you how hard it was to attach an EFS volume the last time I did it um

an EFS volume the last time I did it um so we'll go ahead We'll add that and the

so we'll go ahead We'll add that and the storage is fine we're going to go to

storage is fine we're going to go to review here we're going to say launch

review here we're going to say launch and I'm just going to stick with the

and I'm just going to stick with the same key pair

same key pair there we're going to give that moment to

there we're going to give that moment to launch and we're going to go to view

launch and we're going to go to view instances and so now this one is

instances and so now this one is launching as it's launching let's just

launching as it's launching let's just go peek around and see what we can see

go peek around and see what we can see so you know I imagine if we didn't add

so you know I imagine if we didn't add that file system during the the boot um

that file system during the the boot um and we were we're adding it after the

and we were we're adding it after the fact we probably could just ran that

fact we probably could just ran that line and added it really easily um I'm

line and added it really easily um I'm not going to bother testing that because

not going to bother testing that because I just don't want to go through that

I just don't want to go through that trouble to do that um I still can't

trouble to do that um I still can't remember what these access points are

remember what these access points are for um but uh it's okay let kind of out

for um but uh it's okay let kind of out of the scope for the certified Cloud

of the scope for the certified Cloud practitioner and then so I'm just

practitioner and then so I'm just curious so we get some nice monitoring

curious so we get some nice monitoring here right so that's kind of nice

um I guess they're trying to suggest here like anabis backup data sync

transfer so that would just be backing up simplify uh automates accelerates

up simplify uh automates accelerates moving data okay that's pretty

moving data okay that's pretty straightforward transfer family fully

straightforward transfer family fully managed F SFTP okay so nothing exciting

managed F SFTP okay so nothing exciting there and we're going to refresh that

there and we're going to refresh that there and this is initializing so let's

there and this is initializing so let's go see if we can connect to this one so

go see if we can connect to this one so I'm going to go ahead grab that public

I'm going to go ahead grab that public IP address I'm going to hit up

IP address I'm going to hit up okay I'm going to swap out that IP

okay I'm going to swap out that IP address and we're going to see if we can

address and we're going to see if we can connect to that machine yet so we'll say

connect to that machine yet so we'll say yes and we got into it so that's great

yes and we got into it so that's great and so what I'm going to do is go again

and so what I'm going to do is go again into the mount directory EFS FS1 LS and

into the mount directory EFS FS1 LS and there it is I'm going to do cat hello

there it is I'm going to do cat hello world and so it works and so that's the

world and so it works and so that's the cool thing about DFS is that you have a

cool thing about DFS is that you have a a file system that you can share among

a file system that you can share among other um uh ec2 instances I'm sure users

other um uh ec2 instances I'm sure users could connect to it using the NFS

could connect to it using the NFS protocol I'm not the best at like

protocol I'm not the best at like Network or storage networking so I'm not

Network or storage networking so I'm not going to show that here to you today but

going to show that here to you today but that gives you a general idea of how EFS

that gives you a general idea of how EFS works again you only pay for what you

works again you only pay for what you store it is serverless so we'll go here

store it is serverless so we'll go here and type delete CU I'm done with this

and type delete CU I'm done with this I'll probably uh destroy the instance

I'll probably uh destroy the instance first it doesn't get mixed

first it doesn't get mixed up and just so we clean up a little bit

up and just so we clean up a little bit better here I'm going to delete these

better here I'm going to delete these Keys

Keys here

delete okay and we'll go ahead and delete this one as

well delete since I'm done with that uh we'll make sure that that is

that uh we'll make sure that that is tearing down that is good and we'll make

tearing down that is good and we'll make our way back over here and it says enter

our way back over here and it says enter probably the ID's name in so we'll enter

probably the ID's name in so we'll enter that in and we hit

that in and we hit confirm and we'll see is it deleting I'm

confirm and we'll see is it deleting I'm not confident with it I'm going to do it

not confident with it I'm going to do it one more time confirm it by entering the

one more time confirm it by entering the the file systems ID so we'll put it in

the file systems ID so we'll put it in again

is it destroying I cannot tell there we go so it's destroying we are in good

go so it's destroying we are in good shape it is gone our data is gone um but

shape it is gone our data is gone um but yeah that is

yeah that is [Music]

[Music] EFS all right let's take a look at um

EFS all right let's take a look at um the snow family in ads so if we type in

the snow family in ads so if we type in snow up here and we click into ads snow

snow up here and we click into ads snow family this is where we can probably

family this is where we can probably order ourselves a device um I might not

order ourselves a device um I might not be able to order them at least when I

be able to order them at least when I originally looked at this like way back

originally looked at this like way back in the day uh it wasn't available in

in the day uh it wasn't available in Canada so I'm kind of curious to see

Canada so I'm kind of curious to see what there is but the idea is that

what there is but the idea is that you're going to go here and Order and

you're going to go here and Order and you have some options so you can import

you have some options so you can import into S3 or export from S3 and then down

into S3 or export from S3 and then down below we have local compute storage so

below we have local compute storage so perform local comput storage workloads

perform local comput storage workloads without transferring data you can order

without transferring data you can order multiple devices and clusters for

multiple devices and clusters for increased durability and storage

increased durability and storage capacity so it sounds like you're not

capacity so it sounds like you're not you're not um transferring data you're

you're not um transferring data you're just using it uh locally on uh to um

just using it uh locally on uh to um it's like basically buying renting

it's like basically buying renting temporary computers was just kind of

temporary computers was just kind of interesting I never saw that option

interesting I never saw that option before but we're going to choose import

before but we're going to choose import into ads3 and we're just going to read

into ads3 and we're just going to read through this stuff and it's not my

through this stuff and it's not my expectation that we're going to even be

expectation that we're going to even be able to submit a job here and you

able to submit a job here and you probably don't want to because it's

probably don't want to because it's going to cost money but I just want to

going to cost money but I just want to show you the process so we can see what

show you the process so we can see what there is here so snow job assistance if

there is here so snow job assistance if you're new to snow family run a pilot of

you're new to snow family run a pilot of one to two devices so batch file smaller

one to two devices so batch file smaller than 1 Megabyte Benchmark and optimize

than 1 Megabyte Benchmark and optimize deploy St uh staging

deploy St uh staging workstations discover remediate

workstations discover remediate environment m al uh issues early files

environment m al uh issues early files and folders name must conform to Amazon

and folders name must conform to Amazon S3 prepare your Ami once the pilot is

S3 prepare your Ami once the pilot is completed confirm the number of snow

completed confirm the number of snow family devices that you can copy devices

family devices that you can copy devices to simultaneously follow the best

to simultaneously follow the best practices use the following resources to

practices use the following resources to manage your snow devices so we have iTab

manage your snow devices so we have iTab us openhub and then there's the edge

us openhub and then there's the edge client

client CLI so openhub is a graphical user

CLI so openhub is a graphical user interface you can use to manage snow

interface you can use to manage snow devices so that's kind of cool and then

devices so that's kind of cool and then we have the CLI which I imagine is

we have the CLI which I imagine is something that's very useful to use so

something that's very useful to use so just close those off here and then we

just close those off here and then we have other things so I'm going to say I

have other things so I'm going to say I acknowledge I know what I'm doing which

acknowledge I know what I'm doing which I don't really but that's okay and then

I don't really but that's okay and then here we are going to enter in our

here we are going to enter in our address so we say Andrew Brown and I'm

address so we say Andrew Brown and I'm not going to I'm not going to enter this

not going to I'm not going to enter this in for real just whatever so it would be

in for real just whatever so it would be Toronto exam Pro um Canada oh see so

Toronto exam Pro um Canada oh see so there's there's the thing you can only

there's there's the thing you can only ship it to the US and so that's as far

ship it to the US and so that's as far as I can get okay um and that's the

as I can get okay um and that's the thing is like if you really want to know

thing is like if you really want to know ad us inside and not you got to be in

ad us inside and not you got to be in the US but let's pretend that we do have

the US but let's pretend that we do have an address in the states what's a very

an address in the states what's a very famous address so what is the address of

famous address so what is the address of the White House

the White House okay there it

okay there it is so I'm just going to copy that

is so I'm just going to copy that in because again we're not going to

in because again we're not going to submit this for real I just want to see

submit this for real I just want to see what's farther down the line here

what's farther down the line here okay uh what's NW

okay uh what's NW is that the state it's in Washington

is that the state it's in Washington right is is this part of it NW Northwest

right is is this part of it NW Northwest is that a thing I'm from Canada so I

is that a thing I'm from Canada so I couldn't tell you um so we'll go down

couldn't tell you um so we'll go down here and we have Washington do we have a

here and we have Washington do we have a second address line it doesn't look like

second address line it doesn't look like it

it um we have a zip code I believe this is

um we have a zip code I believe this is the zip

the zip code and do we need a phone number looks

code and do we need a phone number looks like we do

like we do 416 uh 111 11111 okay okay we have one

416 uh 111 11111 okay okay we have one day or two day shipping why not just

day or two day shipping why not just have one right and so then we can choose

have one right and so then we can choose our type of device so we have snow cone

our type of device so we have snow cone snow cone SSD snow cone optimized I'm

snow cone SSD snow cone optimized I'm surprised I never took a screenshot of

surprised I never took a screenshot of this earlier um compute optimized things

this earlier um compute optimized things like that so you can choose which one

like that so you can choose which one you want it looks like we're going to

you want it looks like we're going to see some different options but we'll go

see some different options but we'll go with snow cone my snow

cone and snow cones do not ship with a power supply or ethernet cable snow cone

power supply or ethernet cable snow cone devices are powered by by 45 wat CB C uh

devices are powered by by 45 wat CB C uh USBC power supply I'll provide my own

USBC power supply I'll provide my own power supply and cable do not ship with

power supply and cable do not ship with a power supply re cable that's fine uh

a power supply re cable that's fine uh snow con Wireless snow con connect to

snow con Wireless snow con connect to your wireless connection connect the

your wireless connection connect the buckets you want there's a bucket we

buckets you want there's a bucket we created

created earlier Computing use comp using ec2

earlier Computing use comp using ec2 instances use a device as a mobile data

instances use a device as a mobile data center by loading ec2 Ami so here's an

center by loading ec2 Ami so here's an Ami that I might want to

Ami that I might want to use uh ad iot green validated Ami not

use uh ad iot green validated Ami not interested in Remote device management

interested in Remote device management you can use Ops Hub or Etc to monitor

you can use Ops Hub or Etc to monitor reboot your device that's fine and so

reboot your device that's fine and so then we need to choose our security

then we need to choose our security key I don't know if we'll have to set

key I don't know if we'll have to set the service R we'll see what happens

the service R we'll see what happens here and uh we'll let it update that's

here and uh we'll let it update that's fine and so then I guess we just hit

fine and so then I guess we just hit create job and so I don't really want to

create job and so I don't really want to order one um so I'm not going to hit

order one um so I'm not going to hit that button and also it's going to go to

that button and also it's going to go to the White House and they're going to be

the White House and they're going to be like Andrew Brown why did you do that so

like Andrew Brown why did you do that so that's not something I feel like doing

that's not something I feel like doing today but at least that gives you an

today but at least that gives you an idea of that process there and I imagine

idea of that process there and I imagine that uh if you go the other way it's

that uh if you go the other way it's going to be pretty similar you know it's

going to be pretty similar you know it's just like same stuff I think uh so you

just like same stuff I think uh so you it saved that address it's not a real

it saved that address it's not a real address and the the options are a little

address and the the options are a little bit uh limited here and it's like NFS

bit uh limited here and it's like NFS Bas S3 base so it's slightly different

Bas S3 base so it's slightly different but it's basically the same process just

but it's basically the same process just curious we'll take a look at the last

curious we'll take a look at the last one

one there since there are three options just

there since there are three options just curious okay Sim similar thing okay so

curious okay Sim similar thing okay so yeah that's pretty much all I want you

yeah that's pretty much all I want you to know about um the snow family and

to know about um the snow family and that's about it

that's about it [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at what is

Pro and we are taking a look at what is a database so a database is a data store

a database so a database is a data store that stores semi-structured and

that stores semi-structured and structured data and just to emphasize a

structured data and just to emphasize a bit more a database stores more complex

bit more a database stores more complex data stores because it requires using

data stores because it requires using formal design and modeling techniques so

formal design and modeling techniques so databases can generally be categorized

databases can generally be categorized as either being relational so structured

as either being relational so structured data that strongly represents tabular

data that strongly represents tabular data so we're talking about tables rows

data so we're talking about tables rows and columns so there's a concept of row

and columns so there's a concept of row oriented or colum oriented and then we

oriented or colum oriented and then we have non relational databases so these

have non relational databases so these are semi-structured that may or may not

are semi-structured that may or may not distinctly resemble tabular data so here

distinctly resemble tabular data so here is a very uh simple example the idea is

is a very uh simple example the idea is that you might use some kind of language

that you might use some kind of language like SQL put in your database and you'll

like SQL put in your database and you'll get back out tables for relational

get back out tables for relational databases let's just talk about some of

databases let's just talk about some of the functionality that these databases

the functionality that these databases have so they can be uh using a special

have so they can be uh using a special specialized language to uh query so

specialized language to uh query so retrieve data so in this case SQL

retrieve data so in this case SQL specialized modeling strategies to

specialized modeling strategies to optimize retrieval for different use

optimize retrieval for different use cases uh more fine-tune control over the

cases uh more fine-tune control over the transformation of the data into useful

transformation of the data into useful data structures or reports and normally

data structures or reports and normally a database infers uh someone is usually

a database infers uh someone is usually using a a relational row oriented data

using a a relational row oriented data dat store so um you know just understand

dat store so um you know just understand that when people say database that's

that when people say database that's usually what they're talking about like

usually what they're talking about like postgress MySQL relational row store is

postgress MySQL relational row store is usually the default but uh obviously

usually the default but uh obviously there's a lot more broader terms there

there's a lot more broader terms there [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at what is

Pro and we are taking a look at what is a data warehouse so it's a relational

a data warehouse so it's a relational data store designed for analytical

data store designed for analytical workloads which is generally column

workloads which is generally column oriented data store okay so companies

oriented data store okay so companies will have terab and millions of rows of

will have terab and millions of rows of data and they'll need a fast way to be

data and they'll need a fast way to be able to produce analytics reports so

able to produce analytics reports so data warehouses generally perform

data warehouses generally perform aggregation so aggregation is the idea

aggregation so aggregation is the idea of grouping data together so find a

of grouping data together so find a total or an average uh and data

total or an average uh and data warehouses are optimized around columns

warehouses are optimized around columns since they need to quickly aggregate

since they need to quickly aggregate column data and so here is kind of a

column data and so here is kind of a diagram of um a data warehouse and so

diagram of um a data warehouse and so the idea is that it could be ingesting

the idea is that it could be ingesting data uh from a regular database here I'm

data uh from a regular database here I'm just getting out my pen tool so it could

just getting out my pen tool so it could be regular database or it be coming from

be regular database or it be coming from a different data source that isn't

a different data source that isn't compatible in terms of the schema and

compatible in terms of the schema and you use like ETL or El or ETL to get

you use like ETL or El or ETL to get that data into uh that data warehouse so

that data into uh that data warehouse so data warehouses are generally designed

data warehouses are generally designed uh to be hot so hot means that they can

uh to be hot so hot means that they can return queries very fast even though

return queries very fast even though they have vast amounts of data data

they have vast amounts of data data warehouses are infrequently accessed

warehouses are infrequently accessed meaning they aren't intended for

meaning they aren't intended for real-time reporting but maybe once or

real-time reporting but maybe once or twice a day uh or once a week to

twice a day uh or once a week to generate business and uh user reports of

generate business and uh user reports of course it's going to vary based B on the

course it's going to vary based B on the um the service that is offering the data

um the service that is offering the data warehouse a data warehouse needs to

warehouse a data warehouse needs to consume data from a relational database

consume data from a relational database on a regular basis and again it can

on a regular basis and again it can consume it from other places but you'll

consume it from other places but you'll have to transform it to get it in there

have to transform it to get it in there [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we're taking a look at a key

Pro and we're taking a look at a key value store so a key value store or

value store so a key value store or database is a type of non-relational

database is a type of non-relational database or nosql that uses a simple key

database or nosql that uses a simple key Value method to store data and so key

Value method to store data and so key value stores are dumb and fast uh but

value stores are dumb and fast uh but they generally lack features like

they generally lack features like relationships indexes aggregation of

relationships indexes aggregation of course there are going to be providers

course there are going to be providers out there have managed solutions that

out there have managed solutions that might uh poly fill some of those uh

might uh poly fill some of those uh issues there but I want to show you the

issues there but I want to show you the underlying way that key value stores

underlying way that key value stores work to kind to kind of distinguish them

work to kind to kind of distinguish them between document stores so a key value

between document stores so a key value stores literally a unique key alongside

stores literally a unique key alongside a value and the reason I'm representing

a value and the reason I'm representing that as zeros and ones is because I want

that as zeros and ones is because I want you to understand that that's what it is

you to understand that that's what it is it's basically just some kind of of

it's basically just some kind of of there and how the key value uh store

there and how the key value uh store interprets it is going to determine what

interprets it is going to determine what it is so when you look at a document

it is so when you look at a document database that is just a key value store

database that is just a key value store that uh uh interprets the value as being

that uh uh interprets the value as being documents right and so key value stores

documents right and so key value stores can and do commonly store um uh multiple

can and do commonly store um uh multiple uh like an associate array that's pretty

uh like an associate array that's pretty common so even for Dynamo DB that's how

common so even for Dynamo DB that's how it does it and so that's why when you

it does it and so that's why when you look at a key Value Store it looks like

look at a key Value Store it looks like it uh a a table but it's not actually a

it uh a a table but it's not actually a table it's schema list because

table it's schema list because underneath it's really just um you know

underneath it's really just um you know that associative array and so that's why

that associative array and so that's why you can have uh columns or sorry rows

you can have uh columns or sorry rows that have uh different amounts of

that have uh different amounts of columns okay so due to the design they

columns okay so due to the design they are able to scale very well beyond a

are able to scale very well beyond a relational database and they can kind of

relational database and they can kind of work like a relational database without

work like a relational database without all the bells and whistles so hopefully

all the bells and whistles so hopefully you know that makes sense okay

[Music] all right let's take a look at document

all right let's take a look at document stores so a document store is a nosql

stores so a document store is a nosql database that stores documents as its

database that stores documents as its primary data structure and a document

primary data structure and a document could be an XML uh type of uh structure

could be an XML uh type of uh structure but it also could be something like Json

but it also could be something like Json or Json like document stores are

or Json like document stores are subclasses of key value stores uh and

subclasses of key value stores uh and the components of a document store are

the components of a document store are very uh comparable to relational

very uh comparable to relational databases so just kind of an example

databases so just kind of an example here where in a relational database

here where in a relational database that' be called tables now you have

that' be called tables now you have collections they were called rows now

collections they were called rows now they're called documents you had columns

they're called documents you had columns they had Fields they may have indexes

they had Fields they may have indexes and then joins might be called embedding

and then joins might be called embedding and linking so you can translate that

and linking so you can translate that knowledge over uh you know they they're

knowledge over uh you know they they're not as um they don't have the same kind

not as um they don't have the same kind of feature set as a relational database

of feature set as a relational database but you have better scalability and

but you have better scalability and honestly document stores are just key

honestly document stores are just key value stores with some additional

value stores with some additional features built on top of it

features built on top of it [Music]

[Music] okay hey it's Andre Brown from exam Pro

okay hey it's Andre Brown from exam Pro and we're going to take a look at the

and we're going to take a look at the nosql database services that are

nosql database services that are available on AWS so we have Dynamo DB

available on AWS so we have Dynamo DB which is a serverless nosql key value

which is a serverless nosql key value and document database it is designed to

and document database it is designed to scale to billions of records with

scale to billions of records with guaranteed consistent data returned in

guaranteed consistent data returned in at least a second you do not have to

at least a second you do not have to worry about managing shards and Dynamo

worry about managing shards and Dynamo DB is ad's Flagship database service

DB is ad's Flagship database service meaning whenever we think of a database

meaning whenever we think of a database service that just scales is cost

service that just scales is cost effective and very fast we should think

effective and very fast we should think of Dynamo DB and in 2019 Amazon the

of Dynamo DB and in 2019 Amazon the online shopping retail shut down their

online shopping retail shut down their last Oracle database and completed their

last Oracle database and completed their migration to Dynamo DB so they had 7,500

migration to Dynamo DB so they had 7,500 Oracle databases with 75 pedabytes of

Oracle databases with 75 pedabytes of data and with Dynamo DB they reduce that

data and with Dynamo DB they reduce that cost by 60% and reduced the latency by

cost by 60% and reduced the latency by 40% so that's kind of to be like a

40% so that's kind of to be like a testimonial between relational and a no

testimonial between relational and a no escal database so when we want a

escal database so when we want a massively scalable database that is what

massively scalable database that is what we want Dynamo db4 and I really just

we want Dynamo db4 and I really just want to put that there because it if you

want to put that there because it if you remember that you're going to always be

remember that you're going to always be able to pass uh or get those questions

able to pass uh or get those questions right on the exam okay then we have

right on the exam okay then we have document DB so this is a nol document

document DB so this is a nol document database that is mongod DB compatible uh

database that is mongod DB compatible uh so mongodb is very popular no SC among

so mongodb is very popular no SC among developers there were open source

developers there were open source licensing issues around using open

licensing issues around using open source mongodb so ad us got around it by

source mongodb so ad us got around it by just building their own mongodb database

just building their own mongodb database basically so when you want a mongod DB

basically so when you want a mongod DB like database you're going to be using

like database you're going to be using document DB we have Amazon key spaces

document DB we have Amazon key spaces this is a fully managed apoe Cassandra

this is a fully managed apoe Cassandra database so Cassandra is an open source

database so Cassandra is an open source nosql key value database similar to

nosql key value database similar to Dynamo DB that is column or store

Dynamo DB that is column or store database but has some additional

database but has some additional functionality so when you want to use

functionality so when you want to use Apache Cassandra you're using Amazon key

Apache Cassandra you're using Amazon key [Music]

[Music] spaces hey this is Andrew Brown from

spaces hey this is Andrew Brown from exam Pro and we are taking a look at

exam Pro and we are taking a look at relational database Services starting

relational database Services starting with relational database service RDS and

with relational database service RDS and this is a relational database service

this is a relational database service that supports multiple SQL engines so

that supports multiple SQL engines so relational is synomous with SQL and

relational is synomous with SQL and online transactional processing

online transactional processing oltp and relational databases are the

oltp and relational databases are the most commonly used type of database

most commonly used type of database among tech companies and startups just

among tech companies and startups just because they're so easy to use I use

because they're so easy to use I use them I love them um RDS supports the

them I love them um RDS supports the following SQL engines we first have

following SQL engines we first have MySQL so this is the most popular open

MySQL so this is the most popular open source SQL database uh and it was

source SQL database uh and it was purchased and is now owned by Oracle uh

purchased and is now owned by Oracle uh and there's an interesting story there

and there's an interesting story there because when Oracle purchased it they

because when Oracle purchased it they weren't supposed to have it Mario DB was

weren't supposed to have it Mario DB was or sorry myell was sold to Oracle Sun

or sorry myell was sold to Oracle Sun systems and then within the year um uh

systems and then within the year um uh Oracle purchased it from them and the

Oracle purchased it from them and the original creators never wanted it to go

original creators never wanted it to go to Oracle um just because of their uh

to Oracle um just because of their uh the way they do licensing and things

the way they do licensing and things like that and so um the original

like that and so um the original creators came back and they decided to

creators came back and they decided to fork myql and then maintain it as Mario

fork myql and then maintain it as Mario DB just so that uh you know oracle never

DB just so that uh you know oracle never kind of pushed away the most popular um

kind of pushed away the most popular um database so that everyone had to go to a

database so that everyone had to go to a p solution then you have postest so psql

p solution then you have postest so psql as it's commonly known is the most

as it's commonly known is the most popular open source SQL database among

popular open source SQL database among developers this is the one I like to use

developers this is the one I like to use because it has so many Rich features

because it has so many Rich features over my SQL uh but but it does come with

over my SQL uh but but it does come with added complexity then Oracle has its own

added complexity then Oracle has its own SQL proprietary database which is well

SQL proprietary database which is well used by Enterprise companies but you

used by Enterprise companies but you have to buy a license to use it then you

have to buy a license to use it then you have Microsoft SQL so Microsoft's

have Microsoft SQL so Microsoft's proprietary SQL database and with this

proprietary SQL database and with this one you have to buy a license to use it

one you have to buy a license to use it uh then you have Aurora so this is a

uh then you have Aurora so this is a fully managed database uh and there's a

fully managed database uh and there's a lot more to uh going on here with Aurora

lot more to uh going on here with Aurora so we'll talk about it it almost acts as

so we'll talk about it it almost acts as a separate service but it is powered by

a separate service but it is powered by RDS so aora is a fully managed database

RDS so aora is a fully managed database of either myell so five times faster or

of either myell so five times faster or postest SQL three times faster database

postest SQL three times faster database so when you want a highly available

so when you want a highly available durable and scalable and secure

durable and scalable and secure relational database for post mqu you

relational database for post mqu you want to use Aurora uh then you have

want to use Aurora uh then you have Aurora serverless so this is a ser on

Aurora serverless so this is a ser on demand version of Aurora so when you

demand version of Aurora so when you want the most of the benefits of Aurora

want the most of the benefits of Aurora but you can trade uh off to have cold

but you can trade uh off to have cold starts or you don't have lots of traffic

starts or you don't have lots of traffic or demand uh this is a way you can use

or demand uh this is a way you can use Aurora in a serverless way then you have

Aurora in a serverless way then you have RDS on VMware so this allows you to

RDS on VMware so this allows you to deploy RDS supported engines to on

deploy RDS supported engines to on premise data centers uh the data center

premise data centers uh the data center must be using VMware for Server

must be using VMware for Server virtualization so when you want

virtualization so when you want databases managed by RDS on your own

databases managed by RDS on your own database Center uh and yeah I realize

database Center uh and yeah I realize that this is a small spelling mistake so

that this is a small spelling mistake so say just on here but yeah there you

say just on here but yeah there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we're looking at the other

Pro and we're looking at the other database services that abos has because

database services that abos has because there's just a few loose ones here so

there's just a few loose ones here so let's talk about redshift so it is a

let's talk about redshift so it is a petabyte size data warehouse and data

petabyte size data warehouse and data warehouses uh are for online analytical

warehouses uh are for online analytical processing oap and data warehouses can

processing oap and data warehouses can be expensive because they are keeping

be expensive because they are keeping data hot meaning that they can run a

data hot meaning that they can run a very complex query and a large amount of

very complex query and a large amount of data and get that data back very fast so

data and get that data back very fast so when you need to quickly generate

when you need to quickly generate analytics or reports from a large amount

analytics or reports from a large amount of data you're going to be using red

of data you're going to be using red shift then you have elastic cache so

shift then you have elastic cache so this is a managed database of an

this is a managed database of an inmemory and caching open source

inmemory and caching open source databases such as reddis or memcache so

databases such as reddis or memcache so when you need to improve the performance

when you need to improve the performance of an application by adding a caching

of an application by adding a caching layer in front of your web servers or

layer in front of your web servers or database you're going to be using

database you're going to be using elastic cache then you have Neptune this

elastic cache then you have Neptune this is a managed graph database the data is

is a managed graph database the data is represented as interconnected nodes I

represented as interconnected nodes I believe that it uses gremlin is the way

believe that it uses gremlin is the way to interface with it which is no

to interface with it which is no surprise because that's what it looks

surprise because that's what it looks like most class providers are using so

like most class providers are using so when you need to understand the

when you need to understand the connections between data so mapping

connections between data so mapping fraud Rings or social media

fraud Rings or social media relationships uh very relational

relationships uh very relational database heavy information you're going

database heavy information you're going to want to use Neptune we have Amazon

to want to use Neptune we have Amazon time streams it's a fully managed time

time streams it's a fully managed time series database so think of devices that

series database so think of devices that send lots of data that are

send lots of data that are time-sensitive such as iot devices so

time-sensitive such as iot devices so when you need to measure how things

when you need to measure how things change over time we have Amazon Quantum

change over time we have Amazon Quantum Ledger database this is a fully managed

Ledger database this is a fully managed uh Ledger database that provides

uh Ledger database that provides transparent immutable cryptographically

transparent immutable cryptographically variable transaction logs so when you

variable transaction logs so when you need to record a history of financial

need to record a history of financial activities that can be trusted and the

activities that can be trusted and the last one here is database migration

last one here is database migration service DMS it's not a database per se

service DMS it's not a database per se but it's a migration service so you can

but it's a migration service so you can migrate from on premise database to

migrate from on premise database to adabs from two databases in different or

adabs from two databases in different or same adus accounts using different SQL

same adus accounts using different SQL engines and from an SQL to a nosql

engines and from an SQL to a nosql database and I'm pretty sure we cover

database and I'm pretty sure we cover this in a bit uh greater detail in this

this in a bit uh greater detail in this course

course [Music]

[Music] okay all right let's go take a look at

okay all right let's go take a look at Dynamo DB uh which is ad's nosql

Dynamo DB uh which is ad's nosql database so we'll go over to Dynamo

DB and what we'll do is create ourselves a new table and we'll just say my Dynamo

a new table and we'll just say my Dynamo DB table and you always have to choose a

DB table and you always have to choose a partition key you don't necessarily have

partition key you don't necessarily have to have a sort key but it could be

to have a sort key but it could be something

something like um like you want it to be really

like um like you want it to be really unique so it could be like email and

unique so it could be like email and this one could be created at

this one could be created at right and so we have string binary

right and so we have string binary notice that the the types are very

notice that the the types are very simple then for settings we have default

simple then for settings we have default settings or customized settings so the

settings or customized settings so the default is use provision capacity mode

default is use provision capacity mode rewrite five rules Etc custom no

rewrite five rules Etc custom no secondary indexes use KMS so I'm going

secondary indexes use KMS so I'm going to just expand that to see what I'm

to just expand that to see what I'm looking at we have two options here on

looking at we have two options here on demand uh so simplify billing by paying

demand uh so simplify billing by paying the actual reads and rights you use or

the actual reads and rights you use or provisioned which is this is where you

provisioned which is this is where you get a guarantee of performance so if you

get a guarantee of performance so if you want to be able to do you know whatever

want to be able to do you know whatever it is a thousand I don't know what it

it is a thousand I don't know what it goes up to but like a thousand read

goes up to but like a thousand read writes per second then that's what

writes per second then that's what you're paying for okay you're paying for

you're paying for okay you're paying for being a having a guarantee of that um of

being a having a guarantee of that um of that capacity okay I'm not going to

that capacity okay I'm not going to create any secondary indexes but that's

create any secondary indexes but that's just like another way to uh look at data

just like another way to uh look at data notice down below that we have a cost of

notice down below that we have a cost of $2.1 uh then we have encryption at rest

$2.1 uh then we have encryption at rest so you can do owned by Amazon Dynamo DB

so you can do owned by Amazon Dynamo DB that's pretty much the same as like adab

that's pretty much the same as like adab us has or S3

us has or S3 has ssse S3 there you could use uh CM

has ssse S3 there you could use uh CM actually I guess both of these are

actually I guess both of these are probably KMS I would imagine we'll go

probably KMS I would imagine we'll go ahead and create the table

ahead and create the table here and let going to create the table

here and let going to create the table this is usually really really

this is usually really really fast we'll go here and what we can do is

fast we'll go here and what we can do is is insert some data so as it's just

is insert some data so as it's just starting up here we can go over

starting up here we can go over to our tables they recently changed this

to our tables they recently changed this UI so that's why I look a bit

UI so that's why I look a bit confused U view items up here okay and

confused U view items up here okay and then from here we can create an item so

then from here we can create an item so I can add something to say so Andrew

I can add something to say so Andrew exampro doco and

2021 uh well we'll just do the future so

uh well we'll just do the future so let's say 20

let's say 20 25 505 I don't want to have to think too

25 505 I don't want to have to think too hard here but we can add additional

hard here but we can add additional information so I can say like uh today

information so I can say like uh today true we could say

true we could say um make like a

um make like a list uh you know food and then I could

list uh you know food and then I could go here and then add a

go here and then add a string it is not working oh there we go

string it is not working oh there we go there we are so we could say like um

there we are so we could say like um banana and then we could say pizza right

banana and then we could say pizza right we can go ahead and create that

we can go ahead and create that item and so now that item is in our

item and so now that item is in our database uh we can do a scan that will

database uh we can do a scan that will return all items we can query we can

return all items we can query we can actually have uh some limitations of

actually have uh some limitations of what we're choosing there's the party Q

what we're choosing there's the party Q editor so we can use SQL to select it um

editor so we can use SQL to select it um I have not used this

I have not used this before party Q um AWS or party Q Dynamo

before party Q um AWS or party Q Dynamo DB

examples I'm hoping I can just find like an example of some of the language

an example of some of the language getting started here I don't need to I

getting started here I don't need to I don't need an explanation I just show me

don't need an explanation I just show me an example query here and I will I'll

an example query here and I will I'll get to it

get to it here okay so here's some examples right

here okay so here's some examples right so maybe we can give this a

so maybe we can give this a go um so we have our table here so my

go um so we have our table here so my Dynamo DB

Dynamo DB table and I just want the email that

table and I just want the email that back we don't need a

works there we go I'm not sure if we could select additional data there so I

could select additional data there so I know that we had some other things like

know that we had some other things like uh

food there it is okay so that's really nice um addition to it dynb can stream

nice um addition to it dynb can stream things into a Dynamo DB stream to go to

things into a Dynamo DB stream to go to and do a lot of fun things so there all

and do a lot of fun things so there all sorts of things you can do with Dynamo

sorts of things you can do with Dynamo DB but um I'm pretty much done with this

DB but um I'm pretty much done with this so I'm going to go ahead and delete this

so I'm going to go ahead and delete this table and notice that it also created

table and notice that it also created some cloudwatch alarms so we want to

some cloudwatch alarms so we want to delete those as well create a backup no

delete those as well create a backup no we do not care go ahead and delete

we do not care go ahead and delete that and that is Dynamo

that and that is Dynamo [Music]

[Music] DB okay so now I want to show you uh RDS

DB okay so now I want to show you uh RDS or relational database service so go to

or relational database service so go to the top here type in RDS and we'll make

the top here type in RDS and we'll make our way over there and so RDS is great

our way over there and so RDS is great because it allows us to launch

because it allows us to launch relational databases um sometimes the UI

relational databases um sometimes the UI is slow I'm not sure why it's taking so

is slow I'm not sure why it's taking so long to load today but every day is a

long to load today but every day is a bit different and so what we're going to

bit different and so what we're going to do is go ahead and create a new database

do is go ahead and create a new database uh you're going to notice that we're

uh you're going to notice that we're going to have the option between

going to have the option between creating a standard or easy I stick with

creating a standard or easy I stick with standard just because I don't like how

standard just because I don't like how easy hides a lot of stuff from us even

easy hides a lot of stuff from us even here like it says two cents per hour but

here like it says two cents per hour but it's not giving us the full cost so I

it's not giving us the full cost so I really don't trust it because if you go

really don't trust it because if you go down here and you chose their Dev test

down here and you chose their Dev test here look it's like $100 it's not

here look it's like $100 it's not showing the the cost preview right now

showing the the cost preview right now maybe because we didn't choose the

maybe because we didn't choose the database type sorry I wanted to choose

database type sorry I wanted to choose postgress but before we do that let's

postgress but before we do that let's look at the engine types we have Amazon

look at the engine types we have Amazon Aurora so we have between MySQL and

Aurora so we have between MySQL and postgress MySQL Marb postgress Oracle

postgress MySQL Marb postgress Oracle microsoftsql notice for Microsoft SQL it

microsoftsql notice for Microsoft SQL it comes with a license you don't have to

comes with a license you don't have to do anything with that it might change

do anything with that it might change based on the addition

based on the addition here uh nope comes with a license for

here uh nope comes with a license for all them which is great if you want to

all them which is great if you want to bring your own license that's where you

bring your own license that's where you need a dedicated host right running uh

need a dedicated host right running uh Microsoft SQL for Oracle uh you have to

Microsoft SQL for Oracle uh you have to bring your own license that's going to

bring your own license that's going to be based on um importing with the Abus

be based on um importing with the Abus license manager if we go over to postest

license manager if we go over to postest which is what I like to use uh we're

which is what I like to use uh we're going to set it to Dev test to try to

going to set it to Dev test to try to get the cheapest cost scroll down look

get the cheapest cost scroll down look $118 we can get it cheaper we get super

$118 we can get it cheaper we get super cheap so here are the password going to

cheap so here are the password going to be testing 1 2 3 a capital on the T so

be testing 1 2 3 a capital on the T so and an explanation mark on the end okay

and an explanation mark on the end okay because it has a bunch of requirements

because it has a bunch of requirements of what it wants here I want a T2 micro

of what it wants here I want a T2 micro so I'm just going to scroll down

so I'm just going to scroll down here what is going on here standard oh

here what is going on here standard oh look M classes I don't want an m class I

look M classes I don't want an m class I want a burstable class that's the cheap

want a burstable class that's the cheap ones and so we go here can we still do a

ones and so we go here can we still do a T2 micro or is it now

T2 micro or is it now T3 so I don't see

T3 so I don't see T2 so I imagine a T3 micro must be the

T2 so I imagine a T3 micro must be the new itus free tier so we go it free tier

new itus free tier so we go it free tier here right and if I go

here right and if I go to

databases um RDS on the t2 micro 750 hours but I can't select

hours but I can't select it

it so I'm going to assume that the T3 micro

so I'm going to assume that the T3 micro must be the new tier if it's not there

must be the new tier if it's not there right unless it's saying include

right unless it's saying include previous

previous generations and then maybe I can see it

then okay so I don't see it there I really don't like how they've

there I really don't like how they've changed this on

changed this on me okay so the oldest I can choose is a

me okay so the oldest I can choose is a T3 micro which is fine I just I just

T3 micro which is fine I just I just know T2 being the free tier that's all

know T2 being the free tier that's all uh this is fine we don't want Auto

uh this is fine we don't want Auto scaling turned on for our example here

scaling turned on for our example here we do not want a multi-az so do not

we do not want a multi-az so do not create a standby that's going to really

create a standby that's going to really jump up our cost we don't need Public

jump up our cost we don't need Public Access it will create a VPC that is fine

Access it will create a VPC that is fine password authentication is fine we have

password authentication is fine we have to go in here which I don't know why

to go in here which I don't know why they just don't keep that expanded

they just don't keep that expanded because you always have to come in here

because you always have to come in here name your database so my database we

name your database so my database we choose our postest version here I'm

choose our postest version here I'm going to turn backups off uh because if

going to turn backups off uh because if we

we don't if we don't it's going to take

don't if we don't it's going to take forever to launch this thing encryption

forever to launch this thing encryption is turned on you can turn it off but

is turned on you can turn it off but generally it's not recom commended we

generally it's not recom commended we can have performance insights turned on

can have performance insights turned on I'm going to turn the retention oh we'll

I'm going to turn the retention oh we'll leave it to 7 days cuz we can't turn

leave it to 7 days cuz we can't turn that off we don't need enhanced

that off we don't need enhanced monitoring so I'm just going to turn

monitoring so I'm just going to turn that

that off and uh that's fine we're not going

off and uh that's fine we're not going to enable delete protection here and so

to enable delete protection here and so we are good we can now go ahead and

we are good we can now go ahead and create our

database and what we'll do here is wait for that database to be created so the

for that database to be created so the thing is is like

thing is is like if we're doing the solutions architect

if we're doing the solutions architect or the developer social stuff I'd

or the developer social stuff I'd actually show you how to connect to the

actually show you how to connect to the database um it's not that hard to do

database um it's not that hard to do like you just have to connect uh grab

like you just have to connect uh grab all the database information so it's

all the database information so it's going to have an endpoint a port stuff

going to have an endpoint a port stuff like that and you use something like

like that and you use something like table Plus or something to connect to

table Plus or something to connect to the database but that's out of scope of

the database but that's out of scope of the certified Cloud partitioner I'm just

the certified Cloud partitioner I'm just going through the motions to show you

going through the motions to show you that you can create an RDS database very

that you can create an RDS database very easily but not how to connect to it and

easily but not how to connect to it and actually utilize it okay and so that

actually utilize it okay and so that would spin up and we would have a server

would spin up and we would have a server and after that we can just go ahead and

and after that we can just go ahead and delete the server here so I just say

delete the server here so I just say delete me

delete me okay and that's all there really is to

okay and that's all there really is to it there is the special type of um

it there is the special type of um database like Aurora doesn't have its

database like Aurora doesn't have its own like console page it's part of RDS

own like console page it's part of RDS so if you want to spend up Aurora you

so if you want to spend up Aurora you just choose the compatibility you want

just choose the compatibility you want you can choose between provisioned or

you can choose between provisioned or serverless um and serverless is supposed

serverless um and serverless is supposed to be really good for um scaling to zero

to be really good for um scaling to zero cost so that's something there so you

cost so that's something there so you fill that all out but the initial cost

fill that all out but the initial cost is a lot more expensive you can't choose

is a lot more expensive you can't choose a T2 micro here um unless it lets you

a T2 micro here um unless it lets you now it is

now it is for provision it's

for provision it's uh oh T2 T3 medium is the smallest you

uh oh T2 T3 medium is the smallest you can go okay so if you reach to the point

can go okay so if you reach to the point where using a a mediumsized database

where using a a mediumsized database then you might consider moving over to

then you might consider moving over to Aurora just because it's going to be

Aurora just because it's going to be highly scalable Etc like that um so

highly scalable Etc like that um so that's a consider there there's also

that's a consider there there's also something called Babble fish um that us

something called Babble fish um that us announced last year when I when I shot

announced last year when I when I shot this um or when I'm shooting this as of

this um or when I'm shooting this as of now and the idea was to make it

now and the idea was to make it compatible with myql SQL Server to

compatible with myql SQL Server to migrate over to Aurora post SQL which is

migrate over to Aurora post SQL which is kind of interesting um but that's about

kind of interesting um but that's about it so if our database is destroying I

it so if our database is destroying I think it is just going to go back over

think it is just going to go back over here to

RDS it's taking a long time to load today

and uh I think it's already deleted maybe we go to databases here it's

maybe we go to databases here it's deleting so I'm confident it's going to

deleting so I'm confident it's going to delete so there we

delete so there we [Music]

[Music] go all right let's take a look at Red

go all right let's take a look at Red shift so red shift is a data warehouse

shift so red shift is a data warehouse and it's generally really expensive so

and it's generally really expensive so it's not something that you're going to

it's not something that you're going to want to launch uh dayto day here but

want to launch uh dayto day here but let's see how far we can get with it um

let's see how far we can get with it um just by running through it so what we'll

just by running through it so what we'll do is go ahead and create a cluster and

do is go ahead and create a cluster and again you can just watch me do this you

again you can just watch me do this you don't have to create uh you don't have

don't have to create uh you don't have to create one yourself uh so free trial

to create one yourself uh so free trial configure for learning that sounds good

configure for learning that sounds good to me uh is free for limited time if

to me uh is free for limited time if your organization has never created a

your organization has never created a cluster I rarely ever create these so

cluster I rarely ever create these so when the trial ends delete your cluster

when the trial ends delete your cluster to avoid the charges of on demand okay

to avoid the charges of on demand okay that sounds fair um so here we're going

that sounds fair um so here we're going to have two vpcu it's going to launch a

to have two vpcu it's going to launch a d a

d a dc2

dc2 large so it's look that up for

please um I think it's loading right here okay

um I think it's loading right here okay so I don't know how much it is but I

so I don't know how much it is but I know it is not cheap and down below we

know it is not cheap and down below we have sample data is loaded into your red

have sample data is loaded into your red shift cluster that sounds good to me

shift cluster that sounds good to me ticket is the sample data

ticket is the sample data okay ticket sample

okay ticket sample data red shift I just imagine they

data red shift I just imagine they probably have like a tutorial for it

probably have like a tutorial for it here

here they do right

they do right here and so because I want to know what

here and so because I want to know what we need to do to query it right if we

we need to do to query it right if we can even query it via the interface here

can even query it via the interface here so the admin user is adus user um and

so the admin user is adus user um and the password is going to be capital T

the password is going to be capital T testing 1 2 3 4 5 6 exclamation and

testing 1 2 3 4 5 6 exclamation and we'll hit create

we'll hit create cluster oh cool we can create the data

cluster oh cool we can create the data right in here so that's what I wasn't

right in here so that's what I wasn't sure about whether we would be able to

sure about whether we would be able to just query it in line because before

just query it in line because before you'd have to use Java with j jdbc or

you'd have to use Java with j jdbc or odbc driver and download the jar and

odbc driver and download the jar and it's not as fun as it sounds of course

it's not as fun as it sounds of course but it looks like we can query data once

but it looks like we can query data once the data is

the data is loaded so that looks really good I guess

loaded so that looks really good I guess we can pull data in from um the

we can pull data in from um the marketplace so that's looks pretty nice

marketplace so that's looks pretty nice too and I guess we could probably

too and I guess we could probably integrate into other things like quick

integrate into other things like quick site because you probably want to adjust

site because you probably want to adjust your data over

your data over there again I usually don't spend a lot

there again I usually don't spend a lot of time in red shift um but looks like

of time in red shift um but looks like it's a lot easier to use very impressed

it's a lot easier to use very impressed with this so I don't know how long it

with this so I don't know how long it takes to uh launch a red shift cluster I

takes to uh launch a red shift cluster I mean it is 160 GB uh of of of storage

mean it is 160 GB uh of of of storage there it's uh even at the smallest it's

there it's uh even at the smallest it's pretty large so what I'm going to do is

pretty large so what I'm going to do is to stop the video and I'll be back when

to stop the video and I'll be back when this is done

this is done okay okay so after a short little wait

okay okay so after a short little wait here um it was a lot faster than I was

here um it was a lot faster than I was expecting but uh it's available and so

expecting but uh it's available and so looks like here it says to query the

looks like here it says to query the sample data use red shift version two so

sample data use red shift version two so I'm going to click that and I'm sure

I'm going to click that and I'm sure there's tons of buttons to get here and

there's tons of buttons to get here and it'd be great if it just populated the

it'd be great if it just populated the query for me um it doesn't but this

query for me um it doesn't but this looks really nice really nice UI I

looks really nice really nice UI I wonder if it has like some existing

wonder if it has like some existing queries no that's okay so what I'm going

queries no that's okay so what I'm going to do here is I'm going to go ahead and

to do here is I'm going to go ahead and pull out this query and see if we can

pull out this query and see if we can get this to work here never found out

get this to work here never found out what those prices were

what those prices were though okay and what we'll do is hit run

though okay and what we'll do is hit run I like how there's like a limit of 100

I like how there's like a limit of 100 but here it has that so we'll go ahead

but here it has that so we'll go ahead and hit run and see what data we get so

and hit run and see what data we get so relation sales does not

relation sales does not exist okay

exist okay so what's going on

here um we'll go up here so most of the examples in the red shift documentation

examples in the red shift documentation uses uh a sample database called ticket

uses uh a sample database called ticket this sample this small database consists

this sample this small database consists of seven tables you can load the ticket

of seven tables you can load the ticket data set by following the this

data set by following the this here okay so to load the sample data

here okay so to load the sample data from Amazon S

3 okay so I would have thought it already had

so I would have thought it already had the data in there I could have swore it

the data in there I could have swore it would

would have

have Dev

public tables zero

tables zero tables okay so I don't think there's any

tables okay so I don't think there's any data in here and so we're going to have

data in here and so we're going to have to load it ourselves

to load it ourselves I really thought it would have added it

I really thought it would have added it for us uh but let's go ahead and create

for us uh but let's go ahead and create these tables and see if this is as easy

these tables and see if this is as easy as we think so run that create that

table cool okay we got it down here we'll run that we'll just run each

here we'll run that we'll just run each at a

at a time I think there's seven of them so

date already exists okay that's fine event already exists saying all these

event already exists saying all these tables

tables exist maybe I just wasn't

patient okay

okay um interesting all right so maybe we'll

um interesting all right so maybe we'll go back and uh run that query maybe we

go back and uh run that query maybe we just had to wait a little while for that

just had to wait a little while for that data to

data to load run

load run okay so you know what I think it was

okay so you know what I think it was doing this for us like if if if it did

doing this for us like if if if it did not create it for us we would have to go

not create it for us we would have to go through all these steps which is fine

through all these steps which is fine because we're learning a little bit

because we're learning a little bit about um uh red shift but um uh it looks

about um uh red shift but um uh it looks like we just had to wait there so it

like we just had to wait there so it looks like you would run those you

looks like you would run those you download that you use the copy command

download that you use the copy command to bring it over there um it looks like

to bring it over there um it looks like you can do all of this via the uh this

you can do all of this via the uh this interface here and we've done a queries

interface here and we've done a queries that's kind of

that's kind of cool um I imagine you probably could

cool um I imagine you probably could like save it or export it what if we

like save it or export it what if we chart it what happens okay you can chart

chart it what happens okay you can chart it that's kind of

it that's kind of fun can we export it out to oh just we

fun can we export it out to oh just we can save it I thought maybe it could

can save it I thought maybe it could export out to Quick site but I I suppose

export out to Quick site but I I suppose you'd rebuild it in quick site a but

you'd rebuild it in quick site a but yeah I guess that's it right there so

yeah I guess that's it right there so that's pretty darn simple so what I'm

that's pretty darn simple so what I'm going to do is make my way back over to

going to do is make my way back over to Red shift because we are done for this

example and we will go over to clusters here and I'm going to go ahead

here and I'm going to go ahead and delete my

cluster delete create file snap shot

delete create file snap shot nope

nope delete delete the cluster there we go so

delete delete the cluster there we go so I'm pretty sure that will succeed no

I'm pretty sure that will succeed no problem there and we are done with red

problem there and we are done with red shift and red shift is super expensive

shift and red shift is super expensive so just make sure that thing deletes

so just make sure that thing deletes okay

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look here at Cloud

and we are taking a look here at Cloud native networking Services um and so I

native networking Services um and so I have this architectural diagram I

have this architectural diagram I created which has a lot of networking

created which has a lot of networking components uh when people create

components uh when people create networking diagrams for AWS they don't

networking diagrams for AWS they don't always include all these things here

always include all these things here even though they're there so we're just

even though they're there so we're just being a little bit verbo so you can see

being a little bit verbo so you can see okay the first thing is our VPC our

okay the first thing is our VPC our virtual private Cloud this is a

virtual private Cloud this is a logically isolated section of the aabus

logically isolated section of the aabus cloud where you can launch adus

cloud where you can launch adus resources that's where your uh resources

resources that's where your uh resources are going to reside not all services uh

are going to reside not all services uh require you to select a VPC uh because

require you to select a VPC uh because they're managed by AWS but I wouldn't be

they're managed by AWS but I wouldn't be surprised if under the hood they are in

surprised if under the hood they are in their own VPC Okay then if you want uh

their own VPC Okay then if you want uh the internet to reach your services

the internet to reach your services you're going to need an internet gateway

you're going to need an internet gateway um then you need to figure out a way to

um then you need to figure out a way to Route things to your uh various subnets

Route things to your uh various subnets and that's where route tables uh come in

and that's where route tables uh come in then we need to Def Define a region that

then we need to Def Define a region that it's going to be which is a geographical

it's going to be which is a geographical location on your network then you have

location on your network then you have your availability zones which are

your availability zones which are basically your data centers where your

basically your data centers where your A's resources are going to reside then

A's resources are going to reside then you have subnets which is a logical

you have subnets which is a logical partition of an IP network into multiple

partition of an IP network into multiple smaller Network segments um and these

smaller Network segments um and these pretty much map to your uh availability

pretty much map to your uh availability zones if you're making one per a and

zones if you're making one per a and then we have knackles these act as a

then we have knackles these act as a firewall at the subnet level then we

firewall at the subnet level then we have security groups that act as a

have security groups that act as a firewall at the instance level so

firewall at the instance level so hopefully that gives you a good overview

hopefully that gives you a good overview [Music]

[Music] okay all right so now let's take a look

okay all right so now let's take a look at Enterprise or hybrid networking so we

at Enterprise or hybrid networking so we have our on premise uh environment or

have our on premise uh environment or your private cloud and then we have our

your private cloud and then we have our ads account or our public Cloud so

ads account or our public Cloud so there's a couple Services here that we

there's a couple Services here that we can Bridge them together the first is

can Bridge them together the first is ADS virtual private Network VPN it's a

ADS virtual private Network VPN it's a secure connection between on premise

secure connection between on premise remote offices and mobile employees then

remote offices and mobile employees then you have direct connect this is a

you have direct connect this is a dedicated gigabit connection from on

dedicated gigabit connection from on premise data center to adabs so it's a

premise data center to adabs so it's a very fast connection a lot of times the

very fast connection a lot of times the direct we say it's a a private

direct we say it's a a private connection but doesn't necessarily mean

connection but doesn't necessarily mean secure it's not encrypting uh the data

secure it's not encrypting uh the data in transit so very commonly these

in transit so very commonly these services are used together not just

services are used together not just singular okay um and then uh we have

singular okay um and then uh we have private links and so this is where you

private links and so this is where you already uh are using ads but you want to

already uh are using ads but you want to keep it all within ads never going out

keep it all within ads never going out to the internet okay so these are

to the internet okay so these are generally called VPC interface endpoints

generally called VPC interface endpoints and then the marketing Pages call them

and then the marketing Pages call them private links which is a bit confusing

private links which is a bit confusing but you know it just keeps traffic

but you know it just keeps traffic within the aabus network so it does not

within the aabus network so it does not transverse out to the internet okay

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at vpcs and

and we are taking a look at vpcs and subnets so a VPC is a logically isolated

subnets so a VPC is a logically isolated section of the adus network where you

section of the adus network where you launch your adus resources and you

launch your adus resources and you choose a range of ips using a cider

choose a range of ips using a cider range so a cider range is an IP address

range so a cider range is an IP address followed by uh this uh net mask or sub

followed by uh this uh net mask or sub submask that's going to determine how

submask that's going to determine how many IP addresses there are um and

many IP addresses there are um and there's a bunch of math behind that

there's a bunch of math behind that which we're not going to get into um but

which we're not going to get into um but anyway so here is an architectural

anyway so here is an architectural diagram just showing a VPC with a couple

diagram just showing a VPC with a couple subnets so subnets is a logical

subnets so subnets is a logical partition of an IP network into multiple

partition of an IP network into multiple uh smaller Network segments and so

uh smaller Network segments and so you're essentially breaking up your IP

you're essentially breaking up your IP ranges for vpcs into smaller networks so

ranges for vpcs into smaller networks so just thinking about cutting up a pie

just thinking about cutting up a pie okay so subnets need to have a smaller

okay so subnets need to have a smaller cider range uh to uh the vpcs represent

cider range uh to uh the vpcs represent for their portion so uh 424 is actually

for their portion so uh 424 is actually smaller which is interesting the the

smaller which is interesting the the higher the gets the smaller it gets and

higher the gets the smaller it gets and so this would allocate 256 IP addresses

so this would allocate 256 IP addresses and so that's well smaller than 16 okay

and so that's well smaller than 16 okay we have the concept of a public subnet

we have the concept of a public subnet so this is one that can reach the

so this is one that can reach the internet and a private subnet the one

internet and a private subnet the one that cannot reach the internet and um

that cannot reach the internet and um these are not uh strictly enforced by

these are not uh strictly enforced by AWS so the idea is that when you have a

AWS so the idea is that when you have a subnet you can just say don't by default

subnet you can just say don't by default assign publicly assignable IP addresses

assign publicly assignable IP addresses but it's totally possible to launch an

but it's totally possible to launch an ec2 instance into your priv private

ec2 instance into your priv private subnet and then turn on um uh the IP

subnet and then turn on um uh the IP address so you got to do other things to

address so you got to do other things to ensure that they stay private or public

ensure that they stay private or public [Music]

[Music] okay hey it's Andrew Brown from exam Pro

okay hey it's Andrew Brown from exam Pro and we are comparing security groups

and we are comparing security groups versus knackles so I have this nice

versus knackles so I have this nice architectural diagram that has both

architectural diagram that has both knackles and security groups in them and

knackles and security groups in them and we'll just kind of talk about these two

we'll just kind of talk about these two so knackles stand for network access

so knackles stand for network access control list and they act as a virtual

control list and they act as a virtual firewall at the subnet level and so here

firewall at the subnet level and so here you can create an allow uh and deny

you can create an allow uh and deny rules and this is really useful if you

rules and this is really useful if you want to block a specific IP address

want to block a specific IP address known for abuse and and I'm going to

known for abuse and and I'm going to just kind of um compare that against

just kind of um compare that against security groups because that's going to

security groups because that's going to be a very important difference okay so

be a very important difference okay so secur security groups act as a firewall

secur security groups act as a firewall at the instance level and they

at the instance level and they implicitly deny all traffic so you

implicitly deny all traffic so you create only allow rules so you can allow

create only allow rules so you can allow an E2 instance to access port on uh Port

an E2 instance to access port on uh Port 22 for SSH but you cannot block a single

22 for SSH but you cannot block a single IP address and the reason I say that is

IP address and the reason I say that is because in order for you to block a

because in order for you to block a single IP address in Security Group you

single IP address in Security Group you would literally have to block or you

would literally have to block or you literally have to allow everything but

literally have to allow everything but that IP address and that's just not

that IP address and that's just not feasible okay and so if you can remember

feasible okay and so if you can remember that one particular example you'll

that one particular example you'll always be able to remember the

always be able to remember the difference between these two one other

difference between these two one other thing that um adab us likes to do is is

thing that um adab us likes to do is is ask which ones are stateless which ones

ask which ones are stateless which ones are stateful but at the uh Cloud

are stateful but at the uh Cloud partitioner level they're not going to

partitioner level they're not going to be asking that

be asking that [Music]

[Music] okay all right all right let's learn a

okay all right all right let's learn a bit about U networking with AWS so what

bit about U networking with AWS so what I want you to do is go to the top and

I want you to do is go to the top and type in VPC which stands for virtual

type in VPC which stands for virtual private cloud and what we'll do is set

private cloud and what we'll do is set up our own VPC it's not so important

up our own VPC it's not so important that you remember all the little bit of

that you remember all the little bit of details but you get through this so that

details but you get through this so that you can remember the major components so

you can remember the major components so what I'll do is create a new VPC I'm

what I'll do is create a new VPC I'm going to call this my

going to call this my VPC uh tutorial and here I'm going to

VPC uh tutorial and here I'm going to say

say 10.0.0.0 for sl16 the reason you're

10.0.0.0 for sl16 the reason you're wondering why I'm doing that if we go to

wondering why I'm doing that if we go to xyx

xyx y z here um this tells you the size of

y z here um this tells you the size of it so I go here and I put 16 so you can

it so I go here and I put 16 so you can see we have a lot of room if we do

see we have a lot of room if we do 24 it takes up it it it's smaller see so

24 it takes up it it it's smaller see so this is basically the size of it right

this is basically the size of it right the empty blocks over here so we're

the empty blocks over here so we're going to have a lot of room so we do 10

going to have a lot of room so we do 10 006 we don't need IPv6 we're going to go

006 we don't need IPv6 we're going to go ahead and create that and once we have

ahead and create that and once we have that we can go ahead and create a subnet

that we can go ahead and create a subnet which we will need so we're going to

which we will need so we're going to choose our VPC we'll go down here and

choose our VPC we'll go down here and say my Subnet tutorial

and we'll choose the first a z you can leave it blank and'll choose it random

leave it blank and'll choose it random and then we need to choose a block that

and then we need to choose a block that is smaller than the current one so 16

is smaller than the current one so 16 would be definitely um uh well 16 is the

would be definitely um uh well 16 is the size that we have now so we can match

size that we have now so we can match that size but 10.0.0.0 424 would be

that size but 10.0.0.0 424 would be absolutely smaller okay so we go ahead

absolutely smaller okay so we go ahead and create that

and create that subnet and so that is all set up now um

subnet and so that is all set up now um let's see if our route tables hooked up

let's see if our route tables hooked up so our route table says where it links

so our route table says where it links to and it says to local so it's not

to and it says to local so it's not going anywhere and that's because we

going anywhere and that's because we need to attach a u internet gateway that

need to attach a u internet gateway that allows us to reach the internet so if we

allows us to reach the internet so if we go over here and create a new internet

go over here and create a new internet gateway we'll say myig

gateway we'll say myig GW and we'll go ahead and create

GW and we'll go ahead and create that and what we'll do is associate that

that and what we'll do is associate that with our VPC we created here okay and so

with our VPC we created here okay and so now that we have the internet gateway

now that we have the internet gateway attached we want that subnet to make its

attached we want that subnet to make its way out to the Internet so if we go to

way out to the Internet so if we go to the route table we can edit the uh route

the route table we can edit the uh route table Association here I like how it

table Association here I like how it keeps on showing me this as if I don't

keeps on showing me this as if I don't know what I'm doing um but I do and

know what I'm doing um but I do and so this would change that particular

so this would change that particular Association but I want to add to that

Association but I want to add to that route table so I thought when I clicked

route table so I thought when I clicked that it would allow me to add more but

that it would allow me to add more but apparently I got to go to Route tables

apparently I got to go to Route tables over

over here and I'm looking for the one that is

here and I'm looking for the one that is ours we can see that it's over here we

ours we can see that it's over here we could even name it if we wanted to like

could even name it if we wanted to like my rote

my rote table Noti then we apply uh uh U names

table Noti then we apply uh uh U names it's actually just applying a tag see

it's actually just applying a tag see over here it's always what that

over here it's always what that is so we'll go over to routes and we

is so we'll go over to routes and we want to edit the routes and we want to

want to edit the routes and we want to add a route and we want this to go to 00

add a route and we want this to go to 00 and we're going to choose the internet

and we're going to choose the internet gateway

gateway okay we're going to say save

okay we're going to say save changes and what that's going to allow

changes and what that's going to allow us to do is to reach the internet

um and so what I want to do is go back to subnet I was just curious about this

to subnet I was just curious about this I've never used this

I've never used this before um so looks like we can just

before um so looks like we can just choose some options here I'm not too

choose some options here I'm not too concerned about that but I assume like

concerned about that but I assume like that's used for debugging azure's had

that's used for debugging azure's had those kind of services for a long time

those kind of services for a long time and so it was has been starting to add

and so it was has been starting to add those so you can easily debug your

those so you can easily debug your network which is nice so we have a

network which is nice so we have a subnet the subnet uh can reach the

subnet the subnet uh can reach the internet because there's a there's um

internet because there's a there's um uh internet gateway and it's hooked up

uh internet gateway and it's hooked up via the route table one thing that

via the route table one thing that matters is will it assign a public IP

matters is will it assign a public IP address um so that is something that we

address um so that is something that we might want to look into it's not the

might want to look into it's not the default subnet which is totally fine so

default subnet which is totally fine so it says Auto assign is no so that might

it says Auto assign is no so that might be something that you might want to

be something that you might want to change so here we go to edit the r table

change so here we go to edit the r table Association no it's not there they

Association no it's not there they changed it on me used to be part of the

changed it on me used to be part of the uh setup instructions us to just

uh setup instructions us to just checkbox it now they moved it modify the

checkbox it now they moved it modify the auto assign so we'll say enable so that

auto assign so we'll say enable so that means it's always going to give it a

means it's always going to give it a public IP address on

public IP address on launch and while we're here I'm just

launch and while we're here I'm just going to double check if I have any

going to double check if I have any elastic IPS I did not release okay just

elastic IPS I did not release okay just double checking here and

double checking here and so this is all set up and we should be

so this is all set up and we should be able to launch a um ec2 now within our

able to launch a um ec2 now within our our new VPC so I'll go over here to

our new VPC so I'll go over here to ec2

ec2 okay and I'm going to launch a new

okay and I'm going to launch a new instance

instance say Amazon elix

say Amazon elix 2 we're going to choose this tier

2 we're going to choose this tier Here and Now what we should be able to

Here and Now what we should be able to do is Select

do is Select that and that is our subnet there

that and that is our subnet there okay go ahead and launch that I don't

okay go ahead and launch that I don't care if we use a key whatsoever so I'm

care if we use a key whatsoever so I'm going to go ahead and launch that

back and so there you go it is launching so we created our VPC and we launched uh

so we created our VPC and we launched uh in it no problem

in it no problem whatsoever so hopefully that is pretty

whatsoever so hopefully that is pretty darn

darn clear um so yeah uh what I'm going to do

clear um so yeah uh what I'm going to do is I'm going to let that launch because

is I'm going to let that launch because I want to show you security groups So

I want to show you security groups So within AWS you can set security groups

within AWS you can set security groups and

and knackles and that's going to allow or

knackles and that's going to allow or deny access based on stuff and when we

deny access based on stuff and when we launch this eccu instance it has a

launch this eccu instance it has a default security group that was assigned

default security group that was assigned we could have created a new one but what

we could have created a new one but what I might want to do is create myself a

I might want to do is create myself a new Security Group

new Security Group here okay and you can end up with a lot

here okay and you can end up with a lot really fast like here is a bunch and I

really fast like here is a bunch and I can't even tell what's what so like

can't even tell what's what so like there's Bunch for load balancers and

there's Bunch for load balancers and things like that and so I might just go

things like that and so I might just go ahead and delete a bunch of these

ahead and delete a bunch of these because I cannot tell what is going on

because I cannot tell what is going on here and um we'll delete these security

here and um we'll delete these security groups and sometimes they won't let you

groups and sometimes they won't let you delete them because they're associated

delete them because they're associated with something like a network interface

with something like a network interface or

something all right but um we need to find out which one we're using right now

find out which one we're using right now so the one that we are using is the

so the one that we are using is the launch wizard 4 so we'll go into

launch wizard 4 so we'll go into here and I don't know if you can rename

here and I don't know if you can rename them after they've been created I don't

them after they've been created I don't think so which is kind of frustrating

think so which is kind of frustrating because if you want to rename it it's

because if you want to rename it it's like I don't want that to be the name so

like I don't want that to be the name so what's interesting is you can go here

what's interesting is you can go here and you can edit the

and you can edit the routes uh the rules sorry the inbound

routes uh the rules sorry the inbound rules and the outbound rules and so here

rules and the outbound rules and so here it's open on Port 22 so that allows us

it's open on Port 22 so that allows us to ssh in we could drop this down and

to ssh in we could drop this down and choose different things so if we want

choose different things so if we want people to access a website we go Port 80

people to access a website we go Port 80 and we say from anywhere ipv 46 so now

and we say from anywhere ipv 46 so now anyone can access it um you might want

anyone can access it um you might want to do something like give it access to

to do something like give it access to postgress that runs on Port 5432 things

postgress that runs on Port 5432 things like that um could be something else

like that um could be something else like maybe you need to connect to Red

like maybe you need to connect to Red shift that's on that Port you can go

shift that's on that Port you can go ahead and save those rules we're just

ahead and save those rules we're just going to say uh from anywhere you can

going to say uh from anywhere you can say my IP so maybe only I'm allowed to

say my IP so maybe only I'm allowed to connect to it right so you added inbound

connect to it right so you added inbound rules you don't really ever have to

rules you don't really ever have to touch outbound rules it's set for all

touch outbound rules it's set for all traffic so it's stuff that's

traffic so it's stuff that's leaving uh the that there one

leaving uh the that there one interesting thing to note about uh

interesting thing to note about uh security groups is

security groups is that you don't have a deny option right

that you don't have a deny option right so let's say you only wanted a

so let's say you only wanted a particular IP address you only wanted um

particular IP address you only wanted um let's say what's my IP my IP

let's say what's my IP my IP address so that is my IP address and

address so that is my IP address and let's

let's say I wanted to block it right so I go

say I wanted to block it right so I go here and I say okay I want to

here and I say okay I want to block on all TCP I want to block this

block on all TCP I want to block this number right but I can't do that all I

number right but I can't do that all I can say is I allow this number so in

can say is I allow this number so in order to do it I would have to enter

order to do it I would have to enter everything but this number in here and

everything but this number in here and you can enter ranges in with like these

you can enter ranges in with like these forward slashes and stuff like that but

forward slashes and stuff like that but You' imagine that'd be really hard

You' imagine that'd be really hard because you have to start and go like

because you have to start and go like you'd have to start and go through every

you'd have to start and go through every single IP address in the world to get it

single IP address in the world to get it out of here and that's almost impossible

out of here and that's almost impossible and that's the key thing I want you to

and that's the key thing I want you to remember about security

remember about security groups um so that's security groups and

groups um so that's security groups and there's also

knackles knackles um they're associated with subnets so they probably show up

with subnets so they probably show up under VPC I rarely touch knackles rarely

under VPC I rarely touch knackles rarely ever have

ever have to um I mean they're great tools but you

to um I mean they're great tools but you know for me I I just don't ever need

know for me I I just don't ever need them so knackles are associated with

them so knackles are associated with subnets so we can go here and try to see

subnets so we can go here and try to see my Subnet tutorial so we created our

my Subnet tutorial so we created our subnet we got a knle for free and we can

subnet we got a knle for free and we can set inbound and outbound rules and so

set inbound and outbound rules and so here here is where we could say Okay I

here here is where we could say Okay I want to add a new rule and I want to and

want to add a new rule and I want to and I want to make the rule number

I want to make the rule number 150 you always do these in hundreds okay

150 you always do these in hundreds okay or the power of tens so that you can

or the power of tens so that you can move them around easily and I can say

move them around easily and I can say all traffic that comes from this IP

all traffic that comes from this IP address I'm going to put the forward SL

address I'm going to put the forward SL Z that just means a single IP address I

Z that just means a single IP address I say deny right and so now

say deny right and so now uh this my address I can't access that

uh this my address I can't access that ec2 instance okay if I try to go there's

ec2 instance okay if I try to go there's nothing running on the server but if I

nothing running on the server but if I was to try to use it I wouldn't be able

was to try to use it I wouldn't be able to do it and and this applies to

to do it and and this applies to anything for that subnet it's not for a

anything for that subnet it's not for a particular instance it's for anything in

particular instance it's for anything in that subnet so hopefully that is is

that subnet so hopefully that is is pretty clear there um but that's pretty

pretty clear there um but that's pretty much all you really need to know I mean

much all you really need to know I mean there's lots of other stuff like Network

there's lots of other stuff like Network firewalls all these other things it gets

firewalls all these other things it gets pretty

pretty complicated um it's well beyond what we

complicated um it's well beyond what we need to learn here but uh what we'll do

need to learn here but uh what we'll do is tear down that ec2 instance

okay we'll terminate that and once that instance is destroyed

that and once that instance is destroyed we can get rid of our security group and

we can get rid of our security group and a bunch of other

stuff and there's always a bunch of these darn

these darn things so we'll say

Associated so we go here this is the one we are using but I want to get rid of

we are using but I want to get rid of all these other ones

okay if I go here it could be because like of inbound

like of inbound rules so see this one because you can

rules so see this one because you can reference another Security Group within

reference another Security Group within a security group so I'm just going to go

a security group so I'm just going to go save that there say any my IP there

whoops it's set to n uh NFS so that might have been set up for our access

point or I can just delete delet it that would probably be

would probably be easier okay so that's one that's kind of

easier okay so that's one that's kind of of a

of a pain so I'm just looking for rules that

pain so I'm just looking for rules that might be referencing other security

groups to get rid of them okay let's try this

again we go ahead and delete I'm leaving the um

the um I'm leaving the uh the defaults alone

I'm leaving the uh the defaults alone because those come with your vpcs and

because those come with your vpcs and you don't want to get rid of

those so it won't let me delete this one so I'm going to go edit that

so I'm going to go edit that rule delete it save it you might not

rule delete it save it you might not have this kind of clean up to do it's

have this kind of clean up to do it's just might be me here you

just might be me here you know um outbound

know um outbound inbound let's try this again here

up must be this one that is referencing the other

rule and this is something that's just kind of frustrating with AWS but it's

kind of frustrating with AWS but it's just just how it is where sometimes it's

just just how it is where sometimes it's hard to get rid of resources because you

hard to get rid of resources because you have to click through stuff so it's not

have to click through stuff so it's not always a clean you might have like

always a clean you might have like lingering resources and this isn't going

lingering resources and this isn't going to cost us anything but it's just the

to cost us anything but it's just the fact that

fact that um that it just makes things harder to

um that it just makes things harder to see what you're doing you

know this last one really doesn't want to go

away so I'm just trying to delete all the rules out of here get rid of it

the rules out of here get rid of it can I delete this one

now one group Associated it will not show me what it's talking about okay

show me what it's talking about okay here it

here it is

um okay this is referencing it I think it was the one there was an

it I think it was the one there was an old one I don't know what this

is we'll go down here and we'll go here and delete that and

and we'll go here and delete that and while I've been cleaning all these up

while I've been cleaning all these up now we can go over to our inst instance

now we can go over to our inst instance make sure that it's terminated it is

make sure that it's terminated it is good because if our instance is not

good because if our instance is not terminated we cannot destroy the VPC uh

terminated we cannot destroy the VPC uh prior the VPC could not be destroyed

prior the VPC could not be destroyed unless you detach the internet gateway I

unless you detach the internet gateway I wonder if it's going to still complain

wonder if it's going to still complain about

about that we'll say yes it actually looks

that we'll say yes it actually looks like it includes it in the

like it includes it in the cleanup type delete here

there we go so we're all good we're all cleaned up there you

cleaned up there you [Music]

[Music] are hey this is angre Brown from exam

are hey this is angre Brown from exam Pro and in this video I just want to

Pro and in this video I just want to show you cloudfront so let's make our

show you cloudfront so let's make our way over to cloudfront cloudfront is a

way over to cloudfront cloudfront is a Content delivery Network and it's used

Content delivery Network and it's used to cash your data all over the place as

to cash your data all over the place as you can see I have some older ones here

you can see I have some older ones here if you have a splash screen what you can

if you have a splash screen what you can do is just look for the left hand side

do is just look for the left hand side there might be hamburger menu open that

there might be hamburger menu open that up and then click on distributions and

up and then click on distributions and what we're going to do is create a new

what we're going to do is create a new distribution if you don't want to create

distribution if you don't want to create one cuz these do take forever to create

one cuz these do take forever to create um you can just kind of watch along I

um you can just kind of watch along I don't even feel like I'm going to hit

don't even feel like I'm going to hit the um the create distribution button

the um the create distribution button because I just hate waiting for so long

because I just hate waiting for so long but the idea is that you have to choose

but the idea is that you have to choose an origin and so the origin could be

an origin and so the origin could be something like an S3 bucket load bouncer

something like an S3 bucket load bouncer media store this is where um the the

media store this is where um the the content distribution network is going to

content distribution network is going to Source its content right so if I say

Source its content right so if I say this bucket here um and I just it will

this bucket here um and I just it will probably default to the root path the

probably default to the root path the idea is that it's going to be able to

idea is that it's going to be able to pull content from there and then cach it

pull content from there and then cach it everywhere and then down below you can

everywhere and then down below you can say okay set the type of protocol

say okay set the type of protocol redirect to here you can set up uh

redirect to here you can set up uh caching rules or like how often do you

caching rules or like how often do you want it to uh cash like cash a lot don't

want it to uh cash like cash a lot don't cash a lot the great thing is like you

cash a lot the great thing is like you have these Edge or these um Lambda Edge

have these Edge or these um Lambda Edge functions so you can uh read and modify

functions so you can uh read and modify the request and response to the CDN

the request and response to the CDN which is very powerful but what I'm

which is very powerful but what I'm going to do is I'm just going to go look

going to do is I'm just going to go look at what we already have cuz again I said

at what we already have cuz again I said said they take forever to spin up and

said they take forever to spin up and we're not going to see too much if we do

we're not going to see too much if we do so once it's spun up um this is what it

so once it's spun up um this is what it looks like so you'll have an origin it

looks like so you'll have an origin it says where it's pointed to you can

says where it's pointed to you can create multiple Origins group them uh

create multiple Origins group them uh you can modify your behavior so that was

you can modify your behavior so that was basically what we're looking at before

basically what we're looking at before as you can see we have our Behavior

as you can see we have our Behavior there nothing super exciting we can set

there nothing super exciting we can set up error Pages you can restrict based on

up error Pages you can restrict based on geographical location so if you're for

geographical location so if you're for whatever reason if you if you're not

whatever reason if you if you're not allowed to serve content in UK you could

allowed to serve content in UK you could say exclude this geographical region

say exclude this geographical region right so you have an allow list or a

right so you have an allow list or a block list saying like Okay we can't do

block list saying like Okay we can't do UK because like let's say you just don't

UK because like let's say you just don't want to do um say England you don't want

want to do um say England you don't want to do um uh gdpr for whatever reason you

to do um uh gdpr for whatever reason you could block out I don't know why I'm

could block out I don't know why I'm having a hard time here Britain England

having a hard time here Britain England it's England right United Kingdom there

it's England right United Kingdom there we go so you just say okay forget United

we go so you just say okay forget United Kingdom I don't have to do GDP now uh

Kingdom I don't have to do GDP now uh for invalidations the idea is that you

for invalidations the idea is that you know it is a cash so things can get

know it is a cash so things can get stale or just persist and so here you

stale or just persist and so here you can just type in say I want to get rid

can just type in say I want to get rid of image.jpg and then you create that in

of image.jpg and then you create that in validation and then it will go delete it

validation and then it will go delete it out of the cache and so the next time

out of the cache and so the next time someone requests they'll get the the

someone requests they'll get the the fresh content this usually doesn't take

fresh content this usually doesn't take that long but that's pretty much

that long but that's pretty much cloudfront in a nutshell

cloudfront in a nutshell [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at ec2 also

Pro and we are taking a look at ec2 also known as elastic cloud and so this is a

known as elastic cloud and so this is a highly uh configurable virtual server or

highly uh configurable virtual server or it's also known as a virtual machine and

it's also known as a virtual machine and that's what we're going to generally

that's what we're going to generally refer to it uh ec2 is resizable compute

refer to it uh ec2 is resizable compute capacity it takes minutes to launch new

capacity it takes minutes to launch new instances and anything and everything on

instances and anything and everything on adus uses ec2 instances underneath

adus uses ec2 instances underneath that's why we generally call it the

that's why we generally call it the backbone to all the adus services and uh

backbone to all the adus services and uh you're going to just have to choose a

you're going to just have to choose a few options here so the first thing

few options here so the first thing you'll need to do is choose your OS via

you'll need to do is choose your OS via your Amazon machine image so that's

your Amazon machine image so that's where you get red hat Ubuntu Windows

where you get red hat Ubuntu Windows Amazon Linux Seuss it might also come

Amazon Linux Seuss it might also come with pre-installed libraries and things

with pre-installed libraries and things like that then you're going to choose

like that then you're going to choose your instance type that's going to

your instance type that's going to determine things like your vcpus your

determine things like your vcpus your memory so here you can see how many

memory so here you can see how many there are and you'll have like a monthly

there are and you'll have like a monthly cost and that's the name of the instance

cost and that's the name of the instance type then you have to add storage so

type then you have to add storage so very commonly you're attaching elastic

very commonly you're attaching elastic block storage or elastic files system or

block storage or elastic files system or service uh and so you know if you do

service uh and so you know if you do choose your EBS uh you are going to have

choose your EBS uh you are going to have to determine what type it is so whether

to determine what type it is so whether it's a solid state drive a hard disk

it's a solid state drive a hard disk drive a Magnetic Tape or even attaching

drive a Magnetic Tape or even attaching multiple volumes not just a single one

multiple volumes not just a single one and the last thing is configuring your

and the last thing is configuring your instance so this is configuring the

instance so this is configuring the security groups the key pairs user data

security groups the key pairs user data IM roles placement groups all sorts of

IM roles placement groups all sorts of things so we will experience in that

things so we will experience in that because we will show you how to launch

because we will show you how to launch it easy to instance and it'll make a lot

it easy to instance and it'll make a lot of sense if it does not make sense right

of sense if it does not make sense right now

now [Music]

[Music] okay all right let's take a look here at

okay all right let's take a look here at ec2 instance families so what are

ec2 instance families so what are instance families well instance families

instance families well instance families are different combinations of CPU memory

are different combinations of CPU memory storage and networking capacity and

storage and networking capacity and instance families allow you to choose

instance families allow you to choose the appropriate combination of capacity

the appropriate combination of capacity to meet your application's unique

to meet your application's unique requirements different instance families

requirements different instance families are different because of the varying

are different because of the varying Hardware used to give them their unique

Hardware used to give them their unique properties and we do talk about this

properties and we do talk about this thing about uh capacity reservation

thing about uh capacity reservation where adus can actually run out of a

where adus can actually run out of a particular type of instance family

particular type of instance family because they just don't have enough

because they just don't have enough Hardware in that data center and so you

Hardware in that data center and so you have to reserve it but let's go through

have to reserve it but let's go through the different types of instance families

the different types of instance families the first is general purpose and these

the first is general purpose and these are the names of the different families

are the names of the different families uh very popular ones is the t2 um the t2

uh very popular ones is the t2 um the t2 and one that's really interesting is the

and one that's really interesting is the Mac which actually allows you to run um

Mac which actually allows you to run um a a Mac server so these are great

a a Mac server so these are great balance of compute memory and network

balance of compute memory and network resources so you're going to be using

resources so you're going to be using these most of the time the use cases

these most of the time the use cases here would be web servers code

here would be web servers code repositories things like that then you

repositories things like that then you have compute optimize so um they all

have compute optimize so um they all start with C no surprise there they're

start with C no surprise there they're ideal for compute bound applications

ideal for compute bound applications that benefit from high performance

that benefit from high performance processor their edge cases here are

processor their edge cases here are scientific modeling dedicated gaming

scientific modeling dedicated gaming servers ad server engines things like

servers ad server engines things like that then you have memory optimized um

that then you have memory optimized um and so there's a variety here these are

and so there's a variety here these are fast performance for workloads that

fast performance for workloads that process large data sets in memory um

process large data sets in memory um they're great for in-memory caches

they're great for in-memory caches in-memory databases real-time big data

in-memory databases real-time big data analytics then you have accelerated

analytics then you have accelerated optimize so this is your P2 P3 P4 things

optimize so this is your P2 P3 P4 things like that these are Hardware

like that these are Hardware accelerators or co-processors these are

accelerators or co-processors these are great for machine learning computational

great for machine learning computational Finance seismic analysis speech

Finance seismic analysis speech recognition if you're doing um uh ML on

recognition if you're doing um uh ML on AWS you're you'll start coming across

AWS you're you'll start coming across these types ads technically has a

these types ads technically has a separate page on sagemaker ML machines

separate page on sagemaker ML machines but they're all pulling from these

but they're all pulling from these instance families okay then you have

instance families okay then you have storage optimize so I3 i3en things like

storage optimize so I3 i3en things like that these are highly High sequential

that these are highly High sequential read and write access to very large data

read and write access to very large data sets on local storage the use cases here

sets on local storage the use cases here would be nosql in memory or

would be nosql in memory or transactional databases data warehousing

transactional databases data warehousing for the certified Cloud practitioner you

for the certified Cloud practitioner you just need to generally know these five

just need to generally know these five categories not the names of the instance

categories not the names of the instance families if you're doing um Associates

families if you're doing um Associates or above you definitely want to know

or above you definitely want to know these things in a bit more detail and I

these things in a bit more detail and I want to say that commonly instance

want to say that commonly instance families are called instance types but

families are called instance types but an instance type is a combination of

an instance type is a combination of size and family but even aws's

size and family but even aws's documentation doesn't make this family

documentation doesn't make this family distinction clear but I know this

distinction clear but I know this because you know an Azure they make that

because you know an Azure they make that very clear and and gcp and so I'm bring

very clear and and gcp and so I'm bring that language over here to just kind of

that language over here to just kind of normalize it for you okay

normalize it for you okay [Music]

[Music] let's take a look at what ec2 instance

let's take a look at what ec2 instance types are so an instance type is a

types are so an instance type is a particular instance size and instance

particular instance size and instance family and a common pattern for instance

family and a common pattern for instance sizes you'll see is things like Nano

sizes you'll see is things like Nano micro small uh medium large x large 2x

micro small uh medium large x large 2x large 4X large 8X large and you know

large 4X large 8X large and you know generally they're to the power of twos

generally they're to the power of twos but sometimes it'll be like 12 14 16 or

but sometimes it'll be like 12 14 16 or it's even uh and so when you you go to

it's even uh and so when you you go to launch your ec2 instance you're going to

launch your ec2 instance you're going to have to choose that instance type and so

have to choose that instance type and so here you can see you know here is our T2

here you can see you know here is our T2 micro and then we have um the small the

micro and then we have um the small the medium the large the x large okay but

medium the large the x large okay but there are exceptions to this pattern for

there are exceptions to this pattern for sizes so you know there is one

sizes so you know there is one particular one called uh metal and so

particular one called uh metal and so that's going to indicate that this is a

that's going to indicate that this is a bare metal machine and then sometimes

bare metal machine and then sometimes you get these Oddball ones like 9x large

you get these Oddball ones like 9x large so you know the rule of power of two or

so you know the rule of power of two or even numbers is not always the case uh

even numbers is not always the case uh but generally it'll be pretty even for

but generally it'll be pretty even for you know the start here okay uh just

you know the start here okay uh just talking about instant sizes so the E2

talking about instant sizes so the E2 instant sizes generally double in price

instant sizes generally double in price and attribute so uh just bringing up

and attribute so uh just bringing up these numbers a little bit closer

these numbers a little bit closer starting at the small here you're going

starting at the small here you're going to notice one two doesn't maybe double

to notice one two doesn't maybe double there but four and here we see 12 24 uh

there but four and here we see 12 24 uh almost doubles there almost doubles

almost doubles there almost doubles there but I want to I show you that the

there but I want to I show you that the price is generally almost double so 16

price is generally almost double so 16 33 67 135 and so a lot of times like you

33 67 135 and so a lot of times like you always have the option to say okay do I

always have the option to say okay do I want to go to the next instance size up

want to go to the next instance size up or have uh an additional instance of the

or have uh an additional instance of the same size and sometimes it's a better

same size and sometimes it's a better approach to get an additional instance

approach to get an additional instance because then you can distribute it

because then you can distribute it across another a uh but then you also

across another a uh but then you also meet additional capacity so there you

meet additional capacity so there you [Music]

[Music] go so we talked about dedicated

go so we talked about dedicated instances and hosts a little bit but

instances and hosts a little bit but let's just make that distinction very

let's just make that distinction very clear so dedicated hosts are single

clear so dedicated hosts are single tenant easy to instances designed to let

tenant easy to instances designed to let you bring your own license so Bol based

you bring your own license so Bol based on machine characteristics and so we'll

on machine characteristics and so we'll compare the dedicated instance to the

compare the dedicated instance to the dedicated host across isolation billing

dedicated host across isolation billing uh physical characteristics visibility

uh physical characteristics visibility Affinity between a host and instance

Affinity between a host and instance targeted instance placement automatic

targeted instance placement automatic instance placement and add capacity

instance placement and add capacity using allocation request so for

using allocation request so for isolation for dedicated instance you're

isolation for dedicated instance you're going to get instance isolation so you

going to get instance isolation so you can have the same customer on the same

can have the same customer on the same physical machine but there is

physical machine but there is virtualization there for them and

virtualization there for them and there's a guarantee of that um for a

there's a guarantee of that um for a dedicated host you have physical server

dedicated host you have physical server isolation so you get the whole server

isolation so you get the whole server for billing uh on a dedicated instance

for billing uh on a dedicated instance it's per instance billing and it's going

it's per instance billing and it's going to have an additional fee of $2 per

to have an additional fee of $2 per region and for dedicated host it's per

region and for dedicated host it's per host building so it's a lot more

host building so it's a lot more expensive but you get the whole machine

expensive but you get the whole machine uh for visibility of physical

uh for visibility of physical characteristics you're not going to get

characteristics you're not going to get any of that information for dedicated

any of that information for dedicated instance for dedicated host you are such

instance for dedicated host you are such as sockets core host host ID and this is

as sockets core host host ID and this is really important when you have a bring

really important when you have a bring your own license and they're saying this

your own license and they're saying this license is for x amount of cores or x

license is for x amount of cores or x amount of sockets then we have Affinity

amount of sockets then we have Affinity so there's no affinity for dedicated

so there's no affinity for dedicated instance for dedicated hosts you'll have

instance for dedicated hosts you'll have consistency with deploys to the same

consistency with deploys to the same instance to the same physical server uh

instance to the same physical server uh there's no control of Target instance

there's no control of Target instance placement for dedicated instance you do

placement for dedicated instance you do have control on a dedicated host for

have control on a dedicated host for auto automatic instance placements you

auto automatic instance placements you have it for both and to add capacity

have it for both and to add capacity using allocation requests it's a no for

using allocation requests it's a no for dedic at instance and it's a yes for

dedic at instance and it's a yes for dedicated host so I want to come back to

dedicated host so I want to come back to the main point that's what's highlighted

the main point that's what's highlighted here is that on a dedicated host you

here is that on a dedicated host you have visibility of sockets core host ID

have visibility of sockets core host ID and this is really really important when

and this is really really important when you're bringing your own licensed byol

you're bringing your own licensed byol such as um you know Microsoft SQL

such as um you know Microsoft SQL servers where you have to specify the

servers where you have to specify the manacor and things like that

manacor and things like that [Music]

[Music] okay so we've been talking about uh

okay so we've been talking about uh tendency and I just want to make it very

tendency and I just want to make it very clear uh the difference between the

clear uh the difference between the different levels of tendency on AWS so

different levels of tendency on AWS so we have three okay so we got dedicated

we have three okay so we got dedicated host so your server lives here and you

host so your server lives here and you have control of the physical attribute

have control of the physical attribute so basically the whole server okay uh

so basically the whole server okay uh then we have dedicated instances so your

then we have dedicated instances so your server is on the same uh physical

server is on the same uh physical machine as other customers but the

machine as other customers but the actual slot that you have the dedicated

actual slot that you have the dedicated instance will always be the same uh and

instance will always be the same uh and then we have uh the default so your

then we have uh the default so your instance will live somewhere on the

instance will live somewhere on the server uh and when you reboot it it's

server uh and when you reboot it it's going to be somewhere else so there's no

going to be somewhere else so there's no guarantee that it's going to be in the

guarantee that it's going to be in the same place every single time

same place every single time [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and in this follow along we're going

Pro and in this follow along we're going to be looking at ec2 and also um

to be looking at ec2 and also um services that are adjacent to it so like

services that are adjacent to it so like autoscaling groups load balancers

autoscaling groups load balancers elastic IPS things like that so we fully

elastic IPS things like that so we fully understand ec2 um you don't have to know

understand ec2 um you don't have to know tons for the exam but you should be able

tons for the exam but you should be able to go through the motions of this with

to go through the motions of this with me me so that you can cement that

me me so that you can cement that knowledge um for some of those deeper

knowledge um for some of those deeper Concepts like working with key Pairs and

Concepts like working with key Pairs and things like that so let's make our way

things like that so let's make our way over to the ec2 console and learn what

over to the ec2 console and learn what we can learn um and generally when you

we can learn um and generally when you go to the ec2 console it'll bring you to

go to the ec2 console it'll bring you to the dashboard for whatever reason it

the dashboard for whatever reason it didn't bring me there and then the idea

didn't bring me there and then the idea here is that on the left hand side we

here is that on the left hand side we can make our way over to

can make our way over to instances okay and this is where we can

instances okay and this is where we can launch our first instance so if we go

launch our first instance so if we go here and launch our instance the first

here and launch our instance the first thing we're going to be presented with

thing we're going to be presented with is to choose our Ami or Amazon machine

is to choose our Ami or Amazon machine image and so that is a template that

image and so that is a template that contains the software configuration so

contains the software configuration so the operating system applications and

the operating system applications and other binaries that would be installed

other binaries that would be installed on that OS by default all right and so

on that OS by default all right and so we have a variety that we can choose

we have a variety that we can choose from in the quick starts and generally

from in the quick starts and generally the ones that you're going to see first

the ones that you're going to see first are the ones that ad support so there

are the ones that ad support so there are uh um Amis or operating systems that

are uh um Amis or operating systems that a ads will support when you contact them

a ads will support when you contact them and then there's ones that are outside

and then there's ones that are outside that where uh they'll still help you

that where uh they'll still help you with but they might not have the

with but they might not have the knowledge on so just understand that if

knowledge on so just understand that if you pick from these core ones you're

you pick from these core ones you're going to be in good shape uh the most

going to be in good shape uh the most popular is the Amazon Linux 2 because

popular is the Amazon Linux 2 because it's part of the free tier and it is is

it's part of the free tier and it is is very minimal and well hardened by AWS so

very minimal and well hardened by AWS so it's a very good choice there but you

it's a very good choice there but you can see you can install a bunch of

can see you can install a bunch of things so like if you want to launch a

things so like if you want to launch a Mac OS server you can absolutely do that

Mac OS server you can absolutely do that a red hat uh Suzie Ubuntu a Windows

a red hat uh Suzie Ubuntu a Windows Server you name it they have it um if

Server you name it they have it um if you wanted something more farther out

you wanted something more farther out there you can go to the market

there you can go to the market Marketplace and uh subscribe to one that

Marketplace and uh subscribe to one that is managed by company basically

is managed by company basically everything exists Under the Sun here or

everything exists Under the Sun here or you could get a community Ami so these

you could get a community Ami so these are ones that are contributed by the

are ones that are contributed by the community for free but we're going to go

community for free but we're going to go back to quick start here and what I want

back to quick start here and what I want you to notice is that there is this Ami

you to notice is that there is this Ami ID that's how we can uniquely identify

ID that's how we can uniquely identify what we are using if we were to change

what we are using if we were to change region even with the same Amazon L 2

region even with the same Amazon L 2 instance this thing will change so just

instance this thing will change so just understand that it is regional based and

understand that it is regional based and it comes in a 64-bit variant and a arm

it comes in a 64-bit variant and a arm variant and so we're going to be using

variant and so we're going to be using the x86 here you can notice here you can

the x86 here you can notice here you can change it on the right hand side we're

change it on the right hand side we're going to stick with x86 I'm going to go

going to stick with x86 I'm going to go ahead and hit next so now we're going to

ahead and hit next so now we're going to choose our instance type and so this is

choose our instance type and so this is going to decide um uh greatly how much

going to decide um uh greatly how much we're going to be spending because the

we're going to be spending because the larger it is the more we're going to

larger it is the more we're going to spend so see this T2 micro if we want to

spend so see this T2 micro if we want to know the pricing for that we go to

know the pricing for that we go to ec2 pricing

ec2 pricing AWS and once we get to ec2

AWS and once we get to ec2 pricing we want to go to on

pricing we want to go to on demand and from here this will

demand and from here this will load and so down below we can kind of go

load and so down below we can kind of go find our price it should show

find our price it should show us should show us the list ah here it is

us should show us the list ah here it is okay so I can say a T2

okay so I can say a T2 micro and we can see the On Demand is

micro and we can see the On Demand is this so it seems really cheap what you

this so it seems really cheap what you got to do is do the math so if you do

got to do is do the math so if you do time 7:30 that's how many hours there

time 7:30 that's how many hours there are in a month if we launch a T2 micro

are in a month if we launch a T2 micro and let's say we didn't have the free

and let's say we didn't have the free tier we you do if you first made your

tier we you do if you first made your account you're going to have 7 750 hours

account you're going to have 7 750 hours for free with a free tier but if you

for free with a free tier but if you didn't it would only cost you $8 and 46

didn't it would only cost you $8 and 46 USD okay so just be aware of that and if

USD okay so just be aware of that and if you ever need to figure something out go

you ever need to figure something out go there copy it do the math 730 it's

there copy it do the math 730 it's pretty easy so here we have a T2 micro

pretty easy so here we have a T2 micro and the t2 family it's going to have one

and the t2 family it's going to have one V vcpu notice it has a V for virtual so

V vcpu notice it has a V for virtual so there could be more than a single CPU on

there could be more than a single CPU on the underlying Hardware but we're only

the underlying Hardware but we're only going to have access to one virtual CPU

going to have access to one virtual CPU we have 1 GB of memory it's for low to

we have 1 GB of memory it's for low to moderate Network performance so that's a

moderate Network performance so that's a factor that can change if you need like

factor that can change if you need like uh uh gigabit stuff like really fast

uh uh gigabit stuff like really fast connections for on Prem hybrid

connections for on Prem hybrid connections and you have specialized

connections and you have specialized servers for that but for this this is

servers for that but for this this is fine the TT micro is great uh if you

fine the TT micro is great uh if you want you can also search uh this way to

want you can also search uh this way to see all the instance families and things

see all the instance families and things like that you can filter for current

like that you can filter for current Generations all generations so this is

Generations all generations so this is fine okay so from there we're going to

fine okay so from there we're going to go to configure our instance type you

go to configure our instance type you can say let's launch multiple of these

can say let's launch multiple of these instances let's turn on spot to save

instances let's turn on spot to save money and try to bid for a particular

money and try to bid for a particular price we can change our VPC it's going

price we can change our VPC it's going to default to the default VPC um if you

to default to the default VPC um if you have no subnets just going to pick one

have no subnets just going to pick one at random here which is fine um whether

at random here which is fine um whether to autoassign a public IP address if you

to autoassign a public IP address if you do not have an IP address you cannot

do not have an IP address you cannot reach the internet so generally you want

reach the internet so generally you want this to be enabled this is dependent on

this to be enabled this is dependent on the subnet whether it will default

the subnet whether it will default enabled but doesn't matter if you have

enabled but doesn't matter if you have an ec2 instance in a private or public

an ec2 instance in a private or public subnet you can always override this and

subnet you can always override this and give it a public IP address you have

give it a public IP address you have placement groups which allows you to

placement groups which allows you to place servers together closely not

place servers together closely not something for the certified Cloud

something for the certified Cloud partitioner there's capacity

partitioner there's capacity reservations so if you're worried about

reservations so if you're worried about any us running out of this you can

any us running out of this you can reserve capacity so that's kind of

reserve capacity so that's kind of interesting domain join directory this

interesting domain join directory this isn't something that I've done much with

isn't something that I've done much with but I imagine that has something to do

but I imagine that has something to do with um direct active directory or

with um direct active directory or something like that to join information

something like that to join information then you need to uh uh have an IM roll

then you need to uh uh have an IM roll and we absolutely do need an IM roll

and we absolutely do need an IM roll here so what I want you to do is create

here so what I want you to do is create a new rooll just going to close off

a new rooll just going to close off these other tabs here and we will go

these other tabs here and we will go wait a moment create a new roll here and

wait a moment create a new roll here and we want to do this for ec2 so we say ec2

we want to do this for ec2 so we say ec2 is what we're creating the rule for

is what we're creating the rule for we'll hit next and um I don't know if I

we'll hit next and um I don't know if I have a policy but I'm going to go ahead

have a policy but I'm going to go ahead and um well I don't need to make a new

and um well I don't need to make a new policy but I just want SSM and the

policy but I just want SSM and the reason I want SSM is so that I can um uh

reason I want SSM is so that I can um uh use sessions manager to log in so we

use sessions manager to log in so we don't have to use key pairs we will use

don't have to use key pairs we will use key pairs but if we didn't want to use

key pairs but if we didn't want to use it that's what we could do and this used

it that's what we could do and this used to be the old rle and it'll tell you hey

to be the old rle and it'll tell you hey go use this new one here so just want to

go use this new one here so just want to make sure I know which one it is and so

make sure I know which one it is and so we'll just checkbox that on we'll hit

we'll just checkbox that on we'll hit next we can add tags right here it' be

next we can add tags right here it' be uh well actually we don't need to add

uh well actually we don't need to add any tags here so that's fine we'll sit

any tags here so that's fine we'll sit next and then I'll just say U my SSM ec2

next and then I'll just say U my SSM ec2 roll okay and we'll create that

roll okay and we'll create that roll and now that we have created that

roll and now that we have created that roll we can go back to our first tab

roll we can go back to our first tab here and and give this a refresh and

here and and give this a refresh and then drop down and it should show up

then drop down and it should show up here if we go down here a little bit we

here if we go down here a little bit we could turn on extra monitoring there is

could turn on extra monitoring there is monitoring built in but if you wanted to

monitoring built in but if you wanted to uh monitor it to a lower uh like it more

uh monitor it to a lower uh like it more frequently you could do that as well we

frequently you could do that as well we want share tendency right this is where

want share tendency right this is where you change to Dedicated instance or

you change to Dedicated instance or dedicated host obviously these cost more

dedicated host obviously these cost more but we're going to stick with shared

but we're going to stick with shared elastic inference so this is for um uh

elastic inference so this is for um uh attaching a a fractional GPU great for

attaching a a fractional GPU great for ML not something that we want there's

ML not something that we want there's credit specification I don't remember

credit specification I don't remember seeing this before selecting unlimited

seeing this before selecting unlimited for credit specification allows for to

for credit specification allows for to burst beyond the Baseline so as for

burst beyond the Baseline so as for bursting here you can attach an uh EFS

bursting here you can attach an uh EFS uh so if you need a file system that you

uh so if you need a file system that you want to mount or attach um then there's

want to mount or attach um then there's the Enclave option so Nitro Enclave

the Enclave option so Nitro Enclave enables you to create isolated compute

enables you to create isolated compute environments to further protect your uh

environments to further protect your uh and securely process highly sensitive

and securely process highly sensitive data so it might be something you might

data so it might be something you might want to checkbox on um based on your use

want to checkbox on um based on your use case and then down below are we have the

case and then down below are we have the ability to enter our user data and this

ability to enter our user data and this is something we want to do because we

is something we want to do because we want to install aachi so that we have

want to install aachi so that we have something to work with here so what I'm

something to work with here so what I'm going to do is make a shebang so that is

going to do is make a shebang so that is a pound and an exclamation mark I know

a pound and an exclamation mark I know that's really small so I'll try to bump

that's really small so I'll try to bump up my font here so you can see what I'm

up my font here so you can see what I'm doing and we're going to do a forward SL

doing and we're going to do a forward SL bin and a for SL bash on the next line

bin and a for SL bash on the next line here we're going to do yum install

here we're going to do yum install hyphen y

hyphen y httpd um that's going to install apachi

httpd um that's going to install apachi and why it's not called Apache I don't

and why it's not called Apache I don't know why but they call it http D there's

know why but they call it http D there's no Apachi in the name there and so we'll

no Apachi in the name there and so we'll say system CTL start httpd system CTL

say system CTL start httpd system CTL enable htpd so we're saying start up

enable htpd so we're saying start up Apachi and then make sure that it stays

Apachi and then make sure that it stays running if we restart our machine very

running if we restart our machine very simple so from there we will go to our

simple so from there we will go to our storage we'll say add our storage and

storage we'll say add our storage and this is at 8 gigabytes by default we

this is at 8 gigabytes by default we could uh uh turn that up to 30 if we

could uh uh turn that up to 30 if we like so you can go all the way up to 30

like so you can go all the way up to 30 if you like um and you might want to do

if you like um and you might want to do that but I'm going to leave at 8 we

that but I'm going to leave at 8 we could change our volume type I'm fine

could change our volume type I'm fine with gp2 because it's very cost

with gp2 because it's very cost effective and if we want to turn on

effective and if we want to turn on encryption and you should always turn on

encryption and you should always turn on encryption there's no reason not to and

encryption there's no reason not to and so we'll turn that on it's not like it's

so we'll turn that on it's not like it's going to cost you more it's going to be

going to cost you more it's going to be the same cost it's just your choice

the same cost it's just your choice there if do want to add a tag yes we're

there if do want to add a tag yes we're going to add a name and we're going to

going to add a name and we're going to say my ec2

say my ec2 instance

instance okay and so that's going to give us a

okay and so that's going to give us a name which is something we would really

name which is something we would really like to have then we have our security

like to have then we have our security group I'm going to just create a new

group I'm going to just create a new security group called my um um ec2 SG

security group called my um um ec2 SG here and just say my ec2 SG something

here and just say my ec2 SG something you cannot do is rename a security group

you cannot do is rename a security group once you've made it so make sure you

once you've made it so make sure you don't make a spelling mistake up here

don't make a spelling mistake up here and we want to be uh accessing that httt

and we want to be uh accessing that httt HTT or it's going to launch a website so

HTT or it's going to launch a website so in order to do that we need to make sure

in order to do that we need to make sure we have HTTP as a type with the port ad

we have HTTP as a type with the port ad open and we want it from anywhere so

open and we want it from anywhere so we'll say anywhere and that will be

we'll say anywhere and that will be 0.0.0.0 forze 0 and that that's for the

0.0.0.0 forze 0 and that that's for the ipv4 this is for the IPv6 okay so we'll

ipv4 this is for the IPv6 okay so we'll just say

just say internet and this is for SSH right and

internet and this is for SSH right and for this um I would probably suggest to

for this um I would probably suggest to say my IP but since we might be using a

say my IP but since we might be using a cloud shell to do that we're going to

cloud shell to do that we're going to leave it as anywhere so that we don't

leave it as anywhere so that we don't have any issues connecting so from here

have any issues connecting so from here we'll review and launch and you can

we'll review and launch and you can review what it is that's going on here

review what it is that's going on here it's going to say here hey you have an

it's going to say here hey you have an open port that's okay we we want the

open port that's okay we we want the internet to see our website cuz that's

internet to see our website cuz that's the whole point there and we'll go ahead

the whole point there and we'll go ahead and launch it it's going to ask for a

and launch it it's going to ask for a key pair we can go down and say proceed

key pair we can go down and say proceed without key pair but what I'm going to

without key pair but what I'm going to do is I'm going to create a new key pair

do is I'm going to create a new key pair because I want to show you how those

because I want to show you how those work and I'm sure we've already done in

work and I'm sure we've already done in this course once but we'll do it again

this course once but we'll do it again and so I'm going to just name this as my

and so I'm going to just name this as my ec2 instance here and then we're going

ec2 instance here and then we're going to go download that key pair it's going

to go download that key pair it's going to download a PM file there and so now

to download a PM file there and so now we can go ahead and launch that

we can go ahead and launch that instance and while that is launching so

instance and while that is launching so I'm going to just close this other t

I'm going to just close this other t here we're going to click on The View

here we're going to click on The View instances and so here is that instance

instances and so here is that instance that's why we put the tag so we could

that's why we put the tag so we could have a name there we're going to wait

have a name there we're going to wait for that to start but as that's going

for that to start but as that's going I'm going to make a new tab by just

I'm going to make a new tab by just right clicking here on the logo click

right clicking here on the logo click anywhere pretty much to do that and uh

anywhere pretty much to do that and uh once we do that we'll click on cloud

shell and as that is going what I want to do is take this pen down below I'm

to do is take this pen down below I'm going to move it to my desktop to make

going to move it to my desktop to make it easier for me to upload I'm doing

it easier for me to upload I'm doing this off screen okay

and uh once this environment is running I'm going to go ahead and upload that

I'm going to go ahead and upload that okay so we'll just give it a moment to

okay so we'll just give it a moment to do that we're also waiting for the

do that we're also waiting for the server to spin up as you'll notice there

server to spin up as you'll notice there is a public IP address here it says it's

is a public IP address here it says it's running so if we want we can copy it

running so if we want we can copy it we're looking for those two checks to

we're looking for those two checks to pass so the server could be available

pass so the server could be available but generally you want to wait for those

but generally you want to wait for those two system checks because one says Hey

two system checks because one says Hey the Hardware's fine the Network's fine

the Hardware's fine the Network's fine things like that okay if I take that IP

things like that okay if I take that IP address paste it on it up here we have

address paste it on it up here we have the web page so that is working uh no

the web page so that is working uh no problem there so that's great and we'll

problem there so that's great and we'll go over to Cloud shell and that is still

go over to Cloud shell and that is still starting uh it's not the fastest but

starting uh it's not the fastest but that's just how it is and um you know

that's just how it is and um you know we'll get going here in a second as soon

we'll get going here in a second as soon as this decides to

as this decides to load there we go so it's loaded I can

load there we go so it's loaded I can type clear here just to clear that

type clear here just to clear that screen out and so what I want to do is

screen out and so what I want to do is upload that pen file so I'm going to go

upload that pen file so I'm going to go and upload that file we're going to go

and upload that file we're going to go ahead and select it I'm going to go to

ahead and select it I'm going to go to my desktop here whoops my desktop and we

my desktop here whoops my desktop and we are going to choose my ec2 instance pen

are going to choose my ec2 instance pen all right and from there we'll hit

all right and from there we'll hit upload and that's going to upload that

upload and that's going to upload that pem

pem file once that is uploaded we're going

file once that is uploaded we're going to do

to do LS okay and so uh this is from a

LS okay and so uh this is from a previous tutorial so I'm going to go

previous tutorial so I'm going to go ahead and just delete that other one

ahead and just delete that other one there we'll say remove EFS example pem

there we'll say remove EFS example pem yes okay we'll type clear

yes okay we'll type clear and then what we can do here is Type in

and then what we can do here is Type in chamod and um I believe it's

chamod and um I believe it's 400 and what do we call this my ec2

400 and what do we call this my ec2 instance pen if you hit tab it will

instance pen if you hit tab it will autocomplete which is nice and if you do

autocomplete which is nice and if you do lsen la we can take a look at that file

lsen la we can take a look at that file and see it should look like this it

and see it should look like this it should have only one R here so the idea

should have only one R here so the idea is you're locking it down so it's not

is you're locking it down so it's not writable or executable it's just

writable or executable it's just readable because that's what you have to

readable because that's what you have to have it if you want to SSH and so if we

have it if you want to SSH and so if we want to ssh what we'll do is hit the

want to ssh what we'll do is hit the connect button here

connect button here and we have four options they just give

and we have four options they just give you too many options it's going to be a

you too many options it's going to be a fifth one for sure soon but right now

fifth one for sure soon but right now we're talking about SSH so for SSH um we

we're talking about SSH so for SSH um we had to chamod our file which we did and

had to chamod our file which we did and then we need to use this DNS to connect

then we need to use this DNS to connect to it and so this is the full line here

to it and so this is the full line here if you click on this copy that over and

if you click on this copy that over and paste it

paste it in that should be everything and noce

in that should be everything and noce we're doing ec2 user followed by this

we're doing ec2 user followed by this you could put the IP address in here

you could put the IP address in here instead if you preferred so if you were

instead if you preferred so if you were over here

over here you could go and take that IP address

you could go and take that IP address which is I think shorter nicer but um

which is I think shorter nicer but um you know if you just click that one

you know if you just click that one button it works that's fine you always

button it works that's fine you always have to accept the uh the fingerprint

have to accept the uh the fingerprint then you'll be inside the instance you

then you'll be inside the instance you can type who am I to see which user you

can type who am I to see which user you are you're the ec2 user that's the user

are you're the ec2 user that's the user that ads creates for their Amazon Linux

that ads creates for their Amazon Linux instances um it's going to vary per um

instances um it's going to vary per um Ami so not all Amis have an ec2 user it

Ami so not all Amis have an ec2 user it might be something else but that's

might be something else but that's generally the ones that Aus uses for

generally the ones that Aus uses for their supported ones and so if we do um

their supported ones and so if we do um an LS again we're in the server right

an LS again we're in the server right now we can tell because it says right

now we can tell because it says right here or if we do a PWD we can kind of

here or if we do a PWD we can kind of just kind of look around so I think it's

just kind of look around so I think it's going to be at VAR ww that's where HT

going to be at VAR ww that's where HT httpd or Apachi always uh puts their

httpd or Apachi always uh puts their files here so if I go in here whoops I'm

files here so if I go in here whoops I'm just looking for um the index file so I

just looking for um the index file so I thought the index file was

thought the index file was in cdar

in cdar WW H

WW H HTML well where the heck is it so I'm

HTML well where the heck is it so I'm going to just touch a file here and see

going to just touch a file here and see if it overrides

if it overrides it oh I don't care I'll just type

it oh I don't care I'll just type pseudo and what we can do is just try to

pseudo and what we can do is just try to restart this system CTL um there's a

restart this system CTL um there's a very similar command that's like uh

very similar command that's like uh service and so I always forget the order

service and so I always forget the order of it so I think it'd be I'm just

of it so I think it'd be I'm just checking um probably uh restart httpd

and so failed to restart the policy was not provided as the name service um

Service uh maybe pseudo there we go and so if we go back

pseudo there we go and so if we go back here I'm going to see if it changed

here I'm going to see if it changed because it will take whatever is in the

because it will take whatever is in the index HTML file so if there's no file

index HTML file so if there's no file there it's going to uh show that there

there it's going to uh show that there and so what I can do is I can edit this

and so what I can do is I can edit this file so going type VI index HTML and um

file so going type VI index HTML and um I'm going to hit I for insert mode oh

I'm going to hit I for insert mode oh says it's readon so what we have to do Q

says it's readon so what we have to do Q uh colon Q

uh colon Q quit oops uh clear LS and so what we

quit oops uh clear LS and so what we need to do is do pseudo VI index HTML

need to do is do pseudo VI index HTML and so Vim every single key is a hotkey

and so Vim every single key is a hotkey okay um and I'm not teaching Vim here

okay um and I'm not teaching Vim here but I'm going to teach you the basics

but I'm going to teach you the basics but the idea is that when you're here

but the idea is that when you're here notice that the cursor is blinking when

notice that the cursor is blinking when I hit I it enters insert mode now I can

I hit I it enters insert mode now I can type normally so I'd say hello uh hello

type normally so I'd say hello uh hello Cloud okay and I'm going to hit escape

Cloud okay and I'm going to hit escape to go back to um navigation mode

to go back to um navigation mode whatever you want to call it I'm going

whatever you want to call it I'm going to hit colon so it brings up the command

to hit colon so it brings up the command I'm going to type in uh write and quit

I'm going to type in uh write and quit Okay and hit enter and so I'll type

Okay and hit enter and so I'll type clear and so whoops clear and so we'll

clear and so whoops clear and so we'll hit up till we get that command pseudo

hit up till we get that command pseudo system CTL restart hbd we'll hit that

system CTL restart hbd we'll hit that hit enter

hit enter okay and it should restart pretty fast

okay and it should restart pretty fast there it is so it says hello Cloud I

there it is so it says hello Cloud I probably didn't even have to restart it

probably didn't even have to restart it to do that but anyway so now that

to do that but anyway so now that instance uh you can see how we're

instance uh you can see how we're updating that so what I want to do is

updating that so what I want to do is just do a sanity check and make sure

just do a sanity check and make sure that if we restart this instance that

that if we restart this instance that we're going to be able to um have aachi

we're going to be able to um have aachi running that's something you should

running that's something you should always do if you have an app and you or

always do if you have an app and you or anything you install it restart your

anything you install it restart your server make sure that everything works

server make sure that everything works so what I'm going to do is uh just hit

so what I'm going to do is uh just hit hit exit here so we go back to the top

hit exit here so we go back to the top level cloudshell type clear I'm going to

level cloudshell type clear I'm going to go back over to my ec2

go back over to my ec2 instance going have to click around to

instance going have to click around to find it here and what I want to do is

find it here and what I want to do is reboot it okay and if I reboot the

reboot it okay and if I reboot the machine the IP address is going to stay

machine the IP address is going to stay the same okay so if we reboot it the IP

the same okay so if we reboot it the IP address is going to stay the same and

address is going to stay the same and the reboot is going to happen really

the reboot is going to happen really fast if we want to observe that reboot

fast if we want to observe that reboot we could go over to um here on the right

we could go over to um here on the right hand side go to the system log and it

hand side go to the system log and it would show us that it it had

would show us that it it had rebooted I think so yeah it does a cloud

rebooted I think so yeah it does a cloud in it there I think it

in it there I think it rebooted not sure um but anyway if it's

rebooted not sure um but anyway if it's rebooted then we can go ahead and

rebooted then we can go ahead and connect and make sure everything's fine

connect and make sure everything's fine so let's just go here and hit enter and

so let's just go here and hit enter and let's see if the what the web page is

here notice that it's hanging right so it's probably because it's still

it's probably because it's still restarting even though it doesn't look

restarting even though it doesn't look like it is and that's something that you

like it is and that's something that you have to understand about the cloud is

have to understand about the cloud is that you have to think about what you're

that you have to think about what you're doing and have confidence that it is

doing and have confidence that it is happening and also just double check it

happening and also just double check it but uh that's something that can be kind

but uh that's something that can be kind of frustrating because these are

of frustrating because these are globally available Services uh uh

globally available Services uh uh they're massively scalable and so one of

they're massively scalable and so one of the trade-offs is that you don't always

the trade-offs is that you don't always have the most uh responsive uh uis ads

have the most uh responsive uh uis ads has one of the most responsive uis out

has one of the most responsive uis out of all the major providers but even

of all the major providers but even still like sometimes I have to second

still like sometimes I have to second guess myself but the page uh right now

guess myself but the page uh right now it was not working now it is so it's

it was not working now it is so it's fine so it just took time for that to

fine so it just took time for that to reboot and so um what I want to do is

reboot and so um what I want to do is connect a different way so we're going

connect a different way so we're going to go here and we're going to hit um

to go here and we're going to hit um we're going to checkbox that on we're

we're going to checkbox that on we're going to hit connect and instead of

going to hit connect and instead of using SSH client we're just going to go

using SSH client we're just going to go to sessions manager and hit

to sessions manager and hit connect and this is the preferred way of

connect and this is the preferred way of connecting because you don't have to

connecting because you don't have to have this this SSH key and that's a lot

have this this SSH key and that's a lot more secure because if someone has that

more secure because if someone has that key and you you know you hand it to

key and you you know you hand it to someone they could hand it to somebody

someone they could hand it to somebody else and then you have a big problem on

else and then you have a big problem on your hands so here this looks very

your hands so here this looks very similar but if you type who am I it

similar but if you type who am I it actually logs in as the SSM user which

actually logs in as the SSM user which is kind of annoying so I type in P sudo

is kind of annoying so I type in P sudo Su I have to do this hyphen here and

Su I have to do this hyphen here and then I'm going to say the user I want to

then I'm going to say the user I want to be which is ec2 user and then if I type

be which is ec2 user and then if I type who am I we are the correct user you

who am I we are the correct user you can't do anything in that SSM hyphen

can't do anything in that SSM hyphen user or SSM user so you got to switch

user or SSM user so you got to switch that over and I can bump this up to make

that over and I can bump this up to make it a bit larger so this is obviously not

it a bit larger so this is obviously not as nice as working over here or even in

as nice as working over here or even in your own terminal but it's a lot more

your own terminal but it's a lot more secure and it's tracked and all these

secure and it's tracked and all these other things so we really should be

other things so we really should be using it

using it okay and um I really don't like having

okay and um I really don't like having to bump this up with my HTML I'm going

to bump this up with my HTML I'm going to just go back to zero there there's

to just go back to zero there there's probably like a way to configure that

probably like a way to configure that but anyway uh let's just go and take a

but anyway uh let's just go and take a look at our

look at our file I'm going to type VI again and

file I'm going to type VI again and we're going to do VAR www HTML index

we're going to do VAR www HTML index HTML I'm going to put pseudo in front of

HTML I'm going to put pseudo in front of there and again remember you have to hit

there and again remember you have to hit I to go into insert

I to go into insert mode and uh what I'm going to do is just

mode and uh what I'm going to do is just take capitalize that hello Cloud give

take capitalize that hello Cloud give that exclamation mark colon WQ to quit

that exclamation mark colon WQ to quit right quick

right quick going to go back here refresh okay so we

going to go back here refresh okay so we don't have to restart our server which

don't have to restart our server which is nice all right so um that's that

is nice all right so um that's that that's pretty clear so I'll hit

that's pretty clear so I'll hit terminate

terminate here and I don't think we need Cloud

here and I don't think we need Cloud shell for anything so I'm just going to

shell for anything so I'm just going to close that and so that's pretty much it

close that and so that's pretty much it when it when it comes to working with an

when it when it comes to working with an an ec2 instance and so the next thing I

an ec2 instance and so the next thing I want to show you is elastic IP

want to show you is elastic IP [Music]

[Music] okay okay so now I want to show you

okay okay so now I want to show you elastic IP uh commonly abbreviated to

elastic IP uh commonly abbreviated to EIP and so all that is it's just a um a

EIP and so all that is it's just a um a static IP an IP that does not change

static IP an IP that does not change because this ec2 instance here notice

because this ec2 instance here notice that it's 54 163

that it's 54 163 4104 and what would happen if we were to

4104 and what would happen if we were to stop this instance not reboot it but

stop this instance not reboot it but stop it because for whatever reason we

stop it because for whatever reason we had to or or um for whatever reason and

had to or or um for whatever reason and if we were to stop this instance and we

if we were to stop this instance and we were to restart

were to restart it

it okay uh and we have to wait for to stop

okay uh and we have to wait for to stop but that IP address is going to change

but that IP address is going to change okay so 54 1634 104 hopefully we can

okay so 54 1634 104 hopefully we can observe that I'm just going to write

observe that I'm just going to write that down so we do not forget so I can

that down so we do not forget so I can prove to you that it does

change and now that it it's still stopping here so as that's stopping

stopping here so as that's stopping we're just going to go ahead and get our

we're just going to go ahead and get our elastic IP and I will prove that as we

elastic IP and I will prove that as we go here so I'm going to go over to here

go here so I'm going to go over to here and so what I want to do is Reserve or

and so what I want to do is Reserve or allocate an elastic IP address and so

allocate an elastic IP address and so I'm going to say Us East one and it's

I'm going to say Us East one and it's going to say from the Amazon Pool of

going to say from the Amazon Pool of ipv4 addresses so adabs has a bunch of

ipv4 addresses so adabs has a bunch of IP addresses they're holding on to and

IP addresses they're holding on to and so you can just allocate one and once

so you can just allocate one and once you've allocated that's your IP address

you've allocated that's your IP address so coming back to here okay this is

so coming back to here okay this is stopped notice there is no public IP

stopped notice there is no public IP address we're going to start it

again okay and will'll just checkbox it on and we just have to wait a little

on and we just have to wait a little while to see what the IP address is

while to see what the IP address is going to be I'm going to tell you it's

going to be I'm going to tell you it's going to be something

going to be something else so if I go back here this is 54

else so if I go back here this is 54 2352 1110 and our original one was 54

2352 1110 and our original one was 54 1634 104 so the reason why it's

1634 104 so the reason why it's important to have the same address is

important to have the same address is that if uh you have a load balancer well

that if uh you have a load balancer well not a load balcer but if you have a

not a load balcer but if you have a domain pointing to your I uh your server

domain pointing to your I uh your server and you reboot then and the you have a

and you reboot then and the you have a dang a dangling um path or route where

dang a dangling um path or route where Revue 3 was going to be pointing to

Revue 3 was going to be pointing to nothing and so adus does have things to

nothing and so adus does have things to mitigate that like aliases and things

mitigate that like aliases and things like that but um in general you know

like that but um in general you know there's cases where you just have to

there's cases where you just have to have a static IP address and so we had

have a static IP address and so we had allocated one over here and if we want

allocated one over here and if we want to assign it we're going to associate

to assign it we're going to associate that elastic IP address we're going to

that elastic IP address we're going to drop it down choose the cc2 instance um

drop it down choose the cc2 instance um I suppose the private IP as well and

I suppose the private IP as well and then we're going to go ahead and hit

then we're going to go ahead and hit allocate or

allocate or associate and once it's Associated it

associate and once it's Associated it should now have 34 199 121 116 so we go

should now have 34 199 121 116 so we go over

here and we're going to take a look here and that's its IP address we can pull it

and that's its IP address we can pull it up okay and that's that so yeah that's

up okay and that's that so yeah that's thetic

thetic [Music]

[Music] IP okay so now that we um have our

IP okay so now that we um have our lastic IP we have our ec2 instance

lastic IP we have our ec2 instance running let's say um you know we lose

running let's say um you know we lose the server we terminate it so we would

the server we terminate it so we would lose all of our configuration so if we

lose all of our configuration so if we wanted to bake this Ami to save it for

wanted to bake this Ami to save it for later what we'd have to do is go and

later what we'd have to do is go and create an image so to do that we go to

create an image so to do that we go to the top here and we go to images and

the top here and we go to images and templates and we can create an image or

templates and we can create an image or we can create a a template which is a

we can create a a template which is a lot better but for the time being we're

lot better but for the time being we're going just go ahead and create an image

going just go ahead and create an image and when you create an image you're

and when you create an image you're basically creating an Ami and so here

basically creating an Ami and so here I'm just going to say uh my

I'm just going to say uh my ec2 and I'm going to go 0 0 0 to just

ec2 and I'm going to go 0 0 0 to just kind of like number it so that's a very

kind of like number it so that's a very common numbering just do three zeros and

common numbering just do three zeros and then Inc by one and so here I can just

then Inc by one and so here I can just say my Apachi server and so it's going

say my Apachi server and so it's going to save some settings like the fact that

to save some settings like the fact that there is a a volume you could uh save

there is a a volume you could uh save some tags there and so I might go ahead

some tags there and so I might go ahead and add a tag and just say name and

and add a tag and just say name and we'll just say my ec2 server or so that

we'll just say my ec2 server or so that it remembers

it remembers that okay and then what we'll do is go

that okay and then what we'll do is go ahead and create our image and so this

ahead and create our image and so this can take a little bit of time if we go

can take a little bit of time if we go over to uh images

over to uh images here it's going to to be spinning for a

here it's going to to be spinning for a while and uh we'll just wait until it's

while and uh we'll just wait until it's done okay all right so after waiting a

done okay all right so after waiting a little while here our Ami is ready so

little while here our Ami is ready so we're just waiting for it to go

we're just waiting for it to go available if you do not see it just make

available if you do not see it just make sure you hit the refresh um because

sure you hit the refresh um because sometimes ads will just spin forever um

sometimes ads will just spin forever um and so that's just something you'll have

and so that's just something you'll have to do so you know hopefully that makes

to do so you know hopefully that makes sense what we'll do is go make our way

sense what we'll do is go make our way back over to instances here and we can

back over to instances here and we can launch one this way well actually we can

launch one this way well actually we can do it over from um the Ami page so what

do it over from um the Ami page so what I'm going to do is just terminate this

I'm going to do is just terminate this instance we're all done with it okay and

instance we're all done with it okay and we'll hit terminate it's totally fine

we'll hit terminate it's totally fine and it had a message about elastic IPS

and it had a message about elastic IPS about releasing them so when it does

about releasing them so when it does that the elastic IP is still over here

that the elastic IP is still over here so it did not release it so what we're

so it did not release it so what we're going to do is go ahead and disassociate

going to do is go ahead and disassociate the elastic

the elastic IP okay and then we're also going to

IP okay and then we're also going to release the IP address because if we

release the IP address because if we don't we're going to have this IP

don't we're going to have this IP address and sticking around that we're

address and sticking around that we're not using it is going to charge us a

not using it is going to charge us a dollar month over month so just be aware

dollar month over month so just be aware of those because that's just kind of

of those because that's just kind of like a hidden cost there but what we're

like a hidden cost there but what we're going to do is go over to

going to do is go over to Ami and we're going to select it here

Ami and we're going to select it here we're going to go to actions we're going

we're going to go to actions we're going to go ahead and

to go ahead and launch and what it's going to do is make

launch and what it's going to do is make us fill out all this other stuff again

us fill out all this other stuff again so if you had made a launch template uh

so if you had made a launch template uh we wouldn't have to fill out all this

we wouldn't have to fill out all this stuff it'd be part of it but that's what

stuff it'd be part of it but that's what I'm trying to show you with this Ami

I'm trying to show you with this Ami stuff so um instead of filling out all

stuff so um instead of filling out all this what I'm going to do is now go

this what I'm going to do is now go create a launch template just to kind of

create a launch template just to kind of show you that that would be a much

show you that that would be a much easier way to

easier way to work so we go over to E2 instance es and

work so we go over to E2 instance es and then left hand side we're looking for a

then left hand side we're looking for a launch template launch launch

launch template launch launch configurations is the old thing um

configurations is the old thing um launch templates here we go so what

launch templates here we go so what we'll do is create ourselves a launch

we'll do is create ourselves a launch template we'll just say my Apachi

template we'll just say my Apachi server and then down below we need to

server and then down below we need to choose our Ami so we're going to go here

choose our Ami so we're going to go here and we need to type it in so what do we

and we need to type it in so what do we call it my

ec2 I really don't like this uh search here it's very slow frustrating but once

here it's very slow frustrating but once we find it whoops that's why I don't

we find it whoops that's why I don't like it because a lot of times it'll be

like it because a lot of times it'll be loading and you'll end up clicking the

loading and you'll end up clicking the wrong

wrong thing okay

thing okay so I don't like this okay we'll type in

so I don't like this okay we'll type in my give it a

my give it a second there it is just wait because it

second there it is just wait because it will keep loading and then once it's

will keep loading and then once it's loaded hit

loaded hit enter and so it has that instance

enter and so it has that instance selected and then from there uh don't

selected and then from there uh don't include in the launch template so here

include in the launch template so here we could be explicit I would say I want

we could be explicit I would say I want this to be 22 T2 micro but we could

this to be 22 T2 micro but we could exclude it if we wanted to we could

exclude it if we wanted to we could specify the key pair here um not that we

specify the key pair here um not that we really want to use key pairs we'll say

really want to use key pairs we'll say my ec2 instance then down down here for

my ec2 instance then down down here for the networking we can specify uh that

the networking we can specify uh that security group we created so we created

security group we created so we created one here called my ec2

one here called my ec2 SG um storage is fine it's going to be

SG um storage is fine it's going to be encrypted network interface is fine

encrypted network interface is fine Advanced details what I want to do is

Advanced details what I want to do is set the IM instance profile that's

set the IM instance profile that's really important because we don't want

really important because we don't want to have to figure out that roll every

to have to figure out that roll every single time so we put that there and

single time so we put that there and that should be everything and we could

that should be everything and we could put user data in there but it's already

put user data in there but it's already baked into our Ami so we don't have to

baked into our Ami so we don't have to worry about anything so what I'm going

worry about anything so what I'm going to do here is go ahead and create this

to do here is go ahead and create this launch template and then we're going to

launch template and then we're going to view this launch template and so now

view this launch template and so now what we can do is then use it to launch

what we can do is then use it to launch an instance okay and so we're going to

an instance okay and so we're going to look here and it's very similar to dc2

look here and it's very similar to dc2 but except it's vertical so we're going

but except it's vertical so we're going to have one instance it's going to use

to have one instance it's going to use that Ami that instance type so you can

that Ami that instance type so you can see how you can override them which is

see how you can override them which is nice we're going to check the advanced

nice we're going to check the advanced details make sure that I profile is set

details make sure that I profile is set and we'll go ahead and launch this from

and we'll go ahead and launch this from a

a template so from there we can go ahead

template so from there we can go ahead and click the instance value there and

and click the instance value there and just be aware that when you do click

just be aware that when you do click through links like that you'll end up

through links like that you'll end up with the search so I always just

with the search so I always just checkbox that off so I can see what I'm

checkbox that off so I can see what I'm doing and so we're just waiting for this

doing and so we're just waiting for this instance to show up and the only thing I

instance to show up and the only thing I noticed is it didn't set our darn tags

noticed is it didn't set our darn tags so I wanted the name and there and I

so I wanted the name and there and I think it's because we said it in the Ami

think it's because we said it in the Ami but it didn't carry over to the launch

but it didn't carry over to the launch template so I'd have to go back to the

template so I'd have to go back to the launch template and update it probably

launch template and update it probably so if I go into here into the launch

so if I go into here into the launch template um we can probably modify

template um we can probably modify create a new

create a new version and then add tags there so we'

version and then add tags there so we' say

say name uh my uh Apachi

name uh my uh Apachi server I realize I'm changing it between

server I realize I'm changing it between them and so that should allow us to have

them and so that should allow us to have a version two so we'll create that and

a version two so we'll create that and but anyway that will be for the next

but anyway that will be for the next time we launch it okay and so this

time we launch it okay and so this instance is running I'm going to go grab

instance is running I'm going to go grab the IP

the IP address the server may or may not be

address the server may or may not be ready we'll take a look here and so it's

ready we'll take a look here and so it's just spinning if it's spinning it's

just spinning if it's spinning it's either the server is not ready or um our

either the server is not ready or um our ports not open so it was just getting

ports not open so it was just getting ready to work there so it is working now

ready to work there so it is working now so that is our launch template so now

so that is our launch template so now you know we don't have to worry about

you know we don't have to worry about losing our stuff and if we need to make

losing our stuff and if we need to make new versions We can just B new Amis and

new versions We can just B new Amis and increment them as uh Inc and attach them

increment them as uh Inc and attach them as new versions of that launch template

as new versions of that launch template [Music]

[Music] okay all right so what I want to show

okay all right so what I want to show you in this follow along is to set up an

you in this follow along is to set up an autoscaling group for our ec2 instance

autoscaling group for our ec2 instance and the idea behind this is that um

and the idea behind this is that um we'll be able to always ensure that a

we'll be able to always ensure that a single server is running or uh increase

single server is running or uh increase the capacity if the demand requires it

the capacity if the demand requires it so in order to create an autoscaling

so in order to create an autoscaling group we can go all all the way down

group we can go all all the way down below to here um and so you know I

below to here um and so you know I really don't like the Autos scaling

really don't like the Autos scaling group form but it's okay we'll work our

group form but it's okay we'll work our way through it so the first thing is

way through it so the first thing is we'll have to create our or name our

we'll have to create our or name our autoc scan group so we'll just say my

autoc scan group so we'll just say my ASG and then we'll have to select a

ASG and then we'll have to select a launch template which is great because

launch template which is great because we already have one and then we'll have

we already have one and then we'll have to select the version I'm going to

to select the version I'm going to select version two so that it applies

select version two so that it applies that tag name and we'll go to next and

that tag name and we'll go to next and so here um it's going to need to select

so here um it's going to need to select a VPC and then we need some subnets so

a VPC and then we need some subnets so we're going to choose three just because

we're going to choose three just because to have high availability you have to be

to have high availability you have to be running in at least three different

running in at least three different availability zones so that's why we have

availability zones so that's why we have three different subnets and then down

three different subnets and then down below we have the instance type

below we have the instance type requirements so uh T2 micro launch

requirements so uh T2 micro launch template looks good to me so we'll go

template looks good to me so we'll go ahead and hit

ahead and hit next and then from here we can choose to

next and then from here we can choose to do a load balancer and so I want to do

do a load balancer and so I want to do the load balancer separate so we won't

the load balancer separate so we won't do it as of yet but very often if you're

do it as of yet but very often if you're going to have an on group you're going

going to have an on group you're going to usually have a load balancer but

to usually have a load balancer but we'll talk about that when we get to

we'll talk about that when we get to that point there so we'll just go to the

that point there so we'll just go to the bottom here and hit next and so this is

bottom here and hit next and so this is what's important so how many do you want

what's important so how many do you want to be always running and so we always

to be always running and so we always want to have one and maybe the maximum

want to have one and maybe the maximum capacity is two and you want the desired

capacity is two and you want the desired C capacity to be around a particular

C capacity to be around a particular number so if you had three and you said

number so if you had three and you said the desired is two um there are things

the desired is two um there are things that could try to work to always make

that could try to work to always make sure there's two but we just want to

sure there's two but we just want to have one for this example we can set up

have one for this example we can set up a scaling policy so I do Target tracking

a scaling policy so I do Target tracking scaling policy and so here we could do

scaling policy and so here we could do it based on a bunch of different things

it based on a bunch of different things so if the CP utilization went over 50%

so if the CP utilization went over 50% it would launch another server so that

it would launch another server so that might be something we might want to set

might be something we might want to set so I'll we're not going to uh try to

so I'll we're not going to uh try to trigger the scaling policy but we might

trigger the scaling policy but we might as well just apply because it's not too

as well just apply because it's not too hard then you can also do a scaling uh

hard then you can also do a scaling uh scale in protection policy so if you

scale in protection policy so if you want to make sure it does not um uh

want to make sure it does not um uh reduce the amount of servers that's

reduce the amount of servers that's something you could do we can add a

something you could do we can add a notification to say hey there's a

notification to say hey there's a scaling policy happening here which is

scaling policy happening here which is fine we don't have to worry about that

fine we don't have to worry about that um and there's tags so add tags to help

um and there's tags so add tags to help you search filter Etc um so I'm going to

you search filter Etc um so I'm going to put a tag here I'm going to say name I'm

put a tag here I'm going to say name I'm just wondering if this is going to

just wondering if this is going to attach to the ec2 and or this is for the

attach to the ec2 and or this is for the Autos scaling group you can optionally

Autos scaling group you can optionally choose to add tags to instances by

choose to add tags to instances by specifying tags in your launch templates

specifying tags in your launch templates so we already did that so I don't need

so we already did that so I don't need to put a tag here and so we can review

to put a tag here and so we can review our um Auto scaling group and go ahead

our um Auto scaling group and go ahead and create that auto scaling

and create that auto scaling group okay and so that auto scaling

group okay and so that auto scaling group expects there to be a single

group expects there to be a single instance so what it's going to do is

instance so what it's going to do is it's going to start launching an

it's going to start launching an instance and so what I'm going to do is

instance and so what I'm going to do is just get rid of this old server because

just get rid of this old server because we don't need it anymore this old one

we don't need it anymore this old one here

here okay and you can already see okay that

okay and you can already see okay that the load balancer is launching this new

the load balancer is launching this new one here and remember we updated our

one here and remember we updated our version two to have that name so that's

version two to have that name so that's how we know that it is so if we go back

how we know that it is so if we go back over to our autoscaling

group okay it's now saying there is an instance we don't have a status as of

instance we don't have a status as of yet

yet and so there are ways of doing uh status

and so there are ways of doing uh status checks to for it to determine whether or

checks to for it to determine whether or not the server is

not the server is working um because if the server is

working um because if the server is unhealthy what it would do is it would

unhealthy what it would do is it would actually kill it and then start up a new

actually kill it and then start up a new one right so if I go down below it's

one right so if I go down below it's right now doing an ec2 health check and

right now doing an ec2 health check and the ec2 health check just means that is

the ec2 health check just means that is the server working right um is it

the server working right um is it running it doesn't necessarily mean like

running it doesn't necessarily mean like hey can I load this web app um but you

hey can I load this web app um but you know it's very simple so we'll give it a

know it's very simple so we'll give it a moment here to start up and just make

moment here to start up and just make sure that it's working

okay and I think it's ready so if I take that public IP address here and paste it

that public IP address here and paste it in there it is okay so if we were to

in there it is okay so if we were to tell it to increase the capacity to

tell it to increase the capacity to three then what it would do is it would

three then what it would do is it would launch three and then it should probably

launch three and then it should probably launch it all evenly to those other it

launch it all evenly to those other it should evenly launch it to all those

should evenly launch it to all those other uh availability zones and then

other uh availability zones and then we'll have something that is highly

we'll have something that is highly available okay so that's pretty much it

available okay so that's pretty much it for this and then we'll move on to autos

for this and then we'll move on to autos scaling

scaling [Music]

[Music] groups all right so we have our uh ec2

groups all right so we have our uh ec2 instance now managed by an Autos scaling

instance now managed by an Autos scaling group and the great thing is that if we

group and the great thing is that if we terminate this instance this Auto

terminate this instance this Auto scaling group will launch another uh

scaling group will launch another uh instance to meet our particular capacity

instance to meet our particular capacity um the only thing though is that if we

um the only thing though is that if we were to have multiple E2 instances

were to have multiple E2 instances running like three of them um how would

running like three of them um how would you distribute traffic to the mall right

you distribute traffic to the mall right so you know you have an IP address

so you know you have an IP address coming in from the internet uh but let's

coming in from the internet uh but let's say you want to evenly distribute it and

say you want to evenly distribute it and that's where a load bouncer comes into

that's where a load bouncer comes into play and even if you have a single

play and even if you have a single server you should always have a load

server you should always have a load bouncer because it just makes it a lot

bouncer because it just makes it a lot easier for you to scale when you need to

easier for you to scale when you need to and you it acts as an intermediate layer

and you it acts as an intermediate layer where you can attach a web application

where you can attach a web application firewall you can attach an SSL

firewall you can attach an SSL certificate for free so there's a lot of

certificate for free so there's a lot of reasons to have a load balancer so what

reasons to have a load balancer so what we'll do is go down below on the left

we'll do is go down below on the left hand side and we're going to make our

hand side and we're going to make our way over to load bouncers and we're

way over to load bouncers and we're going to create ourselves a new load

going to create ourselves a new load boun bcer so I'm going to hit create

boun bcer so I'm going to hit create load balcer here and you're going to see

load balcer here and you're going to see we have a lot of options application

we have a lot of options application load balcer Network load balcer Gateway

load balcer Network load balcer Gateway load balcer and then the classic load

load balcer and then the classic load Bouncer and so we are uh running an

Bouncer and so we are uh running an application so I'm going to create an

application so I'm going to create an application load balcer and here I'm

application load balcer and here I'm going to say my ALB um for an

going to say my ALB um for an application load balancer this is going

application load balancer this is going to be internet facing it's going to be

to be internet facing it's going to be ipv4 um we're going to let it launch in

ipv4 um we're going to let it launch in the default um subnet and we're going to

the default um subnet and we're going to choose the same the same uh uh azs right

choose the same the same uh uh azs right so that we get the same subnets as our

so that we get the same subnets as our that are in our autosan group and that's

that are in our autosan group and that's really important okay and then here um

really important okay and then here um you know we need to have a security

you know we need to have a security group and I just feel like selecting the

group and I just feel like selecting the same one here because that should work

same one here because that should work no problem there and we want to make

no problem there and we want to make sure that we can listen on Port 80 and

sure that we can listen on Port 80 and that it's going to forward it to a a um

that it's going to forward it to a a um a Target group and it looks like I might

a Target group and it looks like I might have a Target group there from before so

have a Target group there from before so just to reduce that confusion you won't

just to reduce that confusion you won't have this problem I'm just going to

have this problem I'm just going to double check if that's true so do I have

double check if that's true so do I have a Target group from there from before

a Target group from there from before yes I do that came

yes I do that came from I'm not sure it might have been

from I'm not sure it might have been created by um elastic beanock and wasn't

created by um elastic beanock and wasn't deleted okay so I'll go back over to

deleted okay so I'll go back over to here just so there's less confusion

here just so there's less confusion and we were selecting our Target group

and we were selecting our Target group so we're going to have to create a new

so we're going to have to create a new Target group so we go over here and here

Target group so we go over here and here you can choose whether it's instance IP

you can choose whether it's instance IP Lambda application load balancer so you

Lambda application load balancer so you could point it specifically to an IP

could point it specifically to an IP address and so if it was a static IP

address and so if it was a static IP address that would make sense uh

address that would make sense uh apparently you can Port uh point it

apparently you can Port uh point it directly to instances I don't remember

directly to instances I don't remember seeing that option before I guess that

seeing that option before I guess that makes sense yeah no sorry that makes

makes sense yeah no sorry that makes sense because that would go to uh vpcs

sense because that would go to uh vpcs okay or sorry uh asgs Autos scaling

okay or sorry uh asgs Autos scaling groups it's just that you are pointing

groups it's just that you are pointing them to Auto scaling groups you're not

them to Auto scaling groups you're not pointing them to instances so that's why

pointing them to instances so that's why that's confusing so I'm going to say my

that's confusing so I'm going to say my um Target group it'll be for Port 80

um Target group it'll be for Port 80 here um protocol http1 is fine we want

here um protocol http1 is fine we want to be in the same um VPC so that's fine

to be in the same um VPC so that's fine as well and down below we have our

as well and down below we have our health check and so the for slash means

health check and so the for slash means that it's going to hit the index HTML

that it's going to hit the index HTML page and so if it gets back um something

page and so if it gets back um something healthy and that that something healthy

healthy and that that something healthy is going to be um uh Port 80 then it's

is going to be um uh Port 80 then it's going to be considered good and then we

going to be considered good and then we can say the threshold of check so I'm

can say the threshold of check so I'm just going to reduce this so it's not so

just going to reduce this so it's not so crazy so we'll say three uh two and then

crazy so we'll say three uh two and then 10 okay and then it expects back a 200

10 okay and then it expects back a 200 which I think that's what we'll get back

which I think that's what we'll get back so we'll go ahead and hit next and so

so we'll go ahead and hit next and so now we have our Target group and it

now we have our Target group and it should register instances so it's saying

should register instances so it's saying hey we detected this and this fits the

hey we detected this and this fits the requirements for this so this is now uh

requirements for this so this is now uh this E2 instance is now in this target

this E2 instance is now in this target group okay so we can go back over here

group okay so we can go back over here and we can now drop down and choose

and we can now drop down and choose whoops hit the refresh

whoops hit the refresh button and choose our Target group

button and choose our Target group so I'm not seeing it here so I'm going

so I'm not seeing it here so I'm going to go back over here oh we didn't create

to go back over here oh we didn't create it

it okay and now we can go back hit refresh

okay and now we can go back hit refresh and there it

and there it is and yeah that looks all good so we'll

is and yeah that looks all good so we'll go ahead and hit create load

go ahead and hit create load balcer we can view the load balcers and

balcer we can view the load balcers and these create really fast if we scroll on

these create really fast if we scroll on up what we can do is now access our

up what we can do is now access our server through this DNS name okay so we

server through this DNS name okay so we copy that paste that in

copy that paste that in there does it

work not as of yet so if it's not working there because we did say look at

working there because we did say look at these instances another way is to

these instances another way is to directly associate your Autos scaling

directly associate your Autos scaling group with the load balancer so if I go

group with the load balancer so if I go into here and we hit uh

into here and we hit uh edit there is a way aha load bouncer

edit there is a way aha load bouncer so we want to associate this way and we

so we want to associate this way and we want to say this Target group

want to say this Target group here and also while we're here we might

here and also while we're here we might as well set it to elb so it's going to

as well set it to elb so it's going to use the elb tech so that makes it so the

use the elb tech so that makes it so the autoscaling group if it wants to uh

autoscaling group if it wants to uh restart server it's going to use the

restart server it's going to use the elb's check which is a lot more

elb's check which is a lot more sophisticated and then what we'll do is

sophisticated and then what we'll do is go hit

go hit update

update okay and now if we go back over to our

okay and now if we go back over to our load balancer just going to close some

load balancer just going to close some of these tabs so it's a less

of these tabs so it's a less confusing uh load balcer here

I think we should be able to see through here whether it is seeing it let's go

here whether it is seeing it let's go down below listeners monitoring

down below listeners monitoring integrated Services no it's going to be

integrated Services no it's going to be through the target

okay I mean it already had it there so maybe it's just that it hasn't finished

maybe it's just that it hasn't finished the check so over here it has a health

the check so over here it has a health status check oh now it's healthy okay so

status check oh now it's healthy okay so if it's healthy in the Target group and

if it's healthy in the Target group and the load bouncer is point to it then it

the load bouncer is point to it then it should technically work so we're going

should technically work so we're going to go ahead

to go ahead and uh copy the DNS again here make a

and uh copy the DNS again here make a new tab paste it

in and there it is okay so that's how you're going to access um all your all

you're going to access um all your all your instances that are within your

your instances that are within your autoc groups you're going to always go

autoc groups you're going to always go through the DNS and so if you had a row

through the DNS and so if you had a row 53 uh domain like you your domain

53 uh domain like you your domain managed by AWS you just point to the

managed by AWS you just point to the load balancer and that's how you hook it

load balancer and that's how you hook it up so that's pretty much it so yeah

up so that's pretty much it so yeah there you

there you [Music]

[Music] go all right so there you go we learned

go all right so there you go we learned everything we wanted to know about ec2

everything we wanted to know about ec2 so the the last thing to do is to tear

so the the last thing to do is to tear everything down so we have a load

everything down so we have a load balancer we have an autoc scanner group

balancer we have an autoc scanner group um and those are the two things we'll

um and those are the two things we'll have to pull on down so the first thing

have to pull on down so the first thing would be to take down the autoscaling

would be to take down the autoscaling group and when you delete an autoscaling

group and when you delete an autoscaling group it's going to delete all the ec2

group it's going to delete all the ec2 instances so we'll do it that way if you

instances so we'll do it that way if you tried to delete the ec2 it would just

tried to delete the ec2 it would just keep on spinning up so you have to

keep on spinning up so you have to delete that first and so as that's

delete that first and so as that's deleting then we'll be able to delete

deleting then we'll be able to delete our load balancer I'm going to try

our load balancer I'm going to try anyway to see if I can delete it at the

anyway to see if I can delete it at the same

same time and so I'll go up here I'm going to

time and so I'll go up here I'm going to go ahead and delete that uh load

go ahead and delete that uh load balancer actually it did work no

balancer actually it did work no problem going to make sure I don't have

problem going to make sure I don't have any elastic

any elastic IPS I'm going to also make sure I don't

IPS I'm going to also make sure I don't have any key pairs you can keep your key

have any key pairs you can keep your key pairs around but like I just want to

pairs around but like I just want to kind of clean this up so

okay okay and that instance should be terminating got to go back to the Autos

terminating got to go back to the Autos scan group

here if we click into it we can check um its activity

here so it's just saying successful so it is waiting on elb connection draining

it is waiting on elb connection draining which is kind of annoying because we

which is kind of annoying because we deleted at elb so there's nothing to

deleted at elb so there's nothing to drain um draining is just to make sure

drain um draining is just to make sure that uh you know there's no

that uh you know there's no interruptions when terminating services

interruptions when terminating services so just trying to be smart about

it and all I want to see is that it's just saying terminating over here and

just saying terminating over here and then I think we're done

then I think we're done okay so we'll just have to wait a little

okay so we'll just have to wait a little while here okay and I'll see you back in

while here okay and I'll see you back in a moment okay all right so after waiting

a moment okay all right so after waiting a very long time it did destroy so if I

a very long time it did destroy so if I go down over to uh my load balancer here

go down over to uh my load balancer here we're going to see that it does not

we're going to see that it does not exist so there was that connection

exist so there was that connection draining thing which was kind of

draining thing which was kind of annoying it's probably because I deleted

annoying it's probably because I deleted the load balancer first and then the um

the load balancer first and then the um the uh the Autos SC group second and

the uh the Autos SC group second and probably connection draining was turned

probably connection draining was turned on but it's not a big deal we just

on but it's not a big deal we just waited and it did eventually delete so

waited and it did eventually delete so we're pretty pretty much all done here

we're pretty pretty much all done here so there you

so there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are taking a look at ec2

Pro and we are taking a look at ec2 pricing models and there are five

pricing models and there are five different ways to pay with ec2 remember

different ways to pay with ec2 remember ec2 are virtual machines so we have on

ec2 are virtual machines so we have on demand spot uh reserved dedicated and

demand spot uh reserved dedicated and adus savings plans so what we'll do is

adus savings plans so what we'll do is look at these in summary here and then

look at these in summary here and then we'll dive deep onto each of these

we'll dive deep onto each of these different pricing models so for on

different pricing models so for on demand you are paying the a low cost and

demand you are paying the a low cost and also you have a lot of flexibility with

also you have a lot of flexibility with this plan uh you are paying per hour so

this plan uh you are paying per hour so this is a pay as you go model uh or you

this is a pay as you go model uh or you could be paying down to the second which

could be paying down to the second which we'll talk about uh the caveats there

we'll talk about uh the caveats there when we get to the on demand section

when we get to the on demand section this is suitable for workloads that are

this is suitable for workloads that are going to be short-term spiky

going to be short-term spiky unpredictable workloads uh that cannot

unpredictable workloads uh that cannot be interrupted and it's great for

be interrupted and it's great for first-time applications and the ond

first-time applications and the ond demand uh pricing model is great when

demand uh pricing model is great when you need the least amount of commitment

you need the least amount of commitment for spot pricing you can see we can save

for spot pricing you can see we can save up to 90% which is the greatest Savings

up to 90% which is the greatest Savings of out of all these models here uh the

of out of all these models here uh the idea here is you're requesting spare

idea here is you're requesting spare Computing capacity that adus is not

Computing capacity that adus is not using and that's where you're going to

using and that's where you're going to get that savings you have flexible start

get that savings you have flexible start and end times uh but your workloads have

and end times uh but your workloads have to be able to handle interruptions

to be able to handle interruptions because these servers can be stopped at

because these servers can be stopped at any time to be giving to more priority

any time to be giving to more priority customers uh and this is great for

customers uh and this is great for non-critical background jobs very common

non-critical background jobs very common for like scientific Computing uh where

for like scientific Computing uh where jobs can be started and stopped at any

jobs can be started and stopped at any given time this has the greatest amount

given time this has the greatest amount of savings then you have Reserve or

of savings then you have Reserve or reserved instances this allows you to

reserved instances this allows you to save up to 75% this is great for a

save up to 75% this is great for a steady state or pred ible usage you're

steady state or pred ible usage you're committing uh with AWS uh for ec2 usage

committing uh with AWS uh for ec2 usage over a period of 1 or 3E terms you can

over a period of 1 or 3E terms you can resell on uh unused reserved instances

resell on uh unused reserved instances so you're not totally stuck with this if

so you're not totally stuck with this if you buy them this is great for the best

you buy them this is great for the best long-term savings then you have

long-term savings then you have dedicated so these are just dedicated

dedicated so these are just dedicated servers and technically not a pricing

servers and technically not a pricing model but more so that the fact that it

model but more so that the fact that it can be utilized with pricing models um

can be utilized with pricing models um but the idea here is it can be used with

but the idea here is it can be used with on demand reserved or even spot this is

on demand reserved or even spot this is great when you need to uh have a

great when you need to uh have a guarantee of isolate hardware for

guarantee of isolate hardware for Enterprise requirements and this is

Enterprise requirements and this is going to be the most expensive uh so

going to be the most expensive uh so yeah there you go and we'll dive deep

yeah there you go and we'll dive deep here

here [Music]

[Music] okay so the on demand pricing model is a

okay so the on demand pricing model is a pay as you go model where you consume

pay as you go model where you consume compute and then you pay later so when

compute and then you pay later so when you launch an ec2 instance by default

you launch an ec2 instance by default you are using that on demand pricing and

you are using that on demand pricing and On Demand has no upfront payment and no

On Demand has no upfront payment and no long long-term commitment you are

long long-term commitment you are charged by the second up to a minimum of

charged by the second up to a minimum of 60 seconds so technically a minute or

60 seconds so technically a minute or the hour so let's just talk about the

the hour so let's just talk about the difference between those uh per second

difference between those uh per second billing and those per hour billing so

billing and those per hour billing so per second are for Linux windows windows

per second are for Linux windows windows with SQL Enterprise windows with SQL

with SQL Enterprise windows with SQL standard windows with SQL web instances

standard windows with SQL web instances that do not have a separate hourly

that do not have a separate hourly charge and then everything else is going

charge and then everything else is going to be um per hour and so you know when

to be um per hour and so you know when I'm launching ec2 instance I can't can't

I'm launching ec2 instance I can't can't even tell when something's per second or

even tell when something's per second or per hour you just have to know that it

per hour you just have to know that it has a separate hourly charge but

has a separate hourly charge but generally you know if you're just

generally you know if you're just launching things it's going to probably

launching things it's going to probably be the perc billing when you look up the

be the perc billing when you look up the hourly or the uh the pricing it's always

hourly or the uh the pricing it's always shown in the hourly rate so even if it

shown in the hourly rate so even if it is using uh per second billing when you

is using uh per second billing when you uh look up that pricing it's always

uh look up that pricing it's always going to show it to you like that but on

going to show it to you like that but on your bill you'll see it down to the

your bill you'll see it down to the second okay up to the first 60 seconds

second okay up to the first 60 seconds uh an on demand is great for workloads

uh an on demand is great for workloads that are shortterm spiky or

that are shortterm spiky or unpredictable

unpredictable uh but when you have a new app

uh but when you have a new app development this is where you want to

development this is where you want to experiment and then when you're ready to

experiment and then when you're ready to uh start saving because you know exactly

uh start saving because you know exactly what that workload is going to be over

what that workload is going to be over the span of a year or three that's where

the span of a year or three that's where we're going to get into reserved

we're going to get into reserved instances which we'll cover

instances which we'll cover [Music]

[Music] next hey this is Andrew Brown from exam

next hey this is Andrew Brown from exam Pro and we are taking a look at reserved

Pro and we are taking a look at reserved instances also known as RI and this is

instances also known as RI and this is um a bit of a complex topic but uh you

um a bit of a complex topic but uh you know if we do get through it it's going

know if we do get through it it's going to serve you well through uh multiple ad

to serve you well through uh multiple ad certifications so let's give it a bit of

certifications so let's give it a bit of attention here so RI is designed for

attention here so RI is designed for applications that have a steady state

applications that have a steady state predictable usage or required Reserve

predictable usage or required Reserve capacity so the idea is that you were

capacity so the idea is that you were saying to ads I'm going to make a

saying to ads I'm going to make a guaranteed commitment uh saying this is

guaranteed commitment uh saying this is what I'm going to use and I'm going to

what I'm going to use and I'm going to get savings because adus knows that

get savings because adus knows that you're going to be spending that money

you're going to be spending that money okay so the idea here is that the

okay so the idea here is that the reduced pricing is based on this kind of

reduced pricing is based on this kind of formula where we have term class

formula where we have term class offering the ra attributes and payment

offering the ra attributes and payment options technically the ra tributes

options technically the ra tributes don't exactly factor into it other the

don't exactly factor into it other the fact that they an RA tribute could be

fact that they an RA tribute could be like the instance type size uh but I'm

like the instance type size uh but I'm going to put that in the formula there

going to put that in the formula there just because it is an important

just because it is an important component so let's take a look at each

component so let's take a look at each of these uh components of the formula to

of these uh components of the formula to understand how we're going to save so

understand how we're going to save so the first is the term so the term uh the

the first is the term so the term uh the idea here is the longer the term the

idea here is the longer the term the greater the savings so you're committing

greater the savings so you're committing to a one-year or three-year contract

to a one-year or three-year contract with AWS um and one thing you need to

with AWS um and one thing you need to know is that these do not renew so at

know is that these do not renew so at the end of the year the idea is that you

the end of the year the idea is that you have to purchase again and when they do

have to purchase again and when they do expire your instances are just going to

expire your instances are just going to flip back over to On Demand with no

flip back over to On Demand with no interruptions to service then you have

interruptions to service then you have class offerings and so the idea here is

class offerings and so the idea here is the less flexible the offering the

the less flexible the offering the greater the savings so the first is

greater the savings so the first is standard and this is up to a 75

standard and this is up to a 75 reduction in the price compared to on

reduction in the price compared to on demand and the idea here is you can

demand and the idea here is you can modify some ra attributes which we'll

modify some ra attributes which we'll we'll talk about when we get to the um

we'll talk about when we get to the um ra tribute section there then you have

ra tribute section there then you have convertible so you save up to 54%

convertible so you save up to 54% reduced pricing compared to on demand

reduced pricing compared to on demand and you can exchange RIS based on the r

and you can exchange RIS based on the r attributes if the value is greater or

attributes if the value is greater or equal in value and there used to be a

equal in value and there used to be a third class called schedule but this no

third class called schedule but this no longer exists so if you do come across

longer exists so if you do come across it just know that ads is not planning on

it just know that ads is not planning on offering this uh again for whatever

offering this uh again for whatever reason I'm not sure why uh then there

reason I'm not sure why uh then there are the payment options so the greater

are the payment options so the greater upfront the greater the savings so here

upfront the greater the savings so here we have all upfront so full payment is

we have all upfront so full payment is made at the start of the term partial

made at the start of the term partial upfront so a portion of the cost must be

upfront so a portion of the cost must be paid upfront and the remaining hours in

paid upfront and the remaining hours in the terms are built at a discounted rate

the terms are built at a discounted rate and then there's no upfront so you are

and then there's no upfront so you are build at a discounted hourly rate for

build at a discounted hourly rate for every hour within the term regardless of

every hour within the term regardless of whether the reserv is being used and

whether the reserv is being used and this is really great this last option

this is really great this last option here because basically you're saying to

here because basically you're saying to AWS you're saying like I'm just going to

AWS you're saying like I'm just going to pay my bill as usual but I'm going to

pay my bill as usual but I'm going to just tell you what it's going to be and

just tell you what it's going to be and I'm going to save money so if you know

I'm going to save money so if you know uh that you're going to be using a T2

uh that you're going to be using a T2 medium for the next year uh you can do

medium for the next year uh you can do that and you're just going to save money

that and you're just going to save money okay okay so RIS can be shared between

okay okay so RIS can be shared between multiple accounts within an organization

multiple accounts within an organization and unused RIS can be sold in the

and unused RIS can be sold in the reserved instance Marketplace but we'll

reserved instance Marketplace but we'll talk about the limitations around that

talk about the limitations around that when we get a bit deeper in here just to

when we get a bit deeper in here just to kind of show you what it would look like

kind of show you what it would look like in inabus console and they updated it I

in inabus console and they updated it I love this new uh UI here the idea here

love this new uh UI here the idea here is you're going to filter based on your

is you're going to filter based on your requirements and that's going to show

requirements and that's going to show you RIS that are available and then

you RIS that are available and then you'll just choose the desired quantity

you'll just choose the desired quantity you can see the pricing stuff there

you can see the pricing stuff there you're going to add it to cart you're

you're going to add it to cart you're going to check out and that's how you're

going to check out and that's how you're going to purchase it okay

going to purchase it okay [Music]

[Music] so another factor to that formula were

so another factor to that formula were RI attributes and sometimes the

RI attributes and sometimes the documentation calls them R attributes

documentation calls them R attributes sometimes they call them instance

sometimes they call them instance attributes but these are limited based

attributes but these are limited based on class offering and can be uh uh can

on class offering and can be uh uh can affect the final price of the ra

affect the final price of the ra instance and there are four ra

instance and there are four ra attributes so the first is the instance

attributes so the first is the instance type so this could be like an M4 large

type so this could be like an M4 large and this is composed of an instance

and this is composed of an instance family so the M4 and the instance size

family so the M4 and the instance size so large okay then you have region so

so large okay then you have region so this is where the reserved instance is

this is where the reserved instance is purchased then you have the tency

purchased then you have the tency whether your instance runs on shared so

whether your instance runs on shared so the default which uh would be

the default which uh would be multi-tenant or a single tenant which

multi-tenant or a single tenant which would be dedicated hardware and then you

would be dedicated hardware and then you have the platform whether you're using

have the platform whether you're using Windows or Linux even if you're using on

Windows or Linux even if you're using on demand of course this would just affect

demand of course this would just affect your pricing but there are some

your pricing but there are some limitations around here which we'll get

limitations around here which we'll get into as we dive a bit deeper here with

into as we dive a bit deeper here with RI

RI [Music]

[Music] okay all right let's compare Regional

okay all right let's compare Regional and and zonal Ri so when you purchase an

and and zonal Ri so when you purchase an RI you have to determine the scope uh

RI you have to determine the scope uh for it okay so this is not going to

for it okay so this is not going to affect your price but it's going to

affect your price but it's going to affect the flexibility of the instance

affect the flexibility of the instance uh so this is something you have to

uh so this is something you have to decide so we're going to talk about

decide so we're going to talk about Regional RI which is when you purchase

Regional RI which is when you purchase it for a regional and zonal RI when you

it for a regional and zonal RI when you purchase it for an availability zone so

purchase it for an availability zone so when you purchase it for regional RI it

when you purchase it for regional RI it does not Reserve capacity meaning that

does not Reserve capacity meaning that there's no guarantee that those servers

there's no guarantee that those servers will be available so if ad us runs out

will be available so if ad us runs out of those servers uh you're just not

of those servers uh you're just not going to have them but when when it's

going to have them but when when it's zonal uh you are reserving capacity so

zonal uh you are reserving capacity so there's a guarantee that those will be

there's a guarantee that those will be there when you need them um in terms of

there when you need them um in terms of uh AZ flexibility uh you can use the

uh AZ flexibility uh you can use the regional RI for any a within that region

regional RI for any a within that region but for the zonal ri you can only use it

but for the zonal ri you can only use it for that particular region we're talking

for that particular region we're talking about instance flexibility um you can

about instance flexibility um you can apply the discount to uh any instance in

apply the discount to uh any instance in the family regardless of the size uh but

the family regardless of the size uh but then when we're looking at AZ there is

then when we're looking at AZ there is no instance flexibility Okay so just

no instance flexibility Okay so just going to use it for exactly what you

going to use it for exactly what you defined you can cue purchases for

defined you can cue purchases for regional R you cannot cue purchases for

regional R you cannot cue purchases for zonal Ri so there you

zonal Ri so there you [Music]

[Music] go let's talk about some ra limits here

go let's talk about some ra limits here so there's a limit to the number of

so there's a limit to the number of reserved instances that you can purchase

reserved instances that you can purchase per month and so uh the idea here is

per month and so uh the idea here is that you can purchase 20 Regional

that you can purchase 20 Regional reserved instances per region and then

reserved instances per region and then 20 zonal reserved instances per a so if

20 zonal reserved instances per a so if you have a region that has three A's you

you have a region that has three A's you can have uh 60 um zonal reserved

can have uh 60 um zonal reserved instances in that region okay there are

instances in that region okay there are some other limitations here so for

some other limitations here so for regional limits you cannot exceed the

regional limits you cannot exceed the running on demand instance limit by

running on demand instance limit by purchasing Regional reserved instances

purchasing Regional reserved instances the default for on demand limit is 20 so

the default for on demand limit is 20 so before purchasing your RI ensure on

before purchasing your RI ensure on demand limit is equal to or greater than

demand limit is equal to or greater than your RI you intend to purchase you might

your RI you intend to purchase you might even want to open up a service uh limit

even want to open up a service uh limit increase just to make sure you don't hit

increase just to make sure you don't hit that wall for zonal limits you can

that wall for zonal limits you can exceed your running on demand uh

exceed your running on demand uh instance limit by purchasing zonal

instance limit by purchasing zonal reserved instances if you're already uh

reserved instances if you're already uh have 20 ond demand instances and you

have 20 ond demand instances and you purchase 20 zal reserved instances you

purchase 20 zal reserved instances you can launch a further 20 ond demand

can launch a further 20 ond demand instances that match the specification

instances that match the specification of your zonal reserved instances so

of your zonal reserved instances so there you

there you [Music]

[Music] go let's talk about capacity reservation

go let's talk about capacity reservation so ec2 instances are backed by different

so ec2 instances are backed by different kinds of hardware and so there is a

kinds of hardware and so there is a finite amount of servers of available

finite amount of servers of available within an availability Zone per instance

within an availability Zone per instance type of family remember an availability

type of family remember an availability zone is just a data center or a

zone is just a data center or a collection of data centers and they only

collection of data centers and they only have so many servers in there so if they

have so many servers in there so if they run out because the demand is too great

run out because the demand is too great you just cannot spin anything up and so

you just cannot spin anything up and so that's what's happening you go to launch

that's what's happening you go to launch specific ec2 instant type but AB is like

specific ec2 instant type but AB is like sorry we don't have any right now and so

sorry we don't have any right now and so the solution to that is capacity

the solution to that is capacity reservation so it is a service of ec2

reservation so it is a service of ec2 that allows you to request uh a reserve

that allows you to request uh a reserve of ECC instance type for a specific

of ECC instance type for a specific region and a so here you would see that

region and a so here you would see that you just select the instance type

you just select the instance type platform a tendency the quantity and

platform a tendency the quantity and then here you might manually do it

then here you might manually do it specify time or you might say okay I

specify time or you might say okay I can't get exactly what I want but can

can't get exactly what I want but can give me something generally around uh

give me something generally around uh that kind of stuff or that type that I

that kind of stuff or that type that I want so the reserve capacity is charged

want so the reserve capacity is charged at the selected instance type on demand

at the selected instance type on demand rate whether an instance is running in

rate whether an instance is running in it or not and you can also use Regional

it or not and you can also use Regional Reserve instances With Your Capacity

Reserve instances With Your Capacity reservations to benefit from billing

reservations to benefit from billing discounts so there you go

discounts so there you go [Music]

[Music] so there are some key differences

so there are some key differences between standard and convertible Ri so

between standard and convertible Ri so let's take a look at it here so the

let's take a look at it here so the first is that with standard RI you can

first is that with standard RI you can modify your tributes so you can change

modify your tributes so you can change the a within the same region you can

the a within the same region you can change the scope uh from a zonal r to

change the scope uh from a zonal r to original RI or vice versa you can change

original RI or vice versa you can change the instance size uh as long as it's a

the instance size uh as long as it's a Linux and it has the default tendency

Linux and it has the default tendency you can change the network from ec2

you can change the network from ec2 classic to VPC and vice versa but when

classic to VPC and vice versa but when you're looking at convertible you you

you're looking at convertible you you don't modify ra tributes you perform in

don't modify ra tributes you perform in exchange okay and so standard RIS cannot

exchange okay and so standard RIS cannot do exchanges where convertible RI you

do exchanges where convertible RI you can uh exchange during the term for

can uh exchange during the term for another convertible RI with new R

another convertible RI with new R attributes and this includes the

attributes and this includes the instance family instant type platform

instance family instant type platform scope and tency um in terms of the

scope and tency um in terms of the marketplace you uh they can be bought in

marketplace you uh they can be bought in standard RI uh in the marketplace or you

standard RI uh in the marketplace or you can sell your RI if you uh don't need

can sell your RI if you uh don't need them anymore uh but for convertible R

them anymore uh but for convertible R they cannot be sold or bought in the

they cannot be sold or bought in the marketplace you're just dealing with ads

marketplace you're just dealing with ads directly

directly [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at the

Pro and we are taking a look at the reserved instance Marketplace we had

reserved instance Marketplace we had mentioned it prior so let's give it a

mentioned it prior so let's give it a little more attention here so it allows

little more attention here so it allows you to sell your unused standard RI to

you to sell your unused standard RI to recoup your spend for R right you do not

recoup your spend for R right you do not intend or cannot use so reserved

intend or cannot use so reserved instances can be sold after they have

instances can be sold after they have been active for at least 30 days and

been active for at least 30 days and once databus has received the upfront

once databus has received the upfront payment you must have a US bank account

payment you must have a US bank account to sell RI on the ri Marketplace there

to sell RI on the ri Marketplace there must be at least one month remaining in

must be at least one month remaining in the term for the ri you are listing you

the term for the ri you are listing you will retain the pricing and capacity

will retain the pricing and capacity benefit of your reservation until it's

benefit of your reservation until it's sold and the transaction is complete

sold and the transaction is complete your company name and address upon

your company name and address upon request will be shared with the buyer

request will be shared with the buyer for tax purposes a seller can set Only

for tax purposes a seller can set Only The Upfront price of an RI the usage

The Upfront price of an RI the usage price and other configurations such as

price and other configurations such as instance type availability Zone platform

instance type availability Zone platform will remain the same as when the ri was

will remain the same as when the ri was initially purchased the term length will

initially purchased the term length will be rounded down to the nearest month for

be rounded down to the nearest month for example a reservation with 9 months and

example a reservation with 9 months and 15 days remaining will appear as 9

15 days remaining will appear as 9 months on the R Market you can sell up

months on the R Market you can sell up to 20,000 USD in reserved instances per

to 20,000 USD in reserved instances per year if you need to sell more RI

year if you need to sell more RI reserved instances in the gov Cloud uh

reserved instances in the gov Cloud uh region cannot be sold on the ri

region cannot be sold on the ri Marketplace so there you

Marketplace so there you [Music]

[Music] go hey it's Andrew Brown from examp Pro

go hey it's Andrew Brown from examp Pro and we are taking a look at spot

and we are taking a look at spot instances so adus has unused compute

instances so adus has unused compute capacity that they want to maximize the

capacity that they want to maximize the utility of their idle servers all right

utility of their idle servers all right so the idea is just like when a hotel

so the idea is just like when a hotel offers booking discounts to fill vacant

offers booking discounts to fill vacant Suites or planes offer discounts to fill

Suites or planes offer discounts to fill vacant seats all right so spot instances

vacant seats all right so spot instances provide a discount of 90% compared to On

provide a discount of 90% compared to On Demand pricing spot instances can be

Demand pricing spot instances can be terminated if the Computing capacity is

terminated if the Computing capacity is needed by other on demand customers but

needed by other on demand customers but from what I hear rarely rarely does spot

from what I hear rarely rarely does spot instances ever get terminated um it's

instances ever get terminated um it's designed for applications that have

designed for applications that have flexible start and end times or

flexible start and end times or applications that are only feasible at

applications that are only feasible at very low compute cost so you see some

very low compute cost so you see some options here like load balancing

options here like load balancing workloads flexible workloads Big Data

workloads flexible workloads Big Data workloads things like that um there is

workloads things like that um there is another service called Aus batch which

another service called Aus batch which is for doing batch processing and this

is for doing batch processing and this is very common what you use um spot with

is very common what you use um spot with and so you know if you find the spot

and so you know if you find the spot interface too complicated you're doing

interface too complicated you're doing batch processing you want to use this

batch processing you want to use this service instead um there are some

service instead um there are some termination conditions so instances can

termination conditions so instances can be terminated by adabs at any time if

be terminated by adabs at any time if your instance is terminated by ads you

your instance is terminated by ads you don't get charged for a partial hour of

don't get charged for a partial hour of usage if you terminate an instance you

usage if you terminate an instance you will be still charged for an hour uh

will be still charged for an hour uh that it ran so there you

that it ran so there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are taking a look here at

Pro and we are taking a look here at dedicated instances so dedicate

dedicated instances so dedicate instances is designed to help meet

instances is designed to help meet regulatory requirements inabus also has

regulatory requirements inabus also has this concept called dedicated hosts and

this concept called dedicated hosts and this is more for when you have strict

this is more for when you have strict server bound licensing that won't

server bound licensing that won't support multi- tendency or cloud

support multi- tendency or cloud deployments and we'll definitely

deployments and we'll definitely distinguish that in this course but just

distinguish that in this course but just not in this slide in particular um and

not in this slide in particular um and so to understand uh dedicated instances

so to understand uh dedicated instances or hosts we need to understand the

or hosts we need to understand the difference between multi- tendency and

difference between multi- tendency and single tendency so multi- tendency you

single tendency so multi- tendency you can think of it like everyone living in

can think of it like everyone living in the same apartment and single tendency

the same apartment and single tendency you can think of it everyone having

you can think of it everyone having their own house so the idea here is that

their own house so the idea here is that you have a server I'm just going to get

you have a server I'm just going to get my uh cursor or my pen out here to say

my uh cursor or my pen out here to say server and you have have multiple

server and you have have multiple customers running workloads on the same

customers running workloads on the same hardware and the idea is that they are

hardware and the idea is that they are separated via virtual isolation so

separated via virtual isolation so they're using the same server but it's

they're using the same server but it's just software that might be separating

just software that might be separating them okay and then we have the idea of

them okay and then we have the idea of single tency so we have a single

single tency so we have a single customer that has dedicated Hardware so

customer that has dedicated Hardware so the physical location is what separates

the physical location is what separates customers um and the idea here is that

customers um and the idea here is that dedicated can be offered via on demand

dedicated can be offered via on demand reserved and spot so that's why we're

reserved and spot so that's why we're talking about dedicated here in the

talking about dedicated here in the pricing model just so you know that you

pricing model just so you know that you know even though these are a lot more

know even though these are a lot more expensive than on demand uh you can

expensive than on demand uh you can still save by using reserved and also

still save by using reserved and also spot which I was very surprised about um

spot which I was very surprised about um and when you want to choose dedicated

and when you want to choose dedicated you're just going to launch your ec2 and

you're just going to launch your ec2 and you'll have a drop down where you have

you'll have a drop down where you have that shared so that's the default

that shared so that's the default dedicated so you have dedicated instance

dedicated so you have dedicated instance and dedicated host and again we'll talk

and dedicated host and again we'll talk about dedicated host uh later when we

about dedicated host uh later when we need to here um and so again the reason

need to here um and so again the reason why um you know Enterprises or large

why um you know Enterprises or large organizations may want to use dedicated

organizations may want to use dedicated instances is because they have a sec uh

instances is because they have a sec uh a security concern or obligation about

a security concern or obligation about uh against sharing the same Hardware

uh against sharing the same Hardware with other adus customers

with other adus customers [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at ABA

Pro and we are taking a look at ABA savings plans and this is similar to

savings plans and this is similar to reserved instances but simplifies the

reserved instances but simplifies the purchasing process so it's going to look

purchasing process so it's going to look a lot like RI at the start here but I'll

a lot like RI at the start here but I'll tell you how it's a bit different okay

tell you how it's a bit different okay so there are three types of saving plans

so there are three types of saving plans you have compute Savings Plan ec2

you have compute Savings Plan ec2 instance saving plan plans and sagemaker

instance saving plan plans and sagemaker saving plans uh and so you just go ahead

saving plans uh and so you just go ahead and choose that you can choose two

and choose that you can choose two different terms so one year threee so

different terms so one year threee so would be simple as that and then you

would be simple as that and then you choose the following payment options so

choose the following payment options so you have all upfront partial payment and

you have all upfront partial payment and no upfront and then you're going to

no upfront and then you're going to choose that hour of the commitment

choose that hour of the commitment you're not having to think about

you're not having to think about standard versus convertible uh uh

standard versus convertible uh uh Regional versus zonal RI attributes it's

Regional versus zonal RI attributes it's a lot simpler uh and let's just talk

a lot simpler uh and let's just talk about the three different saving plans

about the three different saving plans or types in a bit more detail so you

or types in a bit more detail so you have compute so compute savings plans

have compute so compute savings plans provides the most flexibility and helps

provides the most flexibility and helps to reduce your cost by 66% these plans

to reduce your cost by 66% these plans automatically apply to ec2 instances

automatically apply to ec2 instances usage ads fargate 8s Lambda service

usage ads fargate 8s Lambda service usage regardless of the instance family

usage regardless of the instance family size AZ region Os or tency then you have

size AZ region Os or tency then you have ec2 instances so this provides the

ec2 instances so this provides the lowest prices offering saving up to 72%

lowest prices offering saving up to 72% in exchange for commitment to usage of

in exchange for commitment to usage of instance uh individual instance families

instance uh individual instance families in a region so automatically reduce uh

in a region so automatically reduce uh your cost on the selected instance

your cost on the selected instance family in the region regardless of a

family in the region regardless of a size OS tendency gives you the

size OS tendency gives you the flexibility to change your usage between

flexibility to change your usage between instances with a within a family in that

instances with a within a family in that region and the last is sagemaker so

region and the last is sagemaker so helps you reduce Sage maker cost by up

helps you reduce Sage maker cost by up to 64% automatically apply to Sage maker

to 64% automatically apply to Sage maker usage regardless of instance family size

usage regardless of instance family size component adus region if you don't know

component adus region if you don't know what sagemaker is that's adab Us's ml

what sagemaker is that's adab Us's ml service and it uses ec2 instances or

service and it uses ec2 instances or specifically ml ec2 instances so

specifically ml ec2 instances so everything's basically using ec2 here um

everything's basically using ec2 here um but there you

but there you [Music]

[Music] go all right let's take a look at the

go all right let's take a look at the zero trust model and the Zer trust model

zero trust model and the Zer trust model is a security uh model which operates on

is a security uh model which operates on the principle of trust no one and verify

the principle of trust no one and verify everything so what I mean by that is

everything so what I mean by that is malicious actors being able to bypass

malicious actors being able to bypass conventional access controls

conventional access controls demonstrates traditional security

demonstrates traditional security measures are no longer sufficient and

measures are no longer sufficient and that's where the zero trust model comes

that's where the zero trust model comes into play so with the zero trust model

into play so with the zero trust model identity becomes the primary security

identity becomes the primary security perimeter

perimeter uh and so you might be asking what do we

uh and so you might be asking what do we mean by primary security perimeter the

mean by primary security perimeter the primary or new security perimeter

primary or new security perimeter defines the first line of defense and

defines the first line of defense and it's security controls that protect a

it's security controls that protect a company's Cloud resources and assets um

company's Cloud resources and assets um if it still doesn't make sense we do

if it still doesn't make sense we do cover a part of the defense in depth

cover a part of the defense in depth where you see the layers of Defense from

where you see the layers of Defense from data all the way to physical and so you

data all the way to physical and so you can kind of see you know what we're

can kind of see you know what we're talking about in that model there but

talking about in that model there but the old way that we used to do things is

the old way that we used to do things is Network Centric so we had traditional

Network Centric so we had traditional focused on firewalls and VPN since there

focused on firewalls and VPN since there were few employees or workstations

were few employees or workstations outside the office or they were in a

outside the office or they were in a specific remote office so we treat the

specific remote office so we treat the network uh the network as kind of like

network uh the network as kind of like the the boundary so if you're in in

the the boundary so if you're in in office there's nothing to worry about

office there's nothing to worry about but we don't think like that anymore

but we don't think like that anymore because everything is identity Centric

because everything is identity Centric so this is where we have bring your own

so this is where we have bring your own device remote workstations which are

device remote workstations which are becoming more common uh we can't always

becoming more common uh we can't always trust that the employee is in a secure

trust that the employee is in a secure location we have uh identity based

location we have uh identity based security controls like MFA providing

security controls like MFA providing provisional access based on the level

provisional access based on the level risk from where when and what a user

risk from where when and what a user wants to access and identity Centric

wants to access and identity Centric does not replace uh but it augments

does not replace uh but it augments Network Centric security so it's just an

Network Centric security so it's just an additional layer of consideration for uh

additional layer of consideration for uh security when we're thinking about our

security when we're thinking about our Aus Cloud workloads

Aus Cloud workloads [Music]

[Music] okay all right so we just Loosely

okay all right so we just Loosely defined what the zero trust model is so

defined what the zero trust model is so let's talk about how we would do zero

let's talk about how we would do zero trust on AWS and so zero trust has to do

trust on AWS and so zero trust has to do a lot with identity security controls

a lot with identity security controls and so let's talk about what is at our

and so let's talk about what is at our disposal on AWS so on AWS we have

disposal on AWS so on AWS we have identity and access management IM this

identity and access management IM this is where we create users or groups or

is where we create users or groups or policies so I policy is a set of

policies so I policy is a set of permissions that allow you to say okay

permissions that allow you to say okay this user is allowed to use uh these

this user is allowed to use uh these services with these particular actions

services with these particular actions uh then you have the concept of

uh then you have the concept of permission boundaries and so these are

permission boundaries and so these are saying okay um these aren't the

saying okay um these aren't the permissions the user has currently but

permissions the user has currently but these are the boundaries to which we

these are the boundaries to which we want them to have so they should never

want them to have so they should never have access to um uh ml services and if

have access to um uh ml services and if someone's to uh apply them uh uh

someone's to uh apply them uh uh permissions it'll always be within these

permissions it'll always be within these boundaries then you have service control

boundaries then you have service control policies and these are organization-wide

policies and these are organization-wide policies so if you have a policy where

policies so if you have a policy where you don't want anyone to run anything in

you don't want anyone to run anything in the Canada region you can apply that

the Canada region you can apply that policy at the organizational level and

policy at the organizational level and it will be enforced then within an

it will be enforced then within an policy there are the concept of

policy there are the concept of conditions and so these are all the kind

conditions and so these are all the kind of like uh little knobs you can uh tweak

of like uh little knobs you can uh tweak to say how do I uh control based on a

to say how do I uh control based on a bunch of different factors so there's

bunch of different factors so there's Source IP so restrict where the IP

Source IP so restrict where the IP address is coming from a requested

address is coming from a requested region so restrict based on the region

region so restrict based on the region as we just mentioned as an example uh

as we just mentioned as an example uh multiactor off presence so restrict if

multiactor off presence so restrict if MFA is turned off uh current time so

MFA is turned off uh current time so restrict access based on time of day

restrict access based on time of day maybe you know your employees should

maybe you know your employees should never be really using things at night

never be really using things at night and so that could be an indicator that

and so that could be an indicator that someone is doing something malicious so

someone is doing something malicious so you know only give them access during a

you know only give them access during a certain time a day and so that's where

certain time a day and so that's where we're going to figure out you know based

we're going to figure out you know based on all these type of controls security

on all these type of controls security controls uh to our adus resources we can

controls uh to our adus resources we can kind of enforce the zero trust model

kind of enforce the zero trust model adus adus does not have a ready to use

adus adus does not have a ready to use identity controls that are intelligent

identity controls that are intelligent which is why adus is considered not to

which is why adus is considered not to have a zero trust offering for customers

have a zero trust offering for customers and thirdparty services need to be used

and thirdparty services need to be used so what I'm saying is that technically

so what I'm saying is that technically you know this checkbox is this thing

you know this checkbox is this thing saying okay we can kind of do zero trust

saying okay we can kind of do zero trust on AWS but there's a lot of manual work

on AWS but there's a lot of manual work and you know if I was to say okay um I

and you know if I was to say okay um I don't want anyone using this at

don't want anyone using this at nighttime that doesn't really detect you

nighttime that doesn't really detect you know what I'm saying it's not going to

know what I'm saying it's not going to say oh I think this time is suspicious

say oh I think this time is suspicious or malicious so then restrict access

or malicious so then restrict access only to these core services and anything

only to these core services and anything outside of the services can't be used it

outside of the services can't be used it just can't exactly do that without a lot

just can't exactly do that without a lot of U work yourself and that's what I'm

of U work yourself and that's what I'm talking about here where we have a

talking about here where we have a collection of aable services that can be

collection of aable services that can be set up in an intelligence intelligent is

set up in an intelligence intelligent is detection way for identity concerns but

detection way for identity concerns but requires expert knowledge so the way you

requires expert knowledge so the way you might do on AWS is that everything all

might do on AWS is that everything all the API calls go through ad's cloud

the API calls go through ad's cloud trail and so what you could do is feed

trail and so what you could do is feed those into Amazon guard Duty and guard

those into Amazon guard Duty and guard duty is an intrusion uh uh intrusion

duty is an intrusion uh uh intrusion detection and protection system so it

detection and protection system so it could detect suspicious or malicious

could detect suspicious or malicious activity on those cloud trail logs and

activity on those cloud trail logs and you could follow that up with

you could follow that up with remediation or you could pass that on to

remediation or you could pass that on to Amazon detective that could analyze

Amazon detective that could analyze investigate and quickly identify

investigate and quickly identify security issues uh that it could ingest

security issues uh that it could ingest from guard duty but I'm telling you that

from guard duty but I'm telling you that this stuff here is not as easy um for

this stuff here is not as easy um for the consumer and so you of course you

the consumer and so you of course you can do zero trust model but it's going

can do zero trust model but it's going to take a lot of work here and there are

to take a lot of work here and there are some limitations which we'll talk about

some limitations which we'll talk about next

next [Music]

[Music] here so now let's see how we would do

here so now let's see how we would do zero trust on OS with third Pary so os

zero trust on OS with third Pary so os does does technically Implement a zero

does does technically Implement a zero trust model but does not allow for

trust model but does not allow for intelligent identity security controls

intelligent identity security controls which you know you can do it but it's a

which you know you can do it but it's a lot of work so uh let's kind of compare

lot of work so uh let's kind of compare it against kind of a third party where

it against kind of a third party where we would get the controls that we would

we would get the controls that we would not necessarily get with AWS so for

not necessarily get with AWS so for example aure active directory has a real

example aure active directory has a real time and calculated risk detection Based

time and calculated risk detection Based on data points than AWS and this is

on data points than AWS and this is based on device and application time of

based on device and application time of day location whether MFA is turned on

day location whether MFA is turned on what is being accessed and the security

what is being accessed and the security controls verification or logic

controls verification or logic restriction is much more robust so you

restriction is much more robust so you know just as one particular example like

know just as one particular example like device and application is not something

device and application is not something that ads factors in uh with the existing

that ads factors in uh with the existing controls or at least not in a way that

controls or at least not in a way that is consumer friendly and you know I

is consumer friendly and you know I can't say onus okay when you think that

can't say onus okay when you think that this is the type of threat only allow

this is the type of threat only allow them access to these things or if you

them access to these things or if you think they're in a risky area or risky

think they're in a risky area or risky uh location only give them access to you

uh location only give them access to you know these things where there's not

know these things where there's not sensitive data you can't exactly do that

sensitive data you can't exactly do that on itus very easily and so this is where

on itus very easily and so this is where third party Solutions are going to come

third party Solutions are going to come into play so you have Azure active

into play so you have Azure active directory Google Beyond Corp jump Cloud

directory Google Beyond Corp jump Cloud all these have more intelligent security

all these have more intelligent security controls for realtime detection um and

controls for realtime detection um and so way you would use these is these

so way you would use these is these would be your primary directories uh for

would be your primary directories uh for Google beond Corp is just a zero trust

Google beond Corp is just a zero trust framework so I guess you'd use uh

framework so I guess you'd use uh Google's uh Cloud directory but the idea

Google's uh Cloud directory but the idea anyway here is that you'd use single

anyway here is that you'd use single sign on to connect those directories to

sign on to connect those directories to your adus account and that's how You'

your adus account and that's how You' access access those uh itus resources

access access those uh itus resources and you get this more robust

and you get this more robust functionality

okay hey it's Andrew Brown from exam Pro and we're looking at ident now we need

and we're looking at ident now we need to know a bunch of Concepts before we

to know a bunch of Concepts before we talk about identity on AWS so let's jump

talk about identity on AWS so let's jump into it the first is a directory service

into it the first is a directory service so what is directory service well it's a

so what is directory service well it's a service that Maps the names of network

service that Maps the names of network resources to network addresses and a

resources to network addresses and a directory service is shared uh

directory service is shared uh infrastructure or information in

infrastructure or information in infrastructure for locating managing

infrastructure for locating managing administrating and organizing resources

administrating and organizing resources such as volumes folders files printers

such as volumes folders files printers users groups devices telephone numbers

users groups devices telephone numbers and other objects a directory service is

and other objects a directory service is a critical component of a network

a critical component of a network operating system and a directory server

operating system and a directory server or a name server is a server which

or a name server is a server which provides a directory service so each

provides a directory service so each resource on the network is considered an

resource on the network is considered an object by the directory server

object by the directory server information about a particular resource

information about a particular resource is stored as a collection of attributes

is stored as a collection of attributes associated with that resource or object

associated with that resource or object uh well-known directory Services would

uh well-known directory Services would be a domain name service um so the

be a domain name service um so the directory service for the internet

directory service for the internet Microsoft active directory and uh they

Microsoft active directory and uh they have a cloud hosted one called Azure

have a cloud hosted one called Azure active directory we have aachi directory

active directory we have aachi directory service Oracle inter internet directory

service Oracle inter internet directory so o ID uh open ldap uh cloud and

so o ID uh open ldap uh cloud and identity and jump Cloud

identity and jump Cloud [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at active

Pro and we are taking a look at active directory now you might say well we're

directory now you might say well we're doing adab best why are we looking at

doing adab best why are we looking at this well no matter what cloud service

this well no matter what cloud service provider you're using you should know

provider you're using you should know what active directory is uh especially

what active directory is uh especially when it comes to Identity you can use it

when it comes to Identity you can use it with AWS um so let's talk about it so

with AWS um so let's talk about it so Microsoft introduced active directory

Microsoft introduced active directory domain services in Windows 2000 to give

domain services in Windows 2000 to give organizations's ability to manage

organizations's ability to manage multiple on- premise infrastructure

multiple on- premise infrastructure components and systems using a single

components and systems using a single identity per user and since then it's uh

identity per user and since then it's uh involved uh evolved obviously it's uh

involved uh evolved obviously it's uh running Beyond Windows 2000 as of today

running Beyond Windows 2000 as of today and uh they even have a managed one

and uh they even have a managed one called Azure ad which is on Microsoft

called Azure ad which is on Microsoft Azure but just to kind of give you an

Azure but just to kind of give you an architectural diagram here the idea is

architectural diagram here the idea is that you would have your domain servers

that you would have your domain servers here uh and they might have child

here uh and they might have child domains and the idea is that you have

domains and the idea is that you have these running on multiple machines so

these running on multiple machines so that you have redundant ability to log

that you have redundant ability to log in from various places when you have a

in from various places when you have a bunch of domains it's called a forest

bunch of domains it's called a forest and then within a domain you actually

and then within a domain you actually have organizational units and when then

have organizational units and when then within organizational units you have all

within organizational units you have all your objects like your users your

your objects like your users your printers your computers your servers uh

printers your computers your servers uh all things like that

all things like that [Music]

[Music] okay hey it's Andrew Brown from xam Pro

okay hey it's Andrew Brown from xam Pro and we're talking about identity

and we're talking about identity providers

providers ipds so

hey this is Andrew Brown from exam Pro and we are talking about identity

and we are talking about identity providers also known as

providers also known as idps so an identity provider is a system

idps so an identity provider is a system entity that creates maintains and

entity that creates maintains and manages identity information for

manages identity information for principles and also provides

principles and also provides authentication services to Applications

authentication services to Applications with a federation or distributor Network

with a federation or distributor Network a trusted provider of your user identity

a trusted provider of your user identity that lets you use authent uh lets you

that lets you use authent uh lets you authenticate to access other service

authenticate to access other service identity providers so this could be like

identity providers so this could be like Facebook Amazon Google Twitter GitHub

Facebook Amazon Google Twitter GitHub LinkedIn uh Federate identity is a

LinkedIn uh Federate identity is a method of linking a user's identity

method of linking a user's identity across multiple separate identity

across multiple separate identity management systems and so some things

management systems and so some things that uh we can use for that is like open

that uh we can use for that is like open ID so this is an open standard and

ID so this is an open standard and decentralized Authentication Protocol

decentralized Authentication Protocol allows you to be able to log in to

allows you to be able to log in to different social media platforms using

different social media platforms using Google or Facebook account open ideas

Google or Facebook account open ideas about providing who you are then we have

about providing who you are then we have ooth 2.0 this is an industry standard

ooth 2.0 this is an industry standard protocol for authorization oath doesn't

protocol for authorization oath doesn't share password data but instead uses

share password data but instead uses authorization tokens to prove an

authorization tokens to prove an identity between consumers and service

identity between consumers and service providers oath is about granting access

providers oath is about granting access to functionality and then we have saml

to functionality and then we have saml the security assertion markup language

the security assertion markup language which is an open standard for exchanging

which is an open standard for exchanging authentication and authorization between

authentication and authorization between an identity provider and a service

an identity provider and a service provider and this is important use for

provider and this is important use for samle which we use for single sign on

samle which we use for single sign on Via the browser

Via the browser [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro we're looking at the concept of

Pro we're looking at the concept of single sign on so SSO is an

single sign on so SSO is an authentication scheme that allows a user

authentication scheme that allows a user to log in with a single ID and password

to log in with a single ID and password to different systems and software SSO

to different systems and software SSO allows it departments to administer a

allows it departments to administer a single identity that can access many

single identity that can access many machines and cloud services so the idea

machines and cloud services so the idea is you have Azure active directory this

is you have Azure active directory this is just an example of a very popular one

is just an example of a very popular one You' use samle to do SSO and you can

You' use samle to do SSO and you can connect to all things bu Google

connect to all things bu Google workspaces Salesforce or your computer

workspaces Salesforce or your computer uh the idea here is uh once you uh log

uh the idea here is uh once you uh log in um you don't have to log in multiple

in um you don't have to log in multiple times so you log into your primary

times so you log into your primary directory and then after that you're not

directory and then after that you're not going to be presented with a login

going to be presented with a login screen some Services might show an

screen some Services might show an intermediate screen but the idea is

intermediate screen but the idea is you're not entering your credentials in

you're not entering your credentials in multiple times so it's

multiple times so it's [Music]

[Music] seamless all right let's talk about ldap

seamless all right let's talk about ldap so lightweight directory access protocol

so lightweight directory access protocol is an open vendor neutral industry

is an open vendor neutral industry standard application protocol for

standard application protocol for accessing and maintaining distributed

accessing and maintaining distributed directory information Services over uh

directory information Services over uh IP network so a common use of ldap is to

IP network so a common use of ldap is to provide a central place to store

provide a central place to store usernames and passwords ldap enables for

usernames and passwords ldap enables for same signon so same sign on allows users

same signon so same sign on allows users to uh use a single ID and password but

to uh use a single ID and password but they have to enter it every single time

they have to enter it every single time they want to log in so maybe you have

they want to log in so maybe you have your on premise active directory and

your on premise active directory and then it's going to store it in that ldap

then it's going to store it in that ldap directory and so the idea is that um you

directory and so the idea is that um you know all these services like Google

know all these services like Google kubernetes um jenkings is going to uh

kubernetes um jenkings is going to uh deal with that ldap server so why would

deal with that ldap server so why would you use ldap over SSO which is more

you use ldap over SSO which is more convenient or seamless so most SSO

convenient or seamless so most SSO systems are using ldap under the hood

systems are using ldap under the hood but ldap was not designed neighly to

but ldap was not designed neighly to work with web applications so some

work with web applications so some systems only support integration with

systems only support integration with ldap and not SSO so you got to take what

ldap and not SSO so you got to take what you can get

you can get [Music]

[Music] okay let's let's take a look here at

okay let's let's take a look here at multifactor authentication also known as

multifactor authentication also known as MFA and this is a security control where

MFA and this is a security control where after you fill in your user's name and

after you fill in your user's name and email password you have to use a second

email password you have to use a second device such as a phone to confirm that

device such as a phone to confirm that it's you that is logging in so MFA

it's you that is logging in so MFA protects against people who have stolen

protects against people who have stolen your password MFA is an option in most

your password MFA is an option in most Cloud providers and even social media

Cloud providers and even social media websites such as Facebook so the idea is

websites such as Facebook so the idea is I have my uh username or email and

I have my uh username or email and password I'm going to try to log in this

password I'm going to try to log in this is the first factor and the second

is the first factor and the second Factor multiactor is I'm going to use a

Factor multiactor is I'm going to use a secondary device so maybe my phone we're

secondary device so maybe my phone we're going to enter in different codes or

going to enter in different codes or maybe it's passwordless so I just have

maybe it's passwordless so I just have to press a button to confirm that it's

to press a button to confirm that it's me and then I'll get access so in the

me and then I'll get access so in the context to AWS it's strongly recommended

context to AWS it's strongly recommended that you turn on MFA for all your

that you turn on MFA for all your accounts especially the adus root

accounts especially the adus root account uh we'll see that when we do the

account uh we'll see that when we do the follow

follow [Music]

[Music] alongs let's take a look at security

alongs let's take a look at security keys so a security key is a second

keys so a security key is a second device used as a second step in

device used as a second step in authentication process to gain access to

authentication process to gain access to a device workstation or application a

a device workstation or application a security key can resemble a memory stick

security key can resemble a memory stick and when your finger makes contact with

and when your finger makes contact with a button of exposed metal on the device

a button of exposed metal on the device it will generate and autofill a security

it will generate and autofill a security token a popular brand of security Keys

token a popular brand of security Keys is the UB key and this is the one I use

is the UB key and this is the one I use and is looks exactly like the one that's

and is looks exactly like the one that's right beside my desk it works out of the

right beside my desk it works out of the box with Gmail Facebook and hundreds

box with Gmail Facebook and hundreds more supports pho2 web o n uh u2f it's

more supports pho2 web o n uh u2f it's waterproof and crust resistance it uh

waterproof and crust resistance it uh has Vari like usba us NFC dual

has Vari like usba us NFC dual connectors on a single key can do a

connectors on a single key can do a variety of things so when you turn on

variety of things so when you turn on MFA on your ads account you'll have

MFA on your ads account you'll have virtual MFA device so that's when you're

virtual MFA device so that's when you're using something like a phone or using

using something like a phone or using software on your phone to do that then

software on your phone to do that then there's the u2f security key so this is

there's the u2f security key so this is what we're talking about right now and

what we're talking about right now and there's even other kinds of Hardware MFA

there's even other kinds of Hardware MFA devices um which we're not really going

devices um which we're not really going to talk about but um you know just

to talk about but um you know just security Keys tie into MFA and this is a

security Keys tie into MFA and this is a lot better way than using a phone

lot better way than using a phone because you know you can have it on your

because you know you can have it on your desk and press it um and you know you

desk and press it um and you know you don't have to worry about your phone

don't have to worry about your phone being not charged

being not charged [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at itus

Pro and we are taking a look at itus identity and access management also

identity and access management also known as IM am and you can use this

known as IM am and you can use this service to create and manage adus users

service to create and manage adus users groups uh use permissions to allow and

groups uh use permissions to allow and deny their access to adus resources so

deny their access to adus resources so there's quite a few components here

there's quite a few components here let's get to it so the first is I am

let's get to it so the first is I am policies so these are Json documents

policies so these are Json documents which Grant permissions for specific

which Grant permissions for specific users groups or a role to access

users groups or a role to access services and policies are attached to IM

services and policies are attached to IM IM identities then you have I am

IM identities then you have I am permissions or a permission and this is

permissions or a permission and this is an API action that can or cannot be

an API action that can or cannot be performed and they represented in the IM

performed and they represented in the IM policy document then there's the IM

policy document then there's the IM identity so we have IM users these are

identity so we have IM users these are end users who log into the console or

end users who log into the console or interact with ad resources

interact with ad resources programmatically or via clicking UI

programmatically or via clicking UI interfaces you have IM groups so these

interfaces you have IM groups so these these uh group up your users so they all

these uh group up your users so they all share the same permission levels so

share the same permission levels so maybe it's admins developers or Auditors

maybe it's admins developers or Auditors then you have IM roles so these roles

then you have IM roles so these roles Grant adus resources uh permissions to

Grant adus resources uh permissions to specific adus API actions and Associate

specific adus API actions and Associate policies to a role and then assign it to

policies to a role and then assign it to an adus resource just understand that

an adus resource just understand that roles are when you're attaching these to

roles are when you're attaching these to resources so like if you have an ec2

resources so like if you have an ec2 instance and you say it has to access S3

instance and you say it has to access S3 you're going to be attaching a a role

you're going to be attaching a a role not a policy directly okay

not a policy directly okay [Music]

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are looking at I impulses a

and we are looking at I impulses a little bit closer here and they are

little bit closer here and they are written in Json and contain the

written in Json and contain the permissions which determine the API

permissions which determine the API actions that are allowed or denied um

actions that are allowed or denied um and rarely do I write these out by hand

and rarely do I write these out by hand uh because they have a a little wizard

uh because they have a a little wizard that you can use to write out the code

that you can use to write out the code for you but if you want to you

for you but if you want to you absolutely can write it out by hand but

absolutely can write it out by hand but we should know the contents of it and

we should know the contents of it and how these Json files work so the first

how these Json files work so the first thing is the version um which is the

thing is the version um which is the policy language version and it's been

policy language version and it's been 2012 for a very long time I don't see

2012 for a very long time I don't see that changing anytime soon if they

that changing anytime soon if they happen to

happen to change what or what the structure of the

change what or what the structure of the Json is then you have the statements and

Json is then you have the statements and these are for policy elements uh and

these are for policy elements uh and you're allowed to have multiples of them

you're allowed to have multiples of them so the idea is that this is the the

so the idea is that this is the the policies or permissions we should say uh

policies or permissions we should say uh that you uh plan on applying then you

that you uh plan on applying then you have the Sid this is a way of labeling

have the Sid this is a way of labeling your statements um this is useful for

your statements um this is useful for like visualization or for ref

like visualization or for ref referencing it for later on but a lot of

referencing it for later on but a lot of times you don't have to have a sid um

times you don't have to have a sid um then there's the effect it's either

then there's the effect it's either allow or deny then you have the action

allow or deny then you have the action so here we're saying give access to S3

so here we're saying give access to S3 for all actions under it there's another

for all actions under it there's another action down below where it's saying give

action down below where it's saying give access I'm going to get my pen tool out

access I'm going to get my pen tool out here just to create a service link rle

here just to create a service link rle so that's a cross account rule there

so that's a cross account rule there then there's the principal so this is

then there's the principal so this is the account user role or Federated user

the account user role or Federated user to which you would like to allow access

to which you would like to allow access or deny so we're specifically saying uh

or deny so we're specifically saying uh this IM user named Barkley um in our

this IM user named Barkley um in our adus account there uh then there are the

adus account there uh then there are the resources so the resources to which the

resources so the resources to which the action applies um so in this one up here

action applies um so in this one up here we are specifying a specific adus bucket

we are specifying a specific adus bucket here we're saying all possible resources

here we're saying all possible resources in in anus account and then the

in in anus account and then the condition so there's all sorts of

condition so there's all sorts of different kinds of conditions so this is

different kinds of conditions so this is a string like one and it's saying look

a string like one and it's saying look at the service name and if it starts

at the service name and if it starts with this or that then they'll have

with this or that then they'll have access to that so this person even

access to that so this person even though it says all resources they're

though it says all resources they're really only going to have access to RDS

really only going to have access to RDS okay

okay [Music]

[Music] so in this follow along we're going to

so in this follow along we're going to take a closer look at I am policies so

take a closer look at I am policies so go to the top and type in I am and what

go to the top and type in I am and what we'll do is make our way over here uh

we'll do is make our way over here uh all the way over to policies and what I

all the way over to policies and what I want to do is create a new policy that

want to do is create a new policy that only has access to uh um limited

only has access to uh um limited resources

resources so um let's say we want to create an

so um let's say we want to create an Amazon ec2 instance and that ec2

Amazon ec2 instance and that ec2 instance has access to a very particular

instance has access to a very particular S3 bucket so what I want you to do is

S3 bucket so what I want you to do is make your way over to S3 and we're going

make your way over to S3 and we're going to create ourselves a new

bucket and I'm going to go ahead and create a bucket here we're going to call

create a bucket here we're going to call this

this um policy

um policy tutorial and I'm going to just put a

tutorial and I'm going to just put a bunch of numbers here you'll have to

bunch of numbers here you'll have to randomize it for your use

randomize it for your use case and so now that we have our bucket

case and so now that we have our bucket what we're going to do is go ahead and

what we're going to do is go ahead and create a

policy and the policy is going to choose a service we're going to say S3 and what

a service we're going to say S3 and what I want to do is only be able to list out

I want to do is only be able to list out actions I'm going to expand this so I

actions I'm going to expand this so I don't want everything so we're just

don't want everything so we're just going to say list

going to say list buckets okay and then what we'll do is

buckets okay and then what we'll do is uh expand this here and I want to save

uh expand this here and I want to save for a particular bucket so we'll go back

for a particular bucket so we'll go back over here click into our

over here click into our bucket and uh we're going to go ahead

bucket and uh we're going to go ahead and set those

and set those permissions by finding that Arn we're

permissions by finding that Arn we're going to paste that

going to paste that we're going to paste that RN up there

we're going to paste that RN up there sometimes it's a bit tricky it vanishes

sometimes it's a bit tricky it vanishes on

on you and we could set other conditions if

you and we could set other conditions if we wanted to but this is pretty simple

we wanted to but this is pretty simple as it

as it is and so that's our rule here right so

is and so that's our rule here right so we're saying this policy allows us to

we're saying this policy allows us to list this bucket for that

list this bucket for that okay so what we'll do is go ahead and

okay so what we'll do is go ahead and hit next we'll hit review and we'll just

hit next we'll hit review and we'll just say my bucket

say my bucket policy and we'll create that policy

okay so there's a few other things I think that I'd like to do with this

think that I'd like to do with this policy I'm going to pull it back up here

policy I'm going to pull it back up here so if we want to find it uh they used to

so if we want to find it uh they used to be able to filter these based on the

be able to filter these based on the ones that you

ones that you created but

created but um yeah these are like the little icons

um yeah these are like the little icons so these are ones that I've created up

so these are ones that I've created up here and so there's my bucket

here and so there's my bucket policy and I feel like I want to update

policy and I feel like I want to update this policy to have a bit of extra

this policy to have a bit of extra information here so I'm going to go edit

information here so I'm going to go edit this

this policy no you know what I think this is

policy no you know what I think this is fine so what I want to do is now create

fine so what I want to do is now create a

ro and we're going to create a new role and I'm going to call this

and I'm going to call this um well before I do I need to choose

um well before I do I need to choose what it's for so it's going to be for

what it's for so it's going to be for ec2 so we're going to go ahead and hit

ec2 so we're going to go ahead and hit next we're going to choose our policy so

next we're going to choose our policy so my bucket policy there it is and I want

my bucket policy there it is and I want to add another one here because I want

to add another one here because I want to be able to use sessions manager

to be able to use sessions manager because I really don't want to use an

because I really don't want to use an SSH key to check that this works and

SSH key to check that this works and so um for this I I need to use SSM so

so um for this I I need to use SSM so I'm going to type in SSM

I'm going to type in SSM here and I'm going just make sure this

here and I'm going just make sure this is the new one so this policy will soon

is the new one so this policy will soon be deprecated use Amazon SSM manag for

be deprecated use Amazon SSM manag for instance should always open these up and

instance should always open these up and read them to see what they do and so

read them to see what they do and so that's the one that's going to allow us

that's the one that's going to allow us to access uh Simpson manager so we can

to access uh Simpson manager so we can use um sessions manager okay and so I'm

use um sessions manager okay and so I'm going to say my ec2 roll for S3

going to say my ec2 roll for S3 we going go ahead and create ourselves a

roll so now that we have our roll I'm going to go over to

going to go over to ec2 and I'm going to go ahead and launch

ec2 and I'm going to go ahead and launch myself a new

myself a new instance we're going to choose Amazon L

instance we're going to choose Amazon L 2 we're going to stick with T2 micro I'm

2 we're going to stick with T2 micro I'm going to go over to configuration here

going to go over to configuration here everything is fine here um I'm fine with

everything is fine here um I'm fine with all that storage is fine we'll go to

all that storage is fine we'll go to Security Group and I don't want any

Security Group and I don't want any ports open because I'm not going to be

ports open because I'm not going to be using

using SSH we're going to launch this instance

SSH we're going to launch this instance I don't even want to key

I don't even want to key pair

pair okay and then we're going to go over

okay and then we're going to go over here and so what we're waiting for is

here and so what we're waiting for is this instance to launch as that is going

this instance to launch as that is going what I want to do is go over to my S3

what I want to do is go over to my S3 bucket and I want to place something in

bucket and I want to place something in this bucket so I do have some files here

this bucket so I do have some files here um so what I'm going to

um so what I'm going to do is create a new folder here whoops uh

do is create a new folder here whoops uh I'm going to go back

I'm going to go back and I'm just going to create a folder

and I'm just going to create a folder first create a folder Enterprise

D and I'm going to click into this and then I'm going to upload all my images

then I'm going to upload all my images here so you'll have to find your own

here so you'll have to find your own images off the internet this is just the

images off the internet this is just the ones I have and we'll go ahead and

ones I have and we'll go ahead and upload

upload those give that a

moment okay and so we don't have access to read those files we'll adjust our

to read those files we'll adjust our policy as we go so that we can do that

policy as we go so that we can do that okay so this instance should be running

okay so this instance should be running um it does doesn't have the two status

um it does doesn't have the two status checks pass we should be able to uh

checks pass we should be able to uh connect to it so click on connect here

connect to it so click on connect here and so we have options like E2 instance

and so we have options like E2 instance connect sessions manager SSH client I

connect sessions manager SSH client I want you to go to sessions manager it

want you to go to sessions manager it says we weren't able to connect to your

says we weren't able to connect to your instance common reasons SSM agent wasn't

instance common reasons SSM agent wasn't installed we absolutely have it

installed we absolutely have it installed the required IM profile oh

installed the required IM profile oh right so we were supposed to attach I

right so we were supposed to attach I forgot we were supposed to attach an ion

forgot we were supposed to attach an ion profile right so an ion profile is the

profile right so an ion profile is the RO uh it or the it holds the role uh

RO uh it or the it holds the role uh that's going to give the permissions to

that's going to give the permissions to that instance and since we didn't add it

that instance and since we didn't add it we have to go retroactively added after

we have to go retroactively added after the

the fact and so I'm going to have to modify

fact and so I'm going to have to modify the IM roll and we're going to choose my

the IM roll and we're going to choose my ec2 roll for S3 and we're going to save

ec2 roll for S3 and we're going to save that and actually when that happens you

that and actually when that happens you have to reboot the machine you only have

have to reboot the machine you only have to do that if you have no Ro attached

to do that if you have no Ro attached like prior no profile attached and

like prior no profile attached and you're attaching for the first time but

you're attaching for the first time but after that you never have to reboot the

after that you never have to reboot the machine this is the only case where

machine this is the only case where you'd have to do

you'd have to do that that's why when I launch an ec2

that that's why when I launch an ec2 instance I always at least have the SSM

instance I always at least have the SSM R attached the managed one that gets

R attached the managed one that gets sessions manager so that I don't ever

sessions manager so that I don't ever have to do a reboot in case I have to

have to do a reboot in case I have to update the

update the policy and so we will give that a moment

policy and so we will give that a moment there it says initializing so I'm going

there it says initializing so I'm going to try again to connect to it okay

and we still don't have that option there um so I'm going to go back to my

there um so I'm going to go back to my instances I'm going to check to see if

instances I'm going to check to see if the RO the RO or policy is

the RO the RO or policy is attached or profile I should

here there it is and so if I click into this into the

is and so if I click into this into the r we can see that we have the Amazon SSM

r we can see that we have the Amazon SSM managed instance core there so that's

managed instance core there so that's set up and the my uh bucket policy so

set up and the my uh bucket policy so this has everything that it should be

this has everything that it should be able to do it no

problem okay so I'm going to try that again okay so now the connect shows up

again okay so now the connect shows up OS is finicky like that you just have to

OS is finicky like that you just have to have confidence in knowing what you're

have confidence in knowing what you're doing is correct okay we'll go ahead and

doing is correct okay we'll go ahead and hit

hit connect and I didn't have to use SSH

connect and I didn't have to use SSH keys or anything and this is a lot more

keys or anything and this is a lot more secure way to connect your instances

secure way to connect your instances when it logs Us in it's going to set us

when it logs Us in it's going to set us as the SSM user but we want to be

as the SSM user but we want to be the um the ec2 user

the um the ec2 user okay that's uh ads always makes their uh

okay that's uh ads always makes their uh am like their Linux versions as the ec2

am like their Linux versions as the ec2 user and that's what you're supposed to

user and that's what you're supposed to use but it's just you just that's how

use but it's just you just that's how you have to get to that you just have to

you have to get to that you just have to type that pseudo Su hyphen ec2 user okay

type that pseudo Su hyphen ec2 user okay just once and if you type who am I

just once and if you type who am I that's who you are if you type type exit

that's who you are if you type type exit you'll go back to that user so if I type

you'll go back to that user so if I type exit and I type who am I I'm now this

exit and I type who am I I'm now this person so I'm going to go back hit up go

person so I'm going to go back hit up go back in there type clear so now I want

back in there type clear so now I want to see if I have access to S3 so I have

to see if I have access to S3 so I have to do a S3 LS want to see if I can list

to do a S3 LS want to see if I can list buckets it says access

buckets it says access denied

denied so I mean that kind of makes sense

so I mean that kind of makes sense because if you have list buckets and

because if you have list buckets and we're just saying only that bucket that

we're just saying only that bucket that might not make a whole lot of

might not make a whole lot of sense so I'm GNA go back to my policy I

sense so I'm GNA go back to my policy I might just written a a crummy policy but

might just written a a crummy policy but we'll say I am here if we have that one

we'll say I am here if we have that one open we should just go

open we should just go here and click on this policy

here and click on this policy here I'm going to edit that

here I'm going to edit that policy so I'm going to do is I'm just

policy so I'm going to do is I'm just going to change it and we say all

going to change it and we say all resources review the policy save changes

resources review the policy save changes and we'll see how fast that

and we'll see how fast that propagates okay

because I'm pretty sure I don't have to do anything here it should just now give

do anything here it should just now give me full access to

me full access to S3 just going to keep on hitting up

S3 just going to keep on hitting up here so what I'm going to do is I'm just

here so what I'm going to do is I'm just going to take like a three four minute

going to take like a three four minute break going to get a drink I'm going to

break going to get a drink I'm going to go back here and see if this propagates

go back here and see if this propagates I'm pretty sure I don't have to do

I'm pretty sure I don't have to do anything for that to propagate and I

anything for that to propagate and I think that I've attached everything

think that I've attached everything correctly here

okay okay so I haven't had much luck here it's still having the same issue so

here it's still having the same issue so if that is happening what I'm going to

if that is happening what I'm going to do um is I'm just going to reboot it

do um is I'm just going to reboot it because maybe I didn't give it a good

because maybe I didn't give it a good opportunity to reboot there again I

opportunity to reboot there again I don't think we should have to reboot it

don't think we should have to reboot it every time when we're we're changing um

every time when we're we're changing um uh things there but we will give it

uh things there but we will give it another go here and see if that fixes

another go here and see if that fixes that problem there so no sessions manner

that problem there so no sessions manner is going to time out here which is

is going to time out here which is totally

totally fine it's going to kill that session

fine it's going to kill that session there um and so what we'll have to do is

there um and so what we'll have to do is close this out because there's not much

close this out because there's not much we can do with

we can do with that and we're going to go ahead and go

that and we're going to go ahead and go back to connect and so we're waiting for

back to connect and so we're waiting for this button to appear because it is

this button to appear because it is rebooting so if we want to monitor that

rebooting so if we want to monitor that stuff usually there is an option here to

stuff usually there is an option here to monitor where it'll show us the system

monitor where it'll show us the system logs of what it's doing so here it's

logs of what it's doing so here it's just like restarting the

machine I'm not sure if we expect to see something after

something after this so I can click that

there and uh yeah it's easy to get turned around this so I can connect to

turned around this so I can connect to it again

now we'll type in pseudo Su hyphen ec2 user ads S3

user ads S3 LS and we still

LS and we still have access deny for list buckets so if

have access deny for list buckets so if that's the case it could be that um

that's the case it could be that um sometimes you need other permissions

sometimes you need other permissions when doing list policy like uh list

when doing list policy like uh list buckets so if that's the case we're

buckets so if that's the case we're going to do a sanity check I'm just

going to do a sanity check I'm just going to say all permissions here okay

going to say all permissions here okay and this way there's no way that I've

and this way there's no way that I've set this incorrectly um it just has to

set this incorrectly um it just has to work now so type this

work now so type this in there we go okay so there has to be

in there we go okay so there has to be something more to it so just because you

something more to it so just because you say list buckets you know like means

say list buckets you know like means there must be more to it right so if I

there must be more to it right so if I go here to this

go here to this right and I say

right and I say whoops and I say uh list buckets here

whoops and I say uh list buckets here we'll say

we'll say copy paste

okay here it's saying maybe I need get object as well so I just know from using

object as well so I just know from using it us a long time that that's the case

it us a long time that that's the case that it could be more than one thing so

that it could be more than one thing so you know that was in the back of my mind

you know that was in the back of my mind that that could be happening and I guess

that that could be happening and I guess that is but notice that didn't have to

that is but notice that didn't have to restart my uh my server boot my server

restart my uh my server boot my server to get those to work um uh but anyway

to get those to work um uh but anyway let's go lock that down and see if we

let's go lock that down and see if we can just kind of make this uh more

can just kind of make this uh more focused so let's say um all resources

focused so let's say um all resources I'm going to

I'm going to specify the

specify the condition so I might want to just say

condition so I might want to just say for particular

for particular buckets we say

buckets we say specific when you checkbox everything

specific when you checkbox everything then you have to do this so for storage

then you have to do this so for storage accounts these are fine any for object

objects that could be something we'll say multi- region access bucket any

say multi- region access bucket any bucket but what I'm going to say is I

bucket but what I'm going to say is I want to only allow them to access things

want to only allow them to access things in a particular bucket and so if I go to

in a particular bucket and so if I go to Arn

Arn here um what is our bucket

name our bucket name is policy tutorial 34141

34141 whatever right and so we can actually

whatever right and so we can actually give it a wild card or we can say

give it a wild card or we can say Enterprise

Enterprise D and we learned this in the course that

D and we learned this in the course that uh you can provide arms with

uh you can provide arms with randomize things there I don't know if I

randomize things there I don't know if I spelled it wrong over here so I should

spelled it wrong over here so I should really double check I should probably

really double check I should probably just copy

it oops I just don't want to type it wrong

oops I just don't want to type it wrong and so

and so this

this okay means that we should only be able

okay means that we should only be able to get stuff from there I'm going to

to get stuff from there I'm going to review the policy let see if it takes

review the policy let see if it takes save the

save the changes and if I just view the Json

changes and if I just view the Json here notice it says anything from here

here notice it says anything from here right so allow S3 anything as long as

right so allow S3 anything as long as it's within here and then it also broke

it's within here and then it also broke it up into sub1 4 here okay um so anyway

it up into sub1 4 here okay um so anyway what I want to see is what

what I want to see is what happens if I upload something into the

happens if I upload something into the loose area here so I'm say

loose area here so I'm say upload and I'm going to just say add a

upload and I'm going to just say add a file we're just going to grab data here

file we're just going to grab data here and upload

and upload it go back to our bucket there's our

it go back to our bucket there's our file we have that stuff in there and so

file we have that stuff in there and so if I go back over to my ec2 instance

if I go back over to my ec2 instance which I'm still connected

which I'm still connected to uh who am I okay great clear um so

to uh who am I okay great clear um so I'm going to say ads S3 LS see if that

I'm going to say ads S3 LS see if that works still it does good and so what I

works still it does good and so what I want to do is see if I can copy a file

want to do is see if I can copy a file locally so I'm going to do Abus S3

locally so I'm going to do Abus S3 copy I think it was S3 a no it's just S3

copy I think it was S3 a no it's just S3 copy POC uh S3 SL SL

copy POC uh S3 SL SL policy

policy tutorial

tutorial 34 141 whoops

34 141 whoops 34 tutorial

34 tutorial hyphen

hyphen 34141

34141 slash Enterprise

slash Enterprise D data.jpg I think it's a JPG let's go

D data.jpg I think it's a JPG let's go double check yeah it is okay and then I

double check yeah it is okay and then I just want to say data.

just want to say data. jpg it downloaded it right so I'm going

jpg it downloaded it right so I'm going to remove that one and so now what I'm

to remove that one and so now what I'm going to do is I'm just going to see if

going to do is I'm just going to see if my policy is working or maybe my

my policy is working or maybe my permissions aren't exactly what I think

permissions aren't exactly what I think they are and I was able to download it

they are and I was able to download it so

so it's these policies can get kind of

it's these policies can get kind of tricky because like this one says allow

tricky because like this one says allow all actions for these but then these say

all actions for these but then these say all actions and

all actions and so that makes it hard because I want get

object so another thing we can do and if that one doesn't work really

do and if that one doesn't work really well I'm just going to write one by hand

well I'm just going to write one by hand it's not that scary to write these by

it's not that scary to write these by hand you just get used to it so I'm

hand you just get used to it so I'm going to say effect

deny deny

action S3 get object I believe that's what it

what it is

is resource and then I'm going to specify

resource and then I'm going to specify exactly the resource I don't want it to

exactly the resource I don't want it to allow so we're going to say

allow so we're going to say AR AWS s three three

AR AWS s three three colons policy

34141 uh and just say data.jpg now if this is not valid it's going to

now if this is not valid it's going to complain and say hey you didn't write

complain and say hey you didn't write this right and it and it's fine okay

this right and it and it's fine okay so we'll save those

so we'll save those changes and so that should deny access

changes and so that should deny access to that right

to that right hopefully I got the policy

right okay so that one doesn't work which is

which is fine and that one's fine so that worked

fine and that one's fine so that worked we were able to deny that but you can

we were able to deny that but you can see there's a little bit of an art to

see there's a little bit of an art to creating these policies uh as you make

creating these policies uh as you make more of them it becomes a lot easier so

more of them it becomes a lot easier so hopefully it's not too scary but uh

hopefully it's not too scary but uh that's all there really is uh to it that

that's all there really is uh to it that I want to show you today so what we're

I want to show you today so what we're going to do is clear out this bucket

going to do is clear out this bucket we're done with this bucket here so

we're done with this bucket here so we'll say delete whoops we got to empty

we'll say delete whoops we got to empty it first

and we'll just say permanently delete here okay and we will exit that out

here okay and we will exit that out we're going to go ahead and delete that

bucket grab its name here and uh we'll go back over

here and uh we'll go back over here I think I forgot to delete this

here I think I forgot to delete this Bucket from earlier I'm just going to

Bucket from earlier I'm just going to delete that because I don't need that

delete that because I don't need that bucket so that's okay with you just

bucket so that's okay with you just going to go ahead and delete that

going to go ahead and delete that and we have that ec2 instance running so

and we have that ec2 instance running so we want to stop

that go ahead and we're going to terminate that yes

terminate that yes please and then we'll go to IM and do

please and then we'll go to IM and do some

cleanup I have some custom roles I've been creating um you know from prior

been creating um you know from prior things a lot of those usually there's a

things a lot of those usually there's a way to uh We've redesigned it okay

way to uh We've redesigned it okay where's the redesign this is the

where's the redesign this is the redesign that can't be it because

redesign that can't be it because there'll be like rolls that ads makes I

there'll be like rolls that ads makes I think these are all rolls that I've

made um I don't want to delete service rolls but I want to get rid of some of

rolls but I want to get rid of some of these because I just have too many you

these because I just have too many you know it's getting out of hand for me and

know it's getting out of hand for me and I'm going to just see if it will let

I'm going to just see if it will let me

there we go just clean up a bit I still have a lot here but there's like service

have a lot here but there's like service roles that OS creates once and you

roles that OS creates once and you really don't want to delete those

really don't want to delete those because you

because you don't um and then I have a bunch of

don't um and then I have a bunch of these like I'm never going to use these

these like I'm never going to use these so I might as well detach them delete

detach you really don't want to keep like rolls that you're never going to

like rolls that you're never going to use

use around things like that like gauze we're

around things like that like gauze we're going to be using that

going to be using that again

created anyway you get the idea so uh yeah that's uh that's I am

yeah that's uh that's I am [Music]

[Music] okay principle of least privilege PP is

okay principle of least privilege PP is the computer computer security concept

the computer computer security concept of providing a user role or application

of providing a user role or application the least amount of permissions to

the least amount of permissions to perform an operation or an action and

perform an operation or an action and the way we can look at it is that we

the way we can look at it is that we have just enough AIS so Jaa permitting

have just enough AIS so Jaa permitting only the exact actions for the identity

only the exact actions for the identity perform a task and then we have just in

perform a task and then we have just in time jit permitting the smallest length

time jit permitting the smallest length of duration an identity can use

of duration an identity can use permission so usually when we're talking

permission so usually when we're talking about PLP it's usually a focus on here U

about PLP it's usually a focus on here U but now these days uh there's a larger

but now these days uh there's a larger focus on jit as well and so J is the

focus on jit as well and so J is the difference between having longlived um

difference between having longlived um uh permissions or access Keys versus

uh permissions or access Keys versus short-lived ones and the most

short-lived ones and the most Progressive thing in PP is now

Progressive thing in PP is now risk-based adaptive policies so each

risk-based adaptive policies so each attempt to access a resource generates a

attempt to access a resource generates a risk score of How likely the request is

risk score of How likely the request is to be from a compromized source so the

to be from a compromized source so the risk score could be based on many

risk score could be based on many factors such as device user location IP

factors such as device user location IP address what service is being accessed

address what service is being accessed and when did they use MFA did they use

and when did they use MFA did they use Biometrics things like that and right

Biometrics things like that and right now as of this time itus does not have a

now as of this time itus does not have a risk-based adaptive policies built into

risk-based adaptive policies built into I am you can roll your own um what's

I am you can roll your own um what's interesting is Cognito has risk-based

interesting is Cognito has risk-based adaptive policies they call like um

adaptive policies they call like um adaptive authentication but that's for

adaptive authentication but that's for user pools and not identity pools user

user pools and not identity pools user pools is for getting access to an app uh

pools is for getting access to an app uh that you have built through an ipd where

that you have built through an ipd where identity pools in cognito is about

identity pools in cognito is about getting access to aabus resources so uh

getting access to aabus resources so uh you know I'm sure abos will get it

you know I'm sure abos will get it eventually but they just don't have it

eventually but they just don't have it right now and you have to rely on third

right now and you have to rely on third part party um identity Solutions uh to

part party um identity Solutions uh to get risk-based adaptive policies now

get risk-based adaptive policies now talking about just enough access and

talking about just enough access and just in time just in time is like you

just in time just in time is like you think how would you do that with the ads

think how would you do that with the ads you just add and remove permissions

you just add and remove permissions manually well one thing you could do is

manually well one thing you could do is use something like console me so this is

use something like console me so this is an open- Source Netflix project to self-

an open- Source Netflix project to self- serve short-lived IM policies so an end

serve short-lived IM policies so an end user can access ad resources while

user can access ad resources while enforcing Jaa and jit and so there's a

enforcing Jaa and jit and so there's a repo there as well um the idea is they

repo there as well um the idea is they have like this self- sered wizard so you

have like this self- sered wizard so you say I want these things and then the

say I want these things and then the machine decides okay you can have them

machine decides okay you can have them or you you don't need them and it just

or you you don't need them and it just freezes you up asking people and

freezes you up asking people and worrying about the length and stuff like

worrying about the length and stuff like that

that [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at the

Pro and we are taking a look at the idibus root user uh and this gets

idibus root user uh and this gets confusing because there's an account

confusing because there's an account root user and regular user so let's

root user and regular user so let's distinguish what those three things are

distinguish what those three things are so here we have an adus account and the

so here we have an adus account and the account which holds all the adus

account which holds all the adus resources including the different types

resources including the different types of user

of user then you have the root user this is a

then you have the root user this is a special account with full access that

special account with full access that cannot be deleted and then you have just

cannot be deleted and then you have just a user and this is a user for common

a user and this is a user for common tasks that is assigned permissions so

tasks that is assigned permissions so just understand that sometimes people

just understand that sometimes people say it was account they're actually

say it was account they're actually referring to the user and sometimes when

referring to the user and sometimes when they're saying account they're actually

they're saying account they're actually referring to the AES account that holds

referring to the AES account that holds the users I know it's confusing it just

the users I know it's confusing it just it's based on what people decide the

it's based on what people decide the context is when they're speaking so the

context is when they're speaking so the ads account user is a special user who's

ads account user is a special user who's created at the time of the ABS account

created at the time of the ABS account creation

creation and they can do uh they have a lot of

and they can do uh they have a lot of conditions around them so the re user

conditions around them so the re user account uses an email and password to

account uses an email and password to log in as opposed to the regular user

who's going to provide their account ID Alias username and password the root

Alias username and password the root user account cannot be deleted the root

user account cannot be deleted the root user account has full permissions to the

user account has full permissions to the account and its permissions and cannot

account and its permissions and cannot be limited and when we say it cannot be

be limited and when we say it cannot be limited we're saying that if you take an

limited we're saying that if you take an IM am policy to explicitly deny the user

IM am policy to explicitly deny the user access resources it's not something you

access resources it's not something you can do however you can do it in the case

can do however you can do it in the case of adab organizations service control

of adab organizations service control policies because a service control

policies because a service control policy applies to a bunch of accounts so

policy applies to a bunch of accounts so it just it's one level above and so that

it just it's one level above and so that is a way of limiting root users but

is a way of limiting root users but generally you can't limit them within

generally you can't limit them within their own account uh there can only be

their own account uh there can only be one root user uh per ad of us account

one root user uh per ad of us account the root user is instead for very spe

the root user is instead for very spe specific and specialized tasks that are

specific and specialized tasks that are infrequently or rarely performed and

infrequently or rarely performed and there's a big list and we'll get into

there's a big list and we'll get into that here in a moment and the root uh

that here in a moment and the root uh account should uh not be used for daily

account should uh not be used for daily or common tasks it's strong strongly

or common tasks it's strong strongly recommended to to never use the root

recommended to to never use the root users access keys because you can

users access keys because you can generate those and use them it's

generate those and use them it's strongly recommended to turn on MFA for

strongly recommended to turn on MFA for the root user and AD us will bug you to

the root user and AD us will bug you to no ends to tell you to turn it on so

no ends to tell you to turn it on so let's talk about the uh tasks that you

let's talk about the uh tasks that you should be performing with a root user

should be performing with a root user and only the root user can perform so

and only the root user can perform so changing your account settings this

changing your account settings this includes account name email address root

includes account name email address root user password root user access Keys

user password root user access Keys other account settings such as contact

other account settings such as contact information payment currency preference

information payment currency preference regions do not require the root user

regions do not require the root user credentials so not everything um restore

credentials so not everything um restore IM user permissions so if there's an i

IM user permissions so if there's an i IM admin so it's just a user that has

IM admin so it's just a user that has admin access who actually revokes their

admin access who actually revokes their own permissions you can sign into the

own permissions you can sign into the root user to edit policies and restore

root user to edit policies and restore those permissions um so you can also

those permissions um so you can also activate IM access to the billing and

activate IM access to the billing and cost Management console you can view

cost Management console you can view certain tax invoices you can close your

certain tax invoices you can close your ads account you can change or cancel

ads account you can change or cancel your adus support plan register as a

your adus support plan register as a seller in the reserved instance

seller in the reserved instance Marketplace enable MFA delete on S3

Marketplace enable MFA delete on S3 buckets edit or delete an Amazon S3

buckets edit or delete an Amazon S3 bucket policy that includes an invalid

bucket policy that includes an invalid VPC ID or VPC endpoint ID sign up for

VPC ID or VPC endpoint ID sign up for govcloud and something that's not in

govcloud and something that's not in here which this I took this from the

here which this I took this from the documentation but uh you can use the

documentation but uh you can use the adus uh account user to create the

adus uh account user to create the organization you can't create that with

organization you can't create that with any other user so um you know the ones I

any other user so um you know the ones I highlighted in red are very likely to

highlighted in red are very likely to show up your exam and that's uh why I

show up your exam and that's uh why I highlighted them there for you but there

highlighted them there for you but there you go

[Music] hey this is Andre Brown from exam Pro

hey this is Andre Brown from exam Pro and we are taking a look at adus single

and we are taking a look at adus single sign on also known as adus SSO and so

sign on also known as adus SSO and so this is where you create or connect your

this is where you create or connect your Workforce identities in adabs once and

Workforce identities in adabs once and manage access centrally across your adus

manage access centrally across your adus organization so the idea here is you're

organization so the idea here is you're going to choose your identity Source

going to choose your identity Source whether it's it SSO itself active

whether it's it SSO itself active directory samle 2.0 IDP you're going to

directory samle 2.0 IDP you're going to M manage user permission centrally to

M manage user permission centrally to ads accounts applications samle

ads accounts applications samle application

application and it uses it can you get single click

and it uses it can you get single click access to all these things so you know

access to all these things so you know just to kind of zoom in on this graphic

just to kind of zoom in on this graphic here uh you know you have your on

here uh you know you have your on premise active directory it's

premise active directory it's establishing a ad trust connection over

establishing a ad trust connection over to Able single sign on you're going to

to Able single sign on you're going to be able to apply permissions to access

be able to apply permissions to access resources within your adus account so

resources within your adus account so via adus organizations in your

via adus organizations in your organizational units down to your

organizational units down to your resources you can also use ads SSO to

resources you can also use ads SSO to access custom samle based application so

access custom samle based application so you know if I built a web app and I uh

you know if I built a web app and I uh like the exam Pro platform and I wanted

like the exam Pro platform and I wanted to use sample based uh connections for

to use sample based uh connections for single sign on there I could do that as

single sign on there I could do that as well and you can connect out SSO access

well and you can connect out SSO access to your business Cloud application so

to your business Cloud application so Office 365 Dropbox slack things like

Office 365 Dropbox slack things like that so there you

that so there you [Music]

[Music] go let's take a look here at application

go let's take a look here at application integration so this is the process of

integration so this is the process of letting to Independent applications to

letting to Independent applications to community Comm unicate and work with

community Comm unicate and work with each other commonly facilitated by an

each other commonly facilitated by an intermediate system so Cloud workloads

intermediate system so Cloud workloads uh strongly encourage systems and

uh strongly encourage systems and services to be Loosely coupled and so

services to be Loosely coupled and so inabus has many services for the

inabus has many services for the specific purpose of application

specific purpose of application integration and these are based around

integration and these are based around common systems or design patterns that

common systems or design patterns that utilize application integration and this

utilize application integration and this would be things like queuing streaming

would be things like queuing streaming Pub sub API gateways State machines

Pub sub API gateways State machines event buses and I'm sure there are more

event buses and I'm sure there are more but that's what I could uh think about

but that's what I could uh think about that are the most common ones

that are the most common ones [Music]

[Music] okay so to understand queuing we need to

okay so to understand queuing we need to know what is a messaging system so this

know what is a messaging system so this is used to provide asynchronous

is used to provide asynchronous communication and decouple processes via

communication and decouple processes via messages and events from a sender

messages and events from a sender receiver or a producer and a consumer so

receiver or a producer and a consumer so a queing system is a messaging system

a queing system is a messaging system that generally will delete messages once

that generally will delete messages once they are consumed it's for simple

they are consumed it's for simple communication it's not real time you

communication it's not real time you have to pull the data it's not reactive

have to pull the data it's not reactive and uh a good analogy would be imagine

and uh a good analogy would be imagine people that are queuing in a line to go

people that are queuing in a line to go do something so fre TOS it's called

do something so fre TOS it's called Simple queuing service sqs it's a fully

Simple queuing service sqs it's a fully managed queuing service that enables you

managed queuing service that enables you to decouple and scale microservices

to decouple and scale microservices distributed systems and serverless

distributed systems and serverless applications so a very common use case

applications so a very common use case in a web application would be to queue

in a web application would be to queue up transactional emails uh to be sent

up transactional emails uh to be sent like sign up reset password and the

like sign up reset password and the reason why we have queing to decouple uh

reason why we have queing to decouple uh those kind of actions is that if you had

those kind of actions is that if you had a long running task um and you had too

a long running task um and you had too many of them it could hang your

many of them it could hang your applications so by decoupling them and

applications so by decoupling them and letting a separate compute uh service

letting a separate compute uh service take care of that um that would be

take care of that um that would be something that would be very useful

something that would be very useful [Music]

[Music] okay let's take a look here at streaming

okay let's take a look here at streaming and so this is a different kind of

and so this is a different kind of messaging system um but the idea here is

messaging system um but the idea here is you have multiple cons consumers that

you have multiple cons consumers that can react to events and so in streaming

can react to events and so in streaming we call messages events and then in a

we call messages events and then in a queing system we just call them messages

queing system we just call them messages but events live in the Stream for long

but events live in the Stream for long periods of time so complex operations

periods of time so complex operations can be applied and generally streaming

can be applied and generally streaming is used for Real Time stuff whereas

is used for Real Time stuff whereas queuing is not necessarily real time and

queuing is not necessarily real time and so ad's solution here is Amazon Kinesis

so ad's solution here is Amazon Kinesis you could also use Kafka but we'll focus

you could also use Kafka but we'll focus on Kinesis here so Amazon Kinesis is the

on Kinesis here so Amazon Kinesis is the adist fully managed solution for

adist fully managed solution for collecting processing and analyzing

collecting processing and analyzing streaming data in the cloud so the idea

streaming data in the cloud so the idea is that you have these producers so that

is that you have these producers so that are producing events could be ec2

are producing events could be ec2 instances mobile devices could be a

instances mobile devices could be a computer or traditional server they're

computer or traditional server they're going to go into the data stream there's

going to go into the data stream there's a bunch of shards that scale and there's

a bunch of shards that scale and there's consumers on the other side so maybe red

consumers on the other side so maybe red shift wants that data Dynamo DB S3 or

shift wants that data Dynamo DB S3 or EMR okay but the thing you have to

EMR okay but the thing you have to remember is that streaming Is For Real

remember is that streaming Is For Real Time data and as you can imagine because

Time data and as you can imagine because it's real time and it's doing a lot more

it's real time and it's doing a lot more work than um a queuing system it's going

work than um a queuing system it's going to cost more okay

so we have another type of messaging system known as pubsub so this stands

system known as pubsub so this stands for publish subscribe pattern commonly

for publish subscribe pattern commonly implemented in messaging systems and a

implemented in messaging systems and a pub sub system the sender of messages

pub sub system the sender of messages the Publishers do not send their message

the Publishers do not send their message directly to receivers they instead send

directly to receivers they instead send their messages to an event bus the event

their messages to an event bus the event bus categorizes their messages into

bus categorizes their messages into groups then receivers of messages

groups then receivers of messages subscribers subscribe to these groups

subscribers subscribe to these groups whenever new messages appear within

whenever new messages appear within their subscriptions the messages are

their subscriptions the messages are immediately delivered to them so the

immediately delivered to them so the idea is you have Publishers event bus

idea is you have Publishers event bus subscribers and event buses appear more

subscribers and event buses appear more than once so it actually appears in

than once so it actually appears in streaming appears in this Pub sub model

streaming appears in this Pub sub model and then it can appear in other

and then it can appear in other variations so you're going to hear it

variations so you're going to hear it more than once the word event bus um so

more than once the word event bus um so the idea here is the publisher has no

the idea here is the publisher has no knowledge of who the subscribers are

knowledge of who the subscribers are subscribers do not pull for messages

subscribers do not pull for messages messages are instead automatically

messages are instead automatically immediately pushed to the subscribers

immediately pushed to the subscribers and messages and events are

and messages and events are interchangeable terms in Pub sub all

interchangeable terms in Pub sub all right and so you know the idea here with

right and so you know the idea here with Publisher subscribers just imagine

Publisher subscribers just imagine getting like a um a magazine

getting like a um a magazine subscription right if you think of that

subscription right if you think of that you kind of think of the mechanisms that

you kind of think of the mechanisms that are going here in terms of practicality

are going here in terms of practicality it's very common to use these as a

it's very common to use these as a real-time chat system or a web hook

real-time chat system or a web hook system so you know hopefully that gives

system so you know hopefully that gives you an idea there in terms of aws's

you an idea there in terms of aws's solution we're using simple notification

solution we're using simple notification service SNS this is a highly available

service SNS this is a highly available durable secure fully managed Pub sub

durable secure fully managed Pub sub messaging service that enables you to

messaging service that enables you to decouple micros Services distributed

decouple micros Services distributed systems and serverless applications so

systems and serverless applications so here we have a variety of Publishers

here we have a variety of Publishers like the SDK the CLI cloudwatch a with

like the SDK the CLI cloudwatch a with Services you'll have your SNS topic you

Services you'll have your SNS topic you can uh filter things fan them out and

can uh filter things fan them out and then you have your subscribers so Lambda

then you have your subscribers so Lambda sqs emails HPS looks very similar to

sqs emails HPS looks very similar to streaming but again you know um you know

streaming but again you know um you know there's not a lot of communication going

there's not a lot of communication going back between it it's just Publishers and

back between it it's just Publishers and subscribers and it's limited to you know

subscribers and it's limited to you know these things here so it's a very managed

these things here so it's a very managed service right whereas uh Kinesis you can

service right whereas uh Kinesis you can do a lot more with it

do a lot more with it [Music]

[Music] okay so what is API Gateway well it is a

okay so what is API Gateway well it is a program that sits between a single entry

program that sits between a single entry point and a and multiple backends API

point and a and multiple backends API Gateway allows for throttling logging

Gateway allows for throttling logging routing logic or formatting of the

routing logic or formatting of the requests and response when we say

requests and response when we say request and response we're talking about

request and response we're talking about https uh requests and responses and so

https uh requests and responses and so the service for ads is called Amazon API

the service for ads is called Amazon API Gateway so API Gateway is just a type of

Gateway so API Gateway is just a type of pattern and this is the few cases where

pattern and this is the few cases where ADS has named the thing after what it is

ADS has named the thing after what it is and so we have Amazon API Gateway which

and so we have Amazon API Gateway which is a solution for creating secure apis

is a solution for creating secure apis in your Cloud environment at any scale

in your Cloud environment at any scale create apis that act as a front door for

create apis that act as a front door for applications to Access Data Business

applications to Access Data Business logic or functionality from backend

logic or functionality from backend services so the idea is that you have

services so the idea is that you have data coming in from uh mobile apps web

data coming in from uh mobile apps web apps iot devices and you Define the API

apps iot devices and you Define the API calls and then you say where do you want

calls and then you say where do you want them to go so maybe tasks are going to

them to go so maybe tasks are going to go to your lambdas um and then other

go to your lambdas um and then other routes are going to go to RDS Kinesis

routes are going to go to RDS Kinesis ec2 uh or your web application and so

ec2 uh or your web application and so these are really great for having um

these are really great for having um this uh being able to Define your API

this uh being able to Define your API routes and change them on the Fly and

routes and change them on the Fly and then and always route them to the same

then and always route them to the same place

place [Music]

[Music] okay so what is a state machine it is an

okay so what is a state machine it is an abstract model which decides how one

abstract model which decides how one state moves to another based on a series

state moves to another based on a series ofad conditions think of a state machine

ofad conditions think of a state machine like a flowchart and for AWS the

like a flowchart and for AWS the solution here is adus Step function so

solution here is adus Step function so coordinate multiple adus Services into a

coordinate multiple adus Services into a serverless workflow a graphical console

serverless workflow a graphical console to visualize the components of your

to visualize the components of your application as a series of steps

application as a series of steps automatically trigger and track each

automatically trigger and track each step and retries when there are errors

step and retries when there are errors so your application executes in order as

so your application executes in order as expected every time logs the state of

expected every time logs the state of each step so when things go wrong you

each step so when things go wrong you can diagnose and debug problems quickly

can diagnose and debug problems quickly and so here's the example of using a

and so here's the example of using a bunch of um uh steps together on the uh

bunch of um uh steps together on the uh the adus step functions service and so

the adus step functions service and so you know this is generally applied for

you know this is generally applied for servess workflows but it is something

servess workflows but it is something that is very useful in application

that is very useful in application integration

integration [Music]

[Music] okay so what is an event bus an event

okay so what is an event bus an event bus receives events from a source and

bus receives events from a source and routes events to a Target based on rules

routes events to a Target based on rules so I'll get my pen tool out here so we

so I'll get my pen tool out here so we have an event it enters the event bus we

have an event it enters the event bus we have a rules tell it to go to the Target

have a rules tell it to go to the Target it's that simple and we have been seeing

it's that simple and we have been seeing event buses in other things like uh

event buses in other things like uh streaming and uh Pub sub but adus has

streaming and uh Pub sub but adus has this kind of event bus offering uh that

this kind of event bus offering uh that is kind of uh high level it's called

is kind of uh high level it's called event bridge and it's a service event

event bridge and it's a service event bus service that is used for application

bus service that is used for application integration by streaming realtime data

integration by streaming realtime data to your applications the service was

to your applications the service was formerly known as event Amazon

formerly known as event Amazon cloudwatch events they gave give it a

cloudwatch events they gave give it a renaming to give it a a better um

renaming to give it a a better um opportunity for users to know that it's

opportunity for users to know that it's there to use uh and they also extended

there to use uh and they also extended its

its capabilities and so the thing is is that

capabilities and so the thing is is that a lot of AD services are always

a lot of AD services are always admitting events and they're already

admitting events and they're already going into this bus and so if you

going into this bus and so if you utilize this service um it's a lot

utilize this service um it's a lot easier than having to roll your own

easier than having to roll your own thing uh with other services so Amazon

thing uh with other services so Amazon event bridge will just Define an event

event bridge will just Define an event bus so there is an event bus holds event

bus so there is an event bus holds event data defines the rules on event bus to

data defines the rules on event bus to react to events you always get a default

react to events you always get a default event for every single adus account you

event for every single adus account you can create custom event buses scope to

can create custom event buses scope to multiple accounts or other adus accounts

multiple accounts or other adus accounts you have a SAS event bus scope to

you have a SAS event bus scope to thirdparty SAS providers you have

thirdparty SAS providers you have producers these are ad services that

producers these are ad services that emit events you have events these are

emit events you have events these are data emitted by Services they're jent

data emitted by Services they're jent objects that uh travel the stream within

objects that uh travel the stream within the event bus you have partnered sources

the event bus you have partnered sources these are third-party apps that can emit

these are third-party apps that can emit events to event buses you have rules

events to event buses you have rules these determine what events to capture

these determine what events to capture and pass to targets and then targets

and pass to targets and then targets which are a services that consume events

which are a services that consume events so yeah it's all just this great

so yeah it's all just this great built-in um uh uh stuff that's going on

built-in um uh uh stuff that's going on here and so you know there there might

here and so you know there there might be a case where you can use event bridge

be a case where you can use event bridge and save your time uh a lot of time and

and save your time uh a lot of time and effort uh doing application integration

effort uh doing application integration [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at

Pro and we are taking a look at application integration services at a

application integration services at a glance here so let's get through them so

glance here so let's get through them so the first is simple notification service

the first is simple notification service SNS this is a pub sub messaging system

SNS this is a pub sub messaging system sends notific ation via various formats

sends notific ation via various formats such as plain text email htps web hooks

such as plain text email htps web hooks SMS text messages sqs and Lambda pushes

SMS text messages sqs and Lambda pushes messages which are then sent to

messages which are then sent to subscribers you have sqs this is a

subscribers you have sqs this is a queuing messaging system or service that

queuing messaging system or service that sends events to a queue other

sends events to a queue other applications pull the queue for messages

applications pull the queue for messages commonly used for background jobs we

commonly used for background jobs we have step functions this is a state

have step functions this is a state machine service it is it coordinates

machine service it is it coordinates multiple a Services into a servess

multiple a Services into a servess workflow easily share data among lambdas

workflow easily share data among lambdas have a group of lambdas wait for each

have a group of lambdas wait for each other create logical steps also works

other create logical steps also works with fargate tasks we have a rent Bridge

with fargate tasks we have a rent Bridge formerly known as cloudwatch events it

formerly known as cloudwatch events it is a service event bus that makes it

is a service event bus that makes it easy to connect applications together

easy to connect applications together from your own application thirdparty

from your own application thirdparty services and adus services then there's

services and adus services then there's Kinesis a real-time streaming data

Kinesis a real-time streaming data service creates producers which send

service creates producers which send data to a stream multiple consumers can

data to a stream multiple consumers can consume data within a stream used for

consume data within a stream used for realtime analytics click streams

realtime analytics click streams ingesting data from a fleet of iot

ingesting data from a fleet of iot devices you have Amazon mq this is is a

devices you have Amazon mq this is is a manage message broker service that uses

manage message broker service that uses Apachi active mq so if you want to use

Apachi active mq so if you want to use Apachi active mq there it is manage

Apachi active mq there it is manage kofka service and this gets me every

kofka service and this gets me every time because it says

time because it says msk and that is the proper

msk and that is the proper initialization but you'd think it'd be

initialization but you'd think it'd be MKS it is a fully managed Apachi Kafka

MKS it is a fully managed Apachi Kafka service kofka is an open source platform

service kofka is an open source platform for building realtime streaming data

for building realtime streaming data pipelines and applications similar to

pipelines and applications similar to Kinesis but more robust very popular by

Kinesis but more robust very popular by the way we have API Gateway a fully

the way we have API Gateway a fully managed service for developers to create

managed service for developers to create publish maintain Monitor and secure apis

publish maintain Monitor and secure apis you can create API endpoints and wrote

you can create API endpoints and wrote them to ad Services we have appsync this

them to ad Services we have appsync this is a fully managed graphql service

is a fully managed graphql service graphql is an open- Source agnostic

graphql is an open- Source agnostic query adapter that allows you to query

query adapter that allows you to query data from many different data sources so

data from many different data sources so there you

there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are comparing virtual

Pro and we are comparing virtual machines to Containers so I know we

machines to Containers so I know we covered this prior but I just want to do

covered this prior but I just want to do it one more time just to make sure that

it one more time just to make sure that we fundamentally understand the

we fundamentally understand the difference before we jump into

difference before we jump into containers so the idea is that if you

containers so the idea is that if you were to request an ec2 instance it has a

were to request an ec2 instance it has a host operating system that we don't

host operating system that we don't really know much about but we don't

really know much about but we don't really need to know uh and then the idea

really need to know uh and then the idea is you have a hypervisor which allows

is you have a hypervisor which allows you to deploy virtual

you to deploy virtual machines and so when you launch an ec2

machines and so when you launch an ec2 instance you're actually launching a VM

instance you're actually launching a VM on top of a hypervisor on a server uh

on top of a hypervisor on a server uh with on uh within the adabs uh data

with on uh within the adabs uh data centers servers there and you're going

centers servers there and you're going to choose an operating system so like

to choose an operating system so like fun to and it might come with some

fun to and it might come with some pre-installed packages or you're going

pre-installed packages or you're going to install your own libraries packages

to install your own libraries packages and binaries and then you're going to

and binaries and then you're going to decide what kind of workloads you want

decide what kind of workloads you want to run on there so it could be D Jango

to run on there so it could be D Jango uh mongodb so your database and some

uh mongodb so your database and some kind of queuing system like rabbit mq

kind of queuing system like rabbit mq the difficulties with virtual machines

the difficulties with virtual machines you're always going to end up with some

you're always going to end up with some unused space because you're going to

unused space because you're going to want to have some Headroom uh to make

want to have some Headroom uh to make sure that uh you know if you know Dango

sure that uh you know if you know Dango needs more memory or or mongod DB needs

needs more memory or or mongod DB needs more storage that you have that room

more storage that you have that room that you can grow into

that you can grow into but the idea is that you're always

but the idea is that you're always paying for that even when you're not

paying for that even when you're not utilizing it and so you know that can be

utilizing it and so you know that can be uh not as cost effective as you'd like

uh not as cost effective as you'd like it to be so when we're looking at um

it to be so when we're looking at um doing this again and we are using

doing this again and we are using containers um instead of the hypervisor

containers um instead of the hypervisor we have container virtualization a very

we have container virtualization a very common one would be called Docker Damon

common one would be called Docker Damon for Docker of course and so now you're

for Docker of course and so now you're launching containers and so maybe you

launching containers and so maybe you have Alpine and this is for your web app

have Alpine and this is for your web app and then you install exactly the

and then you install exactly the libraries packages and binaries you need

libraries packages and binaries you need for that and then for mongodb you want

for that and then for mongodb you want to have a different OS different

to have a different OS different packages and same thing with Rabbid mq

packages and same thing with Rabbid mq maybe you want to run it on FreeBSD and

maybe you want to run it on FreeBSD and the idea is that uh you know you're not

the idea is that uh you know you're not going to have this waste because it it's

going to have this waste because it it's kind of changed in the sense that these

kind of changed in the sense that these containers are flexible so they can

containers are flexible so they can expand or decrease based on the the use

expand or decrease based on the the use case of what they need uh and you know

case of what they need uh and you know if you use particular services like it

if you use particular services like it fargate you know you're paying like for

fargate you know you're paying like for running the containers not necessarily

running the containers not necessarily uh for over provisioning okay so VMS do

uh for over provisioning okay so VMS do not make best use of space apps are not

not make best use of space apps are not isolated which could cause config

isolated which could cause config conflict security problems or resource

conflict security problems or resource hogging containers allow you to run

hogging containers allow you to run multiple apps which are virtually

multiple apps which are virtually isolated from each other launch new

isolated from each other launch new containers configure OS uh dependencies

containers configure OS uh dependencies per container

per container [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at the

Pro and we are taking a look at the concept of microservices and to

concept of microservices and to understand microservices we first need

understand microservices we first need to understand monoliths or monolithic

to understand monoliths or monolithic architecture and the idea here is that

architecture and the idea here is that we have one app which is responsible for

we have one app which is responsible for everything and the functionality is

everything and the functionality is tightly coupled so I'm going to get my

tightly coupled so I'm going to get my pen tool out here and just to highlight

pen tool out here and just to highlight notice that there is a server and

notice that there is a server and everything is running on a single server

everything is running on a single server whether it's load balancing caching the

whether it's load balancing caching the database um maybe the marketing website

database um maybe the marketing website the front-end JavaScript framework the

the front-end JavaScript framework the back end with its API uh the uh

back end with its API uh the uh om connected to background tasks things

om connected to background tasks things like that and that's the idea of a

like that and that's the idea of a monolith and that's what um a lot of

monolith and that's what um a lot of people are used to doing but the idea

people are used to doing but the idea with microservice architecture is that

with microservice architecture is that you have multiple apps which are

you have multiple apps which are responsible for one uh one thing and the

responsible for one uh one thing and the functionality is isolate and stateless

functionality is isolate and stateless and so just by uh leveraging um various

and so just by uh leveraging um various cloud services or bolting it onto your

cloud services or bolting it onto your service um you know you are technically

service um you know you are technically using microservice architecture so maybe

using microservice architecture so maybe your web app is all hosted um in

your web app is all hosted um in containers so you have your apis your or

containers so you have your apis your or your orm your reports maybe you've

your orm your reports maybe you've abstracted out some particular functions

abstracted out some particular functions into Lambda functions you have your um

into Lambda functions you have your um marketing website hosted on S3 you have

marketing website hosted on S3 you have your frontend JavaScript hosted on S3

your frontend JavaScript hosted on S3 You're Now using elastic load balancer

You're Now using elastic load balancer uh elastic cache

uh elastic cache RDS sqs and that's the idea between

RDS sqs and that's the idea between monoliths and microservices

monoliths and microservices [Music]

[Music] okay let's take a look here at

okay let's take a look here at kubernetes which is an open-source

kubernetes which is an open-source container orchestration system for

container orchestration system for automating deployment scaling and

automating deployment scaling and management of containers it was

management of containers it was originally created by Google and now

originally created by Google and now maintained by the cloud native Computing

maintained by the cloud native Computing foundation so the

foundation so the cncf kubernetes is commonly called K8

cncf kubernetes is commonly called K8 the8 represents the remaining letters

the8 represents the remaining letters for kuti which is odd because everyone

for kuti which is odd because everyone calls it kubernetes with the S on there

calls it kubernetes with the S on there but that's just what it is the advantage

but that's just what it is the advantage of kubernetes over Docker is the ability

of kubernetes over Docker is the ability to run containers distributed across

to run containers distributed across multiple VMS a unique component of

multiple VMS a unique component of kubernetes are pods a pod is a group of

kubernetes are pods a pod is a group of one or more containers with with shared

one or more containers with with shared storage network resources and other

storage network resources and other shared settings so here is kind of an

shared settings so here is kind of an example where you have your kubernetes

example where you have your kubernetes master it has a schedule controller etcd

master it has a schedule controller etcd you might be using it uses an API server

you might be using it uses an API server to run nodes within the nodes we have

to run nodes within the nodes we have pods and within the pods we have

pods and within the pods we have containers kubernetes is ideally for

containers kubernetes is ideally for microservice architectures where company

microservice architectures where company has tens to hundreds of services they

has tens to hundreds of services they need to manage I need to really

need to manage I need to really emphasize that tens to hundreds of

emphasize that tens to hundreds of services all right so you know crimin is

services all right so you know crimin is great but just understand that it is

great but just understand that it is really designed uh to be used for

really designed uh to be used for massive amounts of microservices if you

massive amounts of microservices if you don't have that need you might want to

don't have that need you might want to look at something just easier to use

look at something just easier to use [Music]

[Music] okay all right let's take a look here at

okay all right let's take a look here at Docker which is a set of platforms of

Docker which is a set of platforms of service products that use OS level

service products that use OS level virtualization to deliver software in

virtualization to deliver software in packages called containers so Docker was

packages called containers so Docker was the earliest popularized open source

the earliest popularized open source container platform meaning there's lots

container platform meaning there's lots of tutorials there's a lot of services

of tutorials there's a lot of services that uh integrate with Docker or make it

that uh integrate with Docker or make it really easy to use and so when people

really easy to use and so when people think of containers they generally think

think of containers they generally think of Docker there's of course a lot more

of Docker there's of course a lot more options out there than Docker to run

options out there than Docker to run containers but this is what people think

containers but this is what people think of and so we said it's a suite of tools

of and so we said it's a suite of tools so the idea is you have this Docker CLI

so the idea is you have this Docker CLI so these are CLI commands to download

so these are CLI commands to download upload build run and debug containers a

upload build run and debug containers a Docker file a configuration file on how

Docker file a configuration file on how to provision a container Docker compose

to provision a container Docker compose uh which is a tool and configuration

uh which is a tool and configuration file when working with multiple

file when working with multiple containers Docker swarm an orchestration

containers Docker swarm an orchestration tool for managing deployed

tool for managing deployed multicontainer architectures Docker Hub

multicontainer architectures Docker Hub a public online repository for

a public online repository for containers published by the community

containers published by the community for download and one really interesting

for download and one really interesting thing uh that came out of Docker was the

thing uh that came out of Docker was the open container initiative oci which is

open container initiative oci which is an open government structure for

an open government structure for creating open industry standards around

creating open industry standards around container formats and runtimes so Docker

container formats and runtimes so Docker established the OC oci and it is now

established the OC oci and it is now maintained by the Linux foundation and

maintained by the Linux foundation and so the idea is that you can write a

so the idea is that you can write a Docker file or or do things very

Docker file or or do things very similarly and use different types of um

similarly and use different types of um technologies that can use containers as

technologies that can use containers as long as they're oci compatible you can

long as they're oci compatible you can use them so Docker has been losing favor

use them so Docker has been losing favor with developers due to their handling of

with developers due to their handling of introducing a paid open source model and

introducing a paid open source model and Alternatives like podman are growing and

Alternatives like podman are growing and that's why we're going to talk about

that's why we're going to talk about podman next

podman next [Music]

[Music] okay so let's take a quick look here at

okay so let's take a quick look here at podman which is a container engine that

podman which is a container engine that is oci compliant and is a drop in

is oci compliant and is a drop in replacement for Docker I just just want

replacement for Docker I just just want to get you exposure here because I want

to get you exposure here because I want you to know about this um and that you

you to know about this um and that you can uh use it as opposed to using Docker

can uh use it as opposed to using Docker um there are a few differences or

um there are a few differences or advantages that podman has so podman is

advantages that podman has so podman is Damon list where Docker uses a container

Damon list where Docker uses a container D Damon podman allows you to create pods

D Damon podman allows you to create pods like KU brunetes where Docker does not

like KU brunetes where Docker does not have pods podman only replaces one part

have pods podman only replaces one part of Docker podman is is to be used

of Docker podman is is to be used alongside builda and uh scopio so you

alongside builda and uh scopio so you know Docker is an all-in-one kind of

know Docker is an all-in-one kind of tool uh everything is done via single

tool uh everything is done via single CLI and everything is there but you know

CLI and everything is there but you know they just wanted to make it more module

they just wanted to make it more module and so uh these other tools anytime you

and so uh these other tools anytime you say podman it usually means we're

say podman it usually means we're talking about podman builda and scopio

talking about podman builda and scopio so builda is a tool used to build the

so builda is a tool used to build the oci images and scopio is a tool for

oci images and scopio is a tool for moving container images between

moving container images between different types of container storages p

different types of container storages p is not going to show up in your exam but

is not going to show up in your exam but you should practically know it um just

you should practically know it um just for your own benefit

for your own benefit [Music]

[Music] okay let's take a look here at the

okay let's take a look here at the container services offered on AWS

container services offered on AWS so we have primary services that

so we have primary services that actually run containers provisioning and

actually run containers provisioning and deployment on you know tooling around

deployment on you know tooling around provisioning and deployment and

provisioning and deployment and supporting services so the first here is

supporting services so the first here is a lock stick container service ECS um

a lock stick container service ECS um and the advantage of this service is

and the advantage of this service is that it has no cold starts but it is a

that it has no cold starts but it is a self-managed dc2 so that means that

self-managed dc2 so that means that you're going to be always paying for the

you're going to be always paying for the resource as it is running all right then

resource as it is running all right then you have ads fargate so this is more

you have ads fargate so this is more robust than uh using a Lambda it can

robust than uh using a Lambda it can scale to zero cost um and it's uh being

scale to zero cost um and it's uh being managed by adus managed ec2 however it

managed by adus managed ec2 however it does have cold starts so you know if you

does have cold starts so you know if you need containers launching really fast

need containers launching really fast you might be wanting to use ECS then you

you might be wanting to use ECS then you have elastic kubernetes service eks this

have elastic kubernetes service eks this is uh open source it runs kubernetes um

is uh open source it runs kubernetes um and this is really useful if you want to

and this is really useful if you want to avoid vendor lockin um which is not

avoid vendor lockin um which is not really a problem but uh that or it's

really a problem but uh that or it's just you want to run kubernetes then you

just you want to run kubernetes then you have itus Lambda so you only think about

have itus Lambda so you only think about the code uh it's designed for short

the code uh it's designed for short running tasks uh if you need something

running tasks uh if you need something that runs longer You' want to use that

that runs longer You' want to use that is serverless you'd use aess fargate

is serverless you'd use aess fargate which is serverless containers you can

which is serverless containers you can deploy custom containers so prior it us

deploy custom containers so prior it us Lambda just had um pre-built runtimes

Lambda just had um pre-built runtimes which were containers but now you can

which were containers but now you can create any kind of container and uh use

create any kind of container and uh use that uh on it was Lambda for

that uh on it was Lambda for provisioning deployment you can use

provisioning deployment you can use elastic Bean sock so um it can uh deploy

elastic Bean sock so um it can uh deploy elastic container service for you um

elastic container service for you um which is very useful there now there's

which is very useful there now there's app Runner which kind of overlaps on

app Runner which kind of overlaps on what elastic beanock does but it

what elastic beanock does but it specializes it specializes for

specializes it specializes for containers um and I believe that it can

containers um and I believe that it can actually I don't know what it uses

actually I don't know what it uses underneath because it is a managed

underneath because it is a managed service so elastic beanock is um open

service so elastic beanock is um open you can see what is running underneath

you can see what is running underneath and app Runner I don't believe you can

and app Runner I don't believe you can see what is running underneath it's just

see what is running underneath it's just taken care of by AWS then there's AWS uh

taken care of by AWS then there's AWS uh co-pilot CLI so this allows you to build

co-pilot CLI so this allows you to build release operate production ready

release operate production ready containerized applications on app Runner

containerized applications on app Runner ECS and Abus fargate for supporting

ECS and Abus fargate for supporting services you have elastic container Reg

services you have elastic container Reg indry this is reple for your containers

indry this is reple for your containers not necessarily just Docker containers

not necessarily just Docker containers but containers in general probably oci

but containers in general probably oci compliant containers x-ray so analyze

compliant containers x-ray so analyze and debug between microservices so you

and debug between microservices so you know it's distributed tracing then you

know it's distributed tracing then you have step functions so stitch together

have step functions so stitch together lambas and ECS tasks to uh create um um

lambas and ECS tasks to uh create um um a state machine and the only thing I

a state machine and the only thing I don't have on here would be you know

don't have on here would be you know being able to launch an ec2 instance

being able to launch an ec2 instance from the marketplace that has um a uh a

from the marketplace that has um a uh a container runtime installed like doer U

container runtime installed like doer U I just don't feel that that's very

I just don't feel that that's very relevant for the exam but it is another

relevant for the exam but it is another option for containers not something that

option for containers not something that people do very often but there you

people do very often but there you [Music]

[Music] go hey this is Angie Brown from exam Pro

go hey this is Angie Brown from exam Pro and we are taking a look here at

and we are taking a look here at organizations and accounts so adus

organizations and accounts so adus organizations allow the creation of new

organizations allow the creation of new adus accounts and allows you to

adus accounts and allows you to centrally manage building control access

centrally manage building control access compliance security and share resources

compliance security and share resources across your adus accounts so here's kind

across your adus accounts so here's kind of a bit of a structure of um

of a bit of a structure of um the architecture of adus organizations

the architecture of adus organizations and we'll just kind of walk through the

and we'll just kind of walk through the components so the first thing you have

components so the first thing you have is a root account user this is a single

is a root account user this is a single signin identity that has complete access

signin identity that has complete access to all adus services and resources in an

to all adus services and resources in an account and each account has a root

account and each account has a root account user so generally you will have

account user so generally you will have a master or root account and even within

a master or root account and even within that you'll have a root account user and

that you'll have a root account user and for every additional account that you

for every additional account that you have you'll notice over here we have a

have you'll notice over here we have a root account

root account user then there's the concept of

user then there's the concept of organizational unit

organizational unit uh these are commonly abbreviated to OU

uh these are commonly abbreviated to OU so they are a group of adus accounts

so they are a group of adus accounts within an organization which can contain

within an organization which can contain other organizational units creating a

other organizational units creating a hierarchy so here is one where we have

hierarchy so here is one where we have called Starfleet and here's one called

called Starfleet and here's one called Federation planets and underneath we

Federation planets and underneath we have multiple uh accounts it was

have multiple uh accounts it was accounts within that organizational unit

accounts within that organizational unit and even though it does not show it here

and even though it does not show it here you can create an organizational unit

you can create an organizational unit within an organizational unit then we

within an organizational unit then we have service control policies scps and

have service control policies scps and these give uh Central control over the

these give uh Central control over the allowed permissions for all adus

allowed permissions for all adus accounts in your organization helping to

accounts in your organization helping to ensure your accounts stay within your

ensure your accounts stay within your organization's guidelines what they're

organization's guidelines what they're trying to say here is that um there's

trying to say here is that um there's this concept of adus I am policies and

this concept of adus I am policies and all you're doing is you're creating a

all you're doing is you're creating a policy that's going to be uh

policy that's going to be uh organizational uniwide or organizational

organizational uniwide or organizational wide or for select accounts so it's just

wide or for select accounts so it's just a way of applying I am policies across

a way of applying I am policies across multiple accounts AIS organizations must

multiple accounts AIS organizations must be turned on and once it's turned on it

be turned on and once it's turned on it cannot be turned off it's generally

cannot be turned off it's generally recommended that you do turn it on um

recommended that you do turn it on um because basically when if you're going

because basically when if you're going to run any kind of serious workload

to run any kind of serious workload you're going to be using adus

you're going to be using adus organizations to uh isolate your adus

organizations to uh isolate your adus accounts based on workloads you can

accounts based on workloads you can create as many adus accounts as you like

create as many adus accounts as you like One account will be the master or root

One account will be the master or root account um and I say root account here

account um and I say root account here because this is the new language here

because this is the new language here and some of the documentation still

and some of the documentation still calls it master account so just

calls it master account so just understand this is the root account not

understand this is the root account not to be confused with the root account

to be confused with the root account user so another clarification I want to

user so another clarification I want to make is an ad account is not the same as

make is an ad account is not the same as a user account which is another thing

a user account which is another thing that is confusing so when you sign up

that is confusing so when you sign up for AWS you get um an adus account and

for AWS you get um an adus account and then it creates you a user account which

then it creates you a user account which happens to be a root user account so

happens to be a root user account so hopefully that is

hopefully that is [Music]

[Music] clear so adus control tower helps

clear so adus control tower helps Enterprises quickly set up a secure ads

Enterprises quickly set up a secure ads multi account it provides you with a

multi account it provides you with a baseline environment to get started with

baseline environment to get started with a multi-count architecture so it does

a multi-count architecture so it does this a few uh a few different ways the

this a few uh a few different ways the first thing is it provides you a landing

first thing is it provides you a landing Zone this is a baseline environment

Zone this is a baseline environment following well architected and best

following well architected and best practices to start launching production

practices to start launching production ready workloads so imagine you wanted to

ready workloads so imagine you wanted to go have um you know the perfect

go have um you know the perfect environment that you know secure um is

environment that you know secure um is correctly configured and has good

correctly configured and has good logging in place that's what a landing

logging in place that's what a landing zone is and so os's Landing zone for

zone is and so os's Landing zone for control tower is going to have SSO

control tower is going to have SSO enabled by default so it's very easy to

enabled by default so it's very easy to move between it accounts it will have

move between it accounts it will have centralized logging for ad cloud trail

centralized logging for ad cloud trail so that you know they're going to be

so that you know they're going to be tamper evident or tamper proof away from

tamper evident or tamper proof away from your workloads where they can't be

your workloads where they can't be affected it'll have cross account

affected it'll have cross account security auditing um so yeah Landing

security auditing um so yeah Landing zones are really great to have then

zones are really great to have then there's the account Factory they used to

there's the account Factory they used to call this um uh a vending machine but uh

call this um uh a vending machine but uh they changed it to account Factory the

they changed it to account Factory the idea is that it automates provisioning

idea is that it automates provisioning of new accounts in your organization it

of new accounts in your organization it standardizes the provisioning of new

standardizes the provisioning of new accounts with pre-approved account

accounts with pre-approved account configuration you can configure account

configuration you can configure account Factory with pre-approved Network

Factory with pre-approved Network configuration and region selections uh

configuration and region selections uh enable sell service for your Builders to

enable sell service for your Builders to configure and provision to accounts

configure and provision to accounts using AA service catalog AA service

using AA service catalog AA service catalog is just pre-approved uh

catalog is just pre-approved uh workloads uh via Cloud information

workloads uh via Cloud information templates you created to say okay you're

templates you created to say okay you're allowed to launch This Server these

allowed to launch This Server these resources um and the third and most

resources um and the third and most important thing that a control tower

important thing that a control tower comes with is guard rails so these are

comes with is guard rails so these are prepackaged governance rules for

prepackaged governance rules for security operations compliance the

security operations compliance the customers can select and apply

customers can select and apply enterprise-wide or to specific groups of

enterprise-wide or to specific groups of accounts

accounts so adus control tower is the replacement

so adus control tower is the replacement of the retired adus Landing zone so if

of the retired adus Landing zone so if you remember adus Landing zones which

you remember adus Landing zones which was never a selfs serve easy thing to

was never a selfs serve easy thing to sign up for it required a lot of money

and uh stuff to go in there they just don't really have it anymore and it was

don't really have it anymore and it was control tower is the new offering um

control tower is the new offering um there

there [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at 's

Pro and we are taking a look at 's config and to understand adus config we

config and to understand adus config we need to know what compliance as code is

need to know what compliance as code is and to understand compliance as code we

and to understand compliance as code we need to understand what change

need to understand what change management is so change management in

management is so change management in the context of cloud infrastructure is

the context of cloud infrastructure is when we have a formal process to monitor

when we have a formal process to monitor changes enforce changes and remediate

changes enforce changes and remediate changes and compliances code also known

changes and compliances code also known as CAC is when we utilize programming to

as CAC is when we utilize programming to automate the monitoring enforcing and

automate the monitoring enforcing and remediating changes to stay compliant

remediating changes to stay compliant with the compliance program or expected

with the compliance program or expected configuration so what is adus config

configuration so what is adus config well it's a compliances code framework

well it's a compliances code framework that allows us to manage change in your

that allows us to manage change in your it accounts on a per region basis

it accounts on a per region basis meaning that you have to turn this on

meaning that you have to turn this on for every region that you need it for

for every region that you need it for and so here is a very simple example

and so here is a very simple example where let's say we create a config Rule

where let's say we create a config Rule and we have an ec2 instance and we

and we have an ec2 instance and we expect it to be in a particular State

expect it to be in a particular State and then in the other case we have a an

and then in the other case we have a an RDS instance and it's in a state that we

RDS instance and it's in a state that we do not like so the idea is that we try

do not like so the idea is that we try to remediate it to put it in the state

to remediate it to put it in the state that we want it to be and those config

that we want it to be and those config rules are just powered by lambdas as you

rules are just powered by lambdas as you can see based on the Lambda icon there

can see based on the Lambda icon there so when should you use Adis config well

so when should you use Adis config well this is when I want this resource to

this is when I want this resource to stay configured a specific way for

stay configured a specific way for compliance I want to keep track of

compliance I want to keep track of configuration changes to resources I

configuration changes to resources I want a list of all resources within a

want a list of all resources within a region and I want to use uh uh analyze

region and I want to use uh uh analyze potential security weaknesses and you

potential security weaknesses and you need detailed historical information so

need detailed historical information so there you go

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and in this follow along we're going to

and in this follow along we're going to take a look at adus config so adus

take a look at adus config so adus config is a tool that allows you to

config is a tool that allows you to ensure that your services are configured

ensure that your services are configured as expected so I've already activated it

as expected so I've already activated it in my North Virginia region so what I'm

in my North Virginia region so what I'm going to do is just go over to Ohio here

going to do is just go over to Ohio here uh because it is per region activated

uh because it is per region activated and I'll go over to config and then what

and I'll go over to config and then what we'll have to do is set it up so there

we'll have to do is set it up so there is this oneclick setup and it did Skip

is this oneclick setup and it did Skip me to the review step because it's kind

me to the review step because it's kind of piggybacking on the configuration of

of piggybacking on the configuration of my original one here but the idea is

my original one here but the idea is that you'll just say uh record all

that you'll just say uh record all resources in this region or things like

resources in this region or things like that you'll have to create a service

that you'll have to create a service roll link if you have not done so so

roll link if you have not done so so this will look a little bit different

this will look a little bit different but here it's using the existing one

but here it's using the existing one you'll have to choose a bucket so or

you'll have to choose a bucket so or create a bucket uh it's not super

create a bucket uh it's not super complicated so you get through there you

complicated so you get through there you hit confirm and basically you're going

hit confirm and basically you're going to end up with this so the inventory um

to end up with this so the inventory um lets you see all the the resources that

lets you see all the the resources that or not all of them but most resources

or not all of them but most resources that are in your account in this

that are in your account in this particular region it this will not

particular region it this will not populate right away so you will have to

populate right away so you will have to wait a little bit of time for that to

wait a little bit of time for that to appear one really nice thing are

appear one really nice thing are conformance packs I really love these

conformance packs I really love these things when ad of us first brought these

things when ad of us first brought these out there was only like a couple but now

out there was only like a couple but now they have tons and tons and tons of

they have tons and tons and tons of conformance packs so you can go deploy a

conformance packs so you can go deploy a conformance pack and you can open up the

conformance pack and you can open up the templates I just want to show you look

templates I just want to show you look at how many they have so there some of

at how many they have so there some of you might recognize like

you might recognize like nist uh CIS things like that well

nist uh CIS things like that well detected uh stuff and all these are um

detected uh stuff and all these are um and I'm not sure if it's easy to open

and I'm not sure if it's easy to open these up but all these are if we open

these up but all these are if we open them up they're on GitHub is these are

them up they're on GitHub is these are just Cloud foration templates to set up

just Cloud foration templates to set up configuration rules so there's a variety

configuration rules so there's a variety of suggested rules uh like around IM

of suggested rules uh like around IM best practices and things like that that

best practices and things like that that we can load in um but the idea is that

we can load in um but the idea is that you're just going to create rules so you

you're just going to create rules so you go here and you add a rule and they have

go here and you add a rule and they have a bunch of manage rules here um that we

a bunch of manage rules here um that we can look at but I think it might be fun

can look at but I think it might be fun to actually run a um a conformance pack

to actually run a um a conformance pack I'll just show you what it looks like to

I'll just show you what it looks like to add a rule first so let's say we wanted

add a rule first so let's say we wanted to do something for

to do something for S3 um and it was making sure that we are

S3 um and it was making sure that we are blocking Public Access so we go next

blocking Public Access so we go next here generally you'll have a trigger

here generally you'll have a trigger type you can choose whether it's uh

type you can choose whether it's uh configured when it happens or it's

configured when it happens or it's periodic this is disabled in this case

periodic this is disabled in this case here and you just scroll on down um and

here and you just scroll on down um and then once you've added the rule what you

then once you've added the rule what you can

can do is also manage remediation so if this

do is also manage remediation so if this rule said hey this thing is

rule said hey this thing is non-compliant we want you to take a

non-compliant we want you to take a particular action and you have all these

particular action and you have all these adus actions that you can perform and

adus actions that you can perform and you can notify the right people to

you can notify the right people to correct it or have it auto correct if

correct it or have it auto correct if you choose to do so um for rules you can

you choose to do so um for rules you can also make your own custom one so that's

also make your own custom one so that's just you providing your own Lambda

just you providing your own Lambda functions you're providing that Lambda

functions you're providing that Lambda Arn and so basically you can have it do

Arn and so basically you can have it do anything that you want whatever you want

anything that you want whatever you want to put in a Lambda you can make adist

to put in a Lambda you can make adist config check for okay so it's not super

config check for okay so it's not super complic at here but um this one here is

complic at here but um this one here is just going to go ahead and check and so

just going to go ahead and check and so if we go and

if we go and reevaluate it might just take some time

reevaluate it might just take some time to show up it's either going to say that

to show up it's either going to say that it's compliant or non-compliant okay and

it's compliant or non-compliant okay and I it should be compliant but while we're

I it should be compliant but while we're waiting for that to happen let's just

waiting for that to happen let's just see how hard it is to deploy a

see how hard it is to deploy a conformance pack because I feel like

conformance pack because I feel like that's something that's really important

that's something that's really important oh you can just drop them down and

oh you can just drop them down and choose them that's great so we might

choose them that's great so we might want to go to I am here oops identity

want to go to I am here oops identity and access

and access management and hit next and say uh my my

management and hit next and say uh my my um uh IM best practices and you might

um uh IM best practices and you might not want to do this because it does have

not want to do this because it does have spend and I want I say spend it's not

spend and I want I say spend it's not going to happen instantly but the idea

going to happen instantly but the idea is that if you turn this on and forget

is that if you turn this on and forget to remove it uh you will see some kind

to remove it uh you will see some kind of charges over time because it does

of charges over time because it does check based on the rules it's not super

check based on the rules it's not super expensive but it is something to

expensive but it is something to consider about um but anyway so it looks

consider about um but anyway so it looks like we created that conformance pack so

like we created that conformance pack so if I refresh it looks like it's in

if I refresh it looks like it's in progress I wonder if that's going to set

progress I wonder if that's going to set up a cloud formation template I'm kind

up a cloud formation template I'm kind of curious about that so we'll make our

of curious about that so we'll make our way over to cloud

formation and it is so that's really nice because once that is done what we

nice because once that is done what we can do is just tear it down by deleting

can do is just tear it down by deleting the stack so I'm going to go back over

the stack so I'm going to go back over to our conformance pack

to our conformance pack here let's take a look here and so it

here let's take a look here and so it still says it's in progress but it is

still says it's in progress but it is completed and we can click into

completed and we can click into it and we can see all the things that

it and we can see all the things that it's doing so it says item groups have

it's doing so it says item groups have user check informance pack um and so it

user check informance pack um and so it looks like there's a bunch of of uh cool

looks like there's a bunch of of uh cool rules uh here so what we'll do is we'll

rules uh here so what we'll do is we'll just wait a little while and we'll come

just wait a little while and we'll come back here and then just see if um this

back here and then just see if um this updates and see how compliant we are

updates and see how compliant we are from a uh a basic account okay all right

from a uh a basic account okay all right so after waiting a little while there it

so after waiting a little while there it looks like some of them are being set so

looks like some of them are being set so I just gave it a hard refresh here uh

I just gave it a hard refresh here uh and here you can see that it's saying is

and here you can see that it's saying is root account um whoops we give it a

root account um whoops we give it a moment here to refresh but uh is the

moment here to refresh but uh is the root account MFA applied yes have we

root account MFA applied yes have we done a password policy no and actually I

done a password policy no and actually I never did a password policy which is

never did a password policy which is something I forgot to do but here

something I forgot to do but here they're just talking about the minimums

they're just talking about the minimums and maximums of things that you can

and maximums of things that you can do okay so that's a conformance pack um

do okay so that's a conformance pack um but if we go to rules actually I guess

but if we go to rules actually I guess it's all the rules here I can't really

it's all the rules here I can't really tell the difference between the

tell the difference between the conformance pack rules and our plane

conformance pack rules and our plane rules kind it's kind of all mixed

rules kind it's kind of all mixed together here I

together here I think yeah so it's a bit hard to see

think yeah so it's a bit hard to see what's going on there if we go to the

what's going on there if we go to the performance pack and click in again it

performance pack and click in again it might show the rules yeah there we go so

might show the rules yeah there we go so here's the rules there just see a little

here's the rules there just see a little bit more information so use a hardware

bit more information so use a hardware MFA so you know how they're talking

MFA so you know how they're talking about using a security key like what I

about using a security key like what I showed you that I had earlier in the

showed you that I had earlier in the course things like that um I am password

course things like that um I am password policy things like that so you know not

policy things like that so you know not too complicated but um I think I'm all

too complicated but um I think I'm all done here so what I'm going to do is I'm

done here so what I'm going to do is I'm going to go over to cloud formation and

going to go over to cloud formation and tear that on down but you get the

tear that on down but you get the idea well I might want to show you uh

idea well I might want to show you uh drift so there used to be a way it's go

drift so there used to be a way it's go like keep changing things on me here but

like keep changing things on me here but there's a way to see uh history over

there's a way to see uh history over time and so that was

time and so that was something that they used to show and I'm

something that they used to show and I'm just trying to like find where they put

just trying to like find where they put it because it is like somewhere else

it because it is like somewhere else resources

maybe ah resource timeline okay so they moved it over into the resource

moved it over into the resource inventory and so if we were to take a

inventory and so if we were to take a look at something anything maybe this

look at something anything maybe this here resource timeline um and there

here resource timeline um and there might not be much here but the idea is

might not be much here but the idea is it will show you over time how things

it will show you over time how things have changed so the idea is that not

have changed so the idea is that not only can you say with a config is

only can you say with a config is something compliant but when was it

something compliant but when was it compliant and that is something that is

compliant and that is something that is really important to know okay so very

really important to know okay so very simple example maybe not the best but

simple example maybe not the best but the idea is that we can see when it was

the idea is that we can see when it was and was not compliant based on uh

and was not compliant based on uh changes to our stuff but uh anyway that

changes to our stuff but uh anyway that looks all good to me here so I'm going

looks all good to me here so I'm going to make my way over to cloud formation

to make my way over to cloud formation actually already already have it open

actually already already have it open over here we're going to go ahead and

over here we're going to go ahead and delete that stack um um termination

delete that stack um um termination protection is enabled you must first

protection is enabled you must first disable it so we'll edit it disable it

disable it so we'll edit it disable it whatever okay we'll hit delete there and

whatever okay we'll hit delete there and as that's deleting I'm going to go look

as that's deleting I'm going to go look for and config my

for and config my original rule there again I'm not really

original rule there again I'm not really worried about it I don't think it's

worried about it I don't think it's going to really cost me anything but uh

going to really cost me anything but uh I'm also just kind of clear the house

I'm also just kind of clear the house here just so you're you're okay as well

here just so you're you're okay as well and so if we go over to our rules um the

and so if we go over to our rules um the one that I spun up that was custom um I

one that I spun up that was custom um I think was this one here because these

think was this one here because these are all grayed out right so I can go

are all grayed out right so I can go ahead there delete that rule type in

ahead there delete that rule type in delete and we are good so there you

delete and we are good so there you go that

go that is it all

is it all [Music]

[Music] right adabs quick starts are pre-built

right adabs quick starts are pre-built templates by adabs and adus partners to

templates by adabs and adus partners to help deploy a wide range of stacks it

help deploy a wide range of stacks it reduces hundreds of manual uh procedures

reduces hundreds of manual uh procedures into just a few steps the uh Quick Start

into just a few steps the uh Quick Start is composed of three parts it has a

is composed of three parts it has a reference architecture for the

reference architecture for the deployment an itus cloud formation

deployment an itus cloud formation templates that automate and configure

templates that automate and configure the deployment a deployment guide

the deployment a deployment guide explain the architecture implementation

explain the architecture implementation in detail so here's an example of one

in detail so here's an example of one that you might want to launch like the

that you might want to launch like the adus Q&A bot and then you will get an

adus Q&A bot and then you will get an architectural diagram and a lot of

architectural diagram and a lot of information about it and from there you

information about it and from there you can just go press the button and launch

can just go press the button and launch this infrastructure most quick start

this infrastructure most quick start reference deployments enable you to spin

reference deployments enable you to spin up a fully functional architecture in

up a fully functional architecture in less than an hour and there is a lot as

less than an hour and there is a lot as we will see here when we take a look for

we will see here when we take a look for [Music]

[Music] ourselves all right so here is uh adus

ourselves all right so here is uh adus quick starts where we have a bunch of

quick starts where we have a bunch of cloudformation templates uh built by

cloudformation templates uh built by adabs or Amazon or adus partner networks

adabs or Amazon or adus partner networks APM partners and uh there's a variety of

APM partners and uh there's a variety of different things here so I'm just going

different things here so I'm just going to try to find something like Q&A

to try to find something like Q&A bot Q&A bot just type in bot here and I

bot Q&A bot just type in bot here and I don't know why it was here the other day

don't know why it was here the other day now it's not showing up which is totally

now it's not showing up which is totally fine but um you know I just want

fine but um you know I just want anything to deploy just to kind of show

anything to deploy just to kind of show you what we can do with it so you scroll

you what we can do with it so you scroll on down we have uh this graphic here

on down we have uh this graphic here that's representing what will get

that's representing what will get deployed so we have cloudfront S3 Dynamo

deployed so we have cloudfront S3 Dynamo DB assistance manager Lex paully all

DB assistance manager Lex paully all these kind of fun stuff um and there's

these kind of fun stuff um and there's some information about how it is

some information about how it is architected and the idea is you can go

architected and the idea is you can go ahead and launch in the console or view

ahead and launch in the console or view the implementation guide let's go take a

the implementation guide let's go take a look here um and there's a bunch of

look here um and there's a bunch of stuff so we have Solutions and things

stuff so we have Solutions and things like that conversational things like

like that conversational things like that but what I'm going to do is go

that but what I'm going to do is go ahead and see how far I can get to

ahead and see how far I can get to launching with this it doesn't really

launching with this it doesn't really matter if we do launch it it's it's just

matter if we do launch it it's it's just the fact that um I want to just show you

the fact that um I want to just show you what you can do with it so if we go to

what you can do with it so if we go to the designer it's always fun to look at

the designer it's always fun to look at it in there because then we can kind of

it in there because then we can kind of visualize all the resources that are

visualize all the resources that are available and I thought that that would

available and I thought that that would populate over there but maybe we did the

populate over there but maybe we did the wrong thing so I'm just going to go back

wrong thing so I'm just going to go back and

and click I'm just going to click out of

click I'm just going to click out of this oops cancel let's close that leave

this oops cancel let's close that leave yes and we will launch that

again and so this oh viewing the designer I hit the wrong button

okay so now this should show us the template might just be

loading there we go so this is what it's going to launch and you can see there's

going to launch and you can see there's a lot going on here just going to shrink

a lot going on here just going to shrink that there

that there uh and I don't know if you can make any

uh and I don't know if you can make any sense of it but clearly it's doing a lot

sense of it but clearly it's doing a lot and so if we were happy with this and we

and so if we were happy with this and we wanted to launch it I know I keep

wanted to launch it I know I keep backing out of this but we're going to

backing out of this but we're going to go back into it one more

go back into it one more time we can go here and we can go next

time we can go here and we can go next and then we would just fill in what we

and then we would just fill in what we want so you name it put the language in

want so you name it put the language in and this is stuff that they set up so

and this is stuff that they set up so maybe you want a mail voice set the ab

maybe you want a mail voice set the ab in and stuff like that and it's that

in and stuff like that and it's that simple really um and every stack is

simple really um and every stack is going to be different so they're all

going to be different so they're all going to have different configurations

going to have different configurations ation options but hopefully that gives

ation options but hopefully that gives you kind of an idea of what you can do

you kind of an idea of what you can do with quick starts

with quick starts [Music]

[Music] okay let's take a look at the concept of

okay let's take a look at the concept of tagging within AWS so a tag is a key and

tagging within AWS so a tag is a key and value pair that you can assign to anus

value pair that you can assign to anus resource so as you are creating a

resource so as you are creating a resource it's going to prompt you to say

resource it's going to prompt you to say hey what tags do you want to add you're

hey what tags do you want to add you're going to give a key you're going to give

going to give a key you're going to give a value and so some examples could be

a value and so some examples could be something like based on Department the

something like based on Department the status

status the team the environment uh the project

the team the environment uh the project as we have the example here the location

as we have the example here the location um and so tags allow you to organize

um and so tags allow you to organize your resources in the following way for

your resources in the following way for resource management so specific

resource management so specific workloads so you can say you know

workloads so you can say you know developer environments cost management

developer environments cost management and optimization so cost tracking

and optimization so cost tracking budgets and alerts operations management

budgets and alerts operations management so business commitments SLA operations

so business commitments SLA operations Mission critical Services security so

Mission critical Services security so classification of data security impact

classification of data security impact governance and Regulatory Compliance

governance and Regulatory Compliance automation workload Automation and so

automation workload Automation and so it's important to understand that

it's important to understand that tagging can be used in Junction with um

tagging can be used in Junction with um IM policy so that you can restrict

IM policy so that you can restrict access or things like that based on

access or things like that based on those tags

those tags [Music]

[Music] okay all right I just want to show you

okay all right I just want to show you one interesting thing about tags um and

one interesting thing about tags um and it's just the fact that it's used as the

it's just the fact that it's used as the name for some services so when you go to

name for some services so when you go to ec2 and you launch an instance uh the

ec2 and you launch an instance uh the way you set the name is by giving it a

way you set the name is by giving it a tag called name and I just want to prove

tag called name and I just want to prove prove that to you just like one of those

prove that to you just like one of those little exceptions here so we choose an

little exceptions here so we choose an instance

instance here we go to configure storage and then

here we go to configure storage and then what we do is we add a tag and we say

what we do is we add a tag and we say name um and my server name okay and then

name um and my server name okay and then we go ahead and review and launch we're

we go ahead and review and launch we're going to launch this I don't need a key

going to launch this I don't need a key pair so we'll just say proceed without

pair so we'll just say proceed without key pair I

key pair I acknowledge

acknowledge okay and we will go view the instances

okay and we will go view the instances and you'll see that is the name so um

and you'll see that is the name so um that's just like one of those exceptions

that's just like one of those exceptions or things that you can do with tags if

or things that you can do with tags if there's other things with tags I have no

there's other things with tags I have no idea that's just like a a basic one that

idea that's just like a a basic one that everybody should know and that's why I'm

everybody should know and that's why I'm shown to you with the tags but there you

shown to you with the tags but there you [Music]

[Music] go so we just looked at tags now let's

go so we just looked at tags now let's see what we can do with resource groups

see what we can do with resource groups which are a collection of resources that

which are a collection of resources that share one or more tags or another way to

share one or more tags or another way to look at it it it's a way for you to take

look at it it it's a way for you to take multiple tags and organize them uh into

multiple tags and organize them uh into resource groups so it helps you organize

resource groups so it helps you organize and consolidate information based on

and consolidate information based on your project and the resources that you

your project and the resources that you use resource groups can display details

use resource groups can display details about a group of resources based on

about a group of resources based on metrics alarms configuration settings

metrics alarms configuration settings and at any time you can modify the

and at any time you can modify the settings of your resource groups to

settings of your resource groups to change what resources appear resource

change what resources appear resource groups appear in the global console

groups appear in the global console header uh which is over here and under

header uh which is over here and under the systems manager so technically it's

the systems manager so technically it's part of an simple system assists manager

part of an simple system assists manager or System Manager interface but it's

or System Manager interface but it's also part of the global interface so

also part of the global interface so sometimes that's a bit confusing but uh

sometimes that's a bit confusing but uh that's where you can find it

that's where you can find it [Music]

[Music] okay all right so what I want to do is

okay all right so what I want to do is explore resource groups and also um

explore resource groups and also um tagging so what I want you to do is type

tagging so what I want you to do is type in resource groups at the top here and

in resource groups at the top here and it used to be

it used to be accessible not sure where they put it

accessible not sure where they put it but it used to be accessible here at the

but it used to be accessible here at the top but they might have moved it over to

top but they might have moved it over to systems manager so I'm going to go to

systems manager so I'm going to go to SSA here not sure why I can't seem to

SSA here not sure why I can't seem to find it today and on the left hand side

find it today and on the left hand side we're going to look

we're going to look for resource

all right so what I want to do is take a look at resource groups and I'm really

look at resource groups and I'm really surprised because it used to be

surprised because it used to be somewhere in the global now but I think

somewhere in the global now but I think they might have changed it um and what's

they might have changed it um and what's also frustrating is if I go over to

also frustrating is if I go over to systems manager it was over here as well

systems manager it was over here as well and so on the left hand side I'm looking

and so on the left hand side I'm looking for resource groups it's not showing up

for resource groups it's not showing up so I don't know best you keep moving

so I don't know best you keep moving things around on me and I'm I can only

things around on me and I'm I can only update things so quickly in my courses

update things so quickly in my courses but if you type in resource groups and

but if you type in resource groups and tag editor it's actually over here um I

tag editor it's actually over here um I guess it's its own Standalone service

guess it's its own Standalone service now why they keep changing things I

now why they keep changing things I don't know but uh the idea is we want to

don't know but uh the idea is we want to create a resource Group so you can

create a resource Group so you can create unlimited single region groups in

create unlimited single region groups in your ab account use the group to view

your ab account use the group to view related insights things like that so I'm

related insights things like that so I'm going to go ahead and create a resource

going to go ahead and create a resource Group you can see it can be tag based or

Group you can see it can be tag based or cloud formation based but I don't have

cloud formation based but I don't have any tags I don't really have anything

any tags I don't really have anything tags so what I'm going to do is make my

tags so what I'm going to do is make my way over to S3 we're just going to

way over to S3 we're just going to create some resources or a couple

create some resources or a couple resources here with some tags so that we

resources here with some tags so that we can do some filtration so I can go ahead

can do some filtration so I can go ahead and create a bucket I'm going to say my

and create a bucket I'm going to say my bucket uh this like that

bucket uh this like that whoops and then down below I'm going to

whoops and then down below I'm going to go down to tags and we're going to say

go down to tags and we're going to say project and we're going to say um RG for

project and we're going to say um RG for Resource

Group okay and then I can go back over here and then I'm going to just say I

here and then I'm going to just say I can say exactly what type I want I'm

can say exactly what type I want I'm going to support all resource

going to support all resource types and I'm going to say

types and I'm going to say project RG see how it aut completes and

project RG see how it aut completes and we'll go down below we'll just

we'll go down below we'll just say my

say my RG a test

RG a test RG we'll create

that and so now we have a resource Group and we can see them all in one place uh

and we can see them all in one place uh resource groups are probably useful for

resource groups are probably useful for using in um policies so I can say say

using in um policies so I can say say like Resource Group IM

like Resource Group IM policies that's probably what they're

policies that's probably what they're used for

okay so before you use I am managed to access resour groups you should

access resour groups you should understand I am features things like

understand I am features things like that and so administrators can use Json

that and so administrators can use Json policies to specify who has access to

policies to specify who has access to what and so a policy action or Resource

what and so a policy action or Resource Group is used following the prefix

Group is used following the prefix resource groups so my thought process

resource groups so my thought process there is that if you want to say okay

there is that if you want to say okay you have access to a resource you can

you have access to a resource you can just specify a resource Group and it

just specify a resource Group and it will include all the resources within

will include all the resources within there and so that might be um a better

there and so that might be um a better way to apply permissions at a per

way to apply permissions at a per project basis um and that could save you

project basis um and that could save you a lot of time writing out IM policies so

a lot of time writing out IM policies so that's basically all there really is to

that's basically all there really is to it also you kind of get an overview of

it also you kind of get an overview of of the U resources that are there so

of the U resources that are there so that can be kind of useful as well

that can be kind of useful as well there's the tag editor here I can't

there's the tag editor here I can't remember what you use this for you can

remember what you use this for you can set up tag

set up tag policies um tag policies help you

policies um tag policies help you standardize tags on resource groups in

standardize tags on resource groups in your accounts use uh to Define Tech

your accounts use uh to Define Tech policies and Abus org to attach them to

policies and Abus org to attach them to the entire organization um we're not in

the entire organization um we're not in the OR account so I'm not going to show

the OR account so I'm not going to show you this and it's not that important um

you this and it's not that important um but just understand that resource groups

but just understand that resource groups can be created and they are used within

can be created and they are used within I policies in order to um uh Grant or

I policies in order to um uh Grant or deny access to stuff I'm go ahead and

deny access to stuff I'm go ahead and delete that Resource Group and really

delete that Resource Group and really stop moving that on me if you move it

stop moving that on me if you move it one more time I'm just never going to

one more time I'm just never going to talk about resource groups again

talk about resource groups again [Music]

[Music] okay hey hey this is Andrew Brown from

okay hey hey this is Andrew Brown from exam Pro and we are taking a look at

exam Pro and we are taking a look at business Centric services and you might

business Centric services and you might say well why because in the exam guide

say well why because in the exam guide It's explicitly says that these are not

It's explicitly says that these are not covered but the thing is is that when

covered but the thing is is that when you're taking the exam some of the uh

you're taking the exam some of the uh choices might be some of these Services

choices might be some of these Services as distractors and if you know what they

as distractors and if you know what they are it's going to help make sure that

are it's going to help make sure that you um uh guess correctly and the thing

you um uh guess correctly and the thing is that some of these services are

is that some of these services are useful you should know about them so

useful you should know about them so that's another reason why I'm talking

that's another reason why I'm talking about them here so first one is Amazon

about them here so first one is Amazon connction this is a virtual call center

connction this is a virtual call center you can create workflows to Route

you can create workflows to Route callers you can record phone calls

callers you can record phone calls manage a que of callers based on the

manage a que of callers based on the same proven system used by Amazon

same proven system used by Amazon customer service teams we have

customer service teams we have workspaces this is a virtual Remote

workspaces this is a virtual Remote Desktop Service secure manage service

Desktop Service secure manage service for provision either windows or Linux

for provision either windows or Linux desktops in just a few minutes which

desktops in just a few minutes which quickly scales up to thousands of

quickly scales up to thousands of desktops we have work docs which is a

desktops we have work docs which is a shared collaboration service

shared collaboration service essentialized storage to share content

essentialized storage to share content in files it is similar to Microsoft

in files it is similar to Microsoft SharePoint think of it as a shared

SharePoint think of it as a shared folder where the company has ownership

folder where the company has ownership we have chime which is a video

we have chime which is a video conference service it is similar to zoom

conference service it is similar to zoom or Skype you can screen share have

or Skype you can screen share have multiple people on the on the same call

multiple people on the on the same call it is secure by default and can show you

it is secure by default and can show you a calendar of upcoming calls we have

a calendar of upcoming calls we have workmail this is a manag business uh

workmail this is a manag business uh email contacts calendar service with

email contacts calendar service with support of existing desktop and mobile

support of existing desktop and mobile email client applications that can

email client applications that can handle things like IMAP similar to Gmail

handle things like IMAP similar to Gmail or exchange we have pinpoint this is a

or exchange we have pinpoint this is a marketing campaign Management Service

marketing campaign Management Service pinpoint is for sending targeted emails

pinpoint is for sending targeted emails Via SMS push notifications voice

Via SMS push notifications voice messages you can perform um A to B

messages you can perform um A to B testing or create Journey so complex

testing or create Journey so complex email response workflows we have sces

email response workflows we have sces this is a transactional email service

this is a transactional email service you can integrate sces into your

you can integrate sces into your application to send emails you can

application to send emails you can create common templates track open rates

create common templates track open rates keep track of your reputation we have

keep track of your reputation we have quick site this is a business

quick site this is a business intelligence uh service connect multiple

intelligence uh service connect multiple data sources and quickly visualize data

data sources and quickly visualize data in the form of graphs with little to no

in the form of graphs with little to no knowledge definitely you want to

knowledge definitely you want to remember quick site SCS pinpoint Point

remember quick site SCS pinpoint Point uh cuz those definitely will show up in

uh cuz those definitely will show up in the exam the rest probably not but they

the exam the rest probably not but they could show up as distractors

could show up as distractors [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at

Pro and we are taking a look at provisioning services so let's first

provisioning services so let's first Define what is provisioning so

Define what is provisioning so provisioning is the allocation or

provisioning is the allocation or creation of resources and services to a

creation of resources and services to a customer and IT provisioning services

customer and IT provisioning services are responsible for setting up and

are responsible for setting up and managing those adaus Services we have a

managing those adaus Services we have a lot of services that do provisioning

lot of services that do provisioning most of them are just using cloud

most of them are just using cloud formation underneath which we will

formation underneath which we will mention here but let's get to it the

mention here but let's get to it the first is elastic beanock this is a

first is elastic beanock this is a platform as a service to easily deploy

platform as a service to easily deploy web apps eie will provision various a

web apps eie will provision various a with services like ec2 S3 SNS cloudwatch

with services like ec2 S3 SNS cloudwatch ec2 Auto scaling groups load balancers

ec2 Auto scaling groups load balancers uh and you can think of it as the Heroku

uh and you can think of it as the Heroku equivalent to AWS then you have opsworks

equivalent to AWS then you have opsworks this is a configuration Management

this is a configuration Management Service that also provides managed

Service that also provides managed instances of Open Source configuration

instances of Open Source configuration managed software such as chef and p

managed software such as chef and p puppet so you'll say I want to have a

puppet so you'll say I want to have a load balcer or I want to have servers

load balcer or I want to have servers and it will provision those for you uh

and it will provision those for you uh indirectly then you have Cloud

indirectly then you have Cloud information itself this is an

information itself this is an infrastructure modeling and provisioning

infrastructure modeling and provisioning service it automates the provisioning of

service it automates the provisioning of AD Services by writing Cloud information

AD Services by writing Cloud information templates in either Json or yaml and

templates in either Json or yaml and this is known as IAC or infrastructures

this is known as IAC or infrastructures of code you have quick starts these are

of code you have quick starts these are pre-made packages that can uh be

pre-made packages that can uh be launched and configure your Aus compute

launched and configure your Aus compute network storage and other services

network storage and other services required to deploy a workload ons we do

required to deploy a workload ons we do cover this in this course but quick

cover this in this course but quick starts is basically just Cloud

starts is basically just Cloud information templates that are authored

information templates that are authored by the community or um buy um Amazon

by the community or um buy um Amazon partner Network okay then we have abis

partner Network okay then we have abis Marketplace this is a digital catalog

Marketplace this is a digital catalog for thousands of software listings of

for thousands of software listings of independent software vendors that you

independent software vendors that you can use toine by in tes and deploy

can use toine by in tes and deploy software so the idea is that um you know

software so the idea is that um you know you can go there and provision whatever

you can go there and provision whatever kind of resource you want we have Abus

kind of resource you want we have Abus amplify this is a mobile web app

amplify this is a mobile web app framework that will provision multiple

framework that will provision multiple Aus Services as your backend it's

Aus Services as your backend it's specifically for serverless services I

specifically for serverless services I don't know why I didn't write that in

don't know why I didn't write that in there um but you know like Dynamo DB um

there um but you know like Dynamo DB um things like uh whatever the graphql

things like uh whatever the graphql service is called API Gateway things

service is called API Gateway things like that uh then we have ads app Runner

like that uh then we have ads app Runner this is a fully managed service that

this is a fully managed service that makes it easy for developers to quickly

makes it easy for developers to quickly deploy containerized web apps and apis

deploy containerized web apps and apis at scale with no prior information

at scale with no prior information experience required it's basically a

experience required it's basically a platform as a service but for containers

platform as a service but for containers we have AIS co-pilot this is a command

we have AIS co-pilot this is a command line interface that enables customers to

line interface that enables customers to quickly launch and manage containerized

quickly launch and manage containerized applications any bus it basically is a a

applications any bus it basically is a a CLI tool that sets up a bunch of scripts

CLI tool that sets up a bunch of scripts to set up pipelines for you makes things

to set up pipelines for you makes things super easy we have Adis code start this

super easy we have Adis code start this provides a unified user interface

provides a unified user interface enabling you to manage your software

enabling you to manage your software development activities in one place

development activities in one place usually launch common types of stacks

usually launch common types of stacks like lamp then we have cdk and so this

like lamp then we have cdk and so this is infrastructure as a code tool allows

is infrastructure as a code tool allows you to use your favorite programming

you to use your favorite programming language generates out Cloud information

language generates out Cloud information templates as a means of I so there you

templates as a means of I so there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are taking a look at a

Pro and we are taking a look at a elastic bean stock before we do let's

elastic bean stock before we do let's just Define what passes so platform as a

just Define what passes so platform as a service allows customers to develop run

service allows customers to develop run and manage applications without uh the

and manage applications without uh the complexity of building and maintaining

complexity of building and maintaining the infrastructure typically associated

the infrastructure typically associated with developing and launching an app and

with developing and launching an app and so elastic beanock is a pass for

so elastic beanock is a pass for deploying web apps with little to know

deploying web apps with little to know uh knowledge of the underlying

uh knowledge of the underlying infrastructure so you can focus on

infrastructure so you can focus on writing application code instead of

writing application code instead of setting up an automated deployment

setting up an automated deployment pipeline or devops tasks the idea here

pipeline or devops tasks the idea here is you choose a platform upload your

is you choose a platform upload your code and it runs with little uh

code and it runs with little uh knowledge of the infrastructure and adab

knowledge of the infrastructure and adab us will say that it's generally not

us will say that it's generally not recommended for production apps but just

recommended for production apps but just understand that they are saying this for

understand that they are saying this for Enterprises and large companies if

Enterprises and large companies if you're a small to medium company you can

you're a small to medium company you can run elastic beanock for quite a long

run elastic beanock for quite a long time it'll work out great elastic

time it'll work out great elastic beanock is powered by cloud formation

beanock is powered by cloud formation templates and it sets up for you elastic

templates and it sets up for you elastic load balancer asgs RDS ec2 instances

load balancer asgs RDS ec2 instances preconfigured for particular platforms

preconfigured for particular platforms uh monitoring integration with

uh monitoring integration with cloudwatch SNS uh deployment strategies

cloudwatch SNS uh deployment strategies like in place blue green green uh

like in place blue green green uh deployment has security built in so it

deployment has security built in so it could rotate out your passwords for your

could rotate out your passwords for your databases and it could run dockerized

databases and it could run dockerized environments and so when we talk about

environments and so when we talk about platforms you can see we have Docker

platforms you can see we have Docker multicontainer Docker uh go.net Java

multicontainer Docker uh go.net Java nodejs Ruby PHP python Tomcat go a bunch

nodejs Ruby PHP python Tomcat go a bunch of stuff and just to kind of give you

of stuff and just to kind of give you that architectural diagram to show you

that architectural diagram to show you that it it can launch of multiple things

that it it can launch of multiple things [Music]

[Music] okay hey it's Andrew Brown from exam Pro

okay hey it's Andrew Brown from exam Pro and this fall along we're going to learn

and this fall along we're going to learn all about elastic beanock maybe not

all about elastic beanock maybe not everything but we're going to definitely

everything but we're going to definitely know how to at least um use the service

know how to at least um use the service so elastic beanock is a platform as a

so elastic beanock is a platform as a service and what it does is it allows

service and what it does is it allows you to uh deploy web applications very

you to uh deploy web applications very easily so here I've made my way over to

easily so here I've made my way over to elastic beanock that we an environment

elastic beanock that we an environment and app and then we set up our

and app and then we set up our application we have two tiers a web

application we have two tiers a web server environment a worker environment

server environment a worker environment worker environment is great for long

worker environment is great for long running

running workloads performing uh background jobs

workloads performing uh background jobs and things like that and then you have

and things like that and then you have your web server which is your web server

your web server which is your web server and you can have both and it's generally

and you can have both and it's generally recommended to do so um but anyway what

recommended to do so um but anyway what we'll do is create a new application so

we'll do is create a new application so let's say my app here and uh there's

let's say my app here and uh there's some tags we can do and then it will

some tags we can do and then it will name based on the environment then we

name based on the environment then we need to choose an environment name so

need to choose an environment name so I'll say my environment and just put a

I'll say my environment and just put a bunch of numbers in there hit the check

bunch of numbers in there hit the check availability scroll on down and we have

availability scroll on down and we have two options manage platform custom

two options manage platform custom platform and I'm not sure why custom is

platform and I'm not sure why custom is blanked out but it would allow you to um

blanked out but it would allow you to um it would allow you to I think use your

it would allow you to I think use your own containers so I'm a big fan of Ruby

own containers so I'm a big fan of Ruby so I'm going to drop down to Ruby and

so I'm going to drop down to Ruby and here we have a bunch of different

here we have a bunch of different versions and so 2.7 is pretty pretty new

versions and so 2.7 is pretty pretty new which is pretty good and then there's

which is pretty good and then there's the platform version which is fine and

the platform version which is fine and the great thing is it comes with a

the great thing is it comes with a sample application now you could hit

sample application now you could hit create environment but you'd be missing

create environment but you'd be missing on a lot if you don't hit this configure

on a lot if you don't hit this configure more options I don't know why they put

more options I don't know why they put it there it's a not a very good UI but

it there it's a not a very good UI but um if you click here you actually get to

um if you click here you actually get to see everything possible and so up here

see everything possible and so up here we can have some presets where we can

we can have some presets where we can have a single instance so this is where

have a single instance so this is where it's literally running a single E2

it's literally running a single E2 instance so it's very cost effective you

instance so it's very cost effective you can have it with spot uh spot pricing so

can have it with spot uh spot pricing so you save money um there's High

you save money um there's High availability so you know if you want it

availability so you know if you want it set up with a load balcer an auto

set up with a load balcer an auto scaling group it will scale very well or

scaling group it will scale very well or you can do custom configuration we

you can do custom configuration we scroll on down

scroll on down here you can enable Amazon x-ray you can

here you can enable Amazon x-ray you can rotate out logs you can do log

rotate out logs you can do log streaming um there's a lot of stuff here

streaming um there's a lot of stuff here and basically it's just like it sets up

and basically it's just like it sets up most for you but you can pretty much

most for you but you can pretty much configure what you want as well if we

configure what you want as well if we had the load balcer set if I go here go

had the load balcer set if I go here go to High availability now we'll be able

to High availability now we'll be able to change our load balancer options you

to change our load balancer options you have different ways of deploying so you

have different ways of deploying so you can go here and then change it from all

can go here and then change it from all at once rolling immutable traffic

at once rolling immutable traffic splitting depends on what your use case

splitting depends on what your use case is um we can set up a key pair to be

is um we can set up a key pair to be able to log into the

able to log into the machine there's a whole variety of

machine there's a whole variety of things you can connect your database as

things you can connect your database as well so it can create the database

well so it can create the database alongside with it and then it can

alongside with it and then it can actually rotate out the key so you don't

actually rotate out the key so you don't have to worry about it which is really

have to worry about it which is really nice what I'm going to do is go to the

nice what I'm going to do is go to the top here and just choose a single

top here and just choose a single instance because I want this to be very

instance because I want this to be very cost effective we're going to go ahead

cost effective we're going to go ahead and hit create

and hit create environment and so we are just going to

environment and so we are just going to wait for that to start up and I'll see

wait for that to start up and I'll see you back when it's done

you back when it's done okay okay so it's been uh quite a while

okay okay so it's been uh quite a while here and it says a few minutes so if it

here and it says a few minutes so if it does do this what you can do is just

does do this what you can do is just give it a hard refresh I have feeling

give it a hard refresh I have feeling that it's already done is it done yeah

that it's already done is it done yeah it's already done so and here it says on

it's already done so and here it says on September 2020 elastic talku Etc default

September 2020 elastic talku Etc default default I don't care um but anyway so

default I don't care um but anyway so this application I guess it's in a

this application I guess it's in a pending State um I'm not sure why let's

pending State um I'm not sure why let's go take a look here causes instance has

go take a look here causes instance has not sent any data since launch uh none

not sent any data since launch uh none of the instances are sending data so

of the instances are sending data so that's kind of interesting because um I

that's kind of interesting because um I shouldn't have any problems you know

shouldn't have any problems you know what I mean so what I'm going to do is

what I mean so what I'm going to do is just reboot this Miss machine and see if

just reboot this Miss machine and see if that fixes the issue there but usually

that fixes the issue there but usually it's not that difficult cuz it's the

it's not that difficult cuz it's the sample application it's not up to me um

sample application it's not up to me um as to how to fix this you know what I

as to how to fix this you know what I mean

mean so I'm not sure but um what we'll do is

so I'm not sure but um what we'll do is we will let the machine reboot and see

we will let the machine reboot and see if that makes any difference okay all

if that makes any difference okay all right so after rebooting that machine

right so after rebooting that machine now it looks like the server is healthy

now it looks like the server is healthy so it's not all that bad right if you do

so it's not all that bad right if you do run issues that is something that you

run issues that is something that you can do and so uh let's go see if there's

can do and so uh let's go see if there's is actually working so at the top here

is actually working so at the top here we have a link and so I can just right

we have a link and so I can just right click here it says congratulations your

click here it says congratulations your first 8us elastic uh beanock Ruby

first 8us elastic uh beanock Ruby application is now running so it's all

application is now running so it's all in good shape um there's a lot of stuff

in good shape um there's a lot of stuff that's going on here in elastic beanock

that's going on here in elastic beanock that we can do uh we can go back to our

that we can do uh we can go back to our configuration and change any of our

configuration and change any of our options here so there's a lot of stuff

options here so there's a lot of stuff as you can see uh we get logging uh so

as you can see uh we get logging uh so click the request log so if we click on

click the request log so if we click on this and say last 100

this and say last 100 lines should be able to get uh logging

lines should be able to get uh logging data we have to download it I wish it

data we have to download it I wish it was kind of in line but here you can

was kind of in line but here you can kind of see what's going on so we have

kind of see what's going on so we have STD access logs error logs Puma logs

STD access logs error logs Puma logs elastic beam stock engine so you could

elastic beam stock engine so you could use that to debug very common to take

use that to debug very common to take that over to uh support if you do have

that over to uh support if you do have issues uh for Health it monitors the

issues uh for Health it monitors the health of the instances which is great

health of the instances which is great then we have some uh monitoring uh data

then we have some uh monitoring uh data here so gives you uh like a built

here so gives you uh like a built dashboard so that's kind of nice you can

dashboard so that's kind of nice you can set up alarms uh you have not defined

set up alarms uh you have not defined alarms you can add them via the

alarms you can add them via the monitoring dashboard so I guess you'd

monitoring dashboard so I guess you'd have

have to you'd have to somehow add them um I

to you'd have to somehow add them um I don't think I've ever added alarms for

don't think I've ever added alarms for um Classic Bean but it's nice to know

um Classic Bean but it's nice to know that they have them you can set up

that they have them you can set up schedules for managed events then this

schedules for managed events then this is event data so it's just kind of

is event data so it's just kind of telling you it's kind of like logs it

telling you it's kind of like logs it just tells you of things that have

just tells you of things that have changed so there's stuff like that what

changed so there's stuff like that what I'm looking for is to see how I can

I'm looking for is to see how I can download the existing

download the existing application because there's a version

application because there's a version uploaded here oh the source is over here

uploaded here oh the source is over here okay

okay so I think it's probably over here the

so I think it's probably over here the one that's running so that's

one that's running so that's it if it was easy to find what I

it if it was easy to find what I probably would do is just modify it and

probably would do is just modify it and oh yeah it's over here so if we go here

oh yeah it's over here so if we go here and download the

zip I wonder if it'd be even worth um playing with this so let's I'm just

playing with this so let's I'm just going to see if we can go over to

going to see if we can go over to Cloud9 and give this a go quickly

Cloud9 and give this a go quickly so if we go over and launch a Cloud9

so if we go over and launch a Cloud9 environment maybe we can tweak it and

environment maybe we can tweak it and upload a revised version so we say

upload a revised version so we say create new we'll say EB

create new we'll say EB um uh environment for elastic beanock

um uh environment for elastic beanock we'll set it all the defaults that's all

we'll set it all the defaults that's all fine it's all within the free tier we'll

fine it's all within the free tier we'll create that environment what I'm going

create that environment what I'm going to do is just take this uh Ruby zip file

to do is just take this uh Ruby zip file and move it to my

and move it to my desktop and as that is loading we'll

desktop and as that is loading we'll give it a moment here I'm just going to

give it a moment here I'm just going to go back and I was just curious ious does

go back and I was just curious ious does it let you download it directly from

it let you download it directly from here no so the only thing is that you

here no so the only thing is that you know if you download that application

know if you download that application elastic beanock usually has a

elastic beanock usually has a configuration file with it and so I

configuration file with it and so I don't know if they would have given that

don't know if they would have given that to us but if they did that would be

to us but if they did that would be really great but we just have to wait

really great but we just have to wait for that to uh launch there as well I

for that to uh launch there as well I guess you can save configurations and

guess you can save configurations and roll back on those as

well um but we will just wait a moment here

here while it's going I might just peek

while it's going I might just peek inside of this file to see what it is

inside of this file to see what it is this ZIP

this ZIP contains just going to go to my desktop

contains just going to go to my desktop here open up that

here open up that zip so it looks pretty simple it doesn't

zip so it looks pretty simple it doesn't even look like a rails app it looks like

even look like a rails app it looks like maybe it's a Sinatra app I thought

maybe it's a Sinatra app I thought before that it would it would have

before that it would it would have deployed a Ruby on Rails application but

deployed a Ruby on Rails application but maybe they keep it really

maybe they keep it really simple

simple um I don't see usually it's like yamell

um I don't see usually it's like yamell files they use for configuration I don't

files they use for configuration I don't see that there

see that there so it might be that the default settings

so it might be that the default settings will work fine uh there's a king fig. Ru

will work fine uh there's a king fig. Ru and stuff like that but once Cloud9 is

and stuff like that but once Cloud9 is up here we will upload this and see what

up here we will upload this and see what we can do with it okay so there we go uh

we can do with it okay so there we go uh Cloud9 is ready to go and so if we right

Cloud9 is ready to go and so if we right click here whoops right click here we

click here whoops right click here we should be up be able to upload a file if

should be up be able to upload a file if not we can go up here to the

not we can go up here to the top or it's here or

top or it's here or there where is the upload I've I've

there where is the upload I've I've uploaded things in here so I absolutely

uploaded things in here so I absolutely know we can I just got to find it

Cloud9 oh boy that's not helpful that's not helpful at all so let me just click

not helpful at all so let me just click around a little bit here I mean worst

around a little bit here I mean worst case I can always just bring it in Via a

case I can always just bring it in Via a curl oh upload local files there it is I

curl oh upload local files there it is I was is just not um being patient okay so

was is just not um being patient okay so we'll drag that on in there and we

we'll drag that on in there and we will did it upload yep it's right there

will did it upload yep it's right there okay great so we need to unzip it so

okay great so we need to unzip it so what I'll do is just drag this on up

what I'll do is just drag this on up here I'll do an LS and we'll say

here I'll do an LS and we'll say unzip

unzip rubyzip and so that unzipped the

rubyzip and so that unzipped the contents there I think the readme was

contents there I think the readme was part of Cloud9 so I'm going to go ahead

part of Cloud9 so I'm going to go ahead and delete that out not that it's going

and delete that out not that it's going to hurt anything and so now what we can

to hurt anything and so now what we can do and we'll delete the original

do and we'll delete the original the original zip

the original zip there um and let's see if we can make a

there um and let's see if we can make a change here so I'm just going to open up

change here so I'm just going to open up see what it is so it's yeah it's running

see what it is so it's yeah it's running Sinatra so that's pretty clear there we

Sinatra so that's pretty clear there we have a proc file to say how it runs we

have a proc file to say how it runs we have a worker sample so that's just

have a worker sample so that's just tells how the requests go you don't need

tells how the requests go you don't need to know any of this I'm just kind of

to know any of this I'm just kind of clicking through it because I know Ruby

clicking through it because I know Ruby very well we have a cron yamel file so

very well we have a cron yamel file so that could be something that gets loaded

that could be something that gets loaded in here so I think basically a Sinatra

in here so I think basically a Sinatra app probably just works off the bat here

app probably just works off the bat here but if we want to make a change we

but if we want to make a change we probably just make a change over to here

probably just make a change over to here so I'll go down here and this is

so I'll go down here and this is your second 8s elastic beanock

your second 8s elastic beanock application so the next thing we need to

application so the next thing we need to do is actually zip the contents here I

do is actually zip the contents here I don't know if it would let us zip it

don't know if it would let us zip it with in here but I'll have to look like

with in here but I'll have to look like Zip the contents of a

Zip the contents of a directory Linux this goes to

directory Linux this goes to show Google is

show Google is everything so the easiest way to zip a

everything so the easiest way to zip a full

um zip everything in the current

zip everything in the current directory

Linux okay that's easy so we'll go back over here and we will type in

over here and we will type in zip and it wants hyphen R for recursive

zip and it wants hyphen R for recursive which makes sense and then the name of

which makes sense and then the name of the zip so

the zip so um uh Ruby 2.zip and we'll do

period zip warning found is who is zip

zip oh uh yum install zip maybe we have to

oh uh yum install zip maybe we have to install uh ZIP but maybe it's not

install uh ZIP but maybe it's not installed pseudo yum install

installed pseudo yum install zip since it's Amazon 2 uses

zip since it's Amazon 2 uses yum and so package already installed so

yum and so package already installed so I'm going to type zip again so zip is

I'm going to type zip again so zip is there now great oops don't need to

there now great oops don't need to install

twice zip warning Ruby to zip not found or

empty okay so install zip and use zip pyph R you can use the flag to best

pyph R you can use the flag to best compensate so if that's not working what

compensate so if that's not working what I'm going to do is just go up a

directory why is it saying not found or empty

use okay so I think the problem was is I was using the wrong flag so I put F

was using the wrong flag so I put F instead of R I don't know why I did that

instead of R I don't know why I did that so I probably should have done this okay

so I probably should have done this okay and so that should have copied all the

and so that should have copied all the contents of that file so what I'm going

contents of that file so what I'm going to do is go ahead whoops make sure I

to do is go ahead whoops make sure I have that selected and download that

have that selected and download that file and once I have downloaded that

file and once I have downloaded that file I'm going to just open the contents

file I'm going to just open the contents to make sure it is what I expect it to

to make sure it is what I expect it to be so we're going to open that up and

be so we're going to open that up and whoops get out of here when and it looks

whoops get out of here when and it looks like everything I want so what I'm going

like everything I want so what I'm going to do is go back over to here I'm going

to do is go back over to here I'm going to make sure I have my Ruby 2 on my

to make sure I have my Ruby 2 on my desktop we're going to see if we can to

desktop we're going to see if we can to upload another version here so upload

upload another version here so upload and deploy choose the file we're going

and deploy choose the file we're going to go all the way to my desktop here and

to go all the way to my desktop here and we're going to choose Ruby 2 and um like

we're going to choose Ruby 2 and um like Ruby 2 will be the version name or we'll

Ruby 2 will be the version name or we'll just say two and we'll deploy and we'll

just say two and we'll deploy and we'll see if that works okay but there are

see if that works okay but there are like uh elastic beanock configuration

like uh elastic beanock configuration files like yaml files that can sit in

files like yaml files that can sit in the root directory and so generally

the root directory and so generally you're used to seeing them there but you

you're used to seeing them there but you know I imagine that eight of us probably

know I imagine that eight of us probably engineered these examples so that it

engineered these examples so that it uses all the default settings but uh

uses all the default settings but uh once this is deployed I'll see you back

once this is deployed I'll see you back here in a moment okay after a short

here in a moment okay after a short little wait it looks like it has

little wait it looks like it has deployed so what I'm going to do is just

deployed so what I'm going to do is just close my other tabs here and open this

close my other tabs here and open this up and see if it's worked it says your

up and see if it's worked it says your second ad elastic being stck Ruby

second ad elastic being stck Ruby application so uh we were successful uh

application so uh we were successful uh deploying that out which is really great

deploying that out which is really great so what we can do now is just close that

so what we can do now is just close that tab there and uh since we have that

tab there and uh since we have that cloud environment it will shut down on

cloud environment it will shut down on its own but you know just for your

its own but you know just for your benefit I think that we should shut it

benefit I think that we should shut it off right now so go ahead and delete

off right now so go ahead and delete that I'm going to go back over to

that I'm going to go back over to elastic beanock here and I just want to

elastic beanock here and I just want to destroy all of it so we'll see if we can

destroy all of it so we'll see if we can just do that from here terminate the

just do that from here terminate the application enter the name so I think we

application enter the name so I think we probably have to enter that in

probably have to enter that in there and so I think that oh a problem

there and so I think that oh a problem occurred rate

occurred rate exceeded what that's AWS for you so it's

exceeded what that's AWS for you so it's not a big deal I would just go and check

not a big deal I would just go and check it

it again and maybe what we'll do is just

again and maybe what we'll do is just delete the application

first okay so that one is possibly deleting

changing can't even tell we'll go ahead oh can't take that one

out delete application again if it takes you a couple times

again if it takes you a couple times it's not a big

it's not a big deal it's AWS 4 yes so there's a lot of

deal it's AWS 4 yes so there's a lot of moving parts so it looks like it is

moving parts so it looks like it is terminating the instance and so we just

terminating the instance and so we just have to wait for that to complete uh

have to wait for that to complete uh once that is done we might have to just

once that is done we might have to just tear down the environment so I'll see

tear down the environment so I'll see you back here when it has finished

you back here when it has finished tearing this down okay all right and so

tearing this down okay all right and so after a short little wait here I think

after a short little wait here I think it's been destroyed we'll just double

it's been destroyed we'll just double check by going to the applications going

check by going to the applications going to the environments yeah and it's all

to the environments yeah and it's all gone probably because I initially

gone probably because I initially deleted that environment and then took

deleted that environment and then took the application with it so I probably

the application with it so I probably didn't have to delete the app separately

didn't have to delete the app separately um but uh yeah so there you go just make

um but uh yeah so there you go just make sure your Cloud9 environment is gone and

sure your Cloud9 environment is gone and you are a okay there'll probably be some

you are a okay there'll probably be some like lingering S3 buckets so if you do

like lingering S3 buckets so if you do want to get rid of those you can it's

want to get rid of those you can it's not going to hurt anything having those

not going to hurt anything having those around uh but they do tend to stack up

around uh but they do tend to stack up after a while which is kind of annoying

after a while which is kind of annoying so if you don't like them you can just

so if you don't like them you can just empty them

empty them out as I am doing here whoops oh just

out as I am doing here whoops oh just permanently

delete copy that text there we go back

to here and then just go take out that bucket delete that

there oh if you get this this is kind of annoying but uh elastic beanock lights

annoying but uh elastic beanock lights to put in an I am permission or policy

to put in an I am permission or policy in here so if you go down here there's a

in here so if you go down here there's a bucket policy you just have to delete it

bucket policy you just have to delete it out it prevents it from being

out it prevents it from being deleted and we'll go back over here and

deleted and we'll go back over here and then we will delete

then we will delete it okay and yeah there we go that's

it okay and yeah there we go that's [Music]

[Music] it so let's take a look at serverless

it so let's take a look at serverless services on AWS and this is not

services on AWS and this is not including all of them because we're

including all of them because we're looking at the most purely serverless

looking at the most purely serverless Services uh if we try to include all the

Services uh if we try to include all the serverless services it would just be too

serverless services it would just be too long of a list uh but let's take a look

long of a list uh but let's take a look here so um before we do let's just

here so um before we do let's just redefine what is serverless so when the

redefine what is serverless so when the underlying servers infrastructure and

underlying servers infrastructure and operating system is taken care of by the

operating system is taken care of by the CSP serverless is generally by default

CSP serverless is generally by default highly available scalable cost effective

highly available scalable cost effective you pay for what you use the first one

you pay for what you use the first one is Dynamo DB which is a serverless nosql

is Dynamo DB which is a serverless nosql key value and document database is

key value and document database is designed to scale to billions of records

designed to scale to billions of records with guaranteed consistent data return

with guaranteed consistent data return in at least a second you do not have to

in at least a second you do not have to worry about managing chars you have

worry about managing chars you have simple storage service S3 which is a

simple storage service S3 which is a serverless object storage service you

serverless object storage service you can upload very large and unlimited

can upload very large and unlimited amounts of files you can pay for what

amounts of files you can pay for what you store you don't worry about the

you store you don't worry about the underlying file system or upgrading the

underlying file system or upgrading the dis size we have e CS fargate which is a

dis size we have e CS fargate which is a seress orchestration container service

seress orchestration container service is the same as ECS except you pay on

is the same as ECS except you pay on demand per running container with ECS

demand per running container with ECS you have to keep a ec2 server running

you have to keep a ec2 server running even if you have no containers running

even if you have no containers running where adus manages the underlying server

where adus manages the underlying server so you don't have to scale or upgrade

so you don't have to scale or upgrade the ec2 server we have adus Lambda which

the ec2 server we have adus Lambda which is a serverless function service you can

is a serverless function service you can run code without provisioning or

run code without provisioning or managing servers you upload a small

managing servers you upload a small piece of code choose uh how much memory

piece of code choose uh how much memory you want how long want the function is

you want how long want the function is allowed to run before timing out your

allowed to run before timing out your charge based on the runtime of the

charge based on the runtime of the service function rounded to the nearest

service function rounded to the nearest 100 milliseconds we have step functions

100 milliseconds we have step functions this is the state machine service it

this is the state machine service it coordinates multiple Services into

coordinates multiple Services into serverless workflows easily shared data

serverless workflows easily shared data among lambdas have a group of lambdas

among lambdas have a group of lambdas wait for each other create logical steps

wait for each other create logical steps also work with fargate tasks we have

also work with fargate tasks we have Aurora servus this is a serous on demand

Aurora servus this is a serous on demand version of Aurora so when you want most

version of Aurora so when you want most of the benefits of Aurora but uh trade

of the benefits of Aurora but uh trade you have to trade off those cold starts

you have to trade off those cold starts or you don't have lots of traffic or

or you don't have lots of traffic or demand so things Ser the services that

demand so things Ser the services that we could have put in here as well is

we could have put in here as well is like API Gateway appsync it amplify um

like API Gateway appsync it amplify um and those are like the the first two

and those are like the the first two were application Integrations you could

were application Integrations you could say sqs SNS those are all serous

say sqs SNS those are all serous services but you know again we'd be here

services but you know again we'd be here all day if I I I listed them all

all day if I I I listed them all [Music]

[Music] right all right let's take a look at

right all right let's take a look at what is is serverless and we did look at

what is is serverless and we did look at it from a server perspective earlier in

it from a server perspective earlier in the course but let's just try to

the course but let's just try to abstractly Define it and talk about the

abstractly Define it and talk about the architecture so serverless architecture

architecture so serverless architecture generally describes fully managed cloud

generally describes fully managed cloud services and the classification of a

services and the classification of a cloud service being serverless is not a

cloud service being serverless is not a Boolean answer it's it's not a yes or no

Boolean answer it's it's not a yes or no but an answer on a scale where a cloud

but an answer on a scale where a cloud service has a degree of serverless and I

service has a degree of serverless and I do have to point out that this

do have to point out that this definition might not be accepted by um

definition might not be accepted by um everybody because calist is one of those

everybody because calist is one of those uh terms where um we've had a bunch of

uh terms where um we've had a bunch of different cloud service providers Define

different cloud service providers Define it differently and then we have thought

it differently and then we have thought leaders that have a particular concept

leaders that have a particular concept of what it is so you know I just do my

of what it is so you know I just do my best to try to make this practical here

best to try to make this practical here for you but a seress service could have

for you but a seress service could have all or most of the following

all or most of the following characteristics and so it could be

characteristics and so it could be highly elastic and scalable highly

highly elastic and scalable highly available highly durable secure by

available highly durable secure by default it abstracts away the underlying

default it abstracts away the underlying infrastructure and our build based on

infrastructure and our build based on the execution of your business tasks a

the execution of your business tasks a lot of times that that cost is not uh is

lot of times that that cost is not uh is not always represented as something that

not always represented as something that is like I'm paying X for compute it

is like I'm paying X for compute it could be abstracted out into some kind

could be abstracted out into some kind of um credit that uh doesn't necessarily

of um credit that uh doesn't necessarily maap to something physical then we have

maap to something physical then we have serverless can scale to zero meaning

serverless can scale to zero meaning when it's not in use the serverless

when it's not in use the serverless resources cost nothing uh and these two

resources cost nothing uh and these two last topics basically pull into pay for

last topics basically pull into pay for Value so you don't pay for Idol servers

Value so you don't pay for Idol servers you're paying for the value uh that your

you're paying for the value uh that your service

service provides and uh my friend Daniel who

provides and uh my friend Daniel who runs the servus Toronto group he likes

runs the servus Toronto group he likes to describe servus as being similar to

to describe servus as being similar to like energy efficient rating so an

like energy efficient rating so an analogy of servus could be similar to

analogy of servus could be similar to energy rating labels which allows

energy rating labels which allows consumers to compare the Energy

consumers to compare the Energy Efficiency of a product so some services

Efficiency of a product so some services are more servoless than others and again

are more servoless than others and again you know some people might not agree

you know some people might not agree with that where there's a a definitive

with that where there's a a definitive yes or no answer but I think that's the

yes or no answer but I think that's the best way to look at it

best way to look at it [Music]

[Music] okay hey it's Andrew Brown from exam Pro

okay hey it's Andrew Brown from exam Pro and we're taking a look at windows on

and we're taking a look at windows on ads so ads has multiple cloud services

ads so ads has multiple cloud services and tools to make it easy for you to run

and tools to make it easy for you to run window workloads on ads so let's get to

window workloads on ads so let's get to it so the first is Windows servers on

it so the first is Windows servers on ec2 so you can select from a number of

ec2 so you can select from a number of Windows Server versions including the

Windows Server versions including the latest version uh like Windows Server

latest version uh like Windows Server 2019 uh for uh databases we have SQL

2019 uh for uh databases we have SQL server on RDS you can select from a

server on RDS you can select from a number of SQL database versions then we

number of SQL database versions then we have adabs directory service which lets

have adabs directory service which lets you run Microsoft active directory ad as

you run Microsoft active directory ad as a managed service we have ads license

a managed service we have ads license manager which makes it easier to manage

manager which makes it easier to manage your software licenses from software

your software licenses from software vendors such as Microsoft we have Amazon

vendors such as Microsoft we have Amazon FSX for Windows file server which is a

FSX for Windows file server which is a fully managed scalable storage built for

fully managed scalable storage built for Windows we have the ads SDK which allows

Windows we have the ads SDK which allows you to write code in your favorite

you to write code in your favorite language to interact with adus API but

language to interact with adus API but it specifically has support for net a

it specifically has support for net a language favorite for Windows developers

language favorite for Windows developers we have Amazon workspaces so this allows

we have Amazon workspaces so this allows you to run a virtual desktop you can

you to run a virtual desktop you can launch a Windows 10 desktop to provide

launch a Windows 10 desktop to provide secure and durable workstations that is

secure and durable workstations that is accessible from wherever you have an

accessible from wherever you have an internet connection AOS Lambda supports

internet connection AOS Lambda supports poers shells a programming language to

poers shells a programming language to write your serverless functions and we

write your serverless functions and we have adus migration acceleration program

have adus migration acceleration program map for Windows is a migration

map for Windows is a migration methodology for moving large Enterprises

methodology for moving large Enterprises it us has Amazon partners that

it us has Amazon partners that specialize in providing professional

specialize in providing professional services for map this is not just

services for map this is not just everything for Windows on AWS like if

everything for Windows on AWS like if you want to move your SQL Server over to

you want to move your SQL Server over to RDS postest I believe they've like they

RDS postest I believe they've like they created an adapter to do that um but

created an adapter to do that um but yeah hopefully that gives you an idea

yeah hopefully that gives you an idea what you can do with Windows on AWS

what you can do with Windows on AWS [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and I want to show you how you can

Pro and I want to show you how you can launch a Windows uh server on AWS so

launch a Windows uh server on AWS so what you're going to do is go to the top

what you're going to do is go to the top here and we are going to type in ec2 and

here and we are going to type in ec2 and from here uh what we'll do is we'll go

from here uh what we'll do is we'll go ahead and launch ourselves a new ec2

ahead and launch ourselves a new ec2 instance and we are going to have um a

instance and we are going to have um a selection of instances that we can

selection of instances that we can launch and so we're looking for the

launch and so we're looking for the Microsoft Windows uh server and this is

Microsoft Windows uh server and this is interesting there's actually a free tier

interesting there's actually a free tier uh eligible that is crazy because if you

uh eligible that is crazy because if you go over to Azure they don't have a free

go over to Azure they don't have a free tier Windows Server us does so that's

tier Windows Server us does so that's pretty crazy um and it runs on a T2

pretty crazy um and it runs on a T2 micro no that can't be right there's no

micro no that can't be right there's no way it can run a T2 micro that seems

way it can run a T2 micro that seems like that's too small let's try it okay

like that's too small let's try it okay I just don't believe it because when you

I just don't believe it because when you use Azure you have to choose a

use Azure you have to choose a particular size of instance by default

particular size of instance by default and it's a lot more expensive and there

and it's a lot more expensive and there is no free tier so we'll go here there

is no free tier so we'll go here there are free tiar just not really for

are free tiar just not really for Windows in particular so we'll go here

Windows in particular so we'll go here this looks good security groups this

this looks good security groups this opens up RDP so we can get into that

opens up RDP so we can get into that machine we're gon to go next here

machine we're gon to go next here and launch this

and launch this machine says if you plan to use Ami the

machine says if you plan to use Ami the benefits the Microsoft license Mobility

benefits the Microsoft license Mobility check out this form that's not something

check out this form that's not something we're worried about today and I mean I

we're worried about today and I mean I guess we can create a key pair I'm not

guess we can create a key pair I'm not sure what we would use a key pair for

sure what we would use a key pair for here um for Windows Amis the private key

here um for Windows Amis the private key file is required to obtain the password

file is required to obtain the password used to log into the instance okay so I

used to log into the instance okay so I guess we're going to need it

guess we're going to need it so Windows key

great we'll launch that instance and uh I'll see you back here

instance and uh I'll see you back here when it launches but I just don't

when it launches but I just don't believe that it would launch that fast

believe that it would launch that fast you know all right so after a short

you know all right so after a short little wait here the server is ready and

little wait here the server is ready and so let's see if we can actually go ahead

so let's see if we can actually go ahead and connect to this so I'm going to hit

and connect to this so I'm going to hit connect here and we'll go over to rdb

connect here and we'll go over to rdb client so you connect to your windows

client so you connect to your windows instance using a remote desktop client

instance using a remote desktop client of your choice and downloading and

of your choice and downloading and running the RDP shortcut below so I'm

running the RDP shortcut below so I'm gon to go ahead and download this and

gon to go ahead and download this and you're GNA have to be on a um Windows

you're GNA have to be on a um Windows machine to be able to do this or have an

machine to be able to do this or have an rdb client installed I think there's one

rdb client installed I think there's one for Mac that you can get from the Apple

for Mac that you can get from the Apple Store um but all I'm going to do is just

Store um but all I'm going to do is just double click the file

double click the file so you probably can't see it here I'm

so you probably can't see it here I'm just going to expand this try to oh my

just going to expand this try to oh my computer is being silly but anyway there

computer is being silly but anyway there we go we moved it over there I'm just

we go we moved it over there I'm just going to drag over here and just double

going to drag over here and just double click this image so you can see that I'm

click this image so you can see that I'm doing it I'm saying

doing it I'm saying connect okay

connect okay and it's going to ask for a password so

and it's going to ask for a password so I'm going to hope that I can just click

I'm going to hope that I can just click that and get the password so to decrypt

that and get the password so to decrypt the password you will need your key PA

the password you will need your key PA instance you'll have to upload that and

instance you'll have to upload that and I don't know if I remember having to do

I don't know if I remember having to do that before but it's a great security

that before but it's a great security measure so I'm fine with it I'm going to

measure so I'm fine with it I'm going to drag my key to my desktop so I can see

drag my key to my desktop so I can see what's going on there as

what's going on there as well and we're going to go grab that and

well and we're going to go grab that and decrypt the password and so

decrypt the password and so now um where's our password oh it's

now um where's our password oh it's right here okay so we're going to grab

right here okay so we're going to grab that password

that password there we will paste that in said

there we will paste that in said okay say yes and see if we can connect

okay say yes and see if we can connect to this instance and if this is running

to this instance and if this is running on a T2 micro I'm going to lose it

on a T2 micro I'm going to lose it because that is just

cheap it just just doesn't seem possible to me because again on Azure you have to

to me because again on Azure you have to launch an instance with a lot of stuff

launch an instance with a lot of stuff and it just uh seems uh crazy what's

and it just uh seems uh crazy what's also interesting is that adabs uh on

also interesting is that adabs uh on Windows like launches so fast it's

Windows like launches so fast it's unbelievable how fast these servers spin

unbelievable how fast these servers spin up and it's just very unusual but yeah

up and it's just very unusual but yeah so we are in

so we are in here

here um it's not asking me to activate or

um it's not asking me to activate or anything so I guess there's already a

anything so I guess there's already a Windows license

Windows license here and um I'm not sure if there's any

here and um I'm not sure if there's any kind of like games installed like do we

kind of like games installed like do we have mind sweeper can I play M sweeper

have mind sweeper can I play M sweeper on here

on here it's a data center server so I'm

it's a data center server so I'm assuming not um but yeah so this is a

assuming not um but yeah so this is a Windows server and it's pretty

Windows server and it's pretty impressive that this works I'm not sure

impressive that this works I'm not sure if this is going to have an outbound

if this is going to have an outbound connection here um just because we

connection here um just because we probably would have to configure it just

probably would have to configure it just say okay I just I really don't think

say okay I just I really don't think it's going to go out to the Internet by

default yeah so you'd probably have to do some stuff you

know oh no we go so yeah we got to the Internet so it's totally possible but uh

Internet so it's totally possible but uh yeah that's about it that's all I really

yeah that's about it that's all I really wanted to show you so what I'm going to

wanted to show you so what I'm going to do is just go back to ec2 and we're

do is just go back to ec2 and we're going to shut down the server here just

going to shut down the server here just expand that

there and we will go here and we will terminate that

terminate that instance good we'll give that a refresh

instance good we'll give that a refresh that's shutting down and we are

that's shutting down and we are [Music]

[Music] done hey this is Andre Brown from exam

done hey this is Andre Brown from exam Pro and we are taking a look at Abus

Pro and we are taking a look at Abus license manager and before we do let's

license manager and before we do let's talk about what b y l or bring your own

talk about what b y l or bring your own license mean so this is the process of

license mean so this is the process of reusing an existing software license to

reusing an existing software license to run vendor software on a cloud vendor

run vendor software on a cloud vendor Computing service Bol allows companies

Computing service Bol allows companies to save money since they may have

to save money since they may have purchased the license in bulk or the

purchased the license in bulk or the time that provided a greater discount

time that provided a greater discount than if purchased again and so the

than if purchased again and so the example of this could be the license

example of this could be the license Mobility provided by Microsoft volume

Mobility provided by Microsoft volume licensing to customers with eligible

licensing to customers with eligible server applications covered by the

server applications covered by the Microsoft software Assurance program uh

Microsoft software Assurance program uh and I don't know what I was trying to do

and I don't know what I was trying to do there I guess maybe it's just essay and

there I guess maybe it's just essay and I missed the parentheses there on the

I missed the parentheses there on the end no big big deal um but Aus license

end no big big deal um but Aus license manager is a service that makes it

manager is a service that makes it easier for you to manage your software

easier for you to manage your software licenses from software vendors centrally

licenses from software vendors centrally across ads in your on premise

across ads in your on premise environments ads license manager

environments ads license manager software uh that is licensed based on

software uh that is licensed based on Virtual cores uh physical cores sockets

Virtual cores uh physical cores sockets or a number of machines this includes a

or a number of machines this includes a variety of software products for

variety of software products for Microsoft IBM sap Oracle and other

Microsoft IBM sap Oracle and other vendors so that's the idea you say what

vendors so that's the idea you say what is my license type it's it's bound to

is my license type it's it's bound to this amount of vcpus aabus license

this amount of vcpus aabus license manager works with ec2 with dedicated

manager works with ec2 with dedicated instances dedicated hosts and even spot

instances dedicated hosts and even spot instances and for RDS there's only for

instances and for RDS there's only for Oracle databases so you can import that

Oracle databases so you can import that license for your Oracle server um just

license for your Oracle server um just understand that um if you're doing

understand that um if you're doing Microsoft Windows servers or Microsoft

Microsoft Windows servers or Microsoft SQL Server license you're generally

SQL Server license you're generally going to need a dedicated host because

going to need a dedicated host because of the insurance program uh and this can

of the insurance program uh and this can really show up on your exam so even

really show up on your exam so even though AIS license manager works on

though AIS license manager works on dedicated instances and spot instances

dedicated instances and spot instances just try to gravitate towards dedicated

just try to gravitate towards dedicated hosts on the server or on the exam

hosts on the server or on the exam [Music]

[Music] okay all right let's take a look at the

okay all right let's take a look at the logging services that we have available

logging services that we have available in AWS so the first one here is cloud

in AWS so the first one here is cloud trail and this logs all API calls

trail and this logs all API calls whether it's SDK or the CLI so if it's

whether it's SDK or the CLI so if it's making a call to the API it's going to

making a call to the API it's going to get tracked between AD services and this

get tracked between AD services and this is really useful to say who can we blame

is really useful to say who can we blame who was the person that did this so who

who was the person that did this so who created this bucket who spent up that

created this bucket who spent up that expensive ec2 instance who launched the

expensive ec2 instance who launched the stagemaker notebook um and the idea here

stagemaker notebook um and the idea here is you can detect developer

is you can detect developer misconfigurations detect malicious

misconfigurations detect malicious actors or automate responses through the

actors or automate responses through the system then you have cloudwatch which is

system then you have cloudwatch which is a collection of multiple Services I

a collection of multiple Services I commonly say this is like an umbrella

commonly say this is like an umbrella service because it has so many things

service because it has so many things underneath it so we have cloudwatch logs

underneath it so we have cloudwatch logs which is a centralized place to store

which is a centralized place to store your cloud services log data and

your cloud services log data and application logs metrics which

application logs metrics which represents a Time ordered set of data

represents a Time ordered set of data points a variable uh to monitor uh event

points a variable uh to monitor uh event Bridge or previously known as cloudwatch

Bridge or previously known as cloudwatch events triggers an event based on a

events triggers an event based on a condition so every hour take a snapshot

condition so every hour take a snapshot of the server alarms triggers

of the server alarms triggers notifications based on metrics

notifications based on metrics dashboards creates visualizations based

dashboards creates visualizations based on metrics and that's not all of the

on metrics and that's not all of the things that are under cloudwatch but

things that are under cloudwatch but those are the core five ones you should

those are the core five ones you should always know um absolutely there then we

always know um absolutely there then we have adus x-ray this is for distributed

have adus x-ray this is for distributed tracing system so you can use it to

tracing system so you can use it to pinpoint issues within your

pinpoint issues within your microservices so you see how data moves

microservices so you see how data moves from one app to another how long it took

from one app to another how long it took to move and if it failed uh to move

to move and if it failed uh to move forward

forward [Music]

[Music] okay let's take a closer look here at

okay let's take a closer look here at ABA cloud trail because it's a very

ABA cloud trail because it's a very important service so it's a service that

important service so it's a service that enables governance compliance

enables governance compliance operational auditing and risk auditing

operational auditing and risk auditing of your A's account and the idea is that

of your A's account and the idea is that every time you make an API call it's

every time you make an API call it's going to show up as some kind of

going to show up as some kind of structured data that you can uh interact

structured data that you can uh interact with or read through so AB cloud trail

with or read through so AB cloud trail is used to monitor API calls and actions

is used to monitor API calls and actions made on ads account easily identify

made on ads account easily identify which users and accounts made the call

which users and accounts made the call to AWS so you might have the WHERE so

to AWS so you might have the WHERE so the source IP address the when the event

the source IP address the when the event time the who the user agent uh and the

time the who the user agent uh and the what the region resource and action so

what the region resource and action so I'm just going to get my pen tool out

I'm just going to get my pen tool out here for a moment and just notice you

here for a moment and just notice you have the event time so when it happened

have the event time so when it happened the source the name the region The

the source the name the region The Source IP address the user agent uh who

Source IP address the user agent uh who was doing it so here was leforge the

was doing it so here was leforge the response element so you know it's very

response element so you know it's very clear what is going on here um and then

clear what is going on here um and then you know cloud trail is already logging

you know cloud trail is already logging by default and will collect logs for the

by default and will collect logs for the uh for the last 90 days via event

uh for the last 90 days via event history if you need more than 90 days

history if you need more than 90 days you need to create a trail which is very

you need to create a trail which is very common you'll go into AWS and make one

common you'll go into AWS and make one right away trails are outputed to S3 and

right away trails are outputed to S3 and do not have like event history to

do not have like event history to analyze a trail you have to use Amazon

analyze a trail you have to use Amazon Athena and I'm sure there are other ways

Athena and I'm sure there are other ways to analyze it within AWS but here's just

to analyze it within AWS but here's just what the event history looks like so

what the event history looks like so right off the bat you can already see

right off the bat you can already see that there are information there there

that there are information there there I'm not sure if they've updated the UI

I'm not sure if they've updated the UI there they might have uh as even when

there they might have uh as even when I'm recording this I kind of feel like

I'm recording this I kind of feel like if we go into the follow along which we

if we go into the follow along which we will um I bet they might have updated

will um I bet they might have updated that the idea here is that you know you

that the idea here is that you know you can browse the last 90 days but anything

can browse the last 90 days but anything outside of that you're going to have to

outside of that you're going to have to do a little bit of work yourself

do a little bit of work yourself [Music]

[Music] okay so we're not going to cover all the

okay so we're not going to cover all the cloudwatch services there's just too

cloudwatch services there's just too many but let's look at the most

many but let's look at the most important ones and one of that those

important ones and one of that those important ones is cloudwatch alarms so

important ones is cloudwatch alarms so cloudwatch alarms monitors a cloud watch

cloudwatch alarms monitors a cloud watch metric based on a defined threshold uh

metric based on a defined threshold uh so here you can see there's kind of a

so here you can see there's kind of a condition being set there so if the

condition being set there so if the network in is greater than 300 for one

network in is greater than 300 for one data points within five minutes it's

data points within five minutes it's going to breach an alarm so uh that's

going to breach an alarm so uh that's when it goes outside is defined

when it goes outside is defined threshold and so the state's going to

threshold and so the state's going to either be something like okay so the

either be something like okay so the metric or expression is within the

metric or expression is within the defined threshold so do nothing alarm

defined threshold so do nothing alarm the metric or expression is outside of

the metric or expression is outside of the defined threshold so do something or

the defined threshold so do something or insufficient data the alarm has just

insufficient data the alarm has just started the metric is not available none

started the metric is not available none enough data is available and so when the

enough data is available and so when the state has changed you can Define actions

state has changed you can Define actions that it should take and so that could be

that it should take and so that could be doing a notification autoscaling group

doing a notification autoscaling group or any C2 action um so cloudwatch alarms

or any C2 action um so cloudwatch alarms are really useful for a variety of

are really useful for a variety of reasons the one that we will come across

reasons the one that we will come across right away will be setting up a billing

right away will be setting up a billing [Music]

[Music] alarm so let's take a look here at the

alarm so let's take a look here at the autonomy of an alarm and so I have this

autonomy of an alarm and so I have this nice graphic here to kind of explain

nice graphic here to kind of explain that there and so the first thing is we

that there and so the first thing is we have our threshold condition uh and so

have our threshold condition uh and so here you can just set a value and say

here you can just set a value and say okay the value is a th000 or 100

okay the value is a th000 or 100 whatever you want it to be and this is

whatever you want it to be and this is going to be for a particular metric the

going to be for a particular metric the actual data we are measuring so maybe in

actual data we are measuring so maybe in this case we're measuring Network in so

this case we're measuring Network in so the volume of incoming Network traffic

the volume of incoming Network traffic measured in bytes so when using 5 minute

measured in bytes so when using 5 minute monitoring divide by 300 we get bytes

monitoring divide by 300 we get bytes per second if you're trying to figure

per second if you're trying to figure out that calculation there you have data

out that calculation there you have data points so these represent the metrics

points so these represent the metrics measurement at a given point then you

measurement at a given point then you have the period how often it checks to

have the period how often it checks to evaluate the alarm so we could say every

evaluate the alarm so we could say every five minutes uh you have the evaluation

five minutes uh you have the evaluation period so the number of previous periods

period so the number of previous periods and the data points to alarm so you can

and the data points to alarm so you can say one data point is breach and

say one data point is breach and evaluation period going back four

evaluation period going back four periods so this is what triggers the

periods so this is what triggers the alarm uh the thing I just want you to

alarm uh the thing I just want you to know is that you can set a value right

know is that you can set a value right and that it's based on a particular

and that it's based on a particular metric and there is a bit of logic here

metric and there is a bit of logic here in terms of uh the alarm so it's not as

in terms of uh the alarm so it's not as simple as just it's breached but there's

simple as just it's breached but there's this period thing happening

this period thing happening [Music]

[Music] okay let's take a look at cloudwatch log

okay let's take a look at cloudwatch log so to understand that we have log

so to understand that we have log streams and log groups so a log stream

streams and log groups so a log stream is a stream that represents a sequence

is a stream that represents a sequence of events from an application or

of events from an application or instance being monitored so imagine you

instance being monitored so imagine you have an ec2 instance running a web

have an ec2 instance running a web application and you want those logs to

application and you want those logs to be streamed to cloudwatch logs that's

be streamed to cloudwatch logs that's what we're talking about here so you can

what we're talking about here so you can create log streams manually uh but

create log streams manually uh but generally this is automatically done by

generally this is automatically done by the service you using uh unless you

the service you using uh unless you collecting application logs on an ec2

collecting application logs on an ec2 instance as I just described here is a

instance as I just described here is a log group of a Lambda function you can

log group of a Lambda function you can see the log streams are named after the

see the log streams are named after the running instance lambda's fre uh

running instance lambda's fre uh frequency run on New instances so the

frequency run on New instances so the stream contains timestamps so what I'm

stream contains timestamps so what I'm trying to say here is that there's a

trying to say here is that there's a variety of different Services Lambda RDS

variety of different Services Lambda RDS what have you and they already send

what have you and they already send their logs to cloudwatch logs and

their logs to cloudwatch logs and they're and they're going to vary okay

they're and they're going to vary okay so here's a log group of an application

so here's a log group of an application log running on uc2 you can see here the

log running on uc2 you can see here the log streams are named after the running

log streams are named after the running instance ID here is the log group for

instance ID here is the log group for Adis glue you can see that the log

Adis glue you can see that the log streams are named after the glue jobs um

streams are named after the glue jobs um and so you know we have the streams but

and so you know we have the streams but let's talk about the actual data that's

let's talk about the actual data that's made up of it the log events so this

made up of it the log events so this represents a single event in a log file

represents a single event in a log file log events can be seen within the log

log events can be seen within the log stream and so here's an example of you

stream and so here's an example of you would open this up in cloudwatch logs

would open this up in cloudwatch logs and you can actually see what what was

and you can actually see what what was being reported back by your server you

being reported back by your server you can filter these events to filter out uh

can filter these events to filter out uh logs based on simple or pattern matching

logs based on simple or pattern matching uh syntax so here I'm just typing in

uh syntax so here I'm just typing in saying give me all those debug stuff and

saying give me all those debug stuff and you know this isn't very robust but 8 of

you know this isn't very robust but 8 of us does have a better way of analyzing

us does have a better way of analyzing your logs which is log insights which

your logs which is log insights which we'll look at here in a moment

so we were just looking at uh cloudwatch log events and how those are collected

log events and how those are collected but there's an easier way to analyze

but there's an easier way to analyze them and that's with log insights so you

them and that's with log insights so you can interactively search and analyze

can interactively search and analyze your cloudwatch log data and it has the

your cloudwatch log data and it has the following advantages more robust

following advantages more robust filtering than using the simple filter

filtering than using the simple filter in the in a log stream less burdensome

in the in a log stream less burdensome than having to export logs to S3 and

than having to export logs to S3 and analyze them via Athena cloudwatch log

analyze them via Athena cloudwatch log Insight supports all types of logs so

Insight supports all types of logs so cloudwatch log insights is commonly used

cloudwatch log insights is commonly used via the console to do ad hoc queries

via the console to do ad hoc queries against log groups

against log groups so that's just kind of an example of

so that's just kind of an example of someone writing a query and cloudwatch

someone writing a query and cloudwatch log insights uses a query syntax so a

log insights uses a query syntax so a single request can query up to 20 logs

single request can query up to 20 logs query time out after 50 minutes if not

query time out after 50 minutes if not completed and queries results are

completed and queries results are available for seven days so abis provide

available for seven days so abis provide sample queries that you can get started

sample queries that you can get started for common tasks and uh and ease the

for common tasks and uh and ease the learning into the query syntax a good

learning into the query syntax a good example is filtering VPC flow logs so

example is filtering VPC flow logs so you go there you click it and you start

you go there you click it and you start to getting some data you can create and

to getting some data you can create and save your own queries uh to make future

save your own queries uh to make future repetitive tasks easier on the certified

repetitive tasks easier on the certified Cloud prer they're not going to ask you

Cloud prer they're not going to ask you all these details about this stuff but I

all these details about this stuff but I just conceptually want you to understand

just conceptually want you to understand that in login sites you can use it to uh

that in login sites you can use it to uh robustly filter your logs based on this

robustly filter your logs based on this query syntax language you get this kind

query syntax language you get this kind of visual and it's really really

useful let's take a look here at cloudwatch metric which represents a

cloudwatch metric which represents a Time ordered set of data points it's a

Time ordered set of data points it's a variable that is monitored over time so

variable that is monitored over time so cloudwatch comes with many predefined

cloudwatch comes with many predefined metrics that are generally names spaced

metrics that are generally names spaced by Services uh so the idea is that like

by Services uh so the idea is that like we were to look at the ec2 it has these

we were to look at the ec2 it has these particular metric so we have CPU

particular metric so we have CPU utilization discre Ops dis write Ops

utilization discre Ops dis write Ops disre bytes dis write bytes Network in

disre bytes dis write bytes Network in network out Network packet in uh Network

network out Network packet in uh Network packets out and the idea is that you can

packets out and the idea is that you can just like click there into ec2 and then

just like click there into ec2 and then kind of get that data there and so Cloud

kind of get that data there and so Cloud metrics are leveraged by other things

metrics are leveraged by other things like Cloud watch events Cloud watch

like Cloud watch events Cloud watch alarms cloudwatch dashboards so just

alarms cloudwatch dashboards so just understand that

understand that [Music]

[Music] okay all right so what I want to do in

okay all right so what I want to do in this follow along is show you a bit

this follow along is show you a bit about cloud trail so we're going to go

about cloud trail so we're going to go to the top here and type in cloud trail

to the top here and type in cloud trail the great thing about cloud trail is

the great thing about cloud trail is it's already turned on by default so

it's already turned on by default so it's already kind of collecting some

it's already kind of collecting some information so it's here it says now use

information so it's here it says now use I am access analyzer on cloud trail

I am access analyzer on cloud trail trails that sounds pretty cool to me but

trails that sounds pretty cool to me but uh we shouldn't have to create a trail

uh we shouldn't have to create a trail right off the bat because we'll have

right off the bat because we'll have some event history and the event history

some event history and the event history allows us to see

allows us to see things that are happening within our

things that are happening within our account in the last 90 days um but the

account in the last 90 days um but the thing is if you want something Beyond 90

thing is if you want something Beyond 90 days you're going to have to create a

days you're going to have to create a trail uh but if we just take a look here

trail uh but if we just take a look here we can kind of see uh as we've been

we can kind of see uh as we've been doing a lot of things all the kind of

doing a lot of things all the kind of actions that's been happening so here we

actions that's been happening so here we have an instance that I terminated so if

have an instance that I terminated so if I go in here and and look at it I can

I go in here and and look at it I can kind of see uh more information about it

kind of see uh more information about it so we can see when it terminated who had

so we can see when it terminated who had done that what access key they had used

done that what access key they had used the Event Source the request

the Event Source the request ID um the Source IP what whether it was

ID um the Source IP what whether it was readon what was the event type that was

readon what was the event type that was called the resource there and this is

called the resource there and this is the actual raw record so this is

the actual raw record so this is generally how I would look at it or this

generally how I would look at it or this is how you had to look at it back in the

is how you had to look at it back in the day um but the idea is that you'd have

day um but the idea is that you'd have that user identity described the event

that user identity described the event time the source the event name the

time the source the event name the region The Source IP the uh the agent

region The Source IP the uh the agent all the information there okay and so

all the information there okay and so this is a great way to kind of find

this is a great way to kind of find stuff so you can go through here and try

stuff so you can go through here and try to debug things this way so you can go

to debug things this way so you can go to the event name and so if you if you

to the event name and so if you if you go here you can kind of get uh see a bit

go here you can kind of get uh see a bit of stuff here so if I was just trying to

of stuff here so if I was just trying to say like maybe create I'm just trying to

say like maybe create I'm just trying to find something that I know that I've

find something that I know that I've been doing like create access keys I can

been doing like create access keys I can see the access keys that going to be

see the access keys that going to be created within this uh sandbox account

created within this uh sandbox account here for the user and things like that

here for the user and things like that so it's a great way to kind of find

so it's a great way to kind of find things but generally you're going to

things but generally you're going to always want to turn on uh or create your

always want to turn on uh or create your own trail so if you go here and hit

own trail so if you go here and hit create Trail say my new Trail and um

create Trail say my new Trail and um you're going to need an bucket for that

you're going to need an bucket for that you'll probably want encryption turned

you'll probably want encryption turned on which sounds good to me you'll

on which sounds good to me you'll absolutely want log file validation and

absolutely want log file validation and generally you don't want to store your

generally you don't want to store your your Cloud tra logs within the existing

your Cloud tra logs within the existing account you want to have a isolated

account you want to have a isolated hardened account that's that is uh

hardened account that's that is uh infrequently accessed or only by your

infrequently accessed or only by your your Cloud security Engineers um away

your Cloud security Engineers um away from here because you don't want people

from here because you don't want people tampering with it deleting it or

tampering with it deleting it or changing stuff but um we'll just take an

changing stuff but um we'll just take an existing one here I don't want a c

existing one here I don't want a c customer manage don't I have one that is

customer manage don't I have one that is managed bys here new

custom um we'll just choose that one I don't know which one that is we'll just

don't know which one that is we'll just hit next usually adus gives you a manage

hit next usually adus gives you a manage key there so I was kind of surprised um

key there so I was kind of surprised um you can also include additional data so

you can also include additional data so if you do data events this would collect

if you do data events this would collect information from S3 um but the thing is

information from S3 um but the thing is you might not want to track everything

you might not want to track everything because if you track everything it can

because if you track everything it can get very expensive very quickly uh but

get very expensive very quickly uh but if you don't you just leave on

if you don't you just leave on management events it'll save you more

management events it'll save you more money there's inside events uh this is

money there's inside events uh this is new I haven't seen this yet so ident I

new I haven't seen this yet so ident I identify unusual activity errors users

identify unusual activity errors users behavior that sounds really good but

behavior that sounds really good but these can come also add additional

these can come also add additional charges but I'm going to hit next anyway

charges but I'm going to hit next anyway for fun I'm going to create that

for fun I'm going to create that trail

trail okay and uh the key policy does not

okay and uh the key policy does not Grant sufficient access to etc etc so

Grant sufficient access to etc etc so I'm going to go turn that off even

I'm going to go turn that off even though I should really have it turned on

though I should really have it turned on but I just want to be able to show you

but I just want to be able to show you this okay so we have this new

this okay so we have this new Trail and so this Trail is being dumped

Trail and so this Trail is being dumped to S3 so we might not be able to see

to S3 so we might not be able to see anything in here as of yet but I'm just

anything in here as of yet but I'm just going to pop over here and just see

going to pop over here and just see right I probably have one in my other

right I probably have one in my other account but it's not um it's not that

account but it's not um it's not that important we basically saw what the data

important we basically saw what the data would look like so we go into here

would look like so we go into here there's a digest I don't remember there

there's a digest I don't remember there being a digest so that's nice so there's

being a digest so that's nice so there's no data yet but when there is it will

no data yet but when there is it will pop into there um I'm not sure if we're

pop into there um I'm not sure if we're going to be able to do anything with

going to be able to do anything with insights here at least not in this

insights here at least not in this account

account insights are events that are show

insights are events that are show unusual API activity and things like

unusual API activity and things like that so that's kind of cool I don't know

that so that's kind of cool I don't know what cloudwatch insights looks

like uh inside events are shown in the table for 90 days okay so I'm just

table for 90 days okay so I'm just curious if we can see kind of a

curious if we can see kind of a screenshot of what that looks like

screenshot of what that looks like whoops well we're at least on the

whoops well we're at least on the article here so I guess you could kind

article here so I guess you could kind of get like some kind of graphs or

of get like some kind of graphs or something saying like hey this looks

something saying like hey this looks unusual and they might select it so not

unusual and they might select it so not pretty clear in terms of what that looks

pretty clear in terms of what that looks like but I mean sounds like a cool

like but I mean sounds like a cool feature and I'm sure when I when working

feature and I'm sure when I when working on my uh security certification course I

on my uh security certification course I will definitely include in there but

will definitely include in there but that's pretty much all there is to it um

that's pretty much all there is to it um I'm going to go ahead and delete um that

I'm going to go ahead and delete um that trail because I I just don't really need

trail because I I just don't really need in this account but uh generally you

in this account but uh generally you always want to go in and create a trail

always want to go in and create a trail um and what you can do is if you're in

um and what you can do is if you're in your root account I'm not this is

your root account I'm not this is actually a an account that's part of an

actually a an account that's part of an organization but if you're at that

organization but if you're at that organization level you can create a

organization level you can create a trail that that spans all the regions

trail that that spans all the regions that spans all the ad accounts with an

that spans all the ad accounts with an organization and that's what you should

organization and that's what you should be doing okay but uh that's about

be doing okay but uh that's about [Music]

[Music] it hey this is Andrew Brown from exam

it hey this is Andrew Brown from exam Pro we're looking at ML and AI services

Pro we're looking at ML and AI services on AWS but let's first just Define what

on AWS but let's first just Define what is AI ML and deep learning so AI also

is AI ML and deep learning so AI also known as artificial intelligence is when

known as artificial intelligence is when machines that perform jobs that may make

machines that perform jobs that may make human behavior ml or machine learning

human behavior ml or machine learning are machines that get better a task

are machines that get better a task without explicit programming and deep

without explicit programming and deep learning or DL are machines that are

learning or DL are machines that are have an artificial neural network

have an artificial neural network inspired by the human brain to solve

inspired by the human brain to solve complex problems and a lot of times

complex problems and a lot of times you'll see this kind of onion where

you'll see this kind of onion where they're showing you that um you know AI

they're showing you that um you know AI uh can be using ml or deep learning and

uh can be using ml or deep learning and then deep learning is definitely using

then deep learning is definitely using machine learning but it's using neural

machine learning but it's using neural networks and so for AWS the flexship

networks and so for AWS the flexship product here is Amazon sagemaker it is a

product here is Amazon sagemaker it is a fully managed service to build train

fully managed service to build train deploy machine learning models at scale

deploy machine learning models at scale um and there's a bunch of different kind

um and there's a bunch of different kind of Open Source Frameworks you can use

of Open Source Frameworks you can use with it like Apachi mxnet on us which is

with it like Apachi mxnet on us which is an open source deep learning framework

an open source deep learning framework that is the one that it decided to say

that is the one that it decided to say hey we are going to back this one and so

hey we are going to back this one and so you'll see a lot of example code for

you'll see a lot of example code for that one we have tensorflow that you can

that one we have tensorflow that you can use pie torch uh hugging face other

use pie torch uh hugging face other things as well okay um and so there's a

things as well okay um and so there's a lot of services underneath some that

lot of services underneath some that might be of interest to mention right

might be of interest to mention right away is like Amazon sagemaker ground

away is like Amazon sagemaker ground truth which is a data labeling service

truth which is a data labeling service where you have humans that label a data

where you have humans that label a data set that will be used to train machine

set that will be used to train machine learning models or maybe something like

learning models or maybe something like Amazon uh augmented AI so human

Amazon uh augmented AI so human intervention review Services when

intervention review Services when sagemaker uses machine learning to make

sagemaker uses machine learning to make a prediction that is not confident uh it

a prediction that is not confident uh it has the right answer cue up to the

has the right answer cue up to the predict for a human review and these are

predict for a human review and these are all about just labeling data um you know

all about just labeling data um you know when you're using supervised um

when you're using supervised um supervised learning but there are a lot

supervised learning but there are a lot of Services Under sagemaker itself and

of Services Under sagemaker itself and just AI services in general so we'll

just AI services in general so we'll look at that next

look at that next [Music]

[Music] okay all right let's take a look at all

okay all right let's take a look at all the ML and AI services and there's a lot

the ML and AI services and there's a lot on AWS so the first is Amazon code Guru

on AWS so the first is Amazon code Guru this is a machine learning code analysis

this is a machine learning code analysis service and code Guru performs code

service and code Guru performs code reviews and will suggest to improve the

reviews and will suggest to improve the code quality of your code it can show

code quality of your code it can show visual code profiles so show the

visual code profiles so show the internals of your code to pinpoint

internals of your code to pinpoint performance next we have Amazon Lex this

performance next we have Amazon Lex this is a conversation interface service with

is a conversation interface service with Lex you can build voice and text chat

Lex you can build voice and text chat Bots we have Amazon personalized this is

Bots we have Amazon personalized this is a real-time recommendation service it's

a real-time recommendation service it's the same technology used to make product

the same technology used to make product recommendations to customer shopping on

recommendations to customer shopping on the Amazon platform then we have Amazon

the Amazon platform then we have Amazon poly this is a text to speech service

poly this is a text to speech service upload your text and an audio file

upload your text and an audio file spoken by synthe synthesized voice uh

spoken by synthe synthesized voice uh and that will be generated you have

and that will be generated you have Amazon recognition this is an image and

Amazon recognition this is an image and video recognition Service uh analyze

video recognition Service uh analyze image and videos to detect and label

image and videos to detect and label objects peoples and celebrities then we

objects peoples and celebrities then we have Amazon transcribe this is a speech

have Amazon transcribe this is a speech to text service so you upload your audio

to text service so you upload your audio and that'll be converted into text we

and that'll be converted into text we have Amazon text extract this is an OCR

have Amazon text extract this is an OCR tool so it extracts text from scan

tool so it extracts text from scan documents when you have uh paper forms

documents when you have uh paper forms and you want to digitally extract that

and you want to digitally extract that data you have Amazon translate this is a

data you have Amazon translate this is a neural machine learning translation

neural machine learning translation service so use deep learning mod models

service so use deep learning mod models to deliver more accurate and natural

to deliver more accurate and natural sounding translations we have Amazon

sounding translations we have Amazon comprehend this is an NLP so natural

comprehend this is an NLP so natural language processing service find

language processing service find relationships between text to produce

relationships between text to produce insights looks at data such as customer

insights looks at data such as customer email support tickets social media and

email support tickets social media and makes

makes predictions then we have Amazon forecast

predictions then we have Amazon forecast this is a Time series forecasting

this is a Time series forecasting service and it's you know uh I mean

service and it's you know uh I mean technically I guess it's a bit of a

technically I guess it's a bit of a database but the idea here is that it

database but the idea here is that it can forecast business outcome such as

can forecast business outcome such as product demand resource needs or

product demand resource needs or financial uh performance and it's

financial uh performance and it's powered by ml or AI if you want to call

it we have ads deep learning Ami so these are Amazon ec2 instances they're

these are Amazon ec2 instances they're pre-installed with popular deep learning

pre-installed with popular deep learning Frameworks and interfaces such as

Frameworks and interfaces such as tensorflow pytorch Apachi mxnet chainer

tensorflow pytorch Apachi mxnet chainer GL uh gluon uh horovod and

GL uh gluon uh horovod and kiras we have adus deep learning

kiras we have adus deep learning containers so Docker images instances

containers so Docker images instances pre-installed with popular deep learning

pre-installed with popular deep learning Frameworks interfaces such as tensorflow

Frameworks interfaces such as tensorflow pytorch apachi mxnet uh we have adsd

pytorch apachi mxnet uh we have adsd composer this is machine learning

composer this is machine learning enabled musical keyboard uh I don't know

enabled musical keyboard uh I don't know many people using this but it sounds

many people using this but it sounds like fun it was deep lens is a video

like fun it was deep lens is a video camera that uses deep learning it's more

camera that uses deep learning it's more of like a learning tool so again we

of like a learning tool so again we don't see many people using this adus

don't see many people using this adus deep racer is a toy race card that can

deep racer is a toy race card that can be powered with machine learning to

be powered with machine learning to perform autonomous driving again this is

perform autonomous driving again this is another learning tool for learning ml

another learning tool for learning ml they like to do these at reinvent to

they like to do these at reinvent to have like these racing

have like these racing competitions Amazon elastic interface so

competitions Amazon elastic interface so this allows you to attach lowcost GPU

this allows you to attach lowcost GPU perform uh powered acceleration to ec2

perform uh powered acceleration to ec2 instances to red the cost of running

instances to red the cost of running deep learning interfaces by

deep learning interfaces by 75% we have Amazon fraud detector so

75% we have Amazon fraud detector so this is a fully managed fraud detection

this is a fully managed fraud detection uh as a service uh it identifies

uh as a service uh it identifies potentially fraudulent uh online

potentially fraudulent uh online activities such as online payment fraud

activities such as online payment fraud and the creation of fake accounts Amazon

and the creation of fake accounts Amazon Kendra so this is an Enterprise machine

Kendra so this is an Enterprise machine learning uh search engine service it

learning uh search engine service it uses natural language to suggest answers

uses natural language to suggest answers to questions instead of just simple

to questions instead of just simple keyword matching so there you

keyword matching so there you [Music]

[Music] go hey hey it's Andrew Brown from exam

go hey hey it's Andrew Brown from exam Pro and we're going to do a quick review

Pro and we're going to do a quick review here of the big data and analytic

here of the big data and analytic services that are on AWS but before we

services that are on AWS but before we do let's just to find what big data is

do let's just to find what big data is so it's a term used to describe massive

so it's a term used to describe massive volumes of structured or unstructured

volumes of structured or unstructured data that is so large it is difficult to

data that is so large it is difficult to move and process using traditional

move and process using traditional database and software techniques so the

database and software techniques so the first here we have is Amazon Athena this

first here we have is Amazon Athena this is a serverless interactive query

is a serverless interactive query service it can take a bunch of CSV or

service it can take a bunch of CSV or Json files in an S3 bucket and load them

Json files in an S3 bucket and load them into a temporary SQL table and so you

into a temporary SQL table and so you can run SQL queries so it's when you

can run SQL queries so it's when you want to create CSV or Json files if

want to create CSV or Json files if you've ever heard of um Apachi Presto

you've ever heard of um Apachi Presto it's basically that okay then we have

it's basically that okay then we have Amazon Cloud search so this is a fully

Amazon Cloud search so this is a fully managed full teex search service so when

managed full teex search service so when you want to add search to your website

you want to add search to your website we have Amazon elastic search service um

we have Amazon elastic search service um commonly abbreviated to es and this is a

commonly abbreviated to es and this is a manage elastic search cluster and

manage elastic search cluster and elastic search is an open source full

elastic search is an open source full Tech search engine it is more robust

Tech search engine it is more robust than Cloud search but requires more

than Cloud search but requires more server and operational maintenance then

server and operational maintenance then we have Amazon elastic map produce

we have Amazon elastic map produce commonly known as EMR and this is for

commonly known as EMR and this is for data processing and Analysis it can be

data processing and Analysis it can be used for creating reports just like red

used for creating reports just like red shift but is more suited when you need

shift but is more suited when you need to transform unstructured data into

to transform unstructured data into structured data on the Fly and it

structured data on the Fly and it leverages open-source um technology so

leverages open-source um technology so like spark um Hive Pig things like

like spark um Hive Pig things like that then we have Kines is data Stream

that then we have Kines is data Stream So This is a real-time streaming data

So This is a real-time streaming data service it creates producers uh which

service it creates producers uh which sends data to a stream it has multiple

sends data to a stream it has multiple consumers that can consume data within a

consumers that can consume data within a stream and use uh it for real-time

stream and use uh it for real-time analytics click streams ingestion data

analytics click streams ingestion data from a fleet of iot

from a fleet of iot devices then we have Kinesis fire hose

devices then we have Kinesis fire hose this is a serverless and a simple

this is a serverless and a simple version of a data stream and you pay on

version of a data stream and you pay on demand based on how much data is

demand based on how much data is consumed through the stream and you

consumed through the stream and you don't worry about the underlying

don't worry about the underlying servers then you have Amazon Kinesis

servers then you have Amazon Kinesis data analytics this allows you to run

data analytics this allows you to run queries against data that is flowing

queries against data that is flowing through your real-time stream so you can

through your real-time stream so you can create reports and Analysis on emerging

create reports and Analysis on emerging data and last on the Kinesis side here

data and last on the Kinesis side here we have Amazon Kinesis video streams

we have Amazon Kinesis video streams this allows you to analyze or apply

this allows you to analyze or apply processing on real-time streaming videos

processing on real-time streaming videos onto the second page here we have manage

onto the second page here we have manage kofka service

kofka service msk um and it might be MKS um now that

msk um and it might be MKS um now that I'm looking at it here so just be aware

I'm looking at it here so just be aware that that might be incorrect but a fully

that that might be incorrect but a fully manage aachi kofka service kofka is an

manage aachi kofka service kofka is an open-source platform for building

open-source platform for building real-time streaming data pipelines and

real-time streaming data pipelines and applications it is similar to Kinesis

applications it is similar to Kinesis but with more robust functionality then

but with more robust functionality then we have red shift which is um a this

we have red shift which is um a this Flagship uh Big Data tool it's a

Flagship uh Big Data tool it's a petabyte size data warehouse the data

petabyte size data warehouse the data warehouses are for online uh online

warehouses are for online uh online analytical processing olap so data

analytical processing olap so data warehouses can be expensive because they

warehouses can be expensive because they are keeping data hot meaning that we can

are keeping data hot meaning that we can run a very complex query in a large

run a very complex query in a large amount of data and get that data back

amount of data and get that data back very fast but this is great when you

very fast but this is great when you need to quickly generate analytics or

need to quickly generate analytics or reports from a large amount of data we

reports from a large amount of data we have Amazon quick site this is a

have Amazon quick site this is a business intelligence tool or a business

business intelligence tool or a business intelligence dashboard bi for short you

intelligence dashboard bi for short you can use it to create business dashboards

can use it to create business dashboards to power business decisions it requires

to power business decisions it requires little to know programming and connect

little to know programming and connect and adjust to many different types of

and adjust to many different types of databases if you ever heard of Tableau

databases if you ever heard of Tableau or powerbi this is just the adus

or powerbi this is just the adus equivalent we have adus data pipelines

equivalent we have adus data pipelines this automates the movement of data you

this automates the movement of data you can reliably move data between compute

can reliably move data between compute storage and services we have Abus glue

storage and services we have Abus glue this is an ETL service so it allows you

this is an ETL service so it allows you to move data from one location to

to move data from one location to another where you need to perform

another where you need to perform Transformations before the Final

Transformations before the Final Destination it's simar similar to DMS

Destination it's simar similar to DMS but it's more robust we have Aus Lake

but it's more robust we have Aus Lake formation this is a centralized curated

formation this is a centralized curated and secured repository that stores all

and secured repository that stores all your data so it's a data Lake it is a

your data so it's a data Lake it is a storage repository that holds a vast

storage repository that holds a vast amount of raw data in its native format

amount of raw data in its native format until it is needed and then last on here

until it is needed and then last on here we have adab state exchange this is a

we have adab state exchange this is a catalog of third-party data sets you can

catalog of third-party data sets you can download for free uh or subscribe or

download for free uh or subscribe or purchase data sets so they might have

purchase data sets so they might have like the covid-19 foot traffic data the

like the covid-19 foot traffic data the IMDb TV movie data historical weather

IMDb TV movie data historical weather data and sometimes this is really great

data and sometimes this is really great if you're just trying to learn how to

if you're just trying to learn how to work with these tools

work with these tools [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look here at

Pro and we are taking a look here at Amazon quick site which is a business

Amazon quick site which is a business intelligence dashboard or bi dashboard

intelligence dashboard or bi dashboard that allows you to ingest data from

that allows you to ingest data from various databus storage or database

various databus storage or database services to quickly visualize business

services to quickly visualize business data with minimal programming or data

data with minimal programming or data formula knowledge so here's an example

formula knowledge so here's an example of a quick site dashboard um and so the

of a quick site dashboard um and so the way quick site is able to make these

way quick site is able to make these dashboards super fast is via spice the

dashboards super fast is via spice the super fast parallel in memory

super fast parallel in memory calculation engine um and the thing is

calculation engine um and the thing is you don't have to use spice um but

you don't have to use spice um but generally it is good to use it uh and

generally it is good to use it uh and there are some caveats when getting your

there are some caveats when getting your data into Quick site sometimes it can't

data into Quick site sometimes it can't ingest data directly from a particular

ingest data directly from a particular uh data store so you might have to dump

uh data store so you might have to dump it to S3 first but it's not too bad

it to S3 first but it's not too bad because you can use Adis glue to

because you can use Adis glue to transform that data over um there are

transform that data over um there are additional features sometimes Market as

additional features sometimes Market as services but we have quick site ml

services but we have quick site ml insights this detects anomalies perform

insights this detects anomalies perform accurate uh forecasting it can generate

accurate uh forecasting it can generate natural language narrative so basically

natural language narrative so basically like you know describe it as if you're

like you know describe it as if you're going to read it out as a business

going to read it out as a business report you know then there's Amazon

report you know then there's Amazon quick site Q this allows you to ask

quick site Q this allows you to ask questions using natural language on all

questions using natural language on all your data and receive answers in seconds

your data and receive answers in seconds so there you go

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and let's go take a look at Amazon quick

and let's go take a look at Amazon quick sites which is a or quick site which is

sites which is a or quick site which is um a business intelligence tool so when

um a business intelligence tool so when you go here you have to uh sign up

you go here you have to uh sign up because it's kind of part of ads but on

because it's kind of part of ads but on its own separate thing and then you have

its own separate thing and then you have to choose what you want so we have

to choose what you want so we have Enterprise and standard um I do not want

Enterprise and standard um I do not want to pay that much so I'm going to go to

to pay that much so I'm going to go to standard over here I'm not really sure

standard over here I'm not really sure what the difference is it's not really

what the difference is it's not really telling me what

telling me what um between standard and

um between standard and Enterprise but I'm going to assume

Enterprise but I'm going to assume standard is more cost effective but here

standard is more cost effective but here we it says user use I am Federated

we it says user use I am Federated identities which is fine use I am

identities which is fine use I am Federate identities only um we can stick

Federate identities only um we can stick with the top one there that seems fine

with the top one there that seems fine to me we need to enter a name so we'll

to me we need to enter a name so we'll just say my quick site

just say my quick site account and we probably have to fill

account and we probably have to fill something in there so let's say Andrew

something in there so let's say Andrew example . Co and these are the services

example . Co and these are the services that are going to integrate with it

that are going to integrate with it Athena S3 RDS things like that I guess

Athena S3 RDS things like that I guess we could select some of those buckets

we could select some of those buckets I'm not too worried about doing that

I'm not too worried about doing that right now the provided account name is

right now the provided account name is not available that is a terrible UI but

not available that is a terrible UI but that's AWS for you so I'm just going to

that's AWS for you so I'm just going to dump some numbers there going put my

dump some numbers there going put my email in here

email in here again um we probably want some S3

again um we probably want some S3 buckets I'm going

buckets I'm going to make a new

to make a new bucket because I think that's how we're

bucket because I think that's how we're going to do this we're gonna have to

going to do this we're gonna have to make a bucket here and say uh quick

make a bucket here and say uh quick site

site data okay and we're going to create

data okay and we're going to create ourselves a bucket here I'm going to go

ourselves a bucket here I'm going to go back and hopefully that shows

up uh it does not so what I'll have to do is just back

do is just back out and I'm just going to give it a hard

out and I'm just going to give it a hard refresh here and we're hit quick sign up

refresh here and we're hit quick sign up for quicksite again and we'll choose

for quicksite again and we'll choose standard and we'll say my quick site

standard and we'll say my quick site account account a bunch of numbers there

account account a bunch of numbers there Andrew exam. I don't really care about

Andrew exam. I don't really care about adjusting data from everywhere else I

adjusting data from everywhere else I just want it from

just want it from S3 there's my

S3 there's my data uh sure we'll give it right

data uh sure we'll give it right permissions even though I don't plan to

permissions even though I don't plan to do anything with Athena here

so what I'm thinking is just making like an Excel spreadsheet here and just

an Excel spreadsheet here and just filling in some data so oh it says our

filling in some data so oh it says our account is set up here so we'll go to

account is set up here so we'll go to Quick site because I bet it can import

Quick site because I bet it can import like a CSV or

like a CSV or something um I'm more of a tableau or

something um I'm more of a tableau or powerbi kind of person um but uh you

powerbi kind of person um but uh you know for the purpose of the cloud

know for the purpose of the cloud practitioner I am going to show you this

practitioner I am going to show you this Amazon quick set lets you easily

Amazon quick set lets you easily visualize data and Etc that sounds great

visualize data and Etc that sounds great next next next I know what I'm doing oh

next next next I know what I'm doing oh do we have some examp great so I don't

do we have some examp great so I don't even have to make a spreadsheet okay so

even have to make a spreadsheet okay so what we'll do is just click on

that and we have stuff it looks like they've really improved this since the

they've really improved this since the last time I've seen it which is quite

last time I've seen it which is quite nice um but I could try and make my

nice um but I could try and make my own I'm just trying to think how do we

own I'm just trying to think how do we do this

do this again yeah we have the spice there so

again yeah we have the spice there so it's a lot easier from starting from

it's a lot easier from starting from scratch I'm just going to say

scratch I'm just going to say close and

close and user analysis we want data sets in here

user analysis we want data sets in here oh we already have some data sets these

oh we already have some data sets these are coming from S3 I think that's the

are coming from S3 I think that's the old S3 logo I'm not sure why they're

old S3 logo I'm not sure why they're using that one we can go here and create

using that one we can go here and create a new data set oh we can upload directly

a new data set oh we can upload directly so I don't even have to use S3 that's

so I don't even have to use S3 that's great so what I'm going to do is just

great so what I'm going to do is just have some values in here so I'm going to

have some values in here so I'm going to just say

just say um uh type value so we'll say

um uh type value so we'll say banana 125 123 we'll say

banana 125 123 we'll say Apple

Apple 11

11 orange nobody likes

orange nobody likes oranges I shouldn't say I'm sure it's

oranges I shouldn't say I'm sure it's like lots of people like

like lots of people like oranges oh we got to put pears on

oranges oh we got to put pears on there I actually really like pears

there I actually really like pears people think I like bananas which is not

people think I like bananas which is not true I actually like pears that's what I

true I actually like pears that's what I like so I'm going to go ahead and save

like so I'm going to go ahead and save this save

this save as and I'm just going to save this to my

as and I'm just going to save this to my desktop here so just give me a moment

desktop here so just give me a moment just doing this soft

screen and I'm just save this uh data set quick

set quick site CSV it can even take an XLS so I

site CSV it can even take an XLS so I don't have to save it as a uh I'll just

don't have to save it as a uh I'll just save it as an

save it as an XLS okay and so we're going to just

XLS okay and so we're going to just upload that so there is that data

upload that so there is that data set it's going to scan that file it's

set it's going to scan that file it's going to see that sheet you even preview

going to see that sheet you even preview it there's the information we're going

it there's the information we're going to add that data

to add that data uh I get added as a data data

set well how do I or where do I it's like it says add the data I just want to

like it says add the data I just want to add it as a data set so data set up here

add it as a data set so data set up here maybe save and visualize up

maybe save and visualize up here and is it autographing yet maybe if

here and is it autographing yet maybe if I drag in is it working is it thinking

I drag in is it working is it thinking okay it's at 100% so I'm going to just

okay it's at 100% so I'm going to just drag that onto

drag that onto there and it says pear orange

there and it says pear orange banana just kind of trying to make sense

banana just kind of trying to make sense of this here is it taking in count the

of this here is it taking in count the value maybe put the value down there wow

value maybe put the value down there wow that's so much easier I've been used

that's so much easier I've been used this for like a year and um I'm going to

this for like a year and um I'm going to tell you this has gotten a lot easier to

tell you this has gotten a lot easier to use so I'm quite impressed with this but

use so I'm quite impressed with this but yeah I mean this is pretty much what

yeah I mean this is pretty much what quick site is if you want to visualize

quick site is if you want to visualize things in different types you can drag

things in different types you can drag them out you can probably like click on

them out you can probably like click on the the wheel here and change

the the wheel here and change it again I'm not sure

it again I'm not sure exactly how all the uh the dials and

exactly how all the uh the dials and knobs work here but I mean another thing

knobs work here but I mean another thing we could do is just drag out like

we could do is just drag out like another object and do the same thing so

another object and do the same thing so maybe I'd want a pie

maybe I'd want a pie chart um

chart um so add a

so add a visual yeah it's not as nice as powerbi

visual yeah it's not as nice as powerbi but like it's still great that it's here

but like it's still great that it's here you know type

you know type value so we got a nice pie chart

value so we got a nice pie chart there uh let's try something weird let's

there uh let's try something weird let's give this one a go

give this one a go doesn't color it which is not very nice

doesn't color it which is not very nice um there's probably some kind of way to

um there's probably some kind of way to color it but focus on banana only I

color it but focus on banana only I don't know I don't know what the point

don't know I don't know what the point of there but anyway that's quick site so

of there but anyway that's quick site so um I really don't want to pay for this

um I really don't want to pay for this so what I'm going to do let's go up

so what I'm going to do let's go up here um there's you have to deactivate

here um there's you have to deactivate I'm just trying to remember

I'm just trying to remember how because they Chang the interface

how because they Chang the interface again they change everything on

again they change everything on you so maybe we go I'm on a trial for 4

you so maybe we go I'm on a trial for 4 days here maybe quantity for just the

days here maybe quantity for just the four 29 day trial so if I want to get

four 29 day trial so if I want to get out of this trial what do I do I don't

out of this trial what do I do I don't want to use it anymore um

want to use it anymore um so how to delete ads quick

so how to delete ads quick site canceling your subscription so

site canceling your subscription so before you can unsubscribe uh you're

before you can unsubscribe uh you're signed in the IM am account your

signed in the IM am account your quicksite administrator you're the root

quicksite administrator you're the root I am administrator sure uh you deleted

I am administrator sure uh you deleted any secondary name spaces to find the

any secondary name spaces to find the existing name space Etc so choose your

existing name space Etc so choose your username in the application bars manage

username in the application bars manage quick site account settings

quick site account settings unsubscribe so I was almost there I

unsubscribe so I was almost there I thought I was in the right

place uh this one no I was just

no I was just there manage quick

there manage quick site your

site your subscriptions

subscriptions edit there's no unsubscribe

edit there's no unsubscribe option so I'm not

option so I'm not sure can I

unsubscribe button does not appear in quick site

and it could just be because we're on trial and so maybe after the end of the

trial and so maybe after the end of the trial it will uh it will vanish

trial it will uh it will vanish there they are not making this easy for

there they are not making this easy for me account settings ah delete account so

me account settings ah delete account so this is what we probably want to do

this is what we probably want to do permanently delete the account

permanently delete the account yes I mean that has to get rid of the

yes I mean that has to get rid of the subcription because it gets rid of

subcription because it gets rid of everything there we

everything there we go we'll say

go we'll say confirm delete

confirm delete account unless you're using them in the

account unless you're using them in the services blah blah blah blah blah um

services blah blah blah blah blah um successful okay great so now I should go

successful okay great so now I should go back ads. amazon.com and just to confirm

back ads. amazon.com and just to confirm that it's gone I'm going

that it's gone I'm going to go to quicksite again and just see if

to go to quicksite again and just see if it's trying to ask me to sign again so

it's trying to ask me to sign again so it is so I've gotten R of my account so

it is so I've gotten R of my account so we're all in good shape and uh yeah that

we're all in good shape and uh yeah that is that is quick

site all right let's take a look at some more machine learning AI services

more machine learning AI services because adab us won't stop making these

because adab us won't stop making these things um and basically last time I made

things um and basically last time I made uh the videos all this generative stuff

uh the videos all this generative stuff did not exist so we need to cover it the

did not exist so we need to cover it the first is Amazon Bedrock so the uh this

first is Amazon Bedrock so the uh this uses large language models and makes it

uses large language models and makes it a cloud service offering to generate

a cloud service offering to generate text and images responses if you know

text and images responses if you know what chat GPT is you know what Bedrock

what chat GPT is you know what Bedrock is we have Amazon code Whisperer it's an

is we have Amazon code Whisperer it's an AI code generator that will predict code

AI code generator that will predict code to meet your use case uh so if you've

to meet your use case uh so if you've heard ever heard of GitHub co-pilot it's

heard ever heard of GitHub co-pilot it's the same thing basically it's going to

the same thing basically it's going to write code for you or along with you I

write code for you or along with you I should say we have Amazon devops Guru

should say we have Amazon devops Guru this uses ml or machine learning to

this uses ml or machine learning to analyze your operational data and

analyze your operational data and application metrics and the events to

application metrics and the events to detect operational

detect operational abnormalities um imagine if you had kind

abnormalities um imagine if you had kind of like a junior devops person digging

of like a junior devops person digging into your metrics to figure out if

into your metrics to figure out if there's something wrong then we have

there's something wrong then we have Amazon Lookout this is actually three

Amazon Lookout this is actually three different um offerings we have Amazon

different um offerings we have Amazon lookout for equipment Amazon uh lookout

lookout for equipment Amazon uh lookout for metrics and Amazon look out for

for metrics and Amazon look out for vision they all seem to have to do

vision they all seem to have to do something with quality control and

something with quality control and Performing automated inspection so

Performing automated inspection so vision of course would use Vision to

vision of course would use Vision to detect anomalies uh one would be for

detect anomalies uh one would be for equipment to detect if there's anything

equipment to detect if there's anything wrong with operational equipment uh and

wrong with operational equipment uh and then metrics would be you know with

then metrics would be you know with metric data so something probably more

metric data so something probably more for um the hard Industries uh to utilize

for um the hard Industries uh to utilize and you have Amazon monotron so this

and you have Amazon monotron so this uses machine learning models to predict

uses machine learning models to predict unplanned equipment downtime and so the

unplanned equipment downtime and so the way they do that is they have these uh

way they do that is they have these uh iot sensors that's going to capture

iot sensors that's going to capture vibrations and sensor data from your

vibrations and sensor data from your Hardware then we also have adus neuron

Hardware then we also have adus neuron this is an ad SDK used to run deep

this is an ad SDK used to run deep learning workloads on adus uh infer I

learning workloads on adus uh infer I can't say that word but I know what it

can't say that word but I know what it is it's basically um it's a machine

is it's basically um it's a machine learning acceleration on gpus that you

learning acceleration on gpus that you can attach and ads train

can attach and ads train trainum so yeah I wish the words weren't

trainum so yeah I wish the words weren't so hard there's actually more um stuff

so hard there's actually more um stuff that Aus has for machine learning I

that Aus has for machine learning I didn't include them because they were

didn't include them because they were just too far out there and they're

just too far out there and they're definitely not going to show up in your

definitely not going to show up in your exam you'll definitely never see them

exam you'll definitely never see them but we now have better coverage what I

but we now have better coverage what I really wanted to show was Bedrock hod

really wanted to show was Bedrock hod Whisperer because I feel like those two

Whisperer because I feel like those two uh will show up on future exams I'm just

uh will show up on future exams I'm just trying to get those in front of you now

trying to get those in front of you now even if they're not on the exam uh at

even if they're not on the exam uh at the time of this recording okay

the time of this recording okay [Music]

[Music] ciao all right so you probably are

ciao all right so you probably are already know what generative AI is but

already know what generative AI is but just in case you don't I want to just

just in case you don't I want to just quickly cover it and show a very tiny

quickly cover it and show a very tiny example uh so generative AI which also

example uh so generative AI which also can be shorten to gen AI though most

can be shorten to gen AI though most people don't say that uh is a type of

people don't say that uh is a type of artificial intelligence capable capable

artificial intelligence capable capable of generating new content such as text

of generating new content such as text images music or other forms of media so

images music or other forms of media so an example would be something like a

an example would be something like a software that I like to use called mid

software that I like to use called mid Journey uh where you can put in a prompt

Journey uh where you can put in a prompt and so it will then go ahead and

and so it will then go ahead and generate out an image um so all the

generate out an image um so all the cloud service providers have some kind

cloud service providers have some kind of offering with both image and text um

of offering with both image and text um but yeah hopefully that makes sense the

but yeah hopefully that makes sense the idea is that you can plug stuff in you

idea is that you can plug stuff in you get stuff out

get stuff out [Music]

[Music] okay let's us take a look here at

okay let's us take a look here at machine learning and deep learning

machine learning and deep learning Frameworks and so these are Frameworks

Frameworks and so these are Frameworks that uh can be used with sagemaker or

that uh can be used with sagemaker or have direct support for them I just want

have direct support for them I just want to get you some uh exposure and to uh

to get you some uh exposure and to uh get you some context in terms of these

get you some context in terms of these because machine learning and Ai and all

because machine learning and Ai and all this stuff is becoming more popular so

this stuff is becoming more popular so you should at least have heard of these

you should at least have heard of these things so I have all the logos on the

things so I have all the logos on the left hand side and we'll go through them

left hand side and we'll go through them the first is Apachi mxnet so this is a

the first is Apachi mxnet so this is a machine learning framework adopted by

machine learning framework adopted by ads basically um every single cloud

ads basically um every single cloud service provider backs their own kind of

service provider backs their own kind of open- source framework and they try to

open- source framework and they try to make that the one that they suggest you

make that the one that they suggest you to use but in practice uh there's ones

to use but in practice uh there's ones that are good and there's ones that

that are good and there's ones that people just don't want to use and Apachi

people just don't want to use and Apachi mxnet is not fun to use whatsoever um

mxnet is not fun to use whatsoever um and so you'll see it all over in the

and so you'll see it all over in the marketing and pushed everywhere but

marketing and pushed everywhere but really people want to use things like

really people want to use things like curus tensor flow but anyway I just

curus tensor flow but anyway I just wanted to point that out that it was has

wanted to point that out that it was has a bias because they've invested energy

a bias because they've invested energy into uh their team of machine learning

into uh their team of machine learning Frameworks you got pytorch optimized for

Frameworks you got pytorch optimized for tensor Library uh for deep learning

tensor Library uh for deep learning using GPU and CPU it's created by

using GPU and CPU it's created by Facebook Facebook does not necessarily

Facebook Facebook does not necessarily um have its own cloud service provider

um have its own cloud service provider offering so it's kind of out there and

offering so it's kind of out there and so you'll see good support for pytorch

so you'll see good support for pytorch and all the major providers U the next

and all the major providers U the next is tensorflow this is made by Google

is tensorflow this is made by Google what's interesting with tensor flow is

what's interesting with tensor flow is Google made uh their own um GPU or TPU

Google made uh their own um GPU or TPU they call it a tensor Processing Unit so

they call it a tensor Processing Unit so tensor is a a unit of thing in

tensor is a a unit of thing in tensorflow and it they have optimized

tensorflow and it they have optimized hardware for it I personally find

hardware for it I personally find tensorflow the easy to use or I should

tensorflow the easy to use or I should say cires so um CES is a highlevel

say cires so um CES is a highlevel machine learning framework built on top

machine learning framework built on top of tensorflow because these lower level

of tensorflow because these lower level ones were just really hard to use and so

ones were just really hard to use and so basically pytorch came along and it was

basically pytorch came along and it was much easier to use and then everyone

much easier to use and then everyone noticed how easier py torch was and so

noticed how easier py torch was and so that's where curus came from was to be

that's where curus came from was to be competitive with pytorch and be easier

competitive with pytorch and be easier to use then you have a poy spark which

to use then you have a poy spark which is a unified analytics engine for large

is a unified analytics engine for large scale data processing but they do have

scale data processing but they do have ml offerings within it called spark ml

ml offerings within it called spark ml um so there's definitely things you can

um so there's definitely things you can do there uh there's a piece of software

do there uh there's a piece of software called chainer um and it's for it's a

called chainer um and it's for it's a deep learning framework that supports

deep learning framework that supports Cuda then there's hugging face which is

Cuda then there's hugging face which is not exactly a framework or tool it's

not exactly a framework or tool it's just a way of accessing a lot of models

just a way of accessing a lot of models online and data sets and quickly

online and data sets and quickly launching them for whatever reason I uh

launching them for whatever reason I uh adus has uh strong synergies with

adus has uh strong synergies with hugging face I've seen like developer

hugging face I've seen like developer Advocates and other uh folks that worked

Advocates and other uh folks that worked at AOS go over to hugging face and so

at AOS go over to hugging face and so there seems to be strong uh

there seems to be strong uh relationships between hugging face and

relationships between hugging face and adabs for whatever reason there's a lot

adabs for whatever reason there's a lot of ml Frameworks out there but because

of ml Frameworks out there but because uh ml is uh just uh

uh ml is uh just uh progressively um or rapidly innovating

progressively um or rapidly innovating you'll see Frameworks come and go and so

you'll see Frameworks come and go and so I remember when I researched this and I

I remember when I researched this and I was just trying to understand all the

was just trying to understand all the Frameworks out there there was just a

Frameworks out there there was just a lot and I just kept digging into them

lot and I just kept digging into them finding oh they're not active anymore

finding oh they're not active anymore they're not active anymore so I just

they're not active anymore so I just want to point out that we have all these

want to point out that we have all these ones up on screen if they become active

ones up on screen if they become active tomorrow I would not be surprised but uh

tomorrow I would not be surprised but uh for the most part all of these seem to

for the most part all of these seem to be very popular uh and uh they're being

be very popular uh and uh they're being well supported uh but yeah hopefully

well supported uh but yeah hopefully that gives you an idea of these

that gives you an idea of these Frameworks okay

Frameworks okay [Music]

[Music] ciao all right let's take a look here at

ciao all right let's take a look here at Apachi mxnet a little bit more in detail

Apachi mxnet a little bit more in detail because this is the framework that aabus

because this is the framework that aabus wants you to use whether you want to use

wants you to use whether you want to use it or not is a different story uh but

it or not is a different story uh but you'll see it all over in their

you'll see it all over in their marketing pages and things like that so

marketing pages and things like that so apachi mxnet is a deep learning machine

apachi mxnet is a deep learning machine learning framework which supports many

learning framework which supports many many different programming languages so

many different programming languages so that is one advantage of it uh the key

that is one advantage of it uh the key features uh is that it's scalable it's

features uh is that it's scalable it's flexible it's portable it's it supports

flexible it's portable it's it supports multiple programming language inabus has

multiple programming language inabus has made Apachi mxet their framework of

made Apachi mxet their framework of choice so there's lots of support for it

choice so there's lots of support for it within ad sagemaker and the ad ml

within ad sagemaker and the ad ml containers but I have noticed that

containers but I have noticed that they've been increasing support for p

they've been increasing support for p torch so maybe you know they're just

torch so maybe you know they're just trying to meet the customer where they

trying to meet the customer where they are but but anyway um there is a lot of

are but but anyway um there is a lot of stuff for mxnet mxnet has two highlevel

stuff for mxnet mxnet has two highlevel interfaces uh one's called glue on and

interfaces uh one's called glue on and there is module API so uh depending on

there is module API so uh depending on which one you use one is imperative

which one you use one is imperative programming one's symbolic programming

programming one's symbolic programming uh this is more of a deeper concept for

uh this is more of a deeper concept for machine learning but I'm going to tell

machine learning but I'm going to tell you one is really easy one is really

you one is really easy one is really hard um but uh let's look at a very

hard um but uh let's look at a very simple example of uh some code for using

simple example of uh some code for using the gluon API so it kind of looks like

the gluon API so it kind of looks like that you can see that they are using

that you can see that they are using python so hopefully that gives you an

python so hopefully that gives you an idea of uh mxnet and its offering the

idea of uh mxnet and its offering the key thing is that it offers it in a lot

key thing is that it offers it in a lot of different programming languages will

of different programming languages will this appear on your exam absolutely not

this appear on your exam absolutely not but should you know it you absolutely

but should you know it you absolutely should um just so you have good context

should um just so you have good context with adus and ml so there you

with adus and ml so there you [Music]

[Music] go I want to talk a little bit about

go I want to talk a little bit about Intel because I think it's very

Intel because I think it's very important to remember the hardware that

important to remember the hardware that is running with these um cloud service

is running with these um cloud service providers because it really does matter

providers because it really does matter um and there's a couple terms you might

um and there's a couple terms you might see when using a compute that you're not

see when using a compute that you're not aware of and I want to make sure you

aware of and I want to make sure you know what they are so let's talk about

know what they are so let's talk about what is Intel so Intel is a

what is Intel so Intel is a multinational corporation is one of the

multinational corporation is one of the world's largest semiconductor chip

world's largest semiconductor chip manufacturers Intel is the inventor of

manufacturers Intel is the inventor of the

the x86 instruction set so basically uh they

x86 instruction set so basically uh they released this chip back in 1978 this

released this chip back in 1978 this one's called the Intel 8086 chip and the

one's called the Intel 8086 chip and the idea is that um they came up with an

idea is that um they came up with an instruction set um it's basically a

instruction set um it's basically a bunch of words that you can use um to

bunch of words that you can use um to program the chip and it's a lower level

program the chip and it's a lower level language so um that lower level language

language so um that lower level language would be in assembly um if if that makes

would be in assembly um if if that makes any sense so the idea is that you have

any sense so the idea is that you have this um instruction set and you have to

this um instruction set and you have to write an assembly and so basically most

write an assembly and so basically most modern programs like when you use uh

modern programs like when you use uh programming languages like uh C it will

programming languages like uh C it will actually compile down to assembly um or

actually compile down to assembly um or other languages will compile down to

other languages will compile down to assembly because that is what the chip

assembly because that is what the chip understands and then assembly is turned

understands and then assembly is turned into machine code like the zeros and

into machine code like the zeros and ones and the reason I'm mentioning this

ones and the reason I'm mentioning this is that when you go and you uh launch uh

is that when you go and you uh launch uh a compute uh instance let's say on AWS

a compute uh instance let's say on AWS uh you're launching a ec2 instance you

uh you're launching a ec2 instance you have to choose uh whether it's x86 or a

have to choose uh whether it's x86 or a different instruction set or

different instruction set or architecture and so the other one is arm

architecture and so the other one is arm and they're both really really good it

and they're both really really good it just depends on whether uh uh your stuff

just depends on whether uh uh your stuff can support it but for the most part

can support it but for the most part Intel has arm chips as well so so um

Intel has arm chips as well so so um there is no company that produces arm

there is no company that produces arm chips per se it's just an architecture

chips per se it's just an architecture and uh the way it works is that it just

and uh the way it works is that it just has fewer instruction sets so there's

has fewer instruction sets so there's fewer uh rules that you can write in so

fewer uh rules that you can write in so it's a more limited writing it in

it's a more limited writing it in assembly but at the end of the day it

assembly but at the end of the day it doesn't matter because your programming

doesn't matter because your programming language is going to compile it down so

language is going to compile it down so you don't have to worry about those

you don't have to worry about those fewer instructions but because it has

fewer instructions but because it has fewer instructions it generally results

fewer instructions it generally results in a better uh Power efficiency and so

in a better uh Power efficiency and so it can have better performance or better

it can have better performance or better or better cost to to you the customer so

or better cost to to you the customer so when I can I try to run arm and for the

when I can I try to run arm and for the most part it's always great to run arm

most part it's always great to run arm but uh it really depends on if your

but uh it really depends on if your software is going to be able to run on

software is going to be able to run on arm um and stuff like that so I just

arm um and stuff like that so I just wanted to point out those two things

wanted to point out those two things there about uh at least a Intel and then

there about uh at least a Intel and then instruction sets

instruction sets [Music]

[Music] okay all right I want to talk about two

okay all right I want to talk about two things um that Intel has with ads and

things um that Intel has with ads and the first is Intel Zeon scalable

the first is Intel Zeon scalable processor and the second is Intel Gotti

processor and the second is Intel Gotti um so it us of course does work with or

um so it us of course does work with or purchases um Hardware from other um uh

purchases um Hardware from other um uh other companies like they use AMD and

other companies like they use AMD and Nvidia but I think it's worth mentioning

Nvidia but I think it's worth mentioning Intel in a little bit more detail here

Intel in a little bit more detail here because every time I go to reinvent

because every time I go to reinvent Intel has a big giant booth and you can

Intel has a big giant booth and you can go scour the ads website and it just

go scour the ads website and it just looks like ADS works more closely with

looks like ADS works more closely with Intel as opposed to the other uh

Intel as opposed to the other uh providers not to say that Intel is not

providers not to say that Intel is not being utilized on gcp and Azure and

being utilized on gcp and Azure and others but uh I just noticed something

others but uh I just noticed something more going on there with AWS but let's

more going on there with AWS but let's first talk about Intel xon scalable

first talk about Intel xon scalable processors these are high performance

processors these are high performance CPUs designed for Enterprise and server

CPUs designed for Enterprise and server applications commonly used in a

applications commonly used in a instances um that scalable part makes

instances um that scalable part makes them very good for machine learning so

them very good for machine learning so you often are going to be be using Intel

you often are going to be be using Intel Zeon processors whether you know or not

Zeon processors whether you know or not on

on ads the Intel is the Intel uh Habana

ads the Intel is the Intel uh Habana Gotti processor so this is a a processor

Gotti processor so this is a a processor specialized for AI training uh you could

specialized for AI training uh you could say that this is a direct competitor to

say that this is a direct competitor to Nvidia or a similar competitor because

Nvidia or a similar competitor because uh they uh they uh do something very

uh they uh they uh do something very similar um I believe that Intel Gotti

similar um I believe that Intel Gotti has their own SDK called synapse AI uh

has their own SDK called synapse AI uh that you can use to interact with it so

that you can use to interact with it so you launch up Sage maker and then use uh

you launch up Sage maker and then use uh that uh that API or SDK in order to best

that uh that API or SDK in order to best utilize uh that Hardware there but both

utilize uh that Hardware there but both of these um pieces of Hardware are

of these um pieces of Hardware are offered uh on ads and I think it's just

offered uh on ads and I think it's just good to know them at least to name uh

good to know them at least to name uh what they are

what they are [Music]

[Music] okay hey this is angrew brown and let's

okay hey this is angrew brown and let's talk about gpus I'm sure most people

talk about gpus I'm sure most people know what gpus are here but I'm going to

know what gpus are here but I'm going to talk about it anyway because I want to

talk about it anyway because I want to talk about cudas so a GPU stands for

talk about cudas so a GPU stands for General processing unit and it's a

General processing unit and it's a processor that is specialized to quickly

processor that is specialized to quickly render high resolution images and videos

render high resolution images and videos concurrently if youve ever played video

concurrently if youve ever played video games you know you need a good GPU

games you know you need a good GPU because it's all about those images

because it's all about those images however gpus can perform parallel

however gpus can perform parallel operations on multiple sets of data so

operations on multiple sets of data so they can also be used for non-graphical

they can also be used for non-graphical tasks and this makes it really good for

tasks and this makes it really good for machine learning and scientific uh

machine learning and scientific uh computation so if you're trying to uh

computation so if you're trying to uh convince your significant other that you

convince your significant other that you need a better graphics card you can just

need a better graphics card you can just tell them it's for work I need it for

tell them it's for work I need it for machine learning and scientific comp

machine learning and scientific comp computation it's not your fault that you

computation it's not your fault that you can also play video games with it and so

can also play video games with it and so we have like a graphic there on the

we have like a graphic there on the right hand side I think I got that from

right hand side I think I got that from Nvidia and so they're kind of trying to

Nvidia and so they're kind of trying to demonstrate the difference between uh

demonstrate the difference between uh the paralyzation with GPU versus serial

the paralyzation with GPU versus serial tasks with CPU but let's go and just

tasks with CPU but let's go and just read a little bit more so CPUs can have

read a little bit more so CPUs can have an average of four to 16 processor cores

an average of four to 16 processor cores gpus can have thousands of processor

gpus can have thousands of processor cores how that works I have no idea but

cores how that works I have no idea but I just know that that's how it works uh

I just know that that's how it works uh so we have 48 gpus can provide as many

so we have 48 gpus can provide as many as 40,000 C

as 40,000 C so that is a lot gpus are best suited

so that is a lot gpus are best suited for repetitive and highly parallel

for repetitive and highly parallel Computing tasks such as rendering

Computing tasks such as rendering Graphics cryptocurrency mining if people

Graphics cryptocurrency mining if people are even still doing that and deep

are even still doing that and deep learning and machine learning so you

learning and machine learning so you know there you go that's

know there you go that's [Music]

[Music] gpus all right let's take a look here at

gpus all right let's take a look here at Cuda but before we do let's talk about

Cuda but before we do let's talk about Nvidia so Nvidia is a company that

Nvidia so Nvidia is a company that manufactures graphical processing units

manufactures graphical processing units for gaming and professional markets if

for gaming and professional markets if you have ever played video games and you

you have ever played video games and you build your own rig um a lot of people

build your own rig um a lot of people like to choose Nvidia but Nvidia can do

like to choose Nvidia but Nvidia can do things other than video games and this

things other than video games and this is due to their framework uh called cuda

is due to their framework uh called cuda which stands for compute unified device

which stands for compute unified device architecture so it's a parallel

architecture so it's a parallel Computing platform and API I said

Computing platform and API I said framework but I guess it's an API bu in

framework but I guess it's an API bu in video that allows developers to use Cuda

video that allows developers to use Cuda enable gpus for general purpose

enable gpus for general purpose Computing gpus and it says GP GPU

Computing gpus and it says GP GPU because it's saying general purpose gpus

because it's saying general purpose gpus I know that's a mouthful there um so

I know that's a mouthful there um so over on AWS they have a bunch of

over on AWS they have a bunch of instances that um can utilize uh Nvidia

instances that um can utilize uh Nvidia GPU so I adus is always changing the

GPU so I adus is always changing the instances so these could be old but you

instances so these could be old but you can see we have a P3 which has the Tesla

can see we have a P3 which has the Tesla Tesla V100 you have the G3 with a Tesla

Tesla V100 you have the G3 with a Tesla M M60 the G4 with a T4 uh the P4 with

M M60 the G4 with a T4 uh the P4 with the Tesla a 100 so there's probably

the Tesla a 100 so there's probably these are probably old ones there's new

these are probably old ones there's new instances with newer Nvidia cards but my

instances with newer Nvidia cards but my point is is that adus has uh gpus that

point is is that adus has uh gpus that you can utilize another thing I want to

you can utilize another thing I want to point out with Cuda is that all major

point out with Cuda is that all major deep learning Frameworks are integrated

deep learning Frameworks are integrated with Nvidia deep learning sdks there's a

with Nvidia deep learning sdks there's a big fight or War over um uh these

big fight or War over um uh these companies that make uh gpus and CPS

companies that make uh gpus and CPS because they really want the uh Theirs

because they really want the uh Theirs to be used for machine learning so you

to be used for machine learning so you can definitely be sure that AMD probably

can definitely be sure that AMD probably has some kind of similar offering or

has some kind of similar offering or something uh and definitely Intel as

something uh and definitely Intel as well um but Nvidia has done a very good

well um but Nvidia has done a very good job in uh making sure that theirs is the

job in uh making sure that theirs is the most popular um so Nvidia deep learning

most popular um so Nvidia deep learning SDK is a collection of En uh Nvidia

SDK is a collection of En uh Nvidia libraries for deep learning so this is

libraries for deep learning so this is something that this is the SDK you can

something that this is the SDK you can use with Cuda to interact with their API

use with Cuda to interact with their API uh so one of those libraries are called

uh so one of those libraries are called cuda deep neural network library so

cuda deep neural network library so that's something you can use with it and

that's something you can use with it and it's uh tuned for a bunch of stuff if it

it's uh tuned for a bunch of stuff if it looks like it's getting a little bit too

looks like it's getting a little bit too um uh technical it's because this slide

um uh technical it's because this slide was was for my machine learning uh

was was for my machine learning uh inabus specialty and I didn't do a whole

inabus specialty and I didn't do a whole lot to change it and brought it over uh

lot to change it and brought it over uh so you don't don't really need to know

so you don't don't really need to know that last part there but just understand

that last part there but just understand what Cuda is and that it's uh very

what Cuda is and that it's uh very important uh for working with machine

important uh for working with machine learning and adus has uh good offerings

learning and adus has uh good offerings uh for instances with it okay

uh for instances with it okay [Music]

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at the ads well

and we are taking a look at the ads well architectur framework so this is a white

architectur framework so this is a white paper created by ads to help customers

paper created by ads to help customers build using best practices defined by

build using best practices defined by AWS you can find this at aws.amazon.com

AWS you can find this at aws.amazon.com architecture forwell architected this

architecture forwell architected this idea is not unique to AWS the other

idea is not unique to AWS the other providers have it but I believe AWS was

providers have it but I believe AWS was the first one to Define this and they

the first one to Define this and they have a really good uh a good approach to

have a really good uh a good approach to this and this is pretty much Essential

this and this is pretty much Essential Knowledge that you have to have uh four

Knowledge that you have to have uh four certifications when we're looking at the

certifications when we're looking at the cloud practitioner the soci architect

cloud practitioner the soci architect associate and professional because um

associate and professional because um there's a lot of principles here are

there's a lot of principles here are best practices that adus uses themselves

best practices that adus uses themselves to architect their infrastructure okay

to architect their infrastructure okay so the framework is divided into five

so the framework is divided into five sections called pillars which address

sections called pillars which address different aspects or lenses that can be

different aspects or lenses that can be applied to a cloud workload so imagine

applied to a cloud workload so imagine you have your Cloud workload you're

you have your Cloud workload you're going to want to adopt an a architect

going to want to adopt an a architect framework some things that you know

framework some things that you know people don't consider outside the Five

people don't consider outside the Five Pillars is that you need to know en

Pillars is that you need to know en definitions uh General design principles

definitions uh General design principles and the review process um and then from

and the review process um and then from there you have your five pillars so you

there you have your five pillars so you have operational excellence security

have operational excellence security reliability performance efficiency and

reliability performance efficiency and cost optimization and all these have

cost optimization and all these have major sections in this uh white paper

major sections in this uh white paper but outside of just the main white paper

but outside of just the main white paper each of these have their own white

each of these have their own white papers that go even into farther detail

papers that go even into farther detail so if you really want to uh really focus

so if you really want to uh really focus on security and get a lot more

on security and get a lot more information they have that as well okay

[Music] let's take a look at the general

let's take a look at the general definitions for the well architecture

definitions for the well architecture framework starting with the pillars so

framework starting with the pillars so the operational excellent pillar is

the operational excellent pillar is there to run and monitor systems the

there to run and monitor systems the security pillar is to protect data and

security pillar is to protect data and systems to mitigate risk the reliability

systems to mitigate risk the reliability pillar is to mitigate and recover from

pillar is to mitigate and recover from uh disruptions the performance

uh disruptions the performance efficiency pillar is about using

efficiency pillar is about using Computing resources efficiently or

Computing resources efficiently or effectively and the cost optimization

effectively and the cost optimization pillar is about getting the lowest price

pillar is about getting the lowest price and this is where you're going to find

and this is where you're going to find all the business value and I put an

all the business value and I put an aster there because uh you know you

aster there because uh you know you might obsess saying we need to meet the

might obsess saying we need to meet the requirements for all these pillars and

requirements for all these pillars and that's not the case you can trade off

that's not the case you can trade off pillars based on the business context so

pillars based on the business context so you know don't take it as literally

you know don't take it as literally Implement every single thing but just

Implement every single thing but just consider that uh you know you might have

consider that uh you know you might have to adapt it based on your workloads then

to adapt it based on your workloads then we have some general definitions that we

we have some general definitions that we will come across so there's components

will come across so there's components so code configuration itless resources

so code configuration itless resources against the requirement a workload so a

against the requirement a workload so a set of components that work together to

set of components that work together to deliver business value mileston so key

deliver business value mileston so key changes of your architecture through the

changes of your architecture through the product life cycle then there's

product life cycle then there's architecture itself so how components

architecture itself so how components work together in a workload and then we

work together in a workload and then we have technology portfolio so a

have technology portfolio so a collection of workloads required for the

collection of workloads required for the business to operate

business to operate [Music]

[Music] okay so the well architected framework

okay so the well architected framework is designed around a different kind of

is designed around a different kind of team structure so when you're looking at

team structure so when you're looking at Enterprises they generally have a

Enterprises they generally have a centralized team with specific roles

centralized team with specific roles where ADS structures their teams as

where ADS structures their teams as being distributed with flexible roles

being distributed with flexible roles and so this new kind of methodology of

and so this new kind of methodology of distributed teams uh has some major

distributed teams uh has some major advantages but it does come with some

advantages but it does come with some risks and so it us has baked in some uh

risks and so it us has baked in some uh practices or uh things that they do to

practices or uh things that they do to mitigate these issues okay so let's

mitigate these issues okay so let's compare on premise Enterprise uh to what

compare on premise Enterprise uh to what itus is proposing for your team

itus is proposing for your team structure so on premise what we'd see is

structure so on premise what we'd see is a centralized team consisting of

a centralized team consisting of technical Architects solution AR

technical Architects solution AR Architects data Architects Network

Architects data Architects Network Architects security Architects and you

Architects security Architects and you kind of see that they all have a

kind of see that they all have a specialized vertical and they are

specialized vertical and they are usually managed by either TF or Zack man

usually managed by either TF or Zack man framework so those are just ways of

framework so those are just ways of structuring your teams those are very

structuring your teams those are very popular and so what adus is proposing

popular and so what adus is proposing here is that you have a distribute team

here is that you have a distribute team and uh the way you're going to make that

and uh the way you're going to make that team work because obviously just

team work because obviously just thinking about distribute team they're

thinking about distribute team they're going to be a lot more agile but to make

going to be a lot more agile but to make sure that they effectively work you have

sure that they effectively work you have practices like team experts who raise

practices like team experts who raise the the bar uh making sure that you know

the the bar uh making sure that you know uh in any areas we can always say how

uh in any areas we can always say how can we do this better uh then there are

can we do this better uh then there are mechanisms in place for automated checks

mechanisms in place for automated checks for standards so that's the great thing

for standards so that's the great thing about Cloud can all be automated to say

about Cloud can all be automated to say hey does it meet our Regulatory

hey does it meet our Regulatory Compliance or or what have you and then

Compliance or or what have you and then there's the concept of the Amazon

there's the concept of the Amazon leadership principles which we will

leadership principles which we will cover on in the next slide in detail and

cover on in the next slide in detail and so um you know iTab us is not obviously

so um you know iTab us is not obviously using uh these other Frameworks because

using uh these other Frameworks because it has its own which is this one here

it has its own which is this one here but the the mechanism to which they stay

but the the mechanism to which they stay organ oriz and up to date is they are

organ oriz and up to date is they are supported by a virtual community of

supported by a virtual community of subject matter experts principal

subject matter experts principal Engineers so that what they'll do is

Engineers so that what they'll do is they'll engineer things like lunchtime

they'll engineer things like lunchtime talks and then recycle that into their

talks and then recycle that into their onboarding material or into this

onboarding material or into this framework itself

framework itself [Music]

[Music] okay so we're taking a look here at

okay so we're taking a look here at Amazon's leadership principles and these

Amazon's leadership principles and these are a set of principles used during the

are a set of principles used during the company's decision- making problem

company's decision- making problem solving simple brainstorming and hiring

solving simple brainstorming and hiring all right um and so I can't say I like

all right um and so I can't say I like all of these but definitely some of them

all of these but definitely some of them really stand out as being great

really stand out as being great especially the first one which is

especially the first one which is customer Obsession so instead of

customer Obsession so instead of worrying about what your competitors are

worrying about what your competitors are doing think about what the customer

doing think about what the customer wants work your way back and uh you know

wants work your way back and uh you know really focus on the customer's needs

really focus on the customer's needs then there's ownership so if you're

then there's ownership so if you're going to go do something uh you know try

going to go do something uh you know try to be your own mini boss uh and take

to be your own mini boss uh and take responsibility for whatever it is you're

responsibility for whatever it is you're building event and simplify so you know

building event and simplify so you know always look for the simplest solution

always look for the simplest solution don't try to engineer something super

don't try to engineer something super complicated if it's not necessary uh or

complicated if it's not necessary uh or right a lot so you know try to be right

right a lot so you know try to be right uh learn and be curious so that's pretty

uh learn and be curious so that's pretty self-explanatory hire and develop the

self-explanatory hire and develop the best insist on the high standards adus

best insist on the high standards adus always refers to this as raising the bar

always refers to this as raising the bar think big buys for Action frugality and

think big buys for Action frugality and adus is really Frugal if you didn't know

adus is really Frugal if you didn't know that but not just for like themselves

that but not just for like themselves but also for their customers they want

but also for their customers they want customers to uh spend the least amount

customers to uh spend the least amount of money possible when using their

of money possible when using their infrastructure earn trust uh dive deep

infrastructure earn trust uh dive deep have a backbone disagree and commit

have a backbone disagree and commit deliver results strive to be the earth's

deliver results strive to be the earth's best employer success and scale bring

best employer success and scale bring broad responsibility and if you want to

broad responsibility and if you want to read these in detail because they have a

read these in detail because they have a big block of text for each of these uh

big block of text for each of these uh you can go to amazon. jobs

you can go to amazon. jobs uhen principles and read all about it

uhen principles and read all about it [Music]

[Music] okay all right let's talk about some

okay all right let's talk about some general design principles uh that you

general design principles uh that you should be considering when you are

should be considering when you are designing your infrastructure no matter

designing your infrastructure no matter what pillar that you are looking to

what pillar that you are looking to adopt the first is stop guessing your

adopt the first is stop guessing your capacity need so the great thing with

capacity need so the great thing with cloud computing is you use as little or

cloud computing is you use as little or much based on demand whereas on premise

much based on demand whereas on premise you would have to purchase a machine and

you would have to purchase a machine and you'd have to make sure you have

you'd have to make sure you have additional capacity so that you could

additional capacity so that you could grow into it right and so here with uh

grow into it right and so here with uh Cloud you do not have to worry about

Cloud you do not have to worry about that uh test systems at production scale

that uh test systems at production scale so be able to clone your production

so be able to clone your production environment to testing tear down testing

environment to testing tear down testing while not in use to save money so a lot

while not in use to save money so a lot of people will have a staging server

of people will have a staging server that they run all the time but the great

that they run all the time but the great thing here is that with Cloud you know

thing here is that with Cloud you know it's you can just spin it up and have it

it's you can just spin it up and have it right away and then tear it down and

right away and then tear it down and save money um there's automating to make

save money um there's automating to make architectural experimentation easier

architectural experimentation easier this is talking about using

this is talking about using infrastructure as a code so for ad ofs

infrastructure as a code so for ad ofs this would be using cloud formation

this would be using cloud formation creating change sets which kind of um uh

creating change sets which kind of um uh say exactly what is going to change

say exactly what is going to change stack updates drift detection to see if

stack updates drift detection to see if your stuff is uh uh being changed over

your stuff is uh uh being changed over time by developers through manual

time by developers through manual configuration things like that then we

configuration things like that then we have allow for evolutionary

have allow for evolutionary architectures so this is about adapting

architectures so this is about adapting cicd um doing nightly releases or if

cicd um doing nightly releases or if you're using serverless if you adopted

you're using serverless if you adopted lambdas they deprecate over time forcing

lambdas they deprecate over time forcing you to use the latest version uh and so

you to use the latest version uh and so that is evolutionary architectures then

that is evolutionary architectures then we have drive architectures using data

we have drive architectures using data so um when you're using Cloud there's a

so um when you're using Cloud there's a lot of Tooling in there to automatically

lot of Tooling in there to automatically start collecting data so cloudwatch will

start collecting data so cloudwatch will be collecting some things by default and

be collecting some things by default and cloud trail will as well so you know

cloud trail will as well so you know that is another thing and then improving

that is another thing and then improving things through game days so this is

things through game days so this is about stimulating traffic on production

about stimulating traffic on production or purposely killing ec2 instances or or

or purposely killing ec2 instances or or messing with your services to see how

messing with your services to see how well they recover all

well they recover all [Music]

[Music] right before we jump into each of the

right before we jump into each of the pillars let's go open them up and take a

pillars let's go open them up and take a look at what structure we should expect

look at what structure we should expect to see so we have design principles

to see so we have design principles definition best practices and resources

definition best practices and resources all the pillars follow this to a t so

all the pillars follow this to a t so let's just talk about what these are so

let's just talk about what these are so the design principles are a list of

the design principles are a list of design principles that needs to be

design principles that needs to be considered during implementation and

considered during implementation and that's where we're going to focus a lot

that's where we're going to focus a lot of our energy then you have definition

of our energy then you have definition so this is an overview of the best

so this is an overview of the best practice categories then you have the

practice categories then you have the best practices themselves these are

best practices themselves these are detailed information about each practice

detailed information about each practice with uh various a services and then you

with uh various a services and then you have resources these are additional

have resources these are additional documentation white papers uh and videos

documentation white papers uh and videos to implement this pillar and I just want

to implement this pillar and I just want to tell you that if you're doing the

to tell you that if you're doing the certified Cloud practitioner we're

certified Cloud practitioner we're really just going to cover the design

really just going to cover the design principles but for the solutions

principles but for the solutions architect associate or anything uh

architect associate or anything uh that's associate or above that's where

that's associate or above that's where we're going to actually dive deep into

we're going to actually dive deep into to the implementation of the best

to the implementation of the best practices because there is a lot of

practices because there is a lot of stuff there so uh yeah there we

stuff there so uh yeah there we [Music]

[Music] go let's take a look here at the design

go let's take a look here at the design principles for operational excellence so

principles for operational excellence so the first here is perform operations as

the first here is perform operations as code so apply the same engineering

code so apply the same engineering discipline you would to application code

discipline you would to application code to your infrastructure so by trating

to your infrastructure so by trating your operations as code you can limit

your operations as code you can limit human error and enable consistent

human error and enable consistent responses to events generally we're

responses to events generally we're talking about infrast infrastructure as

talking about infrast infrastructure as a code here so this would probably like

a code here so this would probably like things like cloud formation there's

things like cloud formation there's other things you could do like policy as

other things you could do like policy as a code and a bunch of other ones then we

a code and a bunch of other ones then we have make frequent small reversible

have make frequent small reversible changes so design your workloads to

changes so design your workloads to allow components to be updated regularly

allow components to be updated regularly uh this could be talking about doing

uh this could be talking about doing rollbacks incremental changes Blu green

rollbacks incremental changes Blu green deployments having a cicd pipeline

deployments having a cicd pipeline refine operations procedures frequently

refine operations procedures frequently so look for continuous opportunities to

so look for continuous opportunities to improve your operations uh here you use

improve your operations uh here you use game days to simulate traffic or event

game days to simulate traffic or event failure on your production workloads

failure on your production workloads anticipate failure so perform post

anticipate failure so perform post modems on system failures to better

modems on system failures to better improve write test code kill production

improve write test code kill production servers um there's a small spelling

servers um there's a small spelling mistake it should have an R here so

mistake it should have an R here so servers to test recovery learn from all

servers to test recovery learn from all operational failure so share Lessons

operational failure so share Lessons Learned in a knowledge base for

Learned in a knowledge base for operational events and failures across

operational events and failures across your entire organization but you know if

your entire organization but you know if you can just remember these headings

you can just remember these headings here uh and be able to categorize what

here uh and be able to categorize what would be under operational excellence

would be under operational excellence you'll be okay all right

[Music] all right let's take a look at the

all right let's take a look at the design principles for the security

design principles for the security pillar so the first here is Implement a

pillar so the first here is Implement a strong identity foundation so implement

strong identity foundation so implement the principle of lease privilege or PP

the principle of lease privilege or PP that's a very uh popular concept meaning

that's a very uh popular concept meaning giving people only the permissions that

giving people only the permissions that they need use centralized identity so

they need use centralized identity so that would be using adus am avoid Long

that would be using adus am avoid Long Live credentials then we have enable

Live credentials then we have enable traceability so monitor alerts and audit

traceability so monitor alerts and audit actions and changes to your environment

actions and changes to your environment in real time integrate log and Metric

in real time integrate log and Metric collection and automate investigations

collection and automate investigations and Remediation then we have apply

and Remediation then we have apply security at all layers so take defense

security at all layers so take defense in depth approach with multiple security

in depth approach with multiple security controls for everything from Edge

controls for everything from Edge networks vbcs load balancing instances

networks vbcs load balancing instances OS application code uh we might have a

OS application code uh we might have a slide in this course on defense and uh

slide in this course on defense and uh depth where basically you see like a

depth where basically you see like a ring of things and you can kind of see

ring of things and you can kind of see how like there's layers that go from

how like there's layers that go from outward to Inward and that's what

outward to Inward and that's what they're talking about when they're

they're talking about when they're listing out all these things here

listing out all these things here automate security best practices uh

automate security best practices uh protect prot your data in transit at

protect prot your data in transit at rest uh keep people away from your data

rest uh keep people away from your data the reason I don't have descriptions

the reason I don't have descriptions there is because those are pretty

there is because those are pretty self-evident prepare for security events

self-evident prepare for security events so Incident Management systems and

so Incident Management systems and investigation policies and processes

investigation policies and processes tools to detect investigate and recovery

tools to detect investigate and recovery from incidences and uh there are a lot

from incidences and uh there are a lot of security tools out there and they all

of security tools out there and they all have funny uh initialisms I didn't put

have funny uh initialisms I didn't put any of them in here but I'm sure there

any of them in here but I'm sure there are some there um but yeah there you go

are some there um but yeah there you go for

for [Music]

[Music] security all right let's take a look at

security all right let's take a look at the design principles for reliability

the design principles for reliability and the first here is automatically

and the first here is automatically recover from failure so Monitor kpis and

recover from failure so Monitor kpis and Trigger automations when the threshold

Trigger automations when the threshold is breach test recovery procedures so

is breach test recovery procedures so test how your workload fails and you

test how your workload fails and you validate your recovery procedures you

validate your recovery procedures you can use automation to simulate different

can use automation to simulate different failures or to recreate scenarios that

failures or to recreate scenarios that led to failures before scale

led to failures before scale horizontally to increase aggregate

horizontally to increase aggregate system availability so replace one large

system availability so replace one large resource with multiple small resources

resource with multiple small resources to reduce the impact of a single failure

to reduce the impact of a single failure on the over overall workload to

on the over overall workload to distribute requests across multiple

distribute requests across multiple smaller resources to ensure that they

smaller resources to ensure that they don't share a common point of failure so

don't share a common point of failure so we're talking about multi-az uh High

we're talking about multi-az uh High availability okay stop guessing capacity

availability okay stop guessing capacity we've seen this multiple times so in on

we've seen this multiple times so in on premise it takes a lot of guess work to

premise it takes a lot of guess work to determine the elasticity of your

determine the elasticity of your workloads uh workload demands with Cloud

workloads uh workload demands with Cloud you don't need to guess how much you

you don't need to guess how much you need because you can request the right

need because you can request the right size of resources on demand that's going

size of resources on demand that's going to give you better reliability okay

to give you better reliability okay manage change in automation so making

manage change in automation so making changes via infrastructure as a code

changes via infrastructure as a code will allow for a formal process to track

will allow for a formal process to track and review infrastructure you're going

and review infrastructure you're going to see IC show up a lot in this

to see IC show up a lot in this framework

framework [Music]

[Music] okay let's take a look at design

okay let's take a look at design principles for performance efficiency so

principles for performance efficiency so the first here is democratize advanced

the first here is democratize advanced technology so focus on product

technology so focus on product development rather than procurement

development rather than procurement provisioning and management of services

provisioning and management of services because if you're on Prem you'd have to

because if you're on Prem you'd have to order those machines set them up and so

order those machines set them up and so take advantage of advanced technology

take advantage of advanced technology specialize in optimize for your use case

specialize in optimize for your use case with on demand cloud services because

with on demand cloud services because again if you're using on Prem uh you you

again if you're using on Prem uh you you know you might not have the option to

know you might not have the option to have Sage maker right it's just going to

have Sage maker right it's just going to be a VM and you're going to have to do

be a VM and you're going to have to do all the work yourselves whereas ads has

all the work yourselves whereas ads has all these specialized things so you can

all these specialized things so you can move quickly uh Go Global in minutes so

move quickly uh Go Global in minutes so deploying your workload in multiple Abus

deploying your workload in multiple Abus regions around the world allows you to

regions around the world allows you to provide lower latency and a better

provide lower latency and a better experience for your customers at a

experience for your customers at a minimal cost we have used serverless

minimal cost we have used serverless architecture so serverless architecture

architecture so serverless architecture removes the need for you to run and

removes the need for you to run and maintain physical servers for

maintain physical servers for traditional Computing activities removes

traditional Computing activities removes the operational burden of managing

the operational burden of managing physical servers and can lower

physical servers and can lower transactional costs because manag

transactional costs because manag Services operate at Cloud scale and can

Services operate at Cloud scale and can be a lot better at um running them

be a lot better at um running them efficiently than you will uh experiment

efficiently than you will uh experiment more often so with virtual and

more often so with virtual and automatable uh resources you can quickly

automatable uh resources you can quickly carry out comparative testing using

carry out comparative testing using different types of instances storage or

different types of instances storage or configurations to make the best choice

configurations to make the best choice we call this right sizing choosing the

we call this right sizing choosing the right size consider mechanical sympathy

right size consider mechanical sympathy so understand how cloud services are

so understand how cloud services are consumed and always use technology

consumed and always use technology approach that aligns best with your

approach that aligns best with your workload goals for example consider data

workload goals for example consider data access patterns when you select database

access patterns when you select database or storage

or storage [Music]

[Music] approaches let's take a look here at

approaches let's take a look here at design principles for cost optimization

design principles for cost optimization so the first one here is Implement Cloud

so the first one here is Implement Cloud financial management so dedicate time

financial management so dedicate time and resources to build capacity uh via

and resources to build capacity uh via Cloud financial management and cost

Cloud financial management and cost optimization tooling soab us is saying

optimization tooling soab us is saying hey take advantage of all our tooling

hey take advantage of all our tooling that makes it easy for you to know

that makes it easy for you to know exactly what you're spending adopt a

exactly what you're spending adopt a consumption model so pay only for

consumption model so pay only for computing resources that you require uh

computing resources that you require uh an increase or decrease using uh

an increase or decrease using uh depending on the business requirements

depending on the business requirements we're talking about on demand pricing

we're talking about on demand pricing measure overall efficiency so measure

measure overall efficiency so measure the business output of the workload and

the business output of the workload and the cost associ associated with

the cost associ associated with delivering use this measure to know the

delivering use this measure to know the gains you make from increasing output

gains you make from increasing output and reducing costs so stop spending

and reducing costs so stop spending money on

money on undifferentiated that's a hard word to

undifferentiated that's a hard word to say

say undifferentiated heavy lifting so adus

undifferentiated heavy lifting so adus does the heavy lifting of the data

does the heavy lifting of the data center operations like racking stacking

center operations like racking stacking and power servers it also removes the

and power servers it also removes the operational burden of managing op

operational burden of managing op operating systems and applications with

operating systems and applications with managed services this allows you to

managed services this allows you to focus on your customers and business

focus on your customers and business projects rather than your it

projects rather than your it infrastructure and the last one here is

infrastructure and the last one here is analyze and attribute expenditure so the

analyze and attribute expenditure so the cloud makes it easier to uh accurately

cloud makes it easier to uh accurately identify the usage and cost of systems

identify the usage and cost of systems which then allow transparent uh

which then allow transparent uh attribution of it costs to individualize

attribution of it costs to individualize workload owners this helps measure

workload owners this helps measure return on investment and gives workload

return on investment and gives workload owners an opportunity to optimize their

owners an opportunity to optimize their resources and reduce costs so there you

resources and reduce costs so there you go

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at the adus

and we are taking a look at the adus well architected tool so this is an

well architected tool so this is an auditing tool to be used to assess your

auditing tool to be used to assess your Cloud workloads for alignment with the

Cloud workloads for alignment with the AWS well architected framework and so

AWS well architected framework and so what it is it's essentially a checklist

what it is it's essentially a checklist uh but it also has nearby references so

uh but it also has nearby references so you know as you're reading through it it

you know as you're reading through it it will show you information uh and

will show you information uh and resources so that it can help you with

resources so that it can help you with this checklist here and the idea is when

this checklist here and the idea is when you're done you can generate out report

you're done you can generate out report and then you can provide that report to

and then you can provide that report to your Executives and key stakeholders to

your Executives and key stakeholders to prove uh you know how well architected

prove uh you know how well architected your workload is on AWS

your workload is on AWS [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and in this video I want to show you

Pro and in this video I want to show you two things the well architected

two things the well architected framework and the well architected tool

framework and the well architected tool so first let's go look for the well

so first let's go look for the well architected framework so we're going to

architected framework so we're going to look up white papers uh AWS and so if we

look up white papers uh AWS and so if we go here to a amazon.com white papers we

go here to a amazon.com white papers we have a bunch of pages here and so I'm

have a bunch of pages here and so I'm going to just checkbox on white papers

going to just checkbox on white papers so that we can kind of reduce the amount

so that we can kind of reduce the amount there and then I'm going to checkbox

there and then I'm going to checkbox well architector framework if we scroll

well architector framework if we scroll all the way top here one of these you

all the way top here one of these you think it'd be right at the top but one

think it'd be right at the top but one of these is the well architected

of these is the well architected framework and here it is and so if we

framework and here it is and so if we open it up I used to just directly open

open it up I used to just directly open up as a PDF I'm sure you can still

up as a PDF I'm sure you can still download it as is but generally you're

download it as is but generally you're going to open up as this HTML page and

going to open up as this HTML page and you can basically read through it see

you can basically read through it see all the stuff see the multiple pillars

all the stuff see the multiple pillars we can click into here see the design

we can click into here see the design principles read the definitions and then

principles read the definitions and then start reading about uh the best

start reading about uh the best practices and they have these things at

practices and they have these things at the bottom of each one uh very boring

the bottom of each one uh very boring very very boring but um you know when

very very boring but um you know when you get to the solutions architect and

you get to the solutions architect and things like that you're going to need to

things like that you're going to need to know this stuff inside and out it's

know this stuff inside and out it's going to really help you out at this

going to really help you out at this Cloud practitioner we only need to know

Cloud practitioner we only need to know surface level

surface level information um but that's the architect

information um but that's the architect framework let's take a look at the well

framework let's take a look at the well architected tool so we going type in

architected tool so we going type in well here we'll get the well architected

well here we'll get the well architected tool and if we go here you can see that

tool and if we go here you can see that I've created a couple before probably

I've created a couple before probably demos for um our videos and so I'm going

demos for um our videos and so I'm going to go Define a new workload I'm going to

to go Define a new workload I'm going to say my my workload here uh my

workload whoops my workload it is messing up because I probably have

messing up because I probably have grammarly installed so it does not like

grammarly installed so it does not like grammarly so I'm just going to turn it

grammarly so I'm just going to turn it off for now so my workload

off for now so my workload and it's still not typing correctly so I

and it's still not typing correctly so I have to kill out kill out grammarly here

have to kill out kill out grammarly here which is kind of frustrating so that's a

which is kind of frustrating so that's a bug that that's not grammarly's fault

bug that that's not grammarly's fault that's adab Us's fault for not playing

that's adab Us's fault for not playing well with grammarly and that's something

well with grammarly and that's something I will definitely report to them because

I will definitely report to them because it's very annoying so I'm going to go

it's very annoying so I'm going to go ahead and refresh this

ahead and refresh this page my workload my

page my workload my workload um and this is Andrew Brown

workload um and this is Andrew Brown production or pre-production doesn't

production or pre-production doesn't matter pick your regions Us East or Us

matter pick your regions Us East or Us East 2

East 2 sure I'm selecting

sure I'm selecting it there we go uh optional optional

it there we go uh optional optional optional optional you go to next and

optional optional you go to next and then you can choose your lens servus

then you can choose your lens servus lens FTR lens so that's the foundational

lens FTR lens so that's the foundational technical review SAS lens we can go with

technical review SAS lens we can go with architected framework and then once that

architected framework and then once that is there we can start

is there we can start reviewing okay and then we get this big

reviewing okay and then we get this big checklist and so we can go through this

checklist and so we can go through this and read each one so we say Ops one how

and read each one so we say Ops one how do you determine what your priorities

do you determine what your priorities are and all these things like Ops and

are and all these things like Ops and stuff like that these are all the

stuff like that these are all the summaries in each of the well

summaries in each of the well architected framework sections so you

architected framework sections so you pretty much don't need to really read

pretty much don't need to really read the dock you just go through this so

the dock you just go through this so everyone needs to understand their part

everyone needs to understand their part in enabling business success have shared

in enabling business success have shared goals in order to set priorities of

goals in order to set priorities of resources this will maximize the benefit

resources this will maximize the benefit of your efforts so select from the

of your efforts so select from the following evaluate the customer's

following evaluate the customer's external needs external customer needs

external needs external customer needs evaluate internal customer needs if you

evaluate internal customer needs if you click info it's going to highlight each

click info it's going to highlight each one here so evolve key stakeholders

one here so evolve key stakeholders including Business Development

including Business Development operations teams this will ensure Etc

operations teams this will ensure Etc and so you just go through this and uh

and so you just go through this and uh you know once you have that and you save

you know once you have that and you save and

and exit Okay uh you'll have uh the

exit Okay uh you'll have uh the questions that are answered it'll say

questions that are answered it'll say what's high risk what's not things like

what's high risk what's not things like that very simplistic it's really just a

that very simplistic it's really just a way of making a very organized report or

way of making a very organized report or checklist and proving that you went

checklist and proving that you went through it uh to the executive level or

through it uh to the executive level or to the management level there so

to the management level there so hopefully that makes sense to you um

hopefully that makes sense to you um it's not too complicated but there you

it's not too complicated but there you [Music]

[Music] go hey it's Andrew Brown from exam Pro

go hey it's Andrew Brown from exam Pro and we are looking at the Adas

and we are looking at the Adas architecture Center so the architecture

architecture Center so the architecture Center is a web portal that contains

Center is a web portal that contains best practices and reference

best practices and reference architectures for a variety of different

architectures for a variety of different workloads and you can find this at adab.

workloads and you can find this at adab. amazon.com architecture so if you're

amazon.com architecture so if you're looking for Best Practices inter terms

looking for Best Practices inter terms of security they have a huge section on

of security they have a huge section on that and they have it for pretty much

that and they have it for pretty much every kind of category on AWS or if

every kind of category on AWS or if you're looking for practical examples

you're looking for practical examples you can view the large library of

you can view the large library of reference architectures so here's one to

reference architectures so here's one to make an ads Q&A bot and it will have an

make an ads Q&A bot and it will have an architectural diagram but you can also

architectural diagram but you can also uh deploy it via cloud formation or

uh deploy it via cloud formation or possibly cdk um and this way you can get

possibly cdk um and this way you can get a working example and then tweak it for

a working example and then tweak it for your use case so this is a really great

your use case so this is a really great tool um when you are done the it well

tool um when you are done the it well architect framework and you're saying

architect framework and you're saying okay how do we apply it can we get more

okay how do we apply it can we get more concrete examples and I wouldn't be

concrete examples and I wouldn't be surprised if a lot of the resources

surprised if a lot of the resources within the well architectured framework

within the well architectured framework white paper are just pointing to the

white paper are just pointing to the center

center [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at the

Pro and we are taking a look at the concept of total cost of ownership also

concept of total cost of ownership also known as TCO so what is TCO well it is a

known as TCO so what is TCO well it is a financial estimate intended to help

financial estimate intended to help buyers and owners determine the direct

buyers and owners determine the direct and indirect cost of a product or

and indirect cost of a product or service so here is is an example of you

service so here is is an example of you know TCO for maybe like a data center so

know TCO for maybe like a data center so we have Hardware monitoring installation

we have Hardware monitoring installation IT personnel training software uh

IT personnel training software uh security licensing and taxes but that's

security licensing and taxes but that's not just the limit of it it's just kind

not just the limit of it it's just kind of the examples we show here uh the idea

of the examples we show here uh the idea of creating TCO is useful when your

of creating TCO is useful when your company's looking to migrate from on

company's looking to migrate from on Prem to cloud and we will have a better

Prem to cloud and we will have a better uh kind of visual here to kind of

uh kind of visual here to kind of understand how you would contrast

understand how you would contrast against on premise to Cloud but let's

against on premise to Cloud but let's just talk about how it actually works in

just talk about how it actually works in practicality which I think gets kind of

practicality which I think gets kind of of overlooked when cloud service

of overlooked when cloud service providers are selling you on TCO so the

providers are selling you on TCO so the idea is that Gardener um you know they

idea is that Gardener um you know they uh they were they wrote this article

uh they were they wrote this article based on This research where an

based on This research where an organization had moved uh 2,500 virtual

organization had moved uh 2,500 virtual machines over to Amazon dc2 and so what

machines over to Amazon dc2 and so what you're seeing here is that there is a an

you're seeing here is that there is a an additional cost that we're not

additional cost that we're not considering which is the migration cost

considering which is the migration cost See This Bar up here um so the idea is

See This Bar up here um so the idea is that the company was paying around

that the company was paying around 400,000 and so they started to move over

400,000 and so they started to move over and as you see uh the cost initially

and as you see uh the cost initially went up for a short period of time here

went up for a short period of time here uh but then once that migration cost was

uh but then once that migration cost was over uh you can notice that they had a

over uh you can notice that they had a 55% reduction so it's uh totally

55% reduction so it's uh totally possible to save money uh and clearly

possible to save money uh and clearly there is great savings uh now is it

there is great savings uh now is it exactly what AWS promises probably not

exactly what AWS promises probably not and that's that could be the reason why

and that's that could be the reason why they updated their TCO calculator but

they updated their TCO calculator but let's now just do that contrast against

let's now just do that contrast against the two so we have on premise on the

the two so we have on premise on the left and ads on the right or any cloud

left and ads on the right or any cloud service provider and what I want to do

service provider and what I want to do is help you think about what costs do

is help you think about what costs do people generally think about because if

people generally think about because if we have like Iceberg the idea here is

we have like Iceberg the idea here is that these are the costs that we always

that these are the costs that we always think about above the iceberg and then

think about above the iceberg and then there's these hidden costs that we just

there's these hidden costs that we just don't consider when factoring in our

don't consider when factoring in our move and that's the idea of T TCO is to

move and that's the idea of T TCO is to consider all the cost not just the

consider all the cost not just the superficial ones and so people say these

superficial ones and so people say these look like teeth and that's why I add

look like teeth and that's why I add penguins and a whale here um and so when

penguins and a whale here um and so when we're talking about on premise what we

we're talking about on premise what we generally think are software license

generally think are software license fees and subscription fees but when you

fees and subscription fees but when you compare those against each other they

compare those against each other they might look the same um ad us might just

might look the same um ad us might just look slightly cheaper or even more and

look slightly cheaper or even more and so the idea is you need to then factor

so the idea is you need to then factor in everything so on on premise there's

in everything so on on premise there's implementation configuration training

implementation configuration training physical security Hardware IT personnel

physical security Hardware IT personnel maintenance and on the adab side you

maintenance and on the adab side you know you are you don't have to do as

know you are you don't have to do as much of that stuff so you just have

much of that stuff so you just have implementation configuration and

implementation configuration and training and so adab us with their TCO

training and so adab us with their TCO calculator their old one used to make a

calculator their old one used to make a promise of 75% in savings um again you

promise of 75% in savings um again you know this is going to really vary based

know this is going to really vary based on what your migration strategy looks

on what your migration strategy looks like um but you know it's totally

like um but you know it's totally possible you could save 75% or you could

possible you could save 75% or you could save 50% over a third year threeyear

save 50% over a third year threeyear period And there's a an initial Spike so

period And there's a an initial Spike so that's just something you have to

that's just something you have to consider but the nice thing though is

consider but the nice thing though is that once you've moved over all the

that once you've moved over all the stuff over here on the left hand side

stuff over here on the left hand side will be ad Us's responsibility

will be ad Us's responsibility [Music]

[Music] okay all right so let's take a look at

okay all right so let's take a look at Capital versus operational expenditure

Capital versus operational expenditure so there's capex and Opex so on the

so there's capex and Opex so on the capex side the idea here is you're

capex side the idea here is you're spending money upfront on physical

spending money upfront on physical infrastructure deducting that expenses

infrastructure deducting that expenses from your tax bill over time uh a lot of

from your tax bill over time uh a lot of companies that are running their own

companies that are running their own data centers uh or have a lot of on-

data centers uh or have a lot of on- premise stuff understand what capex is

premise stuff understand what capex is because um it's something that a lot of

because um it's something that a lot of times they get tax breakes on and that's

times they get tax breakes on and that's why we see a lot of people that have a

why we see a lot of people that have a hard time moving away from the cloud

hard time moving away from the cloud because you know they keep on thinking

because you know they keep on thinking about that money they save from the

about that money they save from the government but capex costs would be

government but capex costs would be things like server costs storage Network

things like server costs storage Network costs backups and archives Disaster

costs backups and archives Disaster Recovery costs data center costs

Recovery costs data center costs technical Personnel so the idea is with

technical Personnel so the idea is with capital exp expenses you have to guess

capital exp expenses you have to guess up front what you plan to spend okay

up front what you plan to spend okay with operational expenditure the idea

with operational expenditure the idea here is the cost associated with an on-

here is the cost associated with an on- premise data center that has shifted the

premise data center that has shifted the cost to the service provider the

cost to the service provider the customer only has to be concerned with

customer only has to be concerned with non-physical costs so leasing software

non-physical costs so leasing software and customizing features uh training

and customizing features uh training employees and cloud services paying for

employees and cloud services paying for cloud support uh billing based on cloud

cloud support uh billing based on cloud metrics so compute usage storage usage

metrics so compute usage storage usage and so the idea here is with operational

and so the idea here is with operational expenses you can try a product or

expenses you can try a product or service without investing in equipment

service without investing in equipment so basically kex is what we think about

so basically kex is what we think about when we think of on premise and then

when we think of on premise and then Opex is what we think about um you know

Opex is what we think about um you know when we're thinking about cloud or AWS

when we're thinking about cloud or AWS [Music]

[Music] okay all right let's ask a very

okay all right let's ask a very important question about Cloud migration

important question about Cloud migration so does cloud make it Personnel

so does cloud make it Personnel redundant so a company is considering

redundant so a company is considering migrating their workloads from on

migrating their workloads from on premise to the cloud to take advantage

premise to the cloud to take advantage of the savings there is a concern among

of the savings there is a concern among the staff that there will be Mass

the staff that there will be Mass layoffs does cloud make it Personnel

layoffs does cloud make it Personnel redundant and that's a very important

redundant and that's a very important question to to have an answer to and

question to to have an answer to and this all talks about shifting your it

this all talks about shifting your it team into different responsibilities so

team into different responsibilities so a company needs it Personnel during the

a company needs it Personnel during the migration phase as we saw with that

migration phase as we saw with that Gardener research report that there was

Gardener research report that there was a period at least like a year where they

a period at least like a year where they needed that for you know depending on

needed that for you know depending on the size of your company so you're still

the size of your company so you're still going to need those people around a

going to need those people around a company can transition some roles to new

company can transition some roles to new Cloud roles so a very traditional

Cloud roles so a very traditional example would be you have your

example would be you have your traditional networking roles or people

traditional networking roles or people have like their CCNA and now they're

have like their CCNA and now they're moving over to Cloud networking uh they

moving over to Cloud networking uh they have a reduced workload but there's

have a reduced workload but there's other things uh that they could be doing

other things uh that they could be doing in the cloud um a company may decide to

in the cloud um a company may decide to take a hybrid approach so they'll always

take a hybrid approach so they'll always need to have a traditional it team and a

need to have a traditional it team and a cloud uh it team um and the last one and

cloud uh it team um and the last one and this would you'd actually see on the

this would you'd actually see on the exam which is a company can change

exam which is a company can change employees AC ities from managing

employees AC ities from managing infrastructure to re Revenue generating

infrastructure to re Revenue generating activities okay so the idea is that you

activities okay so the idea is that you know if you a company why would you get

know if you a company why would you get rid of all your staff when you can just

rid of all your staff when you can just put them all into Revenue generation I

put them all into Revenue generation I suppose you know you could uh you know

suppose you know you could uh you know uh lay them off and some companies might

uh lay them off and some companies might do that um or you know you could just

do that um or you know you could just retrain them because if that IT

retrain them because if that IT personnel team has uh technical

personnel team has uh technical expertise I'm sure they can translate

expertise I'm sure they can translate that to the

that to the [Music]

[Music] cloud let's talk about the adus pricing

cloud let's talk about the adus pricing calculator and this this is a free cost

calculator and this this is a free cost estimate tool that can be used within

estimate tool that can be used within your web browser without the need of an

your web browser without the need of an adus account to estimate the cost of a

adus account to estimate the cost of a various adus services and this is um

various adus services and this is um available at calculator. AWS and the

available at calculator. AWS and the reason we're bringing this up is because

reason we're bringing this up is because there used to be a TCO calculator but

there used to be a TCO calculator but now this is the calculator that you use

now this is the calculator that you use so the adabs pricing calculator contains

so the adabs pricing calculator contains 100 plus services that you configure for

100 plus services that you configure for cost estimate and so you can just click

cost estimate and so you can just click through a bunch of knobs and uh boxes to

through a bunch of knobs and uh boxes to uh you know uh exactly figure out a very

uh you know uh exactly figure out a very accurate cost so the idea here is that

accurate cost so the idea here is that to calculate your TCO an organization

to calculate your TCO an organization needs to compare that existing costs

needs to compare that existing costs against their adus costs and so the adus

against their adus costs and so the adus pricing calculator can be used to

pricing calculator can be used to determine uh you know the adus costs and

determine uh you know the adus costs and obviously the organization knows its

obviously the organization knows its cost so we can compare it against that

cost so we can compare it against that um and the way you can get data out of

um and the way you can get data out of this is you can export it as a final

this is you can export it as a final estimate to a CSV

estimate to a CSV [Music]

[Music] okay hey this is this is Andre Brown

okay hey this is this is Andre Brown from exam Pro and we are taking a look

from exam Pro and we are taking a look at the AWS pricing calculator so to get

at the AWS pricing calculator so to get there it's calculator. AWS what you're

there it's calculator. AWS what you're going to do is hit create estimate and

going to do is hit create estimate and then here you have a bunch of services

then here you have a bunch of services so you just choose what you want so you

so you just choose what you want so you type in ec2 we're going to configure

type in ec2 we're going to configure that and from there we can do a quick

that and from there we can do a quick estimate or an advanced estimate so

estimate or an advanced estimate so choose this option for fast and easy

choose this option for fast and easy route to Ballpark and estimate choose

route to Ballpark and estimate choose this option for detailed estimate for

this option for detailed estimate for accounts workloads and stuff so notice

accounts workloads and stuff so notice down below very simplistic we hit

down below very simplistic we hit Advanced and we get all sort sorts of

Advanced and we get all sort sorts of stuff okay so you know it's really up to

stuff okay so you know it's really up to you I'm very comfortable with the

you I'm very comfortable with the advanced options so I might be running a

advanced options so I might be running a Linux machine what is my usage it's

Linux machine what is my usage it's going to have uh daily spikes of traffic

going to have uh daily spikes of traffic because of the use cases you could say

because of the use cases you could say it's not busy on Saturday and Sunday

it's not busy on Saturday and Sunday that it has a baseline of one a peak of

that it has a baseline of one a peak of two eight things like that then you can

two eight things like that then you can choose what you're using um T4 G I don't

choose what you're using um T4 G I don't even know what that is uh but we'll just

even know what that is uh but we'll just say like

say like t uh T2 micro which is not that big 23

t uh T2 micro which is not that big 23 micro and you can say we're doing on

micro and you can say we're doing on demand cuz a lot of people would be

demand cuz a lot of people would be doing that and you see like $7 a month

doing that and you see like $7 a month it's not a lot of money then you're

it's not a lot of money then you're looking at your storage data in data

looking at your storage data in data out okay so we can add that another

out okay so we can add that another thing that we might see is something

thing that we might see is something like

like RDS so we go to RDS and we add post

RDS so we go to RDS and we add post Crest and not all of them have the

Crest and not all of them have the simple and complex sometimes they're

simple and complex sometimes they're simple so production database

simple so production database we'll have one here and which're just

we'll have one here and which're just going to be say a dbt2 micro T T3 micro

going to be say a dbt2 micro T T3 micro there we go uh 100 that's fine we're not

there we go uh 100 that's fine we're not going to have multi-az we'll have single

going to have multi-az we'll have single a on demand show the calculation $13 a

a on demand show the calculation $13 a month add that to our estimate so you're

month add that to our estimate so you're kind of getting the idea there

kind of getting the idea there right um and so you know we have our

right um and so you know we have our summary that's our monthly

summary that's our monthly $391 um oh sorry over $12 months our

$391 um oh sorry over $12 months our monthly cost is

monthly cost is $32 okay you can go back there clone the

$32 okay you can go back there clone the service edit it stuff like that you can

service edit it stuff like that you can export the estimate I think it goes out

export the estimate I think it goes out as a CSV you can also hit

as a CSV you can also hit share um and then hit agree and so then

share um and then hit agree and so then you have a public link and if I have

you have a public link and if I have that link we can just see what happens

that link we can just see what happens if I paste it okay and it just brings

if I paste it okay and it just brings them to the same estimate so there you

them to the same estimate so there you [Music]

[Music] go hey this is Brown from exam Pro and

go hey this is Brown from exam Pro and we are taking a look at migration

we are taking a look at migration evaluator so it was formerly known as

evaluator so it was formerly known as TCL logic and then abos acquired the

TCL logic and then abos acquired the company and it is an estimate tool used

company and it is an estimate tool used to determine an organization existing on

to determine an organization existing on premise costs so it can compare it

premise costs so it can compare it against its aabus cost for Planned Cloud

against its aabus cost for Planned Cloud migration uh so the idea is that you can

migration uh so the idea is that you can get uh very very detailed information

get uh very very detailed information and the way it collects information is

and the way it collects information is via an agentless collector to collect

via an agentless collector to collect data from your on- premise

data from your on- premise infrastructure to extract from your own

infrastructure to extract from your own on premise costs I don't know if you can

on premise costs I don't know if you can see there but you can see that it works

see there but you can see that it works with a lot of different kinds of on-

with a lot of different kinds of on- premise technology like VMware Microsoft

premise technology like VMware Microsoft uh tsql all sorts of things

uh tsql all sorts of things [Music]

[Music] okay one migration tool that we can use

okay one migration tool that we can use with AWS is the VM import export and

with AWS is the VM import export and this allows us to import virtual

this allows us to import virtual machines into ec2 so inabus has import

machines into ec2 so inabus has import instructions for VMware Citrix Microsoft

instructions for VMware Citrix Microsoft hyperv windows vhd from Azure and also

hyperv windows vhd from Azure and also Linux vhd from Azure and so the way this

Linux vhd from Azure and so the way this works is that you prepare your virtual

works is that you prepare your virtual image for upload and adus has a bunch of

image for upload and adus has a bunch of instructions for that once it is ready

instructions for that once it is ready you're going to upload that to an S3

you're going to upload that to an S3 bucket and once it's uploaded to an S3

bucket and once it's uploaded to an S3 bucket then what you can do is use the

bucket then what you can do is use the adab CLI to import your image um and so

adab CLI to import your image um and so that is the CLI command down below and

that is the CLI command down below and once it is produced it will generate out

once it is produced it will generate out an Amazon machine image and so from an

an Amazon machine image and so from an Ami you can then go your ec2

Ami you can then go your ec2 [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at the

Pro and we are taking a look at the database migration service which allows

database migration service which allows you to quickly and securely migrate one

you to quickly and securely migrate one database to another DMS can be used to

database to another DMS can be used to migrate your on premise database to ads

migrate your on premise database to ads and that's why we're talking about it uh

and that's why we're talking about it uh and so here's a general diagram where

and so here's a general diagram where you have your Source database which

you have your Source database which connects to a source endpoint goes

connects to a source endpoint goes through a replication instance so that's

through a replication instance so that's a ec2 instance that's going to replicate

a ec2 instance that's going to replicate the data to the Target endpoint onto the

the data to the Target endpoint onto the the target database uh and so we have a

the target database uh and so we have a bunch of possible sources so we have

bunch of possible sources so we have Oracle database Microsoft SQL MySQL Mari

Oracle database Microsoft SQL MySQL Mari DB post SQL mongodb sap

DB post SQL mongodb sap ASC IMDb db2 AZ your SQL database Amazon

ASC IMDb db2 AZ your SQL database Amazon RDS Amazon S3 and I'm assuming these are

RDS Amazon S3 and I'm assuming these are database dumps Amazon Aurora Amazon

database dumps Amazon Aurora Amazon document DB and so for possible targets

document DB and so for possible targets it's very similar we got Oracle database

it's very similar we got Oracle database Microsoft SQL MySQL Mario DB post SQL

Microsoft SQL MySQL Mario DB post SQL reddis saps SE Amazon red shift Amazon

reddis saps SE Amazon red shift Amazon RDS Amazon Dynamo DB Amazon S3 Amazon

RDS Amazon Dynamo DB Amazon S3 Amazon Aurora Amazon open search service Amazon

Aurora Amazon open search service Amazon elasticache for reddis Amazon document

elasticache for reddis Amazon document DB Amazon Neptune Apachi Kafka I'm just

DB Amazon Neptune Apachi Kafka I'm just showing you the list to give you an idea

showing you the list to give you an idea of how flexible this service is uh but

of how flexible this service is uh but you can tell that these are very

you can tell that these are very different databases so how can it uh

different databases so how can it uh move them over right and so so in not

move them over right and so so in not all cases can it easily do it like it's

all cases can it easily do it like it's very easy to go from myql to postest um

very easy to go from myql to postest um but you know for ones that are like

but you know for ones that are like relational to uh nosql uh this is where

relational to uh nosql uh this is where the adaba schema conversion tool comes

the adaba schema conversion tool comes into play it's used in many cases to

into play it's used in many cases to automatically convert a source database

automatically convert a source database schema to a Target database schema or

schema to a Target database schema or semi-automate it so that you can kind of

semi-automate it so that you can kind of like uh you know uh figure out how to

like uh you know uh figure out how to map the new schema uh each migration

map the new schema uh each migration path requires a bit of research since

path requires a bit of research since not all combinations of sources and

not all combinations of sources and targets are possible and it really comes

targets are possible and it really comes down to even versions of these things so

down to even versions of these things so but I just want you to know about that

but I just want you to know about that it's an option as a database migration

it's an option as a database migration service and I've migrated a very large

service and I've migrated a very large database before and it's super fast uh

database before and it's super fast uh so and it's not that hard to use so

so and it's not that hard to use so something you definitely want to

something you definitely want to remember when you're

remember when you're [Music]

[Music] migrating hey this is Andrew Brown from

migrating hey this is Andrew Brown from exam Pro and we are taking a look at the

exam Pro and we are taking a look at the cloud adoption framework so this is a

cloud adoption framework so this is a white paper to help you plan your

white paper to help you plan your migration from on premise to AWS at the

migration from on premise to AWS at the highest level the AWS CAF organizes

highest level the AWS CAF organizes guidance into six Focus areas we got

guidance into six Focus areas we got business people governance platform

business people governance platform security and operations and this white

security and operations and this white paper is pretty high level uh so you

paper is pretty high level uh so you know it doesn't get into uh granular

know it doesn't get into uh granular details on how that migration should

details on how that migration should work uh but gives you kind of a holistic

work uh but gives you kind of a holistic approach and I believe that probably

approach and I believe that probably through the adus uh Amazon partner

through the adus uh Amazon partner Network there's people that specialize

Network there's people that specialize in using this particular framework to

in using this particular framework to help organizations move over and I

help organizations move over and I believe that Abus has Professional

believe that Abus has Professional Services through the APN but let's just

Services through the APN but let's just kind of break down what these six

kind of break down what these six categories are we're not going to go too

categories are we're not going to go too deep into this um but let's do it so the

deep into this um but let's do it so the first is the business perspective so

first is the business perspective so these are business managers Finance

these are business managers Finance managers budget owners strategy

managers budget owners strategy stakeholders so it's how to update the

stakeholders so it's how to update the staff skills and organizational

staff skills and organizational processes to optimize business value as

processes to optimize business value as they move Ops to the cloud you have

they move Ops to the cloud you have people perspectives so Human Resources

people perspectives so Human Resources Staffing people managers so how to

Staffing people managers so how to update the staff skills and

update the staff skills and organizational processes to optimize and

organizational processes to optimize and maintain the workforce and ensure

maintain the workforce and ensure competencies are in place at the

competencies are in place at the appropriate time you have governance

appropriate time you have governance perspective so cios program managers

perspective so cios program managers project managers Enterprise Architects

project managers Enterprise Architects business analysts so how to update the

business analysts so how to update the staff skills and organizational

staff skills and organizational processes that are necessary to ensure

processes that are necessary to ensure business governance in the cloud and

business governance in the cloud and manage uh and measure Cloud Investments

manage uh and measure Cloud Investments to evaluate the business outcomes we

to evaluate the business outcomes we have platform perspectives so CTO it

have platform perspectives so CTO it managers solution Architects so how to

managers solution Architects so how to update the staff skills and

update the staff skills and organizational processes that are

organizational processes that are necessary to deliver and optimize Cloud

necessary to deliver and optimize Cloud Solutions and services security

Solutions and services security perspectives so ciso it security

perspectives so ciso it security managers it security analysts so how to

managers it security analysts so how to update the staff skills and

update the staff skills and organizational processes that are

organizational processes that are necessary to ensure that the

necessary to ensure that the architecture deployed in in the cloud

architecture deployed in in the cloud aligns to the organization security

aligns to the organization security control requirements resilience and

control requirements resilience and compliance requirements we have

compliance requirements we have operational or operations perspective so

operational or operations perspective so it operations managers it support

it operations managers it support managers so how to update the staff

managers so how to update the staff skills and organizational processes that

skills and organizational processes that are necessary to ensure system health

are necessary to ensure system health and reliability during the move of

and reliability during the move of operations to the cloud and then to

operations to the cloud and then to operate operate using agile ongoing

operate operate using agile ongoing cloud computing best practices so this

cloud computing best practices so this just Taps the surface of what the CAF is

just Taps the surface of what the CAF is uh and I think for each of these they

uh and I think for each of these they actually have a more detailed breakdown

actually have a more detailed breakdown so you know business is going to break

so you know business is going to break down to even more uh uh finite things

down to even more uh uh finite things there

there [Music]

[Music] okay so itus has free services that are

okay so itus has free services that are free forever unlike the free tier that

free forever unlike the free tier that are up to a point of usage or time um

are up to a point of usage or time um and so there are a lot here this is not

and so there are a lot here this is not even the full list there's definitely

even the full list there's definitely more and we have am Amazon VPC Auto

more and we have am Amazon VPC Auto scaling cloud formation elastic bean

scaling cloud formation elastic bean stock opsw Works amplify Apps sync code

stock opsw Works amplify Apps sync code star organizations Consolidated building

star organizations Consolidated building it with cost Explorer Sage maker systems

it with cost Explorer Sage maker systems manager there's a lot of them okay um

manager there's a lot of them okay um but the thing is is that uh these

but the thing is is that uh these services are free but some of these um

services are free but some of these um can spin up other resources so the

can spin up other resources so the services are free themselves however

services are free themselves however ones that provision Services May cost

ones that provision Services May cost you money so cloud formation which is an

you money so cloud formation which is an infrastructure is a code tool could

infrastructure is a code tool could launch virtual machines those virtual

launch virtual machines those virtual machines will cost money right opsworks

machines will cost money right opsworks can launch servers that can cost money

can launch servers that can cost money amply can launch um lambdas that can

amply can launch um lambdas that can cost money so that's something you just

cost money so that's something you just have to consider um but uh yeah there

have to consider um but uh yeah there you

you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are taking a look at the adus

Pro and we are taking a look at the adus support plans so we got basic developer

support plans so we got basic developer business and Enterprise and you

business and Enterprise and you absolutely absolutely need to know this

absolutely absolutely need to know this stuff inside out for exam they will ask

stuff inside out for exam they will ask you questions on this okay so basic is

you questions on this okay so basic is for email support only uh such as

for email support only uh such as billing and account so if you think it

billing and account so if you think it got over bu and that's something you

got over bu and that's something you should do if if you've uh uh

should do if if you've uh uh misconfigured something and you end up

misconfigured something and you end up with a big Bill just go Um open up a

with a big Bill just go Um open up a support uh ticket under basic for

support uh ticket under basic for billing and they're likely to refund you

billing and they're likely to refund you but if you do have questions about

but if you do have questions about billing accounts that's what we're going

billing accounts that's what we're going to be using for everything else that is

to be using for everything else that is for tech support um and so for developer

for tech support um and so for developer business Enterprise you're going to get

business Enterprise you're going to get email support which they'll uh roughly

email support which they'll uh roughly reply within 24 hours I believe this is

reply within 24 hours I believe this is business hours so if you message them on

business hours so if you message them on Friday um or sorry Saturday you might be

Friday um or sorry Saturday you might be waiting till Monday for it okay um in

waiting till Monday for it okay um in terms of thirdparty support uh the only

terms of thirdparty support uh the only one that doesn't have third party

one that doesn't have third party support is developer so if you are using

support is developer so if you are using something like Ruby on Rails or Azure or

something like Ruby on Rails or Azure or something that has interruptibility

something that has interruptibility between AWS and something else business

between AWS and something else business Enterprise will absolutely help you out

Enterprise will absolutely help you out with it same with Enterprise but the

with it same with Enterprise but the developer one not so much uh if you like

developer one not so much uh if you like to use the phone or you like to chat

to use the phone or you like to chat with people um that's available at the

with people um that's available at the business Enterprise tier this is the way

business Enterprise tier this is the way I end up talking to people if you are um

I end up talking to people if you are um you know like if you're in North America

you know like if you're in North America and you're calling between 9 to5 and a

and you're calling between 9 to5 and a Monday and Friday you're likely to get

Monday and Friday you're likely to get somebody that is within North America if

somebody that is within North America if not it'll be one of uh one of the

not it'll be one of uh one of the supports from some other area so just be

supports from some other area so just be aware of that that can also affect the

aware of that that can also affect the time they pick up uh sometimes it's 5

time they pick up uh sometimes it's 5 minutes times it's 30 minutes to to an

minutes times it's 30 minutes to to an hour uh you know it just depends on what

hour uh you know it just depends on what service you're asking for and you know

service you're asking for and you know what time a day okay um in terms of

what time a day okay um in terms of responsiveness uh for General guidance

responsiveness uh for General guidance everything is 24 hours or less for

everything is 24 hours or less for developer business Enterprise if your

developer business Enterprise if your system is impaired it's within 12 hours

system is impaired it's within 12 hours or less with production system impaired

or less with production system impaired it's four hours or less with production

it's four hours or less with production system down it's 1 hour or less and if

system down it's 1 hour or less and if you're for Enterprise um it's going to

you're for Enterprise um it's going to be business critical system

be business critical system less than 50 minutes so just notice who

less than 50 minutes so just notice who has what for these things um I've

has what for these things um I've definitely waited like 3 days on General

definitely waited like 3 days on General guidance before so just take these with

guidance before so just take these with a grain of salt that they're not you

a grain of salt that they're not you know they don't really stick to these

know they don't really stick to these that or maybe I'm just not paying enough

that or maybe I'm just not paying enough for them to care okay um in terms of uh

for them to care okay um in terms of uh getting actual people assigned to you

getting actual people assigned to you this only happens at the Enterprise

this only happens at the Enterprise level where they have their coner team

level where they have their coner team so they uh help your um organization uh

so they uh help your um organization uh learn how to use ad asking them any

learn how to use ad asking them any questions personally and then you have a

questions personally and then you have a tam a technical account manager that is

tam a technical account manager that is somebody that knows um a side inside and

somebody that knows um a side inside and out and they'll help you architect

out and they'll help you architect things and make correct choices or

things and make correct choices or they'll check your bill and help you try

they'll check your bill and help you try to reduce that bill things like that

to reduce that bill things like that okay in terms of trust advisory checks

okay in terms of trust advisory checks at the basic developer you get seven

at the basic developer you get seven advisor checks once you're paying for

advisor checks once you're paying for business you get all the checks the cost

business you get all the checks the cost here for business is zero um for

here for business is zero um for developer it's starting at $29 a month

developer it's starting at $29 a month for businesses starting at $100 a month

for businesses starting at $100 a month and then for Enterprise it's 15,000 uh a

and then for Enterprise it's 15,000 uh a month so I said starting at because it's

month so I said starting at because it's dependent on your usage okay so let's

dependent on your usage okay so let's just look at developer business

just look at developer business Enterprise here cuz basic's not going to

Enterprise here cuz basic's not going to be applicable here so for developers $29

be applicable here so for developers $29 USD a month or 3% of the monthly adist

USD a month or 3% of the monthly adist usage which whichever is greater on the

usage which whichever is greater on the exam they're only going to ask you like

exam they're only going to ask you like is it $2,900 like generally do you know

is it $2,900 like generally do you know the tier of expensiveness but they're

the tier of expensiveness but they're not going to ask you the percentage of

not going to ask you the percentage of usage okay there's not going to be

usage okay there's not going to be formulas here um when you get into

formulas here um when you get into business it's a little bit uh different

business it's a little bit uh different where they have it in different brackets

where they have it in different brackets so it's going to be 10% for the first uh

so it's going to be 10% for the first uh 10,000 and the next is going to be the

10,000 and the next is going to be the next 7,000 stuff like that similar for

next 7,000 stuff like that similar for Enterprise as well so let's just do some

Enterprise as well so let's just do some math so we know that we understand how

math so we know that we understand how this works so if you if you had a

this works so if you if you had a monthly spend of $500 at the developer

monthly spend of $500 at the developer tier that's 3% of $500 is $15 so they go

tier that's 3% of $500 is $15 so they go okay what is greater $29 or $15 so

okay what is greater $29 or $15 so you're paying $29 if your spent is

you're paying $29 if your spent is $1,000 that comes up to $30 uh so you're

$1,000 that comes up to $30 uh so you're you're going to end up paying $30

you're going to end up paying $30 because that's greater than 29 okay for

because that's greater than 29 okay for business uh if your monthly spend is

business uh if your monthly spend is ,000 that's 10% of ,000 that's $100 if

,000 that's 10% of ,000 that's $100 if your spend is $5,000 then you're going

your spend is $5,000 then you're going to be paying $500 if your monthly spend

to be paying $500 if your monthly spend is 12,000 then the first 10% of 10,000

is 12,000 then the first 10% of 10,000 is a th000 and then the next is 7% of

is a th000 and then the next is 7% of 2,000 so your total bill is 140 USD

2,000 so your total bill is 140 USD we're not going to do a calculation for

we're not going to do a calculation for Enterprise because it's the same for

Enterprise because it's the same for business but hopefully that gives you an

business but hopefully that gives you an idea there okay

[Music] hey it's Andrew Brown from exam Pro and

hey it's Andrew Brown from exam Pro and we are taking a look at a technical

we are taking a look at a technical account manager also known as a tam and

account manager also known as a tam and these provide both proactive guidance

these provide both proactive guidance and reactive support to help you succeed

and reactive support to help you succeed with your adus journey so what does a

with your adus journey so what does a tam do and this is straight from an adus

tam do and this is straight from an adus job

job posting what they would do is build

posting what they would do is build Solutions provide technical guidance and

Solutions provide technical guidance and advocate for the customer ensure Adas

advocate for the customer ensure Adas environments remain operationally

environments remain operationally healthy while reducing cost and

healthy while reducing cost and complexity

complexity develop trusting relationship with

develop trusting relationship with customers understanding their business

customers understanding their business needs and Technical challenges using

needs and Technical challenges using your technical uh acumin and customer

your technical uh acumin and customer Obsession you'll drive technical

Obsession you'll drive technical discussions regarding incidents

discussions regarding incidents tradeoffs risk management consult with a

tradeoffs risk management consult with a range of Partners from developers

range of Partners from developers through the SE Suite Executives

through the SE Suite Executives collaborat with a Solutions architect

collaborat with a Solutions architect business developers Professional Service

business developers Professional Service consultants and sales account managers

consultants and sales account managers proactively find opportunities for

proactively find opportunities for customers to gain additional value from

customers to gain additional value from ads provide detailed reviews of service

ads provide detailed reviews of service disruptions metrics detailed pre-launch

disruptions metrics detailed pre-launch planning being uh part of a wider

planning being uh part of a wider Enterprise support team providing post

Enterprise support team providing post scale cons uh uh consultative expertise

scale cons uh uh consultative expertise solve a variety of problems across

solve a variety of problems across different customers as they migrate

different customers as they migrate their workloads to the cloud uplift

their workloads to the cloud uplift customer uh capabilities by running

customer uh capabilities by running workshops Brown Bag sessions Brown Bag

workshops Brown Bag sessions Brown Bag sessions being sessions that occur at

sessions being sessions that occur at lunchtime something you can learn in 30

lunchtime something you can learn in 30 minutes an hour and so one thing that's

minutes an hour and so one thing that's really important to understand is that

really important to understand is that Tams follow the Amazon leadership

Tams follow the Amazon leadership principles especially about customer uh

principles especially about customer uh being customer obsessed and we do cover

being customer obsessed and we do cover the Amazon leadership principle

the Amazon leadership principle somewhere in this course and Tams are

somewhere in this course and Tams are only available at the Enterprise support

only available at the Enterprise support tier so hopefully that gives you an idea

tier so hopefully that gives you an idea what a tam

what a tam [Music]

[Music] does hey this is Andrew Brown from exam

does hey this is Andrew Brown from exam Pro and this follow along I'm going to

Pro and this follow along I'm going to show you um a support and in order to

show you um a support and in order to use ad support or to change your level

use ad support or to change your level of support you're going to need to be

of support you're going to need to be logged into the rout account I should

logged into the rout account I should say you can use support with IM users

say you can use support with IM users but if you want to change the support

but if you want to change the support plan you're going to have to be the root

plan you're going to have to be the root user so in the top right corner I'm

user so in the top right corner I'm going to support and notice here on left

going to support and notice here on left hand side right now I have a basic

hand side right now I have a basic plan and so uh before we look at

plan and so uh before we look at changing our plan I'm just going to go

changing our plan I'm just going to go create a case and we're going to uh just

create a case and we're going to uh just take a look at some of the options that

take a look at some of the options that are open to us so we have account

are open to us so we have account billing support service limit increase

billing support service limit increase technical support notice this is grayed

technical support notice this is grayed out so we cannot select anything here

out so we cannot select anything here I can go to here and increase our

I can go to here and increase our service limit and this is something that

service limit and this is something that you might have to do uh pretty soon

you might have to do uh pretty soon early in your account you might say hey

early in your account you might say hey I need more of something like ec2 or um

I need more of something like ec2 or um a very common thing is SC so for SCS you

a very common thing is SC so for SCS you might say hey um I need to have this

might say hey um I need to have this amount of emails for ETC okay so um if

amount of emails for ETC okay so um if we go over to count and billing support

we go over to count and billing support uh we can go here and ask anything we

uh we can go here and ask anything we want so if it's about the free tier I

want so if it's about the free tier I could say ask a general question getting

could say ask a general question getting started and saying uh what is free on

started and saying uh what is free on AWS um I want to know what is free on

AWS um I want to know what is free on AWS and you can attach uh three

AWS and you can attach uh three attachments there you can choose via web

attachments there you can choose via web and phone which is really nice um but

and phone which is really nice um but today I'm just going to do web here and

today I'm just going to do web here and submit that just to kind of show you

submit that just to kind of show you that as an example and so what that is

that as an example and so what that is going to do is open a case and then we

going to do is open a case and then we will see probably respond in 24 hours to

will see probably respond in 24 hours to 48 hours just depends on on um whether

48 hours just depends on on um whether it's the weekend or not because it's

it's the weekend or not because it's based on business hours of course so now

based on business hours of course so now that we have an understanding of basic

that we have an understanding of basic let's go take a look at what the other

let's go take a look at what the other tiers look like so we have basic

tiers look like so we have basic developer business and enterprise

developer business and enterprise Enterprise being extremely expensive

Enterprise being extremely expensive developer being affordable and then

developer being affordable and then business being um you know affordable

business being um you know affordable for businesses so I would say developer

for businesses so I would say developer is okay it gives you um uh it gives you

is okay it gives you um uh it gives you uh better support but it's all via email

uh better support but it's all via email and so you know if you really want good

and so you know if you really want good support you're going to going to have to

support you're going to going to have to pay the business one and that's the one

pay the business one and that's the one that I use quite a bit so if I change my

that I use quite a bit so if I change my plan I'm going to go over to business

plan I'm going to go over to business and this is going to cost me 93 bucks

and this is going to cost me 93 bucks just to do to show you here today so I'm

just to do to show you here today so I'm going to go ahead and click that and so

going to go ahead and click that and so it's now processing it and so what's

it's now processing it and so what's going to happen is I'm going to have to

going to happen is I'm going to have to wait for this basic to switch to

wait for this basic to switch to business so if I go to the case here it

business so if I go to the case here it hasn't happened as of yet so no I cannot

hasn't happened as of yet so no I cannot select this so I'm going to see you back

select this so I'm going to see you back here in maybe like four five minutes or

here in maybe like four five minutes or however long it takes and we'll take a

however long it takes and we'll take a look then okay okay great so after a few

look then okay okay great so after a few minutes it says my plan is now business

minutes it says my plan is now business and what I can do is go ahead and create

and what I can do is go ahead and create a new case and so I can go over to

a new case and so I can go over to technical support and ask a question so

technical support and ask a question so if I was having issues with anything it

if I was having issues with anything it doesn't matter what I could go over to

doesn't matter what I could go over to ec2 Linux and then I could choose my

ec2 Linux and then I could choose my category so I could say I'm having an

category so I could say I'm having an issue with um systems

issue with um systems manager and a lot of times they like you

manager and a lot of times they like you to provide the instance ID it's going to

to provide the instance ID it's going to change based on what service you choose

change based on what service you choose here um but you'll get different

here um but you'll get different information I'll just say I need

information I'll just say I need help with um logging into my ec2

help with um logging into my ec2 instance managed by SSM so I can say I

instance managed by SSM so I can say I created an ec2 instance and I am

created an ec2 instance and I am attempting to access uh the instance

attempting to access uh the instance via sessions

via sessions manager but it is not

manager but it is not working I think I have a ro issue and

working I think I have a ro issue and then I'm just going to go down here and

then I'm just going to go down here and say this is not got a real

say this is not got a real question I am filming a demo video for

question I am filming a demo video for tutorial

video on how to use support okay and so once we do that we have the option of

once we do that we have the option of web chat and phone so if you use phone

web chat and phone so if you use phone you're going to enter your phone number

you're going to enter your phone number in and they're going to call you back uh

in and they're going to call you back uh usually you will be on hold for anywhere

usually you will be on hold for anywhere for 5 minutes to an hour it just depends

for 5 minutes to an hour it just depends usually it's within 15 minutes so it's

usually it's within 15 minutes so it's very very good of course it depends on

very very good of course it depends on the time of day and your location things

the time of day and your location things like that and the service because

like that and the service because there's different support Engineers for

there's different support Engineers for different types of services and the the

different types of services and the the balance of those are different but

balance of those are different but generally chat is pretty good so I can

generally chat is pretty good so I can go here and I'm just going to hit submit

go here and I'm just going to hit submit and it's going to open a chat box and so

and it's going to open a chat box and so you just wait okay and sometimes it's

you just wait okay and sometimes it's super fast and sometimes it takes uh

super fast and sometimes it takes uh minutes okay so we are going to just sit

minutes okay so we are going to just sit here for a bit and um you know I'll just

here for a bit and um you know I'll just pop back here when there is somebody to

pop back here when there is somebody to talk to

talk to okay okay so after waiting a little

okay okay so after waiting a little while looks like uh we've been connected

while looks like uh we've been connected here so it took a bit of time so we're

here so it took a bit of time so we're just going to say hello hi um uh this is

just going to say hello hi um uh this is Andrew

Andrew Brown um I am recording a video to teach

Brown um I am recording a video to teach people how to use

people how to use AWS and I wanted to show them how it

AWS and I wanted to show them how it support

works so I'm just showing them how the chat system

chat system works say

hello and hopefully they'll appreciate or they won't it just doesn't really

go that's it thanks for your

it thanks for your help okay and so that's pretty much it

help okay and so that's pretty much it um so you know there's nothing really uh

um so you know there's nothing really uh uh special about that but the idea is

uh special about that but the idea is when you are typing with them it will

when you are typing with them it will appear in the ch respondence there so

appear in the ch respondence there so I'm just going to end the chat okay uh

I'm just going to end the chat okay uh and then I'm just going to mark that

and then I'm just going to mark that case as resolve sometimes they will ask

case as resolve sometimes they will ask you to resolve it if I go to cases I

you to resolve it if I go to cases I probably have some previous ones here um

probably have some previous ones here um and I have a lot but I don't know why

and I have a lot but I don't know why they don't all show up here so you can

they don't all show up here so you can see this one is pending this one is

see this one is pending this one is resolved I go back to this one you can

resolved I go back to this one you can kind of see that the uh history of a

kind of see that the uh history of a conversation is kept and you can go back

conversation is kept and you can go back and forth uh with the people there um

and forth uh with the people there um yeah that's pretty much it uh you can

yeah that's pretty much it uh you can also do screen sharing so they might

also do screen sharing so they might send you request to go on Zoom or

send you request to go on Zoom or download this piece of software that

download this piece of software that shares your screen and so that is

shares your screen and so that is another option as well so they can get

another option as well so they can get pretty handson to help you uh with your

pretty handson to help you uh with your problems there but that's pretty much

problems there but that's pretty much all I wanted to show you with support

all I wanted to show you with support I'm going to downgrade this and I'm not

I'm going to downgrade this and I'm not sure if they're going to give you back

sure if they're going to give you back my money sometimes it'll PR rate it for

my money sometimes it'll PR rate it for you but I'm go here and go back to basic

you but I'm go here and go back to basic um so we will also refund your credit

um so we will also refund your credit card directly in the month's remaining

card directly in the month's remaining fees on your old plan which you

fees on your old plan which you previously paid you're obligated to pay

previously paid you're obligated to pay a minimum of 30 days of support each

a minimum of 30 days of support each time you register so I'm not going to

time you register so I'm not going to get any money back which is totally fine

get any money back which is totally fine because I just wanted to show you how

because I just wanted to show you how that works but business support is

that works but business support is definitely worth it and uh you know

definitely worth it and uh you know that's

that's [Music]

[Music] it so the anabis marketpl is a curated

it so the anabis marketpl is a curated digital catalog with thousands of

digital catalog with thousands of software listings from independent

software listings from independent software vendors uh easily find buy test

software vendors uh easily find buy test and deploy software that already runs an

and deploy software that already runs an 8s the product can be free to use or can

8s the product can be free to use or can have an Associated charge the charge

have an Associated charge the charge becomes part of your adus bill and once

becomes part of your adus bill and once you pay adus Market pays the provider

you pay adus Market pays the provider the sales channel for isv and Consulting

the sales channel for isv and Consulting Partners allow you to sell your

Partners allow you to sell your solutions to other adus customers

solutions to other adus customers products can be offered such as Amis Aus

products can be offered such as Amis Aus CL information templates software of

CL information templates software of service offerings web acl's it WAFF and

service offerings web acl's it WAFF and rules so it sounds great um if you want

rules so it sounds great um if you want to sell here I think you need like a US

to sell here I think you need like a US bank account to do it um and you know

bank account to do it um and you know sometimes zus Marketplace is just part

sometimes zus Marketplace is just part of AWS so like when you're using the ec2

of AWS so like when you're using the ec2 marketplace you are technically using

marketplace you are technically using the itus marketplace um but they also

the itus marketplace um but they also have like a dedicated page for it so

have like a dedicated page for it so it's integrated with some services and

it's integrated with some services and it's also stand alone

it's also stand alone [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and this follow along we're going to

Pro and this follow along we're going to take a look at the adus marketplace so

take a look at the adus marketplace so what I want you to do is go on the top

what I want you to do is go on the top and type in Marketplace and that'll

and type in Marketplace and that'll bring us over to here the marketplace

bring us over to here the marketplace can be found in a variety of different

can be found in a variety of different places on the platform here you can see

places on the platform here you can see that uh previously I was using something

that uh previously I was using something called guaca Bastian host to launch a

called guaca Bastian host to launch a server um but the idea is that um you

server um but the idea is that um you can discover products and subscriptions

can discover products and subscriptions that you might want to utilize so if I

that you might want to utilize so if I go over here there's a variety of

go over here there's a variety of different

different things and so it could be like I want to

things and so it could be like I want to have something like a firewall that

have something like a firewall that might be something that we might be

might be something that we might be interested in so we could search there

interested in so we could search there and there's like bring your own license

and there's like bring your own license firewall so maybe you have a license

firewall so maybe you have a license with this and you want to run it on an

with this and you want to run it on an ec2 instance something like that again

ec2 instance something like that again it's not like super complicated what's

it's not like super complicated what's going on here but a lot of times you

going on here but a lot of times you know when you're using Services you're

know when you're using Services you're accessing the marketplace anyway so like

accessing the marketplace anyway so like when I'm launching an ec2

when I'm launching an ec2 instance notice on the left hand side

instance notice on the left hand side says ABS Marketplace and so I don't have

says ABS Marketplace and so I don't have to go to the marketplace there I can

to go to the marketplace there I can just kind of like check out the thing I

just kind of like check out the thing I want um and that's pretty much all there

want um and that's pretty much all there really is to it okay so you know

really is to it okay so you know hopefully that makes

sense let's take a look here at Consolidated billing so this is a

Consolidated billing so this is a feature of Abus organizations that

feature of Abus organizations that allows you to pay for for multiple

allows you to pay for for multiple accounts via one bill so the idea here

accounts via one bill so the idea here is we have a master account and we have

is we have a master account and we have member accounts and I'm pretty sure that

member accounts and I'm pretty sure that we probably call this root account now I

we probably call this root account now I don't think uh master account might be a

don't think uh master account might be a data term but it's still showing up in

data term but it's still showing up in the documentation the idea is that if

the documentation the idea is that if you have member accounts within your

you have member accounts within your organization they're all going to be

organization they're all going to be Consolidated under the single account if

Consolidated under the single account if you have an account outside of your

you have an account outside of your organization um you know this is not

organization um you know this is not going to give you uh this is going to be

going to give you uh this is going to be basically a separate bill um as if it's

basically a separate bill um as if it's like a standalone organization or what

like a standalone organization or what have you okay

have you okay so uh for billing adus treats all

so uh for billing adus treats all accounts in an organization as if they

accounts in an organization as if they were one account you can designate one

were one account you can designate one uh uh master or root account that pays

uh uh master or root account that pays the charges for all the other member

the charges for all the other member accounts consolidate billing is offered

accounts consolidate billing is offered at no additional cost you can use uh

at no additional cost you can use uh cost Explorer to visualize usage for

cost Explorer to visualize usage for Consolidated billing which we can see I

Consolidated billing which we can see I have the icon here uh you can combine

have the icon here uh you can combine the usage across all accounts in the

the usage across all accounts in the organization to uh to share the volume

organization to uh to share the volume pricing discount which we did Cover in

pricing discount which we did Cover in this course separately if you want an

this course separately if you want an account to be able to leave the

account to be able to leave the organization you do have to attach it to

organization you do have to attach it to a new payment method so if let's say you

a new payment method so if let's say you had an account and you want to give it

had an account and you want to give it to your friend or whatever they're have

to your friend or whatever they're have to hook up their uh their credit card

to hook up their uh their credit card but you can totally have uh an account

but you can totally have uh an account leave an organization but you have to

leave an organization but you have to deal with that billing aspect

deal with that billing aspect [Music]

[Music] okay all right so there's a really cool

okay all right so there's a really cool way to save an ads and that's through

way to save an ads and that's through volume discounts and it's available for

volume discounts and it's available for many services the more you use the more

many services the more you use the more you save is the IDE aide behind it um

you save is the IDE aide behind it um and so consolidating building lets you

and so consolidating building lets you take advantage of volume discounts this

take advantage of volume discounts this is a particular feature of AIS

is a particular feature of AIS organization so if you do not have the

organization so if you do not have the or turn on you're not going to be able

or turn on you're not going to be able to take advantage of that okay so one

to take advantage of that okay so one example would be something like data

example would be something like data transfer where it is build uh for the

transfer where it is build uh for the first 10 terabytes at at 17 cents or

first 10 terabytes at at 17 cents or sorry 17 cents and then the next 40

sorry 17 cents and then the next 40 terabytes it will be AT3 cents okay so

terabytes it will be AT3 cents okay so if we had two accounts um such as Odo

if we had two accounts um such as Odo and Dax and they're not within an abl

and Dax and they're not within an abl organization we can calculate those and

organization we can calculate those and see what they are unconsolidated and

see what they are unconsolidated and just so you know 1 terab equals 1024

just so you know 1 terab equals 1024 gigabytes and that's what you're going

gigabytes and that's what you're going to see in these calculations so for Odo

to see in these calculations so for Odo uh you know if he has four terabytes and

uh you know if he has four terabytes and that is uh we calculate the gigabytes

that is uh we calculate the gigabytes there we times it by uh the um scent

there we times it by uh the um scent value there we're going to get

value there we're going to get $696 okay for Dax we're going to end up

$696 okay for Dax we're going to end up with uh about 1392 there and so if we

with uh about 1392 there and so if we were to add those up the bill would come

were to add those up the bill would come out to

out to $2,088 okay so the idea is that there's

$2,088 okay so the idea is that there's an organization and they like a your

an organization and they like a your company and they created two accounts

company and they created two accounts but they're just not within an

but they're just not within an organization by having them in the

organization by having them in the organization you're going to save um

organization you're going to save um about almost $80 there so um that is a

about almost $80 there so um that is a reason why you'd want to use volume

reason why you'd want to use volume discounts

discounts [Music]

[Music] okay hey this is Andrew Brown from

okay hey this is Andrew Brown from exampro and we're taking a look at IIs

exampro and we're taking a look at IIs trusted advisor so trusted advisor is a

trusted advisor so trusted advisor is a recommendation tool which automatically

recommendation tool which automatically and actively monitors your adus accounts

and actively monitors your adus accounts to provide acual recommendations across

to provide acual recommendations across a series of categories so this is what

a series of categories so this is what it looks like I personally prefer the

it looks like I personally prefer the older dashboard but this is what they

older dashboard but this is what they have now and you can see along the side

have now and you can see along the side we have a bunch of categories and then

we have a bunch of categories and then we have some checks here saying uh you

we have some checks here saying uh you know what are we meeting what are we not

know what are we meeting what are we not and you can go in and read each one and

and you can go in and read each one and they'll tell you so much information

they'll tell you so much information they'll even show you like what things

they'll even show you like what things are not meeting that requirements in

are not meeting that requirements in some case you can easily remediate by

some case you can easily remediate by pressing a button not in all cases but

pressing a button not in all cases but the thing with adus trust advisor is

the thing with adus trust advisor is think of adus trust advisor like an

think of adus trust advisor like an automated checklist of best practices on

automated checklist of best practices on AWS and they kind of map to the pillars

AWS and they kind of map to the pillars of the well architecture framework not

of the well architecture framework not exactly but pretty close but there are

exactly but pretty close but there are five categories of adus trusted advisor

five categories of adus trusted advisor so we have cost optimization how much

so we have cost optimization how much money can we save performance so how can

money can we save performance so how can uh we improve performance security how

uh we improve performance security how can we improve security fall tolerance

can we improve security fall tolerance how we can we prevent disaster or data

how we can we prevent disaster or data loss and service limit so are we going

loss and service limit so are we going to hit the maximum limit for a service

to hit the maximum limit for a service and so uh the next thing we need to

and so uh the next thing we need to discuss is um there's a variation of the

discuss is um there's a variation of the amount of checks that are available to

amount of checks that are available to you based on your support plan so you

you based on your support plan so you know if you're using basic or developer

know if you're using basic or developer you have seven trusted advisor checks

you have seven trusted advisor checks and if you have business Enterprise you

and if you have business Enterprise you have all the trusted advisor checks so

have all the trusted advisor checks so uh if we're talking about just the ones

uh if we're talking about just the ones that are available to you the ones that

that are available to you the ones that come for free is MFA on root account

come for free is MFA on root account security specified ports of unrestricted

security specified ports of unrestricted Amazon S3 bucket permissions Amazon EBS

Amazon S3 bucket permissions Amazon EBS public snapshots Amazon RDS public

public snapshots Amazon RDS public snapshots IMU so this is just about

snapshots IMU so this is just about alerting you about discouraging the use

alerting you about discouraging the use of the root account service limits so

of the root account service limits so all service limit checks are free um

all service limit checks are free um it's weird because they call it the like

it's weird because they call it the like seven Security checks but if you counted

seven Security checks but if you counted all the service limits it obviously be

all the service limits it obviously be too large of a number but notice that 1

too large of a number but notice that 1 through six are all Security checks so

through six are all Security checks so you're not getting anything from the

you're not getting anything from the other tiers just the security tier and

other tiers just the security tier and what I want to do is just go over a

what I want to do is just go over a bunch of available checks out there it's

bunch of available checks out there it's probably not the full list because I

probably not the full list because I couldn't even be bothered to update it

couldn't even be bothered to update it if they've added more but it will give

if they've added more but it will give you the general idea of what you could

you the general idea of what you could expect under each category so for cost

expect under each category so for cost optimization um it could be things like

optimization um it could be things like looking at idle load bouncers so you

looking at idle load bouncers so you know if you have load bouncers you're

know if you have load bouncers you're not using you're paying for them so get

not using you're paying for them so get rid of them unassociate elastic IP

rid of them unassociate elastic IP addresses so for every IP that's not

addresses so for every IP that's not associated you're paying for as well

associated you're paying for as well maybe under performance you have um High

maybe under performance you have um High utilization of Amazon ec2 instances so

utilization of Amazon ec2 instances so maybe you can save money by switching to

maybe you can save money by switching to smaller instances under security we saw

smaller instances under security we saw MFA on rout account very popular one

MFA on rout account very popular one making sure you turn on key rotation

making sure you turn on key rotation could be something as well there under

could be something as well there under fault tolerance um it could be making

fault tolerance um it could be making sure that you're using backups on your

sure that you're using backups on your Amazon RDS database maybe that's turned

Amazon RDS database maybe that's turned off uh for service limits there's just a

off uh for service limits there's just a ton of them and so uh one that that you

ton of them and so uh one that that you know might be PR to use vpcs or ec2

know might be PR to use vpcs or ec2 limits so there you go

limits so there you go [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we're going to take a look at

Pro and we're going to take a look at trusted advisor so what I want you to do

trusted advisor so what I want you to do is go to the top and type in trusted

is go to the top and type in trusted advisor and once you're there you're

advisor and once you're there you're going to notice on the left hand side we

going to notice on the left hand side we have cost optimization performance

have cost optimization performance security fault tolerance and service

security fault tolerance and service limits right now there are no

limits right now there are no recommended actions because there's not

recommended actions because there's not much going on this account and when you

much going on this account and when you uh have the uh Free level of support the

uh have the uh Free level of support the basic support you're not going to have

basic support you're not going to have all these checks but if we go in here we

all these checks but if we go in here we can still see kind of what they do um so

can still see kind of what they do um so we have like performance security things

we have like performance security things like that so these are the ones that we

like that so these are the ones that we actually can see and they generally work

actually can see and they generally work all the same way if you expand here it's

all the same way if you expand here it's going to say Amazon EBS public snapshot

going to say Amazon EBS public snapshot so check the permission settings for the

so check the permission settings for the EBS volume snapshots and alert you if

EBS volume snapshots and alert you if the any snapshots are marked as public

the any snapshots are marked as public and so if you scroll on down if there

and so if you scroll on down if there were ones that were an issue it would

were ones that were an issue it would tell you right here okay then down below

tell you right here okay then down below here we see like check buckets in Amazon

here we see like check buckets in Amazon S3 that have open access permissions or

S3 that have open access permissions or allow access to authenticated aabus

allow access to authenticated aabus users so yellow the ACL allows uh list

users so yellow the ACL allows uh list access for everyone uh a bucket policy

access for everyone uh a bucket policy allows for any kind of Open Access

allows for any kind of Open Access bucket policy statements have public

bucket policy statements have public Grant access so maybe what we can do is

Grant access so maybe what we can do is see if we can get this to

see if we can get this to trigger and so what I'm going to do here

trigger and so what I'm going to do here is go over to S3 and what we're going to

is go over to S3 and what we're going to do is make a B bucket that has full

do is make a B bucket that has full access okay so I'm going to create a new

access okay so I'm going to create a new bucket and it'll say my exposed

bucket and it'll say my exposed bucket we'll scroll on down here and

bucket we'll scroll on down here and we'll just checkbox that off and create

we'll just checkbox that off and create the bucket I say I acknowledge that is

the bucket I say I acknowledge that is totally

totally fine okay so now I have a bucket that is

fine okay so now I have a bucket that is 100% exposed if we go back to trusted

100% exposed if we go back to trusted advisor give this a

advisor give this a refresh I'm not sure how fast it will

refresh I'm not sure how fast it will show up here but if I

show up here but if I expand so it says the bucket ACL allows

expand so it says the bucket ACL allows upload delete for everyone the trusted

upload delete for everyone the trusted advisor does not have permissions to

advisor does not have permissions to check the policy uh bucket policy has

check the policy uh bucket policy has statements that Grant Public

statements that Grant Public Access so what we could try to do is

Access so what we could try to do is make a

policy and try to Grant all access here so I'm not writing these every single

so I'm not writing these every single day but I'm sure we could try to figure

day but I'm sure we could try to figure this

this out

um we'll say S3 bucket policy Public Access public

read and so that one might be a good example so I'm going to go ahead and

example so I'm going to go ahead and copy this one granting read only

copy this one granting read only permission to anomymous

permission to anomymous users I don't recommend you doing this

users I don't recommend you doing this I'm just doing this to show you to see

I'm just doing this to show you to see if we can get the trusted advisor to

if we can get the trusted advisor to check because I don't want you to uh do

check because I don't want you to uh do this and forget about it and then have a

this and forget about it and then have a serious issue but the principal is set

serious issue but the principal is set to anybody so anyone can read it and

to anybody so anyone can read it and here it saying get object Etc then it's

here it saying get object Etc then it's saying what particular resource so this

saying what particular resource so this one is going to be for uh the bucket in

one is going to be for uh the bucket in question here which is my

question here which is my exposed

exposed bucket we're going to scroll on down

bucket we're going to scroll on down save the

save the changes okay so this bucket is publicly

changes okay so this bucket is publicly accessible we're going to go back over

accessible we're going to go back over here refresh and see what we can

see okay so checks buckets in S3 Etc so it should appear under

it should appear under here and it could be that it's just

here and it could be that it's just going to take some time so what I'm

going to take some time so what I'm going to do is I'm just going to hang

going to do is I'm just going to hang tight for a little bit oh there we go

tight for a little bit oh there we go okay so it's showing up and I guess it

okay so it's showing up and I guess it just took some time to populate and so

just took some time to populate and so here we can see we have a a yellow

here we can see we have a a yellow symbol it's a warning saying hey there's

symbol it's a warning saying hey there's a problem here if we go back to the

a problem here if we go back to the dashboard I wonder if that shows up so

dashboard I wonder if that shows up so this one's for investigation and

this one's for investigation and recommendation so you know hopefully

recommendation so you know hopefully that kind of makes sense to you I think

that kind of makes sense to you I think in some cases you can do remediation

in some cases you can do remediation from from here or at least you can go

from from here or at least you can go and check box and say okay um

and check box and say okay um ignore could of swore there's

ignore could of swore there's remediation for some of

remediation for some of these but in any case you know that's

these but in any case you know that's generally what trusted adviser does um I

generally what trusted adviser does um I think that you probably can have it so

think that you probably can have it so that gives you alerts so yeah you could

that gives you alerts so yeah you could set recipients for particular things

set recipients for particular things like if there's a security issue then I

like if there's a security issue then I could email a particular person on your

could email a particular person on your team and they could deal with it but

team and they could deal with it but that's pretty much it so what I'm going

that's pretty much it so what I'm going to do is go ahead and delete this bucket

to do is go ahead and delete this bucket I'm all done with it

I'm all done with it we'll go

we'll go delete and say my delete uh my exposed

delete and say my delete uh my exposed bucket here to delete it and that is it

[Music] okay let's cover the concepts of service

okay let's cover the concepts of service level agreements also known as SLA so an

level agreements also known as SLA so an SLA is a formal commitment about the

SLA is a formal commitment about the expected level of service between a

expected level of service between a customer provider when a service level

customer provider when a service level is not met and if customer meets its

is not met and if customer meets its obligation under the SLA customer will

obligation under the SLA customer will be eligible to receive compensation so

be eligible to receive compensation so Financial or service credits and so when

Financial or service credits and so when we talk about slas then we talk about

we talk about slas then we talk about SLI so SLI service level indicator is a

SLI so SLI service level indicator is a metric or measurement that indicates

metric or measurement that indicates what measure of performance the customer

what measure of performance the customer is receiving at a given time a SLI

is receiving at a given time a SLI metric could be uptime performance

metric could be uptime performance availability throughput latency error

availability throughput latency error rate durability correctness and if we're

rate durability correctness and if we're talking about sis then we're talking

talking about sis then we're talking about slos service level objectives so

about slos service level objectives so the objective that that the provider has

the objective that that the provider has agreed to meet slos are represented as a

agreed to meet slos are represented as a specific Target percentage over a period

specific Target percentage over a period of time and so an example of a Target

of time and so an example of a Target percentage would be something that says

percentage would be something that says an availability SLA of

an availability SLA of 99.99% in a period of 3 months all right

99.99% in a period of 3 months all right and let's just talk about Target

and let's just talk about Target percentages and the way they can be

percentages and the way they can be represented very common ones we will see

represented very common ones we will see is

is 99.95%

99.95% 99.99% uh then we have 99 followed by

99.99% uh then we have 99 followed by 99 and so commonly we just say we call

99 and so commonly we just say we call this 99 okay and then there's one 911s

this 99 okay and then there's one 911s so if somebody says we have an SLA

so if somebody says we have an SLA guarantee of of 911s it's going to be

guarantee of of 911s it's going to be the 99 followed by 911s all

the 99 followed by 911s all [Music]

[Music] right let's take a look at Abus service

right let's take a look at Abus service level agreements and so there are a lot

level agreements and so there are a lot of them and I just wanted to show you a

of them and I just wanted to show you a few services to give you an idea how

few services to give you an idea how they work uh on the exam they're not

they work uh on the exam they're not going to ask you like oh what's Dynamo

going to ask you like oh what's Dynamo DB's SLA for Global tables um but

DB's SLA for Global tables um but generally we should just go through this

generally we should just go through this because it's good practice so let's take

because it's good practice so let's take a look at dynamodb SLA so adus will use

a look at dynamodb SLA so adus will use commercially reasonable efforts to make

commercially reasonable efforts to make dynb available with a monthly uptime

dynb available with a monthly uptime percentage of each adus region during

percentage of each adus region during any monthly billing cycle uh so for a at

any monthly billing cycle uh so for a at least

least 99.999% if Global tables slas applies or

99.999% if Global tables slas applies or 99.99% if the standard SLA applies in

99.99% if the standard SLA applies in the event Dynamo DB does not meet the

the event Dynamo DB does not meet the service commitment you'll be eligible to

service commitment you'll be eligible to receive service credits described below

receive service credits described below so we have monthly uptime percentage and

so we have monthly uptime percentage and the service credit percentage we get

the service credit percentage we get Global tables standard tables so let's

Global tables standard tables so let's take a look here so if less than

take a look here so if less than 99.999% but equal to or greater than

99.999% but equal to or greater than 99.0% is met so if if the service ends

99.0% is met so if if the service ends up being this you'll get 10% back of

up being this you'll get 10% back of what you spent as service credits if it

what you spent as service credits if it drops between U 99.0 and 95.0 you get

drops between U 99.0 and 95.0 you get 25% back if it's less than 95

25% back if it's less than 95 uh% um then it's 100% back okay and you

uh% um then it's 100% back okay and you get the general idea here SLA is going

get the general idea here SLA is going to be slightly different with their

to be slightly different with their drops now let's take a look at um

drops now let's take a look at um compute and so compute is going to apply

compute and so compute is going to apply across a bunch of compute

across a bunch of compute Services probably because they're all

Services probably because they're all using ec2 underneath so that's probably

using ec2 underneath so that's probably the reason for it so we have ec2 EBS ECS

the reason for it so we have ec2 EBS ECS eks and ab uh makes two SLA commitments

eks and ab uh makes two SLA commitments uh for the included services so we have

uh for the included services so we have a region level SLA that uh governs

a region level SLA that uh governs included Services deployed across

included Services deployed across multiple A's or regions and an instance

multiple A's or regions and an instance level SLA that governs Amazon ec2

level SLA that governs Amazon ec2 instances individually and again we have

instances individually and again we have our monthly up up time percentage our

our monthly up up time percentage our service CED percentage region and

service CED percentage region and instance level so you can just see the

instance level so you can just see the same thing it's like it's going to

same thing it's like it's going to change based on uh what it can meet then

change based on uh what it can meet then we'll take a look at one more like RDS

we'll take a look at one more like RDS so relational database service so it was

so relational database service so it was we'll use commercially reasonable

we'll use commercially reasonable efforts to make multi-az instances

efforts to make multi-az instances available with monthly uptime percentage

available with monthly uptime percentage of 99.95% during any monthly billing

of 99.95% during any monthly billing cycle and again you know if if they

cycle and again you know if if they don't meet those requirements you're

don't meet those requirements you're going to get service credits back which

going to get service credits back which basically equal USD dollars on the

basically equal USD dollars on the platform and so for this it looks like

platform and so for this it looks like that so just notice that you know with

that so just notice that you know with like compute it was for a a bunch of

like compute it was for a a bunch of services for Dynamo DB it was based on

services for Dynamo DB it was based on uh particular features like global

uh particular features like global standard tables SLA it's very

standard tables SLA it's very straightforward uh we didn't do S3

straightforward uh we didn't do S3 because I just did not want to show you

because I just did not want to show you that one it's just too complicated but

that one it's just too complicated but my point is is that it's going to vary

my point is is that it's going to vary so you have to look up per service okay

so you have to look up per service okay [Music]

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at Amazon's

and we are taking a look at Amazon's service level agreements and so the way

service level agreements and so the way you find slas is you pretty much just

you find slas is you pretty much just type in SLA for whatever it is so if

type in SLA for whatever it is so if you're looking for compute you type in

you're looking for compute you type in SLA or you look for a particular service

SLA or you look for a particular service so maybe you say sage maker SLA AWS I

so maybe you say sage maker SLA AWS I don't think there's like a generic SLA

don't think there's like a generic SLA page at least I don't know where it is I

page at least I don't know where it is I always just type in SLA to find what it

always just type in SLA to find what it is and through that you can just kind of

is and through that you can just kind of read through and try to find out uh the

read through and try to find out uh the things that that matter to you for your

things that that matter to you for your business

business [Music]

[Music] okay let's take a look here at the

okay let's take a look here at the service Health dashboard and so the

service Health dashboard and so the service Health dashboard shows General

service Health dashboard shows General status of agus services and it's really

status of agus services and it's really simple the idea is that you can uh check

simple the idea is that you can uh check based on the geographic area so you'd

based on the geographic area so you'd say North America Europe Etc and what

say North America Europe Etc and what you'll see is an icon that says whether

you'll see is an icon that says whether the service is in in good standing and

the service is in in good standing and the details the service is operating

the details the service is operating normally Etc notice they also have an

normally Etc notice they also have an RSS feed the reason I'm talking about

RSS feed the reason I'm talking about service Health dashboards is because I

service Health dashboards is because I want to talk about personal health

want to talk about personal health dashboards and because they're both

dashboards and because they're both called Health dashboards it's confusing

called Health dashboards it's confusing so I wanted to tell you about this one

so I wanted to tell you about this one first so now we'll jump into the adabs

first so now we'll jump into the adabs personal health

dashboard so we saw the service Health dashboard now let's take a look at the

dashboard now let's take a look at the adus personal health dashboard so this

adus personal health dashboard so this is what it looks like and it provides

is what it looks like and it provides alerts and guidance for adus events that

alerts and guidance for adus events that might affect your environment all Abus

might affect your environment all Abus customers can access the personal health

customers can access the personal health dashboard the personal health dashboard

dashboard the personal health dashboard shows recent events to help you manage

shows recent events to help you manage active events and show proactive

active events and show proactive notifications so that you can plan for

notifications so that you can plan for scheduled activities you uh you can use

scheduled activities you uh you can use these alerts to get notified about

these alerts to get notified about changes that can affect your aess

changes that can affect your aess resources and then follow the guidance

resources and then follow the guidance to diagnose and resolve the issue so

to diagnose and resolve the issue so this is very similar to the service

this is very similar to the service Health dashboard but it's personalized

Health dashboard but it's personalized for you um and it's uh you know I I

for you um and it's uh you know I I don't see crop up very often but if you

don't see crop up very often but if you had to create alerts or be reactive to

had to create alerts or be reactive to uh things that are happening within us

uh things that are happening within us this is where You' do it

this is where You' do it [Music]

[Music] okay so there's a team called adus trust

okay so there's a team called adus trust and safety that specifically deals with

and safety that specifically deals with abuses occurring on the adus platform

abuses occurring on the adus platform and so I'm going to just list of all the

and so I'm going to just list of all the cases where you'd want to be contacting

cases where you'd want to be contacting them as opposed to support so the first

them as opposed to support so the first is Spam so you're receiving unwanted

is Spam so you're receiving unwanted emails from an adus owned IP address or

emails from an adus owned IP address or adus resources are used to spam websites

adus resources are used to spam websites or forms Port scanning your log show

or forms Port scanning your log show that one or more adus owned IP addresses

that one or more adus owned IP addresses are sending packets to multiple ports on

are sending packets to multiple ports on your server uh you also believe uh this

your server uh you also believe uh this is an attempt to discover unsecured

is an attempt to discover unsecured ports uh dos attack so your logs show

ports uh dos attack so your logs show that one or more itus owned IP addresses

that one or more itus owned IP addresses are used to flood ports on your

are used to flood ports on your resources with packets you also believe

resources with packets you also believe this is an attempt to overwhelm or crash

this is an attempt to overwhelm or crash your server or the software running on

your server or the software running on your server intrusion attempts so your

your server intrusion attempts so your logs show that one or more ad of owned

logs show that one or more ad of owned IP addresses are used to attempt to log

IP addresses are used to attempt to log into your resources hosting prohibited

into your resources hosting prohibited content so you have evidence that Abus

content so you have evidence that Abus resources are used to host distribute

resources are used to host distribute prohibited content such as illegal

prohibited content such as illegal content or copyrighted content without

content or copyrighted content without the consent of the copyright holder

the consent of the copyright holder Distributing malware so you have

Distributing malware so you have evidence that abis resources are used to

evidence that abis resources are used to distribute software that was knowingly

distribute software that was knowingly created to compromise or cause harm to

created to compromise or cause harm to computers machines that it's installed

computers machines that it's installed on and so in any of these cases you're

on and so in any of these cases you're not going to Ed support you're going to

not going to Ed support you're going to open up an abuse ticket and so you got

open up an abuse ticket and so you got to contact abuse at amazon.com

to contact abuse at amazon.com or fill out the uh Amazon abuse uh form

or fill out the uh Amazon abuse uh form so and this is whether it's coming from

so and this is whether it's coming from uh an outside AOS account or even your

uh an outside AOS account or even your internally if you think that some

internally if you think that some someone has compromised your account and

someone has compromised your account and it's being used in any of these ways uh

it's being used in any of these ways uh this is what you're going to do

this is what you're going to do [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we're looking at AWS so uh we're

Pro and we're looking at AWS so uh we're saying that adus has the adus trust and

saying that adus has the adus trust and safety team and what you'll want to do

safety team and what you'll want to do is if you uh find that there's an issue

is if you uh find that there's an issue you're going to report it to this email

you're going to report it to this email at abuse Amazon.com or you're going to

at abuse Amazon.com or you're going to use this form which is the report Amazon

use this form which is the report Amazon a abuse so you'll go down here you'll

a abuse so you'll go down here you'll sign in you'll put your email in your

first name last name or phone number um Source IP the the details uh uh in uh

Source IP the the details uh uh in uh here you can even select the type of

here you can even select the type of abuse so you say if it's this kind or

abuse so you say if it's this kind or that kind things like that it's very

that kind things like that it's very straightforward um and that's pretty

straightforward um and that's pretty much it okay

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at the adus

and we are taking a look at the adus free tier and this allows you to use

free tier and this allows you to use adus at no cost um and when we say free

adus at no cost um and when we say free tier there there there's the idea of the

tier there there there's the idea of the first 12 months of sign up there's going

first 12 months of sign up there's going to be special offerings or it's free

to be special offerings or it's free usage up to a certain monthly Limit

usage up to a certain monthly Limit Forever um and then there's just

Forever um and then there's just services that are inherently free which

services that are inherently free which we have a total separate slide on but

we have a total separate slide on but let's talk about just the free tier

let's talk about just the free tier stuff and this is absolutely not the

stuff and this is absolutely not the full list um but uh it's a good idea

full list um but uh it's a good idea like it gives you a good um overview of

like it gives you a good um overview of stuff that is free so for ec2 which you

stuff that is free so for ec2 which you use a web server you get a T2 micro for

use a web server you get a T2 micro for 750 hours per month for one year and so

750 hours per month for one year and so there's about 730 hours um in a month

there's about 730 hours um in a month and so that means you could have a

and so that means you could have a server

server running uh the entire month for free uh

running uh the entire month for free uh and an additional server for a bit as

and an additional server for a bit as well so for RDS which is a relational

well so for RDS which is a relational database service for either my schol or

database service for either my schol or postgress we can do it T2 DB micro for

postgress we can do it T2 DB micro for 750 hours for free so there we get our

750 hours for free so there we get our free database and you would be surprised

free database and you would be surprised how far you can get with a uh a T2 DB

how far you can get with a uh a T2 DB micro um you know even for a mediumsized

micro um you know even for a mediumsized startup you can run it on uh a T2 DB

startup you can run it on uh a T2 DB micro with no problems then you have

micro with no problems then you have your lassic load balancer you get 750

your lassic load balancer you get 750 hours per month for one year um so that

hours per month for one year um so that is a really good thing uh load balancers

is a really good thing uh load balancers usually cost $150 a month so that's

usually cost $150 a month so that's great actually all these pretty much

great actually all these pretty much cost $15 a month so that's about um 1530

cost $15 a month so that's about um 1530 $45

$45 month over month for a year that's uh

month over month for a year that's uh free then you have Amazon cloudfront

free then you have Amazon cloudfront this is where you'd have your homepage

this is where you'd have your homepage caching your videos things like that so

caching your videos things like that so you get 50 gigabyt data transfer out for

you get 50 gigabyt data transfer out for the total year then there's Amazon

the total year then there's Amazon connect you get your total free number

connect you get your total free number there 90 minutes of a call time per

there 90 minutes of a call time per month for one month or for one year

month for one month or for one year sorry Amazon elasticache so you could

sorry Amazon elasticache so you could launch a redis or elasticache server you

launch a redis or elasticache server you get 70 hours on a Cash3 micro for a year

get 70 hours on a Cash3 micro for a year um elastic search service so this full

um elastic search service so this full Tech search so again 7 50 hours per

Tech search so again 7 50 hours per month for one year pinpoint campaign

month for one year pinpoint campaign marketing email so you can send out

marketing email so you can send out 5,000 targeted users per month for one

5,000 targeted users per month for one year sces so um simple email uh service

year sces so um simple email uh service so this is for um transactional emails

so this is for um transactional emails um so that you send up from your web app

um so that you send up from your web app so 62,000 emails per month forever it

so 62,000 emails per month forever it code pipeline so one pipeline free it

code pipeline so one pipeline free it code build so uh this is for building

code build so uh this is for building out uh projects or things like that so

out uh projects or things like that so 100 build minutes per month forever it

100 build minutes per month forever it was Lambda service compute 1 Mill ion

was Lambda service compute 1 Mill ion free requests per month 3.2 million uh

free requests per month 3.2 million uh million seconds of compute time per

million seconds of compute time per month for free uh and you know I like to

month for free uh and you know I like to highlight these ones because for

highlight these ones because for traditional architecture you're always

traditional architecture you're always going to have a web server a database a

going to have a web server a database a load balancer um and you might even have

load balancer um and you might even have cloudfront in there as well but uh yeah

cloudfront in there as well but uh yeah again there's a huge list and this does

again there's a huge list and this does not even tap the surface of what's free

not even tap the surface of what's free on

on [Music]

[Music] AWS hey this is Andrew Brown from exam

AWS hey this is Andrew Brown from exam Pro and we are taking a look at a

Pro and we are taking a look at a promotional credits and these are the

promotional credits and these are the equivalent to USD dollars on adus

equivalent to USD dollars on adus platform ad credits can be earned

platform ad credits can be earned several ways this could be joining adus

several ways this could be joining adus activate startup program winning a

activate startup program winning a hackathon participating surveys and any

hackathon participating surveys and any other reason that Adis wants to give

other reason that Adis wants to give credits out uh once you uh have um a

credits out uh once you uh have um a promotional code you click the redeem

promotional code you click the redeem credit button in the billing console you

credit button in the billing console you enter it in and then your credits will

enter it in and then your credits will be shown there you can monitor them via

be shown there you can monitor them via adus budgets or uh via cost Explorer and

adus budgets or uh via cost Explorer and probably even building alarms it credits

probably even building alarms it credits generally have an expired dat tax maum

generally have an expired dat tax maum could be a few months to a year itus

could be a few months to a year itus credits can be used for most services

credits can be used for most services but there are exceptions where itus

but there are exceptions where itus credits cannot be used like purchasing a

credits cannot be used like purchasing a domain via row 53 because uh that domain

domain via row 53 because uh that domain costs money outside of ad's cost like

costs money outside of ad's cost like for their infrastructure and virtual

for their infrastructure and virtual stuff and so for things like that uh you

stuff and so for things like that uh you know they're not going to be you're not

know they're not going to be you're not going to be able to use credits for that

going to be able to use credits for that [Music]

[Music] okay the adabs partner Network also know

okay the adabs partner Network also know as APN is a global partner program for

as APN is a global partner program for ads so joining the APN will open your

ads so joining the APN will open your organization up to business

organization up to business opportunities and allow exclusive

opportunities and allow exclusive training and marketing events so when

training and marketing events so when joining the APN you can either be a

joining the APN you can either be a Consulting partner so you help companies

Consulting partner so you help companies utilize adabs or a technology partner

utilize adabs or a technology partner you build technology on top of adabs as

you build technology on top of adabs as a service offering and a partner belongs

a service offering and a partner belongs to a specific tier so it's either going

to a specific tier so it's either going to be select advance or Premiere when

to be select advance or Premiere when you sign up it's free to sign up but

you sign up it's free to sign up but you're not going to be able to do much

you're not going to be able to do much until you start uh committing to an

until you start uh committing to an annual fee so that's it's like a certain

annual fee so that's it's like a certain amount of money to uh be able to be part

amount of money to uh be able to be part of that tier and it starts in the

of that tier and it starts in the thousands okay so I think the first tier

thousands okay so I think the first tier is like something like a, or $2,000 and

is like something like a, or $2,000 and it gets uh more expensive as you go up

it gets uh more expensive as you go up as a tier and you also have to have

as a tier and you also have to have particular knowledge requirements so

particular knowledge requirements so this could be holding uh particular ad

this could be holding uh particular ad certifications at the at the

certifications at the at the foundational level at the associate

foundational level at the associate level things like that um or it could be

level things like that um or it could be adus APN exclusive certifications so

adus APN exclusive certifications so training that um is not a with

training that um is not a with certifications but there're

certifications but there're certifications that are only available

certifications that are only available to Partners saying like how do you it

to Partners saying like how do you it could be like something like how do you

could be like something like how do you uh talk to customers or communication

uh talk to customers or communication things like that you can get back

things like that you can get back promotional Abus credits so you know if

promotional Abus credits so you know if you say oh man I spent uh

you say oh man I spent uh $2,000 on just being able to uh get into

$2,000 on just being able to uh get into the APN at least the idea is that you

the APN at least the idea is that you can generally get back that uh that

can generally get back that uh that spend on AWS so it's like you committing

spend on AWS so it's like you committing if you give like $2,000 it's like you're

if you give like $2,000 it's like you're going to commit to keep using ads I'm

going to commit to keep using ads I'm not showing the annual fee commitment

not showing the annual fee commitment here and the promotional credits that

here and the promotional credits that you get back just because they've

you get back just because they've changed it a couple times on me and I

changed it a couple times on me and I just don't want this slide to go stale

just don't want this slide to go stale in case they happen to change it again

in case they happen to change it again so you'll have to look that up to find

so you'll have to look that up to find out what they actually are right now uh

out what they actually are right now uh you can have unique speaking

you can have unique speaking opportunities in the official adus

opportunities in the official adus marketing channels like the blogs or

marketing channels like the blogs or webinars being part of the APN is a

webinars being part of the APN is a requirement to be a sponsor with a

requirement to be a sponsor with a vendor booth at adus events so when you

vendor booth at adus events so when you when you go to reinvent or any ads um

when you go to reinvent or any ads um event all the vendors are part of the

event all the vendors are part of the APN all right so they've paid their fee

APN all right so they've paid their fee and now they paid an additional fee to

and now they paid an additional fee to get their Booth but um yeah the ab

get their Booth but um yeah the ab partner network uh is very good for uh

partner network uh is very good for uh uh helping you find new business and

uh helping you find new business and connecting with other people that are

connecting with other people that are building workloads onws but hopefully

building workloads onws but hopefully that gives you an idea of how that works

that gives you an idea of how that works [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at adus

Pro and we are taking a look at adus budgets so adus budgets gives you the

budgets so adus budgets gives you the ability to set up alerts if you exceed

ability to set up alerts if you exceed or approaching your defined budget

or approaching your defined budget create cost usage or reservation budgets

create cost usage or reservation budgets it can be tracked at the monthly

it can be tracked at the monthly quarterly or yearly levels with

quarterly or yearly levels with customizable start and end dates alert

customizable start and end dates alert support ec2 RDS red shift elastic cast

support ec2 RDS red shift elastic cast reservations uh and so the idea here is

reservations uh and so the idea here is you can choose your budget amount so it

you can choose your budget amount so it could be like $100 it'll even show you

could be like $100 it'll even show you what was the last amount if you're uh

what was the last amount if you're uh resetting the budget is something new

resetting the budget is something new you can choose based on a different kind

you can choose based on a different kind of unit so if you wanted to be based on

of unit so if you wanted to be based on running hours on ec2 you could totally

running hours on ec2 you could totally do that is budgets can be used to

do that is budgets can be used to forecast costs but is limited compared

forecast costs but is limited compared to cost Explorer or doing your own

to cost Explorer or doing your own analysis related with cost and usage

analysis related with cost and usage reports along with business intelligence

reports along with business intelligence tools budgets uh based on a fixed cost

tools budgets uh based on a fixed cost or or you can plan your cost uh upfront

or or you can plan your cost uh upfront based on your chosen level can be easily

based on your chosen level can be easily managed from the adus budgets dashboard

managed from the adus budgets dashboard via the ad budgets API get notified by

via the ad budgets API get notified by providing email or chatbot and threshold

providing email or chatbot and threshold uh how close to the current or

uh how close to the current or forecasted budget um so you'd see a list

forecasted budget um so you'd see a list of budgets here uh current versus

of budgets here uh current versus forecasted the amount used things like

forecasted the amount used things like that you can see your budget history you

that you can see your budget history you can download a CSV uh it'll show you the

can download a CSV uh it'll show you the cost history right in line there which I

cost history right in line there which I can't show you it it's hard to see there

can't show you it it's hard to see there you get the first two budgets are free

you get the first two budgets are free so there's no reason not to set a budget

so there's no reason not to set a budget when you first get into AWS and each

when you first get into AWS and each budget costs about uh 002 cents a day so

budget costs about uh 002 cents a day so it's like 60 cents um uh USD per month

it's like 60 cents um uh USD per month for a budget so they're very cheap to

for a budget so they're very cheap to use and you got a limit of 20,000

use and you got a limit of 20,000 budgets they're going to be in good

budgets they're going to be in good shape

shape [Music]

[Music] okay let's take a look here it was

okay let's take a look here it was budget reports which is use alongside

budget reports which is use alongside abos budgets to create and send daily

abos budgets to create and send daily weekly or monthly reports to monitor the

weekly or monthly reports to monitor the performance of your abos budgets that

performance of your abos budgets that will be email to specific emails so it's

will be email to specific emails so it's not too complicated here you say create

not too complicated here you say create the report budget choose your frequency

the report budget choose your frequency uh the emails you want um and ab budget

uh the emails you want um and ab budget report serves as a more convenient way

report serves as a more convenient way of staying on top of reports since

of staying on top of reports since they're delivered to your email instead

they're delivered to your email instead of logging into the abis Management

of logging into the abis Management console so it's just for those people

console so it's just for those people that just can't be bothered to log in

that just can't be bothered to log in okay

let's take a look here at adus cost and use as report so generate a detailed

use as report so generate a detailed spreadsheet enabling you to better

spreadsheet enabling you to better analyze and understand your adus cost so

analyze and understand your adus cost so this is kind of what it looks like and

this is kind of what it looks like and when you turn this feature on it will

when you turn this feature on it will place it into an S3 bucket you could use

place it into an S3 bucket you could use something like Athena to turn the report

something like Athena to turn the report into a queriable database since it's

into a queriable database since it's very easy to consume S3 csvs into Athena

very easy to consume S3 csvs into Athena you could use Quick site to visualize

you could use Quick site to visualize your building data as grass so quick

your building data as grass so quick site is a business intelligence tool

site is a business intelligence tool similar to Tableau or powerbi you can

similar to Tableau or powerbi you can also ingest this into red shift um but

also ingest this into red shift um but the idea here is when you turn it on you

the idea here is when you turn it on you can choose how granular you want the

can choose how granular you want the data to be hourly daily or monthly if

data to be hourly daily or monthly if you turn on daily you'll be able to even

you turn on daily you'll be able to even say spikes of uh of of of costs for uc2

say spikes of uh of of of costs for uc2 instances which is kind of nice the

instances which is kind of nice the report will contain cost allocation tags

report will contain cost allocation tags um which I think we have a separate

um which I think we have a separate slide on that type of tags and the data

slide on that type of tags and the data is stored in e as either a CSV it'll be

is stored in e as either a CSV it'll be zipped or it will be a parket format it

zipped or it will be a parket format it just depends on how you want it um uh

just depends on how you want it um uh for that

for that [Music]

[Music] okay let's talk about cost allocation

okay let's talk about cost allocation tags so these are optional metadata that

tags so these are optional metadata that can be attached to adus resources so

can be attached to adus resources so when you generate a a cost and uses

when you generate a a cost and uses report you can use that data to better

report you can use that data to better analyze your data so what you'd have to

analyze your data so what you'd have to do is make your way over to cost

do is make your way over to cost allocation tags and need to activate the

allocation tags and need to activate the tags you want to show up there are two

tags you want to show up there are two types of tags so we have user defin so

types of tags so we have user defin so whatever you've previously tagged will

whatever you've previously tagged will show up probably there

show up probably there you turn it on so if you made one with

you turn it on so if you made one with project you turn on project and there's

project you turn on project and there's a lot of Adis generated ones that you

a lot of Adis generated ones that you can turn on so there's a huge list there

can turn on so there's a huge list there but uh yeah that's particular with cost

but uh yeah that's particular with cost um usage and reports if it says like

um usage and reports if it says like cost allocation reports it's just that's

cost allocation reports it's just that's what cost and usage reports used to be

what cost and usage reports used to be called um and some of the documentation

called um and some of the documentation is a bit old there but yep there you

is a bit old there but yep there you [Music]

[Music] go so you can create your own alarms in

go so you can create your own alarms in cloudwatch alarms to monitor spend and

cloudwatch alarms to monitor spend and they are commonly called building alarms

they are commonly called building alarms uh and so it's just a regular alarm but

uh and so it's just a regular alarm but it's just focused on spend but in order

it's just focused on spend but in order to do this you have to turn on building

to do this you have to turn on building alerts first in order to uh be able to

alerts first in order to uh be able to use it uh and then you'll go to

use it uh and then you'll go to cloudwatch alarms and you can choose

cloudwatch alarms and you can choose billing as your metric and then you just

billing as your metric and then you just set your alarm however you'd want

set your alarm however you'd want bilding alarms are much more flexible

bilding alarms are much more flexible than abess budgets and are ideal for

than abess budgets and are ideal for more complex use cases for monitoring

more complex use cases for monitoring spend and usage in terms of alerting so

spend and usage in terms of alerting so you just have to decide what you want to

you just have to decide what you want to do uh before this was the only way to do

do uh before this was the only way to do it and so this is the way I'm used to

it and so this is the way I'm used to doing it and I still do it this way

doing it and I still do it this way today but you know both options are

today but you know both options are valid you just have to decide what is

valid you just have to decide what is your use case

your use case [Music]

[Music] okay let's take a look at abos Cost

okay let's take a look at abos Cost Explorer which lets you visualize

Explorer which lets you visualize understand and manage your adus cost and

understand and manage your adus cost and usage over time so uh here's a big

usage over time so uh here's a big graphic of Adis cost Explorer and you

graphic of Adis cost Explorer and you can specify time and range and

can specify time and range and aggregation and it has a lot of robust

aggregation and it has a lot of robust filtering um what's really nice is that

filtering um what's really nice is that they have a bunch of default reports for

they have a bunch of default reports for you so I'm just going to get my pen tool

you so I'm just going to get my pen tool just to show you where that button is

just to show you where that button is it's over uh here uh if you can see my

it's over uh here uh if you can see my marker there but but you know you can

marker there but but you know you can look at things like monthly cost by

look at things like monthly cost by service monthly cost by linked account

service monthly cost by linked account daily cost a Marketplace R utilization

daily cost a Marketplace R utilization so there's a bunch there you can also

so there's a bunch there you can also notice you can create your own report so

notice you can create your own report so if you do find something that you like

if you do find something that you like you can save it for later um you can you

you can save it for later um you can you could have access to forecasting here so

could have access to forecasting here so you get an idea of the future cost and

you get an idea of the future cost and whether it's been it's gone up or down

whether it's been it's gone up or down just to kind of zoom in on some of those

just to kind of zoom in on some of those filtration options you can choose um

filtration options you can choose um either monthly or daily level of of how

either monthly or daily level of of how you want the data to be grouped together

you want the data to be grouped together and you have a lot of filter control so

and you have a lot of filter control so if I want to just have ec2 instances for

if I want to just have ec2 instances for a particular region then I can get that

a particular region then I can get that filtered information over here and you

filtered information over here and you can see you have a breakdown of the

can see you have a breakdown of the different types so it's very detailed

different types so it's very detailed and class Explorer shows up in Us East

and class Explorer shows up in Us East one I'm pretty sure if you click on

one I'm pretty sure if you click on class Explorer it will just switch you

class Explorer it will just switch you over to that region but just understand

over to that region but just understand that's where it lives okay

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and in this video I want to show you ad

and in this video I want to show you ad cost Explorer so what we'll do is go to

cost Explorer so what we'll do is go to the top here and actually on the right

the top here and actually on the right hand side we're going to click on the

hand side we're going to click on the right and go to my billing dashboard and

right and go to my billing dashboard and from there on the left hand side we're

from there on the left hand side we're going to look for cost Explorer and then

going to look for cost Explorer and then click launch cost Explorer and this is

click launch cost Explorer and this is where we're going to get to the aist

where we're going to get to the aist cost management dashboard where this is

cost management dashboard where this is where we find savings plans reservations

where we find savings plans reservations things like that on the left hand side

things like that on the left hand side click on cost Explorer and you can get

click on cost Explorer and you can get this nice chart and so the idea is you

this nice chart and so the idea is you can change it from monthly to daily if

can change it from monthly to daily if you if you uh

you if you uh prefer okay you can change the scope

prefer okay you can change the scope here maybe we don't need six months we

here maybe we don't need six months we can just go

can just go back

back um three months here so there's less

data it is a bit delayed when I'm clicking here so it also could be just

clicking here so it also could be just because I'm doing the daily instead of

because I'm doing the daily instead of monthly so you just have to be a little

monthly so you just have to be a little bit patient when uh using this interface

bit patient when uh using this interface you can change it to stack line graph

you can change it to stack line graph you can kind of see the details there

you can kind of see the details there it's not always clear like what others

it's not always clear like what others is or things like that and so uh you can

is or things like that and so uh you can drill down and there's like ways of

drill down and there's like ways of applying filters and things like

applying filters and things like that I always forget how to uh do this

that I always forget how to uh do this it's because it's it's bringing

it's because it's it's bringing everything in so you have to hit clear

everything in so you have to hit clear all first I

all first I think and

um oh you have to click into it so like if you wanted to click into it and pick

if you wanted to click into it and pick a particular service we could go here

a particular service we could go here and type in

and type in ec2 and say ec2 instances and then apply

ec2 and say ec2 instances and then apply that filter so now we can just see

that filter so now we can just see exactly that cost or if we want to

exactly that cost or if we want to choose like maybe just

choose like maybe just RDS okay so you know that could be

RDS okay so you know that could be useful for you to see but yeah sometimes

useful for you to see but yeah sometimes it's not always clear and so what I

it's not always clear and so what I recommend is just go back to your

recommend is just go back to your billing dashboard and from there just go

billing dashboard and from there just go to bills okay bills is really really

to bills okay bills is really really useful because here it shows you exactly

useful because here it shows you exactly every single little service that you're

every single little service that you're being built for you can expand it and

being built for you can expand it and see exactly where if you have other

see exactly where if you have other accounts you can go into this side here

accounts you can go into this side here as well and find spend that way um but

as well and find spend that way um but cost Explorer is very useful just it's

cost Explorer is very useful just it's useful in a different way okay so there

useful in a different way okay so there you

you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are taking a look at the adus

Pro and we are taking a look at the adus pricing API so with adabs you can

pricing API so with adabs you can programmatically access pricing

programmatically access pricing information to get the latest price

information to get the latest price pricing offerings for services this

pricing offerings for services this makes sense because abos can change them

makes sense because abos can change them at any time and so uh you know you might

at any time and so uh you know you might want to know exactly what the current

want to know exactly what the current price is uh there are two versions of

price is uh there are two versions of this API so we have the career API known

this API so we have the career API known as the pricing service API and you

as the pricing service API and you access this via Json and then there's

access this via Json and then there's the batch API also known as the price uh

the batch API also known as the price uh list API via HTML what's odd is that um

list API via HTML what's odd is that um the batch API returns Json but you're

the batch API returns Json but you're accessing it via HTML so you can

accessing it via HTML so you can literally paste those links in your

literally paste those links in your browser for the API you're actually

browser for the API you're actually sending an an application Json request

sending an an application Json request so you'd have to use something like

so you'd have to use something like Postman or something uh you can also

Postman or something uh you can also subscribe to SNS uh notifications to get

subscribe to SNS uh notifications to get alerts when pricing for the services

alerts when pricing for the services change ads prices change periodically

change ads prices change periodically such as when ads Cuts prices when new

such as when ads Cuts prices when new instance types are launched or when new

instance types are launched or when new services are introduced so there you

services are introduced so there you [Music]

[Music] go hey this is Angie Brown from exam Pro

go hey this is Angie Brown from exam Pro and what I want to do here is show you

and what I want to do here is show you savings plans and so savings is going to

savings plans and so savings is going to be found under the it cost Explorer so

be found under the it cost Explorer so just type in cost Explorer at the top

just type in cost Explorer at the top here or if you want you can type in

here or if you want you can type in savings plan as well and once we are

savings plan as well and once we are here on the left hand side we are going

here on the left hand side we are going to have uh savings plans options so

to have uh savings plans options so we're going to go to the overview and

we're going to go to the overview and here it just describes um what our

here it just describes um what our savings plans if you want to read

savings plans if you want to read through it but down below if you have

through it but down below if you have already some spend happening it's going

already some spend happening it's going to make some suggestions and in this

to make some suggestions and in this particular account it's saying that I

particular account it's saying that I could save some money on compute before

could save some money on compute before we take a look here I'm just going to go

we take a look here I'm just going to go to the form here and see what we can see

to the form here and see what we can see so up here we can say uh commitment

so up here we can say uh commitment through 3 years by the way you have

through 3 years by the way you have compute savings which applies to ec2

compute savings which applies to ec2 fargate or Lambda then you have the ec2

fargate or Lambda then you have the ec2 specific one where uh we can select a

specific one where uh we can select a very particular type of instance family

very particular type of instance family and then there's the sage maker savings

and then there's the sage maker savings plans um but if we go here and we just

plans um but if we go here and we just enter in like

enter in like $2 all up front uh I don't really

$2 all up front uh I don't really understand it from here because it

understand it from here because it doesn't make it clear what the savings

doesn't make it clear what the savings are um but uh I what it does make it

are um but uh I what it does make it very easy is probably if we go over here

very easy is probably if we go over here and then click down on the compute so I

and then click down on the compute so I kind of feel like here it would autofill

kind of feel like here it would autofill it in for you and so here I filled it in

it in for you and so here I filled it in uh or sorry it's filled it in for me and

uh or sorry it's filled it in for me and so here it's saying with a one-year plan

so here it's saying with a one-year plan all Upfront for uh based on the past 30

all Upfront for uh based on the past 30 days that it's going to see that I'm

days that it's going to see that I'm going to see a monthly savings of

going to see a monthly savings of $25. 36 and then I can add it to the

$25. 36 and then I can add it to the cart that way and I kind of feel like

cart that way and I kind of feel like that is the easiest way to um figure

that is the easiest way to um figure that out where with um with how it was

that out where with um with how it was going to that form I just configured out

going to that form I just configured out myself what the savings were uh there

myself what the savings were uh there are some utilization reports and

are some utilization reports and coverage reports honestly I've never

coverage reports honestly I've never really looked at these before um but uh

really looked at these before um but uh I'm just curious like what we're looking

I'm just curious like what we're looking at monthly

at monthly daily the

daily the last let's go a few months here I've

last let's go a few months here I've been running stuff in this account for a

been running stuff in this account for a while so there should be

while so there should be something

something apply so nothing nothing of interest but

apply so nothing nothing of interest but um I mean I guess you have a lot of use

um I mean I guess you have a lot of use and coverage report and utilization

and coverage report and utilization report could be interesting but I

report could be interesting but I imagine it's maybe you have to be using

imagine it's maybe you have to be using you have to have a savings plan before

you have to have a savings plan before you can see this so that's probably the

you can see this so that's probably the reason why um but yeah hopefully that

reason why um but yeah hopefully that gives you a clear idea that you know you

gives you a clear idea that you know you can just go down to those

can just go down to those recommendations and and see exactly what

recommendations and and see exactly what you can save and you just add it to your

you can save and you just add it to your cart and then once you want to pay for

cart and then once you want to pay for it you just choose to submit that order

it you just choose to submit that order and you're all good to go all right so

and you're all good to go all right so that's savings plans

that's savings plans [Music]

[Music] let's take a look here at defense in

let's take a look here at defense in depth to understand the layers of

depth to understand the layers of security ads has to consider uh for

security ads has to consider uh for their data centers for their uh virtual

their data centers for their uh virtual workloads and things that you also have

workloads and things that you also have to consider when you are uh thinking

to consider when you are uh thinking about security for your Cloud resources

about security for your Cloud resources so in the most interior we have data so

so in the most interior we have data so this is access to business and customer

this is access to business and customer data and encryption to protect your data

data and encryption to protect your data then we have applications so

then we have applications so applications are secure and free of

applications are secure and free of security vulnerabilities then you have

security vulnerabilities then you have comput so access to Virtual machines

comput so access to Virtual machines ports on premise and Cloud you have the

ports on premise and Cloud you have the network layer so this limits

network layer so this limits communication between resources using

communication between resources using segmentation and access controls you

segmentation and access controls you have the perimeter itself so distributed

have the perimeter itself so distributed denial of service protection to filter

denial of service protection to filter large scale attacks before they can

large scale attacks before they can cause denial of service of users you

cause denial of service of users you could say that's part of the network

could say that's part of the network layer and that's when I say there are

layer and that's when I say there are variants on this but we're just

variants on this but we're just separating it out uh explicitly there we

separating it out uh explicitly there we have identity and access so controlling

have identity and access so controlling access to infrastructure and change

access to infrastructure and change control and then there's the physical

control and then there's the physical physical layer so limiting access to

physical layer so limiting access to data centers to only authorized

data centers to only authorized Personnel you'll notice I highlighted

Personnel you'll notice I highlighted identity and access in yellow it's

identity and access in yellow it's because that is considered the new

because that is considered the new primary um perimeter from the customer's

primary um perimeter from the customer's perspective of course adab best has

perspective of course adab best has concerned about the physical perimeter

concerned about the physical perimeter and things like that but as a as a

and things like that but as a as a customer that's what you're going to be

customer that's what you're going to be thinking about especially with the zero

thinking about especially with the zero trust model and when you see these

trust model and when you see these depths the idea is that in order to get

depths the idea is that in order to get here you have to pass through all this

here you have to pass through all this stuff so if this um if this outward one

stuff so if this um if this outward one is protected pretty well then you

is protected pretty well then you generally don't have to worry about the

generally don't have to worry about the Interiors but of course you should um

Interiors but of course you should um but yeah there you

but yeah there you [Music]

[Music] go let's take a look here at

go let's take a look here at confidentiality integrity and

confidentiality integrity and availability also known as the CIA Triad

availability also known as the CIA Triad is a model describing the foundation to

is a model describing the foundation to security principles and their tradeoff

security principles and their tradeoff relationships so here is our Triad so we

relationships so here is our Triad so we have confidentiality so confidentiality

have confidentiality so confidentiality is a component of privacy that

is a component of privacy that implements to protect our data from

implements to protect our data from unauthorized viewers in practice this

unauthorized viewers in practice this can be using cryptographic keys to

can be using cryptographic keys to encrypt our data and using keys to

encrypt our data and using keys to encrypt our keys so envelope encryption

encrypt our keys so envelope encryption then we have integrity so maintaining

then we have integrity so maintaining and ensuring the accuracy and

and ensuring the accuracy and completeness of data over its entire

completeness of data over its entire life cycle in practice utilizing asset

life cycle in practice utilizing asset compliant databases for valid

compliant databases for valid transactions utilizing tamper evident or

transactions utilizing tamper evident or tamper proof Hardware security modules

tamper proof Hardware security modules hsms availability so information needs

hsms availability so information needs to be available when needed in practice

to be available when needed in practice so high availability mitigating dos uh

so high availability mitigating dos uh decryption access so the CIA Triad was

decryption access so the CIA Triad was first mentioned in N publication 1977

first mentioned in N publication 1977 there have been efforts to expand and

there have been efforts to expand and modernize or suggest alternatives to the

modernize or suggest alternatives to the CIA triab so one was in 1998 for the six

CIA triab so one was in 1998 for the six Atomic elements of information uh or in

Atomic elements of information uh or in 2004 we have the N engineering

2004 we have the N engineering principles for uh for information

principles for uh for information technology security so it has 33

technology security so it has 33 security principles but this is still a

security principles but this is still a very popular um model for security uh

very popular um model for security uh and it's just to kind of tell you like

and it's just to kind of tell you like you know you don't always get everything

you know you don't always get everything you don't get all three of them

you don't get all three of them sometimes you have to trade off in your

sometimes you have to trade off in your scenario um you know and hopefully some

scenario um you know and hopefully some of the terminology here will uh resonate

of the terminology here will uh resonate as we go through more security

as we go through more security [Music]

[Music] content what I want to do here is just

content what I want to do here is just Define the term vulnerability so

Define the term vulnerability so vulnerability is a whole or weakness in

vulnerability is a whole or weakness in an application which can be designed a

an application which can be designed a design flaw or implementation bug that

design flaw or implementation bug that allows an attacker to cause harm to

allows an attacker to cause harm to stakeholders or applications and uh

stakeholders or applications and uh there's a lot of great definitions of

there's a lot of great definitions of vulnerabilities but OAS has a ton of

vulnerabilities but OAS has a ton of them and we talked about OAS when we

them and we talked about OAS when we talk about Abus Waf uh but it's an

talk about Abus Waf uh but it's an organization that creates security

organization that creates security projects that help you know what you

projects that help you know what you should protect uh or gives you a working

should protect uh or gives you a working examples so that you can understand how

examples so that you can understand how to get better at security and so they

to get better at security and so they have a lot of ones here but maybe you'll

have a lot of ones here but maybe you'll might notice some here like using a

might notice some here like using a broken or risky cryptographic algorithm

broken or risky cryptographic algorithm maybe there's a memory leak least

maybe there's a memory leak least privilege violation so that's um uh

privilege violation so that's um uh lease privilege is something that is a

lease privilege is something that is a thing that you're always worried about

thing that you're always worried about insecurity improper data validation

insecurity improper data validation buffer overflows so you know just to

buffer overflows so you know just to kind of set the tone of what a

kind of set the tone of what a vulnerability is and things you should

vulnerability is and things you should be thinking about

be thinking about [Music]

[Music] okay let's understand what encryption is

okay let's understand what encryption is but before we do we need to understand

but before we do we need to understand what is cryptography so this is the

what is cryptography so this is the practice and study of techniques for

practice and study of techniques for secure communication in the presence of

secure communication in the presence of third parties called adversaries and

third parties called adversaries and encryption is the process of encoding or

encryption is the process of encoding or scrambling information using a key and a

scrambling information using a key and a cipher to store sensitive data in an

cipher to store sensitive data in an unintelligible format as a means of

unintelligible format as a means of protection an encryption takes in plain

protection an encryption takes in plain text and produces produces a cipher text

text and produces produces a cipher text so here's an example of a very old um

so here's an example of a very old um encryption machine this is the Enigma

encryption machine this is the Enigma machine used during World War II and it

machine used during World War II and it has a different key for each day that it

has a different key for each day that it was used to set the position of the

was used to set the position of the rotors and it relied on simple Cipher

rotors and it relied on simple Cipher substitution and so you might be asking

substitution and so you might be asking what is a cipher and that's what we're

what is a cipher and that's what we're going to look at next

going to look at next [Music]

[Music] so what is a cipher it is an algorithm

so what is a cipher it is an algorithm that performs encryption or decryption

that performs encryption or decryption so Cipher is synomous with code uh and

so Cipher is synomous with code uh and the idea is that you use the code to

the idea is that you use the code to either unlock or or lock up the

either unlock or or lock up the information that you have so what is a

information that you have so what is a cipher text a cipher text is the result

cipher text a cipher text is the result of encryption performed on Plain text

of encryption performed on Plain text via an algorithm so you lock that up you

via an algorithm so you lock that up you scramble it it doesn't make sense and

scramble it it doesn't make sense and you need that code to unlock ET to get

you need that code to unlock ET to get the information so a good practical

the information so a good practical example back in the day was a code book

example back in the day was a code book and this was the type of document used

and this was the type of document used for Gathering and storing cryptographic

for Gathering and storing cryptographic codes or ciphers so the idea is if we

codes or ciphers so the idea is if we zoomed up on here notice where we have

zoomed up on here notice where we have cannot so uh and it would be0 0 and then

cannot so uh and it would be0 0 and then there would be give them Authority so

there would be give them Authority so the idea is 0 0 or if you had the word

the idea is 0 0 or if you had the word cannot it would translate to 0 and then

cannot it would translate to 0 and then you use 0 to match that up to say what

you use 0 to match that up to say what does that mean and so that is kind of a

does that mean and so that is kind of a very practical example of ciphers in

very practical example of ciphers in [Music]

[Music] action so we just took a look at

action so we just took a look at encryption but what are cryptographic

encryption but what are cryptographic keys so a c a cryptographic key an easy

keys so a c a cryptographic key an easy way to think of it is a variable used in

way to think of it is a variable used in conjunction with an encryption algorithm

conjunction with an encryption algorithm in order to encrypt or decrypt data and

in order to encrypt or decrypt data and there are different kinds of um ones we

there are different kinds of um ones we have so we have symmetric encryption so

have so we have symmetric encryption so this is where we have the same key that

this is where we have the same key that is used for encoding and decoding uh and

is used for encoding and decoding uh and a very popular one and the one you'll

a very popular one and the one you'll see on AWS is called Advanced encryption

see on AWS is called Advanced encryption standard AES so just take a look at that

standard AES so just take a look at that graphic very closely so we have one key

graphic very closely so we have one key and it is used to encrypt so it produces

and it is used to encrypt so it produces the cipher and then or Cipher text we

the cipher and then or Cipher text we should say and then it will uh decrypt

should say and then it will uh decrypt and we will get our plain text so one

and we will get our plain text so one single key then we have asymmetric

single key then we have asymmetric encryption so two keys are used one to

encryption so two keys are used one to encode and one to decode and a very

encode and one to decode and a very popular one here is RSA if you're

popular one here is RSA if you're wondering what those uh those words are

wondering what those uh those words are it's three people's names put together

it's three people's names put together who helped uh invent this type of

who helped uh invent this type of algorithm and so here we have uh one key

algorithm and so here we have uh one key for ecrypt and one key for decrypt and

for ecrypt and one key for decrypt and they're two different Keys all

they're two different Keys all [Music]

[Music] right all right let's look at the

right all right let's look at the concept of hashing and salting so for

concept of hashing and salting so for hashing we have a hashing function and

hashing we have a hashing function and this accepts arbitrary size values and

this accepts arbitrary size values and Maps it to a fixed size data structure

Maps it to a fixed size data structure hashing can reduce the size of a store

hashing can reduce the size of a store value and hashing is a one-way process

value and hashing is a one-way process and is deterministic so a deterministic

and is deterministic so a deterministic function always returns the same output

function always returns the same output output for the same input so if we have

output for the same input so if we have something like John Smith and we pass it

something like John Smith and we pass it to the hash function it's going to

to the hash function it's going to create something that is not human

create something that is not human readable but it'll say something like 02

readable but it'll say something like 02 Fae X XY whatever um and it will always

Fae X XY whatever um and it will always produce the same thing if the same key

produce the same thing if the same key or you know value is being input there

or you know value is being input there so the reason we use hashing functions

so the reason we use hashing functions or hashing General is to Hash passwords

or hashing General is to Hash passwords so hash functions are used to store

so hash functions are used to store passwords in a database so that the

passwords in a database so that the password does not reside in a plain text

password does not reside in a plain text format so you've heard about all these

format so you've heard about all these data reaches where they've stored the

data reaches where they've stored the password in plain text this is the thing

password in plain text this is the thing that helps us avoid that issue um and

that helps us avoid that issue um and the thing again is it because it's one

the thing again is it because it's one way you can't take that hash and unhash

way you can't take that hash and unhash it um well there are some conditions to

it um well there are some conditions to it but so to authenticate a user when a

it but so to authenticate a user when a user inputs their password it is then

user inputs their password it is then hashed so the one that was inputed at

hashed so the one that was inputed at the time of you know login and then that

the time of you know login and then that hash is compared to the stored hash in

hash is compared to the stored hash in the database and if they match the user

the database and if they match the user is successfully logged in so in that

is successfully logged in so in that case we never ever had to know what the

case we never ever had to know what the original password looked like uh popular

original password looked like uh popular hashing functions are md5 Shaw 256 or

hashing functions are md5 Shaw 256 or bcrypt uh if an attacker knows the

bcrypt uh if an attacker knows the function you are using uh and uh and

function you are using uh and uh and stole your database they could enumerate

stole your database they could enumerate a dictionary of passwords to determine

a dictionary of passwords to determine the password so they'll never see it but

the password so they'll never see it but they could just keep on going through

they could just keep on going through that so that's why we salt our passwords

that so that's why we salt our passwords so a salt is a random string not known

so a salt is a random string not known to the attacker that the hash function

to the attacker that the hash function accepts to mitigate the deterministic

accepts to mitigate the deterministic nature of a hashing function so there

nature of a hashing function so there you

you [Music]

[Music] go let's take a look here at digital

go let's take a look here at digital signatures and signing so what is a

signatures and signing so what is a digital signature it is a mathematical

digital signature it is a mathematical scheme for verifying the authenticity of

scheme for verifying the authenticity of digital messages or documents and a

digital messages or documents and a digital signature gives us tamper

digital signature gives us tamper evidence so did someone mess or modify

evidence so did someone mess or modify the data is this data from uh someone we

the data is this data from uh someone we did not expect it to be is it from the

did not expect it to be is it from the actual sender and so we kind of have

actual sender and so we kind of have this diagram where we have a person who

this diagram where we have a person who sends or is going to send a message so

sends or is going to send a message so they sign it and then uh Bob verifies

they sign it and then uh Bob verifies that it was for the person who it's from

that it was for the person who it's from so there are three algorithms to a

so there are three algorithms to a digital signature the key generation so

digital signature the key generation so generates a public and private key um

generates a public and private key um then there is signing the process of

then there is signing the process of generating a digital signature with a

generating a digital signature with a private key and the inputed value so

private key and the inputed value so signing which is what is happening up

signing which is what is happening up here signing verification verifies the

here signing verification verifies the authenticity of the message with a

authenticity of the message with a public key so remember the private key

public key so remember the private key is used for signing and the public key

is used for signing and the public key is used for verifying SSH uses a public

is used for verifying SSH uses a public and private key to authorize remote

and private key to authorize remote access into a remote machine such as a

access into a remote machine such as a virtual machine it is common to use RSA

virtual machine it is common to use RSA and we saw that RSA is a type of

and we saw that RSA is a type of algorithm earlier and so SSH hyen keyen

algorithm earlier and so SSH hyen keyen is a well-known command to generate a

is a well-known command to generate a public and private key on Linux I know

public and private key on Linux I know this one off the top of my head I always

this one off the top of my head I always know to do this um and so what is code

know to do this um and so what is code signing so when you use a digital

signing so when you use a digital signature to ensure computer code has

signature to ensure computer code has not been tampered and so that's just a

not been tampered and so that's just a like subset of digital signatur so you

like subset of digital signatur so you can use this as a means to get into a

can use this as a means to get into a virtual machine or you can use signing

virtual machine or you can use signing as a means to make sure that the code

as a means to make sure that the code being committed to your repository is

being committed to your repository is who you expect it to be from so there

who you expect it to be from so there you

you [Music]

[Music] go let's talk about in transit versus at

go let's talk about in transit versus at rest encryption so encryption and

rest encryption so encryption and Transit this is data that is secure when

Transit this is data that is secure when moving between locations and the

moving between locations and the algorithms here are TLS and SSL then you

algorithms here are TLS and SSL then you have encryption at rest so this is data

have encryption at rest so this is data that is secure when residing on storage

that is secure when residing on storage or within a database so we're looking at

or within a database so we're looking at AES or RSA which we both covered

AES or RSA which we both covered previously uh these algorithms so ones

previously uh these algorithms so ones that we did not cover was TLS and SSL so

that we did not cover was TLS and SSL so we'll cover them now so TLS transport

we'll cover them now so TLS transport layer security is an encryption protocol

layer security is an encryption protocol for data Integrity between two or more

for data Integrity between two or more commun communicating computer

commun communicating computer application so 1.0 and 1.1 are no longer

application so 1.0 and 1.1 are no longer used but TLS 1.2 and 1.3 is the current

used but TLS 1.2 and 1.3 is the current best practice then we have SSL secure

best practice then we have SSL secure socket layers so an encrypted protocol

socket layers so an encrypted protocol for data Integrity between two or more

for data Integrity between two or more communicating uh computer application so

communicating uh computer application so 1.0 2.0 and 3.0 are deprecated um and

1.0 2.0 and 3.0 are deprecated um and honestly I always get these two mixed up

honestly I always get these two mixed up and I always fig fig uh uh get confused

and I always fig fig uh uh get confused which is being used but um you know

which is being used but um you know they're always changing on us but just

they're always changing on us but just understand generally what these concepts

understand generally what these concepts are and that you're familiar with the

are and that you're familiar with the terms

terms [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at common

Pro and we are taking a look at common compliance programs so these are a set

compliance programs so these are a set of internal policies and procedures for

of internal policies and procedures for a company to comply with laws rules and

a company to comply with laws rules and regulations or to uphold business

regulations or to uphold business reputation so here we have a bunch of

reputation so here we have a bunch of different compliance programs and so

different compliance programs and so some popular ones are like Hippa or um

some popular ones are like Hippa or um PCI CSS the question is should you know

PCI CSS the question is should you know these yes you should generally know the

these yes you should generally know the most popular ones because you're going

most popular ones because you're going to see them throughout your Cloud career

to see them throughout your Cloud career um and so just getting familiar now is a

um and so just getting familiar now is a good time uh so let's jump into it okay

good time uh so let's jump into it okay so the first one I want to introduce you

so the first one I want to introduce you to is for I ISO and they have a bunch of

to is for I ISO and they have a bunch of different ones so ISO is the

different ones so ISO is the international organization of

international organization of standardization and there other one

standardization and there other one called IEC which is the international

called IEC which is the international electr technical commission One deals

electr technical commission One deals with uh you know like uh virtual things

with uh you know like uh virtual things the other one deals with Hardware things

the other one deals with Hardware things but they have a lot of overlapping um

but they have a lot of overlapping um compliance programs okay and so the most

compliance programs okay and so the most popular absolutely most popular one that

popular absolutely most popular one that I know of is the 27100 I know a lot of

I know of is the 27100 I know a lot of organizations that are going for their

organizations that are going for their 271 this is for control implementation

271 this is for control implementation guidance you have the

guidance you have the 2707 this is enhanced focus on cloud

2707 this is enhanced focus on cloud security the 27018 this is protection of

security the 27018 this is protection of personal data in the cloud then you have

personal data in the cloud then you have the 2771 this is Privacy Information

the 2771 this is Privacy Information Management System so framework this

Management System so framework this outlines controls and processes to

outlines controls and processes to manage data privacy and protect piis so

manage data privacy and protect piis so that's personally identifi information

that's personally identifi information then you have system and organization

then you have system and organization control sock and this is a very popular

control sock and this is a very popular thing that organizations go for

thing that organizations go for especially the sock two so sock one is

especially the sock two so sock one is 18 standards and report on the

18 standards and report on the effectiveness of internal controls at

effectiveness of internal controls at the service organization relevant to the

the service organization relevant to the client's internal control over financial

client's internal control over financial reporting we have sock 2 evaluates

reporting we have sock 2 evaluates internal controls policies and

internal controls policies and procedures that directly relate to the

procedures that directly relate to the security of the system at a organization

security of the system at a organization and sock three a report based on the

and sock three a report based on the trust uh service Services criteria that

trust uh service Services criteria that can be freely

can be freely distributed then we have PCI DSS a set

distributed then we have PCI DSS a set of security standards designed to ensure

of security standards designed to ensure that all companies that accept process

that all companies that accept process store and transmit credit card

store and transmit credit card information maintains in a secure

information maintains in a secure environment we have a federal

environment we have a federal information procedure standards or fips

information procedure standards or fips so 140 hyphen 2 This Is Us and Canadian

so 140 hyphen 2 This Is Us and Canadian government standard that specifies the

government standard that specifies the security requirements for cryptographic

security requirements for cryptographic modules that protect sensitive

modules that protect sensitive information then we have uh phipa this

information then we have uh phipa this is more relevant to me because I'm

is more relevant to me because I'm actually in onario in Canada but it's

actually in onario in Canada but it's also very uh wellknown um uh one out

also very uh wellknown um uh one out there outside of HIPPA so this regulates

there outside of HIPPA so this regulates patient protected health information

patient protected health information then you actually have Hippa this is the

then you actually have Hippa this is the US federal law that regulates patient

US federal law that regulates patient procedure health information then we

procedure health information then we have uh Cloud security Alliance so CSA

have uh Cloud security Alliance so CSA star certification independent

star certification independent third-party assessment

third-party assessment of a cloud provider security posture if

of a cloud provider security posture if you've never heard of CSA they have a

you've never heard of CSA they have a very well-known fundamental uh security

very well-known fundamental uh security certification called the cssk or ccsk I

certification called the cssk or ccsk I always get that mixed up then we have uh

always get that mixed up then we have uh fed ramp which we covered earlier in

fed ramp which we covered earlier in this course or in the future depending

this course or in the future depending on where we put it but um fed ramp

on where we put it but um fed ramp stands for federal risk and

stands for federal risk and authorization Management program it's a

authorization Management program it's a US Government standardization approach

US Government standardization approach to security authorizations for cloud

to security authorizations for cloud service offerings if you want to work

service offerings if you want to work with the US government or places that

with the US government or places that sell the US government need fed ramp

sell the US government need fed ramp that similar to criminal justice

that similar to criminal justice Information Services any US state or

Information Services any US state or local agency that wants to access the

local agency that wants to access the FBI's cgis database is required to

FBI's cgis database is required to adhere to the cgis security policy then

adhere to the cgis security policy then we have gdpr uh the general data

we have gdpr uh the general data protection regulation everyone knows

protection regulation everyone knows what this is in Europe maybe not so much

what this is in Europe maybe not so much in North America or other places a

in North America or other places a European Privacy Law imposes new rules

European Privacy Law imposes new rules on companies governments agencies

on companies governments agencies nonprofits and other organizations that

nonprofits and other organizations that offer goods and services to people

offer goods and services to people people in the European Union or that

people in the European Union or that collect analyze data try tied to eu's

collect analyze data try tied to eu's Residents there's a lot of compliance

Residents there's a lot of compliance programs out there one that's also very

programs out there one that's also very popular is fips but we'll get to that

popular is fips but we'll get to that when we talk about KMS um but yeah uh

when we talk about KMS um but yeah uh there you

there you [Music]

[Music] go so I just wanted to quickly show you

go so I just wanted to quickly show you here the Adis compliance programs page

here the Adis compliance programs page where they list out all the types of

where they list out all the types of compliance programs that ad us is uh

compliance programs that ad us is uh working with and that it has different

working with and that it has different types of certification and attestment

types of certification and attestment which we can use itus artifact or Amazon

which we can use itus artifact or Amazon artifact whichever prefix they decide to

artifact whichever prefix they decide to use for the name there um to uh ensure

use for the name there um to uh ensure that itus has in order to meet those

that itus has in order to meet those Regulatory Compliance you can see them

Regulatory Compliance you can see them all there and if you want to know a

all there and if you want to know a little bit more about any of these you

little bit more about any of these you just go ahead and click them and you can

just go ahead and click them and you can read and they have additional

read and they have additional information so you have a better idea

[Music] okay let's talk about pen testing so pen

okay let's talk about pen testing so pen testing is an authorized simulated Cyber

testing is an authorized simulated Cyber attack on a computer system performed to

attack on a computer system performed to evaluate the security of the system and

evaluate the security of the system and on AWS you are allowed to perform uh pen

on AWS you are allowed to perform uh pen testing but um there are some

testing but um there are some restrictions so permitted services or

restrictions so permitted services or ec2 instances Knack gateways elbs RDS so

ec2 instances Knack gateways elbs RDS so that's um relational database service

that's um relational database service cloudfront Aurora API gateways Lambda

cloudfront Aurora API gateways Lambda Lambda Edge functions light cell

Lambda Edge functions light cell resources elastic beanock environments

resources elastic beanock environments things you cannot do or you should not

things you cannot do or you should not be doing is DNS Zone walking via row 53

be doing is DNS Zone walking via row 53 hosted zones then there's dos simulation

hosted zones then there's dos simulation testing so you should not be doing do or

testing so you should not be doing do or Doss do doses or simulated Doss or

Doss do doses or simulated Doss or simulated dos is okay and that doesn't

simulated dos is okay and that doesn't mean that you can't necessarily do them

mean that you can't necessarily do them uh again there's a lot of exceptions to

uh again there's a lot of exceptions to the pen testing they have a whole page

the pen testing they have a whole page on this but generally you're not allowed

on this but generally you're not allowed to do dsing uh Port flooding protocol

to do dsing uh Port flooding protocol flooding request flooding can't do any

flooding request flooding can't do any of those things for other simulated

of those things for other simulated events you need to submit a request to

events you need to submit a request to ads a reply could take up to 7 days uh

ads a reply could take up to 7 days uh you know again there's a lot of uh

you know again there's a lot of uh little intricacies here so you'd have to

little intricacies here so you'd have to really read up on it if you're

really read up on it if you're interested in doing this

interested in doing this [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at pen

Pro and we are taking a look at pen testing on the adus platform so they

testing on the adus platform so they have this page here that tells you what

have this page here that tells you what you're allowed to do what you're not

you're allowed to do what you're not allowed to do um and there's some

allowed to do um and there's some additional things you can read into like

additional things you can read into like the stress test policy the Dos simulate

the stress test policy the Dos simulate simulation testing policy which I didn't

simulation testing policy which I didn't cover in detail uh in the course content

cover in detail uh in the course content but for whatever reason you're

but for whatever reason you're interested in it I just want you to be

interested in it I just want you to be aware of that kind of stuff if you want

aware of that kind of stuff if you want to simulate events there is a simulate

to simulate events there is a simulate event form that you have to fill out so

event form that you have to fill out so you open it up and you can kind of read

you open it up and you can kind of read about it and it gives it us a heads up

about it and it gives it us a heads up of what you're going to be doing stress

of what you're going to be doing stress test fishing malware analysis other so

test fishing malware analysis other so that way that if you are doing it you're

that way that if you are doing it you're not going to get in trouble they're

not going to get in trouble they're aware of what you are doing okay so

aware of what you are doing okay so that's pretty much

that's pretty much [Music]

[Music] it hey this is Brown from exam Pro and

it hey this is Brown from exam Pro and we are taking a look at itus artifact

we are taking a look at itus artifact which is a selfs serve portal for on

which is a selfs serve portal for on demand access to ibus compliance reports

demand access to ibus compliance reports so here's an example of a a bunch of

so here's an example of a a bunch of different compliance reports that adus

different compliance reports that adus could be meeting and the idea is that

could be meeting and the idea is that when you go to this portal within the

when you go to this portal within the adus management conso you'll have a huge

adus management conso you'll have a huge list of reports that you can go and

list of reports that you can go and access so here I'm searching for Canada

access so here I'm searching for Canada to get the government of Canada partner

to get the government of Canada partner package and then I go ahead and I

package and then I go ahead and I download that report as a PDF and then

download that report as a PDF and then within the PDF we can click a link to

within the PDF we can click a link to get the downloadable Excel and that's

get the downloadable Excel and that's pretty much what it is it's just if you

pretty much what it is it's just if you want to see that adus is being compliant

want to see that adus is being compliant for different

for different [Music]

[Music] programs hey this is Andrew Brown from

programs hey this is Andrew Brown from exam Pro and we're going to take a look

exam Pro and we're going to take a look at adus artifact so in the top here

at adus artifact so in the top here we're going to type in

we're going to type in artifact and not be confused with code

artifact and not be confused with code artifact which I guess is a new service

artifact which I guess is a new service there's just always releasing new

there's just always releasing new Services a and so here we have a video

Services a and so here we have a video and some things but uh it's not too hard

and some things but uh it's not too hard all we got to do is go to view reports

all we got to do is go to view reports and from here we have all the types of

and from here we have all the types of compliance programs or Regulatory

compliance programs or Regulatory Compliance programs that ad is uh

Compliance programs that ad is uh meeting and we can do is search for

meeting and we can do is search for something so we type in Canada and

something so we type in Canada and that's the government of Canada partner

that's the government of Canada partner package and I can go ahead and download

package and I can go ahead and download that report so when you download it you

that report so when you download it you really want to open this up

really want to open this up in um you're going to really want to

in um you're going to really want to open this up in um Adobe Acrobat because

open this up in um Adobe Acrobat because if you don't open it up in Adobe acrobat

if you don't open it up in Adobe acrobat you're not going to be able to access

you're not going to be able to access the

downloadblack reader and once you have it open and I'm just moving it over here

it open and I'm just moving it over here this is what you're going to see and um

this is what you're going to see and um it's going to say like hey um oops no I

it's going to say like hey um oops no I don't want to do that so please scroll

don't want to do that so please scroll to the next page to view the artifact

to the next page to view the artifact download and so I think that if we go

download and so I think that if we go here you know they say scroll to the

here you know they say scroll to the next page page but I'm pretty sure we

next page page but I'm pretty sure we can just go here on the left hand side

can just go here on the left hand side and this is what we're looking for that

and this is what we're looking for that Excel spreadsheet so we're going to save

Excel spreadsheet so we're going to save that

that attachment or actually we just going to

attachment or actually we just going to open it

open it up open this

up open this file okay and we'll give it a moment I

file okay and we'll give it a moment I have Excel

have Excel installed and there we

installed and there we go there it is okay so I know it's a

go there it is okay so I know it's a little bit odd way to get to those um uh

little bit odd way to get to those um uh certificates or reports but that's just

certificates or reports but that's just how it works um but yeah I mean that's

how it works um but yeah I mean that's the idea is like if you need to prove

the idea is like if you need to prove that ads is meeting whatever those

that ads is meeting whatever those standards are you can just type them in

standards are you can just type them in whatever it is I like maybe there like

whatever it is I like maybe there like fed ramp right whatever it is and

fed ramp right whatever it is and download those certificate attestment

download those certificate attestment whatever um and just double check that

whatever um and just double check that ads is Meeting those standards

ads is Meeting those standards [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at AIS

Pro and we are taking a look at AIS inspector but before we can answer what

inspector but before we can answer what it does let's talk about hardening so

it does let's talk about hardening so hardening is the act of eliminating as

hardening is the act of eliminating as many security risk risks as possible

many security risk risks as possible hardening is common for virtual machines

hardening is common for virtual machines where you run a collection of C Security

where you run a collection of C Security checks known as a security Benchmark so

checks known as a security Benchmark so adus inspector runs a security Benchmark

adus inspector runs a security Benchmark against specific ec2 instances and you

against specific ec2 instances and you can run a variety of security benchmarks

can run a variety of security benchmarks and you can perform Network and host

and you can perform Network and host assessments and so here's an example of

assessments and so here's an example of those two check boxes there which you'd

those two check boxes there which you'd say which assessments you want to do so

say which assessments you want to do so the idea is you have to install the edus

the idea is you have to install the edus agent on your ec2 instance you run an

agent on your ec2 instance you run an assessment for your assessment Target

assessment for your assessment Target you review your findings and remediate

you review your findings and remediate secur issues and one very popular

secur issues and one very popular Benchmark you can run is the CIS which

Benchmark you can run is the CIS which has 699 checks so if you don't know what

has 699 checks so if you don't know what CIS it stands for the center of Internet

CIS it stands for the center of Internet Security uh and so they are this

Security uh and so they are this organization that has a bunch of um uh

organization that has a bunch of um uh security controls or check marks uh that

security controls or check marks uh that are published that they suggest that you

are published that they suggest that you should check on your

should check on your [Music]

[Music] machine hey this is Andrew Brown from

machine hey this is Andrew Brown from exam Pro and we're looking at dos so

exam Pro and we're looking at dos so dods is a type of ious attack to disrupt

dods is a type of ious attack to disrupt normal traffic by flooding a website

normal traffic by flooding a website with a large amount of fake traffic so

with a large amount of fake traffic so the idea is we have an attacker and the

the idea is we have an attacker and the victim the victim is us and it could be

victim the victim is us and it could be our virtual machines our cloud services

our virtual machines our cloud services the idea is that it's some kind of uh

the idea is that it's some kind of uh resource which um can take in uh

resource which um can take in uh incoming requests over the Internet so

incoming requests over the Internet so the idea is the attacker is utilizing

the idea is the attacker is utilizing the internet and so they may control a

the internet and so they may control a bunch of uh virtual machines or servers

bunch of uh virtual machines or servers that're loaded up with malicious

that're loaded up with malicious software and the idea is that the

software and the idea is that the attacker is going to tell them all to

attacker is going to tell them all to send a flood of traffic over the

send a flood of traffic over the Internet uh at your uh Computing

Internet uh at your uh Computing resource and uh this is where your

resource and uh this is where your website is going to either start to

website is going to either start to stall or it's going to become

stall or it's going to become unavailable for your users and so the

unavailable for your users and so the idea here is that you know if you want

idea here is that you know if you want to protect against dos you need some

to protect against dos you need some kind of Dos protection traditionally

kind of Dos protection traditionally those used to be like third party

those used to be like third party services that you uh would have to pay

services that you uh would have to pay for and and it would sit in front of uh

for and and it would sit in front of uh your load balcer or your uh n server but

your load balcer or your uh n server but now the great thing with cloud service

now the great thing with cloud service providers is that generally their

providers is that generally their networks have built in DOS protection so

networks have built in DOS protection so the idea is just by having your compute

the idea is just by having your compute or your resources on AWS you're going to

or your resources on AWS you're going to get uh built-in protection for free via

get uh built-in protection for free via aw shield and we'll talk about that

aw shield and we'll talk about that [Music]

[Music] next hey this is Andrew Brown from exam

next hey this is Andrew Brown from exam Pro and we are taking a look at it

Pro and we are taking a look at it Shield which is a managed dos Protection

Shield which is a managed dos Protection Service that safeguards applications

Service that safeguards applications running on ad

running on ad so when you route your traffic through

so when you route your traffic through R3 or cloudfront you are using a shield

R3 or cloudfront you are using a shield standard so here's a diagram to kind of

standard so here's a diagram to kind of show you that it's not just those

show you that it's not just those services but these are the most common

services but these are the most common ones where you'll have a point of entry

ones where you'll have a point of entry into AWS so here we could also be

into AWS so here we could also be including elastic IP Aus Global

including elastic IP Aus Global accelerator but the idea is that when

accelerator but the idea is that when you uh go through these Services into

you uh go through these Services into the Aus Network it has Shield built in

the Aus Network it has Shield built in and so you're going to get that

and so you're going to get that protection before those uh before that

protection before those uh before that traffic reaches your uh cloud service

traffic reaches your uh cloud service and in this case we're showing ec2

and in this case we're showing ec2 instances so Shield protects against

instances so Shield protects against layers three four and seven attacks uh

layers three four and seven attacks uh layer 3 four and 7even is based off the

layer 3 four and 7even is based off the OSI model which is a um a fundamental

OSI model which is a um a fundamental networking concept so seven is for the

networking concept so seven is for the application layer four is the transport

application layer four is the transport Layer Three is the network layer um

Layer Three is the network layer um there are two different types of plans

there are two different types of plans for a shield we have Shield standard

for a shield we have Shield standard which is free and then Shield Advance

which is free and then Shield Advance which starts at 3,000 USD per year plus

which starts at 3,000 USD per year plus some additional uh costs based on usage

some additional uh costs based on usage of the size of the tack or what services

of the size of the tack or what services you're using how much traffic is moving

you're using how much traffic is moving in and out so protection against the

in and out so protection against the most common dos attacks is what Shield

most common dos attacks is what Shield standard does uh you have access to

standard does uh you have access to tools and best practices to build dos

tools and best practices to build dos Brazilian architecture it's

Brazilian architecture it's automatically available on all aable

automatically available on all aable services for additional protection

services for additional protection against larger and more sophisticated

against larger and more sophisticated attacks that's where Shield Advance

attacks that's where Shield Advance comes into play it's available for

comes into play it's available for specific a

specific a services so R 53 cloudfront elb Aus

services so R 53 cloudfront elb Aus Global accelerator elastic IP uh and

Global accelerator elastic IP uh and some notable features here is visibility

some notable features here is visibility reporting on layer 3 4 and 7even you're

reporting on layer 3 4 and 7even you're only going to get seven if you are using

only going to get seven if you are using awaf with it uh you have access to team

awaf with it uh you have access to team and support so these are DOs experts but

and support so these are DOs experts but you're only going to get it if you're

you're only going to get it if you're paying for business or Enterprise

paying for business or Enterprise support as you're paying for this as

support as you're paying for this as well uh you also get dos cost protection

well uh you also get dos cost protection just ensure that you know your bills

just ensure that you know your bills don't go crazy

don't go crazy uh and it comes with an SLA so you have

uh and it comes with an SLA so you have a guarantee that it's going to work both

a guarantee that it's going to work both plants integrate with itless web

plants integrate with itless web application uh firewall so Waf to give

application uh firewall so Waf to give you that layer 7even application

you that layer 7even application protection so understand that if you're

protection so understand that if you're not using Waf you're not going to be

not using Waf you're not going to be having that layer 7even production

having that layer 7even production [Music]

[Music] okay hey this is Andre Brown from exam

okay hey this is Andre Brown from exam Pro and we are looking at Amazon guard

Pro and we are looking at Amazon guard Duty so before we look at that we need

Duty so before we look at that we need to understand what is an IDs IPS so an

to understand what is an IDs IPS so an intrusion detection system and intrusion

intrusion detection system and intrusion protection system is used as a device or

protection system is used as a device or software application that monitors and

software application that monitors and network or systems for malicious

network or systems for malicious activity or policy violations so guard

activity or policy violations so guard duty is a threat detection service which

duty is a threat detection service which is IDs IPS that continuously monitors

is IDs IPS that continuously monitors for malicious and suspicious activity

for malicious and suspicious activity and unauthorized Behavior it uses

and unauthorized Behavior it uses machine learning to analyze the

machine learning to analyze the following itus logs your cloud trail

following itus logs your cloud trail logs your VPC flow logs your DN logs and

logs your VPC flow logs your DN logs and what it will do is report back to you

what it will do is report back to you and say hey um there's this issue here

and say hey um there's this issue here and this is actually one that's very

and this is actually one that's very easy to replicate it's just saying

easy to replicate it's just saying somebody is using the root credentials

somebody is using the root credentials and it's suggesting that you should not

and it's suggesting that you should not be doing that right because you're never

be doing that right because you're never supposed to be uh invoking API calls

supposed to be uh invoking API calls with the root credentials or you should

with the root credentials or you should be limiting that you'll might also

be limiting that you'll might also notice that if you want to investigate

notice that if you want to investigate you can kind of follow up that with uh

you can kind of follow up that with uh Amazon detective or adus detective

Amazon detective or adus detective whichever uh prefix they decided to put

whichever uh prefix they decided to put on that service it will alert you of

on that service it will alert you of findings which you can automate an

findings which you can automate an incident uh response via cloudwatch

incident uh response via cloudwatch events which this uh it's been renamed

events which this uh it's been renamed to event Bridge so you know or third

to event Bridge so you know or third party services so you can follow up a

party services so you can follow up a remediation action um and here is a

remediation action um and here is a graphic of Amazon guard Duty just a bit

graphic of Amazon guard Duty just a bit up closer so you can see all the

up closer so you can see all the findings and you can just see you have a

findings and you can just see you have a lot of detailed information there

lot of detailed information there [Music]

[Music] okay hey this is Brown from exam Pro and

okay hey this is Brown from exam Pro and we're going to take a look at guard Duty

we're going to take a look at guard Duty so guard duty is um an intrusion

so guard duty is um an intrusion protection and detection uh service and

protection and detection uh service and so what I've done is I've um I've done

so what I've done is I've um I've done some bad practices purposely so that I

some bad practices purposely so that I can show you um some information in

can show you um some information in there so I'm going to go over to guard

there so I'm going to go over to guard Duty okay and you do have to turn guard

Duty okay and you do have to turn guard Duty on and so once guard duty is on

Duty on and so once guard duty is on you're going to start getting reports

you're going to start getting reports coming in so notice here that we have

coming in so notice here that we have some anomalous Behavior 8 days ago and

some anomalous Behavior 8 days ago and so uh that's B he's uh my co-founder

so uh that's B he's uh my co-founder he's also named as well and so we can

he's also named as well and so we can kind of see some details here about

kind of see some details here about who's accessing what and what they were

who's accessing what and what they were doing he's not doing anything malicious

doing he's not doing anything malicious but we can have an idea where they're

but we can have an idea where they're from even shows generally where he is

from even shows generally where he is which he is near Thunder Bay and his his

which he is near Thunder Bay and his his provider would be

provider would be TB um and you can see that he is making

TB um and you can see that he is making uh API calls to describe account

uh API calls to describe account attributes and things like that then the

attributes and things like that then the other issue is the root account so

other issue is the root account so there's MFA I turned it off so that we

there's MFA I turned it off so that we can or maybe this just usage here I

can or maybe this just usage here I actually do have it turned on I suppose

actually do have it turned on I suppose here we see root credential usage and so

here we see root credential usage and so it's saying hey you used it 77 times

it's saying hey you used it 77 times because sometimes I go in and and use uh

because sometimes I go in and and use uh the Roo account for tutorials but saying

the Roo account for tutorials but saying you're using this way too much you got

you're using this way too much you got to stop doing that okay so that's

to stop doing that okay so that's something that is uh pretty interesting

something that is uh pretty interesting with guard Duty um and it's really cost

with guard Duty um and it's really cost effective and easy to turn on so you can

effective and easy to turn on so you can turn it on looks like they have a new

turn it on looks like they have a new thing for S3 um have not looked at that

thing for S3 um have not looked at that as of yet but that's kind of cool kind

as of yet but that's kind of cool kind of feels like that would overlap with uh

of feels like that would overlap with uh Amazon Macy but whatever and here we get

Amazon Macy but whatever and here we get a breakdown of cost so we see cloud

a breakdown of cost so we see cloud trail VPC FL logs DS logs and this is

trail VPC FL logs DS logs and this is where it would be ingesting data if you

where it would be ingesting data if you want to use that S3 protection you'd

want to use that S3 protection you'd have to probably be turning or creating

have to probably be turning or creating a custom Cloud watch trail that has data

a custom Cloud watch trail that has data events to consume that information um

events to consume that information um you know so you know hopefully that

you know so you know hopefully that gives you kind of an idea of things you

gives you kind of an idea of things you can do and you can also centralize guard

can do and you can also centralize guard Duty uh into one account so you can have

Duty uh into one account so you can have one thing that takes care of everything

one thing that takes care of everything and and move all the data across all

and and move all the data across all your accounts into a single place so

your accounts into a single place so that's kind of interesting and you can

that's kind of interesting and you can set up follow followups um and it's

set up follow followups um and it's possible that uh I not seeing this this

possible that uh I not seeing this this here but generally it would show

here but generally it would show you uh it would show you a way of like

you uh it would show you a way of like triggering into Cloud watch probably you

triggering into Cloud watch probably you could do it pragmatically this is

could do it pragmatically this is something interesting like the list

something interesting like the list management you can add trusted IPS or

management you can add trusted IPS or threat list so if there's people that

threat list so if there's people that you know are fine you can just Whit list

you know are fine you can just Whit list them or if there's people that you know

them or if there's people that you know that are bad make sure that they are

that are bad make sure that they are never allowed to get through so that's

never allowed to get through so that's pretty much it with guard Duty okay

let's take a look here at Amazon Macy so Macy is a fully managed service that

Macy is a fully managed service that continuously monitors S3 data access

continuously monitors S3 data access activity for anomalies and generates

activity for anomalies and generates detailed alerts when it detects risks of

detailed alerts when it detects risks of unauthorized access or inav virgent data

unauthorized access or inav virgent data leaks so Macy works by using machine

leaks so Macy works by using machine learning to analyze your cloud trail

learning to analyze your cloud trail logs and Macy has a variety of alerts so

logs and Macy has a variety of alerts so we have anomaly access config compliance

we have anomaly access config compliance credential loss data compliance file

credential loss data compliance file hosting identity numeration information

hosting identity numeration information loss um location anomaly open

loss um location anomaly open permissions privilege escalation

permissions privilege escalation ransomware service disruption suspicious

ransomware service disruption suspicious access and mayy will identify your most

access and mayy will identify your most at risk users which could lead to

at risk users which could lead to compromise so here's just one little

compromise so here's just one little kind of uh tidbit from the um app itself

kind of uh tidbit from the um app itself where you have the total users and they

where you have the total users and they categorize them into different uh risks

categorize them into different uh risks I can't remember which flag means what

I can't remember which flag means what in here uh Amazon Macy is an okay

in here uh Amazon Macy is an okay Service uh it's it's very important if

Service uh it's it's very important if you're storing things in

you're storing things in S3 but uh I don't I don't use it very

S3 but uh I don't I don't use it very often to be

often to be [Music]

[Music] honest hey this is Andie Brown from exam

honest hey this is Andie Brown from exam Pro and we are taking a look at adus

Pro and we are taking a look at adus virtual private Network also known as

virtual private Network also known as VPN so itus VPN lets you establish a

VPN so itus VPN lets you establish a secure and private tunnel from your

secure and private tunnel from your network or device to the idus global

network or device to the idus global Network it's very important to emphasize

Network it's very important to emphasize the word secure here uh because when

the word secure here uh because when you're using Direct Connect that will

you're using Direct Connect that will will establish a private connection but

will establish a private connection but it's not using any kind of protocol to

it's not using any kind of protocol to secure that data in transit whereas a

secure that data in transit whereas a VPN will be using a secure protocol

VPN will be using a secure protocol there are two options here we have adus

there are two options here we have adus site tosite VPN so securely connect on

site tosite VPN so securely connect on premise Network or branch office site to

premise Network or branch office site to VPC and adabs client VPN that securely

VPC and adabs client VPN that securely connect users to adabs or on premises

connect users to adabs or on premises networks one thing that we need to

networks one thing that we need to understand alongside VPN is IPC this

understand alongside VPN is IPC this stands for Internet Protocol security

stands for Internet Protocol security and is a secure network protocol Suite

and is a secure network protocol Suite that authenticates and encrypts the

that authenticates and encrypts the packets of data to provide secure

packets of data to provide secure encrypted communication between two

encrypted communication between two computers over an Internet Protocol

computers over an Internet Protocol Network and it is used in vpns and Abus

Network and it is used in vpns and Abus definitely uses it

definitely uses it [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at Abus web

Pro and we are taking a look at Abus web application firewall also known as WF

application firewall also known as WF which protects you uh protects your web

which protects you uh protects your web application from common web exploits so

application from common web exploits so the idea here is you write your own

the idea here is you write your own rules to allow or deny traffic based on

rules to allow or deny traffic based on the contents of an HTP requests you use

the contents of an HTP requests you use a rule set from a trusted adus security

a rule set from a trusted adus security partner in the adus Waf rule Marketplace

partner in the adus Waf rule Marketplace Waf can be attached to either cloudfront

Waf can be attached to either cloudfront or an application load balancer so here

or an application load balancer so here is that diagram the idea is you see

is that diagram the idea is you see cloudfront with the WAFF or ALB with the

cloudfront with the WAFF or ALB with the w and what it does is it can protect uh

w and what it does is it can protect uh web applications from attacks covered

web applications from attacks covered and the OAS 10 uh top 10 most dangerous

and the OAS 10 uh top 10 most dangerous attacks if you don't know OAS they're

attacks if you don't know OAS they're the open web application security

the open web application security project and they basically have all

project and they basically have all these uh security projects which are

these uh security projects which are things to say hey these are things that

things to say hey these are things that you should commonly protect against or

you should commonly protect against or they might have like example

they might have like example applications that uh serve as a means to

applications that uh serve as a means to learn security so when we look at the

learn security so when we look at the top 10 it's injection broken

top 10 it's injection broken authentication sensitive data exposure

authentication sensitive data exposure XML external entities so xxe broken

XML external entities so xxe broken Access Control security

Access Control security misconfigurations cross-site scripting

misconfigurations cross-site scripting so xss uh insecure deserialization using

so xss uh insecure deserialization using components with known vulnerabilities

components with known vulnerabilities and insufficient logging and monitoring

and insufficient logging and monitoring so there you

so there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are going to take a quick

Pro and we are going to take a quick look at adus web application firewall

look at adus web application firewall also known as Waf and so um in this

also known as Waf and so um in this account I have to have a Waf running uh

account I have to have a Waf running uh so we don't have to create one uh we

so we don't have to create one uh we already have something we can take a

already have something we can take a look here so I'm going to go to Waf and

look here so I'm going to go to Waf and shield and then on the left hand side

shield and then on the left hand side you'll Noti this is a global Service but

you'll Noti this is a global Service but on the leand side we're going to be

on the leand side we're going to be looking for our web acl's and so the

looking for our web acl's and so the idea is that when you want a w you

idea is that when you want a w you create a web ACL and then within within

create a web ACL and then within within that web ACL you have uh the overview

that web ACL you have uh the overview and then you have you can kind of show

and then you have you can kind of show you kind of the traffic that's going on

you kind of the traffic that's going on here we can have our rules and so um

here we can have our rules and so um there's a lot of different kind of

there's a lot of different kind of manage rule groups that you can use so

manage rule groups that you can use so these are ones that are provided by AWS

these are ones that are provided by AWS so and a lot of these some of these can

so and a lot of these some of these can be paid some of these are free so you

be paid some of these are free so you see there's these free rule groups where

see there's these free rule groups where you're like hey I don't want any

you're like hey I don't want any anomymous IPS you checkbox that on you

anomymous IPS you checkbox that on you know or I want to protect against SQL

know or I want to protect against SQL injection now the interesting thing is

injection now the interesting thing is that abis has this capacity in it so um

that abis has this capacity in it so um you can't add all of these you can add a

you can't add all of these you can add a certain amount of capacity before you

certain amount of capacity before you have to um um uh pay for more or

have to um um uh pay for more or something like that it's just kind of a

something like that it's just kind of a way to um uh kind of cap the amount of

way to um uh kind of cap the amount of stuff that you can put in in terms of

stuff that you can put in in terms of rules um but there's a lot of other um

rules um but there's a lot of other um rule groups from third party services

rule groups from third party services like security companies that know what

like security companies that know what they're doing so if you like Fort Net's

they're doing so if you like Fort Net's OS top 10 you can uh subscribe to that

OS top 10 you can uh subscribe to that in the marketplace and be able to use it

in the marketplace and be able to use it but uh yeah so that's how you apply

but uh yeah so that's how you apply rules there's something called bot

rules there's something called bot control I've never used this before get

control I've never used this before get real-time visibility into bot AC on your

real-time visibility into bot AC on your resource and controllers what Bots allow

resource and controllers what Bots allow and block from your resources that

and block from your resources that sounds really cool I cannot stand bots

sounds really cool I cannot stand bots so I might turn that on myself or take a

so I might turn that on myself or take a look at the cost there and see what we

look at the cost there and see what we can find out but that's pretty much it

can find out but that's pretty much it with Waf um one thing I would say is

with Waf um one thing I would say is that you can block out specific IP

that you can block out specific IP addresses or whitel list specific IP

addresses or whitel list specific IP addresses and you might do that through

addresses and you might do that through rules I'm just going to see yeah like

rules I'm just going to see yeah like maybe the bypass here and so these IP

maybe the bypass here and so these IP addresses are some of our um uh Cloud

addresses are some of our um uh Cloud support Engineers where they're using

support Engineers where they're using our admid panel and um uh WF is being

our admid panel and um uh WF is being too aggressive in terms of protection

too aggressive in terms of protection and so sometimes you have to uh say hey

and so sometimes you have to uh say hey allow this IP address and let my um you

allow this IP address and let my um you know let my cloud support engineer be

know let my cloud support engineer be able to use the mid panel because

able to use the mid panel because they're not malicious okay so that's one

they're not malicious okay so that's one little exception there but that's pretty

little exception there but that's pretty much it okay

[Music] hey this is Andrew Brown from exam Pro

hey this is Andrew Brown from exam Pro and we are taking a look at Hardware

and we are taking a look at Hardware security modules also known as HSM and

security modules also known as HSM and it's a piece of Hardware designed to

it's a piece of Hardware designed to store encryption keys and it holds keys

store encryption keys and it holds keys in memory and never writes on the disk

in memory and never writes on the disk so the idea is that if the HSM was shut

so the idea is that if the HSM was shut down uh that key would be gone and that

down uh that key would be gone and that would be a guarantee of protection

would be a guarantee of protection because nobody could you know take the

because nobody could you know take the drive and steal it so here is an example

drive and steal it so here is an example of an HSM uh these are extremely

of an HSM uh these are extremely expensive so you definitely don't want

expensive so you definitely don't want to have to buy them yourselves uh they

to have to buy them yourselves uh they generally follow fips so fips is the

generally follow fips so fips is the federal information processing standard

federal information processing standard so it's a us and Canadian government

so it's a us and Canadian government standard that specifies the security

standard that specifies the security requirements for cryptographic modules

requirements for cryptographic modules that protect sensitive information fips

that protect sensitive information fips is something you want to definitely

is something you want to definitely remember um and there are two different

remember um and there are two different um uh protocols here there's actually a

um uh protocols here there's actually a bunch of different uh fips versions but

bunch of different uh fips versions but we have fips 142 level two and then fips

we have fips 142 level two and then fips 143 level 3 so let's talk about the

143 level 3 so let's talk about the difference here so hsms that are

difference here so hsms that are multi-tenant are going to be using fips

multi-tenant are going to be using fips 142 hyphen 2 level two compliant where

142 hyphen 2 level two compliant where you have multiple customers virtually

you have multiple customers virtually isolated on the

isolated on the HSM and then there are hsms that are

HSM and then there are hsms that are single tenant and so they're going to be

single tenant and so they're going to be utilizing fips 140 hyphen 2 level three

utilizing fips 140 hyphen 2 level three compliant so a single customer on a

compliant so a single customer on a dedicated

dedicated HSM and so the reason why we have these

HSM and so the reason why we have these two levels is that when you have

two levels is that when you have multiple tenants you can say oh right

multiple tenants you can say oh right this thing is uh has temper evidence so

this thing is uh has temper evidence so we can see that somebody was trying to

we can see that somebody was trying to break into it but there's no guarantee

break into it but there's no guarantee of uh T it being tamper proof where

of uh T it being tamper proof where level three is tamper proof there's also

level three is tamper proof there's also uh fips 140 hyphen 3 which is the new uh

uh fips 140 hyphen 3 which is the new uh the newer um standard but not all uh

the newer um standard but not all uh Cloud resources uh can meet that

Cloud resources uh can meet that standard just because of how they offer

standard just because of how they offer the service uh so again fips 142 is

the service uh so again fips 142 is really good but just understand that

really good but just understand that there are other ones out there and it's

there are other ones out there and it's very easy to get fips 1402 level three

very easy to get fips 1402 level three mixed up with fips 140 hyphen 3

mixed up with fips 140 hyphen 3 something that I always had um a hard

something that I always had um a hard time uh remembering the distinguishing

time uh remembering the distinguishing between those two so for multi-tenant

between those two so for multi-tenant this is where we're using ads Key

this is where we're using ads Key Management Service and for single tenant

Management Service and for single tenant we're using adus Cloud HSM and the only

we're using adus Cloud HSM and the only time you're really using Cloud HSM is if

time you're really using Cloud HSM is if you're a large Enterprise and you need

you're a large Enterprise and you need that Regulatory Compliance of getting

that Regulatory Compliance of getting fips 140 hi 2 level three

fips 140 hi 2 level three [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at Key

Pro and we are taking a look at Key Management Service also known as KMS and

Management Service also known as KMS and it is a manage service that makes it

it is a manage service that makes it easy for you to create and control the

easy for you to create and control the encryption Keys you use to encrypt your

encryption Keys you use to encrypt your data so KMS is a multi-tenant HSM so

data so KMS is a multi-tenant HSM so it's a Hardware security module and many

it's a Hardware security module and many adaa services are integrated to use KMS

adaa services are integrated to use KMS Toc your data with a simple checkbox and

Toc your data with a simple checkbox and K KMS uses envelope encryption so here's

K KMS uses envelope encryption so here's that example of a simple checkbox in

that example of a simple checkbox in this case it's for RDS and what you'll

this case it's for RDS and what you'll do is choose a master key A lot of times

do is choose a master key A lot of times ads will have a default for uh key for

ads will have a default for uh key for you that's managed by them that is free

you that's managed by them that is free to use which is really great uh so for

to use which is really great uh so for KMS it's using envelope encryption so

KMS it's using envelope encryption so when you encrypt your data your data is

when you encrypt your data your data is protected but you have to protect your

protected but you have to protect your encryption key when you encrypt your

encryption key when you encrypt your data key with a master key as an

data key with a master key as an additional layer of security so that's

additional layer of security so that's it works so just to make this really

it works so just to make this really clear I have my data I use this key to

clear I have my data I use this key to encrypt this data and I need to protect

encrypt this data and I need to protect this key so I use another key to encrypt

this key so I use another key to encrypt uh this key which forms an envelope and

uh this key which forms an envelope and then I store this uh master key in KMS

then I store this uh master key in KMS and this one's considered the data key

and this one's considered the data key all

all [Music]

[Music] right hey this is Andrew Brown from exam

right hey this is Andrew Brown from exam Pro and we're going to take a look at

Pro and we're going to take a look at Key Management service also known as KMS

Key Management service also known as KMS so type in KMS on the top here and we'll

so type in KMS on the top here and we'll pop over here and KMS is a way for you

pop over here and KMS is a way for you to create your own keys or you can use

to create your own keys or you can use adus manage keys so up here and not all

adus manage keys so up here and not all these appear right away but as you use

these appear right away but as you use Services um you will adus will generate

Services um you will adus will generate out manage keys for you and these are

out manage keys for you and these are free you can uh create your own Keys um

free you can uh create your own Keys um and these cost a dollar each so if I go

and these cost a dollar each so if I go ahead here and create a key I can choose

ahead here and create a key I can choose whether it's symmetric or asymmetric

whether it's symmetric or asymmetric which we definitely learned in the

which we definitely learned in the course which is nice for asymmetric you

course which is nice for asymmetric you can make it encrypt and decrypt

can make it encrypt and decrypt sign and verify and they're just kind of

sign and verify and they're just kind of narrowing down the type of key you would

narrowing down the type of key you would use um for this you know if I went to

use um for this you know if I went to symmetric I go here I'm just kind of

symmetric I go here I'm just kind of seeing if I can enter the uh actual

seeing if I can enter the uh actual material into the key here um so I'm

material into the key here um so I'm just going to keep clicking through here

just going to keep clicking through here U my custom key generally you don't

U my custom key generally you don't really need to do this but um you know

really need to do this but um you know if it's interesting you can set up

if it's interesting you can set up administrators to say who's allowed to

administrators to say who's allowed to administer the key and then you have

administer the key and then you have someone that um is allowed to use the

someone that um is allowed to use the key you usually want to keep those two

key you usually want to keep those two accounts separate you don't want to have

accounts separate you don't want to have the same person administrating and using

the same person administrating and using the key okay keep those two separate and

the key okay keep those two separate and so we would have a key policy so you can

so we would have a key policy so you can change this to say the rules that is

change this to say the rules that is allowed to use um and then we can go

allowed to use um and then we can go here and hit finish and so there we now

here and hit finish and so there we now have our own custom key and one thing we

have our own custom key and one thing we can

can do is it's possible to rotate out these

do is it's possible to rotate out these Keys when you need to be um but anyway

Keys when you need to be um but anyway when we want to use canas it's built to

when we want to use canas it's built to basically everything and we've seen it

basically everything and we've seen it multiple times throughout this course

multiple times throughout this course when we've gone over to ec2 we'll just

when we've gone over to ec2 we'll just go take a peek at a few different places

go take a peek at a few different places here so when we've gone to go launch an

here so when we've gone to go launch an ec2 instance and we go over to uh

ec2 instance and we go over to uh storage we say

storage we say select and review or next and we go over

select and review or next and we go over to storage notice that here this is

to storage notice that here this is using encryption right so I can choose

using encryption right so I can choose that or even my custom key if you're in

that or even my custom key if you're in Dynamo DB or anywhere else it's always

Dynamo DB or anywhere else it's always something like a checkbox and you choose

something like a checkbox and you choose your key so that's pretty much all there

your key so that's pretty much all there really is to KMS it's very easy to use

really is to KMS it's very easy to use and there you

and there you [Music]

[Music] go hey this is Andrew Brown from exam

go hey this is Andrew Brown from exam Pro and we are going to take a look here

Pro and we are going to take a look here at Cloud HSM it is a single tenant uh

at Cloud HSM it is a single tenant uh HSM as a service that automates Hardware

HSM as a service that automates Hardware provisioning software patching High

provisioning software patching High availability and backups so here's the

availability and backups so here's the idea is that you have your adus Cloud

idea is that you have your adus Cloud HSM you have your developers interacting

HSM you have your developers interacting with it your application interacting

with it your application interacting with it you have HSM client installed in

with it you have HSM client installed in your uh ec2 instance so that it can

your uh ec2 instance so that it can access uh the cloud HSM keys so adus

access uh the cloud HSM keys so adus Cloud HSM enables you to generate and

Cloud HSM enables you to generate and use your encryption keys on fips 140

use your encryption keys on fips 140 hyphen 2 level 3 validated Hardware it's

hyphen 2 level 3 validated Hardware it's built on open HSM industry standards to

built on open HSM industry standards to integrate with things like PK uh

integrate with things like PK uh cs1 Java cryptography uh extension so

cs1 Java cryptography uh extension so jce Microsoft crypto and G libraries you

jce Microsoft crypto and G libraries you can transfer your keys to other

can transfer your keys to other commercial commercial HSM Solutions to

commercial commercial HSM Solutions to make it easy for you to migrate keys on

make it easy for you to migrate keys on or off ads configure ads KMS to use adus

or off ads configure ads KMS to use adus cloud HSM uh cluster as a custom uh key

cloud HSM uh cluster as a custom uh key store rather than the default KMS key

store rather than the default KMS key store uh so Cloud HSM is way more

store uh so Cloud HSM is way more expensive than KMS KMS is like free or a

expensive than KMS KMS is like free or a dollar per key where Cloud HSM is a

dollar per key where Cloud HSM is a fixed cost per month because you are

fixed cost per month because you are getting a dedicated piece of Hardware um

getting a dedicated piece of Hardware um and there's not a lot of stuff around it

and there's not a lot of stuff around it so other than the ad KMS integration a

so other than the ad KMS integration a lot of times it can be really hard to

lot of times it can be really hard to use this as well so the only time you're

use this as well so the only time you're really going to be using Cloud HSM is if

really going to be using Cloud HSM is if you're an Enterprise and you need to

you're an Enterprise and you need to meet fips 140 hyphen 2 level three

meet fips 140 hyphen 2 level three compliancy

compliancy [Music]

[Music] okay hey this is Andrew Brown from exam

okay hey this is Andrew Brown from exam Pro and we are taking a look at know

Pro and we are taking a look at know your initialism so a lot of adus

your initialism so a lot of adus services and Concepts and Cloud

services and Concepts and Cloud Technologies use initial isms to just

Technologies use initial isms to just kind of shorten uh common things that we

kind of shorten uh common things that we need to use on a frequent basis and it's

need to use on a frequent basis and it's going to really help if you learn these

going to really help if you learn these because then what you can do is

because then what you can do is substitute them when you are uh seeing a

substitute them when you are uh seeing a service name or something particular and

service name or something particular and that's going to get you through content

that's going to get you through content a lot faster um and in the wild you're

a lot faster um and in the wild you're going to see these all over the place

going to see these all over the place because people aren't going to say the

because people aren't going to say the full name they're going to say the

full name they're going to say the initialism so let's go through them so

initialism so let's go through them so for IM it's identity and access

for IM it's identity and access management for S3 that's simp Le storage

management for S3 that's simp Le storage for S SWS it's uh swf that's simple

for S SWS it's uh swf that's simple workflow service SNS is simple

workflow service SNS is simple notification service sqs is simple Q

notification service sqs is simple Q service SCS is simple email service SSM

service SCS is simple email service SSM is simple systems manager but uh you

is simple systems manager but uh you know when we see the name it's usually

know when we see the name it's usually just systems manager but we still use

just systems manager but we still use the uh initialism SSM then there's RDS

the uh initialism SSM then there's RDS relational database service VPC virtual

relational database service VPC virtual private Cloud VPN virtual private

private Cloud VPN virtual private Network CFN cloud formation

Network CFN cloud formation WF web application firewall and that is

WF web application firewall and that is a very common initialism not just adus

a very common initialism not just adus but outside of it as well mq for Amazon

but outside of it as well mq for Amazon active mq ASG for auto scaling groups

active mq ASG for auto scaling groups Tam for technical account manager elb

Tam for technical account manager elb for elastic load bouncer ALB for the

for elastic load bouncer ALB for the application load bouncer NLB for the

application load bouncer NLB for the network load bouncer G wlb for the

network load bouncer G wlb for the Gateway load balancer clb for the

Gateway load balancer clb for the classic load balancer ec2 for elastic

classic load balancer ec2 for elastic cloud or Cloud compute e CS for elastic

cloud or Cloud compute e CS for elastic container service ECR for elastic

container service ECR for elastic container repository EBS for elastic

container repository EBS for elastic block storage EMR for elastic map

block storage EMR for elastic map produce EFS for elastic fall store EB or

produce EFS for elastic fall store EB or EB for elastic beant stock es for

EB for elastic beant stock es for elastic search eeks for elastic kuber

elastic search eeks for elastic kuber netti service msk for managed kofka

netti service msk for managed kofka service and if you think I got the S and

service and if you think I got the S and K backwards I did not for whatever

K backwards I did not for whatever reason it's msk uh then uh there's AIS

reason it's msk uh then uh there's AIS resource manager which is known as Ram

resource manager which is known as Ram ACM for Amazon certificate manager Pol

ACM for Amazon certificate manager Pol for principal of lease privilege which

for principal of lease privilege which is a concept not a service iot internet

is a concept not a service iot internet things this is not a service but is a

things this is not a service but is a tech concept or Cloud concept RI for

tech concept or Cloud concept RI for reserved instances and I'm sure there

reserved instances and I'm sure there are more but these are the ones that I

are more but these are the ones that I know off the top of my head uh and

know off the top of my head uh and they're in my uh usual use case uh for

they're in my uh usual use case uh for what I'm doing day to-day but a lot of

what I'm doing day to-day but a lot of times you'll probably just end up need

times you'll probably just end up need to remember ASG

to remember ASG elb um ec2 S3 things like that

elb um ec2 S3 things like that [Music]

[Music] okay all right let's compare adus config

okay all right let's compare adus config and app config which both have config in

and app config which both have config in the name but there are two completely

the name but there are two completely different services so adus config and

different services so adus config and app config so adus config is a

app config so adus config is a governance tool for compliance as code

governance tool for compliance as code you can create rules that will check to

you can create rules that will check to see if resources are configured the way

see if resources are configured the way you expect them to be if a resource

you expect them to be if a resource drifts from the expected configuration

drifts from the expected configuration you are notified or adus config can auto

you are notified or adus config can auto remediate correct the configuration back

remediate correct the configuration back to the expected state for app config it

to the expected state for app config it is used to automate the process of

is used to automate the process of deploying application configuration

deploying application configuration variable changes to your web application

variable changes to your web application you can write a validator to ensure uh

you can write a validator to ensure uh the changed variable will not break your

the changed variable will not break your web app uh you can monitor deployments

web app uh you can monitor deployments and automate Integrations to catch

and automate Integrations to catch errors or roll backs so config is for

errors or roll backs so config is for compliance governance app config is for

compliance governance app config is for conf application configur configuration

conf application configur configuration varibles so there you

varibles so there you [Music]

[Music] go well let us take a look at SNS versus

go well let us take a look at SNS versus sqs and uh these things have something

sqs and uh these things have something in common and it's they both connect

in common and it's they both connect apps via messages uh so they're for

apps via messages uh so they're for application integration so let's take a

application integration so let's take a look at SNS so simple notification

look at SNS so simple notification service and then simple Q service okay

service and then simple Q service okay so SNS is intended to pass along

so SNS is intended to pass along messages via a pub sub model whereas sqs

messages via a pub sub model whereas sqs cues up messages and has a guaranteed

cues up messages and has a guaranteed delivery so the idea with SNS you send

delivery so the idea with SNS you send notifications to subscribers of topics

notifications to subscribers of topics via multiple protocols so it can be H

via multiple protocols so it can be H HTTP email sqs SMS and SNS is generally

HTTP email sqs SMS and SNS is generally used for sending plane text emails which

used for sending plane text emails which is triggered via other aab services the

is triggered via other aab services the best example here is billing alarms I

best example here is billing alarms I know we mentioned this but I like to

know we mentioned this but I like to repeat it so that you absolutely know uh

repeat it so that you absolutely know uh it can retry sending in the case of

it can retry sending in the case of failures of https so it does have a

failures of https so it does have a retry attempt but that doesn't mean

retry attempt but that doesn't mean there's a guarantee of delivery it's

there's a guarantee of delivery it's really good for web hooks simple

really good for web hooks simple internal emails triggering Lambda

internal emails triggering Lambda functions if you had to compare the to

functions if you had to compare the to third party Services it's similar to

third party Services it's similar to Pusher or uh pubnub so sqs is uh the

Pusher or uh pubnub so sqs is uh the idea here is that messages are placed

idea here is that messages are placed into a queue applications pull the queue

into a queue applications pull the queue using the itus SDK you can uh uh retain

using the itus SDK you can uh uh retain a message for up to 14 days you can send

a message for up to 14 days you can send them in sequential order a sequential

them in sequential order a sequential order or in parallel you can ensure only

order or in parallel you can ensure only one message is sent you can ensure

one message is sent you can ensure messages are delivered at least once

messages are delivered at least once it's really good for delayed tasks

it's really good for delayed tasks queuing up emails um comparable uh stuff

queuing up emails um comparable uh stuff would be something like rabbit mq or uh

would be something like rabbit mq or uh Ruby on Rails sidekick

Ruby on Rails sidekick [Music]

[Music] okay hey this is Andy Brown from exam

okay hey this is Andy Brown from exam Pro and we're doing variation study with

Pro and we're doing variation study with SNS versus SCS versus pinpoint versus

SNS versus SCS versus pinpoint versus workmail and so SNS and SCS get confused

workmail and so SNS and SCS get confused uh quite often but all of these Services

uh quite often but all of these Services uh have something in common they all

uh have something in common they all send emails but uh the utility of email

send emails but uh the utility of email is completely different for each one so

is completely different for each one so the first one is simple notification

the first one is simple notification service is for practical and internal

service is for practical and internal emails so you send notifications to

emails so you send notifications to subscribers of topics via multiple

subscribers of topics via multiple protocols so it's not just for email it

protocols so it's not just for email it can handle HTTP it can send sqs it can

can handle HTTP it can send sqs it can send SNS me or SMS messages so um

send SNS me or SMS messages so um messages to your phone um but uh it does

messages to your phone um but uh it does send emails and so SNS is generally used

send emails and so SNS is generally used for sending plain text emails which is

for sending plain text emails which is triggered via other IT services the best

triggered via other IT services the best example of this is a building alarm so

example of this is a building alarm so most exam questions are going to be

most exam questions are going to be talking about SNS because lots of

talking about SNS because lots of services can trigger um SNS for

services can trigger um SNS for notifications and so that's the idea

notifications and so that's the idea it's like oh um you know did somebody

it's like oh um you know did somebody spend up a server send off an email

spend up a server send off an email through via SNS uh did we spend too much

through via SNS uh did we spend too much money here you know all sorts of things

money here you know all sorts of things can go through SNS to send out emails

can go through SNS to send out emails and you need to know what are topics and

and you need to know what are topics and subscriptions regarding SNS then you

subscriptions regarding SNS then you have sces so simple email service and

have sces so simple email service and this is for transactional emails and

this is for transactional emails and when I say transaction emails I'm

when I say transaction emails I'm talking about emails that should be

talking about emails that should be triggered based on inapp action so sign

triggered based on inapp action so sign up reset password invoices um so a

up reset password invoices um so a cloud-based email service that is

cloud-based email service that is similar to this would be like send grid

similar to this would be like send grid SCS sends HTML emails uh SNS cannot so

SCS sends HTML emails uh SNS cannot so that is the distinction is that SCS can

that is the distinction is that SCS can do HTML and plain text but SNS just do

do HTML and plain text but SNS just do does plain text and you would not use

does plain text and you would not use SNS for transactional emails SCS can

SNS for transactional emails SCS can receive inbound emails SCS can create

receive inbound emails SCS can create email templates custom domain name

email templates custom domain name emails so when you use SNS it's whatever

emails so when you use SNS it's whatever Amazon gives you it's going to be some

Amazon gives you it's going to be some weird address but SCS is whatever custom

weird address but SCS is whatever custom domain you want you can also monitor

domain you want you can also monitor email reputation for SCS then you have

email reputation for SCS then you have Amazon pinpoint and so this is for

Amazon pinpoint and so this is for promotional emails so these when we say

promotional emails so these when we say promotional we're talking about emails

promotional we're talking about emails for marketing so you can create email

for marketing so you can create email campaigns you can segment your contacts

campaigns you can segment your contacts you can create customer Journeys via

you can create customer Journeys via emails um it can do a be email testing

emails um it can do a be email testing and so sces and pinpoint get mixed up

and so sces and pinpoint get mixed up because a lot of people think well can I

because a lot of people think well can I just use my transaction emails for

just use my transaction emails for promotion emails absolutely you can it's

promotion emails absolutely you can it's not recommended because um you know

not recommended because um you know pinpoint has a lot more functionality

pinpoint has a lot more functionality around promotional emails they're built

around promotional emails they're built differently uh and so you know just

differently uh and so you know just understand that those two have

understand that those two have overlapping responsibilities but

overlapping responsibilities but generally should use them for what

generally should use them for what they're for then you have Amazon

they're for then you have Amazon workmail and this is just an email web

workmail and this is just an email web client so it's similar to Gmail or

client so it's similar to Gmail or Outlook you can create company emails

Outlook you can create company emails read write and send emails from a web

read write and send emails from a web client within the adus Management

client within the adus Management console so there you

console so there you [Music]

[Music] go let us compare Amazon inspector

go let us compare Amazon inspector versus adus trusted advisor so both of

versus adus trusted advisor so both of these are security tools and they both

these are security tools and they both perform audits but what they do is

perform audits but what they do is slightly different so Amazon inspector

slightly different so Amazon inspector audits a single ec2 instance that you've

audits a single ec2 instance that you've selected or I suppose you could select

selected or I suppose you could select multiple e2s it generates a report from

multiple e2s it generates a report from a long list of Security checks um and so

a long list of Security checks um and so trusted advisor has checks but uh the

trusted advisor has checks but uh the the key difference here is that it

the key difference here is that it doesn't generate out a PDF report though

doesn't generate out a PDF report though I'm sure you could export CSV data if

I'm sure you could export CSV data if you wanted to and then turn that into a

you wanted to and then turn that into a report uh it it gives you a holistic

report uh it it gives you a holistic view of recommendations across multiple

view of recommendations across multiple services and best practices so for

services and best practices so for example if you have an open port on

example if you have an open port on these security groups that can tell you

these security groups that can tell you about about that you should enable MFA

about about that you should enable MFA on your root account when using trusted

on your root account when using trusted advisor things like that um one thing

advisor things like that um one thing though is that trust advisor isn't just

though is that trust advisor isn't just for security it does checks across um uh

for security it does checks across um uh five different things um but they both

five different things um but they both do security and they both technically do

do security and they both technically do checks

checks [Music]

[Music] okay so there are a few services that

okay so there are a few services that have connected the name you'd think

have connected the name you'd think they' be related in some way but they

they' be related in some way but they absolutely are not and they don't even

absolutely are not and they don't even have similar functionality but let's

have similar functionality but let's take a look here so we know the

take a look here so we know the difference the first is direct connect

difference the first is direct connect it is a dedicated fiber optics

it is a dedicated fiber optics connection from your data center tows

connection from your data center tows it's intended for large Enterprises with

it's intended for large Enterprises with their own Data Center and they need an

their own Data Center and they need an insanely fast and private connection

insanely fast and private connection directly uh to AWS and you'll notice

directly uh to AWS and you'll notice they give private empasis because if you

they give private empasis because if you need a secure connection you need to

need a secure connection you need to apply uh an adus virtual private network

apply uh an adus virtual private network connection on top of direct connect then

connection on top of direct connect then you have Amazon connect this is a call

you have Amazon connect this is a call center as a service get a toll-free

center as a service get a toll-free number accept inbound and outbound calls

number accept inbound and outbound calls set up automated phone systems uh so if

set up automated phone systems uh so if you ever heard of an interactive voice

you ever heard of an interactive voice system and IVs this is basically what

system and IVs this is basically what Amazon connect is you have media connect

Amazon connect is you have media connect this is the new version of elastic

this is the new version of elastic transcoder it it converts videos to

transcoder it it converts videos to different video types so if you have

different video types so if you have let's say a th videos and you need to

let's say a th videos and you need to transcode them into different video

transcode them into different video formats maybe you need to apply

formats maybe you need to apply watermarks insert introduction videos in

watermarks insert introduction videos in in front of each one uh this is what you

in front of each one uh this is what you use media connect for

use media connect for [Music]

[Music] okay just in case you see elastic

okay just in case you see elastic transcoder as an option I just want you

transcoder as an option I just want you to know what it is compared to Media

to know what it is compared to Media connect so both these services are used

connect so both these services are used for transcoding and technically elastic

for transcoding and technically elastic transcoder is old way and iTab this

transcoder is old way and iTab this Elemental media convert or just media

Elemental media convert or just media convert is the new way so elastic

convert is the new way so elastic transcoder was the original transcoding

transcoder was the original transcoding service it may still have promatic apis

service it may still have promatic apis or workflows not available in media

or workflows not available in media convert so this could be reasons why we

convert so this could be reasons why we see Legacy customers still using it or

see Legacy customers still using it or you know it's just too much effort for

you know it's just too much effort for them to upgrade to the new one it

them to upgrade to the new one it transcodes videos to streaming formats

transcodes videos to streaming formats uh media convert is more robust

uh media convert is more robust transcoding service that can perform

transcoding service that can perform various operations during transcoding so

various operations during transcoding so it also transcodes videos to streaming

it also transcodes videos to streaming different streaming formats but it

different streaming formats but it overlays images it inserts uh video

overlays images it inserts uh video clips extracts captions data it has a

clips extracts captions data it has a robust UI so generally it's recommended

robust UI so generally it's recommended to use the uh media convert in terms of

to use the uh media convert in terms of costs are basically the same so there's

costs are basically the same so there's no reason not to use media convert

no reason not to use media convert [Music]

[Music] okay so it artifact versus Amazon

okay so it artifact versus Amazon inspector get commonly mixed up all the

inspector get commonly mixed up all the time but both artifact and inspector

time but both artifact and inspector compal out PDF reports so that's where

compal out PDF reports so that's where the confusion comes from but let's talk

the confusion comes from but let's talk about what is different about the

about what is different about the reports so Abus artifact and Abus

reports so Abus artifact and Abus inspector so for artifact you're

inspector so for artifact you're answering why should an Enterprise trust

answering why should an Enterprise trust AWS it generates a security report

AWS it generates a security report that's based on global compliance

that's based on global compliance framework such as sock or PCI or a

framework such as sock or PCI or a variety of others where Amazon inspector

variety of others where Amazon inspector is all about how do we know this ec2

is all about how do we know this ec2 instance is secure can you prove it so

instance is secure can you prove it so it runs a script that analyzes your ec2

it runs a script that analyzes your ec2 instance then generates a PDF report

instance then generates a PDF report telling you which Security checks had

telling you which Security checks had passed um so the idea here is it's an

passed um so the idea here is it's an audit tool for security of P2 instances

audit tool for security of P2 instances so there you

so there you [Music]

[Music] go so let us compare elb versus ALB

go so let us compare elb versus ALB versus NLB versus J wlb versus clb uh

versus NLB versus J wlb versus clb uh because you know when I was first

because you know when I was first learning AWS I was getting confused

learning AWS I was getting confused because there was elastic load balancer

because there was elastic load balancer but there was these other ones so what

but there was these other ones so what gives right so what's happening here is

gives right so what's happening here is that there is a main service called

that there is a main service called elastic load balancer elb and it has

elastic load balancer elb and it has four different types of possible load

four different types of possible load Bal bouncers so we'll go through all the

Bal bouncers so we'll go through all the types so the first is application load

types so the first is application load bouncer commonly uh initialized as ALB

bouncer commonly uh initialized as ALB and so this operates on layer 7 for

and so this operates on layer 7 for https this makes sense because that is

https this makes sense because that is the application layer and it has some

the application layer and it has some special powers in terms of routing rules

special powers in terms of routing rules so the idea here is you can create rules

so the idea here is you can create rules to change routing based on information

to change routing based on information found within the htps request so let's

found within the htps request so let's say you wanted some uh routes to go that

say you wanted some uh routes to go that have a particular subdomain to this

have a particular subdomain to this server and a different sub domain to

server and a different sub domain to another one you could do that and

another one you could do that and because it is an application load

because it is an application load balancer uh you can attach a web

balancer uh you can attach a web application firewall for protection you

application firewall for protection you can't attach this on the NLB or other

can't attach this on the NLB or other ones because they're not application

ones because they're not application based so that is just a little caveat

based so that is just a little caveat there then you have Network load bouncer

there then you have Network load bouncer uh commonly abbreviated to NLB this

uh commonly abbreviated to NLB this operates on layer three and four so

operates on layer three and four so we're talking TCP UDP this is great for

we're talking TCP UDP this is great for when you have Extreme Performance that

when you have Extreme Performance that that requires T TCP and TLS traffic it's

that requires T TCP and TLS traffic it's capable of handling millions of requests

capable of handling millions of requests per seconds uh while maintaining ultra

per seconds uh while maintaining ultra low latency it's optimized for sudden

low latency it's optimized for sudden and volatile traffic patterns while

and volatile traffic patterns while using a single static IP address per

using a single static IP address per availability Zone uh if you're making

availability Zone uh if you're making video games this is what they like to

video games this is what they like to use is the network load balcer but it

use is the network load balcer but it has other utilities outside of that then

has other utilities outside of that then you have Gateway load bouncer G wlb this

you have Gateway load bouncer G wlb this is when you need to deploy a fleet of

is when you need to deploy a fleet of third-party virtual appliances that

third-party virtual appliances that support uh I don't know how to say that

support uh I don't know how to say that in abbreviation but I'll just uh say

in abbreviation but I'll just uh say it's G NE v um and there's not much we

it's G NE v um and there's not much we need to know outside of that okay then

need to know outside of that okay then there is the classic load balancer uh

there is the classic load balancer uh commonly initializes clb this operates

commonly initializes clb this operates on layer 3 four and 7 it's intended for

on layer 3 four and 7 it's intended for applications that were built within the

applications that were built within the ec2 classic Network it doesn't support

ec2 classic Network it doesn't support Target groups so albs nlbs uh use Target

Target groups so albs nlbs uh use Target groups which is just an easier way of

groups which is just an easier way of grouping together um a bunch of uh

grouping together um a bunch of uh Target resources like compute uh that

Target resources like compute uh that we're going to load balance to and with

we're going to load balance to and with classic load balance you just directly

classic load balance you just directly assign ec2 instances uh and it's going

assign ec2 instances uh and it's going to be retired on August 15th of 2022 so

to be retired on August 15th of 2022 so yeah it looks like it can do a lot of

yeah it looks like it can do a lot of stuff but um it also doesn't have any of

stuff but um it also doesn't have any of the superpowers of these specialized

the superpowers of these specialized ones and so uh there's no reason to keep

ones and so uh there's no reason to keep it around and generally you should not

it around and generally you should not be using it um and so yeah that's about

be using it um and so yeah that's about it

Videodaki o ana atlamak için herhangi bir metin veya zaman damgasına tıkla

Paylaş:

Transkriptlerin büyük çoğunluğu 5 saniyeden kısa sürede hazır

Tek Tıkla Kopyala125+ Dilİçerikte AraZaman Damgasına Atla

YouTube URL'sini Yapıştır

Tam transkripti almak için herhangi bir YouTube video bağlantısı gir

Transkriptlerin büyük çoğunluğu 5 saniyeden kısa sürede hazır

Chrome Uzantımızı Yükle

YouTube'dan ayrılmadan transkriptlere anında eriş. Chrome uzantımızı yükle ve izleme sayfasında tek tıkla herhangi bir videonun transkriptine ulaş.

Chrome'a Ekle — Ücretsiz

YouTube, Coursera, Udemy ve daha fazla eğitim platformuyla çalışır

Anında Transkript Al: Adres Çubuğundaki Alan Adını Değiştir!

YouTube

←

→

↻

https://www.youtube.com/watch?v=UF8uR6Z6KLc

YoutubeToText

←

→

↻

https://youtubetotext.net/watch?v=UF8uR6Z6KLc

YouTube TranskriptiSonuçların hazırlanıyor…

YouTube Transkripti:AWS Certified Cloud Practitioner Certification Course (CLF-C02) - Pass the Exam!

AutoDub

Video Transkripti

Summary Requirements

YouTube URL'sini Yapıştır

Transkript Çıkarma Formu

Chrome Uzantımızı Yükle

Anında Transkript Al: Adres Çubuğundaki Alan Adını Değiştir!

YouTube Transkripti:
AWS Certified Cloud Practitioner Certification Course (CLF-C02) - Pass the Exam!