AWS Certified Cloud Practitioner Certification Course (CLF-C01) - Pass the Exam!
AWS Certified Cloud Practitioner Certification Course (CLF-C01) - Pass the Exam!
Prepare for the AWS Certified Cloud Practitioner Certification and pass!
✏️ Developed by Andrew Brown of ExamPro
🔗 https://twitter.com/andrewbrown
Get your Free Practice and Downloadable Cheatsheets
🎁 https://www.exampro.co/clf-c01
📢 View this course updates! Last Updated: Nov 15 2021
⭐️ Course Contents ⭐️
⌨️ (00:13:10) Introduction
⌨️ (00:17:35) Cloud Concepts
⌨️ (00:46:56) Getting Started
⌨️ (01:19:37) Digital Transformation
⌨️ (01:27:40) The Benefits of the Cloud
⌨️ (01:33:54) Global Infrastructure
⌨️ (02:14:28) Cloud Architecture
⌨️ (02:37:50) Management and Developers Tools
⌨️ (04:15:23) Shared Responsibility Model
⌨️ (04:34:20) Compute
⌨️ (05:27:48) Storage
⌨️ (06:05:26) Databases
⌨️ (06:35:39) Networking
⌨️ (06:57:27) EC2
⌨️ (07:49:10) EC2 Pricing Models
⌨️ (08:08:09) Identity
⌨️ (08:53:55) Application Integration
⌨️ (09:05:22) Containers
⌨️ (09:16:11) Goverance
⌨️ (09:44:39) Provisioning
⌨️ (10:05:34) Serverless
⌨️ (10:10:04) Windows on AWS
⌨️ (10:18:46) Logging
⌨️ (10:32:39) ML AI BigData
⌨️ (10:52:52) AWS Well Architected Framework
⌨️ (11:14:35) TCO and Migration
⌨️ (11:30:41) Billing and Pricing
⌨️ (12:25:50) Security
⌨️ (13:11:08) Variation Study
🎉 Thanks to our Champion and Sponsor supporters:
👾 Wong Voon jinq
👾 hexploitation
👾 Katia Moran
👾 BlckPhantom
👾 Nick Raker
👾 Otis Morgan
👾 DeezMaster
👾 AppWrite
—
Learn to code for free and get a developer job: https://www.freecodecamp.org
Read hundreds of articles on programming: https://freecodecamp.org/news
Content
0.64 -> hey this is andrew brown your cloud
2.159 -> instructor exam pro bringing you another
4.24 -> complete study course and this time it's
5.92 -> the aws certified cloud practitioner
7.759 -> made available to you here on free code
9.679 -> camp and if you think you've seen this
10.96 -> course before that's because this is a
12.88 -> major update from the very popular
14.92 -> 2019-20
16.48 -> course that had over 2 million views and
19.279 -> this time around we have three times
21.359 -> more content so this course is designed
23.6 -> to help you pass and achieve it was
25.92 -> issued certification and the way we're
28.08 -> going to do that is by going through
29.519 -> lecture content doing labs in our own
31.84 -> account utilizing a practice exam
34.16 -> downloading the cheat sheets on the day
35.52 -> of the exam and then once you pass you
37.44 -> can improve on your resume and linkedin
39.04 -> you have that either business knowledge
40.64 -> to get that cloud job or to get that
42.559 -> promotion to tell you a bit about me i
44.879 -> was previously the cto of multiple
46.399 -> edtech companies with 15 years industry
48.879 -> experience five years specializing in
50.96 -> the cloud i'm ava's community hero i
53.199 -> publish multiple free cloud courses i
55.6 -> love star trek and coconut water and i
57.84 -> just want to take a moment to thank
59.6 -> people like you because it's you that
61.6 -> make these free courses possible and if
63.68 -> you want to know how to support more
65.199 -> free courses like this one the best way
67.92 -> is to buy or extra study materials and
70.4 -> so for this course it's at exam pro dot
72.72 -> co four slash clf hyphen c01 this is
76.24 -> where you'll get study notes flash cards
78.479 -> quizlets downloadable lecture slides
80.56 -> downloadable cheat sheets uh prax exams
83.28 -> you can ask questions and get support
86 -> and i also just want to tell you if you
87.52 -> do sign up you're going to get
89.119 -> additional stuff
90.4 -> already so you'll get the free practice
92.4 -> exam and cheat sheet there's no credit
94.159 -> card required required and there's no
96.24 -> trial limit so there's no reason not to
97.92 -> sign up
99.2 -> and if there are course updates check
101.6 -> the description in the youtube to see if
103.68 -> there are any updates okay so there
105.92 -> might be corrections additions
107.84 -> modifications and this is just going to
109.52 -> ensure that you're using utilizing the
111.36 -> latest version of this course and so to
114.64 -> keep up to date with upcoming courses
117.2 -> follow me on twitter at andrew brown and
119.6 -> if you are over there i'd love to hear
121.52 -> if you have passed your exam and what
123.28 -> you'd like to see next so there you go
126.38 -> [Music]
130.319 -> hey this is andrew brown from exam pro
132.16 -> and we're at the start of our journey
133.44 -> asking the most important question first
135.52 -> which is what is the aws certified cloud
138.16 -> partitioner so the cloud partitioner is
140.16 -> the entry level aida certification
142.319 -> teaching cloud fundamentals such as
143.92 -> cloud concepts architecture deployment
146 -> models it will take a close look at
147.84 -> database core services a quick look at
150.319 -> the vast amount of data services and
152.4 -> will cover topics like identity security
154.64 -> governance billing pricing support of
157.12 -> aws services the course code for this
159.519 -> exam is the clf c01 but it's commonly
162.72 -> referred to as the ccp
165.36 -> and aws is the leading cloud service
167.36 -> provider in the world and that makes the
169.92 -> certified cloud petitioner the most
171.519 -> common starting point for people
172.959 -> breaking into the cloud industry no
174.879 -> matter what their path is
177.2 -> so who is this certification for well
180.08 -> you should be considering the aws cloud
181.76 -> partitioner if you are new to cloud and
184.08 -> need to learn the fundamentals if you
186.239 -> are in the executive management or sales
188.319 -> level and you need to acquire strategic
190.319 -> information about cloud for adoption or
192 -> migration
193.12 -> or you are a senior cloud engineer or
195.599 -> solutions architect who needs to reset
198 -> or refresh their aws knowledge after
200.319 -> working for multiple years and just
202.64 -> seeing how the landscape has changed
205.44 -> so what value does this certification
207.36 -> bring well the aws certified cloud
209.28 -> practitioner provides the most expensive
211.28 -> view possible
212.4 -> of cloud architectures and advanced and
214.799 -> when we're talking about that expansive
216.239 -> view what you should be thinking about
218 -> is
218.72 -> it being a bird's eye view or a 50 000
221.68 -> foot view
222.72 -> looking onto a panoramic landscape where
225.28 -> you can see everything and the idea of
227.92 -> this expansive view is to promote big
230.4 -> picture thinking so the idea here is
232.56 -> you're zooming out and assessing the
234.64 -> cloud it was landscape for changes
237.519 -> trends opportunities and being strategic
240.879 -> about the approach and process for our
243.2 -> cloud journey
245.04 -> the innovations cloud practitioner is
246.48 -> not a difficult exam it will not
248.72 -> validate that you can build cloud
250.319 -> workloads for technical implementation
252.72 -> roles like a developer engineer
255.04 -> devops role it will not be enough to
257.199 -> obtain a cloud role but it can help
259.519 -> shortlist your resumes for interviews
261.6 -> the exam covers content not found in
263.6 -> other certifications and it is
265.28 -> recommended as an essential study for
267.6 -> your aws journey
270.32 -> so now let's take a look at the awesome
271.919 -> certification roadmap to see where we
273.919 -> would go after the cloud petitioner and
275.84 -> what kind of uh cloud roles
278.16 -> would be associated with those
279.759 -> certifications so at the start you get
281.919 -> your cloud practitioner which is at the
283.919 -> fundamental level after that we have the
286.24 -> associate level such as the sysop
288.08 -> administrator the developer and the
289.52 -> solutions architect followed by the
291.28 -> professional level the devops engineer
293.84 -> the solutions architect professional and
296.08 -> then the specialties such as security
298.16 -> advanced networking database machine
300.08 -> learning data analytics and sap which
302.8 -> just is not on here yet because it's
304.24 -> such a new certification so after the
306.639 -> cloud practitioner generally people will
308.8 -> go for an associate and it's up to you
311.52 -> to choose one of the three
313.52 -> because they're all great routes but the
315.039 -> most common one is the solutions
316.96 -> architect associate
318.639 -> because the most common role in the
320.8 -> industry is a cloud engineer so even
322.8 -> though it's called solution to architect
324.16 -> they really should have named it cloud
325.36 -> engineer because that is really what it
327.199 -> is uh if you were to go the developer
329.12 -> route you're basically becoming a cloud
330.8 -> developer and then if you are going the
333.6 -> sysops admin route you are becoming a
335.68 -> junior devops engineer
338.4 -> and it's not uncommon for people to
340.24 -> obtain all three associates and a lot of
343.039 -> times the order will be the solution
344.8 -> architect first because it's the easiest
346.72 -> and and has the broadest services
348.32 -> followed by the developer
349.919 -> um which adds uh
352 -> practical programming skills and um
356.08 -> life cycle stuff of like deployment for
358 -> apps followed by the sysops
359.68 -> administrator which is considered the
361.28 -> hardest of the three in the associate
363.199 -> tier
364.319 -> from there you can go for the solutions
366.4 -> architect professional and that would be
368.24 -> associated with a solutions architect or
370.479 -> cloud architect role that's basically
372.639 -> like a harder version of the cloud
374.639 -> engineer with a lot more
376.16 -> responsibilities if you were going to
378.319 -> devops route you'd go for the devops
380.24 -> engineer professional and so this would
382.56 -> open you up to roles such as the devops
384.72 -> engineer or the site reliable
386.639 -> reliability engineer an sre
389.36 -> and some people like to get both of the
392 -> professionals
393.52 -> and that could be if you want to be a
395.28 -> cloud architect or devops engineer
397.039 -> because having adjacent skills and the
399.199 -> professionals is always very useful now
401.6 -> you don't have to go for a professional
403.36 -> after the associate a lot of people will
405.28 -> jump over to the specialties and so when
407.52 -> we're looking at the solutions architect
409.28 -> you basically have any pic after that
411.52 -> but generally what i see are people
413.28 -> going for data analytics or machine
415.52 -> learning so for data analytics this
418.24 -> would be if you want to be a data
420.319 -> analyst
421.599 -> or if you're doing machine learning this
423.759 -> is where data scientists will go through
425.52 -> the solutions architect route
427.919 -> okay
428.8 -> for the junior devops you could jump
430.88 -> over to security and become a
433.599 -> cloud security engineer if you want to
436.96 -> go into devsecops so the automation of
439.68 -> security operations you probably want to
441.919 -> get the devops engineer um or you may be
445.84 -> if you're after the devops engineering
447.52 -> you might be transitioning to the
448.72 -> advanced networking for roles like in
450.639 -> netdevops where you're specializing in
452.8 -> migration or hybrid
454.96 -> engineer for architectures that both use
457.28 -> on-premise and the cloud from the devops
460.319 -> engineer position you can still go for
462.319 -> the database or machine learning
464 -> certification if you want to become
465.84 -> either a data engineer or an ml ops
468.56 -> engineer so there's a lot of
470.08 -> opportunities here
471.759 -> and there is no perfect route but just
474.639 -> these are suggestions for you to decide
476.639 -> on your own okay so how long is it going
479.52 -> to take to pass this certification well
482.319 -> it's going to really depend on your
484.56 -> background but if we had to generalize
486.4 -> it we can look at it uh as kind of a
489.039 -> scale and so if you are at the beginner
491.12 -> level you're looking at 30 hours of
493.28 -> studying and when we say beginner we're
495.36 -> saying someone that has never used aws
497.44 -> or any cloud provider i have never
499.44 -> written code or held a tech role and
501.599 -> when we're looking at the other side of
503.599 -> it someone that is experienced we're
505.28 -> looking at a six hour study time and
507.28 -> when i say that i'm talking about
508.72 -> somebody that's watching on two times
510.319 -> speed and are able to absorb this
512.159 -> information uh very quickly so they have
514.959 -> practical working experience with aws or
518 -> they have equivalent experience in
519.36 -> another cloud service provider like
520.8 -> azure gcp where they can translate that
522.64 -> knowledge or they have a very strong
524.64 -> background in uh technology where
526.72 -> they've worked in the industry for many
528.32 -> years and so you know their study time
530.56 -> is going to be a lot shorter
532.56 -> and so on average most people are going
534.88 -> to take about 24 hours to study for this
538.24 -> course and when we talk about the kind
540.88 -> of stuff that you'll be doing it's going
542.399 -> to be 50 lectures and labs and we call
545.12 -> our labs follow alongs where the idea is
546.8 -> you follow along in your own account and
548.8 -> then 50 is the practice exams so if you
551.92 -> look at the length of the content which
553.76 -> is around uh 12 hours then you know you
557.2 -> should expect to spend as much time
559.12 -> doing practice exams uh to pass okay and
562.32 -> the rem recommended time to study is one
564.8 -> to two hours a day for 14 days okay
568.959 -> so what kind of effort are we going to
570.959 -> have to put in to pass this exam well
573.04 -> you have to watch the lecture videos and
575.04 -> memorize key information you'll need to
577.279 -> do hands-on labs and follow along with
579.68 -> your own account and you will need paid
582.48 -> online practice exams that simulate the
584.56 -> real exam and the last two here were
587.44 -> things that i used to never suggest
589.2 -> because you could literally just watch
590.64 -> the videos and pass however edibus has
593.36 -> made this exam a lot more difficult and
596.24 -> so for these last two points you do have
599.12 -> to do these two things for the paid
602.32 -> online practice exams uh that can be a
605.12 -> hard for some people so i've made it
606.959 -> easier for you by providing you a full
609.68 -> free practice exam on exam pro at four
612.32 -> slash clf c01 and so you just have to
615.12 -> sign up no credit card required and
617.519 -> you'll get a full set of 65 questions
620.399 -> that simulate the real exam okay
623.839 -> so for the contents of the exam it is
626 -> composed of four domains and each domain
628.16 -> has its own weighting which determines
630 -> how many questions in the domain that
631.519 -> will appear so for domain one which is
634 -> cloud concepts we're looking at 26
635.76 -> percent for domain 2 security and
637.92 -> compliance we should expect to see 25
640.079 -> percent of the questions from there for
641.68 -> domain 3 which is technology and where
644.56 -> we will see the most amount of questions
646.8 -> that we're sitting at 33 percent for
649.12 -> domain four billing and pricing we have
651.36 -> 16 of the exam there so just to
654.079 -> emphasize for domain 3 you need to know
656.56 -> a wide range of services but you also
659.2 -> need to know
660.56 -> in-depth the core services
663.6 -> so where do you take the exam well at an
665.68 -> in-person test center or online from the
667.76 -> convenience of your own home aws is
670.24 -> partnered with two different test center
672.88 -> networks the first being psi and the
675.04 -> second being pearson vue and they both
677.519 -> offer in-person or online and these
680.32 -> exams are proctored meaning there is
682 -> somebody watching you to ensure that you
684.72 -> are not cheating okay
686.88 -> in order to pass this exam you have to
688.88 -> score 700 points out of a thousand and
691.76 -> so 700 generally equates to 70 percent
694.8 -> but it's around 70 percent because aws
697.04 -> uses scaled scoring meaning that they
699.2 -> could adjust it based on how many people
701.04 -> are passing or failing so always aim to
704.079 -> uh get higher than 70 percent the exam
707.2 -> contains 65 questions 50 scored and 15
710.959 -> unscored and you can afford to get about
713.839 -> 15 questions wrong there is no penalty
716.399 -> for wrong questions so you should always
718.48 -> choose an answer and the questions come
720.399 -> in two formats multiple choice and
722.8 -> multiple answers for these unscored
725.36 -> questions there are 15 on the exam they
727.76 -> will not count towards your final score
730.48 -> why is there unsword questions on the
732.48 -> exam well unscored questions are used to
734.959 -> evaluate the introduction of new
736.48 -> questions
737.519 -> they can determine if the exam is too
739.279 -> easy and the passing score or question
741.279 -> difficulty needs to be increased and
743.68 -> they can discover users who are
745.36 -> attempting to cheat the exam or steal
747.279 -> dump exam questions so if you encounter
750 -> questions you've never studied for that
751.519 -> seem really hard keep your cool and
753.519 -> remember they may be unscored questions
756.48 -> the duration of this exam is 1.5 hours
759.44 -> so you have about 1.5 minutes per
762.24 -> question the exam time is 90 minutes but
764.88 -> the seat time is 120 minutes seat time
767.6 -> refers to the amount of time you should
769.6 -> allocate for the exam so that means
771.76 -> including things like time to review
773.6 -> instructions show online proctor your
775.92 -> workspace read and accept the nda and
778.56 -> complete the exam and provide feedback
781.36 -> and when you do pass this exam is valid
783.76 -> for 36 months and that equates to three
786.8 -> years before re-certification
789.73 -> [Music]
794.24 -> hey this is andrew brown from exam pro
796.16 -> and i'm on the aws certified cloud
797.839 -> partitioner page because what i want to
799.44 -> show you here is the exam guide if
801.12 -> you're wondering how to book your exam
802.399 -> you go to schedule exam there and that's
804.079 -> the way you can do it but if you scroll
805.519 -> on down there's this download exam guide
807.6 -> and this will download a pdf that will
809.44 -> tell you everything about the exam and
811.519 -> so just make note of the course code
813.36 -> this is the clf c01
815.519 -> because if this exam has a major major
818 -> change they'll call it the co2 okay and
820 -> then you'll know that this exam might
822.56 -> not fit for the new uh
825.04 -> the new exam guide okay so if we scroll
827.76 -> on down there is a basic introduction
829.6 -> they'll say you have to have six months
830.8 -> which is totally not true you can get in
832.48 -> the cloud with no experience uh and uh
835.44 -> be passing this exam within two to three
837.6 -> weeks so you can just kind of ignore
839.68 -> that so it will just state that there is
841.6 -> multiple choice multiple responses also
843.839 -> known as multiple answer there are 50
845.519 -> questions of the exam with 15 unscored
847.839 -> questions so you'll get 65 questions in
850.399 -> total
851.279 -> uh it's scored between 100 to 1000. the
853.68 -> passing grade is 700 it explains about
856.399 -> scaled scoring there then it goes onto
858.399 -> the course our content outline where we
860.24 -> have the four domains and it has a big
862.32 -> breakdown of all the things that could
864 -> appear on the exam and the thing about
866.32 -> this is is that um
868.399 -> you know there's only 65 questions but
870.88 -> there if you break down all these points
872.959 -> there's like three times more
874.399 -> information than could possibly show up
876.24 -> on the exam so just understand that you
878.079 -> are going to be studying a lot of
880.079 -> information but only one third of it's
881.6 -> going to show up on your exam so what i
883.279 -> did is i went through every single one
884.8 -> of these things and i made sure that we
886.8 -> are covering them some stuff i just
888.8 -> never saw an exam and also other people
890.88 -> i never saw were design principles um i
893.68 -> mean they are generally covered in the
895.279 -> well architected framework but it's
897.44 -> unusual because some of the things in
899.36 -> here i just feel they aren't actually on
901.12 -> the exam and they just kind of cram this
902.56 -> exam guide together but i was very
904.8 -> thorough to make sure to add everything
906.56 -> here um so for security and compliance
908.959 -> it's just knowing a collection of um
911.519 -> database security services and some
913.36 -> security concepts
915.04 -> for technology this is our largest
916.72 -> section you need to know so much stuff
919.519 -> but we spent a lot of time in the course
921.36 -> just covering technology then you have
923.68 -> your billing and pricing and you could
925.12 -> also say support
926.72 -> and so that covers a lot of interesting
928.399 -> thing a lot of stuff around ec2 pricing
931.44 -> and then they just have a big list of
933.279 -> stuff so this is a bit a bunch of
936 -> random
937.12 -> technologies and concepts that might be
938.72 -> covered and then they talk about
939.839 -> services and so again we cover basically
942.639 -> everything just in case for you
944.8 -> but yeah there you go
946.49 -> [Music]
950.72 -> hey this is andrew brown from exam pro
952.56 -> and what we're looking at here is a free
955.199 -> practice exam that i provide with you uh
957.68 -> for this course and all you have to do
959.199 -> is sign up on exam pro you don't even
961.04 -> need a credit card and you can redeem uh
964 -> the free available content here and this
966.639 -> is really up to date and very well
968.959 -> simulates what you will see on the
970.959 -> actual exam and it's a full set full 65
973.839 -> questions so you're getting a real
975.12 -> simulation here but what i'm going to do
977.04 -> is just start it off here we're not
978.639 -> going to do the whole thing i'm just
979.68 -> going to click through and show you a
980.959 -> couple of them so you have an idea um
983.12 -> the level of difficulty these questions
985.12 -> are so the first question we got
986.399 -> presented with here is which support
988.48 -> plans provide access to the seven core
991.44 -> trusted advisor checks and so that is a
994.16 -> question that you might need to answer i
996.32 -> don't want to spell this for you so i'm
997.519 -> not going to tell you the answer i will
999.199 -> go to the next one so a large accounting
1001.12 -> firm wants to utilize aws to store
1003.04 -> customer accounting information in
1004.48 -> archive storage and must store this
1006.32 -> information for seven years due to
1007.839 -> regulatory compliance which database
1009.839 -> service
1010.72 -> meets this requirement so the first one
1012.48 -> you'll notice this one is multiple
1014.639 -> choice or sorry multiple answers so you
1016.88 -> have to select multiples before you can
1018.399 -> submit your answer
1019.92 -> and the next one here is just a single
1022.079 -> choice so those are the two types of
1023.839 -> questions you will see on the exam
1026.319 -> they're not going to ask you anything
1027.6 -> about coding you're not going to see any
1029.12 -> kind of code
1030.959 -> in terms of length that's pretty much
1032.799 -> what we'll see in terms of the questions
1035.6 -> i think in many cases i wrote a little
1037.679 -> bit more more like um in the style the
1040.48 -> solutions architect associate to make it
1042.24 -> slightly more difficult just so that
1044.319 -> you're a little bit over prepared so if
1046.16 -> you do well on these practice exams
1048.16 -> you're going to do a well on the real
1050.72 -> exam okay so i just wanted to kind of
1053.039 -> get you that exposure there okay
1054.9 -> [Music]
1059.039 -> hey this is andrew brown from exam pro
1061.12 -> and we are at the start of our journey
1062.4 -> asking the most important questions
1064 -> first which is what is cloud computing
1066.88 -> so cloud computing is the practice of
1068.559 -> using a network of remote servers hosted
1070.799 -> on the internet to store manage and
1072.4 -> process data rather than a local server
1075.2 -> or personal computer and so when we're
1077.6 -> talking about on-premise you own the
1079.2 -> servers you hire the i.t people you pay
1082.08 -> or rent the real estate you take all the
1084.16 -> risks but with a cloud provider
1086.72 -> someone else owns the servers someone
1088.559 -> else hires the it people someone else
1090.48 -> pays or rents the real estate and you
1092.559 -> are responsible for configuring cloud
1094.32 -> services and code and someone takes care
1096.72 -> of the rest of it for you okay
1099.02 -> [Music]
1103.12 -> so to understand cloud computing we need
1105.039 -> to look at the evolution of cloud
1106.88 -> hosting going all the way back to 1995
1109.679 -> where if you wanted to host your website
1111.76 -> or web app you'd have to get a dedicated
1113.6 -> server so that would be one physical
1115.6 -> machine dedicated to a single business
1117.84 -> running a single project a site or an
1120.16 -> app
1120.88 -> and as you can imagine these are
1122.4 -> expensive because you have to
1124.08 -> buy out write the hardware have a place
1126.48 -> to store it the network connection
1128.32 -> having a person to maintain it
1130.4 -> but it did give you a guarantee of high
1132.32 -> security
1133.52 -> and they still do as of today so this
1135.2 -> model hasn't gone away but it's been
1137.039 -> specialized for a particular use case
1139.28 -> then came along the virtual private
1140.96 -> server so the idea is we still had one
1143.039 -> physical machine but now we were able to
1145.84 -> subdivide
1147.28 -> our machine into submachines via
1149.48 -> virtualization and so essentially you're
1152 -> running a machine within a machine and
1153.919 -> so you had better utilization of that
1156 -> machine
1157.52 -> running multiple web apps as opposed to
1159.2 -> having a physical machine per project so
1161.919 -> you got better utilization and isolation
1164.16 -> of resources
1165.919 -> and so
1166.88 -> these two options still required you to
1168.88 -> purchase a machine a dedicated machine
1171.12 -> and so that was still kind of expensive
1173.12 -> but then came along shared hosting and
1174.96 -> so if you remember
1176.72 -> the mid-2000s like with godaddy or
1179.44 -> hostgator or any of those sites where
1181.6 -> you had really cheap hosting the idea is
1183.679 -> that you had this one physical machine
1185.44 -> shared by hundreds of businesses and the
1188.32 -> way this worked it relied on tenants
1190.88 -> under utilizing their resources so you
1193.039 -> know you wouldn't have a sub machine in
1194.96 -> there but you'd have a folder with
1196.32 -> permissions that you could use
1198.24 -> um and so you would really share the
1200.24 -> cost and this was very very cheap
1202.96 -> but you were limited to whatever that
1205.2 -> machine could do and you were very
1206.72 -> restricted in terms of the functionality
1208.559 -> you had and there was this poor
1210.32 -> isolation meaning that you know if one
1212.08 -> person decided to utilize the server
1214.32 -> more they could hang up all the all the
1216.24 -> websites on that single server then came
1218.88 -> along cloud hosting and the idea is that
1221.039 -> you have
1222 -> multiple physical machines that act as
1223.76 -> one system so this is distributed
1225.36 -> computing and so the system is
1227.28 -> abstracted into multiple cloud services
1230 -> and the idea is that you basically get
1232 -> the advantages of a lot of the things
1233.6 -> above so it's flexible you can just add
1236.32 -> more servers um it's scalable it's very
1239.6 -> secure because you get that virtualized
1242 -> isolization you get it extremely at a
1244.72 -> low cost because you're sharing that
1245.919 -> cost with the users where in the shared
1247.919 -> hosting it might be hundreds of
1249.12 -> businesses we're looking at thousands of
1251.12 -> businesses and it was also highly
1253.12 -> configurable because it was a full
1254.4 -> virtual machine now
1256.08 -> cloud actually
1257.679 -> still includes all of these types of
1259.6 -> hosting they haven't gone away but it's
1262.4 -> just the idea that you now have more of
1264 -> a selection for your use case uh but
1265.919 -> hopefully that gives you an idea uh what
1267.76 -> cloud hosting looks like and it really
1269.2 -> has to come down to distributed
1270.64 -> computing okay
1275.08 -> [Music]
1276.32 -> hey this is andrew brown from exam pro
1278.24 -> and before we talk about aws we need to
1280 -> know what is amazon so amazon is an
1282.48 -> american multinational computer
1283.919 -> technology corporation headquartered in
1285.6 -> seattle washington and so this is the
1288.159 -> seattle skyline with the space needle
1290.799 -> and amazon was founded in 1994 by jeff
1293.039 -> bezos and the company started as an
1295.039 -> online store for books and expanded to
1297.12 -> other products
1298.64 -> so as you can see this is jeff bezos a
1301.039 -> long time ago and he has this
1302.799 -> interesting spray painted sign and his
1305.28 -> desk is held up by cinder blocks and it
1307.679 -> looks like his uh desk is like an old uh
1310.96 -> table or something and he's working
1313.2 -> really late and he used to be a
1315.12 -> millionaire at this time and he would be
1316.88 -> driving into work in his honda accord
1319.679 -> because you know he just his motivation
1322 -> was always to put all the money back
1323.28 -> into the company so it really shows that
1325.28 -> he worked really hard and it did pay off
1327.039 -> because amazon has expanded beyond just
1329.84 -> an online commerce store into a lot of
1331.919 -> different things
1333.2 -> such as cloud computing which is amazon
1335.28 -> web services digital streaming such as
1337.28 -> amazon prime video prime music they
1339.84 -> bought twitch.tv they own the whole
1342.48 -> foods market grocery store they have all
1344.559 -> this artificial intelligence
1346.48 -> they own low orbit satellites
1349.36 -> and a lot more stuff it's hard to list
1351.76 -> at all and so jeff bezos today is not
1355.28 -> the um the ceo it's actually andy jassy
1359.039 -> is the current ceo of amazon he was
1360.799 -> previously the ceo of aws so jeff bezos
1362.88 -> can focus on space travel so there you
1365.679 -> go
1366.54 -> [Music]
1370.799 -> hey this is andrew brown from exam pro
1372.64 -> and we are taking a look at amazon web
1374.799 -> services and this is the name that
1376.88 -> amazon calls their cloud provider
1378.88 -> service and it's commonly referred to
1380.72 -> just as aws so here is the old logo
1383.84 -> where we see the full name and here is
1385.76 -> the new logo but i like showing the old
1387.44 -> logo because it has these cubes which
1389.6 -> best represent what aws is and it is a
1392.48 -> collection of cloud services that can be
1394.48 -> used together under a single unified api
1397.6 -> to build a lot of different kinds of
1399.919 -> workloads so aws was launched in 2006
1403.36 -> and is the leading cloud service
1404.88 -> provider in the world i put an asterisk
1406.96 -> there because technically
1408.72 -> aws existed before 2006 and a cloud
1411.919 -> service provider
1413.44 -> which is what aws is is often
1415.44 -> initialized as csp so if you hear me
1417.44 -> saying csp i'm just saying cloud service
1419.919 -> provider okay
1422 -> so just trying to look at the timeline
1424.159 -> of when services rolled out the first
1425.679 -> one came out in uh 2004 and was simple
1429.44 -> queue service sqs and this service still
1432.24 -> exists as of today but at the time it
1434.24 -> was the only service that was publicly
1435.919 -> available so it wasn't exactly a cloud
1438.64 -> service provider at this time and it was
1440.48 -> neither aws it was just sqs but then a
1443.52 -> couple years later we had simple storage
1445.679 -> service also known as s3 which was
1448.08 -> launched in march of 2006 and then a
1450.64 -> couple months later we had elastic
1452.72 -> compute cloud also known as ec2
1455.52 -> and ec2 is still
1457.279 -> like the most used service within aws
1460.08 -> and is like the backbone for pretty much
1461.6 -> everything there
1462.96 -> then in 2010 it was reported that all of
1465.6 -> amazon.com's retail sites had migrated
1468 -> to aws so even amazon was using aws full
1471.76 -> steam and to support industry-wide
1474 -> training and and skill standardization
1475.919 -> it was began offering a certification
1478.559 -> program for computer engineers on april
1481.12 -> 2013
1482.4 -> and this is the type of certifications
1484.48 -> that we are doing as we speak um so i
1487.36 -> just want you to know that aws was the
1488.64 -> one leading uh cloud certifications and
1491.36 -> we just want to take a look here at the
1492.72 -> executive level as of today the ceo is
1495.2 -> adam he's the former cto of tableau and
1498.08 -> he spent a decade with aws as a vp of
1500.4 -> marketing sales and support so he was
1502.64 -> there he had left for a bit and now he
1504.24 -> is back then we have uh werner and he's
1507.2 -> the cto of aws he's been uh the cto for
1510.159 -> pretty much
1511.12 -> the entire time it was existed with the
1512.799 -> exception of some time of the first year
1515.52 -> he's famous for quoting everything fails
1518.08 -> all the time and then there's jeff barr
1520.159 -> who's the chief evangelist so um if
1522.64 -> you're ever wondering who is writing all
1524.159 -> the blog posts and talking about databus
1526.64 -> it's always jeff barr okay
1529.06 -> [Music]
1533.36 -> all right so what i want to do here is
1534.799 -> expand on what is a cloud service
1537.52 -> provider also known as a csp just
1539.279 -> because there's a lot of things out in
1540.72 -> the market there that might look like a
1542.32 -> csp
1543.679 -> but they actually are not so let's go
1546.08 -> through this list and see what makes a
1548.24 -> csp so this is a company which provides
1551.12 -> multiple cloud services ranging from
1553.6 -> tens to hundreds of services those cloud
1556 -> services can be chained together to
1557.52 -> create cloud architectures those cloud
1559.679 -> services are accessible via a single
1561.84 -> unified api so databases cases that is
1564.559 -> the aws api
1567.12 -> and from that you can access the cli the
1569.44 -> sdk the management console those cloud
1571.76 -> services utilize metered billing based
1574.08 -> on usage so this could be per second per
1576.24 -> hour
1577.32 -> vpcus memory storage things like that
1580.88 -> those cloud services have rich
1582.24 -> monitoring built in so you know every
1584.48 -> api
1586 -> action is tracked and you have access to
1588.24 -> that so in aws's case it's ableist
1590.24 -> cloudtrail
1591.44 -> and the idea here is those cloud
1593.039 -> services have infrastructure as a
1594.72 -> service offering so iaas that means they
1597.919 -> have networking compute
1600.24 -> storage databases things like that
1603.36 -> those cloud services offers automation
1605.919 -> via infrastructure as code so you can
1607.919 -> write code to set everything up and so
1610.159 -> here's just kind of an example of an
1612.08 -> architecture where we have a very simple
1614.64 -> uh web application running on ec2 behind
1617.039 -> the load bouncer with the domain with
1618.559 -> rough d3 but the idea is just to show
1620.48 -> you that you know you're chaining these
1622.159 -> things together if a company offers
1624.559 -> multiple cloud services under a single
1626.4 -> ui but do not meet most or all of these
1629.12 -> requirements it would just be referred
1630.48 -> to as a cloud platform so when you hear
1632.64 -> about twilio or hashicorp or databricks
1635.679 -> those are cloud platforms and aws azure
1639.2 -> gcp are cloud service providers okay
1642.61 -> [Music]
1646.799 -> let's take a look here at the landscape
1648.48 -> of cloud service providers and the
1649.919 -> industry likes to break these down into
1651.44 -> three tiers so we have tier one so this
1653.279 -> is top tier
1654.399 -> these were early to market they have a
1656.08 -> wide service offering they have strong
1658 -> centers used between services and
1659.36 -> they're well recognized in the industry
1661.6 -> and in the leading spot is amazon web
1663.76 -> services and there's no surprise to this
1666.32 -> because they were the first to develop
1668.08 -> the technology and so they pretty much
1670 -> dominated the market for multiple years
1672.08 -> before anyone entered and so it's going
1674 -> to be very hard for anyone to catch up
1675.36 -> or even overtake them but right behind
1677.679 -> them is microsoft azure then we have
1679.84 -> google cloud platform and these three
1681.84 -> are known as the big three because
1683.52 -> they're the most used around the world
1686.399 -> and we actually have a fourth one that's
1688.399 -> in the tier one and that's alibaba cloud
1690.64 -> you might not know about it just because
1692.48 -> it really is based in mainland china and
1695.12 -> in the asia region so it is really big
1698.399 -> but it's just the fact that there's that
1700.159 -> divide between mainland china and the
1701.919 -> rest of the world okay
1704 -> you have tier two so these are the
1706 -> mid-tiers so at one point you know they
1708.559 -> could have been topped here but um you
1710.64 -> know they were just slow to innovate and
1712.48 -> so they had to turn to specialization
1714.72 -> but they're all backed by well-known
1716.32 -> tech companies have been around for a
1717.76 -> long time well before aws existed so we
1720.64 -> have ibm cloud oracle cloud or rackspace
1724.399 -> and so rackspace is offering is actually
1726.399 -> their software called openstack which
1728 -> allows you to run a cloud service
1730.24 -> provider-like environment uh on your
1732.32 -> on-premise okay
1734.799 -> and so you know these are still in use
1736.24 -> so oracle cloud what they usually do is
1738.159 -> they try to fight on price and ibm cloud
1740.24 -> they they fight on ai and ml uh
1743.12 -> solutions against the top tier then you
1746.08 -> have the uh tier three the light tier
1748.32 -> and so these were virtual private
1749.76 -> servers that turned to offer core iias
1753.76 -> infrastructure as a service offerings
1755.6 -> and so they're simple and cost effective
1757.919 -> and a lot of people that are getting
1759.84 -> into cloud or even just trying to deploy
1761.919 -> apps are probably using these and not
1763.44 -> realizing their cloud service providers
1765.44 -> so we have a
1766.96 -> vulture digital ocean and lynnoids so
1769.6 -> they started with a single offering just
1771.52 -> virtual machines then they added a load
1773.2 -> balancer and so they're starting to get
1775.52 -> more so like digitalocean i think is
1777.36 -> getting a serverless
1779.2 -> offering and then linoid
1781.279 -> or sorry
1782.64 -> vulture is getting a kubernetes managed
1785.039 -> service and so you know they kind of
1787.12 -> live in this realm of are they csps and
1790 -> i would classify them as they are i
1792.24 -> would say they are a tier three they're
1794.48 -> just a light tier and i'm sure they'll
1796.159 -> expand their services to have more of
1798.399 -> the core but they're just going to stay
1800.08 -> i think very small in general okay
1802.53 -> [Music]
1806.559 -> so how do we know who is the leader in
1808.72 -> the market well all comes down to the
1810.64 -> madric quadrant and this is a series of
1813.84 -> market research reports published by it
1815.919 -> consulting firm gardner that rely on
1818.159 -> proprietary
1819.84 -> qualitative data analysis methods to
1822 -> demonstrate market trends such as
1823.44 -> direction maturity and participants
1825.52 -> people take these
1827.039 -> graphs very seriously and so
1829.679 -> this is what it looks like and as you
1831.6 -> can see amazon web services is marked as
1834.399 -> the leader and the closer you are to
1836.72 -> this
1837.76 -> top corner here is the better you are
1839.919 -> off as you can see microsoft is not too
1842.24 -> far behind followed by google then
1844.88 -> followed by alibaba cloud then by oracle
1848.24 -> ibm tencent which we don't uh ever talk
1850.72 -> about and then there's the other ones
1852.24 -> that just don't show up because they're
1853.44 -> so small like digital ocean and linoid
1855.52 -> there so generally that gives you kind
1857.12 -> of an idea how the market is growing and
1859.2 -> stuff like that um but as you can see
1861.6 -> you know there's still
1862.799 -> a lot for the other ones to do to catch
1864.96 -> up to aws okay
1866.8 -> [Music]
1871.6 -> so a cloud service provider can have
1874 -> hundreds of cloud services that are
1876.08 -> grouped into various types of services
1878.08 -> but the four most common types of cloud
1880.48 -> services for infrastructure as a service
1882.88 -> uh and i call these the four core would
1885.279 -> be compute so imagine having a virtual
1888.559 -> computer that can run applications
1890.399 -> programs and code networking so imagine
1892.96 -> having virtual network defining internet
1895.12 -> connections or network isolation between
1897.039 -> services or outbound to the internet
1899.76 -> storage so imagine having a virtual hard
1901.84 -> drive that can store files
1903.76 -> databases so imagine a virtual database
1906 -> for storing reporting data or a database
1908.64 -> for general purpose web applications and
1911.919 -> aws in particular has 200 plus cloud
1914.64 -> services
1915.84 -> and i want to clarify what cloud
1918 -> computing means because notice that we
1919.519 -> have cloud computing cloud networking
1921.919 -> cloud storage cloud databases
1924.159 -> but the industry
1925.76 -> often just says cloud computing to refer
1927.919 -> to all categories even though
1930.159 -> it has computer in the name so just
1931.44 -> understand when someone says cloud
1932.559 -> computing
1933.519 -> they don't just generally mean the
1934.799 -> subcategory they're talking about all of
1936.64 -> cloud okay
1938.18 -> [Music]
1942.72 -> so awes has a lot of different cloud
1944.88 -> services and i just want to kind of go
1946.799 -> quickly over the types of categories
1948.72 -> that we can encounter here and just
1950.48 -> mention the four core so any csp that
1953.44 -> has ias will always have these four core
1956.159 -> service offerings we have compute so
1957.919 -> nato s this would be ec2 vms storage
1960.72 -> this could be something like ebs virtual
1962.559 -> hard drives database so that could be
1964.32 -> rds sql databases networking and content
1967.12 -> delivery but really it's networking uh
1970 -> and this would be vpc so private cloud
1972.24 -> network okay so
1974.48 -> uh let's just look at all the categories
1976 -> that are outside the four core so there
1977.6 -> could be analytics application
1979.2 -> integration ar vr it was cost management
1982.24 -> blockchain business application
1983.919 -> containers customer engagement developer
1986.48 -> tools and user computing game tech iot
1990.24 -> machine learning management governance
1992.48 -> media services migration
1994.64 -> and transfer mobile quantum technologies
1998.08 -> robotics satellites security identity
2000.799 -> and compliance if there was more i would
2002.799 -> not be surprised but you can see there's
2004.48 -> a lot of stuff that's going on here
2006.17 -> [Music]
2010 -> so let's take a look at all the services
2012.24 -> that are available to us so if you're on
2013.84 -> the marketing website which is
2014.96 -> adabus.amazon.com
2017.12 -> what you'll see in the top left corner
2018.88 -> is products and so these are all the
2021.44 -> categories and for whatever we want if
2023.44 -> it's like ec2 we can go into here
2026.159 -> and we can read all about it so usually
2028.96 -> we'll have our overview all right and
2032.159 -> that's not very useful and then we'll go
2033.919 -> over to features and so this is can be
2036.88 -> kind of useful to get some basic
2038.32 -> information and pricing which is
2040.399 -> something you'll do a lot in aws is
2042.399 -> you're always going to be going to a
2043.6 -> service and looking up its price and so
2046.559 -> you'll make your way over here every
2048.639 -> single one is different a very important
2050.72 -> page would be like getting started so
2052.32 -> this will give you basic information but
2054.32 -> what i do is i like to go all the way
2056 -> down to the bottom here and find my way
2058.159 -> over to the documentation so i'll go
2059.919 -> here to documentation to get that deeper
2062.399 -> knowledge about that service and as you
2064.32 -> can see things get pretty deep with aws
2067.2 -> in terms of the information they have so
2069.52 -> hopefully that gives you an idea of the
2071.04 -> scope also when you're logged into aws
2073.359 -> and this will be when we create our
2074.8 -> account
2075.679 -> you can explore all the services this
2077.28 -> way as well so these are all the awesome
2079.04 -> services
2080.24 -> but you just notice that there's two
2081.599 -> ways to explore them where this is
2084 -> actually you just actually utilizing the
2085.52 -> services and then the marketing website
2087.679 -> is you reading about them and learning
2089.119 -> all about them okay
2090.61 -> [Music]
2094.48 -> hey this is andrew brown from exam pro
2096.32 -> and we are looking at the evolution of
2097.76 -> computing your cloud service provider
2099.599 -> has all of these offerings and the idea
2101.68 -> is that you need to choose the one that
2103.28 -> meets your use case a lot of times this
2105.599 -> all has to come around the utilization
2107.44 -> of space that's what we're trying to
2108.8 -> illustrate here in this section here and
2110.8 -> the trade-offs of why you might want to
2112.48 -> use some of these offerings okay
2114.72 -> for dedicated we're talking about a a
2117.599 -> physically a physical server wholly
2119.68 -> utilized by a single customer that's
2121.119 -> considered single tenant
2123.68 -> and uh for google cloud we're talking
2125.599 -> about
2127.28 -> single node clusters and bare metal
2129.76 -> machines where you have control of the
2131.68 -> virtualization so you can sell any kind
2133.44 -> of hypervisor or virtualization you want
2135.28 -> the system the trade-off here though is
2137.359 -> that you have to guess up front what
2139.119 -> your capacity is going to be and you're
2141.28 -> never going to 100 utilize that machine
2143.2 -> because it's going to have to be a bit
2144.32 -> under in case the utilization goes up
2146.4 -> that's you choosing the cpus and the
2148.079 -> memories you're going to end up
2149.359 -> overpaying because you're uh you'll have
2151.44 -> under underutilized server uh it's not
2154 -> going to be easy to vertically scale
2155.359 -> it's not like you can just say resize it
2157.04 -> because the machine you have is what you
2158.72 -> have right you can't add more i mean i
2161.28 -> suppose they can insert more memory for
2163.359 -> you but that's a manual migration so
2165.92 -> it's very difficult um and replacing the
2168.72 -> server is also very difficult okay so
2171.2 -> you're limited by the host operating
2172.96 -> system it's not virtualized so whatever
2175.28 -> is on there is on there
2177.119 -> and that's what your apps are going to
2178.24 -> have access to
2179.52 -> if you decide to run more than one app
2181.359 -> which is not a good practice for these
2182.88 -> kind of machines you're going to end up
2185.28 -> with resource sharing where one machine
2187.119 -> might utilize more than the others
2188.96 -> technically with a dedicated machine you
2190.56 -> have a guarantee of security privacy and
2192.32 -> full utility of the underlying resources
2194.16 -> i put an asterisk there because yes it's
2196.56 -> more secure but
2198.72 -> but it's up to you to make sure that
2200.48 -> it's more secure so you have that's up
2202.24 -> to your skills of security right whereas
2204.8 -> if you had a virtual machine or anything
2206.64 -> above that there's more responsibility
2208.72 -> on the cloud service provider to just
2210.96 -> provide a circuit secure machine and
2212.8 -> they can do a better job than you so why
2214.8 -> would you use a dedicated machine well
2216.72 -> maybe you're doing high performance
2218 -> computing where you need these machines
2220.16 -> like very close together and you have to
2222.32 -> choose what kind of virtualization you
2223.92 -> need to have okay
2226.24 -> so then we're looking at virtual
2227.359 -> machines the idea here is you can run a
2229.28 -> machine within a machine the way that
2231.28 -> works is we have a hypervisor this is a
2233.839 -> software layer that lets you run the
2235.119 -> virtual machines uh the idea here is now
2237.52 -> it's a multi-tenant you can share the
2238.96 -> cost with multiple customers you're
2240.88 -> paying for a fraction of the server uh
2242.96 -> you'll still end up overpaying for the
2244.24 -> unrealized virtual machine because a
2245.76 -> virtual machine is just like you have to
2247.52 -> still say how many vcpus how much memory
2251.119 -> and your app is you know you don't want
2253.119 -> an app that uses 100 right you want to
2255.04 -> use exactly the amount you need but you
2256.48 -> can see here you know there's still
2258.079 -> going to be some underutilization
2260.32 -> uh you're limited by the guest operating
2262.4 -> system now but now it's virtualized so
2264.56 -> at least it's very easy to uh
2266.88 -> possibly migrate away if you choose to
2269.28 -> run more than one app on a virtual
2271.44 -> machine it can still run into resource
2274 -> sharing conflicts
2275.44 -> it's easier to export or import images
2277.52 -> for migration it's easier to vertically
2279.92 -> or horizontally scale okay and virtual
2282.48 -> machines are the most common and popular
2284.8 -> offering for compute because people are
2286.24 -> just very comfortable with those then
2288.24 -> you have containers and the idea is you
2289.92 -> have a virtual machine running
2291.76 -> these things called containers the way
2293.52 -> they do that is similar to a hypervisor
2295.359 -> but instead you have um like here is a
2297.92 -> docker demon so it's just a um
2300.56 -> a container uh software layer okay to
2303.04 -> run those containers there's different
2304.079 -> kinds docker is the most popular
2306.079 -> and the great thing is you can maximize
2307.68 -> the uh the capacity because you can
2311.04 -> easily add new containers resize those
2313.359 -> containers use up the rest of the space
2315.119 -> it's a lot more flexible okay
2317.76 -> your containers will share the same
2319.839 -> underlying os but they are more
2322 -> efficient than multiple vms
2324.24 -> multiple apps can run side by side
2325.68 -> without being limited by the same os
2327.839 -> requirements and not cause conflicts
2329.599 -> during resource sharing so containers
2331.76 -> are really good but you know the
2333.04 -> trade-off is there a lot more work to
2334.64 -> maintain
2335.599 -> then you have functions
2337.52 -> functions go even step further and the
2340.24 -> idea is that you uh the the containers
2343.359 -> where we where we talked about that's a
2345.04 -> lot of work to maintain now the cloud
2347.2 -> service provider is taking care of those
2349.599 -> containers generally sometimes not it
2351.52 -> depends if it's serviced or not but the
2353.599 -> idea is that you don't even think about
2355.76 -> this is called service compute but you
2357.119 -> don't even think about
2358.56 -> uh the os or anything you just know that
2360.56 -> what your runtime is you run ruby or
2362.8 -> python or node and you just upload your
2365.2 -> code and you just say uh i want this to
2367.68 -> be able to run
2369.44 -> for this long
2370.96 -> and use this amount of memory okay
2373.04 -> you're only responsible for your code
2374.48 -> and data nothing else it's very cost
2376.24 -> effective you only pay for the time the
2378 -> code is running
2379.52 -> and vms only run when there is code to
2381.44 -> be executed but because of that there is
2383.68 -> this concept of cold starts and this is
2385.92 -> uh where the virtual machine has to spin
2388.48 -> up and so sometimes requests can be a
2390.56 -> bit slow so there's a bit of trade-off
2391.92 -> there but functions or serverless
2393.599 -> compute is generally one of the best
2395.119 -> offerings as of today but most people
2397.76 -> are still getting kind of comfortable
2398.88 -> with that paradigm okay
2400.26 -> [Music]
2404.4 -> hey this is andrew brown from exam pro
2406.16 -> and we are taking a look at the types of
2407.92 -> cloud computing and the best way to
2409.52 -> represent this is a stacked pyramid and
2412.079 -> we'll start our way at the top with sas
2414.48 -> also known as software as a service so
2416.8 -> this is a product that is run and
2418.72 -> managed by the cloud service provider
2420.88 -> you don't have to worry about how the
2422.4 -> service is maintained it just works and
2424 -> remains available so examples of this
2426.24 -> and actually uh the first company to
2428.319 -> coin this was actually salesforce uh
2430.64 -> then there's things like gmail office
2432.88 -> 365 so i think microsoft word excel
2435.52 -> things like that and they run the cloud
2437.359 -> okay and sas is generally designed for
2440.48 -> customers in mind
2442.319 -> then came along platform as a service
2444.64 -> also known as pass and these focus on
2447.28 -> the development or sorry the deployment
2449.2 -> and management of your apps so you don't
2451.599 -> worry about provisioning configuring or
2453.44 -> understanding the hardware or operating
2455.839 -> system
2456.88 -> and so here we'd have things like
2458.319 -> elastic beanstalk heroku which is very
2461.28 -> popular among developers that just want
2463.359 -> to launch their code or google app
2465.839 -> engine and that is the old logo but
2467.52 -> that's the logo i like to use because i
2469.2 -> think it looks cool and so these are
2471.359 -> intended for developers the idea is that
2473.2 -> you just deploy your code
2475.44 -> and the platform does the rest
2477.839 -> then there is infrastructure as a
2479.839 -> service
2481.119 -> there's no way to say that like it's
2482.88 -> easy to say sas or pass but there's no
2484.8 -> easy way to say iaas
2487.04 -> so this is the basic building blocks for
2488.96 -> cloud it it provides access to
2490.8 -> networking features computers and data
2492.72 -> storage space and the idea here is you
2494.8 -> don't worry about the it staff data
2496.96 -> centers and hardware and so that would
2499.119 -> be like microsoft azure aws
2502 -> oracle cloud things like that and these
2504.4 -> are for administrators okay so there you
2506.88 -> go
2508.12 -> [Music]
2512.56 -> hey this is andrew brown from exam pro
2514.4 -> and we are taking a look at cloud
2515.839 -> computing deployment models starting
2517.68 -> with public cloud and the idea here is
2520.079 -> that everything when i say everything
2521.44 -> i'm talking about the workloads the
2523.04 -> projects the code is built on the cloud
2525.599 -> service provider so here is a diagram
2528.319 -> where we have a ec2 instance a virtual
2531.04 -> machine running our application and then
2533.2 -> we have our database in rds and we have
2536.319 -> the internet coming into our aws account
2538.56 -> and so everything is contained all of
2540.319 -> our infrastructure is within aws all
2543.28 -> right
2544.319 -> and so this is known as being cloud
2546.4 -> native or cloud first and i put an
2548.88 -> asterisk beside cloud native because
2550.4 -> that was a term uh that was uh used
2553.28 -> prior to classroom providers to refer to
2555.359 -> containers or open source um
2558.8 -> models being deployed and being mobile
2561.119 -> other places so just understand that it
2562.56 -> has two meanings but in the context of
2564.72 -> this cloud native just being like native
2566.48 -> to the cloud like using cloud to begin
2568.48 -> with okay
2569.599 -> then we have private cloud so everything
2571.52 -> built on a company's data center uh and
2574.56 -> being built on a data center is known as
2576.48 -> being on premise because that is where
2578.4 -> the data center resides near where you
2580.56 -> work
2581.359 -> and so here you could be using cloud but
2583.68 -> you'd be using openstack which would be
2585.359 -> a private cloud so here we have our
2587.599 -> on-premise data center and the
2589.92 -> internet's coming into our data center
2591.68 -> and we're running on openstack where we
2593.119 -> can launch virtual machines and a
2594.8 -> database okay
2597.28 -> then there's the concept of a hybrid
2599.2 -> cloud so using both on-premise and a
2601.76 -> cloud service provider together and so
2604.16 -> the idea here is we have our on-premise
2606 -> data center and then we have an
2608.24 -> established connection maybe it's a vpn
2610.56 -> connection maybe it is a direct
2612.56 -> connection um but the idea is that we're
2614.88 -> bridging that connection and utilizing
2617.28 -> both our private and our public uh stuff
2620.8 -> to uh create a cloud workload then there
2624.079 -> is a fourth one called crosscloud
2626.8 -> sometimes it's known as multi-cloud
2629.2 -> and sometimes it's erroneously referred
2631.04 -> to as hybrid cloud but it generally is
2633.28 -> not uh hybrid cloud okay the idea here
2636.24 -> is when you're using multiple cloud
2637.76 -> providers and so one example here could
2640.4 -> be using services like azure arc so
2643.28 -> azure arc allows you to extend your
2645.68 -> control plane uh so that you can deploy
2648.319 -> containers for kubernetes in
2651.2 -> azure
2652.24 -> within amazon eks within gcp kubernetes
2656.16 -> engine but you know being cross cloud
2658.4 -> doesn't necessarily mean that you're
2660 -> running a
2661.44 -> using a service that used works across
2663.44 -> the cloud and manages it it could just
2664.88 -> mean using multiple providers at the
2666.4 -> same time
2667.599 -> another service that is similar to azure
2669.2 -> arc but is for a google cloud
2671.76 -> platform is also known as anthos
2674.4 -> aws has traditionally not been um
2677.359 -> cross-cloud friendly and so we haven't
2679.92 -> seen any kind of developments there
2681.599 -> where we see uh these other services
2683.599 -> that are or cloud service providers
2685.28 -> behind aws trying to promote it to
2688 -> grab more of the market share okay
2691.48 -> [Music]
2695.599 -> so let's talk about the different
2696.88 -> deployment models and what kind of
2698.24 -> companies or organizations are still
2700.16 -> utilizing uh for these particular
2702.16 -> categories so for cloud again this is
2704.16 -> where we're formally utilizing cloud
2705.68 -> computing hybrid is a combination of
2708.079 -> public cloud and on-prem or private
2710.24 -> cloud and then on-prem is deploying
2712.24 -> resources on-premise using
2713.599 -> virtualization resource management tools
2715.52 -> sometimes called private cloud or it
2717.04 -> could be utilizing something like
2718.4 -> openstack so for companies that are
2720.96 -> starting out today or are small enough
2722.88 -> to make the leap from a virtual private
2724.4 -> server to a cloud service provider this
2726.64 -> is where we're looking at cloud so we're
2728 -> looking at startups sas offerings new
2730.319 -> projects and companies so maybe this
2732.4 -> would be like base camp dropbox
2734 -> squarespace then for hybrid these are
2736.24 -> organizations that started with their
2737.599 -> own data center but can't fully move to
2739.359 -> cloud due to the effort or migration or
2741.599 -> security compliance so we're talking
2743.28 -> about banks fintech investment
2744.96 -> management large professional service
2746.72 -> providers legacy on-prem so maybe cibc
2749.2 -> which is a bank deloitte
2751.44 -> the ccp or cpp investment board
2755.28 -> and then for on-premise these are
2756.72 -> organizations that cannot run on cloud
2758.72 -> due to strict regulatory compliance or
2760.64 -> the share size of the organization or
2762.8 -> they just have like an outdated idea of
2765.119 -> what cloud is so they just have a lot of
2767.52 -> difficulties in terms of politics
2769.04 -> adopting cloud
2770.72 -> so this would be public sector like
2772.079 -> government super sensitive data like
2773.92 -> hospitals large enterprise with heavy
2776.319 -> regulation insurance companies um so
2778.8 -> again hospitals maybe aig the government
2781.04 -> of canada
2782.16 -> and so i shouldn't say that they aren't
2784.16 -> using cloud but um
2786.56 -> you know because uh aws and all the
2789.119 -> cloud providers have um uh public sector
2792.72 -> offerings so
2794.079 -> um you know i'm just trying to stage as
2796.079 -> an example of things that could be still
2797.839 -> using on-premise so you know i know the
2800.4 -> government canada definitely uses uh
2802.319 -> cloud in a lot of ways same with aig and
2805.2 -> hospitals but you know generally these
2806.8 -> are the last holdouts of on-prem because
2808.96 -> there really isn't a a good reason to be
2811.52 -> fully on premise anymore
2813.52 -> but again there are some things that are
2815.119 -> still doing that okay
2816.71 -> [Music]
2820.96 -> hey this is andrew brown from exam pro
2822.96 -> and we are at the start of our journey
2824.079 -> creating ourselves an aws account so
2826.079 -> what you need to do is go to
2827.359 -> aws.amazon.com
2829.2 -> if you don't have a lot of confidence
2830.48 -> how to get there just type in adabus
2832.48 -> into google and then click here on the
2834.64 -> link where it says adabusamazon.com
2836.64 -> it'll take you to the same place now
2838.72 -> notice we have a big orange button in
2840.4 -> the top right corner so it says sign
2842.64 -> into the adwords console
2844.64 -> it's the if it's the first time you've
2846.4 -> ever been to this website so if i go to
2848.4 -> adabus.amazon.com
2849.92 -> incognito it will have the create
2852.319 -> enables account button
2854.319 -> i don't know why they don't keep this
2855.599 -> consistent across the board but i wish
2857.76 -> they did but if you are on the screen
2859.2 -> you can click here or there um but if
2861.68 -> you do see something that doesn't say uh
2864 -> you know create an account or or et
2865.839 -> cetera you can just sign in
2868.24 -> okay and then down below you can hit
2870.4 -> create a new aws account so that's the
2872.96 -> way you're going to get in there and so
2874.319 -> you're going to put an email a password
2876.559 -> and create a database account name
2878.64 -> i've created this so many times and it's
2880.72 -> so hard to set up new emails i'm not
2882.319 -> going to do this again it's not
2883.599 -> complicated but one thing i need to tell
2885.44 -> you is that you do need to have a credit
2887.2 -> card you cannot create an account
2888.559 -> without a credit card um and for those
2891.04 -> who are in places where maybe you don't
2893.599 -> have a traditional credit card maybe you
2895.2 -> can get a prepaid one so up here in
2896.8 -> canada we have a company called coho and
2899.44 -> so coho is
2901.92 -> a visa debit card and so it's basically
2904 -> a virtual prepaid credit card and so
2906.4 -> these do work on the platform as well so
2908 -> if you have a traditional credit card or
2910.079 -> possibly could find one of these you
2912 -> still have to load up with money but it
2913.28 -> does give you a bit more flexibility to
2914.8 -> create that account so
2916.24 -> what i want you to do is go through that
2917.76 -> process yourself it's not complicated
2920 -> and i'll see you on the other end okay
2922.72 -> [Music]
2926.8 -> so once you've finished creating your
2928 -> account you should be within the adwords
2929.92 -> management console and this is the page
2931.76 -> you're always going to see when you log
2933.92 -> in it's always going to show the most
2935.52 -> recent services here
2937.68 -> and you'll notice in the top right
2938.8 -> corner that i have my account called
2940.96 -> exam pro if you're wondering how do you
2943.04 -> change that name what you do is to go to
2945.44 -> my accounts here and once there you'll
2947.76 -> have your account settings up here if
2949.599 -> you go to edit
2951.2 -> you can change that name here okay so
2954.559 -> you know sometimes when you create your
2956.079 -> account you don't like the account name
2957.68 -> that you gave it and so that's your
2958.88 -> opportunity to fix it
2960.96 -> but once we're in our account what i
2962.72 -> want you to do is immediately log out
2964.24 -> because i want you to get familiar with
2966 -> the way you log into aws because it is a
2969.119 -> bit um different than other providers
2972 -> and so i don't want you to
2973.92 -> get hung up later on with your account
2975.76 -> so i've logged out i'm going to go ahead
2977.76 -> and log back in so you can click the
2979.599 -> orange button or what i like to do is
2981.119 -> drop down my account
2983.119 -> and go to aws management console
2985.359 -> it's a lot more clear and you'll notice
2987.119 -> we're going to have two options root
2988.64 -> user and iam user so
2991.839 -> this is what i'm talking about for the
2992.96 -> confusion so when you log into your root
2995.76 -> user account you all are always using an
2998.48 -> email and when you're logging as an
3000.319 -> imuser you're actually going to be
3001.68 -> entering the account id or account alias
3004.16 -> but what we'll do is go to the root user
3005.92 -> and this is the email you use to sign up
3007.839 -> with the account so for me
3010.079 -> i
3010.96 -> called this one andrew plus sandbox at
3013.68 -> exam pro dot co i'm gonna go to next
3016.48 -> sometimes you get this character box
3018.24 -> it's very annoying but it happens time
3020.079 -> to time and so what i'm gonna do is just
3022.559 -> go ahead and type that in
3024.839 -> okay and hopefully it likes it and then
3028 -> i'm just going to enter in my password
3031.119 -> all right
3032.079 -> and i'll be back into my account and so
3033.839 -> notice it takes me back to about
3035.28 -> management console so the root account
3037.28 -> is not something we want to be generally
3039.04 -> using except for
3041.2 -> very particular use cases and we do
3043.92 -> cover that in the course but what i want
3046.079 -> you to do is go set yourself up with a
3048.16 -> proper account and so
3050.16 -> what we'll do is go to the top here and
3052.24 -> type in iam and this stands for identity
3054.8 -> and access management and we'll click on
3056.72 -> iem here
3058.88 -> and on the left hand side we're going to
3060.24 -> see a bunch of options here
3062.72 -> and so notice right away we get to the i
3064.72 -> am dashboard where it's going to start
3066.48 -> to make some recommendations for us the
3068.64 -> first one is always to add mfa
3070.72 -> multi-factor authentication
3072.96 -> another thing you can do is set an
3074.24 -> account alias so you can see that i've
3075.76 -> set one here prior so if i just go ahead
3077.68 -> and remove it the way we'd have to log
3080 -> in is via the account alias
3082.559 -> which is the same as the account id and
3084.4 -> so i don't really like that so i can
3085.839 -> just rename it to deep space nine
3088.4 -> and these are unique so you have to pick
3090.8 -> something that is unique to you so it
3092.559 -> could be your company name or things
3093.839 -> like that it's gonna make it a lot
3095.359 -> easier to log in
3097.04 -> when we create our additional user here
3098.64 -> so we'll come back to mfa at some point
3100.48 -> here what i want you to do is go over to
3102.319 -> users and go ahead and make yourself a
3104.559 -> new user
3106.079 -> and so i'm going to call this one andrew
3107.76 -> brown
3109.2 -> and i'm going to enable programmatic
3110.96 -> access i'm going to enable aws
3113.28 -> management console so this one's going
3114.72 -> to allow me to use the apis to
3116.319 -> programmatically work with aws and this
3118.4 -> one here is going to allow me to just
3120.319 -> log into the console which is pretty
3122.64 -> fair here so now that i have this we can
3125.359 -> auto generate it or give it a custom
3126.72 -> password i'm just going to auto generate
3128.079 -> it for the time being and here it says
3129.839 -> you must create a new password at the
3131.44 -> next sign in which sounds fair to me
3133.68 -> and we go ahead and create ourselves a
3135.44 -> new group so it's pretty common to
3137.599 -> create a group called admin and notice
3139.92 -> here this is where we're going to have a
3141.76 -> bunch of different policies so the first
3143.28 -> one here which is admin and access
3145.119 -> provides full access to able services
3147.28 -> and resources and this pretty much gives
3148.96 -> you
3149.68 -> almost nearly almost the same
3152 -> capabilities as the um aws root user
3155.92 -> account
3156.96 -> and so that's going to be okay because
3158.64 -> we are an admin in our account so i'll
3160.72 -> check box that on but i just want to
3162.079 -> show you here if you drop down filter
3163.599 -> policies and you went to invest manage
3166.079 -> job functions these are a bunch of
3168.319 -> pre-made
3169.839 -> aws
3171.04 -> policies that you could apply
3173.2 -> to different users so what's really
3175.76 -> popular after the administrator access
3177.68 -> is to usually give the power user access
3179.68 -> and so this one allows
3181.92 -> a user to do basically anything they
3184.16 -> want with the exception of management of
3185.76 -> users and groups so you know it could be
3188.559 -> that that's something that you'd want to
3190 -> do for some of your users i just don't
3191.68 -> want to have any trouble so i'm going to
3192.88 -> give us
3193.92 -> admin access here and we're going to go
3195.92 -> ahead and create this group
3198.72 -> and so here is the group that we are
3200.72 -> creating we're going to go next we can
3202.48 -> apply our tags if we want i'm not going
3204.079 -> to bother we hit next review and then
3206.079 -> hit create user
3208.559 -> all right and so now what it's doing is
3210.079 -> it's showing us the access id and the
3212 -> access key secret that we can use to
3214.559 -> pragmatically access aws and then
3216.4 -> there's a password here so i'm going to
3217.68 -> go ahead and show it and what i'm going
3219.52 -> to do is just copy this into a clipboard
3222 -> anywhere
3228.96 -> and so i'm just copying that off screen
3231.119 -> here because i'm going to need it to log
3232.8 -> in and i'm just going to remember my
3234.079 -> username as well alright and so what
3236.8 -> we'll do is go ahead and hit close
3240.48 -> so what i'll do is go back to my
3242 -> dashboard here and remember i set my
3244.079 -> account alias as deep space 9 but we
3245.839 -> could also use the account id to log in
3248.16 -> i'm just going to grab my account id off
3249.92 -> screen here and what i want to do now is
3252.72 -> go ahead and log out and now log into
3255.28 -> this im user and this is the one that
3257.52 -> you should always be using within your
3259.76 -> aws account you shouldn't be using your
3261.28 -> root user account so what i'll do is go
3263.76 -> over to i am user here and notice now
3265.92 -> that it says account id so 12 digits or
3268.48 -> the account alias so here i can enter in
3271.68 -> these numbers here or i can enter in my
3274.4 -> alias which is deep space 9 and again
3277.359 -> you'll have to come up with your own
3278.88 -> creative uh one there for yourself and
3281.2 -> we'll go ahead and hit next and so
3283.599 -> notice what it's going to do is now ask
3284.88 -> me what my imuser name is so i defined
3287.28 -> mine as andrew brown
3288.96 -> and then we had an auto-generated
3291.2 -> password there so that we had saw and so
3293.52 -> i'm going to place that in there we'll
3295.04 -> go ahead and hit sign in
3297.119 -> and so now right away it's going to ask
3298.799 -> me to reset the password so i'm going to
3300.48 -> put the old password in there and so now
3302.4 -> i need a new password i strongly
3304 -> recommend that you generate out
3306.96 -> your passwords to be very strong i like
3308.88 -> to go to password generator and i'll
3310.72 -> drop this down and i'll do something
3312.319 -> really long like 48 characters and
3315.44 -> if you don't like uh weird characters
3317.359 -> you can take those out there sometimes
3319.04 -> it loads here so you gotta try it twice
3321.599 -> um and we're gonna go down to whoops 48
3325.359 -> there we go and so that's pretty darn
3326.799 -> long so i'm going to copy that off
3328.24 -> screen here so i do not forget
3331.599 -> and you probably would want to put this
3332.88 -> in a password manager something like
3334.64 -> dashlane or some sort of thing like that
3338.88 -> and we'll go ahead and we will paste
3340.799 -> that in and we'll see whoops i don't
3343.359 -> want google to save it
3345.599 -> and we'll see if it takes it and so
3347.44 -> there we go so what i'll do is now log
3350.559 -> out
3351.76 -> and i'll make sure my new password works
3354.16 -> because you really don't want to have
3355.04 -> problems later so we'll type in deep
3356.559 -> space nine
3358 -> andrew brown again this is going to be
3360.24 -> based on what your
3362.72 -> what you have set
3364.079 -> and we'll go ahead and log in and there
3365.839 -> i am and so now notice that it doesn't
3368.079 -> say
3369.2 -> example or whatever it says andrew brown
3371.119 -> at deep space nine so it's using the
3372.88 -> account alias and showing the name and
3374.64 -> that's how i'm going to know whether i'm
3375.76 -> the root account user or whether i'm
3378.24 -> logged in as an iam user all right
3381.44 -> so there we go
3382.81 -> [Music]
3387.28 -> okay so now that we have the proper user
3390.16 -> account to log in i just want to point
3392.319 -> out
3393.2 -> about regions so in the top right corner
3395.359 -> you'll notice it says north virginia
3396.96 -> here it possibly will say something
3399.28 -> completely else for you but what you'll
3401.599 -> do is you'll click and drop that down
3403.68 -> and you'll see a big list of regions and
3405.76 -> so sometimes when i log into aws it
3408.079 -> likes to default me to u east uh us east
3411.359 -> ohio but i honestly like to launch all
3413.28 -> my stuff in u.s east north virginia even
3416 -> though i'm in canada i probably should
3417.28 -> be using the canada central region down
3419.119 -> here
3420.24 -> but the default region is going to be
3422 -> based on your locality okay so just
3424.64 -> understand that it might be different i
3427.119 -> strongly recommend for
3428.88 -> all of our follow alongs you run in u.s
3431.119 -> east one because usc swan is the
3433.119 -> original
3434.96 -> the original region and it also has the
3438.079 -> most access to aws services and some aws
3441.04 -> services um such as like billing and
3444.24 -> cost and things like that are only going
3445.92 -> to show up in u.s east north virginia so
3449.119 -> just to make our lives a lot easier
3450.96 -> we're going to set it there but i want
3452.559 -> you to understand that some services are
3454.48 -> global services meaning that it doesn't
3456.559 -> matter what region you're in it's going
3457.92 -> to default to global and one example
3459.76 -> could be cloudfront so if i jump over to
3461.92 -> cloudfront here for a moment
3464.799 -> and we do seem to have uh some
3467.28 -> cloudfront distributions here from a
3469.119 -> prior
3470 -> follow along but notice up here that it
3472.079 -> now says global so cleft front does not
3474.24 -> require a region selection let's make
3476.48 -> our way over to s3
3480.16 -> all right and this one's also global so
3483.359 -> again this one does not require a region
3485.44 -> selection but if you go over to
3487.119 -> something like ec2
3490.799 -> okay this has a region dependency so
3493.92 -> just be really careful about that
3495.359 -> because a lot of times you'll be doing a
3497.119 -> follow along and you'll be like why
3499.359 -> aren't these resources here or whatever
3500.799 -> and it's because this got switched on
3502.319 -> you and it can happen at any time so
3503.68 -> just be
3504.799 -> cautious or aware of that okay
3506.74 -> [Music]
3510.88 -> so one of the major advantages of using
3512.88 -> aws or any cloud service provider is
3515.2 -> that it utilizes metered billing so that
3518.16 -> is different from a fixed cost where
3519.599 -> you'd say okay i want a server for x
3521.76 -> amount of dollars every month but the
3523.52 -> way nms works is that it's going to bill
3525.599 -> you on the hour on the second based on a
3528.24 -> bunch of factors and so you're going to
3530.4 -> be able to get services at a lower cost
3532.64 -> however if you choose an expensive
3535.28 -> service and you forget about it or if
3538.079 -> there's misconfiguration where you
3539.68 -> thought you were launching something
3541.119 -> that was cost effective but turned out
3543.119 -> to be very expensive you could end up
3544.96 -> with a very large bill very very quickly
3547.359 -> and so
3548.48 -> that is a major concern for a lot of
3550.16 -> people utilizing cloud but there's a lot
3552.64 -> of great toolings built into aws to
3555.2 -> allow you to catch yourself if you
3557.599 -> happen to make that mistake and before
3559.92 -> we go ahead and learn how to do that i
3562.4 -> want to show you
3563.92 -> some place where you could end up having
3566.16 -> excessive spend without knowing it so
3568.559 -> one example and this is actually
3570.319 -> happened to me when i first started
3571.839 -> using aws
3573.28 -> before i even knew about all the billing
3575.2 -> tools is i wanted to launch a redis
3577.76 -> instance and so you just have to watch
3580.24 -> you don't have to do this but
3582.16 -> elasticash is a service that allows you
3583.92 -> to launch either a memcache or redis uh
3586.799 -> database and i just wanted to store a
3588.96 -> single value and so i went here and i
3592.4 -> scrolled down it looked all good and i
3594.079 -> hit create but i wasn't paying attention
3596.24 -> because apparently it was like the
3597.92 -> default the node type here to the cache
3601.559 -> r6g.large all right and
3604.88 -> you know you might think that a bus has
3606.4 -> your best interest in play and most
3608 -> services are pretty good they make sure
3610 -> that they're either free or very low
3611.839 -> spend but some of these and elastic is
3613.92 -> an older service where they just have
3616 -> these weird defaults so
3618.24 -> um you know if we were to go look up
3620.079 -> this the rg6
3623.28 -> large
3624.96 -> all right and look at its spend
3630 -> all right and we would go over here
3632.16 -> whoops
3633.04 -> i think i went to the china one
3634.96 -> but if we were to go over here and look
3637.04 -> for that instance i'm just trying to
3638.48 -> find it here for cost
3640.4 -> this one down below
3643.76 -> um this doesn't say pricing does it say
3646.88 -> our pricing here
3649.599 -> here it is so this one cost
3651.68 -> um
3653.839 -> this one costs about two cents per hour
3655.92 -> it doesn't sound like a lot but if we go
3657.76 -> here and we do the math we say 7 30 7 30
3660.96 -> is the amount of hours in a month that
3662.88 -> is 150
3664.4 -> okay so if you don't know about that and
3666.319 -> forget about that that's gonna be 150
3668.48 -> and i'm going to tell you that it used
3670.16 -> to be a lot higher i'm pretty sure they
3672.079 -> used to have it defaulted to something
3673.359 -> like
3674.24 -> like this or that because i remember i
3676.48 -> did this
3677.52 -> and i had a bill that came in that was
3679.2 -> like 3 000 usd dollars and i'm in canada
3682.319 -> so like 3 000 usd is like a million
3684.72 -> dollars up here and so i remember um it
3688 -> was a big concern and i freaked out but
3690.319 -> that was okay because all i had to do
3691.92 -> was go to support
3693.599 -> and what i had done is i went to the
3695.52 -> support center
3700 -> and i had opened a support case and i
3703.44 -> just said hey i have this really big
3705.44 -> bill so you go here right
3707.68 -> and you look for billing
3709.68 -> and
3710.72 -> you look for something like charging
3712.24 -> query or misspend and you say you know
3716.64 -> um
3718.16 -> you know like help
3719.76 -> my bill's too high
3722.64 -> and you just say like you explain the
3724.079 -> problem saying hey you know i was using
3726 -> elastic cash and it was set to a large
3728.16 -> default and i wasn't aware about it can
3730 -> you please give me back the money and
3731.76 -> the great thing is that aws is going to
3733.599 -> give you a free pass if it's your first
3735.359 -> time where you've had a misspending they
3737.839 -> generally will say
3739.2 -> okay you know don't do it again and if
3742.079 -> it happens again you will get billed but
3743.52 -> go ahead and learn how to set up billing
3745.119 -> alerts or things like that okay so just
3747.44 -> so you know don't freak out if you do
3749.119 -> have a really high bill you're going to
3750.88 -> get a single free pass but now that we
3752.72 -> know that let's go learn how to set up a
3755.92 -> budget okay
3757.04 -> [Music]
3761.839 -> all right so now that we've had a bit of
3763.52 -> a story about
3765.52 -> over span for misconfiguration let's
3768 -> learn how to protect ourselves against
3769.76 -> it and we're going to go ahead and set
3772.48 -> up a budget so go to the top here and
3774.559 -> type in budget
3776.24 -> and what that will do is bring us over
3777.76 -> to the billing dashboard another way to
3779.839 -> get here is to go click at the top here
3781.68 -> and go to my billing dashboard and then
3783.68 -> you'll see the left-hand menu here
3786.079 -> and so the great thing about budgets is
3788 -> that the first two are free it says
3790.079 -> there is no additional charge for any of
3791.44 -> his budgets you pay for configured use
3793.2 -> usage but i'm pretty sure that that's
3795.119 -> not true
3797.119 -> because it used to be
3799.52 -> abs budget reports okay so that costs
3801.52 -> something
3803.68 -> it used to be that aws budgets um after
3806.079 -> subscription enabled will occur 10 cents
3808.48 -> daily so in addition to budget monitor
3810.16 -> you can add actions to your budgets
3812.799 -> the first two action-enabled budgets are
3815.039 -> free okay so just be aware that just
3817.52 -> because it says there's no additional
3819.119 -> charge read into it because sometimes
3821.52 -> the fine line will tell you it does cost
3823.52 -> something but i know that the first two
3825.039 -> are free what we'll do is go ahead and
3826.88 -> create a budget i'm going to close these
3828.559 -> other tabs here since we have no need
3830.24 -> for them and we're going to be presented
3831.68 -> with a bunch of budget types
3833.28 -> we're concerned about cost today so
3834.72 -> we're going to go with a cost budget
3837.28 -> and notice we can change the period from
3838.799 -> monthly to daily to quarterly to
3840.319 -> annually if you change it to daily um
3842.88 -> you won't get forecasting so i don't
3844.72 -> want that today but a monthly is pretty
3846.799 -> good you can have a reoccurring which is
3848.64 -> strongly recommended and then you can
3850.16 -> put a fixed cost notice that i already
3852.24 -> have some spend on this account so it
3854.24 -> was like 25 bucks last month i'm going
3856.4 -> to set it my budget here to a hundred
3858.88 -> dollars
3860.72 -> and you can add filters here to um
3864 -> filter that cost out so if you want to
3865.359 -> say only for this region or things like
3867.2 -> that you could do that
3868.72 -> uh notice that this is my spend over
3870.64 -> here um so this is my budget and that's
3872.799 -> the actual cost notice my cost has been
3874.48 -> going up the last few months because
3875.68 -> i've been doing things with this account
3877.76 -> and so i'll do is say simple budget here
3881.44 -> we'll hit next
3884.16 -> and so now it's asking us if we want to
3886 -> configure alerts we probably do so you'd
3888.24 -> hit add alert and then you'd set a
3890.16 -> threshold like 80 percent
3892.16 -> or you could say an absolute value
3894.48 -> and then you put in your emails like
3895.76 -> andrew exam pro dot co
3898.64 -> and i want to point out that this is
3900.079 -> using um
3902 -> it was sns
3904.4 -> or it should be anyway so amazon sns has
3906.319 -> no upfront cost based on your stuff here
3908.559 -> so even though you're filling out an
3909.92 -> email
3910.799 -> you know
3911.68 -> and maybe it doesn't show it but i'm
3913.28 -> pretty sure that this would create an
3914.48 -> sns
3916.16 -> topic but what we'll do is hit next here
3918.96 -> we have an alert so we're just
3921.28 -> reviewing actually this is for attaching
3922.88 -> any action so maybe we want some kind of
3925.28 -> follow-up thing to happen here so we say
3927.039 -> add action
3928.72 -> and
3929.76 -> uh
3930.88 -> requires specific i am permissions on
3932.48 -> your behalf
3934.72 -> okay sure
3936.48 -> so i guess you could follow up actions
3938.4 -> that's no different than
3939.92 -> um on a building alarm but we're not
3942.24 -> really worried about that right now
3944.48 -> i'm not going to bother with an action
3947.2 -> we'll go ahead and create a
3948.839 -> budget and so here it's going to say
3951.039 -> that our budget is 100 it's going to
3952.96 -> show us the amount used forecast amount
3954.64 -> current budget sometimes this takes time
3956.799 -> to show up so i'm going to hit refresh
3959.039 -> and see if it shows up yet
3962.24 -> there we go so notice we have forecast
3964.079 -> amount 23 current budget etc forecasted
3967.119 -> budget
3968.079 -> uh forecasted versus budget so it's
3970.319 -> pretty straightforward on how that works
3972.96 -> i'm just curious if it actually created
3974.319 -> an sns event so i'm going to go over
3976.319 -> here
3977.76 -> because a lot of services utilize sns so
3980.319 -> if i go over here
3981.92 -> default cloud watch alarm um
3984.72 -> so i think this is something i had
3986.16 -> created before so i'm gonna go ahead and
3988.079 -> just delete it
3989.28 -> so default cloudwatch alarms
3991.52 -> actually i'm going to just click into
3992.96 -> here and see what i have
3995.599 -> confirmed
3997.599 -> so i think it might have used this when
3999.44 -> we created it but um the reason i'm
4001.359 -> bringing up sns is that there's a lot of
4003.44 -> services that allow you to
4005.839 -> email yourself for alerts and it always
4007.44 -> integrates with this service and so i
4008.88 -> just want kind of want to point that out
4010.079 -> so that you remember what sns is for
4012.799 -> but yeah so setting up a budget is not
4014.4 -> too hard so there you go
4019.27 -> [Music]
4020.88 -> all right so now that we've set a budget
4022.799 -> what i want to talk to you about is the
4024.64 -> free tier and the free tier is something
4026.559 -> that is available to you uh for the
4028.319 -> first 12 months of a new abs account and
4030.24 -> allows you to utilize the services
4032.559 -> without incurring any cost to you and so
4035.52 -> it's in your advantage to utilize this
4037.28 -> free tier
4038.4 -> as you are experimenting and learning
4040.079 -> cloud so if you want to learn about all
4042.16 -> the offerings what you do is go to
4043.839 -> google type in aws free tier and you'll
4045.76 -> get this page that explains all the
4047.52 -> sorts of things here so you can get
4050.119 -> 750 hours on ec2 rds things like that
4053.92 -> there are stipulations in terms of what
4055.92 -> it would be so here this is a t2 or t3
4058.4 -> michael mic
4059.68 -> micro running linux red hat
4062.48 -> or other type of os's okay
4065.76 -> so there are details you have to read
4067.68 -> the fine print some services are only
4069.599 -> available for the first two months
4071.92 -> things like that so it's going to highly
4074.559 -> vary based on service but it's worth
4076.48 -> giving us a read in areas that you are
4078.4 -> interested in now the thing is is how do
4080.799 -> you know that you are still in the free
4082.4 -> tier or you go outside of it and that's
4084.72 -> what i want to talk to you about right
4086.079 -> now so i am actually in another aws
4088.48 -> accounts that knows in the top right
4089.599 -> corner says brown.lap or hyphen laptop
4091.839 -> exam pro dot co sometimes i will switch
4094.24 -> into different abs accounts during these
4095.839 -> follow along so i can best show you
4098.159 -> um you know these settings so if you
4100.4 -> make your way over to billing
4103.199 -> and actually i should show you up here
4105.04 -> if we go to my dealing dashboard just
4107.52 -> trying to be consistent here and you go
4109.44 -> to the left-hand side to billing
4110.64 -> preferences what you can do is enable
4113.199 -> receive free tier usage alerts and then
4115.6 -> put your email in there and save that
4117.6 -> and so turn on this feature to receive
4119.359 -> email alerts a when your abs service
4121.839 -> usage is approaching or exceeded
4123.12 -> database free tier usage limits if you
4124.799 -> wish to receive these alerts etc etc etc
4128 -> right
4128.96 -> and while you're there
4130.64 -> i want you to also check box receive
4132.48 -> billing alerts
4134 -> so i can show you how to set a billing a
4136.159 -> billing alert and adabas says you know
4138.48 -> budgets are a new thing but billing
4140.48 -> alerts are still something that we use
4142.319 -> as of today so if you checkbox that on
4144.56 -> we'll be able to see your cost if we go
4147.04 -> back here
4148.239 -> it should show you
4149.759 -> um it's because i'm out of the free tier
4151.839 -> on this account but it would show you in
4154.319 -> the alerts you know your usage there so
4156.88 -> example here is if we scroll down this
4158.56 -> is the documentation tracking your image
4160.799 -> free tier usage you would see like a box
4163.12 -> like this and would say hey your free
4164.96 -> tier usage limit is here and you're over
4167.279 -> it okay so that generally would show up
4170.08 -> on this panel here but again i'm outside
4172.719 -> of the free tier so i'm not seeing it
4174.719 -> here
4176.08 -> today okay
4178.239 -> so you know hopefully that is clear
4180.4 -> um but yeah there you go
4183.13 -> [Music]
4187.6 -> all right so we created ourselves a
4189.679 -> budget we're monitoring our free tier
4192.159 -> but there's another way that we can
4193.92 -> monitor our spend and that is through
4195.84 -> building alerts or alarms and it is the
4198.719 -> old way before we had it was budgets
4201.12 -> this was the only way you could do it
4202.8 -> but i still recommend it because there
4204.4 -> is a bit more flexibility here with this
4206.32 -> service and so i wanted to teach you
4208.56 -> early on so that you know what's
4209.84 -> available to you or if you want to play
4211.52 -> around with it in the future so what
4213.28 -> you'll do is go to the top here and type
4215.199 -> in cloudwatch
4217.04 -> and cloudwatch is one of those services
4218.64 -> where it's actually a collection of
4220.159 -> services so there's cloudwatch alarms
4222.159 -> cloudwatch logs cloudwatch metrics those
4224.4 -> are all individual services and animus
4227.6 -> loves to update
4229.44 -> their interface so sometimes you'll be
4230.96 -> presented this option to
4232.8 -> change the latest interface i'm going to
4234.239 -> try out the new interface here
4236.32 -> and that is one challenge with databases
4237.84 -> you always have to expect that they're
4239.76 -> going to change the ui on you and you're
4241.36 -> going to work through it so just
4242.64 -> understand that i try to keep my videos
4244.719 -> up to date as best i can but part of the
4247.04 -> challenge is getting used to that so
4248.88 -> this is what they have today i don't
4250.56 -> know if they're going to stick with this
4251.6 -> but this is what it looks like but what
4253.04 -> i want you to do is make your way over
4254.4 -> to alarms on the left hand side
4257.199 -> and notice that we actually have a
4258.32 -> section just for billing which is
4260.159 -> interesting i remember them having that
4261.679 -> before so it's new so uh here it says it
4264.56 -> was cloudwatch help can help you monitor
4266.4 -> the charges of the spill remember that
4268.239 -> we had to turn that on get 10 free
4270.56 -> alarms with a thousand free email
4272.56 -> notifications each month as part of the
4274.719 -> free tier so understand that if you
4276.88 -> create billing alarms they do cost money
4279.04 -> um as well if you go over that limit but
4281.12 -> you sure get a lot 10 free alarms is
4283.04 -> quite a bit but we'll do is go ahead
4285.04 -> here and create our sales alarm we're
4286.719 -> going to go and choose a metric and so
4289.12 -> here are the options we could choose
4290.719 -> from and so we i think would like um
4295.6 -> billing
4296.96 -> and so we can do by service or total
4299.44 -> estimated charge we're going to do a
4300.8 -> total estimated charge we can only
4302.719 -> select usd i've never seen any other
4304.88 -> currency ever there and so here we kind
4306.96 -> of get this little graph where we can
4308.4 -> see stuff
4309.6 -> but this is a lot more powerful than
4311.12 -> budgets because you can do anomaly
4312.84 -> detection uh so like here it will
4315.199 -> actually check base between a range as
4317.199 -> opposed to just going through a
4319.12 -> particular value but what i'll do is
4320.719 -> just set a value here like
4322.88 -> fifty dollars right
4325.04 -> so notice that it sets the line up here
4327.36 -> and this is my current spend here right
4329.6 -> and so back to anomaly detection this is
4331.6 -> a lot smarter so
4333.199 -> the idea is that if something is outside
4335.04 -> this band of a certain amounts then it
4337.36 -> would alert okay
4339.679 -> but i'm going to go back here i'm just
4341.12 -> going to set this to 50
4343.679 -> and that looks okay to me you can change
4345.92 -> the period six hours is fine um
4349.199 -> there's additional configuration that's
4350.8 -> fine as well we're going to go ahead and
4352.32 -> hit next
4353.76 -> and so the idea is that you know if it
4356 -> passes that red line it will go to an in
4358.32 -> alarm state and then what it will do is
4361.52 -> uh we want to
4363.36 -> have it to trigger an sns topic so i
4366.56 -> would generally just create a new one
4367.76 -> here and we'll just say my billing alarm
4371.44 -> okay and then here we'll just set the
4373.28 -> email
4374.4 -> and your exam pro.co
4376.48 -> and we'll go ahead and create that topic
4380.239 -> and so that is now set i don't know if
4382.4 -> it would confirm it we might have to go
4383.92 -> to our email to confirm it so notice it
4385.52 -> says pending confirmation so what it has
4387.84 -> done is it sent me out an email and it
4390.32 -> wants me to click that link to confirm
4393.36 -> that i want to subscribe to it so i
4395.12 -> might just do that off screen to show
4396.56 -> you here okay
4399.52 -> so i'm just going to pull up my email
4400.719 -> here just give me a moment
4405.679 -> okay and so if i come back here this is
4407.44 -> the email that came in so i'm just going
4408.88 -> to confirm that subscription says i'm
4411.04 -> confirmed good
4412.56 -> and if i refresh this page
4415.44 -> we can now see that that is confirmed
4417.36 -> all right
4418.8 -> so we'll scroll down here so we can
4420.96 -> trigger an auto scaling action so maybe
4423.12 -> you know if you have too many servers
4424.239 -> you say hey the cost is too much shut
4426.4 -> down those servers there's ec2 actions
4428.56 -> things like that so these are kind of
4429.84 -> similar to
4431.52 -> budgets right
4433.199 -> they're system manager actions i imagine
4435.12 -> all these things are available in
4436.159 -> budgets as well but budgets just makes
4438 -> it a little bit easier to look at so i'm
4439.76 -> going to say my simple building alarm
4442.08 -> here
4445.12 -> we'll hit next
4447.12 -> all right
4448 -> we'll hit create alarm
4449.76 -> and there you go so billy alarms don't
4451.679 -> have like forecasting things like that
4454 -> um but you know they are they do have
4456.48 -> their own kind of special utility and so
4458.56 -> i utilize both okay so there we go let's
4461.04 -> go back to our management console move
4462.4 -> on to the next one
4466.92 -> [Music]
4468.08 -> so one of the strongest recommendations
4469.84 -> that abuse gives you is to say to set
4472.48 -> mfa on your database root user account
4475.44 -> so that's something we're going to do
4476.48 -> right now so make sure you're logged
4478.32 -> into the root user account so i'm going
4479.6 -> to go log out as my im user i'm going to
4482.719 -> go back and log in
4484.719 -> and i'm going to log in as my root user
4487.679 -> here so to do that no sometimes it will
4490.64 -> be expanded as the imuser click and sign
4493.04 -> into root user here we'll have root user
4495.28 -> i'm going to go ahead and enter my email
4497.36 -> that i used
4498.719 -> and if you do switch accounts frequently
4500.8 -> they will ask you these silly captchas
4503.12 -> which drive me crazy but uh you know it
4505.44 -> happens you probably won't encounter it
4507.199 -> as much as i do and so i'm going to go
4509.04 -> ahead and grab my password here and
4511.44 -> paste it on in
4513.28 -> and so now that i'm in what i want to do
4515.04 -> is make my way over to iam
4518.159 -> and i'm going to go and look for
4521.679 -> users actually sorry just right here add
4523.679 -> an mfa root user we're going to go ahead
4526.08 -> and hit add mfa
4528.8 -> all right so that's going to bring us to
4530 -> this screen and so here we can activate
4532.56 -> our mfa and so we have a few options
4535.04 -> here so we have virtual mfa device u2f
4538.719 -> security key other hardware like a
4542 -> gem gym
4543.92 -> gemalto token so you know i generally
4546.64 -> use this because i have a security key
4548.96 -> and i want to show you what i'm talking
4550.239 -> about so this
4551.76 -> is how i log into my machine or my aws
4554.8 -> account
4555.92 -> this is a security key an ubi key that
4557.76 -> sits on my desk i tape it so it doesn't
4559.52 -> fall fall off the cord but the idea is
4561.84 -> that when i log in i have to press this
4564.159 -> little button here to double confirm
4566.64 -> before i get into my account but if you
4568.56 -> don't have a security key you can just
4569.76 -> use a virtual mfa and all that means is
4572.4 -> you're going to
4574.239 -> use something on your phone to log in so
4576.88 -> we'll click continue here
4578.64 -> and so it says install a compatible app
4580.719 -> on your mobile phone or device and so if
4582.96 -> you click and open this what it will do
4584.96 -> is tell you about some things that you
4586.4 -> can use
4587.6 -> um so if we scroll down to virtual
4591.44 -> here this suggests uh if you have
4592.96 -> android iphone so authy dual mobile last
4595.84 -> path microsoft authenticator google
4598 -> authenticator so google authenticator
4600.239 -> microsoft authenticator and authy i have
4602.239 -> all those three installed um honestly
4604.56 -> authy has the the nicest simplest
4607.44 -> ui
4608.4 -> but i'm using microsoft authenticate
4610.4 -> authenticator quite a bit so anyway
4612.48 -> whichever you want to do it's fine but
4614.239 -> what we'll have to do is go back here
4616.4 -> and then it says use your virtual mfa
4618.48 -> app on your device camera to scan your
4620.64 -> qr code so once you have one of those
4623.28 -> apps installed like authy or whatever
4625.679 -> one you want
4627.36 -> what you're going to do is open up the
4629.52 -> application and i can't tell you exactly
4632 -> where it is but you'll have to hit add
4633.44 -> account in your in your app and then
4636.239 -> from there it will ask you to scan your
4638 -> qr code and so
4640.4 -> once you're ready you hit show the qr
4642.159 -> code you hit scan the qr code on your
4644.64 -> phone i'm holding my phone up to my my
4647.28 -> um
4648.88 -> my computer screen here and it's going
4650.8 -> to find it and i'm just going to take a
4652.719 -> moment here to rename the account so i
4654.56 -> can tell what it is
4656 -> so i'm just naming it aws
4658.8 -> sandbox because that's what i call this
4660.719 -> account
4663.199 -> and i'm gonna go ahead and save that and
4665.12 -> so now what i can do is enter uh two
4667.76 -> consecutive mfa codes now this always
4669.52 -> confused me what they wanted here but
4671.28 -> the idea is that you're gonna see one
4673.12 -> code
4674.32 -> right whatever's on the screen right now
4675.52 -> so i'm gonna type in it it says seven
4676.8 -> 734051
4679.76 -> and i'm going to wait
4681.52 -> until the new code shows up
4683.6 -> so there's like a timer in all these
4684.88 -> apps and they go across the screen or
4686.32 -> they count down and so you have to wait
4688.56 -> for that to happen and so i'm just going
4690.239 -> to wait here a little bit
4697.28 -> and once i get the new number here this
4699.36 -> one is zero seven one
4702.08 -> five three zero i'm gonna hit assign mfa
4705.52 -> and there we go and i can't tell you how
4707.04 -> many times i like messed that up because
4708.96 -> i didn't understand the consecutive
4710.32 -> numbers but you're just waiting for uh
4712.48 -> the number that's on the screen it
4713.679 -> entered in and then entered the next one
4715.28 -> in to turn on mfa and so now your
4717.92 -> account is protected and every time you
4719.44 -> log in you're going to have to enter in
4721.92 -> mfa so let's log out and see what that
4724.239 -> looks like
4726.48 -> so we'll go ahead and sign in
4729.199 -> and
4730.4 -> again we'll put in our root user account
4733.04 -> here we'll type in
4734.8 -> 74m32t
4738 -> submit
4739.6 -> and i need to go grab my password so
4741.36 -> that's in my password managers just give
4743.04 -> me a moment here
4747.36 -> and now it wants the mfa code so this is
4749.44 -> in my phone
4750.56 -> and so i'm going to go enter it in so
4752 -> this one says four seven five
4754.8 -> eight four one all right we'll hit
4757.36 -> submit
4759.6 -> okay there we go so that's gonna happen
4761.28 -> every single time we want to log in
4763.76 -> i'm going to tell you that if you get
4764.8 -> one of these they're so much easier to
4766.8 -> use because you just press the button
4768.32 -> okay so that's why i have this because i
4770.4 -> cannot stand entering the code in time
4772.719 -> and time again
4774.32 -> but you know those are your options
4775.679 -> there okay
4777.85 -> [Music]
4782 -> hey this is andrew brown from exam pro
4783.679 -> and we're looking at the concept of
4785.04 -> innovation waves so when we're talking
4787.199 -> about innovative waves we're talking
4788.64 -> about chondrativia or k waves which are
4791.76 -> hypothesized cycle-like phenomena in the
4794.32 -> global world economy and the phenomenon
4797.04 -> is closely connected with technology
4798.64 -> life cycles so here is an example where
4801.679 -> each wave is irreversibly changes the
4803.679 -> society on a global scale and if you
4806.239 -> look across the top we can kind of see
4808.08 -> what they're talking about so we have
4809.44 -> steam engine cotton
4811.44 -> railway and steel electric engineering
4814 -> chemistry petrochemicals automobiles
4816.639 -> information technology
4818.4 -> and so the idea is that cloud technology
4821.199 -> is the latest wave and i'm not sure if
4823.76 -> you'd fit web 3 in there as well ml ai
4826.96 -> but maybe they're all part of the same
4828.719 -> wave or their separate waves but
4830.56 -> generally they're broken up based on
4832.32 -> this p r d e here where it says
4835.52 -> perspective recession depression and
4837.199 -> movement uh improvement sorry and so
4839.92 -> this is the common pattern of wave where
4841.76 -> we see a change of supply and demand and
4843.84 -> so if we're seeing this we know that we
4845.679 -> are in a wave in where we are in a wave
4848 -> okay
4849.04 -> [Music]
4853.6 -> hey this is andrew brown from exam pro
4855.199 -> and we are looking at the concept of a
4856.639 -> burning platform so burning platform is
4858.639 -> a term used when a company abandons old
4860.96 -> technology for new technology with the
4863.679 -> uncertainty of success and can be
4865.199 -> motivated by fear the organization's
4867.28 -> future
4868.239 -> survival hinges on digital
4870.08 -> transformation and just to kind of give
4871.44 -> you a visualization here is a literal
4873.76 -> burning platform so imagine you have to
4875.76 -> jump to it uh jump from it to make a
4878 -> change so
4879.28 -> um you know burning platform could be
4881.28 -> you know
4882.32 -> stop using on-prem and start using cloud
4884.4 -> or maybe going from cloud to web 3
4887.36 -> and that's generally the idea when we
4888.8 -> talk about a burning platform
4891.18 -> [Music]
4895.76 -> so i just want to quickly show you that
4897.44 -> digital transformation checklist that i
4899.44 -> mentioned and the way you can get to it
4901.28 -> is by typing in digital transformation
4903.84 -> aws and so it should bring you to the
4905.76 -> public sector page and here it is so we
4908.159 -> click there and all it is is a pdf uh so
4910.719 -> it's not news from 2017 but that doesn't
4912.719 -> mean that it's not valid anymore uh it's
4915.6 -> just that that's when it was made so we
4917.36 -> scroll on down and we can see
4918.56 -> transforming vision and so we have a
4920.239 -> checklist there so if we click into this
4922.639 -> uh we can see things like communicate a
4924.239 -> vision of what success looks like define
4926.88 -> a clear governance strategy including
4928.239 -> the framework of achieving goals uh
4930.159 -> build a cross-functional team identify
4933.04 -> technical uh partners they talk about
4935.36 -> shifting the culture and then down below
4937.679 -> i assume that this one is related to
4939.199 -> that one it's unusual because
4941.6 -> you know they just have a checklist here
4943.12 -> but then they have a sub checklist which
4944.88 -> must be clear to that so reorganize
4946.96 -> staff into smaller teams things like
4948.48 -> that so it's not super complicated
4950.4 -> you'll see each category go go cloud
4952.239 -> native they'll have a checklist
4954.32 -> um you know and if you are at the
4956.8 -> executive level or the sales level or
4958.639 -> trying to convince your vps and stuff
4960.08 -> like that give this a read it might give
4962.159 -> you something useful in the end
4964.8 -> to help better communicate that
4966.48 -> transformation for you okay
4972.719 -> hey this is andrew brown from exam pro
4974.48 -> and we are looking at the evolution of
4976.239 -> computing power so what is computing
4978.159 -> power it's the throughput measured at
4979.84 -> which a computer can complete
4981.84 -> computational tasks and so uh what we're
4984.56 -> pretty much used to right as of these
4986.4 -> days is general computing so a good
4988.159 -> example here would be a zeon cpu
4990.48 -> processor uh that's more of a high-end
4992.88 -> processor not something you'd find in
4994.08 -> your home computer but we're talking
4995.76 -> about data centers specifically uh um
4998.719 -> you know innovative data centers xeon
5000.48 -> cpu processors are what you're going to
5002.08 -> come across uh then came along a new
5004.48 -> type of compute which is gpu computing
5007.12 -> um when we're talking about google cloud
5010 -> they have tensor computing and so this
5011.84 -> is where i get the 50 times faster based
5013.679 -> on that metric and so i didn't have an
5015.44 -> exact metric here for aws as a solution
5018.639 -> for this mid tier of computing power so
5021.199 -> i just borrowed that 50 times there but
5022.719 -> the idea is that gpu computing or tensor
5026 -> computing is is 50 times faster than
5029.76 -> traditional cpu and generally that's
5031.76 -> going to be used for very specialized
5033.92 -> tasks when you're doing machine learning
5036.08 -> or ai so it's not something you're going
5037.679 -> to be doing for your regular
5040.48 -> web workloads but just understand that
5042.88 -> all these fit so we're not getting rid
5044.8 -> of general computing we're just adding
5047.04 -> new levels of compute then there's the
5049.04 -> latest which is uh quantum computing and
5051.76 -> so here we have an example of the rigid
5055.44 -> rig
5056.56 -> right getty 16q aspen 4 and so it
5059.84 -> literally looks like it's out of um
5061.92 -> science fiction and this thing is like a
5064.32 -> hundred million times faster it is super
5067.12 -> cutting edge and we don't even know
5068.8 -> exactly how it works and there's not
5070.719 -> even anything that's very applicable
5072.719 -> that we can use this for but the idea is
5074.32 -> that we're not done with the evolution
5076.4 -> of computing power things are going to
5078.56 -> get a lot faster once we solve this last
5080.88 -> one here
5082.08 -> and so above service offering here would
5083.84 -> be for general computing you're looking
5085.52 -> at elastic compute cloud ec2 so we have
5087.92 -> a variety of different uh instance types
5090.4 -> and they're all going to have different
5091.52 -> types of hardware with different types
5092.96 -> of general computing
5094.88 -> for gpu computing this is a specialized
5097.84 -> chip that aws has produced called the
5099.92 -> edibus and i don't know how to say it
5101.679 -> but we'll just abbreviate it to infer so
5104.239 -> aws infer chip
5106.239 -> and this was designed as a direct
5107.84 -> competitor to gcp's
5110.639 -> tensor computing uh unit the tpu um and
5114.239 -> so this is intended for ai ml workloads
5116.8 -> but it works with not just um tensorflow
5119.84 -> but it works with any
5121.44 -> machine learning framework so that is
5122.96 -> one advantage it has over uh tpus um and
5126.48 -> then the last one here is aws brackets
5128.08 -> so you can actually use quantum
5129.36 -> computing as a service on your bus you
5131.679 -> uh as of even today um the way aws is
5135.12 -> able to do this is they work with
5136.56 -> caltech so that's the california
5138.84 -> technology university or institute i'm
5141.28 -> not sure the name of it there
5143.04 -> so it's not exactly aws producing this
5145.12 -> but itabus is doing this as a
5146.56 -> partnership to give quantum computing
5148.639 -> accessible to you okay
5150.74 -> [Music]
5154.4 -> so i'm here in the aws console because i
5155.92 -> just want to prove to you that you can
5157.6 -> use quantum computing on aws it's that
5160.32 -> accessible so all you'd have to do is go
5161.92 -> to the top here type in bracket
5164.639 -> and then you make it over to amazon
5166.08 -> bracket and so here you can like set up
5169.199 -> quantum tasks the first time you set it
5171.199 -> up you've got to go through this process
5173.199 -> here
5174.56 -> i think i have to go through this
5175.679 -> onboarding to be able to show you the
5177.04 -> next step so i'm going to go ahead and
5178.239 -> enable bracket in this abs account
5182.239 -> okay and i'm not going to launch
5183.76 -> anything i'm just going to try to just
5185.04 -> kind of show you a little bit of what is
5187.6 -> accessible to you because it's not super
5189.679 -> exciting but the fact that you can do it
5191.36 -> is kind of interesting so here i am on
5193.679 -> the inside here and we have all these
5195.6 -> different types of quantum computing so
5197.92 -> d wave i know i i o n q
5201.92 -> righty things like that and then down
5204.239 -> below these are the quantum processing
5206.4 -> units the q q p u's and then down below
5209.36 -> you have the simulator so you can kind
5210.88 -> of simulate uh these things here um so i
5214.239 -> think that's kind of interesting
5216.639 -> but in terms of the cost like if you
5218.4 -> scroll on down here
5219.92 -> um so it was bracket is part of that it
5221.92 -> was free tier it gives you one free hour
5223.6 -> of quantum circuit simulation time per
5225.76 -> month during the first 12 months so
5228.159 -> it's free to do a circuit simulation but
5232 -> if you actually want to run it on the
5233.52 -> actual hardware you can see the cost
5235.679 -> there's the per task price the per shot
5237.92 -> price things like that
5239.84 -> what could you do with this i don't know
5241.52 -> there's things called like quad bits or
5243.12 -> something like that and i can't imagine
5244.719 -> that you're going to be doing anything
5245.76 -> useful but i think it's just more so
5247.12 -> like you are sending out quad bits or
5249.76 -> whatever they are and you're observing
5251.12 -> them but what you can do with them i
5253.28 -> have no idea but it's just exciting that
5255.28 -> you can do that
5256.639 -> i didn't have any spend just by
5258 -> activating that i'm just kind of just
5259.28 -> showing you there okay
5261.44 -> [Music]
5266.08 -> hey this is andrew brown from exam pro
5268 -> and we are looking at the benefits of
5270.159 -> cloud and this is a summary of reasons
5272.239 -> why an organization would uh consider
5274.48 -> adopting or migrating to utilizing
5276.32 -> public cloud and so we'll quickly go
5278.32 -> through the list here uh because in the
5280 -> follow-up slides we actually go into
5281.76 -> them a bit more detailed so we have
5283.44 -> agility page ago economy of scale global
5286.32 -> reach security reliability high
5288.8 -> availability scalability um and
5291.96 -> elasticity so the thing is is that eight
5295.28 -> of us had this before it was called the
5297.04 -> six advantages of cloud but they have
5298.8 -> reworked it to include additional items
5301.52 -> um and so where you see these uh sub
5304.96 -> bullets here those are the original six
5306.56 -> as you see one two three four five six
5308.96 -> and so i kind of just put them where
5310.4 -> they kind of fall under the new
5312.32 -> categories there and you'll notice that
5314 -> database has included high availability
5316.08 -> elasticity reliability and security as
5319.36 -> uh new ones here okay and so the thing
5323.12 -> is is that
5324.239 -> um i have always always even in my
5327.04 -> original uh i think my original cloud
5329.52 -> practitioner had cloud architecture as a
5332.32 -> separate section and included all these
5334 -> things in here so it's a great thing to
5335.52 -> see that ableist has included it
5337.44 -> but
5338.159 -> in terms of how i organize this course
5340.719 -> we're not going to cover them in this
5342.239 -> section because i have the cloud
5343.52 -> architecture section so just understand
5344.96 -> that we will come to those eventually
5347.36 -> and i would just say that aws is still
5349.12 -> missing something on this list which is
5350.48 -> fault tolerance so you know my list
5353.6 -> looks like this except i would add fault
5355.44 -> tolerance to it so you have everything
5357.52 -> there
5358.4 -> and disaster recovery okay so the
5361.04 -> benefits of cloud is a reworking
5362.639 -> expansion of the six advantages of the
5364.32 -> cloud and we will look at the original
5365.92 -> six advantages um and then look at
5368.719 -> another one that is more of a
5370.239 -> generalized one that i i've used across
5372.159 -> my courses so that we fully understand
5374.48 -> the benefits okay
5378.96 -> [Music]
5380.159 -> all right let's take a look here at the
5381.6 -> six advantages to cloud defined by aws
5384.08 -> and so these are still uh part of aws
5386.48 -> marketing pages um but you know it's
5388.96 -> interesting because you can't find the
5390.56 -> benefits of the cloud in a single page
5392.639 -> on any of this at least the time of
5393.76 -> making this so there's a bit of
5395.04 -> disconnect between the um exam guide and
5398 -> the actual marketing material but that's
5399.76 -> okay i fill it all in for you so you
5401.679 -> know i'm just again noting that the
5402.8 -> sixth advantage of cloud was the
5404.4 -> original description for cloud benefits
5406.719 -> and we'll go through them okay so the
5408.4 -> first is trade capital expense for
5409.92 -> variable variable expense so you can pay
5412.32 -> on demand meaning that there is no
5414.08 -> upfront cost and you pay for only what
5416.159 -> you consume or you pay by the hour
5418.239 -> minutes or seconds so instead of paying
5419.84 -> for upfront costs of data centers and
5421.44 -> servers the next is benefit from uh
5424.08 -> massive uh economies of scale so
5427.679 -> you are sharing the cost with other
5429.199 -> customers to get unbeatable savings
5431.04 -> hundreds of thousands of customers
5432.32 -> utilizing a fraction of the server stop
5434.56 -> guessing capacity so scale up or down to
5436.88 -> meet the current needs
5438.4 -> launch and destroy services whenever so
5440.56 -> instead of paying for idle or
5441.84 -> underutilized servers we have increased
5443.92 -> speed and agility so launch resources
5446 -> within a few clicks and minutes instead
5447.84 -> of waiting days or weeks of your it to
5450.239 -> implement the solution on premise we
5452.08 -> have stopped spending money on running
5453.84 -> and maintaining data centers so focus on
5456.08 -> your customers developing and
5457.36 -> configuring applications so instead of
5459.44 -> operations such as racking stacking and
5462 -> powering servers the last is go global
5464.48 -> in minutes so deploy your app in
5466.32 -> multiple regions around the world with a
5468.08 -> few clicks provide low latency and a
5470.239 -> better experience for your customers at
5471.76 -> minimal cost the six advantages of cloud
5473.76 -> still apply and i like to include them
5476.32 -> here because they just have a different
5478.48 -> kind of lens or
5480.48 -> or or
5482.48 -> angle when you're looking at this stuff
5484.08 -> and so we've looked at the six
5485.76 -> advantages of cloud and now let's take a
5487.199 -> look at the next slide my reworking of
5489.76 -> the sixth advantage of the cloud to be
5491.04 -> more generalized okay
5492.56 -> [Music]
5496.48 -> all right i just wanted to show you
5497.52 -> where that sixth advantage of cloud
5498.96 -> computing comes from it's part of it it
5501.04 -> was documentation so i typed it in here
5503.04 -> and you can see that it is still around
5505.679 -> and so it's unusual because this used to
5507.44 -> be part of the marketing website it had
5509.44 -> those nice little graphics
5511.12 -> but for whatever reason it's over here
5512.88 -> now in the overview of amazon web
5515.04 -> services and by the way if you're
5516.8 -> starting starting out with databus this
5518.48 -> is a very light read but it is a good
5520.639 -> read to get started with we obviously
5523.04 -> cover all this stuff in the course um
5525.28 -> but you know maybe you'll get something
5526.4 -> different here but the idea is that it
5527.84 -> was definitely expanded on this but for
5529.84 -> whatever reason this documentation
5531.36 -> hasn't changed so just understand that
5533.36 -> i've polyfilled that for you in this
5535.28 -> course okay
5536.36 -> [Music]
5540.88 -> all right so this is the seven
5542.56 -> advantages to cloud i said six but i
5544.4 -> meant to say seven and so um you know
5546.8 -> since i've created fundamental courses
5548.88 -> for all these cloud service providers i
5550.48 -> started to notice kind of a trend and so
5552.56 -> what i did is i normalized it into my
5555.04 -> own seven advantages and this actually
5557.6 -> maps up really well to the new benefits
5560.159 -> of the cloud so it looks like invoice
5562.08 -> was thinking the same as i was um with
5564.719 -> the exception of those cloud architect
5566.159 -> stuff which i keep in a separate section
5568 -> but let's go through it and see what is
5570 -> here so the first is cost effective you
5572.159 -> pay for what you consume no upfront
5574.159 -> costs on demand pricing so pay as you go
5576.639 -> p-a-y-g with thousands of customers
5578.96 -> sharing the on uh sharing the cost of
5580.96 -> resources any of us used to refer to
5583.199 -> this always as on-demand pricing and
5585.36 -> azure always said pay as you go and so
5588.08 -> it looks like aws now uses both
5590.08 -> on-demand and pay-as-you-go to describe
5591.84 -> them which is great um but there you go
5594.159 -> then we have global so launch workloads
5596.4 -> anywhere in the world just choose a
5597.679 -> region it's secure so cloud provider
5600.32 -> takes care of physical security cloud
5602.239 -> services can be secured by default or
5603.92 -> you have the ability to configure access
5606.08 -> down to a granular level uh it's
5608.32 -> reliable so data backup disaster
5610.639 -> recovery data replication fault
5612.08 -> tolerance it's scalable increase or
5614.159 -> decrease resources and services based on
5615.92 -> demand elastic so automate scaling
5618.4 -> during spikes and drop in demand current
5620.88 -> so the underlying hardware and and
5622.8 -> managed uh software is patched upgraded
5625.04 -> and replaced by the cloud provider
5626.56 -> without interruption to you so i think
5628.4 -> this is one that isn't on the benefits
5630.239 -> of the cloud which is a really good one
5632.48 -> um but uh yeah that's the seven
5635.2 -> [Music]
5639.6 -> hey this is andrew brown from exam pro
5641.6 -> and we are taking a look at what is
5643.04 -> able's global infrastructure so global
5645.36 -> infrastructure is globally distributed
5646.96 -> hardware and data centers that are
5648.719 -> physically networked together to act as
5650.48 -> one large resource for the end customers
5652.719 -> so if you see here on the right hand
5654.32 -> side we have a picture of a globe and
5656.239 -> the idea is that we have a bunch of
5657.6 -> these regions and these regions are
5659.04 -> containing a bunch of data centers and
5661.36 -> then you have those lines going in
5663.12 -> between them which kind of represents
5664.48 -> the network okay so the global
5666.639 -> infrastructure is made up of the
5667.76 -> following resources so they have regions
5670.159 -> availability zones direct connection
5672.719 -> locations point of presence so those are
5675.6 -> pops local zones wavelength zones and
5678.639 -> we're going to cover all of these in
5680 -> this section here
5681.44 -> and one thing i want to note is that
5683.119 -> airbus has millions of active customers
5685.04 -> and tens of thousands of global partners
5687.119 -> that are constantly using this
5688.96 -> infrastructure so you know that it is
5690.4 -> rock solid okay
5692.22 -> [Music]
5697.199 -> all right so i'm over here on the global
5699.119 -> infrastructure page if you type in aws
5700.719 -> global infrastructure you'll make your
5702.4 -> way here and so i just wanted to point
5704.48 -> out that aws is always updating their
5706.639 -> global infrastructure so these numbers
5708.4 -> are increasing all the time but if
5710.96 -> you're over here what you probably want
5712.239 -> to do is make your way to regions and
5713.679 -> azs so you can kind of see what's in
5715.92 -> your area
5717.36 -> so i'm in canada and we have canada
5719.28 -> central region here and it has three
5720.8 -> availability zones have launched in
5722.719 -> 2016.
5724.32 -> you'll notice that it has a couple
5725.36 -> asterisks if you scroll on down here
5727.28 -> explain that it's in the montreal
5729.76 -> metropolitan area so saying it's in the
5732 -> downtown it's in the city uh that could
5734.4 -> matter to you for whatever reason um but
5736.88 -> just kind of pointing out where that
5738.4 -> stuff is you can read about all this
5740.08 -> stuff but of course we cover this all in
5742.239 -> the course but there you go
5743.88 -> [Music]
5748.4 -> hey this is andrew brown from exam pro
5750.239 -> and we are taking a look at above
5751.679 -> regions and regions are geographically
5753.52 -> distinct locations consisting of one or
5755.84 -> more availability zone and so here is a
5758.88 -> world map showing you all the regions
5760.48 -> that abuse has in the world and the blue
5762.639 -> ones represent regions that are already
5764.96 -> available to you and the orange ones
5766.96 -> represent ones that ableis is planning
5768.639 -> to open so aws is always expanding their
5770.719 -> infrastructure uh in the world so always
5773.04 -> expect there to be more upcoming ones
5775.52 -> every region is physically isolated from
5777.6 -> independent of every other region in
5779.119 -> terms of location power and water supply
5782.159 -> and the most important region that you
5783.84 -> should give attention to is u.s east one
5786.239 -> uh in particular so this is northern
5788.239 -> virginia it was italy's first region
5790.159 -> where we saw the launch of sqs and s3 uh
5793.76 -> and there are a lot of special use cases
5796.159 -> where things only work in u.s east ones
5798.48 -> and we'll find that out here in a moment
5800.4 -> what i do want to show you is what it
5801.76 -> looks like for an architectural diagram
5803.76 -> when you are seeing a region so notice
5806.32 -> that we have this
5808.08 -> little flag here it says us east one us
5810.32 -> west one and inside of it we have an ec2
5812.56 -> instance so that is going to represent a
5814.32 -> region in our architectural diagrams uh
5816.719 -> but let's look at some of the facts here
5818 -> and understand why u.s east or u.s east
5820.08 -> 1 is so important
5821.679 -> so each region generally has three
5823.6 -> availability zones and that is by
5825.44 -> intention and we will talk about that
5827.119 -> when we get to the availability zone
5828.48 -> section some new users are limited to
5830.96 -> two or uh to two uh but generally
5833.679 -> there's always three okay new services
5835.76 -> almost always become available first in
5837.52 -> u.s east and specifically u.s east one
5840 -> not all services are available in all
5841.679 -> regions all your billing information
5843.36 -> appears in u.s east one so that's a usc
5845.76 -> one particular thing uh the cost of
5847.52 -> aidable services vary per region and so
5850 -> if you're on the marketing website or uh
5852.159 -> for with global infrastructure you can
5853.679 -> see uh
5855.04 -> here in north america they'll say like
5856.8 -> when it launched how many availability
5858.48 -> zones and there might be some conditions
5860 -> so you'll notice there's like asterisks
5861.52 -> uh beside these things here or um in
5864.32 -> this one particular there's an asterisk
5865.76 -> saying hey there are three zones but
5868.239 -> generally you're limited to two okay
5870.56 -> when you choose a region there are four
5872.56 -> factors you need to consider uh what are
5874.719 -> the regulatory compliance does this
5876.8 -> region meet what is the cost of this
5878.719 -> enable service in this region what input
5880.88 -> services are available in this region
5882.639 -> and what is the distance distance or
5884.48 -> latency to my end users and those are
5886.239 -> those four factors that you should
5887.679 -> remember okay
5889.06 -> [Music]
5893.76 -> all right so we just talked about adabus
5895.52 -> regions now let's talk about uh how that
5898.08 -> affects our services versus regional and
5900.639 -> global services so regional services are
5903.28 -> scoped based on what is set in the
5904.719 -> database management console on the
5906.639 -> selected region so you have this drop
5908.4 -> down and that's what you'll do you'll
5909.76 -> say okay i want to have resources in
5912 -> canada or in europe
5914.48 -> so this will determine where a native
5916.56 -> service will be launched and what will
5918.239 -> be seen within the airbus services
5920.08 -> console you generally don't explicitly
5922.239 -> set the region for a service at the time
5924.08 -> of creation i explicitly mentioned this
5926.08 -> because when you use something like gcp
5928 -> or azure when you create the resource
5930 -> that's when you select the region but
5931.76 -> aws is it has this kind of global thing
5933.84 -> which is unique to their platform
5936.4 -> then there's the concept of global
5937.76 -> services so some aw services operate
5940.08 -> across multiple regions and the region
5942.32 -> will be fixed to the word global and for
5944.96 -> these that's services like s3 cloud
5946.96 -> front row 53 iam
5949.44 -> so the idea is if you were to go over to
5950.8 -> cloud cloudfront and go into the
5952.239 -> cloudfront console you'll notice that it
5954.159 -> will just say global and you can't
5955.36 -> switch out of that
5956.719 -> for these global services at the time of
5958.88 -> creation it's a bit different so we were
5960.88 -> saying up here for regional ones that
5962.639 -> you don't select the region but when you
5965.119 -> are clearing global services if you're
5966.88 -> using something like iam there is no
5968.88 -> concept of region because they're just
5970.08 -> globally available so you don't have to
5972 -> determine
5973.04 -> a subset of regions if you're using s3
5975.28 -> bucket that has to be in one region so
5977.76 -> you actually do have to select a region
5979.44 -> at time of creation um and then there's
5981.679 -> something like cloud form distributions
5982.88 -> where you were choosing a group of
5984.4 -> regions so you either say all of the
5985.76 -> world or only north america which is
5988.159 -> more like geographic distribution so you
5990.08 -> don't say the region in particular but
5992 -> you know hopefully that gives you a
5993.199 -> distinction between regional services
5994.96 -> and global services
5996.74 -> [Music]
6001.119 -> hey this is andrew brown from exam pro
6002.96 -> and we are taking a look at availability
6004.8 -> zones so availability zones commonly
6006.8 -> abbreviated as a z and i'll frequently
6009.199 -> use b using the term a z is physical
6011.76 -> locations made up of one or more data
6014.159 -> centers so a data center is a secured
6016.56 -> building that contains hundreds or
6018.4 -> thousands of computers and this is one
6021.199 -> of my favorite graphics i like to show
6022.719 -> of course uh you know aws would never
6024.639 -> have a dog um in their data center but i
6027.28 -> just thought that would be fun a region
6029.36 -> will generally contain three
6031.28 -> availability zones and i say generally
6033.679 -> because there are some cases where we
6035.199 -> will see less than three so there might
6037.199 -> be two
6038.56 -> data centers within a region will be
6040.32 -> isolated from each other
6041.92 -> so there will be different buildings but
6043.44 -> they will be close enough to provide low
6045.119 -> latency and that is within the
6048.239 -> 10 milliseconds or less so it's very
6050.32 -> very low uh it's common practice to run
6052.56 -> workloads in at least three azs to
6054.48 -> ensure services remain available in case
6056.639 -> one or two data centers fail and this is
6058.8 -> known as high availability and this
6060.96 -> generally is driven based on regulatory
6063.199 -> compliance so a lot of companies uh you
6065.44 -> know they have to at least be running in
6067.44 -> three az's and that's why aws tries to
6069.52 -> always have at least three azs within a
6071.84 -> region uh azs are represented by a
6074 -> region code followed by a letter so here
6076.639 -> you know you'd have us east one which
6078.239 -> would be the region and then the a would
6080.56 -> represent the particular availability
6082.4 -> zone in that region
6084.48 -> um so a
6086 -> subnet which is related to availability
6088.239 -> zones is associated with
6090.239 -> two availability zones so you never
6091.679 -> choose an az when launching resources
6094 -> you always choose a subnet which is then
6096.32 -> associated uh two and a z a lot of
6098.719 -> services um you know
6101.04 -> don't even require you to choose a
6102.4 -> subnet because they're fully managed by
6103.76 -> aws but in the case of like virtual
6105.92 -> machines you're always choosing a subnet
6107.6 -> okay so here is a graphical uh
6110 -> representation or a diagram that's
6112.4 -> representing two availability zones so
6115.04 -> here we have the region usc 1 and us
6118.159 -> west 2 and then we have our 2az so here
6120.32 -> is 1a and 1b and so these are
6123.6 -> effectively the subnets okay
6126.32 -> and so within those subnets then you can
6128.48 -> see or availability zones you will see
6130.8 -> that we have two virtual machines okay
6133.44 -> so the usc s1 region has six azs and i
6136.56 -> thought that's just kind of like a fun
6137.76 -> fact because it is the most out of every
6139.76 -> single one um i don't think anyone comes
6142.48 -> close to usc 1 but of course it is the
6144.8 -> most popular it is the first uh
6148.4 -> region or so it's not a surprise that
6150.48 -> that one has that many a
6153.54 -> [Music]
6157.76 -> okay so we just covered regions and
6159.36 -> availability zones but i really want to
6160.8 -> make it clear what they look like so i
6163.04 -> kind of have a visual representation so
6165.04 -> let's say we have our aws region and in
6167.44 -> this particular one we have canada
6168.8 -> central which in particular is montreal
6170.96 -> so ca central one
6173.44 -> and the idea here is that a region has
6175.92 -> multiple availability zones so here you
6177.92 -> can see that we have uh one a one b and
6181.679 -> one d for some reason aws decided to uh
6184.88 -> not launch one c maybe it's haunted who
6187.44 -> knows you know
6188.96 -> and then within your um availability
6191.76 -> zones they are made up of one or more
6193.679 -> data centers so just understand that az
6195.52 -> is not a single data center but could be
6196.88 -> a collection of buildings
6198.56 -> and that these azs are interconnected
6200.96 -> with high bandwidth low latency
6202.8 -> networking they're fully redundant
6204.56 -> dedicated to metro fiber providing high
6207.119 -> throughput low latency networking
6208.56 -> between so just very fast connections in
6210.32 -> between
6211.36 -> and all traffic between azs is encrypted
6214.08 -> and these azs are within a hundred
6215.84 -> kilometers so about 60 miles of each
6218.639 -> other okay
6220.53 -> [Music]
6224.719 -> so what i want to do here is just show
6226.719 -> you uh how regions and availability
6228.96 -> zones work with some different database
6230.8 -> services so you have a general idea when
6233.119 -> you are selecting a region or a z and
6235.84 -> when you're not so within aws when you
6238.32 -> want to select a region you're going to
6239.92 -> go up here and change it and this is
6241.6 -> going to apply to regional services a
6244.639 -> very famous example of a regional
6246.159 -> service would be ec2 so we go over to
6248.88 -> ec2 which is elastic
6251.52 -> cloud computing or compute whatever
6253.679 -> let's forget the name of it and what we
6255.44 -> can do is go over to instances
6257.92 -> i'm going to launch an instance i'm not
6259.44 -> going to complete the process i just
6260.96 -> want to show you
6262.32 -> what would happen when you go select
6263.84 -> some things here so i'm going to go with
6265.119 -> amazon x2
6267.119 -> we're going to just go to
6269.28 -> next here and so here is where we're
6271.6 -> going to select
6273.44 -> our availability zone so up here we have
6275.6 -> north virginia that's our region and
6277.44 -> when i say we're selecting our
6278.32 -> availability zone we're actually
6279.36 -> selecting the subnet so so here we are
6282.88 -> choosing a subnet and a subnet is
6285.199 -> associated to a availability zone and
6288.88 -> every single
6290.48 -> um
6291.36 -> region has a default vpc and that vpc
6294.639 -> has
6295.84 -> subnets set up and the subnets are
6297.52 -> defaulted to each of the availability
6299.52 -> zones available so usc 1 has six of them
6302.239 -> so this server is going to launch in u.s
6304.8 -> east 1b
6306.639 -> so this is a regional service okay
6309.199 -> then we have global services like s3 so
6311.76 -> we go over to s3
6313.92 -> and it says it's global right and so
6316.8 -> we're going to go ahead and create our
6317.92 -> bucket
6319.52 -> and so here we choose the region so we
6322.639 -> go down we're going to say the region we
6324.32 -> want to be in but we don't choose the
6326.639 -> availability zone because there's
6328.88 -> nothing to um
6331.119 -> choose because aws is going to run these
6334.56 -> in
6335.44 -> multiple azs and it doesn't matter to
6337.28 -> you what it's doing there okay
6340.159 -> so there's that and then there's
6341.84 -> something like cloudfront so
6342.96 -> cloudfront's a little bit different here
6344.8 -> so we go over to cloudfront
6347.52 -> and we create ourselves a distribution
6349.84 -> um and so yeah if you don't have that
6352.08 -> option there because sometimes database
6353.28 -> has like a splash screen just click on
6354.56 -> the left hand side then go to
6355.92 -> distributions
6357.36 -> okay and so here well they changed it
6360.56 -> again on me they're always changing this
6362.08 -> ui but if we scroll on down it should
6364.48 -> allow us to change
6367.119 -> um change where this is going to launch
6369.44 -> it's like global stuff like that
6371.44 -> literally they just recently changed
6372.8 -> this and that's why i'm confused
6375.36 -> ah we'll scroll on down here
6378.96 -> it used to be
6381.76 -> maybe it's under legacy
6384.84 -> additional
6386.4 -> customized
6388.48 -> oh it's here sorry okay so notice here
6390.719 -> the price class that says use the edge
6392.48 -> locations for best performance north
6394.4 -> america and europe north america europe
6396.96 -> asia middle uh middle east and africa so
6399.28 -> we're not choosing a particular region
6401.44 -> we're picking a geographical area and so
6404.88 -> those are pretty much the major um uh
6408.88 -> examples of that uh then there's of
6411.04 -> course things like in iem where you
6412.88 -> don't even say where it is so you go to
6414.639 -> i am
6416.08 -> you know if i create something like a
6417.679 -> group
6419.04 -> over here a user group whoops
6421.92 -> here
6423.28 -> i say create group you know i'm not
6425.36 -> saying oh this is for this particular
6427.92 -> region or something like that okay
6430.08 -> so yeah hopefully that makes sense
6432.32 -> [Music]
6436.8 -> hey this is andrew brown from exam pro
6438.639 -> and let's take a look here at fault
6440.56 -> tolerance specifically for global
6442.239 -> infrastructure and so before we jump
6443.84 -> into that let's just define some fault
6445.84 -> terminology here uh so let's describe
6448.56 -> what a fault domain is so a fault domain
6450.639 -> is a section of a network that is
6452.4 -> vulnerable to damage if a critical
6454.239 -> device or system fails and the purpose
6456.56 -> of a fault domain is that if a failure
6458.32 -> occurs it will not cascade outside that
6460.96 -> domain limiting the possible damage and
6463.76 -> so there's this very popular meme called
6465.76 -> this is fine where there's obviously a
6468.239 -> serious problem but the person's not
6470 -> freaking out and i gave it some context
6472.4 -> to say well the reason they're not
6473.6 -> freaking out because they know that
6474.88 -> there's a fault domain and nothing
6476.159 -> outside of this room is going to be
6477.76 -> affected okay
6479.119 -> so you can have fault domains nested
6480.88 -> inside of other fault domains
6482.96 -> but generally they're grouped in
6484 -> something called fault level so a fault
6485.6 -> level is a collection of fault domains
6488.239 -> and the scoping of a fault domain could
6489.92 -> be something like a specific specific
6491.92 -> servers in a rack an entire rack in a
6494.08 -> data center an entire room in a data
6496.08 -> center the entire data center building
6498.239 -> and it's really up to the cloud service
6499.6 -> provider to define those boundaries of
6501.119 -> the domain it's abstracts it all away so
6503.44 -> you don't have to think about it but
6504.719 -> just to compare it against something
6505.84 -> else when you're using azure you
6507.6 -> actually define your fault domain so you
6509.44 -> might say like okay uh make sure that
6511.92 -> this workload is never running on the
6513.44 -> same vm on the same rack for these
6514.96 -> things uh and you know you might like to
6517.36 -> have this level of control but i really
6518.719 -> like the fact that it was just abstracts
6520.08 -> it away i'm not sure how they segment
6522.4 -> their uh their their fault domains but
6524.88 -> they
6525.6 -> definitely are some broader ones which
6527.28 -> we'll describe right now so when we're
6529.36 -> looking at an enables region
6531.199 -> this would be considered a fault level
6533.119 -> and then within that fault level you
6534.719 -> would have your availability zones and
6536.88 -> these would be considered fault domains
6538.8 -> and of course those data centers can
6540.4 -> have uh fault domains within them okay
6542.88 -> like maybe you know they have everything
6544.8 -> in a particular room and that room is
6546.08 -> secure so like if there's a fire in that
6547.36 -> room it's not gonna affect the other
6548.56 -> room things like that
6550.159 -> um so each amazon region is designed to
6552.4 -> be completely isolated from the other
6554.4 -> amazon region
6556.48 -> they achieved this with the greatest
6558 -> possible fault tolerance and stability
6559.84 -> uh each availability availability zone
6562.08 -> is also isolated but the availability
6563.679 -> zone in a region are connected through
6565.599 -> low latency links each availability zone
6568.239 -> is designed as an independent failure
6570.4 -> zone and so here we have some kind of
6572.719 -> different language that database is
6574.08 -> using
6575.119 -> i've never experienced this terminology
6576.96 -> in other any other cloud service
6578.4 -> providers so i kind of feel like it's
6579.52 -> something that it was made up but
6581.119 -> basically a failure zone they're just
6582.56 -> basically saying a fault domain but
6584.48 -> let's kind of expand on their fault
6586.96 -> failure zone terminology so availability
6589.199 -> zones are physically separated within a
6591.28 -> typical metropolitan region and are
6593.44 -> located in lower risk flood plains
6596.48 -> discrete uninterruptible power supply so
6598.719 -> ups and an on-site backup generation
6601.199 -> facilities uh data centers located in
6603.52 -> different azs are
6605.44 -> designed to be supplied by independent
6607.92 -> substations to reduce the risk of an
6610.159 -> event on the power grid impacting more
6612.159 -> than one availability zone
6614.159 -> availability zones are all redundantly
6615.76 -> connected to multiple tier one transit
6618 -> providers and we'll talk about what
6619.199 -> those are
6620.4 -> in an upcoming slide
6622.48 -> and just one thing i want to note here
6624 -> is that when you adopt multi-az you get
6626.4 -> high availability so if an application
6628.239 -> is partitioned across azs
6630.639 -> companies are better isolated and
6632.08 -> protected from issues such as power
6634.239 -> outages lightning strikes tornadoes
6636.4 -> earthquakes and more so that's the idea
6638.32 -> behind you know why we want to run in
6640.32 -> multi-az okay because of these fault
6642.32 -> domains
6643.42 -> [Music]
6647.679 -> hey this is andrew brown from exam pro
6649.52 -> and we're talking about the global
6651.119 -> network so the global network represents
6653.28 -> interconnections between aws global
6655.76 -> infrastructure and it's commonly
6657.679 -> referred to as the backbone of aws so is
6660.56 -> ec2 so just understand that that could
6662.56 -> be used in more than one way but think
6664.48 -> of it as a private expressway where
6666.159 -> things can move fast between data
6668.239 -> centers and uh one thing that is
6671.119 -> utilized a lot to get data in and out of
6674.08 -> aws very quickly is edge locations they
6676.719 -> can act as on and off ramps to the abs
6678.96 -> global network of course you can get to
6681.199 -> the network through pops which we'll
6682.639 -> talk about um you know in the upcoming
6685.04 -> slides here but let's just talk about
6686.159 -> edge locations and what services use
6687.92 -> them so uh when we're talking about
6689.92 -> things that are getting on to the
6691.119 -> database network we're looking at things
6692.56 -> like abus global accelerator aws s3
6695.199 -> transfer acceleration and so
6698.159 -> these use edge locations as an on-ramp
6700.8 -> to quickly reach able's resources and
6702.4 -> other regions by traversing the fast
6704.159 -> away global network notice that the
6706.159 -> names in it's a accelerator acceleration
6708.96 -> so the idea is that they are moving
6710.48 -> really fast okay
6712.08 -> on the other side when we talk about
6713.36 -> like an off-ramp we're looking at amazon
6715.04 -> cloudfront which is a content
6716.239 -> distribution network this uses edge
6718.08 -> locations to as an off-ramp to provide
6720.4 -> an at the edge storage and compute near
6723.36 -> the end user
6725.04 -> and one other thing that is kind of
6726.96 -> always utilizing the global network are
6728.48 -> vpc endpoints now these aren't using
6730.48 -> edge locations but the idea here is that
6732.4 -> this ensures your resources stay within
6734.239 -> the aws network and do not traverse over
6736.4 -> the public internet so you know if you
6738.48 -> have uh you know a resource running in
6740.639 -> u.s east one and one in uh eu it would
6743.52 -> and they never have to go to the
6744.719 -> internet it would make sense to always
6746.4 -> enforce it to stay within the database
6747.84 -> network because it's going to be a lot
6749.199 -> faster so there you go
6751.73 -> [Music]
6756.4 -> hey this is andrew brown from exam pro
6758.32 -> and we are taking a look at point of
6759.679 -> presence also known as pop and this is
6761.679 -> an intermediate location between a
6763.36 -> database region and the end user and
6765.76 -> this location could be a data center or
6767.599 -> a collection of hardware so for aws a
6770.159 -> point of presence is a data center owned
6771.92 -> by aws or trusted partner that is
6774.159 -> utilized by itabus services related for
6776.88 -> content delivery or expedited upload so
6779.599 -> a pop resource could be something like
6781.119 -> an edge location or a regional edge
6782.88 -> cache so as an example over here we see
6785.28 -> an s3 bucket and it has to go through a
6787.36 -> regional edge cache and then cut to an
6788.96 -> edge location let's go define what those
6790.8 -> are so an edge location are data centers
6793.199 -> that hold cached copies on the most
6795.199 -> popular files so web pages images and
6797.92 -> videos
6799.119 -> so that the delivery of the distance to
6800.96 -> the end users are reduced then you have
6803.119 -> regional edge locations and these are
6805.52 -> data centers that hold much larger
6807.44 -> caches of less popular files to reduce a
6809.679 -> full round trip and also to reduce the
6812.159 -> cost of transfer fees
6814.53 -> [Music]
6818.96 -> so to kind of help put pops more in
6821.119 -> presence just in the general sense here
6823.36 -> is a uh diagram i got from wikipedia
6825.52 -> that kind of just shows a bunch of
6826.88 -> different networks and notice where the
6828.639 -> pop is it's on the edge or the
6830 -> intersection of uh two networks so here
6833.04 -> you know we have
6834.48 -> um you know tier three and then there's
6836.48 -> tier two and there's this pop that is in
6838.239 -> between them okay
6839.84 -> so tier one networks is a network that
6841.84 -> can reach every other network on the
6843.36 -> internet without purchasing iptransit or
6845.92 -> paying for peering and so the innovas
6848.08 -> availability zones or azs are all
6850 -> redundantly connected to multiple tier
6851.599 -> one transit providers okay
6853.72 -> [Music]
6858.4 -> all right so let's take a look at some
6859.599 -> state of the services that are utilizing
6861.84 -> pops or edge locations for content
6864.159 -> delivery or expedited uploads so amazon
6866.8 -> cloudfront is a content delivery network
6868.8 -> service and the idea here is you point
6870.639 -> your website to cloudfront so it will
6872.56 -> write requests to the nearest edge
6873.76 -> location cache it's going to allow you
6876 -> to choose an origin so that could be a
6877.599 -> web server or storage that'll be the
6879.599 -> source of the cache and caches the
6881.36 -> content of what origin would return to
6883.36 -> various edge locations around the world
6885.679 -> then you have amazon s3 transfer
6887.28 -> acceleration this allows you to generate
6889.119 -> a special url that can be used by the
6891.36 -> end users to upload files to a nearby
6893.52 -> edge location once a file is uploaded to
6896 -> an edge location it can move much faster
6898 -> within the aws network to reach s3
6900.719 -> then at the end here you have aws global
6903.04 -> accelerator you can find the optimal
6904.96 -> path from the end user to your web
6906.8 -> servers so global accelerators are
6908.88 -> deployed within edge locations so you
6910.4 -> send user traffic to an edge location
6912.32 -> instead of directly to your web
6913.599 -> application this service is really
6915.52 -> really great for if let's say you're
6917.28 -> running a web server usc 1 and you just
6920.56 -> don't have the time to set up
6922.719 -> infrastructure in other regions you turn
6924.96 -> this on and you basically get a boost
6926.56 -> okay
6927.77 -> [Music]
6932.08 -> this is andrew brown from exam pro and
6933.84 -> let's take a look at it was direct
6935.28 -> connect so this is a private or
6937.04 -> dedicated connection between your data
6938.8 -> center office co-location and aws and so
6941.84 -> the idea here is imagine if you had a
6943.599 -> fiber optic cable
6945.04 -> running from your data center all the
6947.04 -> way to your aws so that it feels like
6949.52 -> when you're using your stuff on your
6951.36 -> data center like your local virtual
6952.88 -> machines that there's like next to no
6955.28 -> latency okay so direct connect has two
6957.84 -> very fast network connection options we
6960 -> have the lower bandwidth which is at 50
6961.84 -> to 500 megabytes per second and then you
6964.88 -> have the higher bandwidth which is one
6966.48 -> gigabytes to 10 gigabytes per second so
6970.4 -> using direct connect helps reduce
6972 -> network costs increase bandwidth
6973.44 -> throughput so great for high traffic
6975.119 -> networks it provides a more consistent
6977.28 -> network experience than a typical
6978.719 -> internet-based connection so reliable
6980.8 -> and secure
6982 -> i do want to point out the term
6983.119 -> co-location if you never heard of that
6984.4 -> before a co-location or a carrier hotel
6987.84 -> is a data center where equipment space
6989.599 -> and bandwidth are available for rental
6991.599 -> uh to retail customers i do want to also
6994.239 -> point out that even though it says
6995.599 -> private up here and this is the language
6997.04 -> that aws used i usually just say
6998.719 -> dedicated but the connection is private
7001.36 -> but that doesn't necessarily mean it's
7002.48 -> secure okay so uh we'll talk about that
7005.28 -> when we reach above vpns and how we can
7007.28 -> use that with direct connect to make
7008.56 -> sure our connections are secure okay
7010.8 -> [Music]
7015.119 -> all right so let's take a look at what a
7016.56 -> direct connect location is so a direct
7019.119 -> connect location are trusted partner
7021.04 -> data centers that you can establish a
7023.44 -> dedicated high-speed low-latency
7025.92 -> connection from your on-premise to aws
7028.48 -> so an example of a partner data center
7030 -> would be one like here in toronto the
7031.679 -> allied data center so you can tell
7033.52 -> that's right down in uh the toronto
7035.679 -> center and so you would use this uh uh
7038.56 -> as part of direct connect service to
7040.159 -> order and establish a connection okay
7043.59 -> [Music]
7047.84 -> hey this is andrew brown from exam pro
7049.599 -> and we're taking a look at local zones
7051.28 -> which are data centers located very
7052.96 -> close to densely populated areas to
7054.88 -> provide single digit millisecond low
7056.8 -> latency performance so thinks like seven
7058.8 -> milliseconds for that area so here is a
7061.92 -> map of uh local zones that exist and
7063.92 -> ones that are coming out i believe the
7065.28 -> orange ones are probably ones that are
7066.48 -> on their way and so to use a local zone
7068.4 -> you do need to opt in so you gotta go
7070.08 -> talk to aws probably open a support
7071.76 -> ticket to get access to it the first one
7073.84 -> to ever be launched was uh the la one uh
7076.56 -> and so
7077.679 -> um you know when you want to see it it
7080.159 -> looks just like a
7081.76 -> availability zone it's going to show up
7083.599 -> under whatever region that is because
7084.8 -> these are always tied to existing
7086.32 -> regions so the la-1 is tied to u.s west
7088.8 -> uh region and the az would look like u.s
7092.88 -> west 2 hyphen la x hyphen 1a okay so
7097.44 -> only specific ab services have been made
7099.119 -> available so there's a particular ec2
7101.52 -> types ebs amazon fsx application load
7105.44 -> balancer amazon vpc
7107.76 -> they probably have extended it to more
7109.84 -> services do you need to know that for
7111.199 -> the exam no but you know the point is is
7113.52 -> that there's a limited subset of things
7115.76 -> that are available the purpose of local
7117.679 -> zone is to support highly demanding
7119.36 -> applications sensitive to latency so
7121.04 -> media and entertainment electronic
7123.28 -> design and automation ad tech machine
7125.84 -> learning so it kind of makes sense like
7127.119 -> you look at la they're in the media
7128.639 -> entertainment and so they're dealing
7129.92 -> with lots of media content so it has to
7132.32 -> be really low for them okay
7134.4 -> [Music]
7138.08 -> hey this is andrew brown from exam pro
7140 -> and we are taking a look at abus
7141.599 -> wavelength zones and these allow for
7143.44 -> edge computing on the 5g networks and
7146.4 -> applications will have ultra low latency
7148.639 -> being as close as possible to the users
7150.8 -> so abus has partnered with various
7152.639 -> telecom companies to utilize their 5g
7154.4 -> networks so we're looking at verizon
7156.4 -> vodafone kddi sk telecom and so the idea
7160.719 -> here is that you will create a subnet
7162.48 -> tied to a wavelength zone
7164.8 -> and then and just think of it as like an
7166.4 -> availability zone but it's a wavelength
7167.76 -> zone and then you can launch your vms to
7169.92 -> the edge of the targeted 5g network so
7172.56 -> that's the network you're using aws to
7175.84 -> deploy an ec2 instance and then when
7178.32 -> users connect to you know those radio
7180.719 -> towers those
7181.84 -> cell towers they're going to be routed
7183.679 -> to
7184.639 -> you know nearby hardware that is running
7186.96 -> those virtual machines okay and that's
7189.28 -> all it is it's just it's just ec2
7191.44 -> instances um but you know the advantage
7193.84 -> here is that it's like super super low
7195.76 -> latency okay
7197.34 -> [Music]
7201.52 -> hey this is andrew brown from exam pro
7203.44 -> and we are taking a look at data
7204.96 -> residency so this is the physical or
7207.199 -> geographical location of where an
7209.52 -> organization or cloud resources reside
7211.84 -> and then you have the concept of
7213.679 -> compliance boundaries so a regulatory
7215.52 -> compliance so legal requirement by
7217.599 -> government or organization that
7219.04 -> describes where data and cloud resources
7221.28 -> are allowed to reside and then you have
7223.52 -> the idea of data sovereignty so data
7225.36 -> sovereignty is the jurisdictional
7227.84 -> control or legal authority that can be
7229.84 -> asserted over data because its physical
7232.08 -> location is within a jurisdictional
7234.56 -> boundary and so the reason we care about
7236.8 -> this stuff is that if we want to work
7238 -> with the canadian government or the us
7240 -> government and they're like hey you got
7241.76 -> to make sure that you know if you want
7243.199 -> to work with us all the data has to stay
7245.119 -> in canada and you need to give them that
7247.04 -> guarantee so data residency is not a
7249.04 -> guarantee it just says where your data
7250.8 -> is right and compliance boundaries are
7253.199 -> those controls that are in place to say
7255.76 -> okay this is going to make sure that
7257.119 -> data stays where we want to be and date
7259.199 -> of sovereignty is just like the idea of
7260.88 -> the scope of the legal the legal stuff
7263.44 -> that ties in with compliance boundaries
7266.4 -> so how do we do that on aws well there's
7268.56 -> a few different ways but um let's just
7270.4 -> take a look at some ways that we can
7272.32 -> meet those compliance boundaries one
7274.639 -> which is very expensive but also very
7276.32 -> cool is aws outposts so this is a
7279.04 -> physical rack of servers that you can
7280.48 -> put in your data center and you'll know
7282.48 -> exactly where the data resides because
7284.48 -> you know it's physical if it's in your
7286.32 -> data center and you're in canada that's
7288.08 -> where it's going to be okay
7289.84 -> and i believe that you know there is
7291.36 -> only a subset of aws services that are
7293.679 -> available here but you know that is one
7295.36 -> option to you another is using like
7298.56 -> services for governance so like one
7300.239 -> could be abs config this is a policy as
7302.719 -> a code service so you can create rules
7304.719 -> to continuously check database resource
7306.239 -> configuration so if they deviate from
7308.4 -> your expectations you are alerted or
7310.4 -> image config can in some cases auto
7312.159 -> remediate so if you were expecting you
7314.4 -> know um you know you had an aws account
7316.96 -> and you're saying this account is only
7318.4 -> to be used for candid resources and
7320.4 -> somebody launches let's say something in
7322.32 -> another region then you could get an
7324.159 -> alert or to tell it was config to go
7326.56 -> delete that resource okay now if you
7328.96 -> want to prevent people from doing it all
7331.04 -> together that's where i am policies come
7333.119 -> into play so these can be written
7334.48 -> explicitly to deny access to specific
7336.4 -> aws regions and you know this is great
7338.96 -> if you're applying it to users or roles
7341.199 -> but if you wanted to have it
7342.32 -> organizational wide across all of your
7345.599 -> abus accounts you can use something
7346.88 -> called a service control policy that is
7349.04 -> just an i am policy that is used within
7351.119 -> its organizations that makes it
7353.199 -> organizational wide okay
7355.89 -> [Music]
7359.84 -> hey this is andrew brown from exam pro
7361.52 -> and we are looking at it for government
7363.44 -> so to answer that we first have to
7365.28 -> understand what is public sector so
7367.76 -> public sector includes public goods and
7369.44 -> government services such as military law
7372.32 -> enforcement infrastructure public
7374.32 -> transit public education health care and
7377.04 -> the government itself so abus can be
7379.04 -> utilized by the public sector or
7380.639 -> organizations developing cloud workloads
7382.48 -> for the public sector enables achieves
7384.8 -> this by meeting regulatory compliance
7386.4 -> programs along with specific governance
7388.159 -> and security controls
7390.159 -> so this could be i meet the requirements
7392.08 -> with hipaa fedramp um cjis and fips okay
7397.119 -> so amaz has a special regions or special
7399.36 -> regions for us regulation called
7401.52 -> govcloud which we'll talk about next
7403.44 -> okay
7407.22 -> [Music]
7408.48 -> hey this is andrew brown from exam pro
7410.239 -> and we are taking a look at govcloud and
7412 -> to understand what govcloud is we need
7413.52 -> to know what fedramp is so fedramp
7415.28 -> stands for federal risk and
7416.56 -> authorization management program it's a
7418.56 -> u.s government-wide program that
7420.32 -> provides a standardized approach to
7421.84 -> security assessment authorization
7424.08 -> continuous monitoring for cloud products
7425.84 -> and services so that we know what
7427.679 -> fedramp is
7428.96 -> what is govcloud well
7431.199 -> and again it's not particular to aws
7433.52 -> because azure has govcloud as well but
7435.599 -> a cloud service provider like aws or
7437.199 -> azure general will offer an isolated
7439.36 -> region to run fedramp workloads and so
7442.719 -> in aws it's called govcloud and these
7445.52 -> are specialized regions that allow
7447.199 -> customers to host sensitive controlled
7449.199 -> unclassified information and other types
7451.52 -> of regulated workloads so govcloud
7453.119 -> regions are only operated by you by u.s
7455.679 -> citizens on u.s soil they are only
7458.159 -> accessible to u.s entries and root
7460 -> account holders who pass a screening
7461.92 -> process
7462.88 -> customers can architect secure cloud
7464.96 -> solutions that comply with fedramp uh do
7468.159 -> the doj's
7469.599 -> credible justice information systems uh
7472.4 -> security policy the u.s international
7475.199 -> traffic and arms regulation
7478.56 -> export administration regulations the
7480.96 -> department of defense cloud computing
7482.48 -> security requirements and guides so if
7484.48 -> you want to work with the us government
7486.079 -> you want to
7487.44 -> engineer and use govcloud okay
7490.52 -> [Music]
7494.88 -> hey this is andrew brown from exam pro
7496.8 -> and we're taking a look at uh running
7498.88 -> ada bus in china so eight of us china is
7501.199 -> the ito's cloud offering in mainland
7502.96 -> china enemies china is completely
7504.96 -> isolated intentionally from adamus
7506.56 -> global to meet regulatory compliance
7508.159 -> from mainland china so that means that
7509.84 -> if you make a workload on the awesome
7511.76 -> global you can't
7513.679 -> interact with it within the aws china
7515.52 -> one okay it's basically treated like a
7518.4 -> completely separate service like adabus
7520.4 -> has its own chinese version uh and so it
7523.28 -> was china is on its own domain at amazon
7526.36 -> aws.cn and for everybody else that's
7528.96 -> what's considered it is global so when
7530.4 -> i'm using adabus from canada or use it
7532.96 -> from the u.s or from india or from
7535.36 -> europe or wherever that is the adabus
7537.84 -> global okay
7539.28 -> so in order to operate in aws china
7541.76 -> regions you need to have a chinese
7544.079 -> business license so icp license not all
7547.04 -> services are available in china so
7549.28 -> you will not have the use of route 53
7552.4 -> and you might say well why not just run
7554.32 -> in
7555.119 -> singapore and it was global and you
7556.8 -> could do that but the advantage of
7558.8 -> running in mainland china means that you
7560.56 -> would not have to traverse the great
7563.119 -> firewall okay so all your traffic is
7565.199 -> already within china so you don't have
7566.56 -> to
7567.28 -> deal with that airbus has two regions in
7569.679 -> mainland china so uh there's this one
7572 -> here which is the northwest region
7573.76 -> operated by nswc
7576.56 -> and then you have the one in beijing
7578.159 -> north one operated by uh synnet so you
7580.96 -> know itabus just could not meet the the
7583.36 -> compliance requirements so they had to
7584.88 -> partner with local providers uh or data
7587.36 -> centers and so that is how that works
7589.44 -> okay
7590.55 -> [Music]
7594.88 -> all right so i want to show you how you
7596.159 -> get over to the
7598.159 -> chinese database management console so
7600.32 -> this one is
7601.48 -> adabus.amazon.com that is the global one
7603.76 -> for everyone outside of mainland china
7606.639 -> but if you want to run resources uh on
7609.04 -> data centers within mainland china this
7610.639 -> is at amazon awesome.cn
7613.52 -> and so it looks very similar if you go
7615.44 -> to create a free account you're going to
7617.44 -> fill in this stuff but notice that you
7619.679 -> need to have your business registration
7621.52 -> certificate uh and additional
7623.28 -> information in order to run these data
7625.199 -> centers down below that aws is partnered
7626.88 -> with also notice that the logo doesn't
7628.88 -> say aws in it and there's a good reason
7632.079 -> for that if i type in aws trademark
7633.92 -> china
7635.679 -> inbus is actually banned from using the
7637.199 -> aws logo in china uh for whatever reason
7640.159 -> it's a weird reason if you ever want to
7641.599 -> read about it but that's why you don't
7643.199 -> see aws here all right
7646.32 -> so yeah there you go
7648.58 -> [Music]
7653.28 -> hey this is andrew brown from exam pro
7655.04 -> and we are looking at sustainability for
7656.88 -> aws global infrastructure and before we
7658.719 -> talk about that let's talk about the
7660 -> climate pledge so amazon co-founded the
7662.159 -> climate pledge to achieve net zero
7664.32 -> carbon emissions by 2040 across all of
7666.96 -> amazon's businesses which includes aws
7669.76 -> if you all want to find out more
7670.8 -> information go to
7672.84 -> sustainability.about amazon.com there's
7675.36 -> a lot of great information there and
7676.639 -> you'll learn exactly how
7678.639 -> uh aws is achieving this in particular
7680.719 -> like their data centers it's very
7681.92 -> interesting okay so aws cloud
7684.239 -> sustainability goals are composed of
7685.599 -> three parts the first is renewable
7687.36 -> energy so eight of us is working towards
7689.199 -> having their abs global infrastructure
7691.28 -> powered by 100 renewable energy by 2025
7695.52 -> and abbas purchases and retires
7697.28 -> environmental attributes to cover the
7699.199 -> non-renewable energy for abyss global
7701.36 -> infrastructure
7702.4 -> so they would purchase things like
7703.92 -> renewable energy credits also known as
7705.76 -> recs guarantees of origin so gos the
7709.28 -> second point here is cloud efficiency so
7711.119 -> abyss infrastructure is 3.6 times more
7713.679 -> energy efficient than the medium of u.s
7716.079 -> enterprises data centers surveyed so
7718.32 -> that's going to really rely on that
7719.679 -> survey surveys are not always that great
7721.52 -> so you know take that with a grain of
7723.36 -> salt okay then we have water stewardship
7726.639 -> so
7727.36 -> direct evaporative technology to cool
7729.52 -> our data centers use of non-uh potable
7733.199 -> water for cooling purposes so the
7734.48 -> recycling water on-site water treatment
7736.88 -> allows us to remove
7738.56 -> us them to remove scale forming minerals
7741.36 -> and reuse waters
7743.119 -> for more cycles water efficiency metrics
7745.52 -> to determine and monitor optimal water
7747.76 -> use for each adibus region and you'll
7750.079 -> find that water plays a large part on
7753.119 -> making these
7754.639 -> um
7755.92 -> these data centers very efficient okay
7758.74 -> [Music]
7762.719 -> so i just wanted to show you where you
7764 -> get to that sustainability information
7765.92 -> so i just went to itabus global
7767.28 -> infrastructure you click sustainability
7769.76 -> and that's going to bring us over to
7771.92 -> oops i have my twitter open there to the
7773.599 -> sustainability in the cloud so if you
7775.84 -> want to read a bunch of stuff here about
7778.159 -> things that are going on that database
7779.52 -> is up to see
7781.199 -> how they are progressing with renewable
7783.199 -> energy
7784.56 -> there's cloud efficiency up here so you
7786.639 -> know how they being efficient it's worth
7788.56 -> the read to really understand that
7790.32 -> there's a lot of water involved like
7792.159 -> reducing water and data centers i
7793.679 -> thought that was really interesting
7795.52 -> um i mean they have native podcasts but
7798.56 -> i don't think there's really much to it
7800.639 -> a bi-weekly podcast of bite-sized
7802.56 -> stories about how tech makes the world
7804.56 -> better that's not necessarily a
7806.32 -> sustainability podcast it's just the
7808.639 -> endless podcast in general there's a
7810.639 -> download center
7812 -> um amazon's 2020 sustainability reports
7814.719 -> so i guess you can download the reports
7816.32 -> to see what is going on there so we
7818.239 -> could download the progress here and see
7820.32 -> what they've been up to
7823.199 -> okay so there's a bunch of numbers
7824.48 -> things like that okay very short reports
7827.52 -> but hey at least you can download them
7828.8 -> okay so just in case you're
7831.119 -> very interested in sustainability all
7832.88 -> right
7833.5 -> [Music]
7837.599 -> hey this is andrew brown from exam pro
7839.36 -> and we are taking a look at abus ground
7841.28 -> station so this is a fully managed
7843.119 -> service that lets you control satellite
7845.199 -> communications process data and scale
7847.76 -> your operations without having to worry
7849.599 -> about building or managing your own
7851.28 -> ground station infrastructure and so
7854 -> when we're talking about ground station
7855.44 -> a really good way to cement what the
7857.44 -> service is is just think of a big
7859.679 -> antennae dish that's pointing to the sky
7861.92 -> trying to communicate with satellites
7863.36 -> because that's essentially what the
7864.56 -> service is doing so the use cases here
7866.96 -> could be for weather forecasting surface
7869.04 -> imaging communications video broadcasts
7872.079 -> and to use ground station the idea is
7873.679 -> that you would schedule a contact so
7875.84 -> that's where you're selecting a
7876.88 -> satellite a start and end time in the
7878.639 -> ground location and then you use an
7880.96 -> abuse ground station ec2 ami and amazon
7883.52 -> machine image to launch ec2 instances
7885.84 -> that will uplink and downlink
7888.32 -> data during the contact or receive
7890.48 -> downlink data in an amazon s3 bucket a
7893.76 -> use case could be something like you are
7895.76 -> a company you've reached an agreement
7897.199 -> with a satellite image provider to use
7899.44 -> their satellites to take photos for a
7900.88 -> specific region or time or whatever and
7903.44 -> so the idea is that you are using aws
7905.599 -> ground station to communicate to that
7907.84 -> company satellite and download that as
7910.4 -> that image data to your s3 bucket okay
7913.33 -> [Music]
7920.159 -> hey this is andrew brown and we are
7921.76 -> looking at able's outposts and this is a
7923.599 -> fully managed service that offers the
7925.119 -> same ableist infrastructure services
7927.199 -> apis tools to virtually any data center
7929.84 -> co-location space or on-premise facility
7932 -> for a truly consistent hybrid experience
7934.159 -> and just to kind of summarize it it's a
7935.76 -> rack of servers running aws stuff on
7938.32 -> your physical location okay
7940.4 -> so before we jump into the service or
7942.639 -> technology itself uh let's talk about
7944.88 -> what is a rack server or just a rack so
7947.52 -> it's a frame designed to hold and
7949.44 -> organize it equipment so here's an
7951.599 -> example of a four to u rack
7954.8 -> and there's a concept of rack heights so
7957.28 -> the u stands for rack units or u spaces
7960.239 -> uh with it equal to 1.75 inches and the
7964.4 -> industry standard rack is a 4 8 u um so
7968 -> that is a seven foot rack so um a full
7972.079 -> uh size rack cage is commonly the four
7974.719 -> two high
7976.079 -> okay and uh in it you might have
7978.48 -> equipment that is of different sizes so
7980 -> there could be one u two u three u or
7983.04 -> four u high so here's an example of you
7985.599 -> know of an interior of a rack and notice
7987.84 -> that like one u two u for u they're all
7990 -> a little bit shaped differently uh but
7991.679 -> they give you kind of an idea of um you
7994 -> know what those are
7995.76 -> so it's outpost comes in three form
7998.159 -> factors the four to you the one you and
8000.639 -> the two you so the uh the first one here
8003.04 -> the four to you this is basically a full
8006 -> rack of servers provided by aws so
8007.679 -> you're not just getting the frame it
8009.36 -> actually comes with you know servers uh
8012.079 -> and so abs delivers it to your preferred
8013.84 -> physical site fully assembled and ready
8015.52 -> to be rolled into the final position it
8017.52 -> is installed by aws and the rack needs
8019.36 -> to be simply plugged in to the power and
8021.52 -> network and there's a lot of details
8023.36 -> about um the specs on this on the adabus
8025.76 -> website so you know i'm not going to go
8027.36 -> through them all here um then there are
8029.44 -> servers that you can just place into
8030.96 -> your existing racks so we have the 1u so
8033.679 -> this is suitable for 19 inch wide 24
8036 -> inches deep cabinets it's using it with
8038.88 -> gravitron 2
8041.199 -> cpus and you can have up to 64 virtual
8044.079 -> cpus we have 128 gigabytes
8047.36 -> 4 terabytes of local nvm
8050.239 -> storage um and then you have the u or
8053.52 -> sorry the 2u
8055.44 -> so suitable for 19 inch wide 36 inch
8058.079 -> deep intel processors up to 128 virtual
8061.119 -> cpus 256 gigabytes of memory eight
8064.159 -> terabytes of local nvme storage so there
8067.36 -> you go
8068.35 -> [Music]
8072.88 -> let's take a look at cloud architecture
8075.04 -> terminologies before we do let's talk
8076.8 -> about some of the roles that are around
8078.719 -> doing cloud architecture so the first is
8080.56 -> solutions architect this is a role in a
8082.88 -> technical organization that architects a
8085.04 -> technical solution using multiple
8087.04 -> systems via researching documentation
8089.76 -> and experimentation and then you have
8091.84 -> the cloud architect this is a solutions
8093.76 -> architect that is focused solely on
8095.28 -> architecting technical solutions using
8097.44 -> cloud services understand that in the
8100.079 -> actual marketplace a lot of times
8101.679 -> solutions architect is used to describe
8103.44 -> both a cloud architect and a solutions
8105.28 -> architect
8106.32 -> and you know
8107.84 -> these are going to highly vary based on
8109.679 -> your locality and how companies want to
8111.52 -> use these terms but this is just me
8113.199 -> broadly defining them here so just don't
8114.719 -> take them as a perfect word in terms of
8117.44 -> what they're representing so a cloud
8119.36 -> architect needs to understand the
8120.719 -> following terms and factors
8122.639 -> and factor them into their designed
8124.4 -> architecture based on the business
8125.84 -> requirements so we have the idea of
8127.76 -> availability your ability to ensure
8129.44 -> service remains available scalability
8131.36 -> your ability to grow rapidly or
8132.639 -> unimpeded elasticity your ability to
8134.8 -> shrink and grow to meet the demand fault
8136.8 -> tolerance your ability to prevent a
8138.079 -> failure disaster recovery your ability
8140 -> to recover from a failure and there are
8142.88 -> a couple other things that uh you that
8144.8 -> should be considered they're not
8146 -> terminologies but they're definitely
8147.44 -> important to a solutions architect or
8149.199 -> cloud architect
8150.8 -> and uh these are things you always need
8152.88 -> to consider
8154.719 -> as well and this is just me talking to
8156.639 -> my solutions architect friends where
8157.84 -> they'll always ask me these two
8159.119 -> questions after presentation they'll say
8161.36 -> how secure is the solution and how much
8163.679 -> is this going to cost all right and so
8166.239 -> for the terminologies up here we're
8168.32 -> going to define these right away and
8170.4 -> we're going to figure these out
8171.679 -> throughout the course we have two giant
8173.36 -> sections just on cost and security alone
8175.76 -> uh so there we go
8180.96 -> the first term we're looking at is high
8182.719 -> availability and this is your ability
8184.239 -> for your service to remain available by
8186.079 -> ensuring there is no single point of
8187.679 -> failure
8189.04 -> and or you ensure a certain level of
8190.96 -> performance so the way we're going to do
8193.04 -> that on aws is you'd want to run your
8195.519 -> workload across multiple availability
8197.439 -> zones to ensure that if one or two
8199.76 -> availability zones became unavailable
8201.76 -> your servers or applications remain
8203.439 -> available because those other
8205.84 -> those other servers are going to be
8207.359 -> there and the way we would accomplish
8208.639 -> that is via elastic load bouncer so a
8210.88 -> load balancer allows you to evenly
8212.559 -> distribute traffic to multiple servers
8214.639 -> in one or more data center if a data
8216.399 -> center or server becomes unavailable or
8218.16 -> unhealthy the load bouncer will route
8220.319 -> the traffic to only the available data
8222.399 -> centers within the server and understand
8225.04 -> that just because you have additional
8226.719 -> servers doesn't mean that you are you're
8228.559 -> available you have to you might need to
8230.559 -> meet a particular threshold of
8231.92 -> availability so you might need to have
8233.76 -> at least two servers always running to
8235.359 -> meet the demand so it's based on the the
8237.439 -> demand of traffic okay
8239.379 -> [Music]
8243.76 -> let's take a look here at high scale
8245.359 -> abilities so this is your ability to
8246.96 -> increase your capacity based on the
8249.04 -> increasing demand of traffic memory and
8251.359 -> computing power and we have the terms
8253.76 -> vertical scaling so scaling up
8256.319 -> this is where you upgrade to a bigger
8257.76 -> server and then there's horizontal
8259.28 -> scaling scaling out this is where you
8261.12 -> add more servers of the same size and
8263.599 -> the great thing about scaling out or
8265.04 -> adding additional servers is that you're
8266.639 -> also going to get high availability so
8268.88 -> if you do need two servers it's always
8270.8 -> better to you know add an additional
8272.479 -> server as opposed to having a larger
8274.08 -> server but it's going to be very
8275.439 -> dependent on a lot of factors okay
8278.45 -> [Music]
8282.639 -> so scalability and elasticity seem very
8285.12 -> similar but there is a crucial
8286.559 -> difference and this is your ability to
8288.24 -> automatically increase or decrease your
8290.719 -> capacity based on the current demand of
8292.639 -> traffic memory and computing power again
8294.96 -> it's the it's the fact that it happens
8296.479 -> automatically and you can go both ways
8298.24 -> increase or decrease so for horizontal
8300.96 -> scaling we have the concept of scaling
8302.559 -> out so add more servers of the same size
8305.2 -> and then scaling in removing
8307.12 -> underutilized servers of the same size
8310.16 -> and vertical scaling is generally hard
8312 -> for traditional architectures so you'll
8314 -> usually only see horizontal scaling
8315.84 -> described with elasticity
8318.16 -> and the way we would accomplish uh being
8320.319 -> highly elastic is using auto scaling
8322.319 -> groups asgs and this is a database
8324.639 -> feature that will automatically add or
8326 -> remove servers based on scaling rules
8328.24 -> you define based on those metrics okay
8331.42 -> [Music]
8335.599 -> let's talk about being highly fault
8337.28 -> tolerant so this is your ability for
8338.8 -> your service to ensure there is no
8340.479 -> single point of failure preventing the
8342.399 -> chance of failure and the way we could
8344.24 -> do that is with failovers so this is
8346.719 -> when you have a plan to shift traffic to
8348.88 -> a redundant system in case the primary
8350.96 -> system fails a very common example is
8353.359 -> having a copy or secondary uh
8357.12 -> of your database where all ongoing
8359.12 -> changes are synced the secondary system
8361.2 -> is not in use until a failover occurs
8363.439 -> and it becomes the primary database so
8366.479 -> when we're talking about databases on
8367.76 -> abs this is the concept of rds multi-az
8371.28 -> so this is when you run a duplicate
8372.96 -> standby database in another availability
8375.2 -> zone in the case your primary database
8377.359 -> fails
8378.41 -> [Music]
8382.399 -> and last here is high durability so this
8384.559 -> is your ability to recover from a
8385.92 -> disaster and to prevent the loss of data
8388.319 -> so solutions that recover a disaster uh
8390.56 -> from a disaster is known as disaster
8392 -> recovery so do you have a backup how
8394.24 -> fast can you restore the backup does
8395.92 -> your backup still work how do you ensure
8397.68 -> current live data is not corrupt and so
8399.68 -> maybe a solution aws would be using
8401.359 -> cloud endure which is a disaster
8402.96 -> recovery service which continuously
8405.12 -> replicates your machines in a low cost
8406.88 -> staging area in your target apes account
8408.96 -> and preferred region enabling fast and
8410.479 -> reliable recovery in the case of an i.t
8412.64 -> data center fails okay
8418.37 -> [Music]
8419.76 -> so to understand disaster recovery we
8421.68 -> need to know more about uh things around
8424.56 -> it like business
8425.92 -> continuity plans bcps and rtos and rpos
8429.6 -> so a bcp is a document that outlines how
8433.28 -> a business will continue operating
8434.72 -> during unplanned disruption in services
8437.12 -> so it's basically the plan that you're
8438.399 -> going to execute
8439.92 -> if that happens and so here we have a
8442.64 -> disaster and you can see that there's a
8444.399 -> chance of data loss and downtime and
8446.96 -> these two
8448.72 -> factors as rpo and rto are going to
8450.64 -> define the length of these durations so
8453.2 -> recovery point objective is the maximum
8455.28 -> acceptable amount of data loss after an
8457.2 -> unplanned data loss incident expressed
8459.2 -> this amount of time so how much data are
8461.04 -> you willing to lose
8462.64 -> and then recovery time objective so the
8464.8 -> maximum amount of downtime your business
8466.64 -> can tolerate without incurring a
8468.479 -> significant financial loss so how much
8471.04 -> time you're willing to go down okay
8473.76 -> so those are the two there and now let's
8475.359 -> go take a look at the disaster recovery
8477.12 -> options that we can use to define in our
8480.08 -> our bcp
8481.69 -> [Music]
8485.76 -> so let's take a look at our disaster
8487.359 -> recovery options uh and based on what
8489.6 -> you choose they're going to be a trade
8490.96 -> of cost versus time to recover based on
8493.12 -> the rpos your rtos of course and so
8495.6 -> sometimes this is re represented
8497.359 -> vertically like a a thermostat or you
8499.92 -> can do it horizontally here both are
8502.319 -> valid ways of displaying this
8503.6 -> information but i just have it
8504.8 -> horizontally here today and so we have
8507.28 -> low or high or you could say
8510.24 -> even though i don't have it written here
8511.6 -> this could be cold or this could be hot
8514.399 -> okay
8515.28 -> so um on the left hand side we got back
8517.52 -> up and restore pilot light warm standby
8520.56 -> multi active site notice we're using the
8522.56 -> like the words like pilot light warm
8524.16 -> things that are relating to temperature
8526.08 -> so again cold and hot all right
8529.28 -> so let's just walk through what each of
8531.359 -> these things us conceptually do uh in
8533.76 -> terms of architecture so when you're
8535.6 -> doing a backup restore you're back you
8537.68 -> basically back up your data
8539.76 -> and at the time of disaster recovery
8541.52 -> you're just going to restore it to new
8542.56 -> infrastructure
8543.84 -> for a pilot light the data is replicated
8545.76 -> to another region with the minimal
8547.439 -> services running to keep on replicating
8549.84 -> that data and so you might have some
8551.359 -> core services running a warm standby is
8554.08 -> a scaled down copy of your
8555.359 -> infrastructure so you basically have
8556.72 -> everything that you would absolutely
8558.319 -> need to run an application but the idea
8560.72 -> is it's not at scale and so at any time
8562.96 -> when there's an incident you're going to
8564.24 -> scale up to the capacity that you need
8566.88 -> and then you have multi-site active
8568.479 -> active where you you have a scaled up
8570.72 -> copy of your infrastructure in other
8571.92 -> regions so basically everything you have
8574.24 -> identically in another region and so in
8576.64 -> terms of the rpos and the rtos for back
8578.96 -> and restore you're looking at hours uh
8580.88 -> with the pilot light you're looking at
8582.08 -> 10 minutes with a warm standby you're
8584 -> looking at minutes and multi-site active
8586.64 -> active you're looking at real time so
8589.28 -> you know hopefully that gives you an
8590.64 -> idea of you know the difference in terms
8592.64 -> of scale but let's just look at more
8594.16 -> detail so for a backup and restore this
8596.319 -> is for low priority use cases restore
8598.8 -> data after event deploy resources after
8601.2 -> an event and it's very cost effective
8603.76 -> for pilot light you this is where you
8606 -> have less stringent rtos and rpos so
8608.479 -> that you're going to be just running
8609.359 -> your core services
8610.96 -> you're going to start and scale
8611.92 -> resources after the event and this is a
8613.76 -> little bit more expensive this is
8616.16 -> very good for warm standby is good for
8618.16 -> business critical services so you scale
8620.56 -> resources after the event uh and it's
8623.359 -> almost very it's very it's costly but
8625.76 -> it's not as expensive as a multi-site
8628 -> active active so you get zero downtime
8630.64 -> near zero loss uh you have it's great
8633.6 -> for mission critical services and it's
8635.2 -> just as expensive as your original
8637.92 -> infrastructure so you're basically
8639.04 -> doubling the cost there okay
8640.86 -> [Music]
8645.359 -> so we already defined rto but let's
8647.359 -> redefine it again based on what aws
8650 -> describes in their white paper and just
8652.24 -> look at how it maps against the disaster
8654.72 -> recovery options so
8656.64 -> recovery time objective is the maximum
8658.319 -> acceptable delay between the
8659.84 -> interruption of service and restoration
8661.359 -> of service this objective determines the
8664.16 -> what is considered an acceptable time
8665.84 -> window when service is unavailable and
8667.68 -> is defined by the organization and so
8669.76 -> this is the diagram found in the white
8671.28 -> paper and so on the left-hand side we
8673.6 -> have cost and complexity here and then
8676.24 -> lengths of service interruption and what
8678.64 -> you can see here is that the cost and
8680.16 -> complexity for a multi-site active
8682.16 -> active is very high but the length of
8684.88 -> service interruption is zero
8687.2 -> and then as we go down we have warm
8689.28 -> standby so it's significantly like at
8691.92 -> least half the complexity of that one
8694.96 -> then we have our pilot light down here
8696.96 -> and backup and restore but notice backup
8698.64 -> restore takes the longest amount of time
8701.28 -> and notice here we have a recovery time
8703.12 -> objective so in your bcp you kind of
8705.04 -> define where that is based on the cost
8706.96 -> of business impact so you might have to
8708.64 -> calculate that saying okay what is our
8710.399 -> cost over time based on the length of
8711.92 -> service interruption where do we want
8713.76 -> our rto to be what is the acceptable
8716.399 -> recovery cost and this is where you're
8718.319 -> going to decide uh what you want to do
8720.8 -> so here we have pilot light and backup
8722.64 -> and restoring so this company
8724.64 -> he has to decide whether they want to do
8726.399 -> a pilot light or they're going to do a
8728.16 -> back and restore but it sounds like this
8729.52 -> is where they're going to be which is at
8730.96 -> the pilot
8732.319 -> light for what is acceptable in their
8734.24 -> business use case okay
8740.08 -> let's do the same for rpo so recovery
8742.16 -> point objective is the maximum
8743.6 -> acceptable amount of time since the last
8745.439 -> data recovery point the objective
8746.88 -> determines what is considered an
8748.16 -> acceptable loss of data between the last
8750.319 -> recovery point and the interruption of
8751.76 -> service and is defined by the
8752.96 -> organization again we pulled this from
8755.04 -> the aws white paper for disaster
8757.04 -> recovery and uh we have cost and
8760 -> complexity but this time it's replaced
8761.84 -> with data loss before service
8763.439 -> interruption
8764.88 -> so uh for multi-site again it's going to
8767.76 -> be very expensive and high up here as
8769.76 -> you notice it's not like a perfect um
8773.28 -> curve it's just it's a bit different in
8774.96 -> terms of what it looks like so here we
8776.64 -> have warm stand standby pilot light and
8780 -> so you'll see that the data loss is um
8782.72 -> not a big deal but for backup and
8784.16 -> restore it really juts out there so you
8786.56 -> can see that you can get pretty good
8788.08 -> results just with the pilot light and
8790.08 -> the cost and complexity is very low
8791.92 -> again we have to look at our cost and
8793.52 -> business impact so we got to follow that
8795.2 -> line and we need to see where our
8797.439 -> acceptable recovery cost is
8800.56 -> and so
8801.92 -> you're going to notice that we have a
8803.52 -> bit of an intersection here
8806.24 -> okay and so we need to determine you
8807.76 -> know like are we going to be doing a
8809.439 -> warm standby it looks like we have the
8811.04 -> cost to do it
8812.56 -> um
8813.76 -> but you know it just really depends you
8815.12 -> know do we want to be down here or down
8816.56 -> there okay so
8818.08 -> hopefully that helps and visualize that
8819.52 -> information for you
8823.86 -> [Music]
8825.28 -> hey this is andrew brown from exam pro
8827.04 -> and what i want to show you here is a
8828.399 -> real world architectural diagram i
8830.08 -> created this a while ago this is a
8831.439 -> previous version of the
8833.2 -> example or technically teacher see
8834.88 -> platform that powers the learning
8836.88 -> experience for my cloud certifications
8839.28 -> and so i'm hoping that by giving you
8840.64 -> some exposure you'll absorb some
8842.24 -> information here
8843.84 -> and that will carry through to really
8845.2 -> help you cement what these services do
8846.96 -> and how they work together
8848.56 -> now you might be asking how did i make
8850 -> this well i'm in adobe xd it's by
8851.76 -> photoshop or sorry adobe it's free to
8854 -> download but there's a lot of options
8855.52 -> out there and but the first thing you'll
8857.2 -> need is those aws architectural icons so
8859.52 -> these are free on aws you can download
8861.68 -> them in powerpoint download those assets
8863.439 -> as svgs and pngs which is what i have
8865.76 -> done and start using them in your um
8868.72 -> whatever software you like there's also
8870.56 -> third party providers out there so like
8872.16 -> there's lucidcharts i love lucidcharts
8874 -> but i don't use it to make architectural
8875.52 -> diagrams for aws um but you know you can
8879.04 -> drag drop and stuff and they already
8880.56 -> have the library there and there's a
8882 -> bunch of them that you can choose from
8884.16 -> so
8885.12 -> uh you know that's interesting but let's
8886.72 -> take a look at one that we can download
8888.24 -> maybe everyone's familiar with
8889.6 -> powerpoint so here is the aws
8891.84 -> architectural icons and the reason i'm
8893.52 -> showing you this is not because it just
8895.04 -> contains icons but it also suggests how
8897.52 -> you should build them so if i go through
8899.6 -> here they'll give you a definition of
8901.2 -> those system elements uh how they would
8903.84 -> look like here so we have our group
8905.359 -> icons our layer group our service icons
8907.68 -> resource icons where they should go
8909.92 -> and then they have some interesting
8911.439 -> guidelines of like do's and don'ts so
8913.92 -> here's like a simple example of a get to
8915.76 -> an s3 bucket
8917.28 -> here's an example of using vpc subnets
8920.479 -> and things like that on the inside
8922.479 -> um and then
8924 -> you can see kind of like all the groups
8925.68 -> that we have
8927.359 -> and they'll show all like the uh the
8930.16 -> arrows it's a big faux pas to make a
8933.52 -> diagonal arrows that's just something
8935.2 -> that it was defined but you'll see a lot
8936.64 -> of people do them anyway
8938.319 -> and then you'll see all the icons so do
8940.72 -> you have to make them like eight of us
8942.16 -> suggest no but you know if you like the
8944.399 -> way they look that is fine everyone just
8946.319 -> does whatever they want honestly so
8948.16 -> anyway now that we've seen you know how
8950.24 -> we can go get the resources to make our
8952.399 -> own i have adobe xd opened up here and
8954.64 -> so i just kind of want to walk you
8955.76 -> through what's going on here so again i
8957.28 -> said this is a
8958.96 -> traditional
8961.2 -> architecture meaning that it's powered
8962.88 -> by virtual machines and so what we need
8965.12 -> to look for uh is ec2 because that's
8967.68 -> where it's going to start that's our
8968.72 -> virtual machine and you'll notice we
8970.08 -> have one here so there's a t2 um
8973.6 -> that's running over here and then over
8975.28 -> here we have a t2 okay so
8977.84 -> we have a blue and a green environment
8979.28 -> so this is our running environment so
8981.12 -> i'm just going to zoom on in here
8983.52 -> okay so the web app would be running on
8985.28 -> this
8986.399 -> and
8987.68 -> and then on the outside here we have an
8989.28 -> auto scaling group and so auto scaling
8990.88 -> groups allow us to
8992.64 -> manage a group of ec2 instances and they
8995.04 -> will automatically scale if the demand
8996.96 -> increases or
8998.399 -> or decline so if this machine can't
9000.8 -> handle it it will just automatically
9002.08 -> provision a new one and so i've
9003.84 -> contained it in this environment here
9005.439 -> because i'm representing a blue green
9007.28 -> deploy meaning that when i deploy this
9009.76 -> will get this will be the environment
9011.2 -> that replaces things and so you can see
9013.28 -> i have a lot of lines being drawn around
9015.12 -> here so
9016.64 -> over here we have uh
9019.28 -> parameter store so parameter store is a
9021.2 -> place where we can store our environment
9023.12 -> variables
9024.16 -> um or application configuration
9025.92 -> variables and so i have this line going
9027.84 -> here and it's just saying we're going to
9030.16 -> take these environment variables and put
9032.319 -> them into the application okay
9035.439 -> and then there's also uh the database
9037.52 -> credentials so here we are using
9039.12 -> postgres over here so
9041.28 -> and then we need the database
9042.399 -> credentials so we're grabbing those
9043.68 -> database credentials those are stored in
9045.2 -> secrets manager and we're giving to the
9047.04 -> application so the app knows how to
9048.96 -> connect to the database and this one
9050.72 -> knows how to uh configure it okay
9053.68 -> then we have a bunch of
9055.92 -> uh buckets here for different
9057.439 -> organizations and so you know s3 is for
9060.08 -> storage so this is a way we're going to
9062.399 -> um store a variety of things so like
9064.399 -> user data assets artifacts
9066.24 -> cloudformation templates so some of this
9068.24 -> is for the app some of them is for the
9070.08 -> infrastructure so that's one thing there
9072.96 -> okay then over here we have a ci cd
9075.92 -> pipeline so
9077.28 -> we have code pipeline and so code
9079.2 -> pipeline is triggered by github so we
9081.68 -> put our code in github and when that
9083.52 -> happens it's going to do a code build so
9085.6 -> that's going to build out a server
9088.88 -> and then from there it's going to run
9090.64 -> another code build server and then from
9092.8 -> there it's going to then um
9096.479 -> use codeploy and so codeploy is going to
9099.439 -> trigger a deploy what it will do is
9101.04 -> create a new environment so it's going
9102.64 -> to create a copy of this
9104.96 -> um
9106.399 -> sorry it's going to create a cop this is
9107.6 -> actually the environment that's running
9108.479 -> so we'll copy that and that will be our
9110.24 -> new environment right
9112.16 -> okay
9113.52 -> and so when the deploy is done it will
9115.04 -> swap and that environment will become
9116.96 -> this new one
9118.319 -> um and so you know again this is
9120.64 -> actually really the the running server
9122.319 -> it's just kind of easy to get hung up on
9123.92 -> this one
9124.88 -> but the idea here is that um you know
9127.2 -> that's how deployment works but let's
9128.72 -> say
9129.439 -> you know we want to get uh
9131.12 -> traffic to this actual instance this is
9133.359 -> going to come through the internet
9135.12 -> and the internet is going to probably go
9136.96 -> to revit three so reference three is
9138.72 -> used for domain names so this would be
9140.24 -> like example teacherseek.com
9143.04 -> we pass that over to our elastic load
9144.64 -> bouncer which in this case is an
9146.88 -> application load bouncer that's why it's
9148.319 -> called alb and that's going to
9150.319 -> distribute the traffic there if we
9152 -> wanted to run the server in another
9154.56 -> um
9155.6 -> in another availability zone so that we
9157.84 -> make it highly available
9159.52 -> you know alb the elastic load balancer
9161.359 -> application load bouncer is going to
9163.6 -> have some traffic go here and some
9165.12 -> traffic go there so this is just
9167.2 -> the blue environment or whichever the
9168.8 -> current environment is over here
9170.8 -> now when we want to deploy new versions
9173.359 -> we're going to use launch templates and
9175.52 -> launch templates um
9177.76 -> uh are necessary when using auto scaling
9179.92 -> groups so um you know you do have to
9181.6 -> define launch template it just says like
9183.68 -> what is the shape of this instance type
9185.359 -> like what's this family what should it
9186.96 -> be
9187.76 -> and then we need an amazon machine image
9189.52 -> so our amazon machine image is custom
9191.52 -> built because we are installing all the
9193.12 -> stuff that we want on it and so in order
9196 -> to automate that process we are using um
9198.8 -> ssm automation documents so ssm stands
9201.439 -> for systems manager and automation
9203.68 -> allows you to automate that step so what
9205.6 -> it's going to do is launch an instance
9206.96 -> install ruby install postgres download
9208.96 -> the code base then it's going to create
9210.8 -> that ami
9212.24 -> and then um it will do a bunch of other
9214.88 -> stuff here as well
9216.64 -> and this is going to run weekly or
9218.319 -> actually at the time uh it was running
9220.08 -> nightly so we're doing nightly builds so
9222.08 -> that we would always get the latest um
9224.08 -> updates to our server
9226.24 -> because it's a virtual machine there
9227.439 -> could always be uh new updates for that
9229.68 -> linux version or amazon machine limit
9232.399 -> next version we were using
9234.319 -> and then there's a bunch of other stuff
9235.68 -> here so you know hopefully that kind of
9238.08 -> gives you an idea of like the complexity
9239.84 -> of it and you know this is how i like to
9241.439 -> make my architectural diagrams very in
9242.96 -> detail so that we can um look at them
9245.68 -> but yeah if that was too much that's
9247.359 -> fine but you know that's just the
9249.28 -> complexity of it if you build your own
9250.8 -> you'll start to really grasp the stuff
9252.479 -> pretty well okay
9257.76 -> so what i want to do is just show you
9259.2 -> how high availability is built into some
9261.2 -> aws services where in other cases you
9263.359 -> have to explicitly choose that you want
9265.359 -> something to be highly available so what
9267.439 -> i'm going to do is make my way over to
9268.96 -> s3 and so with s3 this is where you can
9271.84 -> create s3 buckets and this allows you
9274.64 -> to store things and so the great thing
9276.72 -> about s3 is that it's basically
9278.16 -> serverless storage so the idea is that
9280.08 -> you're just going to choose your region
9281.92 -> and by default it's going to replicate
9283.76 -> your data across multiple
9285.92 -> um uh data centers or azs and so this
9288.96 -> one's already highly available by
9290.64 -> default with the standard tier and so
9292.96 -> that is something that's really nice but
9294.56 -> other services uh you know like ec2 the
9297.92 -> idea is that you are going to launch
9299.68 -> yourself an ec2 instance so we would
9302.16 -> launch that one and the problem with
9303.52 -> this is that if you launch a single ec2
9306.72 -> that is not highly available because
9308.399 -> it's a single server running in a single
9312.479 -> um a z so here you know we would choose
9315.359 -> our subnet our subnet is our
9316.8 -> availability zone but you'd have to
9318.479 -> launch at least two additional servers
9320.64 -> and then you'd have to route um
9323.04 -> you'd have to have something that would
9324.88 -> balance uh the traffic to the to the
9326.88 -> three which is a load bouncer and so in
9328.72 -> this case you have to construct your
9330.56 -> high availability then you have services
9333.2 -> like elastic bean stock this is a
9335.12 -> platform as a service
9337.04 -> um and we'll go to environments here i'm
9339.12 -> not sure it wasn't showing up there uh
9341.04 -> and so the idea is that with elastic
9342.72 -> bean stock
9344.399 -> i'm just going to click on the main
9345.28 -> service here you're going to go ahead
9346.96 -> and
9348.08 -> create your application or create your
9349.68 -> environment you probably want to create
9350.72 -> environment first here
9352.479 -> okay and so i would choose a web server
9355.84 -> and then the idea is i'll just name it
9357.52 -> so my application here my
9360.72 -> environment and then down below you go
9363.439 -> configure more options whoops wants me
9365.6 -> to choose everything that's totally fine
9369.439 -> and we say configure more options we're
9371.04 -> not going to create it because um we
9372.96 -> don't want to create one but the idea is
9374.96 -> that you'd you could choose whether you
9377.439 -> want this to be highly available or not
9379.52 -> so see it's a single instance of free
9381.2 -> tier and then if you choose this what
9383.6 -> it's going to do
9384.96 -> is set up a bunch of stuff for you so
9386.399 -> it's going to set up an application load
9388.08 -> balancer for you it's going to set up
9389.52 -> auto scaling groups for you to make it
9391.439 -> highly available it's going to run at
9392.96 -> least between one to four instances so
9396.16 -> this does everything that ec2 you'd have
9399.04 -> to do manually setting up so that's
9400.479 -> really nice
9402.16 -> okay so you know some options have that
9404.64 -> if we make it our way over to rds and
9406.72 -> again we're not creating anything we're
9407.84 -> just looking at the options it gives us
9410 -> when we start things these up here
9413.359 -> we'll make our way over to rds and it
9414.96 -> gives us a moment here
9418.88 -> and if we go ahead and create ourselves
9420.399 -> a new database
9424.24 -> and we look at something like a postgres
9426.56 -> database
9428 -> notice that we have a production option
9429.76 -> and a dev test option and so i i mean
9432.72 -> usually it shows us the price down here
9434.08 -> so even test dev is 118 which is not
9436.8 -> true it can get cheaper than that but
9438.72 -> the idea is that when you choose between
9440.64 -> these two options
9442.319 -> um it's going to set up a multi-az it's
9445.84 -> going to that means that it's going to
9447.2 -> run an additional
9449.92 -> database and another availability zone
9451.84 -> replicate that data over so that it
9454.08 -> stays highly available um you know it's
9457.04 -> going to have auto scaling uh
9459.52 -> part of it and so some services you just
9461.76 -> choose it abstractly so you just have to
9463.84 -> understand what highly availability is
9465.76 -> going to mean underneath so hopefully
9467.439 -> that kind of gives you a picture of high
9469.04 -> availability on aws
9470.93 -> [Music]
9475.2 -> hey this is andrew brown from exam pro
9477.28 -> and we are looking at abuse application
9479.359 -> programming interface also known as
9481.04 -> database api
9482.72 -> so before we talk about the api let's
9485.28 -> describe what application programming
9486.96 -> interface is so an api is software that
9489.28 -> allows two applications or services to
9491.84 -> talk to each other and the most common
9493.52 -> type of api is via http requests and so
9497.6 -> the aws api is actually an http api and
9501.12 -> you can interact with it by sending
9503.2 -> https requests using an application
9505.68 -> interacting with apis like postman
9508.399 -> and so here's kind of an example of what
9510.24 -> a request would be that would be sent
9511.92 -> out and so the way it works is that each
9514.64 -> database service generally has a service
9516.72 -> endpoint so see where it says monitoring
9518.64 -> that's going to be cloudwatch so
9520.319 -> sometimes they're named after the
9521.359 -> services sometimes the name is a bit
9522.64 -> obscure and of course you can't just
9525.28 -> call and uh call a api request without
9528.24 -> authenticating or authorizing and so you
9530.72 -> have to sign your request and so that's
9532.64 -> a process of making a separate request
9535.439 -> with your idioms credentials to get back
9536.96 -> a a temporary token in order to
9539.359 -> authorize that and i don't have room to
9542.319 -> show it but the thing is is that what
9543.84 -> you'd be
9544.8 -> also going along with those requests
9546.479 -> would be to provide an action so when
9549.2 -> you look at um
9551.12 -> the aws api it will show you a bunch of
9553.92 -> actions that you can call they're
9555.359 -> basically the same ones you'll see in
9556.72 -> the in policies so it could be like
9558.64 -> describe ec2 instances or list buckets
9562.96 -> and they can also be accompanied with
9564.399 -> parameters okay
9565.92 -> so you know we're probably not going to
9568.319 -> show you how to make an api request
9570.479 -> directly because that's not something
9571.84 -> that you would generally do
9573.439 -> um but what you would do
9576.319 -> is you probably use the aws management
9578 -> console which is powered by the api use
9580.319 -> the abyss sdk which is powered by the
9582.24 -> api or using the aws cli so we'll cover
9585.28 -> all those three okay
9586.86 -> [Music]
9591.28 -> all right so what i want to do is just
9592.72 -> point you to where you'd find the
9594.8 -> resources to use the api
9596.72 -> programmatically uh we're not going to
9598.479 -> actually use the api because there's a
9600.399 -> lot more to it uh than what i'm going to
9602.64 -> show you here but at least you'll be
9604.72 -> familiar with how the api works so i'm
9606.8 -> on the
9607.64 -> aws.amazon.com website if you type in
9609.92 -> docs the type top there it's going to
9612 -> bring you to the main documentation and
9614.56 -> what we're looking for if we scroll on
9616.399 -> down there should be a general reference
9617.84 -> area where we have service endpoints if
9620.399 -> we click into here it's going to talk
9623.12 -> about
9624.16 -> how a server's endpoint is structured
9626.479 -> and if we go down to ibis api we can see
9628.56 -> some additional information of course to
9630.72 -> use um the api you're going to have to
9633.2 -> sign api requests first which is not a
9636.319 -> super simple process but you have to use
9638 -> an authorization header
9640.08 -> and send along some credentials and
9642.24 -> things like that so if you want to know
9644.399 -> what service endpoints are available to
9646.72 -> you if you search service endpoints list
9648.64 -> for aws this is the big list and so if i
9651.04 -> was to go down here and look for ec2 uh
9653.84 -> might be a common example here it's
9655.76 -> going to tell us what the endpoints are
9657.84 -> and as you can see they are regional
9659.84 -> based but the idea here is that i could
9662.24 -> take something like this okay i could
9664.08 -> grab that and using something like
9666.08 -> postman
9667.76 -> i could go and create a new request and
9670.64 -> it's probably a post i'm not sure what
9672.16 -> it's supposed to be it's probably a post
9674.16 -> and then you'd set your authorization
9676 -> header there might even be one in here
9677.52 -> for aws see where it says adab signature
9679.84 -> so you can go here and put your access
9681.359 -> key and secret within here um
9684.16 -> so that's something nice about postman
9685.68 -> so it's going to do the signing requests
9687.68 -> for you so it makes your life a lot
9689.12 -> easier and then from there what you do
9691.439 -> is you go to your body and you'd want to
9693.76 -> enter in json so to do json would
9696.479 -> probably be raw you drop down the format
9698.72 -> json and then you'd send your payload
9700.8 -> whatever it is so again i haven't done
9702.64 -> this in a while because it's not a very
9704.16 -> common uh thing that i have to do like
9705.92 -> describe ec2 instances but there
9708.08 -> probably is like an action and some
9709.84 -> additional information that you would
9711.04 -> send along um so you know hopefully that
9713.84 -> gives you kind of an idea how the api
9716.319 -> works but you know you should never pro
9718.479 -> in practice ever have to really work
9720.319 -> with the api uh this way directly okay
9723.59 -> [Music]
9727.76 -> hey this is andrew brown from exam pro
9729.68 -> and we are looking at the database
9730.88 -> management console so the italo's
9732.399 -> management console is a web-based
9733.92 -> unified console to build manage and
9735.76 -> monitor everything from simple web apps
9737.279 -> to complex cloud deployments so when you
9740 -> create your apps account and you log in
9742.16 -> that is what you're using the aws
9743.52 -> management console and i would not be
9746 -> surprised if you're watching this video
9747.84 -> and they've already changed um the
9749.6 -> default page here since adobe's loves to
9751.76 -> change the ui on us all the time
9754.16 -> but uh the way you would access this is
9756.24 -> via console.ableis.amazon.com
9758.479 -> when you click sign in or go to the
9760.399 -> console that's the link that it's going
9762.08 -> to
9762.88 -> uh and so the idea here is that you can
9764.8 -> point and click to manually launch and
9766.319 -> configure aws resources with limited
9768.319 -> programming knowledge this is known as
9770.16 -> click ops since you can perform all your
9771.92 -> system operations via clicks okay
9774.55 -> [Music]
9778.8 -> let's talk about the aws management
9780.08 -> console in brief here so you know of
9782.16 -> course when you're on the home page you
9783.279 -> go to aws management console and you
9784.8 -> will end up logging in and from there we
9787.279 -> will make our way over to the edwards
9789.279 -> management console when i say [ __ ]
9791.359 -> management console i'm referring to
9793.84 -> this homepage but i'm also referring to
9795.6 -> anything that i'm doing in this web ui
9798.479 -> whether it's a sub service or not so you
9801.359 -> know a lot of times people just call
9802.479 -> this the dashboard uh or the home page
9805.76 -> but you know it is technically the us
9807.279 -> management console but everything
9809.279 -> is the aws management console you can
9811.52 -> drop down services here if there's some
9813.279 -> that you like you can favorite them on
9814.72 -> the left hand side i don't find that
9816.72 -> particularly useful you can see the most
9818.64 -> recent ones here they'll also show
9820.399 -> recently up here as well we have the
9822.399 -> search at the top notice that there's a
9823.92 -> hotkey for alt s i don't think i ever
9826 -> use it if i was to type in a service
9827.68 -> like ec2 it's going to get me the
9829.92 -> services and then down below it's the
9832.16 -> sub features of it so if i just click
9833.76 -> into that there into this use this is
9836.399 -> the main this is a service console so i
9838.64 -> would call this the ec2 console or the
9841.279 -> ec2 service console
9843.68 -> so if you ever hear me saying go to the
9844.8 -> ec2 console that's what i'm saying and
9846.96 -> you'll notice here like there is stuff
9848.72 -> on the left hand side so i come back
9850.08 -> here ec2 image builder you see two
9852.319 -> global views these are considered
9853.52 -> services but if you drop down it says
9855.6 -> top features or you go down here it says
9857.68 -> dashboard limits amis you go over here
9861.2 -> the ec2 dashboard limits amis are here
9864.319 -> and limits are somewhere here right
9866.08 -> there so okay so those kind of map over
9869.04 -> pretty well polls and documentation
9870.88 -> knowledge based articles marketplace i
9872.479 -> don't think i've ever touched those in
9873.68 -> my life
9874.72 -> this here is the cloud shell so if you
9876.56 -> click it it will launch a cloud shell
9877.92 -> we'll cover that when we get to that
9879.12 -> section here we have this little bell it
9881.6 -> tells us about open issues i think this
9883.439 -> is for the personal health dashboard
9886 -> yeah it says phd in the bottom left
9888.24 -> corner or left corner so if i open that
9889.92 -> up it'll bring up the phd the personal
9892.16 -> health dashboard all right
9895.279 -> our region selector our support so
9897.6 -> nothing super exciting here but just
9899.76 -> kind of giving you a bit of a tour so
9901.52 -> that you know there are some things you
9903.279 -> can do
9904.319 -> um can you change the look of this i
9907.2 -> don't think right now as of yet um there
9910.24 -> is any way i'm sure it was thinking
9912.16 -> about it because it's been a high
9914.319 -> request that's in demand but this is
9916.16 -> what it looks like as of today okay
9918.19 -> [Music]
9922.399 -> all right so i just want to describe
9923.76 -> what a service console is so an aws
9926.08 -> service each have their own customized
9928.16 -> console and you can access these
9929.84 -> consoles by searching the service name
9931.439 -> so you would go ahead and type in ec2
9933.68 -> and then what we refer to this screen as
9935.52 -> as the ec2 console the reason i'm
9937.279 -> telling you this is that when you're
9938.8 -> going through a lot of labs or follow
9940.64 -> alongs you'll hear the instructor say go
9942.399 -> to the ec2 console go to the sagemaker
9944.319 -> console go to the rds console what
9946.479 -> they're telling you is to go type the
9948.16 -> the name of the service and go to
9951.2 -> that particular services console okay
9954.64 -> some interest service consoles will act
9956.319 -> as an umbrella console containing many
9958.479 -> aws services so uh you know vpc console
9962.16 -> ec2 console systems manager console
9964.399 -> sagemaker console uh cloudwatch console
9967.04 -> these all contain multiple services so
9969.52 -> you know for um
9971.52 -> for ec2 you might say okay well i need a
9974.24 -> security group there's no security group
9976 -> console it's under the ec2 console okay
9979.04 -> so just be aware of that
9983.63 -> [Music]
9985.04 -> so now i want to show you some of these
9986.8 -> service consoles to kind of distinguish
9988.64 -> how they might vary per per service okay
9991.279 -> so if we were to look up ec2
9993.92 -> um and we just did look at this but the
9995.68 -> interesting thing is that some consoles
9998.08 -> the ec2 console
9999.84 -> is the home for other database services
10002.96 -> and you just have to learn this over
10004.399 -> time to know that so for instance
10005.84 -> elastic block store is its own service
10008.24 -> but it's tightly linked to ec2 instances
10010.8 -> so that's why they always have it here
10012.96 -> same thing with amis
10015.2 -> security group same thing with that so
10016.88 -> these are interesting because these are
10018.479 -> basically part of virtual networking
10020.96 -> and so you'd think they'd be under the
10022.16 -> vpc console but they're actually under
10024.8 -> here with ec2
10026.64 -> and so load balancing auto scanning
10028 -> groups tightly coupled to
10030.96 -> to ec2 if we make our way over to vpc
10036.88 -> you know here it's going to contain all
10038.8 -> the new stuff does it have a new
10040.24 -> experience no i guess this is the newest
10041.84 -> one
10042.72 -> it looks a bit old and a little bit new
10044.16 -> here but you know we have a lot of
10045.6 -> different things here like firewalls
10047.2 -> vpns transit gateways traffic mirroring
10050.24 -> we make our way over to cloudwatch
10054.08 -> okay and cloudwatch has
10056 -> uh
10056.88 -> very uh focused services they're all
10059.279 -> actually named and this is more like a
10061.359 -> feels more like a single service where
10062.72 -> you have these very focused
10064.96 -> services where you have alarms logs
10066.8 -> metrics events insights right but you're
10069.04 -> going to notice that like the ui highly
10071.6 -> varies so we had looked at cloudwatch
10073.92 -> and then we had looked at
10075.92 -> vpc and it looks like this
10077.92 -> and then we looked at ec2 and it looked
10080.08 -> like that and so there is
10081.92 -> inconsistencies because each um service
10085.68 -> team like that work on per service or
10088.24 -> whatever they have full control over
10089.76 -> their ui and so
10091.439 -> some of them are in
10093.439 -> different states of updating so some
10094.88 -> people might have updated the left-hand
10096.16 -> column but this part is old or you might
10098.479 -> click around like under something else
10100.16 -> like the ec2 dashboard
10102.319 -> or maybe a better example might be amis
10104.56 -> i remember we're in here and something
10106.08 -> looked old here yeah see these are the
10107.6 -> old buttons and that's just how it is so
10109.68 -> everything is very uh modular and so
10111.68 -> they get updated over time so that is
10113.76 -> the challenge that you're dealing with
10115.52 -> you're always having like three
10116.72 -> different versions that are cobbled
10118.8 -> together in each uh
10121.439 -> ui one thing that i found really
10123.12 -> interesting is that um vpc has its own
10125.84 -> console management console but if you
10127.68 -> were to look up this in the uh the sdk
10130.16 -> so if i was to look up abs sdk
10133.84 -> ec2
10135.439 -> okay i'm just looking up ruby here as an
10137.2 -> example because that's what i know how
10138.56 -> to do
10140.56 -> if you look under here let's say you
10141.76 -> want to pragmatically work with vpcs
10143.76 -> you'd think that it would have its own
10145.12 -> top-level vpc because it has in the
10147.359 -> console its own
10149.84 -> its own
10150.88 -> management console but actually vpc is
10153.279 -> tightly coupled ec2 and so when you want
10155.68 -> to pragmatically use vpc you're going to
10158.16 -> be um using actually ec2
10161.04 -> as as how it was built so
10163.04 -> the the the what i'm trying to get is
10165.04 -> the apis don't one-to-one match with
10167.52 -> this kind of stuff and so it's just kind
10169.439 -> of interesting that there's those kind
10171.2 -> of uh differences uh but again it's not
10173.92 -> that big of a deal i'm just trying to
10175.439 -> say like you know keep your mind open
10177.52 -> when you look at the stuff okay
10182.32 -> [Music]
10184.16 -> so every aws account has a unique
10186.399 -> account id and the account id can be
10188.319 -> easily found by dropping down the
10190 -> current user in the global navigation so
10192.56 -> what i'm going to do is pull up my pen
10193.68 -> tool here and just show you it's right
10195.2 -> there uh the imbus account id is
10196.96 -> composed of 12 digits and so it could
10199.439 -> look like this or this or this the
10201.68 -> universal account id is used when
10203.12 -> logging in with a non-root user account
10206.399 -> but generally a lot of people like to
10207.52 -> set their own alias because it's tiring
10209.2 -> to remember your account id the you use
10211.92 -> it when you're creating cross account
10213.439 -> roles so you'd have the target account e
10215.359 -> the source account id to gain access to
10217.439 -> resources in another's account when
10219.76 -> you're
10220.56 -> dealing with support cases
10222.8 -> awast will commonly ask you what your
10224.399 -> account id is so they can identify
10226.96 -> the account that they want to look at
10229.359 -> and it is generally good to keep your
10230.8 -> account id private as it is one of the
10232.64 -> many components used to identify an
10234.72 -> account for attack by malicious actor
10236.96 -> so you don't have to be overly sensitive
10238.56 -> with it but you know try to hide it when
10240.399 -> you can when it's easy okay
10242.16 -> [Music]
10246.16 -> all right so let's talk about the
10247.279 -> account id which appears up here in the
10250.24 -> top right corner uh where you can get
10252.08 -> the account id it also appears in im so
10254.8 -> if we go over to iam
10256.72 -> and you look on the right hand side it
10258.479 -> should show you the example here it
10260.8 -> keeps on trying to take us to the old
10262.08 -> dashboard that's fine
10264 -> but you'll notice that it's over here
10265.76 -> and
10266.96 -> i don't have mfa turned on because i'm
10268.72 -> in my imuser account but it should be
10270.16 -> turned on on everything that's a given
10272.64 -> but you know i just want to show you
10274.08 -> where it is and also where you might be
10276 -> using it so one example where you would
10278.399 -> use
10279.2 -> you would need to know your account id
10280.88 -> would be something like creating a cross
10283.04 -> account policy so i went here and went
10284.96 -> to policy and went create policy
10287.6 -> um
10288.96 -> and we
10290.8 -> went to maybe it's a role i think we
10292.88 -> actually sorry we want to cross account
10294.16 -> roles not the policy sorry
10296.24 -> we go here
10297.84 -> and
10299.12 -> we say i want to access something in
10300.8 -> another abs account what we have to do
10302.319 -> is specify the account id specify the
10304.64 -> accounts that can use this role so you
10306.72 -> give i think the
10308.64 -> the id of the other account
10311.279 -> okay and so that is one place where
10313.76 -> you'd use it another place would be when
10315.76 -> you're creating policies
10317.439 -> so if i go back to policies here i can
10320.479 -> create a policy here
10322.64 -> and i can just choose something like s3
10325.84 -> okay
10327.52 -> and i'll just choose list
10329.92 -> and under the request conditions
10332.72 -> i might specify i think the account id
10335.04 -> it should be in here
10337.76 -> um
10339.439 -> i know i can limit
10341.04 -> based on account id
10343.84 -> principal account
10348 -> you could do principal account so if i
10349.68 -> just looked up this here
10351.2 -> address principal account
10355.6 -> and you just got to get used to google
10356.96 -> and things because that's always what's
10358.399 -> happening here
10359.68 -> and so we should be able to specify an
10361.68 -> account id yeah like that so that would
10364.08 -> be the principle there so if i just took
10366.72 -> that and it doesn't matter what it is we
10368.88 -> just put the value in here
10371.12 -> um string equals this
10374.08 -> add
10375.2 -> i should be able to go over here and now
10376.56 -> see the full statement nope sometimes
10378.08 -> that happens because we don't have it
10379.359 -> fully filled out
10383.52 -> but um yeah so that pretty much
10385.92 -> that's pretty much how we use it like it
10387.92 -> would normally show up as that so if i
10389.68 -> just go ahead and go next the policy
10391.76 -> contains an error you are required to
10393.2 -> choose a resource
10395.279 -> what do you mean the resource is this
10396.96 -> right oh down here okay sorry
10399.52 -> so we'll just say all resources then we
10401.2 -> flip over now it's valid and so here we
10403.12 -> can see our condition saying only from
10405.359 -> this account id that it is allowed
10408.319 -> um other places we're going to see
10409.6 -> account ids are in um
10412.8 -> arn's right so if we had an ec2 instance
10416.08 -> we don't have one launched right now
10418.399 -> but if i was to go ahead and
10421.279 -> oh maybe we have some prior ones yeah so
10423.04 -> if i was to check box this here
10426.319 -> and you might not have any prior ones so
10428.479 -> there might not be nothing for you to
10429.76 -> see but if you look for the arn
10433.92 -> where is our iron
10437.92 -> sometimes it doesn't show the iron in
10439.6 -> the services sometimes it does
10441.92 -> i wish that abuse always showed the iron
10443.68 -> to make our lives a bit easier but it
10445.04 -> could be because of other reasons why
10447.279 -> but
10448.64 -> even though we don't have the rn i think
10449.84 -> it shows it shows us the owner id
10452.8 -> and so that's the account the count id
10454.479 -> number you can tell because it's 12
10455.76 -> digits so hopefully that gives you kind
10457.68 -> of a tour of the account id and what its
10460.319 -> purpose is in the account okay
10462.37 -> [Music]
10466.64 -> all right let's take a look at aws tools
10468.24 -> for powershell so what is powershell
10470.56 -> powershell is a task automation
10472.56 -> configuration management framework is a
10474.56 -> command like shell and a scripting
10476.88 -> language so here it is over here uh if
10479.359 -> you're a windows user you're used to
10480.8 -> seeing this because it has a big blue
10482.399 -> window so unlike most shells which
10484.64 -> accept and return text powershell is
10486.64 -> built on top of the dot net common
10488.319 -> language runtime clr accepts and returns
10491.2 -> the dotnet objects so
10494.16 -> aws has a thing called the interbus
10496.16 -> tools for powershell and this lets you
10497.84 -> interact with the aws api via powershell
10500.88 -> commandlets
10502.399 -> is a special type of command in
10503.92 -> powershell in the form of the
10505.439 -> capitalized verb and noun so in this
10507.52 -> case it'd be new uh hyphen s3 buckets so
10510.72 -> you know we looked at the awcli and that
10513.439 -> is generally for bash um you know shells
10517.279 -> and so powershell is just another type
10518.88 -> of shell that's very popular and i just
10520.8 -> wanted to highlight it for those people
10522.319 -> that are uh you know used to using
10524 -> microsoft workloads or azure workloads
10526.399 -> uh that this actually exists okay
10532.319 -> all right let's take a look at the
10533.76 -> powershell tools um i actually haven't
10535.76 -> used this one yet so i'm kind of curious
10537.439 -> i am on a windows machine so if i was to
10540.16 -> open cm or
10542 -> powershell
10543.439 -> and you probably can't see this but if i
10544.96 -> just bring this over here if i type in
10547.12 -> powershell on my computer
10549.439 -> you'll notice that i have it um so
10551.12 -> that's how you would launch it looks
10552.24 -> like a blue screen here
10553.92 -> okay um if you're on a mac you're not
10556.16 -> going to have that but that's totally
10557.12 -> fine we don't need to have a windows
10559.12 -> machine to use powershell because we can
10560.88 -> go ahead and use cloud shell so make
10562.64 -> sure you're in a region that supports
10564.399 -> cloud shell so i switch back to north
10566.16 -> virginia
10567.92 -> this is not important for the exam but
10569.2 -> it's just kind of fun for me to go
10570.479 -> through this with you if you just like
10572 -> want to watch uh here and so i want to
10574.16 -> change this over to powershell so i
10575.84 -> imagine that it must be over here
10578.72 -> um so
10580.319 -> how do we change to powershell so we'll
10583.439 -> type in
10584.64 -> advanced power or aws cloud shell
10589.439 -> power shell like how do we do it
10593.12 -> okay and so we're just going to scroll
10594.88 -> down here
10597.2 -> so the following shells are
10598.24 -> pre-installed uh the bash the powershell
10600.56 -> the z-shell you can identify them by
10602.16 -> that yeah of course
10603.439 -> to switch to new shell enter the shell's
10605.04 -> program name in the command line prompt
10606.56 -> oh wow that's easy so um if we want pwsh
10610.8 -> do we just type pwsh let's find out
10617.52 -> give it a moment to think oh there we go
10619.6 -> okay so now we're using powershell and
10621.6 -> so i would think that databus would give
10623.76 -> this pre-installed for us so if we go
10625.6 -> over here to the instructions and we
10627.68 -> scroll on down there's probably like oh
10629.84 -> wait like i don't use powershell a lot
10631.68 -> it's very easy to install modules i've
10633.439 -> done it before
10634.64 -> but i never remember how to do it but
10636.479 -> let's just see what we can find here so
10639.04 -> i want
10640.399 -> the documentation for powershell here
10642.479 -> and i'm going to go to the um
10645.84 -> the maybe the reference here
10648.16 -> because i just want to see some examples
10650.08 -> for the commandlets and so we'll look
10651.68 -> for s3 again never done this before but
10654.479 -> i'm always great at jumping into these
10656.399 -> things and all i want to do is just list
10658.16 -> out the buckets so i'm going to just
10659.6 -> search for the word list
10662.16 -> and just see if i can find something
10663.6 -> very simple here
10666.64 -> and calls to get the list buckets api
10669.12 -> operation so i think that is what we're
10670.8 -> going to be doing here so i'm going to
10673.12 -> click into that
10674.72 -> okay
10677.359 -> and then from there
10679.52 -> what i'm going to do is just see if i
10681.2 -> can copy this command so we will go
10683.359 -> ahead and copy this and paste it in here
10686.24 -> and i like how we got this little shell
10688.08 -> here so we can tweak it so we need the
10690.399 -> bucket name but i don't want to
10692.56 -> return a list of all the buckets owned
10693.92 -> by the author so
10695.279 -> we don't have a bucket name that we want
10696.64 -> to explicitly set here so it's required
10698.399 -> false so we can remove that
10701.52 -> okay we'll look at the next one select
10704 -> required false use the select command to
10705.439 -> control the command line output the
10706.64 -> default is bucket specifying select will
10709.12 -> result in
10710.399 -> turning all the whole buckets
10713.52 -> for that specifying the name
10716.8 -> but it says it's not required so let's
10719.04 -> just take that out as well
10720.96 -> i don't think we need any of these
10722.08 -> actually let's just go and put that in
10724.319 -> there and i think that
10726.88 -> there must be something we need to put
10728.08 -> in front of that right well let's just
10729.359 -> see what happens
10733.439 -> uh the term is not recognized as the
10735.6 -> name of the command function script is
10737.439 -> operable so i think we're missing
10739.359 -> something in front of here
10743.2 -> we'll go to the user guide here quickly
10746.399 -> and we'll get to the getting started
10750.16 -> i just want a super simple example here
10754.64 -> new bucket get bucket
10757.12 -> well let's try this one here because
10758.72 -> they have it here
10760.16 -> and so it should just work right
10764.319 -> i'm going to change this to usc 1.
10769.2 -> the term new bucket is not recognized as
10770.8 -> the name of the commandlet function so
10772.399 -> i'm guessing that the commandlet's not
10774 -> installed i would have thought that they
10775.279 -> would have installed it by default so i
10777.439 -> guess what we'll do is look at how to
10779.279 -> install it
10780.56 -> so
10781.279 -> installing on
10783.04 -> linux i suppose
10787.439 -> so
10787.87 -> [Music]
10789.2 -> you can install the modulized version of
10790.72 -> the powershell on computers to install
10793.12 -> aws tools on linux pwsh to start
10796.479 -> powershell core session so i guess
10797.92 -> that's how you must start it on linux
10799.68 -> and then install the module this way so
10802.24 -> yeah i said it's easy to install these
10803.6 -> things we'll hit enter
10806 -> cross your fingers hope this works hope
10807.6 -> this is fast
10814.16 -> i'm just going to take a look here peek
10816 -> forward here if you are not if you're
10817.68 -> notified the repository is untrusted
10819.359 -> you're asked if you want to trust anyway
10821.279 -> just hit y so we're waiting for that
10823.12 -> here um you're installing this module
10825.439 -> from untrusted repository it's funny
10827.68 -> that it's untrusted by but it's by aws
10830.08 -> maybe that's some kind of drama between
10831.6 -> microsoft not letting a bus have an
10833.279 -> official module there but it looks like
10834.96 -> it should be installed now so if i type
10836.72 -> in get s3 buckets here
10840.56 -> um
10841.68 -> unless i typed it wrong that still
10842.96 -> doesn't seem to be working if i go up
10844.72 -> here and try to create a new bucket
10846.8 -> still does not recommend recognize the
10848.64 -> command command lit here so there must
10850.319 -> be more going on here
10854.1 -> [Music]
10856.08 -> if you are notified you can now install
10858.479 -> the module for each service
10860.8 -> okay
10862 -> what did we do
10864.319 -> you're installing the the modules from
10866.08 -> untrusted if you trust it change the uh
10867.92 -> change its installation policy value by
10869.84 -> running set policy command are you sure
10871.6 -> you want to install this module from the
10873.359 -> ps gallery so i said yes
10875.84 -> and i gave it a capital y
10878.24 -> and
10879.2 -> it didn't do anything else
10882.96 -> so
10885.84 -> oh hold on here so this is
10888.24 -> the installer
10889.6 -> and then here is the actual tool that we
10891.52 -> want to solve so it installed oh so we
10893.84 -> just installed this thing and now we use
10895.359 -> this thing to install s3 okay
10898.479 -> great not hard okay
10901.76 -> and so we'll just say yes to all
10905.84 -> and so that's going to install i guess
10908.399 -> everything oh we said ec2 and s3 well we
10911.2 -> didn't need both but that's fine
10912.96 -> and so what i'm going to do is go get
10914.16 -> bucket and so now recognize it it lists
10916.16 -> out the items here we can go and create
10918.399 -> ourselves a new bucket
10920.56 -> so we'll do that okay we'll make our way
10923.279 -> back over the database management
10924.399 -> console we'll go to s3 just because i
10927.12 -> don't need all these buckets lying
10928.72 -> around here
10930.16 -> and i'm going to go ahead and delete
10932.399 -> some of these buckets here so we'll say
10933.68 -> delete
10935.6 -> my bucket great
10938.399 -> and we'll go to this one here and say
10939.84 -> delete
10941.359 -> my bucket excellent
10944.319 -> all right so we have an idea how to use
10946.64 -> powershell and so powershell is just
10948.16 -> really popular because
10949.92 -> it's the way you do inputs it's very
10952.08 -> standardized and the outputs that come
10953.84 -> so it's very popular um and a very
10956.319 -> powerful scripting tool that's our cli
10958.8 -> tool as well so
10960.24 -> you know hopefully that's that was
10961.68 -> interesting for you but what we'll do is
10963.04 -> just close these off here and go back to
10965.84 -> our home page always just clicking that
10967.52 -> logo there and there we go
10968.69 -> [Music]
10973.359 -> so amazon resource names uniquely
10975.279 -> identify aws resources and arms are
10977.359 -> required to specify resource
10979.359 -> and ambiguously across all of all of aws
10983.04 -> so the iron has the following format
10984.56 -> variations so there's a few different
10986.72 -> things here but just notice here that
10988.399 -> sometimes it has a resource id or it has
10990.56 -> a path so with the resource type or
10992.319 -> could be separated by a colon so the
10994.56 -> partition
10995.68 -> can either be aws china or gov cloud
10998.88 -> because this is basically the aws portal
11001.84 -> or url that are completely separated
11003.84 -> from each other
11005.04 -> as we talked about those earlier in the
11006.88 -> course
11007.76 -> then there's the service identifier so
11009.359 -> ec2 s3 iam pretty much every service has
11012.479 -> their own
11014.08 -> service that name here that would be
11016.319 -> identified so the region would be pretty
11018.24 -> obvious usc 1 ca central 1 you'd have a
11021.12 -> count id which would be 12 digits
11023.439 -> the resource id
11024.88 -> could be a name or a path so like for
11028.479 -> imusers we have user bob this is an ec2
11031.2 -> instance and most of the irons are
11033.52 -> accessible via the airbus management
11035.04 -> console and you can usually click the rn
11037.439 -> to copy to your clipboard so here is it
11039.439 -> is for an s3 bucket and notice that it's
11042.479 -> a little bit different because it is a
11044 -> global service aws there's no reason to
11046.56 -> specify the region or the account id
11049.52 -> or
11050.319 -> anything else there like the resource
11051.84 -> type so straight away we already know
11053.52 -> it's a bucket so we can just say my
11054.88 -> bucket so that one's really short but in
11056.64 -> other cases it's really long so here it
11058.56 -> is for a load bouncer and it has all the
11060.72 -> information there and notice that like
11062.88 -> this as it passes load bouncer app my
11064.8 -> server
11065.68 -> will be and then it has the id okay
11068.8 -> for paths and arms they can also include
11071.279 -> a wildcard asterisk and we'll see these
11073.76 -> like with im policies or or paths these
11076.24 -> are really useful when you are doing
11078.399 -> um
11079.6 -> policies where you have to specify an
11081.12 -> army you want to say a group of things
11082.72 -> and things like that so there you go
11084.81 -> [Music]
11088.64 -> all right so now let's take a look at
11090.479 -> amazon resource name or also known as
11092.8 -> arn
11093.76 -> and so arns are used to reference
11095.52 -> objects they're very commonly used when
11097.2 -> you're using the cli or the sdk to
11099.2 -> reference to something um the easiest
11101.52 -> example is s3 right so if we go over to
11103.76 -> s3 here and we create ourselves a new
11106 -> bucket um so i'll go ahead and create
11108.399 -> ourselves a new one here
11110 -> we'll say my new bucket
11112.8 -> i'm just going to put a bunch of numbers
11114.08 -> in here it doesn't matter we'll hit
11115.359 -> create bucket
11117.2 -> and what we will see if we click into
11119.279 -> this
11120.64 -> is the orange should be under properties
11123.84 -> and there it is okay so there are many
11126.479 -> cases where you might want to use the
11128.72 -> iron and a lot of times you'll just copy
11130.319 -> it and a very common example would be
11133.76 -> again with i am policy so we go over to
11135.68 -> i am policies
11137.279 -> right
11139.04 -> and i want to get to policies here to
11140.479 -> save myself some trouble
11142.08 -> and we create a policy
11144.479 -> you know i might want to restrict
11145.6 -> someone to use only that bucket so let's
11147.12 -> say s3
11149.2 -> okay
11150.16 -> and then i'm going to say
11151.76 -> i want to be able to read and write from
11153.6 -> a particular bucket we go drop down
11155.279 -> these resources here
11157.2 -> and so
11158.24 -> here we have a lot of options
11161.279 -> maybe i'll just get rid of the read
11162.88 -> option
11165.52 -> and i'm going to actually expand right
11166.96 -> because it's just creating too much work
11168.64 -> for me here and i just want to have
11172.24 -> put put object that's that's what we use
11174.479 -> to put something into a bucket so we
11176.08 -> expand the resource here and notice it
11178.16 -> says add the iron so we go here
11180.64 -> and we could type the bucket name so
11183.439 -> do that or we just paste it on in here
11185.04 -> at the top so it's probably easier just
11186.88 -> to grab it sometimes
11189.2 -> but if you don't know an iron a lot of
11190.24 -> times you can just expand this and then
11191.439 -> fill it in and that's how you get an
11192.72 -> iron
11193.68 -> so put that there let's list oh you
11196.08 -> could also do it that way which is
11197.279 -> easier too
11198.64 -> and so now if i go to json is it valid
11200.64 -> there we go so here it's saying
11202.96 -> um this policy allows somebody to put an
11205.279 -> object into this particular bucket and
11207.76 -> so that would be an example where we
11209.359 -> would use
11210.8 -> an iron okay or if you're doing uh if
11212.88 -> you're using uh itabus support you might
11215.359 -> have to use an arm to um to get help
11218.479 -> from support saying hey look at this
11220.08 -> particular resource exactly here and
11221.6 -> then the the cloud support engineer can
11223.6 -> help you okay
11224.72 -> [Music]
11228.96 -> hey this is andrew brown from exam pro
11231.04 -> and we are looking at the abs command
11232.479 -> line interface before we do that we got
11234.16 -> to define some terms so what is a cli so
11236.88 -> a command line interface processes
11238.64 -> commands to a computer program in the
11240.56 -> form of lines of text operating system
11242.64 -> implement a command line interface in a
11245.2 -> shell okay so we have a terminal say
11247.6 -> terminal is a text only interface so it
11249.2 -> has input output environment then you
11251.04 -> have a console this is the physical
11252.479 -> computer to physically input information
11254.72 -> into a terminal then you have the shell
11257.2 -> a shell is the command line program that
11259.359 -> users interact uh with uh to input
11262.08 -> commands popular shell programs or bash
11264.88 -> zsh powershell and uh you might remember
11267.76 -> this one ms dos prompt so this has been
11271.04 -> around for obviously a very long time so
11272.72 -> maybe this kind of primes your mind for
11274.96 -> what is a shell and just so you know
11277.12 -> people commonly erroneously use terminal
11279.52 -> shell or console generally describe
11281.359 -> interacting with the shell so if we say
11283.359 -> shell or console or terminal we're just
11284.88 -> talking about the same thing but there
11286.64 -> is technically a difference between
11288.16 -> these three things but most people do
11289.92 -> not care and i wouldn't worry about it
11291.84 -> too much okay so now let's take a look
11293.76 -> at the database command line interface
11295.359 -> which allows you to pragmatically
11296.88 -> interact with the adobe's api via
11298.88 -> entering single or multi-line commands
11300.72 -> into a shell and then here i say or
11302.56 -> terminal but really it's just the shell
11304.16 -> okay
11305.04 -> so uh here is an example of one so we're
11307.6 -> trying to describe uh ec2 instances and
11310.479 -> then we're getting the output because we
11311.84 -> asked to have it back in this table like
11313.68 -> view
11314.399 -> so the abcli is a python executable
11316.88 -> program so python is required to install
11319.12 -> the awcli the awcli can be installed on
11321.92 -> windows mac linux unix the name of the
11324.399 -> cli program is aws you'll notice that up
11326.72 -> here in the top left corner there's a
11328.479 -> lot more to this but this is all we need
11330 -> for now okay
11331.68 -> [Music]
11335.84 -> hey this is andrew brown from exam pro
11337.6 -> and we are taking a look at the abyss
11340.399 -> cli and the easiest way to get started
11342.56 -> with this is actually via the cloud
11344.08 -> shell so you'll notice this little icon
11346 -> here in the top right corner that is
11348 -> cloud shell and it's going to allow us
11349.6 -> to um uh pragmatically do things without
11352.24 -> having to set up our own environments so
11354.08 -> if i just click that there okay
11356.8 -> uh and i say do not show again close and
11360.08 -> by the way if you don't see cloud shell
11362.8 -> here it could be your region so like if
11364.399 -> i go to canada central
11366.08 -> it doesn't have it there and so if i was
11368.319 -> to search cloud shell here
11371.84 -> okay it's going to say it's only
11373.279 -> supported in those regions so that's a
11374.96 -> bit annoying but once cloud shell loads
11377.12 -> it already has our credentials loaded
11379.84 -> within our account and so this is going
11381.52 -> to save us a lot of time in terms of
11384.64 -> you know trying to get set up with the
11386.08 -> exception that you have to wait for this
11387.52 -> environment to create so it takes a
11389.2 -> little bit of time but it's not that bad
11391.84 -> um and while that is waiting what i'll
11393.2 -> do is show you actually how you'd
11394.399 -> install the cli yourself so if we typed
11396.08 -> in about cli install
11399.12 -> all right and we went here
11401.76 -> the way you install i believe it's a
11403.359 -> python library but if we went to version
11405.52 -> 2 and we just said linux
11408 -> you go down here they'll have
11408.96 -> instructions so you just curl it unzip
11410.88 -> it and do that
11412.72 -> um so you know it's if it's this and
11415.76 -> then once it's installed you'll have the
11417.04 -> 8 of cli commands
11418.96 -> this is still going so you know maybe i
11421.2 -> can show you what it would be like to
11422.72 -> install the cli by hand so if we wanted
11425.2 -> to do that one easy way to do this is if
11427.2 -> we just go to github it doesn't matter
11429.2 -> what repository i'm just looking for
11430.8 -> anything here and if i open up git pods
11432.88 -> so if we go on the top here and type in
11434.319 -> gitpod.com
11437.84 -> maybe
11438.84 -> that
11440.56 -> i just want to see whoops
11443.68 -> maybe it's get pods
11446.08 -> like that
11449.439 -> oh get pod you're not giving me oh you
11451.279 -> know what it's dot io that's why okay so
11453.2 -> if we go back here
11454.72 -> sorry and we type in dot io
11458.319 -> what this will do is launch me a
11460 -> temporary environment and so this is
11461.68 -> outside of aws so i'd actually have to
11463.52 -> install the cli so this would be a great
11465.279 -> opportunity to show you
11466.96 -> how to install the cli i'm just doing it
11468.64 -> this way because git pod is free to use
11470.88 -> and
11471.84 -> um you know it's going to set up an
11473.12 -> environment and how let us simulate
11475.04 -> installing the cli so here is the cli
11477.6 -> here i'm going to see if i can bump up
11479.12 -> the font
11480.56 -> let's make the font as large as we can
11482.08 -> go
11482.96 -> light or dark dark sounds good to me
11485.52 -> and so if we type in aws
11490.08 -> and give it a moment we can see that we
11491.68 -> have uh the command here so if i say abs
11494.479 -> s3
11495.6 -> ls whoops
11497.52 -> that should be able to list things out
11499.04 -> in a bucket so this is what's currently
11500.56 -> in the bucket if you're wondering how do
11501.92 -> i know what these commands are i can
11503.2 -> just type in able cli commands
11506.399 -> okay and we go here
11508.56 -> and we go to the cli ref reference
11511.12 -> then we have um anything we want here
11513.84 -> right so we go down here and i just want
11515.68 -> to see what's running in s3 and i go
11518.239 -> here
11519.359 -> and i scroll on down it's going to show
11520.8 -> me commands like copy move remove
11523.439 -> sync uh mbrb
11526.479 -> list
11527.359 -> right
11528.88 -> and
11530.319 -> if you're looking for a particular
11531.52 -> command you go down say okay i'll look
11533.12 -> at ls here and it will explain to me all
11535.92 -> the little options that we can do with
11537.6 -> it and then it will always give me
11538.88 -> examples right so i can see examples
11541.04 -> like that so if i wanted to move
11542.8 -> something into an s3 bucket so let's say
11544.56 -> i want to create a new s3 bucket um
11547.279 -> we'll type in aws s3 and just hit enter
11550 -> and it should tell us um the sub
11552.88 -> commands maybe if i do like help like
11554.88 -> this
11559.76 -> and if we scroll on down so i guess it
11561.76 -> just pulls up documentation let's open
11563.92 -> it we give us like a tiny summary
11568 -> okay so what we can do here because i
11570.319 -> want to create a bucket
11572.479 -> type in like buckets
11574.96 -> if you don't know something you just go
11576 -> about s3 cli
11578.479 -> create bucket we'll go here
11582.8 -> and then what i do is i always just go
11584.16 -> to examples here so we have aws s3 api
11588 -> create bucket and i know it's unusual
11589.68 -> there's an s3 and there's an s3 api i
11591.92 -> don't know why that is but it's always
11593.68 -> been that way and i just don't question
11595.2 -> it anymore and so here i can go ahead
11597.359 -> and create a new bucket so i'll just go
11598.88 -> ahead and paste that command in i do
11600.8 -> want to change it up a bit here because
11602.72 -> this name could be that has to be unique
11604.56 -> so just to make sure i get what i want
11606 -> i'm putting random numbers in here we're
11607.76 -> going to choose the region as us east
11609.359 -> one if i wanted to do other things here
11611.92 -> i could scroll up and look at some flags
11614.88 -> here so
11616.96 -> uh it looks all fine to me
11619.04 -> so i think i'll go back here and just
11620.8 -> hit
11622.72 -> paste
11624.16 -> okay and so it created that bucket for
11626 -> me
11627.2 -> if i go over to s3
11633.52 -> and we'll wait here a moment we can see
11636.319 -> that bucket now exists if i wanted to
11638.16 -> place something in that bucket what i
11639.439 -> can do is just like touch a file so i'll
11640.8 -> just say touch touches a linux command
11643.279 -> to make just an empty file so we'll say
11646.76 -> hello.txt
11648.479 -> and then it would be a bus s3 um
11650.67 -> [Music]
11652.319 -> it would be sp to copy it and i'm going
11654.319 -> to give it the local path hello dot txt
11656.96 -> and then i need to give it the bucket
11658.64 -> address so it'd be s3 colon forward
11661.2 -> slash forward slash the bucket name so
11664.399 -> we named it this i'm not even going to
11666.319 -> try to type that in by hand because it's
11667.76 -> too hard and then i want to say where i
11669.6 -> want to put this file so i'm going to
11670.64 -> say hello.txt and if i'm right that
11672.8 -> should work as expected
11674.399 -> and so it says i uploaded that file i
11676.319 -> make my way back over to s3 i refresh
11678.56 -> there is the file
11680.479 -> if i want to copy this file back locally
11683.6 -> all i have to do i'm just going to
11685.12 -> remove i'm going to delete the original
11686.8 -> hello txt file
11688.72 -> ls to show you that there's nothing
11690.16 -> there
11691.04 -> and what i need to do
11693.359 -> oops
11694.72 -> is just revert this so instead of saying
11696.64 -> the address here
11699.76 -> we can go and type in
11702 -> hello.txt
11704.64 -> and if i do ls there's the file if you
11707.04 -> don't know what the address is of the
11708.239 -> bucket um a lot of times you can go here
11710.08 -> and find it so
11711.439 -> it should be
11713.439 -> because they're always changing this ui
11714.8 -> on me but we'll go to properties here
11716.16 -> and there that's the iron
11720 -> uh usually a good way to find it is if
11721.439 -> you go into an actual object so if you
11723.279 -> go here it will give you the full url so
11725.04 -> i could have grabbed that and i could
11726.8 -> have just pasted that in there
11728.56 -> um but you know you learn after time
11731.439 -> it's not hard to remember this s3 colon
11733.04 -> forward slash forward slash the unique
11734.399 -> name i do want to show you how to
11736.239 -> install it by hand so here i'm in get
11738.319 -> pods
11739.439 -> i'm not sure how i can change this to a
11741.359 -> dark theme
11742.56 -> because i really don't like this on my
11744 -> eyes we'll go down below here to color
11746.84 -> theme and we'll say get dark there we go
11751.12 -> and so
11752.16 -> this is a temporary workspace so when i
11753.68 -> close it it'll be gone so i'll be
11755.04 -> totally fine and so i'm going to type in
11756.399 -> abs to see that it's not installed we're
11758.64 -> going to go over here this runs linux by
11760.64 -> default so i already know that i'm going
11762.319 -> to use linux we want to use version 2
11764.479 -> here
11766.08 -> so
11767.92 -> for the latest version use this command
11770.56 -> for a specific version no we just want
11772.08 -> the generic one so i'm going to go ahead
11773.439 -> and copy this
11774.72 -> whoops yes allow we'll paste that in
11776.96 -> we'll hit enter
11778.8 -> okay then we'll take the next command
11783.6 -> paste that in hit enter
11785.359 -> we'll go take the next command here
11788.96 -> we'll hit enter
11791.68 -> you can now run uh aws so we type aws
11795.279 -> and there's a command so
11797.04 -> uh the only thing is that if we do a bus
11798.88 -> s3 ls it's not going to work because we
11801.68 -> don't have any credentials set so we'll
11804.319 -> give it a moment to think so it says
11806.08 -> unable to locate credentials you can
11807.68 -> configure credentials by running it was
11809.6 -> configured so we type in ito's configure
11812.399 -> and by the way if this font is too small
11814.399 -> i believe i can bump it up like this
11818.399 -> not a great way to do it but it works
11823.04 -> and so it says databus access key id so
11825.92 -> what we can do is go over to iam
11830.72 -> and what i'm looking for is my
11832.16 -> particular user over here
11835.68 -> and if you remember when we first
11837.12 -> created our account it generated out
11838.56 -> access key so i go to security
11839.84 -> credentials and so
11842.239 -> we have a key here but i need the secret
11843.76 -> so this key is useless to me so i'm
11845.04 -> going to go ahead and deactivate it
11848.72 -> just because i don't even want this key
11851.2 -> and i'm going to create myself a new key
11852.8 -> so i'm going to have an access id and
11854.239 -> secret whenever you generate these out
11856.399 -> never ever ever ever ever show anyone
11858.72 -> what these are these are your
11861.279 -> yours and yours alone okay so this is
11864 -> cloud shell we're fine we're just gonna
11865.52 -> close that for now
11867.04 -> and i'm gonna go back over to get pods
11869.68 -> here and hit enter so that's the id
11872.64 -> i'm gonna go grab the secret
11875.2 -> hit enter paste
11876.88 -> and i want it to go to us east 1 to save
11879.439 -> myself some trouble
11880.96 -> you can change the output from json to
11882.56 -> tables i'm going to leave it as the
11883.439 -> default here and so now if i type a bus
11885.84 -> s3 ls
11889.52 -> i get a list and so if i want to grab
11891.6 -> that file there and grab that s3 uri and
11893.92 -> we type in aws s3
11896.08 -> api or sorry it's just ls sorry or sorry
11898.96 -> cp
11900 -> and we're going to paste that link in
11901.359 -> and we're going to say hello.txt
11905.04 -> and i must have done the command wrong
11906.56 -> it's because we're missing s3 here
11908.8 -> i just hit up on the keyboard to get
11910.239 -> that command back and so i type in ls
11912.16 -> for list
11913.279 -> and i mean i have some other code here
11915.359 -> so you know again any repo you want on
11917.279 -> github it doesn't really matter
11919.04 -> but you'll see there is that file
11920.96 -> probably shouldn't use this one because
11922.16 -> it makes a bit of a mess
11924.319 -> um but yeah it's pretty straightforward
11926.319 -> just to one thing to show you is where
11928.64 -> those credentials are stored so by
11930.96 -> default they're going to be stored in
11933.2 -> um
11934.72 -> it's going to be in the
11936.399 -> hidden directory in your root or your
11938.56 -> home directory called above stock
11939.76 -> credentials so if i just do like ls here
11942.72 -> you can see there's a config file and a
11944.319 -> credentials file cat lets me print out
11946.239 -> the contents of that file so i go here
11948.96 -> and it's saying the default region is
11950.64 -> usc 1. this is a tombl file even though
11952.96 -> it doesn't have a dot tom along the end
11954.319 -> of it i just know by looking at it
11955.6 -> that's what it is config lets you set
11958 -> defaults that are going to apply to all
11959.359 -> of your credentials
11960.72 -> and then within the credential file here
11962.96 -> is the actual credentials so if you
11965.359 -> wanted to just set them you could go in
11967.68 -> here and just set them in here you can
11969.52 -> also set multiple credentials so if i go
11971.68 -> here and i'm going to open up and buy
11973.68 -> because i'm not sure how to open it up
11975.12 -> here in the main one but if you wanted
11977.12 -> multiple accounts you would do like exam
11979.279 -> pro and then you just repeat these with
11981.52 -> different keys
11983.04 -> right and then when you wanted to use a
11985.359 -> cli command actually i'm going to go
11986.72 -> back here for a second
11990.64 -> okay
11991.76 -> and if you want to
11993.6 -> um
11995.2 -> and by the way i'm using vi if you never
11997.2 -> use vim it's it's a bit tricky to use uh
11999.68 -> you might want to use nano instead if
12001.359 -> you're if you're kind of new to this
12003.52 -> because this will use like regular key
12005.52 -> key cuts and then down below it shows
12006.96 -> you what it is so this is like control x
12008.96 -> or alt x
12010.16 -> alt text no control x there we go
12013.12 -> um but anyway so if i go into this file
12015.439 -> and i delete the original one right and
12017.279 -> now i try to do
12021.04 -> um
12022.399 -> this command here even though we already
12024.319 -> have that file it should either hang or
12027.359 -> complain
12028.56 -> i could just kill that by doing control
12030.08 -> c if i do a bus s3 ls
12034.8 -> just notice that it's hanging so unable
12036.319 -> to locate credentials because there's no
12037.6 -> default one but if i go and i put
12039.6 -> profile and i say exam pro
12044.88 -> all right it'll now use that profile so
12046.96 -> that's the way we do it
12048.88 -> but hopefully that gives you kind of a
12050.399 -> crash course into the cli
12053.84 -> so yeah there you go okay so i'm just
12056.08 -> going to go ahead and
12057.84 -> close these off you can delete this
12059.2 -> bucket if you don't want it
12061.359 -> it's probably a good idea to delete this
12063.279 -> here
12064.16 -> and i'm just going to say permanently
12065.76 -> delete
12066.8 -> okay
12068.72 -> very very good okay close that off and
12071.359 -> yeah that's the introduction to the cli
12073.6 -> so yeah there you go
12076.19 -> [Music]
12080.96 -> hey this is andrew brown from exam pro
12083.04 -> and we are taking a look at software
12084.479 -> development kits uh so a software
12086.319 -> development kit or sdk is a collection
12088.8 -> of software development tools and one
12090.64 -> installable package so you can use the
12093.2 -> aws sdk to programmatically create
12096.319 -> modify delete or interact with aws
12098.239 -> resources so the innovas sdk is offered
12100.96 -> in a variety of programming languages so
12103.52 -> we have java python node.js ruby
12107 -> go.net php javascript c
12110.88 -> plus and so here would be an example of
12114 -> some ruby code where we are creating
12115.84 -> ourselves um an s3 bucket so we're just
12118.479 -> uploading a file there okay
12121.04 -> [Music]
12125.52 -> okay so now what i'm going to do is show
12127.04 -> you how to use the abyss sdk and so uh
12130.16 -> to do that uh we're going to need some
12131.92 -> kind of ide
12133.359 -> a a basically code editor and so we had
12136.16 -> looked at get pods which is a third
12137.76 -> party service and that's fine but let's
12139.2 -> take a look at cloud9 because that is
12140.88 -> built into aws
12142.56 -> so if i just type in cloud9 here and go
12144.64 -> over to ide i'm going to launch myself a
12146.8 -> new environment so i'll hit create i'm
12148.8 -> going to say my sdk environment
12153.52 -> env if you if you have our timetable
12155.359 -> environment like me
12157.12 -> and we have some options so create an
12158.72 -> ec2 instance for direct access create it
12161.12 -> via systems manager run a remote with
12162.88 -> ssh i'm going to leave it as the default
12164.88 -> then we have the option to choose what
12166.479 -> size i want to leave it on t2 micro
12168.399 -> because that is the free tier then we're
12170.479 -> going to scroll on down we have amazon
12172.239 -> x2 linux ami i'm going to stick with uh
12175.439 -> amazon linux 2 and we can have it turn
12177.76 -> off after 30 minutes a great option for
12179.84 -> us here we'll go ahead and hit next and
12182.479 -> we'll hit create environment
12184.96 -> and so we're going to have to wait a
12186.399 -> little bit for this to launch it'll take
12188 -> a few minutes as that is going let's go
12190.399 -> to google type in in-bus sdk
12193.439 -> to get to the main page and so the idea
12195.52 -> here is that there are a bunch of
12197.12 -> different languages you can use c plus
12199.04 -> plus go java javascript.net node.js php
12202.16 -> python and ruby
12203.76 -> uh and so i'm a really big fan of ruby
12206.319 -> i've been using ruby since 2005 and so
12208.56 -> that's what we're going to do it in it's
12210.319 -> also really easy to use and
12212.16 -> it's a really great language so um
12214.72 -> you know down below it's just showing
12216.399 -> you that there's all these different
12217.439 -> things if we go down to the sdk here and
12219.92 -> we click on ruby
12222 -> we'll we have examples where you have
12223.6 -> the developer guide the api reference
12226 -> and so this tells you how to get started
12227.76 -> even here it's saying like hey go get
12229.92 -> started with cloud nine which is great
12231.68 -> as well i suppose
12233.359 -> um and so here might show you how to
12235.84 -> install it um and when we open up the
12239.439 -> api references this is what it looks
12241.2 -> like so a lot of times when i want to do
12242.8 -> something i know it's like i want to do
12244.479 -> something with
12245.76 -> s3 so i scroll on down here and i look
12247.92 -> for s3
12249.6 -> right
12251.279 -> and then i just kind of like
12253.12 -> uh scroll around and look you know what
12255.12 -> i mean sometimes you have to expand it
12256.399 -> go into the client every api is slightly
12258.8 -> different
12259.84 -> so you do have to kind of figure out how
12261.279 -> to navigate that i'm actually under s3
12263.04 -> right now so i'm looking for the client
12265.76 -> and i just know this from memory that
12267.04 -> this is where it is so first you create
12268.399 -> yourself a client and then you can do
12270 -> api operations so if i wanted to like
12272.319 -> list buckets
12274.56 -> i just searched the word list and i just
12275.92 -> scroll on down and there it is i click
12277.92 -> into that and i have an example of how
12279.439 -> to list a bucket so
12281.04 -> i'm going to go back to cloud9 and it is
12282.64 -> ready and it started in dark mode if
12284.96 -> yours is not in dark mode which really
12287.04 -> honestly why wouldn't you want dark mode
12289.6 -> if we go up to i think it's like file
12292.319 -> where is it uh preferences here gotta
12294.64 -> click the cloud9 option
12296.479 -> and
12298.16 -> i'm just seeing if it like remembers my
12299.6 -> settings i really like two two soft tabs
12301.84 -> here
12302.72 -> but uh there should be something for
12304.08 -> themes down below and so
12307.279 -> um
12309.439 -> that doesn't seem like that's it
12311.76 -> it used to be like a oh here it is if
12313.279 -> you go here
12314.399 -> and just choose like whatever you want
12315.84 -> i'm on jet dark here and so if it's on
12317.76 -> classic light or something you don't
12320.08 -> like you can fix that there but i'm just
12322.72 -> going to go here and just fiddle with my
12324.08 -> settings
12325.6 -> because i really like to use vim
12328.479 -> keys i don't recommend this if you are
12330.96 -> to change this if you are not a
12332.399 -> programmer but i'm just going to change
12334.08 -> it so that i can type here efficiently
12336.64 -> so i'm just looking for the option here
12340.319 -> and they moved it on me where did they
12341.92 -> move it
12343.76 -> it'd probably be like key bindings
12346.16 -> ah bin mode there we go again don't do
12348.16 -> that this is just for me so i can move
12350.319 -> around in a different way so
12352.239 -> what i want to do and by the way it
12354 -> looks like this default screen we could
12355.2 -> have just changed it here
12357.279 -> i just clicked through all that for
12358.239 -> nothing was here the entire time but
12361.12 -> what we need is we need to make sure
12363.04 -> that we have our credentials so if you
12364.399 -> type in aws
12366.88 -> s3 ls that's like my sanity check that i
12369.04 -> always like to do to make sure i have
12370.239 -> credentials notice that we didn't have
12372 -> to set up any credentials it was already
12373.92 -> on this machine which was really nice
12376.08 -> and so i'm going to create a new file
12377.76 -> here
12378.56 -> and it's okay if you don't know anything
12379.84 -> about ruby we're just going to have fun
12381.68 -> here and just follow along so i'm going
12382.8 -> to do example.rb i'm going to make sure
12384.96 -> ruby's installed by doing ruby hyphen v
12386.88 -> so it is installed which is great
12388.96 -> uh you need a gem file so say new
12391.76 -> gem file here
12394.319 -> and if we go back to
12396.56 -> the installation guide
12398.8 -> we need the gem sdk here
12402.08 -> actually i'm going to look at how to
12403.04 -> generate a gemfile gem file because
12404.8 -> there's some stuff that goes to the top
12406.239 -> of those files
12408 -> like this here
12410.72 -> i think we just need this line here so
12412.08 -> i'm just going to grab that
12414.239 -> whoops paste that in allow good
12418.399 -> and
12419.52 -> i you can do gem aws sdk that will
12422.56 -> install everything but uh we only want
12424.96 -> to work with
12427.52 -> s3 and so this is going to vary based on
12429.6 -> each language but i know that if we type
12431.2 -> in s3 we'll just get s3 and that's all
12433.12 -> we really need
12434.399 -> and so once we have that what we'll need
12436.08 -> to do is use a bundle install so we're
12438.16 -> going to make sure we're in the correct
12439.2 -> directory i'm going to type in ls down
12440.88 -> below notice the gem file is there and
12443.52 -> by the way if the fonts are too small i
12445.04 -> should probably bump those up
12446.88 -> let's see how we can do that
12450.239 -> uh editor size font
12453.12 -> user settings
12459.359 -> good luck trying to find
12460.84 -> today um
12463.76 -> project no
12466.399 -> you think it'd have to be under user
12467.68 -> settings right
12470 -> ah here it is okay so
12472 -> this is for
12474.16 -> probably the editor so we'll go to 18
12475.92 -> here
12476.64 -> co code editor here
12480.08 -> i'm trying to find the one for the
12481.439 -> terminal probably over here
12484.08 -> there we go
12486.319 -> much easier okay so notice we have
12488.479 -> example.rb and gemfile so we're in the
12490.64 -> correct directory make sure i save that
12492.72 -> i'm going to type in bundle install
12495.359 -> and that's going to install the gems
12497.52 -> give it a moment there it's going to
12498.64 -> fetch notice that it installed
12501.439 -> the aws sdk s3 and everything that it
12504 -> was dependent on
12505.68 -> and so now if we go over to our
12506.8 -> example.rb file really when you're
12509.04 -> coding for the cloud you can pretty much
12510.96 -> copy paste everything so over here we
12513.52 -> found this code here for s3 list buckets
12516.8 -> and so i'm going to go ahead and paste
12518.56 -> that on in
12519.68 -> okay
12521.04 -> and i know it looks really complicated
12523.04 -> but we can quickly simplify this so i
12525.68 -> know that this is just the output so i
12527.439 -> don't need that
12528.88 -> okay
12529.84 -> and in ruby you don't need parentheses
12531.68 -> or curlies if uh if you don't have any
12533.6 -> things there and so all i need to do is
12535.359 -> define a client
12537.279 -> so if i click
12538.479 -> uh if i go to the top here of this file
12540.319 -> i think we're in the client right now
12542.88 -> all the way the top all the way the top
12545.2 -> here
12546.64 -> that's what we need okay
12550 -> and so
12551.12 -> i'm going to paste that in now
12552.88 -> we can set the region here so i'm going
12554.239 -> to say us east one
12556.64 -> right and then you'd have your
12557.84 -> credentials
12559.439 -> because the credentials are on the
12561.439 -> machine in the
12564 -> credentials file they're going to auto
12565.76 -> load here i believe so i don't think i
12567.359 -> need to set them
12568.8 -> so i'm just going to take that out here
12570 -> for a second
12572.239 -> okay and i can do this if i want this is
12574.479 -> just slightly different syntax it might
12575.92 -> be easier to read if i do it this way
12577.279 -> for you
12579.76 -> okay and
12581.52 -> i don't need double client there so we
12583.04 -> have the client i like to name this like
12584.56 -> s3 so i know what it is
12586.72 -> and i put puts for the response
12589.12 -> i'm gonna do inspect
12591.2 -> and so puts is like print okay and so
12593.68 -> now if i type in bundle exect let's just
12596.56 -> make sure that it's in the context of
12598.08 -> our bundler file ruby
12600.84 -> example.rb um we have a syntax error on
12603.76 -> this line here unexpected thing here
12607.92 -> oh it's because of this it's because i
12609.439 -> commented it out so i'm just going to do
12610.8 -> curly parentheses comment out here
12614.84 -> okay
12616.72 -> actually to make it a bit easier i'm
12618.08 -> just going to bring this down like this
12621.84 -> okay and we'll paste that there
12625.68 -> okay and we'll try this again
12629.2 -> initialize constants a to bus oh yeah we
12630.88 -> have to require it so we have to require
12633.12 -> abs sdk s3 i think
12636.399 -> we'll hit up
12639.439 -> and uh we got a struck back so it is
12641.52 -> working
12642.96 -> we are getting an object back if we want
12644.8 -> to play around with this a bit more i'm
12646.319 -> just going to install another gem called
12647.52 -> pry pry allows us to um inspect code so
12650.8 -> we're going to do bundle install
12652.56 -> and i'm going to go
12653.92 -> back to ruby here i'm going to put a
12656 -> binding pry in here
12658.96 -> and then if i hit
12660.56 -> up and i do bundle exec ruby example.rb
12664 -> um
12665.279 -> i installed it right
12666.96 -> bundle install
12670.84 -> yes undefined method pry
12674.56 -> oh because i have to require it again
12677.12 -> bad habit here
12679.2 -> okay we'll hit up
12681.12 -> and so
12682.16 -> now i have an interactive shell and i
12684.16 -> can kind of analyze that object so we
12685.68 -> have a response if i type in rsp here i
12688 -> have the structure object i can type in
12690.16 -> buckets here
12691.92 -> okay and it's showing me a bucket i can
12693.439 -> give it get its name
12696.08 -> um
12698.399 -> oh i think it's an array so i think i'd
12700.479 -> say like i'd say like zero here
12703.279 -> or i could say first this is just how
12705.04 -> the ruby language works we say name i
12706.88 -> get the name
12708.319 -> creation date
12709.76 -> okay so you get the idea whatever you
12711.92 -> want to do
12713.359 -> you know you search for it you just say
12714.88 -> i want to delete a bucket i want to
12716.08 -> create a bucket right and you look for
12718.08 -> it so i say create bucket here
12720 -> i click on this
12722.08 -> and i can see the options and they are
12724.319 -> always really good about giving me an
12725.68 -> example and then down below they always
12727.6 -> tell you all the parameters that you
12728.88 -> have there so that's how the sdk works
12731.92 -> uh but yeah the credentials were soft
12734 -> loaded here but you could easily provide
12735.76 -> them yourself i should just show you
12737.12 -> that before anything else
12739.439 -> just because there's some variations
12740.64 -> there
12743.439 -> and i'm just trying to look for it
12744.96 -> because it is separate code
12749.279 -> so you could do this this is one way of
12751.12 -> doing it so you could do it separate
12752.64 -> from the code so if you only wanted to
12754.08 -> configure it once
12756.399 -> right because you could you could have a
12757.6 -> lot of clients you wouldn't want to keep
12758.96 -> on like for each client you wouldn't
12760.479 -> want to put region in every time so i
12762.16 -> could take this
12763.52 -> and put this right here okay
12767.279 -> and this is the file here where we have
12769.12 -> the credentials so this would be our
12771.84 -> um
12772.64 -> our access key and our id
12774.88 -> and so
12776.64 -> you never want to put your code directly
12778.56 -> just in here so if i open up if you go
12780.96 -> cat
12782.319 -> you would never want to do this but i'm
12783.52 -> just going to show as an example here
12786.319 -> credentials
12788.16 -> oops i got to get out of this exit
12790.88 -> address credentials
12794.72 -> oh did they not even show it on this
12796.16 -> machine which would be smart we wouldn't
12797.52 -> really want to see our credentials here
12799.76 -> uh hit up say ls
12802.479 -> oh no it's there okay
12805.2 -> cat whoops
12808.72 -> cru
12810.319 -> credentials there it is okay so
12813.12 -> you know if we look here we can see that
12814.64 -> there are credentials set it's a little
12816.08 -> bit different we have this like session
12817.68 -> token i guess it's to make sure that
12819.52 -> this expires over time but if i was to
12821.439 -> take these
12822.88 -> okay and i was just to paste them in
12824.479 -> here
12832.319 -> that's one way you would do it
12834.88 -> you never ever want to do this ever ever
12837.12 -> ever ever you never want to do this
12838.479 -> because you'll end up committing that to
12839.76 -> your code
12841.12 -> so this is really dirty to do so i don't
12842.88 -> ever recommend to do it
12845.279 -> if you wanted to have this applied to
12847.2 -> everything you could put it up here and
12848.88 -> so now when we call the clients
12851.04 -> we don't have to do it
12852.96 -> um of course if the they're loaded on
12854.8 -> the machine you don't have to do it the
12856.16 -> other thing is like if you if you want
12858.399 -> you could load them in via environment
12859.76 -> variables that's usually what you want
12861.76 -> to do so you say a bus access key
12866.479 -> right and then you say environment
12868.96 -> databus
12870.319 -> access secret
12872.56 -> and so you'd set those by doing i think
12874.479 -> it's like an export
12876.96 -> environment variables
12879.279 -> set
12880.16 -> in linux
12881.52 -> you think i know after like 15 years of
12883.439 -> doing this but i never remember so you
12884.96 -> type in export
12886.479 -> so you go down into whoops here you type
12889.439 -> in export and you just say something
12891.2 -> like i'm going to show an example to see
12893.2 -> if it works so i'm going to say hello
12894.319 -> world
12896 -> okay and if i do
12897.68 -> hello like that
12899.76 -> echo
12900.88 -> see it prints it out so that's how you
12902.8 -> would set it you'd set those there's but
12904.479 -> there's actually very specific ones that
12906.88 -> aws uses for
12908.72 -> the api and it's these ones here so you
12911.04 -> always want to use those
12913.2 -> okay so you put that in there
12917.04 -> and then there
12918.479 -> but of course you know like if they're
12919.92 -> already set in your machine you don't
12920.88 -> have to even specify those because it
12922.96 -> would auto load those environment
12924.56 -> variables i don't think they're set
12925.76 -> right now if we type in echo
12927.68 -> just take a look here is are they going
12929.04 -> to get auto loaded here
12932 -> no so
12933.6 -> but anyway so we could go here
12935.6 -> just as an
12936.84 -> example
12938.399 -> and well actually they just show them
12939.84 -> right here so you see your access key
12941.2 -> but we go and we type in
12943.52 -> export
12945.6 -> and i'm going to paste the key in there
12946.96 -> and i'm going to go to the front of it
12948.16 -> we're going to type a bus access
12950.479 -> key id equals
12953.439 -> enter
12954.319 -> and so now if i did echo on this aws
12956.8 -> access key
12958.16 -> id
12959.04 -> okay shows up but i just want to show
12960.8 -> you how it can kind of vary and those
12962.72 -> conditions around it so yeah that is the
12964.319 -> abuse sdk um and yeah a lot of times
12967.12 -> you're just copying pasting code and
12968.399 -> just kind of tweaking it you're not
12969.52 -> really writing
12971.12 -> real programming okay so hopefully that
12972.8 -> is less intimidating so i'm just going
12974 -> to close these off and i want to close
12976.16 -> down this cloud9 environment
12978.84 -> um
12980.479 -> i might have to reopen this up in
12982 -> another tab
12984 -> and go to the management console here
12986 -> and then go over to cloud9 and just
12988.399 -> close this tab
12990 -> and then i'll go ahead and delete this
12991.76 -> environment oops i'll just type delete
12993.52 -> here
12994.479 -> even if you didn't it would turn off
12995.84 -> after 30 minutes and you have that free
12997.359 -> tier so it's not that big of a deal it's
12999.6 -> up to you whether you want to use cloud9
13001.279 -> or git pods cloud9 is really good
13003.359 -> because it allows you to
13006.88 -> it allows you to uh
13009.2 -> use it runs on a virtual machine right
13011.12 -> so you have a
13013.04 -> a container runtime there and so it's
13015.52 -> very easy to run containers on it um
13017.52 -> whereas in like i've had some issues
13018.88 -> with git pods but um yeah those are the
13021.12 -> two okay
13022.63 -> [Music]
13026.8 -> well let's take a look at adam's cloud
13028.479 -> shell which is a browser-based shell
13030.399 -> built into the database management
13031.84 -> console and so cloud shell is scoped per
13034.319 -> region it has the same credentials as
13035.92 -> the logged in user and it's a free
13037.2 -> service so this is what it looks like
13039.2 -> and the great thing about this is that
13041.04 -> you know if you have a hard time setting
13043.12 -> up
13043.84 -> your own shell or terminal on your
13045.76 -> computer
13046.96 -> or maybe you just don't have access or
13048.88 -> privilege to do so it's just great that
13050.8 -> abuse makes this uh available to you and
13053.439 -> so what you can do is click the shell
13054.96 -> icon up at the top and that will expand
13056.88 -> this here some things to note about
13058.8 -> cloud shell is that it has some
13060 -> pre-installed tools so it has the cli
13062.479 -> python node.js kit make pip pseudo tar
13065.52 -> tmux vmwget vim and more it includes one
13069.359 -> gigabyte of storage free per aws region
13072.8 -> it will save your files in a home
13074.479 -> directory available for future sessions
13076.56 -> for the same in this region
13078.96 -> and it can support more than a single
13080.64 -> shell environment so it has bash
13082.64 -> powershell and zsh um and so enemies
13086.239 -> cloud shell is available in select
13087.84 -> regions so when i was in my canada
13089.84 -> region i was like where's the little
13091.04 -> shell icon but i realized it's limited
13093.12 -> for some areas okay
13095.22 -> [Music]
13099.439 -> hey this is andrew brown from exam pro
13101.439 -> and we're taking a look at
13102.64 -> infrastructure as code also known as iac
13105.76 -> and this allows you to write a
13106.96 -> configuration script to automate
13108.479 -> creating updating or destroying your
13110.479 -> cloud infrastructure the way you can
13112.319 -> think of isc it's a blueprint of your
13114.16 -> infrastructure and it allows you to
13116.239 -> easily share version or inventory your
13118.239 -> cloud infrastructure
13120.08 -> so aws has two different offerings
13122.64 -> for iac
13124.56 -> the first is cloud formation uh
13127.12 -> commonly abbreviated to cfn and this is
13129.68 -> a declarative iec tool and then you have
13132.239 -> abs cloud development kit commonly known
13134.319 -> as cdk which is an imperative iac tool
13137.359 -> so let's just talk about the difference
13138.399 -> between declarative and imperative and
13140.319 -> then we'll look at these tools a little
13141.76 -> bit closer uh each okay so declarative
13144.399 -> means what you see is what you get it's
13146.16 -> explicit it's more verbose but there's
13148.8 -> zero chance of misconfiguration unless
13151.04 -> the file's so big that you're missing
13152.56 -> something uh commonly declarative files
13155.439 -> are written in things like json yaml xml
13157.6 -> so for cloud formation it's just json
13159.279 -> and yaml
13160.64 -> and so that's that side there so for
13162.239 -> imperative you say what you want and the
13164.319 -> rest is filled in so it's implicit uh
13166.64 -> it's less verbose you could end up with
13168.88 -> some misconfiguration that's totally
13170.399 -> possible uh but it does more than
13172.56 -> declarative and you get to use your
13174.08 -> favorite programming language maybe
13175.439 -> python javascript actually cdk does not
13178.16 -> support ruby right now but i just have
13179.84 -> that in there just as a general
13181.68 -> description of what imperative is okay
13184.25 -> [Music]
13188.319 -> all right so just a quick look at
13189.52 -> cloudformation so cloudformation allows
13191.199 -> you to write infrastructure as code as
13192.88 -> either json or yaml the reason why was
13195.359 -> aws started with json and then everybody
13197.6 -> got sick of writing json and so they
13199.92 -> introduced yaml which is a lot more
13201.439 -> concise which you see on the right hand
13203.04 -> side so cloud formation is simple but it
13205.279 -> can lead to large files or is limited in
13207.52 -> some regards to creating dynamic or
13209.199 -> repeatable infrastructure compared to
13210.8 -> cdk a confirmation can be easier for
13213.279 -> devops engineers who do not have a
13214.96 -> background in web programming languages
13216.8 -> a lot of times they just know scripting
13218.16 -> and this basically is scripting since
13220.16 -> cdk generates out cloudformation it's
13222.08 -> still important to be able to read and
13223.6 -> understand cloud information in order to
13225.359 -> debug iac stacks knowing cloudformation
13228.239 -> is kind of a cloud essential when you go
13231.199 -> into the other tiers of aws
13233.52 -> like solutions architect associate
13235.04 -> professional or any of the associates
13236.88 -> you need to know cloud information
13238 -> inside and out okay
13239.99 -> [Music]
13244.64 -> okay so what i want to do now is
13246.319 -> introduce you to infrastructure as code
13249.279 -> and so we're going to take a look at
13250.64 -> cloud formation and so we were just
13252.319 -> using cloud9 for the sdk so we're going
13254.479 -> to go back and create ourselves a new
13256 -> cloud9 environment because we do have to
13257.76 -> write
13258.64 -> some code so i'll go ahead and hit
13260 -> create here and i'm going to just say uh
13262.72 -> cfn that's sort for cloudformation
13264.64 -> example
13265.84 -> and we'll hit next step
13268 -> and we'll create ourselves a new
13269.04 -> environment t2 micro
13270.96 -> amazon x2 is totally fine we'll hit next
13273.12 -> it'll delete after 30 minutes we'll be
13274.479 -> fine we're within the free tier we're
13276.479 -> going to give this a moment to load up
13278.64 -> and remember you can set your theme your
13281.199 -> your keyboard mode whatever you want as
13283.279 -> that loads and as that's going we're
13284.56 -> going to look up cloud formation
13286.56 -> and so cloud formation
13289.52 -> is very intimidating at first but once
13291.76 -> you get through the motions of it it's
13293.199 -> not too bad
13294.399 -> um so we'll go to the user guide here as
13296.479 -> we always do if you go to getting
13298.399 -> started
13300.239 -> it's going to just tell us some things
13301.92 -> it's going to read about yaml files
13304 -> um i don't think i really need to read
13306.08 -> much about this here so i think we'll
13308.16 -> just go start looking up some codes so
13309.52 -> something that might be interesting to
13310.96 -> launch is an ec2 instance
13313.04 -> cloudformation so that's what i'll do is
13314.72 -> i'll type in what i want so an ec2
13316.88 -> instance and i'll just start pasting in
13318.96 -> code so if we scroll on down below here
13322.399 -> i'm going to go to examples because i
13323.76 -> want a small example here this is
13325.199 -> something that i might want to do
13327.359 -> and we're going to give that a moment
13328.479 -> here
13329.6 -> it's almost done
13332.239 -> you can do a database come on
13334.399 -> as that is going i'm going to open a new
13336.319 -> tab
13337.76 -> i'm going to make my way over to
13338.88 -> cloudformation
13341.68 -> okay
13345.92 -> and
13346.72 -> you can see i have some older stacks
13348.479 -> here
13349.279 -> notice cloud9 when we create an
13351.199 -> environment actually creates a
13352.16 -> cloudformation stack which is kind of
13353.76 -> interesting
13355.76 -> um but if we go here
13358.56 -> we can create a stack and we can create
13360.479 -> a file and upload it here so
13363.12 -> okay this is good i'm going to go ahead
13365.12 -> and make a new file
13367.359 -> we're going to call it template
13369.68 -> dot yaml
13371.359 -> just so you know yaml can be yml or
13373.6 -> y-a-m-ml
13376 -> there's a big debate as to which one you
13377.52 -> use um i think that adabus likes it when
13380 -> you use the full version so i just stick
13382.399 -> with y-a-m-l
13385.68 -> i'm going to double click into that
13387.68 -> and so in the cc2 example i'm just going
13389.84 -> to copy this okay and i'm going to paste
13392.64 -> this in here
13394.56 -> and i'm going to type in resources
13397.359 -> oops capital
13401.199 -> okay so that's a resource i want to
13402.8 -> create
13403.76 -> um
13404.8 -> when you create cloud formation you
13406.72 -> always have a template version so
13409.359 -> i just need
13411.84 -> a basic example here at the top
13415.279 -> i guess that's a simple one is like a
13416.56 -> hello world bucket
13420.64 -> maybe we should do a bucket because
13421.6 -> it'll be a lot easier
13425.92 -> we don't have to make our lives super
13427.199 -> hard here
13428.56 -> okay um but what i'm looking for is the
13432 -> version because that's the first thing
13433.76 -> that you specify
13435.6 -> i'm just trying to find it within an
13437.279 -> example here
13440.72 -> oh for frick's eggs cloudformation
13442.72 -> version
13444.56 -> so they don't have the format version
13445.76 -> it's going to complain there it is okay
13447.68 -> so we'll copy that
13450.319 -> we'll go back over here
13452.72 -> we'll paste that in there
13454.319 -> it might be fun to do like an output
13455.68 -> here so i'm gonna do like an output
13457.359 -> outputs
13459.439 -> and uh maybe instead of doing this we'll
13461.359 -> type in a bus s3
13464.96 -> confirmation
13467.04 -> because what i'm looking for is what we
13469.279 -> can set as output so we'll say return
13471.52 -> values here
13474.64 -> um
13477.76 -> maybe we just want
13480.479 -> returns the domain name
13482.88 -> so we'll just say
13484.72 -> uh
13486.88 -> value
13489.439 -> ref that that's going to get the
13490.96 -> reference for it and we have to say
13492.8 -> hello bucket
13496.399 -> uh type string
13502.399 -> i'll say outputs confirmation example
13506.88 -> and even though i've written tons of
13508.16 -> cloud information it's just like if
13509.439 -> you're not doing it on day in day out
13511.04 -> you start to forget what it is
13512.8 -> so here for outputs we need a logical id
13515.279 -> description value and export so
13518.64 -> um
13519.6 -> that is what i want so i'm going to go
13521.279 -> ahead and copy that back here
13523.84 -> this is just so that when we run it
13525.439 -> we're going to be able to observe an
13526.88 -> output from the cloud formation file
13529.359 -> okay so the logical id is whatever we
13530.96 -> want so hello bucket domain
13535.12 -> it's funny because this is how you do
13536.96 -> do kind of that would be the format for
13538.88 -> terraform i was getting that mixed up
13540.8 -> so the domain
13543.52 -> of the bucket
13545.12 -> the value here is going to be ref
13548.88 -> hello
13551.12 -> bucket
13552.88 -> domain name
13558.16 -> that's the output
13561.76 -> export
13563.12 -> value to export
13567.04 -> uh can i get an example here
13573.439 -> else name
13576.399 -> oh you know what export is for uh cross
13578.72 -> stacks we don't need to do that okay so
13580.16 -> that's fine so what we'll do is set that
13582.88 -> and we'll take out our old one and so
13584.399 -> this should create us an s3 bucket so
13586.16 -> with cloudformation you can
13588.88 -> provide a template here by providing a
13590.88 -> url or you can upload a file directly
13593.92 -> so
13595.439 -> i'm just trying to decide here how i
13596.88 -> want to do this you can also use a
13598.239 -> sample file or create a template in the
13600.479 -> designer i'm going to go over to the
13601.439 -> designer
13603.92 -> because then we can just like paste in
13605.199 -> what we want so if i go over to yaml
13606.88 -> here
13607.76 -> and we go back over here i copy this
13611.04 -> i'm just going to paste this in here
13615.52 -> and we're going to hit the refresh
13616.96 -> button nobody ever uses the designer but
13618.96 -> this is just kind of an easy example for
13620.72 -> me to
13621.84 -> place this in here
13629.92 -> it's not really working maybe i go to
13631.439 -> template dude here
13633.279 -> refresh
13636 -> there we go so there's our bucket it's
13637.76 -> nice to have a little visualization and
13639.439 -> i believe this is going to work as
13640.88 -> expected so now that we have our
13643.52 -> designer template i think if we hit
13645.279 -> close what's this button say
13647.439 -> validate template probably good idea
13648.96 -> validating the template
13650.72 -> template contains errors unresolved
13652.56 -> resource dependency in the output block
13654.8 -> of the template hello
13657.6 -> domain
13658.8 -> bucket
13661.6 -> seems like it should be fine
13666 -> let's go oops
13668.96 -> let's go back over here
13671.92 -> that's what i did i said reference
13674 -> that value
13676.8 -> oh uh maybe it's get a trib okay
13680.64 -> it's get att sorry
13684.72 -> get a trib
13686.479 -> cloud formation
13687.76 -> i can't remember if there's an r on the
13688.96 -> end of it oh it's just att this is if
13690.88 -> you're trying to get a return intrinsic
13692.8 -> value so a reference is like what the
13694.96 -> default one is but every time we do like
13696.8 -> a logical name and attribute that's how
13698.319 -> we get that there so
13699.92 -> what i'm going to do here is just hit
13701.04 -> refresh
13702.399 -> and i'm going to validate that one more
13704 -> time
13705.52 -> now it's valid if i hover over this is
13707.359 -> it going to upload it create the stack
13710.319 -> we could save this save it
13713.279 -> but we can save it in s3 bucket so we'll
13714.88 -> say hello
13717.439 -> bucket
13718.72 -> and so now we have this url so i'm going
13720.479 -> to copy it honestly i never use this
13722.88 -> editor so it's kind of interesting
13724.64 -> i'm going to leave
13727.279 -> and we're probably going to hit create
13728.239 -> stack but i just find it a bit easier if
13729.68 -> we just kind of do it through
13731.199 -> this here so go back create the stack
13733.76 -> we're going to paste in the url we're
13735.04 -> going to say next
13736.96 -> and we're going to say
13738.72 -> my new stack
13741.52 -> and i didn't see what the name of the
13742.96 -> bucket was
13744.8 -> oh there's no name so it's going to
13745.92 -> randomize that's perfect so we'll go
13747.76 -> next
13749.04 -> we have a bunch of options here we'll
13750.72 -> hit next
13752.56 -> we'll give it a moment here i guess we
13753.92 -> have to review it create the stack
13756 -> and this is the part where we watch so
13757.359 -> it says create in progress and we wait
13759.52 -> and we hit refresh
13762.88 -> and we can see what's happening it's
13764.16 -> trying to create a bucket
13768.56 -> and if we go to resources this is this
13770.239 -> is a lot easier to track because you can
13771.68 -> see all the resources that are being
13772.88 -> created
13780.8 -> if you notice that when you use the cl
13782.319 -> uh when you're using the abs management
13783.68 -> calls in korean s3 bucket it's
13784.88 -> instantaneous but like with cloud
13786.08 -> formation there's a bit of delay because
13787.439 -> there's some communication going on
13788.72 -> board but here it is and notice if we go
13790.88 -> to our outputs this is the the value of
13793.68 -> the bucket domain name if we were to
13795.439 -> make it with uh self-hosting which is
13797.12 -> not what we're doing with it we could
13798.8 -> also have an export name which would be
13800.08 -> used for cross-referencing stacks which
13801.76 -> is not something we care to do
13804.319 -> but yeah that's how you create a stack
13806.399 -> that way
13807.6 -> um but you know we can also do it via
13809.84 -> the sdk here so
13812.16 -> what i can do
13813.439 -> um
13814.88 -> is look up what is the inves
13817.279 -> cli cloud formation
13819.279 -> because they have their own commands
13820.56 -> here if i go here
13823.52 -> there's a new one and there's an old one
13826.319 -> so
13828.479 -> if we go create stack
13832.479 -> yeah there's things like this like
13833.439 -> create stack update
13835.76 -> um so if we wanted to do it this way
13841.76 -> okay and i copied this here
13844.08 -> i'm just gonna put this in my readme
13845.439 -> here for a second
13848.8 -> uh so here what you do is you say my new
13851.439 -> stack
13852.64 -> and you can provide the template url or
13855.04 -> you could specify the local path here
13858.319 -> so we have like a template body so i'm
13860.08 -> gonna go ahead and grab that
13863.359 -> okay
13864.319 -> this would be like yaml
13866.56 -> and
13867.68 -> um i need to specify this file here so
13870.319 -> template.yaml
13873.439 -> and i'm just gonna go pwd here to get
13876.399 -> the full path
13878.08 -> okay
13880.08 -> and i'm going to just paste that in
13881.12 -> there oops
13884.8 -> okay i'm going to do ls
13886.479 -> okay so that gives us the full path of
13888 -> the file you can also specify the
13889.439 -> template url
13891.359 -> and so this should work as well if i
13893.12 -> take this and paste that on as a command
13899.12 -> it's unable to locate parameter file
13901.439 -> there's three
13902.399 -> three triple slashes there we'll just
13903.76 -> fix that there
13906.239 -> paste
13908.88 -> unable to load param file
13911.12 -> no such file of directory and there's a
13913.04 -> t missing
13915.279 -> okay
13916.88 -> be like don't be like me and make sure
13918.399 -> you don't have spell any mistakes okay i
13920.64 -> can type clear down here so i can see
13921.92 -> what i'm doing we'll hit enter whoops
13926.239 -> unable to load the parameter file notice
13928.08 -> file or directory
13932 -> home well i you didn't want the forward
13934.239 -> slash
13935.52 -> so another thing we can try to do i
13936.8 -> think it will take it relative so if i
13938.399 -> do this it should work
13942.399 -> i don't ever remember having to specify
13943.92 -> the entire path an error occurred while
13946.08 -> calling the crate stack my new stack
13948 -> name already exists if i go back over
13949.84 -> here give this a refresh oh that's what
13951.92 -> we named our stack the the one that we
13953.76 -> did so i'm going to say stack2
13956.16 -> okay
13960.239 -> format unsupported structure when
13962 -> calling the create stack operation
13966.88 -> are you kidding me i do this all the
13968.56 -> time
13970.64 -> template body
13972 -> yaml file cloudformation
13979.68 -> unsupported structure take a look here
13988.479 -> oh you know what i think uh this one's
13990.56 -> out of date that's why so what we can do
13992.88 -> is go to our old stack here and we can
13995.12 -> actually see the template i can go ahead
13996.88 -> and copy this whoops and we can go ahead
13999.279 -> and paste that in there and then now
14001.199 -> what i can do
14003.359 -> so you know that's that's the reason why
14004.72 -> it wasn't working okay so we'll hit
14006.16 -> enter
14008.08 -> um
14008.96 -> unsupported structure
14011.199 -> it should be supported
14016.08 -> let's see if cloudformation can help us
14017.52 -> out
14019.199 -> um
14020.08 -> apparently there was very unhelpful
14021.6 -> error message formatting so try the
14023.439 -> validate template option
14025.6 -> i wonder if we could just do this
14028.399 -> maybe if that would help here
14031.439 -> i'm just heading up to try to run it
14032.88 -> again
14034.479 -> nope i guess we can try to validate it
14036.399 -> here
14037.68 -> it's like i'm not having much luck here
14039.12 -> today
14041.199 -> so we'll just say this here
14043.52 -> maybe it's not even loading that file
14044.96 -> where it is i
14051.04 -> so there's no errors
14056.96 -> i'm just going to make this one line
14065.92 -> okay created so for whatever reason i
14067.76 -> must have had a bug there and so
14069.68 -> sometimes putting on one line helps that
14071.199 -> out because i must have had an obvious
14073.199 -> mistake there and now we can see the
14075.04 -> stack is creating it's doing the exact
14076.72 -> same thing it's creating a different
14078.56 -> bucket though if we go over to our s3
14080.64 -> here
14084.88 -> again you know you don't need to be able
14086.72 -> to do this yourself to pass the exam
14088.8 -> it's just so i'm just trying to show you
14090.88 -> like what it is so you kind of absorb
14092.319 -> any kind of knowledge about what's going
14093.76 -> on here notice down below it uses the
14095.68 -> stack name followed by uh the read the
14098.08 -> logical name of the resource there
14100.64 -> okay
14102.08 -> and what we'll do is wait for that to
14103.439 -> create once that's created we can go
14104.72 -> ahead and delete these stacks we could
14106.479 -> also use the aws cloud formation to say
14108.319 -> like delete stack but i don't want to
14110.96 -> bore you with that today
14113.439 -> and so we'll hit refresh here wait for
14115.439 -> those stacks to vanish
14118.56 -> okay those are gone uh what i'm going to
14120.399 -> do is kill this cloud9 environment
14122.96 -> if there's a way to do it from here i
14124.56 -> have never known how to do it go back to
14126.88 -> your dashboard well that's nice to know
14129.199 -> we'll go ahead and just delete this
14133.04 -> okay
14134 -> we'll close that tab
14135.439 -> and so now we are all in good shape and
14137.359 -> so that was our introduction to
14140 -> cloudformation okay
14144.4 -> [Music]
14146 -> let's take a look here at cdk so ctk
14148.239 -> allows you to use your favorite
14149.68 -> programming language to write
14150.88 -> infrastructure as code and technically
14152.8 -> that's not true because they don't have
14154.16 -> ruby and that's my favorite but anyway
14156.56 -> some of the languages include node.js
14158.319 -> typescript python
14160.199 -> java.net and so here's an example of
14162.72 -> typescript typescript was the first
14164.319 -> language that was introduced for cdk
14167.04 -> it's usually the most up-to-date so
14169.199 -> not always does cdk reflect exactly
14171.76 -> what's in cloud formation but i think
14173.279 -> they're getting better at that okay so
14175.279 -> cdk is powered by cloudformation it
14177.199 -> generates outcloud formation templates
14178.88 -> so there is an intermediate step uh it
14180.8 -> does sometimes feel a bit slow so i
14182.56 -> don't really like that but you know it's
14183.92 -> up to you cdk has a large library of
14186.319 -> reusable cloud components called cdk
14188.239 -> constructs at constructs.dev this is
14190.64 -> kind of the concept of terraform modules
14192.64 -> it is really really useful uh and
14194.88 -> they're really well written and they can
14197.04 -> just reduce a lot of your effort there
14198.8 -> ct cdk comes with its own cli um and i
14202.239 -> didn't mention this before but cloud
14203.6 -> formation also has its own uh
14205.92 -> cli okay cdk pipelines uh are
14209.52 -> allow you to quickly set up ci cd
14211.199 -> pipelines for cdk projects that is a big
14213.68 -> pain point for cloud formation where you
14215.199 -> have to write a lot of code to do this
14217.12 -> whereas
14218.319 -> the cdk has that off the bat makes it
14220.72 -> really easy for you cdk also has a
14223.199 -> testing framework for unit and
14224.399 -> integration testing i think this might
14226.16 -> be only limited to typescript because i
14227.76 -> didn't see any for the rest of the
14228.96 -> languages but um you know i wasn't 100
14231.76 -> sure there
14232.96 -> this
14233.76 -> one thing about cdk is that it can be
14235.359 -> easily
14236.399 -> confused with sdk because they both
14238.64 -> allow you to pragmatically work with aws
14241.92 -> uh using your favorite language but the
14243.439 -> key difference is that cdk ensures uh it
14246.88 -> opponents
14248.08 -> of your infrastructure so what that
14249.76 -> means that's such a hard word to say but
14252.479 -> what that means is that um
14255.359 -> you know if you use this cdk to say give
14258.399 -> me a virtual machine you'll always have
14260.72 -> a single virtual machine uh because it's
14263.279 -> trying to manage the state of the file
14265.199 -> whereas uh when you use sdk if you run
14267.439 -> it every time you'll end up with more
14268.8 -> and more servers uh and it's not really
14270.96 -> managing state so hopefully that is
14272.479 -> clear between the difference there
14274.62 -> [Music]
14278.8 -> okay so we looked at cloud formation but
14280.479 -> now let's take a look at cdk cloud
14282.64 -> formation or confirmation cloud
14284.319 -> development kit it's just like cloud
14286.319 -> formation but you use a programming
14288.319 -> language in order to implement your
14290.319 -> infrastructure as a code i don't use it
14292.239 -> very often i don't particularly like it
14294 -> but you know if you are a developer and
14296.479 -> you don't like writing cloud formation
14297.84 -> files and you want to have something
14299.12 -> that's more pragmatic you might be used
14300.399 -> to that um this i think should be
14302.64 -> deleting because we were deleting the
14304.16 -> last one here and notice how it's grayed
14305.68 -> out i can't select it so don't worry
14307.04 -> about that create a new one it will say
14309.68 -> example we'll hit next
14312.72 -> t2 micro ec2 instance amazon x2 you know
14315.84 -> the drill it's all fine here we'll go
14317.6 -> ahead and create ourselves a new
14318.88 -> environment we're going to let that spin
14320.96 -> up there and as that's going we're going
14322.16 -> to look up
14323.279 -> adabus cdk
14325.52 -> so it was cdk
14328.08 -> and we probably want to go to github for
14330.319 -> this
14332 -> okay because it is open source
14334.56 -> and so i want to go to getting started
14338.56 -> and i have used this before but i never
14340.239 -> can remember how to use it
14341.84 -> probably the easiest way to
14343.6 -> use this is by using typescript
14346.72 -> so
14348.72 -> here's an example initialize a project
14350.16 -> make directory cdk oh first we gotta
14352.319 -> install it right
14354.08 -> so give that a moment so this is node
14355.68 -> you know how we did like bundle install
14357.439 -> this is like the same thing but for uh
14360 -> typescript installer update the it was
14362.239 -> cdkcli from npm we recommend using this
14365.52 -> version
14366.88 -> etc etc
14368.399 -> so again we're just waiting for that to
14369.92 -> launch but as we wait for that it's very
14372.72 -> simple we're just going to install it
14374.56 -> create a directory
14376.72 -> go into that directory initialize the
14378.64 -> example
14379.76 -> here it's setting up an sqsq
14383.199 -> which is um that's quite a complex
14385.439 -> example
14386.72 -> but you can see it's code right and then
14388.72 -> we run cdk deploy and we'll deploy it
14390.96 -> and then hopefully we'll have that
14392.84 -> resource so again we're just waiting for
14396.239 -> cloud nine
14399.76 -> there we go so cloud nine is more or
14401.92 -> less ready uh terminal seems like it's
14404.56 -> still thinking
14406.08 -> and we have a javascript one which i do
14408.16 -> not care about there we go there's our
14409.92 -> environment we're going to make sure we
14410.96 -> have npm so we can type in npm
14414.88 -> great it says version 8.1.0
14418.56 -> and so
14419.68 -> this is asking for 10.
14422.72 -> okay i don't know if this gives us like
14424.319 -> nvm installed mvm
14426.399 -> it does so what we can do is do mvm list
14428.96 -> that stands for node version manager
14430.56 -> ruby has one as well and so it's telling
14432.8 -> us what version we're on i want to
14435.12 -> update um looks like we have a pretty uh
14437.92 -> pretty new version but what i want is
14439.92 -> the latest version of
14441.76 -> oh but that's node version that's not
14443.12 -> necessarily npm so we'll do node version
14445.92 -> oh 17 okay we're well
14448.319 -> well in the uh range of the new stuff so
14450.8 -> what i'm going to do is scroll on down
14452.56 -> we're going to grab this link here or
14454.319 -> this code here hit enter
14456.88 -> and that's going to install the adabus
14458.479 -> cdk
14459.84 -> so it says
14462.08 -> file already exists oh so maybe it's
14463.76 -> already installed on the machine
14468.479 -> um
14469.439 -> cdk let's type in cdk
14472.399 -> because of course aws wants to make it
14474.16 -> very easy for us this software has not
14476 -> been tested with
14477.359 -> what was that warning
14479.12 -> with node 1701 you may encounter runtime
14481.68 -> issues great aws you're like the one
14483.76 -> that installed this stuff here so we get
14485.199 -> a bunch of the commands which is great
14487.279 -> and so what we'll do is follow their
14489.359 -> simple instructions we'll say hello cdk
14492.8 -> we will cd into this
14495.76 -> and
14497.68 -> now what we can do is run cdk init
14501.12 -> and this language here
14504.239 -> and so that's going to do a bunch of
14505.68 -> stuff creates tons of files it's going
14508.16 -> to vary based on what you're using
14510.88 -> like which language because cdk comes
14513.52 -> available in a variety of languages so
14515.52 -> if you type in aws cdk
14518.08 -> documentation here
14524 -> notice up here
14525.12 -> python java.net
14526.96 -> so i think it has more than just those
14528.88 -> three languages but um
14531.12 -> you know i wish it supported more like
14533.359 -> yeah i see here is c-sharp java
14536.319 -> but i really wish there was a ruby
14540.239 -> so we'll give this a moment here to get
14542.64 -> installed and i will see you back here
14544.8 -> when it is done okay
14549.6 -> okay uh it turns out i only had to wait
14551.84 -> like a second there but it says there's
14553.279 -> a newer version of the cdk you probably
14555.52 -> should install it but
14557.359 -> i just want to get going here so as long
14559.199 -> as i don't run into any issues i do not
14560.88 -> care um but anyway so looking at this
14564.08 -> and again i rarely ever look at this but
14566.399 -> i'm a developer so it's not too hard for
14568.08 -> me to figure out but under the lib this
14569.92 -> is our stack that we're creating and
14571.92 -> here is it is loading in sqs it's
14574.88 -> loading in sns
14576.399 -> and then the core library it's creating
14578 -> an sqsq
14579.84 -> and it's setting the visibility of that
14581.12 -> timeout it's also creating an sns topic
14583.199 -> so those are two resources that we
14584.8 -> expect to be created
14586.8 -> if we scroll on down to the getting
14588.56 -> started it just says cdk deploy
14591.439 -> so what we'll do is go ahead and hit
14594.479 -> enter
14595.6 -> and let that do whatever it wants to do
14602.72 -> and it is thinking there we go so here
14605.12 -> we have i am statement changes so it's
14607.199 -> saying this deployment will potentially
14608.96 -> make potential sensitive changes
14610.239 -> according to your current security
14611.84 -> approval options
14613.359 -> there is there may be security related
14614.64 -> changes not in this list do you want to
14616.239 -> deploy sure we'll hit y
14620.88 -> deploying creating cloud information
14622.399 -> change that so cdk is using
14624.88 -> cloudformation underneath
14626.72 -> it's not complicated
14630.8 -> and as that is going what we'll do is
14632.56 -> we'll make our way over to our aws
14634.279 -> amazon.com console
14637.6 -> and if we go over to cloudformation
14640.399 -> we'll see if we see anything yet
14645.439 -> so it's creating a stack here we can
14646.88 -> click into it we can go over to our
14648.399 -> events
14649.52 -> see that things are being created this
14651.199 -> is always confusing so i always go to
14652.64 -> resources to see what is individually
14654.319 -> being created and they're all done
14656.56 -> so we go over here and they exist
14658.72 -> so here it says
14660.72 -> that we have a queue called this
14663.6 -> right sometimes they have links you can
14665.52 -> link through it so
14666.96 -> notice here i can click on the topic and
14668.399 -> get to that resource in sns which is
14670.16 -> nice for sqs i'm just going to type in
14672.84 -> sqs enter
14676.56 -> and there it is okay so we don't really
14678.88 -> understand what those are we could
14680.08 -> delete the stack this way there's
14681.6 -> probably a cdk way to delete the stack
14684.16 -> so
14685.68 -> cdk destroy
14689.76 -> i assume that's what it is
14692.56 -> destroy okay so we'll type in cdk
14694.64 -> destroy
14701.76 -> given a moment
14703.52 -> we're going to say yes
14708.72 -> okay it's deleting in progress
14710.88 -> we can even go back here and double
14712.56 -> check
14721.439 -> still thinking
14730.56 -> again you know if we deleted these for
14732.08 -> real it would take like a second
14734.399 -> but you know sometimes they're just slow
14739.279 -> sometimes it's because a resource can
14740.72 -> get hung
14741.92 -> as well
14743.12 -> but uh i don't think anything is a
14745.279 -> problem so here we can see what the
14746.88 -> problem is
14747.92 -> not necessarily a problem but it's just
14749.6 -> the sqs is taking a long uh longer time
14752.16 -> to delete where the s subscription is a
14754.16 -> lot faster
14763.359 -> so i'll just see you back here in a
14764.64 -> moment okay okay so after a short little
14766.64 -> wait there it finally finished uh i just
14768.72 -> kept on hitting refresh until i saw it
14770.16 -> deleted and so it's out of there and so
14772.479 -> we'll get rid of our cloud9 environment
14774.08 -> since we are done with it
14776 -> so type in cloud9 up at the top
14779.68 -> and we'll go ahead and delete
14781.6 -> and we will go ahead and delete this
14783.6 -> here thank you
14786 -> and we will go back to our aws
14788.359 -> amazon.console here just so we can get
14790.399 -> our
14791.68 -> bearings straight here
14793.84 -> and there we go
14794.84 -> [Music]
14799.76 -> all right let's take a look here at the
14800.88 -> aws toolkit for vs code so aws toolkit
14803.439 -> is an open source plugin for vs code to
14805.199 -> create debug deploy it was resources
14807.52 -> since vs code is such a popular
14810 -> editor these days i use vim but it's
14812.239 -> very popular um i figured i should make
14814.56 -> sure you're aware of this um plugin so
14817.359 -> it can do four things you get the abyss
14819.359 -> explorer this allows you to explore a
14820.96 -> wide range of database resources linked
14822.8 -> to your aws account
14824.479 -> uh and sometimes you can view them
14826.239 -> sometimes you can delete them it's going
14828.16 -> to vary per service and what's available
14830.08 -> there then you have the aws cdk explorer
14832.72 -> this allows you to explore your stacks
14834.16 -> defined by cdk
14836.08 -> then you have amazon elastic
14838.08 -> container service ecs this provides
14840.319 -> intellisense for ecs task definition
14842.64 -> files intellisense means that when you
14844.56 -> type
14845.439 -> and you you'll get like autocompletion
14847.279 -> but you'll also get a description as to
14849.279 -> what it is that you're typing out then
14851.359 -> there is serverless applications and
14852.96 -> this is pretty much the main reason to
14854.399 -> have database toolkit it allows you to
14856.56 -> create debug deploy service applications
14858.64 -> via sam and cfn and so
14861.6 -> there you can see the command palette
14862.8 -> and you can kind of access stuff there
14864.239 -> okay
14865.34 -> [Music]
14869.68 -> let's take a look here at access keys so
14871.52 -> an access key is a key and secret
14873.439 -> required to have pragmatic access to
14875.359 -> database resources when interacting with
14877.439 -> the awps api outside of the aws
14880.159 -> management console so uh access key is
14883.04 -> commonly referred to as aws credentials
14884.96 -> so if someone says database credentials
14886.399 -> so you generally are talking about the
14888.159 -> access key not necessarily your
14890.88 -> username and password to log in
14893.12 -> so a user must be granted access to use
14895.6 -> access key so when you're creating a
14897.279 -> user you can just check box access key
14900 -> um you can always do this after the fact
14901.92 -> but it's good to do that as you're
14903.439 -> creating the user and then you can
14905.359 -> generate an access key and secret so you
14907.76 -> should never share your access keys with
14909.92 -> anyone they are yours if you give them
14911.52 -> to someone else it's like giving them
14912.72 -> the keys to your house it's dangerous
14914.96 -> never commit access keys to a code base
14917.52 -> because that is a good place for it to
14920 -> get leaked at some point you can have
14922.56 -> two active keys at any given time you
14925.12 -> can deactivate access keys obviously
14927.12 -> delete them as well access keys have
14929.359 -> whatever access a user has to aims
14931.52 -> resources so
14932.88 -> you know you can do the database
14934 -> management console so can the key
14936.56 -> so access keys are to be stored in the
14939.56 -> aws.aws credentials file so um and if
14943.6 -> you're not familiar with linux this
14945.359 -> tilde here this actually represents your
14947.199 -> home folder so whether you're on windows
14949.359 -> or a linux that's going to be your home
14951.439 -> folder and then you have this period aws
14953.92 -> that means that it's a hidden folder but
14955.84 -> you can obviously access it and so in
14957.84 -> the it's just a tommel like file i think
14960.56 -> it's tommel um but i never
14962.8 -> uh 100 verified that it's tommle it
14964.72 -> looks just like tarmal
14966.239 -> and so what you'll have here is your uh
14968.56 -> default profile and so this is
14971.04 -> what you would use um or this is what
14973.76 -> any of your tools you use like the cli
14975.68 -> or anything else would automatically use
14978.08 -> if um
14979.279 -> if you did not specify a profile you can
14981.68 -> of course store multiple access keys and
14984.8 -> then give it a profile name
14986.64 -> um so if you are doing this for the
14988.479 -> first time you might just want to type
14989.6 -> in aws config and it'll prompt you and
14991.279 -> you'll just enter them in there as well
14992.96 -> i think that sets the default one when
14994.8 -> you're using the sdk
14997.279 -> you would rather probably use
14999.04 -> environment variables because this is
15000.72 -> the safest way to access them when you
15003.439 -> are writing code all right
15005.52 -> so there you go
15007.03 -> [Music]
15011.12 -> all right let's talk about access keys
15012.64 -> access keys are very important to your
15014.319 -> account um and so what we'll do is go to
15016.159 -> im if you are the root user you can go
15018.56 -> in and you can uh generate access keys
15020.88 -> for people um but uh generally you're
15022.88 -> doing it yourself for your own account
15024.159 -> so i go to users i'm going to click into
15026.399 -> mine here and we'll go over to security
15028.319 -> credentials and here you're going to
15030 -> notice access keys and one thing that is
15032.56 -> interesting is that you can only ever
15033.92 -> have two access keys at a time so hit
15035.84 -> create i'm just going to close that
15037.52 -> notice that the button is grayed out i
15039.76 -> can
15040.96 -> deactivate them if i feel that i haven't
15043.279 -> used them in a while and i can make them
15045.52 -> active again so i can bring them back
15047.439 -> into access or what i can do is
15050.56 -> make them inactive
15052.399 -> right
15053.52 -> and then i can delete them
15055.439 -> and so
15056.399 -> what i recommend
15058 -> right even if you do not want to
15059.76 -> pragmatically be using your account for
15061.439 -> anything you always want to fill up both
15063.68 -> these and the reason why and this is for
15066.239 -> security reasons is that if somebody
15068.399 -> wanted to come in
15069.84 -> and uh uh get into your account what
15072.72 -> they would do is they would try to find
15074.64 -> a user
15076 -> where they have access to them and then
15077.6 -> they would try to generate out a key so
15079.84 -> if both these keys are taken up so if
15081.68 -> you generate both these keys
15084.479 -> okay and this is the one you want to use
15086.08 -> you deactivate the other one okay we're
15088 -> not going to use that one and so now
15089.68 -> there's no way for them to fill up that
15091.439 -> other slot okay
15093.199 -> and so that is my strong recommendation
15095.359 -> to you but there's again only ever two
15097.52 -> here i'm just going to
15099.199 -> uh delete both of these so that
15102.159 -> when we want to uh do whatever next in a
15105.04 -> tutorial we'll go generate that out okay
15107.6 -> so go ahead and clear that out
15110.96 -> so hopefully that is
15113.279 -> enough for you to understand what to do
15115.12 -> with these axis keys okay
15117.84 -> so i'm gonna go back here
15119.84 -> there you go
15123.71 -> [Music]
15125.92 -> let's take a look here at aws
15127.199 -> documentation which is a large
15128.8 -> collection of technical documentation on
15130.72 -> how to use aws services which we can
15132.64 -> find at doc.abs.amazon.com
15135.76 -> and so this is kind of like the landing
15137.12 -> page where you can see all the guides
15138.72 -> and api references if you expand them in
15140.8 -> there
15141.92 -> into ec2 and you click on the user guide
15143.92 -> you can see html in pdf format kindle
15147.279 -> and you'll notice there's a link to
15148.399 -> github and that's because all of these
15150.159 -> docs are open source and you can
15151.359 -> contribute to them if you choose to do
15153.04 -> so i've done so multiple times in the
15155.359 -> past it's quite fun so aws is very good
15157.68 -> about providing detailed information
15159.12 -> about every individ service and the
15160.64 -> basis of this course and any aws
15162.479 -> certification will derive mostly from uh
15165.04 -> the adabus documentation so i like to
15168 -> say that i'm not really coming up with
15169.92 -> new information i'm just taking what's
15171.92 -> in the docs and trying to make it more
15173.12 -> digestible and i think that's the thing
15174.72 -> is like the docs are really good you can
15177.04 -> read them end to end but they are very
15178.96 -> dense
15180 -> and so it can be a bit hard to figure
15181.6 -> out what you should read and what you
15182.8 -> should not um but they are a really
15185.279 -> great resource and you should spend some
15186.72 -> time in there okay
15188.32 -> [Music]
15192.239 -> so i just want to quickly show you the
15193.68 -> aws documentation like give you a bit of
15196 -> a tour of it so if we go to
15197.8 -> about.amazon.com and type in docs
15200.56 -> i'm sure you might have seen this
15201.68 -> through other tutorials but the idea is
15203.439 -> that you have basically documentation
15205.76 -> for basically any possible service that
15207.52 -> you want and a lot of times you'll click
15209.279 -> into it and what you'll get are these
15211.279 -> little boxes and they'll show you
15212.8 -> different guides and it's going to vary
15214.479 -> based on service but a lot of times
15215.92 -> there's a user guide there's an api
15217.92 -> reference
15219.199 -> those are the two that you'll see there
15221.199 -> maybe go to something simpler like s3
15224.159 -> that might be a simple example yeah user
15225.76 -> guide api api reference and so
15228.88 -> all of these are on github right if you
15230.64 -> open these up the documentation is here
15232.8 -> if you find something you don't like you
15234.159 -> can submit issues
15235.92 -> and uh and correct things you can even
15238 -> submit your own examples i have um
15241.04 -> i have committed uh example code to the
15244.479 -> docs specifically for ai services so you
15247.52 -> might be looking examples that i
15249.04 -> implemented or even ruby examples since
15250.88 -> i really like to promote ruby on aws you
15253.84 -> can download it as a pdf or you can take
15255.52 -> it as html a lot of times you're going
15257.439 -> to the user guide and the way i build
15259.84 -> the courses here is i actually go
15261.279 -> through and i read these end to end so
15263.439 -> you know if you wanted to do that you
15264.8 -> want to be like me you can do that or
15266.72 -> you can just watch my courses and save
15268.64 -> yourself the trouble and not worry about
15270.72 -> everything that is here but generally
15272.56 -> the documentation is extremely extremely
15274.96 -> good there are some exceptions like
15276.88 -> amazon cognito where the content is good
15279.68 -> but it's just not well organized so i
15282.08 -> would say aws out of every other
15283.92 -> provider they have the most complete
15286 -> documentation
15287.439 -> they generally don't keep their examples
15289.279 -> or like tutorials within here it's
15291.04 -> usually pretty light they'll have some
15292.479 -> examples
15293.68 -> um but like they like to have items labs
15296 -> separately so you type if it's labs
15297.76 -> github right you go here
15300.479 -> and a lot of stuff is in here instead so
15302.399 -> you have a lot of great tutorials and
15304.64 -> examples over there okay
15306.8 -> um but yeah pretty much that's all there
15308.64 -> is to it is there consistency between
15310.319 -> documentations no they kind of vary
15313.279 -> um you know but uh it's all there is my
15316.08 -> point and they're always keeping up to
15317.68 -> date so that's all you need to know
15319.359 -> about the aws documentation
15321.47 -> [Music]
15325.84 -> hey this is andrew brown from exam pro
15327.76 -> and we are taking a look at the shared
15329.359 -> responsibility model which is a cloud
15331.439 -> security framework that defines the
15332.96 -> security obligations of the customer
15335.279 -> versus the cloud service provider in
15336.88 -> this case we're talking about aws and
15338.64 -> they have their own shared
15339.68 -> responsibility model it's this big ugly
15341.84 -> blob here
15343.199 -> and the thing is is that every single
15344.96 -> csp has their own variant on the model
15348.319 -> so they're generally all the same but
15349.76 -> some visualizations make it a little bit
15351.92 -> easier to understand or they kind of
15354.88 -> include a little bit more information at
15356.399 -> different parts of it and so just to get
15358.64 -> make sure that you have well-rounded
15360.159 -> knowledge i'm going to go beyond the
15361.84 -> aws's shared responsibility model and
15363.76 -> just show you some variants uh there's
15365.6 -> also variance not just per uh csp but
15368.399 -> also the type of cloud deployment model
15370.88 -> and sometimes these are also scoped
15372.64 -> based on a cloud service category like
15374.239 -> compute or machine learning and these
15376.399 -> can result in specialized share
15378.08 -> responsibility models so that's what
15379.92 -> we'll look at in this section okay
15382.09 -> [Music]
15386.159 -> all right so let's take a look at the
15387.359 -> adab shared responsibility model and so
15389.439 -> i've reworked the graphic because it is
15391.6 -> a bit hard to uh digest and so i'm
15394.08 -> hoping that this way will be a little
15395.359 -> bit easier for you i cannot include the
15397.6 -> in and of here just because we're
15398.64 -> limited for space but don't worry we'll
15400 -> follow that up with the next slide here
15402 -> so there are two people that are
15403.439 -> responsible or two
15404.96 -> organizations that are responsible the
15406.479 -> customer and aws and on investors side
15409.52 -> they're going to be responsible for
15411.199 -> anything that is physical so we're
15413.04 -> talking about hardware global
15414.64 -> infrastructure so the regions the
15416.56 -> availability zones the edge locations
15418.72 -> the physical security so think of all
15420.96 -> that hardware that's there those data
15422.56 -> centers um everything like that then
15425.12 -> there's also software the services that
15427.439 -> they're offering and so
15429.199 -> you know this extends to all their
15430.399 -> services but generally it breaks down to
15432 -> the four core and so we're talking about
15433.52 -> compute storage database and networking
15436.56 -> okay and when we say networking we're
15438.159 -> talking about like physically setting up
15440.239 -> the wires and also you know the software
15442.239 -> to set up the routing and all that kind
15443.76 -> of stuff there
15445.04 -> now looking at the customer side of it
15447.199 -> they're responsible for configuration of
15449.04 -> managed services or third-party software
15451.52 -> so the platforms they use so whether
15454 -> they choose to use a particular type of
15455.76 -> os
15456.72 -> the applications so if they want to use
15458.88 -> like ruby on rails uh iam so identity
15461.76 -> and access management so if you uh
15464.08 -> create a user and you grant them
15466.159 -> permissions if you give them things
15467.359 -> they're not supposed to have access to
15468.479 -> that's on you right then there's
15470.239 -> configuration of virtual infrastructure
15472.159 -> and systems so that would be choosing
15473.6 -> your os that would be the networking so
15476.88 -> there could be networking on the um
15479.92 -> the virtual machines themselves or we
15481.68 -> could be talking about cloud networking
15483.279 -> in this case then there are firewalls so
15485.52 -> we're talking about virtual firewalls
15486.96 -> again they could be on the virtual
15488.159 -> machine or it could be configuring like
15490.319 -> knuckles or security groups on aws then
15492.88 -> there's security configuration of data
15495.12 -> uh and so there is client-side data
15497.359 -> encryption so if you're moving something
15498.64 -> from s3 from your local machine to s3
15501.279 -> you might need to encrypt that first
15502.72 -> before you send it over then there's
15504.319 -> server side encryption so that might be
15506 -> turning on server-side encryption within
15508.239 -> s3 or turning it encryption on your ebs
15511.12 -> volume then there's networking traffic
15513.6 -> protection so you know that's turning on
15515.92 -> vpc flow logs so you can monitor them
15518.08 -> turning on aws guard duties so that it
15520.479 -> can detect anomalies with your traffic
15522.56 -> or or activities within your
15525.68 -> aws account and then there's customer
15527.359 -> data so that's the data that you upload
15529.52 -> on the behalf of your customers or
15531.12 -> yourself and what you decide to um you
15534.72 -> know like what levels of sensitivity
15536.72 -> that you want to lock it down do you
15537.84 -> want to use amazon macy to
15540.319 -> see if there's any public facing uh
15542.399 -> personally identifiable information
15543.68 -> that's up to you so there's a lot here
15546.239 -> and honestly it's a lot easier than you
15548.399 -> think um instead of thinking about this
15550.399 -> big diagram what i do is i break it down
15552.399 -> into this and so we have the in and the
15554.64 -> oven that's what i said i could not fit
15556.239 -> on the
15557.52 -> previous slide there but the idea is
15559.279 -> customers are responsible for the
15560.96 -> security in the cloud so that's your
15563.68 -> data and configuration so if it's data
15566 -> that's residing on there or is this
15567.199 -> something you can configure you are
15568.8 -> responsible for it on the adaba side
15571.359 -> they are responsible for the security of
15573.52 -> the cloud so if it's anything physical
15575.68 -> or hardware the operation of managed
15577.359 -> services or global infrastructure that's
15579.359 -> going to be on them and this in and of
15581.84 -> thing is very important for the exam so
15583.92 -> you should absolutely know the
15584.96 -> difference between the two this is kind
15586.479 -> of an aws concept i don't see any other
15588.399 -> cloud service provider talking about in
15589.84 -> and of uh so you definitely need to know
15592 -> it okay
15593.24 -> [Music]
15597.68 -> so one variant we might see for the
15600.08 -> uh shared responsibility model would be
15602.399 -> on the types of cloud computing this
15604.239 -> could also be applicable to the types of
15607.04 -> deployment models but we're doing types
15608.88 -> of cloud computing here and so we have
15610.96 -> the customer's responsibility and then
15612.64 -> the cloud service provider's
15613.76 -> responsibility so we're seeing
15615.04 -> on-premise
15616.399 -> infrastructure as a service platform as
15618.88 -> a service and software as a service and
15621.68 -> so when you are on-prem you're basically
15625.04 -> responsible for everything apps data
15627.6 -> runtime middleware os virtualization
15629.92 -> servers storage networking basically
15632.479 -> everything and just by adopting the
15635.199 -> cloud you're almost cutting your
15636.56 -> responsibilities in half here so now the
15639.199 -> cloud service provider is going to be
15640.72 -> responsible for the physical networking
15643.439 -> uh the physical storage those physical
15645.84 -> servers and because they're offering
15648.239 -> virtual machines to you they're setting
15649.84 -> up a hypervisor
15651.6 -> on your behalf so virtualization is
15653.439 -> taken care for you and so um you know if
15656.239 -> you launch an ec2 instance you know
15658.56 -> you're going to have to choose the os
15659.92 -> that's why you're responsible whatever
15661.279 -> middleware there the run time so
15663.04 -> whatever kind of programs you install on
15665.12 -> it
15665.92 -> the data that resides on it and any kind
15667.84 -> of like major applications okay
15670.56 -> then we have platform as a service uh
15673.199 -> and so you know the cloud service
15674.88 -> provider is gonna take even more
15676.239 -> responsibility there so when we're
15677.76 -> talking about this we're thinking like
15678.88 -> abos elastic bean stock right so you
15681.199 -> know the you just choose what you want
15683.279 -> and it's all managed so you might say i
15684.96 -> want a ruby on a rail server but you're
15686.88 -> not saying what os you need um you're
15689.52 -> not
15690.479 -> saying exactly you might say what
15692.319 -> version of ruby you want but you don't
15693.6 -> have to manage it if it breaks
15695.76 -> or it might be managed updates and
15697.279 -> things like that the last thing here is
15699.04 -> like software as a service and this is
15701.68 -> something where the csp is responsible
15703.76 -> for everything so if you're thinking of
15705.439 -> a software as a service think of like
15707.439 -> microsoft word where
15709.439 -> you're just writing uh you know writing
15712.08 -> stuff in there and you know you you are
15715.04 -> responsible for where you might choose
15716.56 -> to store your data but the data is like
15719.199 -> still handled by the cloud service
15721.04 -> fighter because you know it's on the
15722.56 -> cloud so on their servers right
15725.12 -> so yeah hopefully that gives you kind of
15726.64 -> an idea across types of cloud
15728.96 -> computing responsibilities
15730.89 -> [Music]
15735.76 -> all right so what i want to do here is
15737.359 -> just shift the lens a bit and look at
15739.359 -> the shared responsibility model if we
15741.12 -> were just
15742.319 -> observing a subset of cloud services
15744.96 -> such as compute and so we're going to
15747.359 -> see infrastructure as a service platform
15749.439 -> as a service software as a service and
15751.279 -> now we have function as a service and so
15753.12 -> that's what i mean when we shift the
15754.64 -> lens we get new information
15756.88 -> and so you can just see that you really
15758.159 -> don't want to look at this from one
15759.92 -> perspective okay so starting at the top
15762.08 -> here we have bare metal uh and so abs's
15764.64 -> offering is called the ec2 bare metal
15766.8 -> instance and this is where you basically
15769.439 -> get the whole machine uh you can
15771.359 -> configure the entire machine with with
15773.199 -> the exception of the physical machine
15774.72 -> itself so as the customer you can
15776.479 -> install the host os
15779.12 -> the host os so the operating system that
15781.52 -> runs on the physical machine and then
15783.439 -> you can install your own hypervisor um
15786.08 -> and then awesome is going to be
15787.04 -> responsible for the rest the physical
15788.8 -> machine now normally the next step up
15790.8 -> would be dedicated but dedicated doesn't
15793.68 -> exactly give you more responsibility it
15795.439 -> gives you more assurance because it's a
15797.52 -> single tenant virtual machine and that's
15799.92 -> why i kind of left it out here but we'll
15802 -> see it in the next slide that it is kind
15803.6 -> of on the model and shares the same spot
15805.52 -> as uh ec2
15807.359 -> but ec2 is a virtual machine and so um
15810.96 -> here the customer is responsible for the
15813.92 -> guest os so that means that you can
15816.08 -> choose what os you want whether it is
15818 -> ubuntu or debian or windows but that's
15821.52 -> not the actual os that is running on the
15823.359 -> physical machine and so you're not going
15825.359 -> to have control of that aws is going to
15827.04 -> take care of that then there's the
15828.56 -> container runtime so you know you you
15831.279 -> can install docker on this or any kind
15833.84 -> of container layer that you want um so
15836.239 -> that's another thing that you can do so
15837.76 -> aws is going to be responsible for the
15839.279 -> hypervisor uh the physical machine and
15841.6 -> the host os all right
15844.159 -> then looking at containers it just has
15846.159 -> more than one offering for containers
15847.68 -> but we'll just look at ecs here and so
15851.12 -> this is where you are going to
15853.68 -> have uh you don't you don't install the
15855.92 -> guest os right the guest os is already
15858.159 -> there for you what you are going to do
15860.479 -> is choose your configuration of
15862.239 -> containers you're going to
15864.399 -> deploy your containers you're going to
15866.72 -> determine where you need to access
15868.56 -> storage for your containers or attach
15870.479 -> storage to your containers and databus
15872.479 -> is going to be responsible for
15874.239 -> the guest os
15876.159 -> the there might not even be a guest os
15878.399 -> but they're the host os the guest os the
15881.6 -> hypervisor the container runtime and
15884.319 -> you're just responsible for your
15885.76 -> containers okay
15887.199 -> then going to the next level here we
15888.72 -> have platform as a service and so this
15891.439 -> one also is a little bit odd where it
15893.279 -> fits um because the thing is is that
15895.76 -> this could be using anything underneath
15897.76 -> it could be using containers it could be
15899.68 -> using virtual machines
15901.68 -> and so that's where it doesn't exactly
15903.439 -> fit well on a linear graph but let's
15905.12 -> just take a look at some things here so
15907.199 -> this is where you're just uploading your
15908.8 -> code
15909.84 -> you have some configuration of the
15911.439 -> environment you have options of
15913.12 -> deployment strategies
15914.96 -> the configuration of the associated
15916.479 -> services and then a bus is going to be
15918.159 -> responsible for the servers the os the
15920.399 -> networking the storage the security so
15922.64 -> it is taking on more responsibility than
15924.64 -> infrastructure as a service um uh
15927.199 -> whereas you know
15928.72 -> aws is just gonna be responsible for
15930.08 -> that so if it's a virtual machine that's
15931.84 -> being under uh under the use their
15933.76 -> business is going to be responsible for
15935.04 -> this customer stuff okay you're not if
15937.04 -> it's containers that abuse is going to
15938.399 -> be responsible for this but it just
15940 -> depends on how that platform as a
15941.359 -> service is set up actually the way
15943.199 -> elastic bean stock is set up is that you
15945.04 -> actually have access to all that
15946.479 -> infrastructure and you can fiddle with
15948.08 -> it and so in that case uh whereas like
15950.479 -> if you were to use heroku which is a a
15952.88 -> third-party provider
15954.319 -> you know they would take care of all
15955.6 -> this stuff up here um and so you would
15957.68 -> not have to worry about it but on aws
15959.439 -> you actually are responsible for uh the
15962.159 -> underlying infrastructure because you
15964 -> can you can configure it you can touch
15965.76 -> it so that's where you know again these
15967.6 -> do not fit perfectly and you can't look
15969.52 -> at platform as a service meaning that um
15971.68 -> you're not responsible for certain
15973.439 -> things it really comes down to the
15975.04 -> service offering okay then we're taking
15977.04 -> a look at software as a service so on
15978.56 -> aws
15979.76 -> this is going to be something like um
15981.6 -> amazon work docs which is i believe a
15983.92 -> competitor
15985.199 -> not a very popular competitor but a
15986.88 -> competitor to
15988.239 -> microsoft sharepoint and this is for
15989.92 -> content collaboration says the customer
15992.159 -> you're responsible for the contents of
15993.68 -> the document management of the files
15995.439 -> configuration of sharing access controls
15997.84 -> and the database is responsible for the
15999.199 -> servers the os networking the the
16001.04 -> storage the security and everything else
16003.199 -> so you know if you use the microsoft
16004.72 -> word doc and you type stuff in it you
16006.479 -> say where to save it that's what you're
16007.52 -> responsible for okay the last one here
16009.68 -> on the list is our uh functions here and
16012.239 -> so aws's offer is it was lambda and so
16015.279 -> as the customer all you're doing is
16016.64 -> you're uploading your code and database
16018.399 -> is going to take care of the rest so
16019.68 -> deployment container runtime networking
16021.439 -> storage security physical machine
16023.199 -> basically everything um
16026.08 -> and so you're really just left to
16028.08 -> develop okay so you know hopefully that
16030.319 -> gives you kind of an idea and again you
16032 -> know we could have thrown in a few other
16033.68 -> services like what we could not fit on
16035.6 -> this slide here was
16037.359 -> um
16038.64 -> it was fargate which is a serverless
16041.52 -> container as a function or sorry
16043.52 -> serverless serverless container as a
16045.68 -> service or container as a service so
16047.92 -> you know that has its own unique
16049.279 -> properties in the model as well okay so
16051.84 -> let's just have kind of a visualization
16053.52 -> on a linear graph here so we have the
16055.12 -> customer's responsibility on the
16056.399 -> left-hand side and it was a
16057.76 -> responsibility on the right and we'll
16059.199 -> look at our broad category so we got
16060.72 -> bare metal dedicated virtual machines
16063.199 -> containers and functions and so no
16066.399 -> matter
16067.68 -> which
16068.96 -> type of compute you're using you're
16070.319 -> always responsible for your code for
16073.199 -> containers you know if uh you know like
16076.56 -> uh the functions when you're using
16078.08 -> functions there are pre-built containers
16080.319 -> so you'd say i want to use ruby and
16082.96 -> there's a ruby container and you don't
16084.56 -> have to configure it but obviously um
16086.88 -> you know when you're using container
16088.08 -> service you are configuring that
16089.199 -> container you are responsible for it for
16092 -> virtual machines you know you're
16093.76 -> responsible for the run time so you can
16095.52 -> install a container runtime on there or
16097.84 -> install a bunch of different packages
16099.279 -> like ruby and stuff like that
16101.279 -> the operating system you have control
16103.04 -> over in the virtual machines for the
16104.64 -> dedicated and we saw with bare metal you
16106.88 -> have both uh controls of the host os and
16109.84 -> the guest os and then only bare metal
16112.399 -> allows you to have control of the
16113.92 -> virtualization where you can install
16115.279 -> that hypervisor so hopefully that gives
16117.359 -> you an idea of compute and databases
16119.76 -> offering there and also kind of how
16121.279 -> there's a lot of little caveats when
16122.96 -> we're looking at the shared
16123.92 -> responsibility model okay
16128.99 -> [Music]
16130.159 -> all right so i have one more variant of
16131.92 -> the share responsibility model and this
16133.6 -> one is actually what is used by google
16135.76 -> so um we're going to apply to aws and uh
16138.399 -> see how it works so let's just kind of
16140.319 -> redefine shared responsibility model or
16142 -> just in a slightly different way so we
16143.359 -> fully understand it so the share
16145.12 -> responsibility model is a simple
16146.64 -> visualization that helps determine what
16148.72 -> the customer is responsible for and what
16150.96 -> the csp is responsible for related to
16153.12 -> aws and so across the top we have
16155.439 -> infrastructure service platform as a
16157.439 -> service software as a service but
16159.199 -> remember there's other ones out there
16160.399 -> like function as a service it's just not
16161.76 -> going to fit on here
16163.68 -> okay so and then along the side here we
16166.72 -> have content access policies usage
16169.359 -> deployment web application security
16172.159 -> identity operations access and
16174.56 -> authentication
16176 -> network security remember that's cloud
16177.68 -> networking security the guest os data
16179.92 -> and content audit logging now we have
16182.64 -> the actual traditional networking or
16184.239 -> physical networking storage and
16185.92 -> encryption and here we're probably
16187.92 -> talking about the physical storage
16190 -> hardened kernel ipc
16192 -> uh the boot the hardware and so then
16195.199 -> here we have our bars so we have the
16197.359 -> csp's responsibility and the customers
16199.04 -> responsibility so when we're looking at
16200.8 -> a sas software as a service
16203.04 -> uh the customer is gonna be responsible
16204.56 -> for the content remember like think of
16206.239 -> like a word processor you're writing the
16207.52 -> content the access policies like say i
16209.359 -> want to share this document with someone
16211.04 -> the usage like how you utilize it can
16213.279 -> you upgrade your plan things like that
16215.68 -> then next on our list here is platform
16217.52 -> as a service so generally uh you know
16220.159 -> platform is a services for developers to
16222.72 -> develop and deploy applications and so
16225.359 -> they will generally have more than one
16226.88 -> deploy strategy
16228.399 -> and uh you know there might be some cost
16230.319 -> saving measures to choose like uh you
16232.64 -> might have to pay additional for
16233.92 -> security uh or you or it's up to you to
16236.319 -> configure in a particular way or you
16237.92 -> might have to integrate it with other
16239.199 -> services
16240.319 -> uh and you know we saw that pass is not
16242.56 -> a perfect uh definition or fit because
16245.04 -> you know when we look at elastic bean
16246.399 -> stock if you have access to those
16248.239 -> resources and you can change them
16249.84 -> underneath then you might have more
16252.08 -> responsibility there than you think that
16253.68 -> you would
16254.84 -> okay the next one here is infrastructure
16257.52 -> as a service and so this is extending to
16259.439 -> identity so who's allowed to uh you know
16262.88 -> log into your aws account
16265.52 -> operations the things that they're
16267.199 -> allowed to do in the account access and
16268.8 -> authentication do they have to use mfa
16271.68 -> things like that network security
16273.359 -> obviously you can configure the security
16275.279 -> of your cloud infrastructure or cloud
16277.6 -> network um you know so you know do you
16280.479 -> isolate everything a single vpc how do
16282.56 -> you set up your security groups things
16283.84 -> like that
16284.96 -> we know with virtual machines you can
16286.319 -> set up the guest os there's data and
16288.239 -> content but remember that bare metal is
16290.56 -> part of the uh infrastructure service
16292.479 -> offering and so that's where we'd see
16294.319 -> hardware or not hardware but you'd have
16296.399 -> the host of the host os or
16298.479 -> virtualization and so this again is not
16300.96 -> a perfect representation
16302.8 -> but it generally works okay and then
16304.88 -> last and list there or just
16307.04 -> looking at what the aws is responsible
16309.6 -> for auto logging so of course database
16311.92 -> has cloudtrail which is for uh
16314.8 -> logging api um events but auto logging
16318.64 -> could be things that are internally
16320.399 -> happening with those physical servers
16322.319 -> then the networking the physical storage
16324.8 -> hardening the kernel airbus has i think
16326.399 -> what's called the nitro system where
16327.76 -> they have like a security chip that's uh
16330.159 -> installed on all their servers then it's
16333.04 -> the the boot os uh and then the hardware
16335.6 -> itself okay
16337.04 -> so just remember the customer is
16338.479 -> responsible for the data and
16340.479 -> configuration of access controls that
16342.399 -> reside in aws so if you can configure it
16345.199 -> or you can put data on it you're
16346.96 -> responsible for it okay the customer is
16349.199 -> responsible for the configuration of
16350.96 -> cloud services and granting access to
16352.64 -> users via permissions right so if you
16355.199 -> give
16356.399 -> one of your employees access to do it
16359.04 -> you know even if it's their fault it's
16360.88 -> your fault so remember that
16363.439 -> again the csp is generally responsible
16365.199 -> for the underlying infrastructure we say
16367.199 -> generally because you know there's edge
16368.8 -> cases like bare metal and coming back to
16371.439 -> aws is in the cloud and of the cloud so
16374.159 -> in the cloud so if you configure it or
16376.239 -> store it then you the customer are
16377.84 -> responsible for it and of the cloud if
16379.92 -> you cannot configure it then the csp is
16382.56 -> probably responsible for it okay
16385.31 -> [Music]
16389.68 -> hey this is andrew brown from exam pro
16391.6 -> and we are looking at the shared
16392.561 -> responsibility model from the
16393.68 -> perspective of architecture and if
16396.48 -> you're getting sick of share
16397.359 -> responsibility model don't worry i think
16398.879 -> this will be the last uh slide in this
16400.879 -> section but let's take a look here so uh
16403.279 -> we have uh
16404.799 -> less responsibility more responsible at
16406.561 -> the bottom so what we have down here is
16408.4 -> traditional or virtual machine
16410.4 -> architecture so global workforce is most
16412.879 -> familiar with this kind of architecture
16414.4 -> and there's lots of documentation
16415.6 -> frameworks and support so maybe this
16417.439 -> would be using elastic beanstalk with
16418.879 -> platform as a service or using ec2
16421.039 -> instances alongside with auto scaling
16423.119 -> groups code deploy
16425.68 -> load balancers things like that the next
16427.6 -> level here is micro services or
16429.52 -> containers this is where you mix and
16431.039 -> match languages better utilization of
16432.799 -> resources so maybe you're using fargate
16434.719 -> which is serverless containers or
16436.32 -> elastic container service or elastic
16438.32 -> kubernetes service for containers on the
16441.199 -> top here we have serverless or commonly
16443.359 -> with functions as a service so there are
16445.68 -> no more servers you just worry about the
16447.199 -> data
16448.32 -> and the code right so literally just
16450.32 -> functions of code and so you could be
16452.08 -> using the amplify serverless framework
16453.84 -> or maybe able lambda for creating
16456.08 -> serverless architecture so there you go
16458.29 -> [Music]
16462.4 -> hey this is andrew brown from exam pro
16464.32 -> and we're looking computing services and
16466.24 -> before we jump into uh the entire suite
16469.199 -> of computing services database have
16470.879 -> let's just talk about ec2 for a moment
16473.039 -> which allows you to launch virtual
16474.561 -> machines so what is a virtual machine
16477.039 -> well a virtual machine or vm is an
16479.279 -> emulation of a physical computer using
16481.279 -> software server virtualization allows
16483.52 -> you to easily create copy resize or
16485.6 -> migrate your server multiple vms can run
16488.24 -> on the same physical server so you can
16489.84 -> share the cost with other customers so
16491.76 -> imagine if your server or computer was
16493.6 -> an executable file on your computer okay
16496.16 -> so that's the kind of way you want to
16497.52 -> think about it when we launch a vm
16500.48 -> we call it an instance and so ec2 is
16502.879 -> highly configurable server where you can
16504.48 -> choose the ami so the amazon machine
16506.639 -> image that affects options such as
16508.799 -> amount of cpus or vcpus virtual cpus
16512 -> amount of memory so ram the amount of
16514.561 -> network bandwidth the operating system
16516.799 -> so whether it's windows ubuntu amazon s2
16520.561 -> the ability to attach multiple virtual
16522.561 -> hard drives for storage so elastic block
16525.119 -> store
16526.16 -> um and so the amazon machine image is a
16528.4 -> predefined configuration for a vm so
16530.719 -> just remember that
16532.08 -> and so ec2 is also considered the
16534.24 -> backbone of aws because the majority of
16536.4 -> services are using ec2 as the underlying
16538.719 -> servers whether it's s3 rds dynamodb or
16541.68 -> lambdas that is what it's using so
16544.24 -> um what i say also is just because when
16546.48 -> we talk about the aws network that is
16548.08 -> the backbone for
16549.439 -> global infrastructure
16551.199 -> and the networking at large and so ec2
16553.52 -> is for the services okay
16556.75 -> [Music]
16561.68 -> hey this is andrew brown from exam pro
16563.52 -> so we just looked at what ec2 is but
16565.359 -> let's look at more of the broader
16566.879 -> services for computing and these are the
16568.561 -> more common ones that you'll come across
16570.879 -> there's definitely more than just what
16572.32 -> we're going to see on the single slide
16574 -> here so break this down with virtual
16575.76 -> machines containers and then serverless
16577.439 -> for virtual machines remember that's an
16579.199 -> emulation of a physical computer using
16580.959 -> software and ec2 is the main one
16584.08 -> but for our vm category we have amazon
16586.879 -> light sale this is a managed virtual
16588.719 -> server service it is the friendly
16590.879 -> version of ec2 virtual machines so when
16592.719 -> you need to launch a linux or windows
16594.719 -> server but you don't have much invoice
16596.16 -> knowledge you could launch a wordpress
16598.08 -> here and you could hook up your domain
16600.561 -> and stuff like that
16602 -> so this is a very good option for
16603.68 -> beginners we have containers so
16605.439 -> virtualizing an operating system or os
16608.08 -> to run multiple workloads on a single os
16610.4 -> instance so containers are generally
16611.92 -> used in microservice architecture when
16614.4 -> you divide your application into smaller
16616.4 -> applications that talk to each other so
16618.48 -> here we would have ecs elastic container
16620.719 -> service this is a container
16622.4 -> orchestration service that supports
16624.16 -> docker containers
16625.6 -> launches a cluster of servers on these
16627.359 -> two instances with docker installed so
16628.959 -> when you need docker as a service or you
16631.199 -> need to run containers we have elastic
16633.76 -> container registry ecr this is a
16635.92 -> repository of container images so in
16638.16 -> order to launch a container you need an
16640.561 -> image an image just means a safe copy a
16643.279 -> repository just means a storage that has
16646.561 -> version control we have ecs fargate or
16650.08 -> just fargate now people are kind of
16651.76 -> forgetting that it's it runs on ecs
16653.76 -> these days that's why i have it in there
16655.68 -> it is a service orchestration container
16658.08 -> service is the same as ecs
16660.799 -> accept you pay on demand per running
16663.68 -> container so with ecs you have to keep a
16666.48 -> ec2 server running even if you have no
16669.039 -> containers running so it is manages the
16671.119 -> underlying server so you don't have to
16673.039 -> scale or upgrade the ec2 server so
16675.199 -> there's the advantage over ecs okay then
16678.24 -> we have elastic kubernetes service eks
16680.639 -> this is a fully managed community
16682.16 -> service criminal or so kubernetes
16684.719 -> commonly abbreviated to k8 is an open
16686.719 -> source orchestration software that was
16688.959 -> created by google as generally the
16691.119 -> standard for managing microservices so
16693.199 -> when you need to run kubernetes as a
16695.039 -> service then we have serverless
16696.799 -> categories so when the underlying
16698.32 -> servers are managed by device you don't
16700.639 -> worry or configure servers soybes lambda
16703.279 -> is a servless function service you can
16705.52 -> run code without provisioning or
16706.799 -> managing servers you upload small pieces
16709.039 -> of code choose much uh how much memory
16711.279 -> how long you want the function to run is
16713.439 -> allowed to run before timing out and you
16715.359 -> are charged based on the runtime of the
16716.879 -> service function rounded to the nearest
16718.48 -> 100 milliseconds so there you go
16720.869 -> [Music]
16724.959 -> hey this is andrew brown from exam pro
16726.719 -> and what i want to do is just show you a
16728.32 -> variety of different computing services
16730.08 -> on aws so i'm going to try to launch
16731.84 -> them and we're not going to do anything
16733.76 -> with them i'm just going to simply
16734.639 -> launch them okay so the first i want to
16736.561 -> show you is ec2 and by the way we will
16738.959 -> go more in depth and ec2 later on in
16740.959 -> this course here
16742.24 -> but what i'm going to do is go ahead and
16743.92 -> launch the instance don't worry about
16745.439 -> all this stuff but just choose the
16746.719 -> amazon linux 2 so it's in the free tier
16749.359 -> all right we're going to choose an
16750.4 -> instance type of a t2 micro so that's
16752.4 -> part of the free tier it's going to be
16754.32 -> set as one all these options are fine i
16756.48 -> want you to go ahead and review and
16757.6 -> launch we're going to launch
16759.68 -> and i don't want to generate any key
16761.76 -> pair i'm going to proceed without a key
16763.199 -> pair i'm going to acknowledge that
16765.039 -> because i don't want it and that's all
16766.799 -> there is to launching an ec2 instance
16769.359 -> and so i can go here and view my
16770.719 -> instances
16771.92 -> and what you'll see is it's pending okay
16775.439 -> and usually it has like a little
16776.959 -> spinning icon maybe they've updated it
16778.798 -> since then
16780.718 -> so i go here it's hard to see because
16782.798 -> there's all these terminated ones but i
16784.56 -> don't need to do anything with it i just
16785.76 -> wanted to show you the actions that
16787.52 -> you'd have to do to launch it actually
16789.2 -> we'll leave it alone maybe we'll see it
16790.798 -> when it's launched the next one i want
16792.08 -> to show you is
16793.52 -> elastic container service
16795.84 -> um and wow this this is all let's go
16798.638 -> let's get the new experience please
16800.878 -> that's so old
16802.48 -> okay check box that on
16805.28 -> and we'll hit get started
16807.28 -> and we'll say create a cluster
16810 -> and we have some options here networking
16811.76 -> only ec2 linux plus networking uh
16815.28 -> for use with either aws fargate or
16817.68 -> external windows
16819.12 -> um
16821.6 -> this is if you're doing fargate which
16823.44 -> we're not doing right now fargate is
16825.12 -> part of elastic container service it
16826.798 -> used it well it used to be it is called
16829.28 -> ecs fargate but it was markets it as a
16831.6 -> separate service we'll go to next we'll
16833.84 -> say my ecs cluster
16836.56 -> um we can create an empty cluster but
16838.24 -> that would make it a fargate cluster
16839.6 -> which we don't want there's an on-demand
16841.52 -> server look it's m6i large if you're
16844.4 -> very afraid of a lot of spend here you
16846.56 -> don't have to do this you can just watch
16848.08 -> me do it and just learn
16849.68 -> well what i'm going to do is try to find
16851.12 -> something super cheap so i want a t2
16853.36 -> micro or a t3 micro t2 micro is part of
16856.08 -> the free tier i don't know if we get to
16858.638 -> choose t2 anymore in here they might not
16860.56 -> let you
16863.12 -> there it is
16864.4 -> but you know t3 micro is great too i
16866.16 -> just
16866.878 -> whatever says it's free that's what i'm
16868.48 -> going to go for
16869.6 -> number of instances one the amazon linux
16872 -> version is fine i don't care about a key
16874 -> pair
16874.82 -> [Music]
16876.32 -> use existing vpc i don't want to have to
16878.24 -> make a new one select the existing ones
16880.958 -> okay
16883.92 -> let it create a new security group
16885.6 -> that's totally fine
16887.2 -> allow those to be fine create a new role
16889.36 -> that's fine create
16892.878 -> okay
16894.24 -> and so that's going to create ourselves
16895.76 -> a cluster
16897.52 -> i'm going to just make a new tab here
16898.718 -> let's just check on our ec2 instance
16902.638 -> and so if we look at our ec2 instance it
16904.718 -> is running
16905.92 -> okay great so it has a private ip
16908.56 -> address it has a public ip address all
16911.36 -> right
16912.638 -> there's not much we can do with it i
16913.76 -> can't even log into it because we didn't
16915.12 -> generate it out of key pair a lot of
16916.48 -> times you want to name these things so
16917.84 -> let's go here name it my server okay
16922.4 -> go back to our ecs instance and the
16924.798 -> cluster is ready so we'll go here and oh
16928.56 -> nice we got a new ui and so if we wanted
16930.718 -> to deploy something as a service or a
16933.12 -> task
16934.56 -> um
16936.56 -> we would need to
16938.32 -> create a template like a task definition
16940.56 -> file
16943.04 -> uh they don't have a new ui for this
16944.48 -> you're being redirected to the previous
16945.84 -> version console because this isn't
16947.2 -> available in the new experience yet of
16948.798 -> course it isn't so we can create a new
16950.32 -> task definition file that's what's used
16952.16 -> to run it it's basically like a docker
16953.92 -> file compose file whatever you want um
16956.08 -> we have fargate or ec2 we are doing ecs
16958.958 -> so we're going to have to do ec2 so
16960.32 -> we'll say my ecs
16962.24 -> task def file
16964.4 -> um task role
16966.4 -> optional i am role i don't need one
16968.08 -> network mode i don't care
16970.878 -> and then this is the idea is that
16972.24 -> because a container allows you to use up
16974.798 -> a particular amount of the
16977.04 -> thing we don't have to use all of the
16978.24 -> memory so we should look up what a t2
16980.4 -> micro is
16981.92 -> because i don't even remember what size
16983.84 -> it is okay t2 micro aws
16986.638 -> so we go here we look at the instance
16988.24 -> types
16989.44 -> and we're gonna flip over to t2
16991.68 -> and it says that it's one vcpu
16994.878 -> one gigabyte of memory so what i'll do
16997.76 -> one
16998.718 -> yeah one okay that's fine so what we
17001.6 -> want and this is in megabytes so we'll
17003.52 -> say 500 megabytes
17005.76 -> and um
17007.12 -> i don't know if we can do less than one
17008.638 -> but i'm going to do one here
17013.52 -> the task cpu must be an integer greater
17016 -> than or equal to 128 okay fine 128. oh i
17018.878 -> guess it's 1024 would utilize the whole
17020.798 -> thing so i could say 512
17023.6 -> okay
17025.04 -> and this is where we would add our
17026.638 -> container
17028.24 -> so
17029.52 -> i don't do this every day so i don't
17031.36 -> remember how to do this we'll say my
17033.2 -> container
17035.04 -> and i need a repository here so i need
17037.2 -> like docker hub hello world
17042.32 -> okay i don't care what it is i just need
17044.24 -> a image that's simple
17048.56 -> and i'm looking for the address here
17052 -> um
17056.24 -> i'm hoping that's just this
17059.28 -> docker hub url
17065.44 -> so it'd be something like this right
17066.798 -> docker io probably
17068.638 -> docker io docker image
17070.958 -> docker hub url in ecs
17080 -> okay it goes to show how often i'm
17081.76 -> launching these things
17083.36 -> so repository url
17085.68 -> docker image so i think that what we're
17087.6 -> going to do here
17091.6 -> hmm
17094.638 -> i would really just like the url please
17098 -> reviews
17100.48 -> tags
17102.08 -> where is it
17104 -> where is it it's somewhere here right
17109.2 -> uh
17110.878 -> uh
17113.28 -> well let's just try it we'll go and
17115.92 -> we'll type in
17117.36 -> says image and tag so docker dot io
17122.16 -> hello world i really need an image id
17125.28 -> image url hello world
17129.04 -> docker hub
17131.84 -> they're not making my life easy here
17133.2 -> today
17138.798 -> anything i just want to see like a
17140.32 -> single example
17141.84 -> docker dot io
17146.958 -> docker io
17150.638 -> url examples
17154 -> ecs
17156.08 -> this is what it's like you know this is
17157.6 -> what you're going to be doing if you are
17160 -> um you know a cloud engineer you're
17161.68 -> going to be googling a lot and just
17163.04 -> trying to find examples
17164.84 -> here
17166.4 -> so here it says docker io the name the
17168.48 -> hostname
17169.68 -> okay so we'll just try it okay so i
17171.84 -> think that
17172.798 -> the the
17174.32 -> the name here is underscore and then
17176.638 -> it's hello world and that's what's
17177.84 -> throwing me off here right docker io
17184.48 -> just hold on here
17187.12 -> repository url and then there's the tag
17190.56 -> i don't know if like is the tag gonna be
17192.08 -> like latest view available tags
17195.36 -> latest okay so what i'll do here
17199.28 -> and that's the thing you have to have a
17200.4 -> lot of confidence too so hard limit soft
17203.04 -> limit
17203.92 -> do i have to set it
17206.24 -> do i have to set any of these things can
17207.84 -> i just go to the bottom and hit add
17211.04 -> looks like i can
17213.6 -> okay so we'll scroll on down create
17217.12 -> we create our task definition file which
17218.878 -> is fine we're going to go back to our
17220.718 -> cluster it's going to bring us back to
17222.718 -> the new experience we're going to click
17224.638 -> into this cluster
17226.878 -> holy smokes uh we're going to hit deploy
17230.638 -> and we're going to choose service that
17232.798 -> means it's going to continuously run
17234.08 -> task means that when it's done running
17235.52 -> it ends we're going to choose our family
17237.92 -> or version that's the task definition
17239.6 -> file there
17240.638 -> it's not compatible with the selected
17242.08 -> compute strategy
17246.638 -> my task file
17251.52 -> what if i just choose task
17253.44 -> take that
17257.28 -> okay so maybe some you have to like code
17259.68 -> it so that it continuously runs i don't
17261.52 -> care we don't need to run a service here
17263.52 -> the selected task definition is not
17265.12 -> compatible with the selected compute
17266.4 -> strategy
17269.68 -> okay
17270.958 -> let's see why
17277.04 -> can you double check if you're using
17278.08 -> fargate strategy instead of the ec2 uh
17280.32 -> blog design for the ec2 strategy so
17282.718 -> probably what it's suggesting is that
17284.16 -> the strategy file i made is not for the
17286.4 -> right one here
17287.68 -> task definitions
17290.638 -> go back over here
17293.84 -> well what's wrong with it
17299.28 -> taskroll none
17301.12 -> my container so what i'm going to do
17303.44 -> because i don't trust this
17305.04 -> i'm going to go ahead and delete this
17307.6 -> can i delete this how do i delete this
17312.08 -> oh boy
17313.76 -> actions
17315.36 -> deregister deregister
17318.56 -> we'll create a new one and so it was has
17321.2 -> tools like it was copilot
17323.44 -> cli to make this a lot easier because
17325.52 -> you can see this is very frustrating but
17326.798 -> i chose this
17329.44 -> so my task def
17333.2 -> requires compatibility of ec2
17337.84 -> default
17341.12 -> 512 512
17345.44 -> add
17346.84 -> container we're going to
17351.12 -> uh was it docker dot io underscore
17356.24 -> what's it called hello world
17363.84 -> i will just say hello world here
17368.798 -> and we'll just say
17370.32 -> 512 which is fine i don't care about any
17373.28 -> port mappings i'm just reading it
17374.718 -> carefully here to see what it wants
17376.48 -> we'll say 512 maybe because i didn't
17378.16 -> specify them it's complaining
17381.44 -> this looks fine we'll hit add
17385.6 -> okay
17387.6 -> constraints type this all looks fine so
17389.6 -> we'll try this again
17391.92 -> and so we now have our file let's see we
17394.638 -> can just run this task from here
17397.28 -> ec2
17399.28 -> this is just another way to do it so we
17400.718 -> just choose the cluster this is actually
17401.92 -> a lot easier to do it this is old old
17404.638 -> old eh this is ugly
17407.28 -> and so now it launches so you know if
17409.12 -> you have trouble one way then just do it
17411.28 -> another way and sometimes it'll work
17413.36 -> here so i don't expect this task to
17415.36 -> really work in any particular way
17417.76 -> if it's pending that's fine if it fails
17419.52 -> it's fine if it's successful that's fine
17421.28 -> i don't care
17423.52 -> i just want to go through the motion so
17425.04 -> it was successful
17426.48 -> it ran and then it stopped
17428.638 -> i don't know if we could see like the
17429.68 -> output anywhere probably what it would
17431.76 -> do is it would log out something like
17434.4 -> into
17435.84 -> somewhere
17436.878 -> and so i don't know if like there's logs
17438.798 -> turned on for this if i go over to like
17440.48 -> cloud watch logs
17442.4 -> maybe i could see something
17445.52 -> a lot of these services will
17446.48 -> automatically create cloud watch logs so
17448.08 -> sometimes you can just go look at them
17449.68 -> there
17450.56 -> so we'll drop down we'll go to log
17452.08 -> groups here
17454.798 -> there is some stuff here um there's a
17456.958 -> couple that i created from before just
17458.798 -> go ahead delete those
17462.24 -> and so what i'm looking for is like ecs
17464.08 -> so no there's no logging happening here
17465.92 -> which is totally fine so that is ecs um
17468.638 -> for fargate it's pretty much
17470.638 -> the same the difference is that fargate
17472.878 -> is like it has to start up and run so
17475.2 -> it's a lot slower to watch
17477.84 -> okay
17479.12 -> and now let's go take a look at
17481.12 -> lambda
17482.718 -> okay
17484.16 -> so this is our serverless compute
17486.638 -> so go ahead and create ourselves a
17488.16 -> function uh we can start from a
17490.24 -> blueprint
17491.52 -> that doesn't sound too bad
17493.36 -> and i personally like ruby so no i'm not
17496.16 -> getting much here
17497.52 -> but we can do is look for something like
17500.48 -> hello do we have like a hello world
17504.08 -> there we go hello world and we'll click
17506.48 -> that we'll say my hello world
17510.718 -> uh it's going to create those
17511.6 -> permissions that's fine it's showing us
17513.2 -> the code it's very simple okay it's
17516.24 -> going to console log out these values
17518.48 -> not a very good hello world function
17519.84 -> doesn't even say hello world
17521.84 -> how can you call it a hello world
17523.12 -> function if it doesn't say hello world i
17524.878 -> don't understand
17526.56 -> so i'm going to go ahead and create this
17527.76 -> function usually doesn't take this long
17532.08 -> okay so uh here is our function here is
17535.28 -> our code notice that this is cloud9
17538.16 -> okay and you can even move that over to
17539.92 -> cloud9 they didn't have this button here
17541.52 -> before that's kind of cool i hit test
17543.68 -> they used to have it up here
17547.12 -> but i guess they wanted to make it more
17548.4 -> obvious so they moved it down here which
17549.76 -> is nice so what i can do is
17552.48 -> hit this oops my test
17554.958 -> it's going to send a payload here to the
17556.56 -> actual function and it's going to
17559.84 -> tell us if it worked
17563.76 -> okay so can i run my test
17566.32 -> go over here to test
17568.958 -> it changed a bit so i guess i created
17570.4 -> there it succeeded so i have my logs
17572.798 -> okay so it's going to output those
17574.638 -> values there
17575.92 -> so there are the three values which
17577.44 -> basically is nothing
17579.68 -> maybe you were supposed to set those an
17580.638 -> environment variable but you can see
17581.76 -> you're just uploading uh some code right
17584.56 -> it's just a bit of code it's not like a
17587.36 -> full app or anything so we
17589.36 -> launched an ec2 container we did a
17592.08 -> a um
17593.36 -> sorry an ec2 instance a container we did
17595.76 -> a serverless function there's other
17597.36 -> things like eks but that is really
17599.36 -> really hard to set up
17601.36 -> okay because you'd have to use like
17603.04 -> kubernetes commands and stuff like that
17605.12 -> and my kubernetes knowledge is always
17606.638 -> very poor um i'm just taking a peek here
17609.36 -> to see if they've updated it so yeah you
17610.798 -> create the cluster but like deploying it
17612.48 -> is
17613.52 -> forget it i'm just trying to think of
17615.04 -> there's anything else i kind of want to
17616.24 -> show you um no those are the main three
17618.958 -> i would say so i'm pretty happy with
17621.28 -> that um what i'm gonna do is
17624 -> go and kill all these things so we're
17625.52 -> gonna go over to lambda
17627.2 -> okay
17629.52 -> and i'm going to go ahead and delete
17631.12 -> this
17633.52 -> as you saw ecs was the hardest and no
17635.76 -> matter how many times i've built things
17637.84 -> in ecs and i've deployed full things on
17639.52 -> ecs i can't remember i always have so
17642.48 -> much trouble with task definition files
17644.32 -> it's unbelievable we'll go over to our
17646.24 -> cluster here
17649.68 -> and
17651.6 -> ecs cluster up here
17653.6 -> make sure you're not in the fargate
17654.798 -> cluster i know i'm clicking really fast
17656.24 -> but there's just so many things to click
17658.24 -> and i'm going to click into this cluster
17659.84 -> we're going to hit edit because this is
17661.44 -> running an ec2 instance right i need to
17663.36 -> destroy it
17664.638 -> um
17667.12 -> it just took me back to the old one here
17669.36 -> i want to delete no i want to delete the
17671.2 -> cluster
17672.24 -> click back here
17674.32 -> where do i delete it
17675.84 -> up here
17679.44 -> here
17680.958 -> i can't checkbox anything
17684.32 -> uh
17686.08 -> how do i
17688.08 -> delete this do i have to delete the task
17689.6 -> first maybe so we'll go here
17691.76 -> i mean it's already stopped there's
17693.12 -> nothing to do
17695.44 -> edit
17699.52 -> uh
17702.16 -> account settings
17705.52 -> wow this is confusing
17707.6 -> okay
17709.6 -> how to delete ecs cluster
17714.24 -> you gotta be kidding me i have to
17715.2 -> actually look this up so open the ses
17717.36 -> console from navigation in the
17718.958 -> navigation choose clusters
17721.28 -> and the new turn off the
17723.76 -> turn off new ecs experience and choose
17726 -> the old console the delete cluster
17727.6 -> workflow is not supported in the ec ecs
17730.08 -> console are you serious
17732.08 -> then why
17734.24 -> why do you have it like why even let
17736.08 -> people use the new experience if that
17737.6 -> you don't have all the functionality
17738.798 -> there um
17740.56 -> oh i was gonna give it feedback but it
17742 -> didn't let me here's it says uh
17744.718 -> i need to delete an ecs cluster
17752.84 -> no okay so i'm here
17756.878 -> there's my big ugly cluster
17759.84 -> delete cluster
17761.6 -> okay
17762.798 -> so yeah it's a struggle okay like things
17765.6 -> are always changing on me but you just
17767.52 -> have to have confidence and if you've
17768.798 -> done it a few times you know that you
17770.4 -> can do it
17771.68 -> right um and that's one of the biggest
17773.04 -> hang-ups to cloud i would say so it's
17774.958 -> going to take a few minutes apparently
17776.16 -> to delete the cluster as that is going
17777.92 -> let's go over to ec2
17780.16 -> i didn't close it i kept this tab open
17783.92 -> and uh
17785.2 -> there's our ec2 instance
17787.76 -> we can go ahead and terminate that
17789.44 -> instance terminate
17791.52 -> okay
17795.44 -> and
17797.12 -> if this says it's terminating then we're
17798.798 -> in good shape terminator shutting down
17800.56 -> that's fine
17801.84 -> and notice here that's the ecs instance
17803.6 -> just make sure you shut down the my
17805.28 -> server not the um the ecs instance
17807.68 -> because that's going to stop and so this
17809.36 -> has already terminated but if we go back
17810.958 -> here
17811.84 -> notice that it says that it's not done
17814.24 -> but clearly
17816.4 -> clearly has shut down
17819.04 -> okay
17820.638 -> so i'm going to wait here for a bit even
17822.4 -> though i know it's been deleted maybe
17823.92 -> it's deleting things like the auto
17825.2 -> scaling group so we go down below here
17828.32 -> right so that's probably what it's doing
17829.68 -> it's probably trying to destroy the auto
17830.878 -> scaling group
17832.718 -> but it doesn't show any here so it must
17834.16 -> have already destroyed it
17837.12 -> yeah so task services delete so i'll be
17839.92 -> back here in a bit but i know it's safe
17841.44 -> it's already deleted but i'll see you
17842.638 -> back here in a bit okay
17844 -> so i waited literally a second and it's
17846.56 -> now deleted so we deleted our lambda we
17849.12 -> deleted our oh did we delete our lambda
17853.12 -> good question
17855.28 -> now i'm not really worried about the
17856.638 -> lambda because
17858.24 -> i guess we did but i'm not really
17860.08 -> worried about it because um
17862.958 -> you know
17864.08 -> when it rests at idle it's not
17866.48 -> costing us anything where the ecs and
17868.4 -> the ec2 are backed by ec2 instances so
17871.44 -> we do have to shut those down okay and
17873.76 -> again remember you make sure you're in
17875.2 -> the correct region sometimes that gets
17876.958 -> flipped over and then you think those
17878.24 -> resources are gone but they're actually
17880.08 -> not they're just running in another
17881.28 -> region so
17882.958 -> there you go
17884.21 -> [Music]
17888.16 -> hey this is andrew brown from exam pro
17889.84 -> and we're taking a look at higher
17890.878 -> performance computing services on aws so
17893.04 -> before we do we've got to talk about the
17894.24 -> nitro system so this is a combination of
17896.32 -> dedicated hardware and lightweight
17898.32 -> hypervisor enabling faster innovation
17900.638 -> and enhanced security all new ec2
17902.718 -> instant types use the nitro system and
17904.638 -> the nitrous system is designed
17906.56 -> by aws okay so this is made up of a few
17909.44 -> things we have
17910.798 -> nitro cards
17912.24 -> these are specialized cards for vpcs ebs
17914.958 -> instant storage and controller cards you
17917.44 -> have nitro security chips these are
17919.12 -> integrated into the motherboard protects
17920.638 -> hardware resources and we have the nitro
17922.718 -> hypervisor this is the lightweight hyper
17924.798 -> visor memory and cpu allocation bare
17926.798 -> metal like performance there's also
17929.52 -> nitro enclaves but that's a bit out of
17931.92 -> scope here but that has to do with like
17933.36 -> ec2 isolation okay
17935.6 -> then we have bare metal instances so you
17937.28 -> can launch ec2 instances that have no
17939.2 -> hypervisor so you can run workloads
17941.28 -> directly on the hardware for maximum
17943.04 -> performance and control we have the m5
17945.6 -> the r5
17947.04 -> ec2 instances that can run bare metal
17949.12 -> there's other ones i believe i've seen
17950.638 -> as well but you know
17952.798 -> if you are running bare metal you can
17954.08 -> just go investigate at the time of okay
17956.32 -> we have bottle rocket this is a linux
17958 -> based open source operating system that
17959.76 -> is purpose built by adabus for running
17961.44 -> containers on vms or bare metal hosts
17965.12 -> then let's just define what hbc is so
17967.6 -> it's a cluster of 100 of thousands of
17970.24 -> servers with fast connections between
17972 -> each of them with the purpose of
17973.68 -> boosting computing capacity so when you
17976.08 -> need a super computer to perform
17977.68 -> computational problems too large to run
17980 -> on a standard computer or computers or
17982.958 -> would take too long this is where you
17984.958 -> know hbc comes into play one solution
17987.2 -> here is abs parallel cluster which is an
17990.16 -> ada supported open source cluster
17991.84 -> management tool that makes it easy for
17993.84 -> you to deploy and manage high
17995.84 -> performance computing hpc clusters and
17997.92 -> aws so hopefully that gives you an idea
18000.56 -> of this stuff okay
18004.92 -> [Music]
18006.638 -> all right so let's take a look at hpc or
18008.798 -> high performance computing on aws so hpc
18012.24 -> is for uh running large complex
18013.84 -> simulations and deep learning workloads
18015.52 -> in the cloud with a complete suite of
18016.878 -> high performance computing product
18018.24 -> services gains insight faster and
18020.32 -> quickly move from idea to market blah
18022.32 -> blah blah it's for ml or very complex
18024.958 -> scientific computing stuff these run at
18027.68 -> least on c5 ends
18030.08 -> okay and the way it works is that you
18032.32 -> use this cli called p cluster variable's
18035.28 -> parallel compute
18036.718 -> or
18037.68 -> it was parallel cluster stuff and so
18039.2 -> let's see if we can get this installed
18040.798 -> very easily
18042.16 -> um so what i'm going to do
18045.36 -> is see how hard it is to install
18048.4 -> now i don't recommend you running this
18050.08 -> because i don't know what it's going to
18051.28 -> cost me and if i make a misconfiguration
18053.6 -> i don't want you to have that spent here
18055.92 -> but i don't think it's that dangerous so
18057.84 -> i'm going to go back over to usc 1 here
18060.08 -> i'm going to open up cloud shell
18063.76 -> and i'm going to give it a moment to
18065.44 -> load
18066.48 -> and so as that is loading let's take a
18068.24 -> look at how we would go ahead and
18069.6 -> install this so install the current
18071.2 -> parallel
18072.56 -> it is parallel i think we just copy that
18074.4 -> line
18075.2 -> okay
18076.958 -> and so we have to wait for environment
18078.56 -> to spin up alright so once it has spun
18081.44 -> up we will install it
18083.84 -> and then we will jump over
18086.08 -> to this tutorial
18088.84 -> here okay so we'll give this a moment
18094.32 -> and after waiting a little while here it
18095.84 -> looks like our shell is ready it looks
18097.52 -> like it's in bash um i'm just going to
18099.36 -> type in aws s3 ls that's a sanity check
18104.32 -> okay
18105.76 -> and it works that's great so go back
18107.68 -> over here and i'm going to go back up to
18109.2 -> install for linux
18111.52 -> and what i need
18113.52 -> is that single command
18116.24 -> where is it
18118.48 -> so
18119.68 -> i'm certain that we already have linux
18121.92 -> or python installed
18124.08 -> but i just
18125.2 -> want the command to install it
18129.04 -> we saw it a moment ago here i'm just
18130.4 -> going to back out until i can find it
18136.48 -> one more
18137.84 -> there it is so it's under oh it's this
18139.52 -> link here and that's what i talk about
18141.04 -> the documentations being tricky
18142.32 -> sometimes you have to click these uh
18144 -> headings here to find stuff so
18147.28 -> this is the first time installing it so
18148.798 -> we'll grab that usually you're supposed
18150.16 -> to create in virtual environments with
18151.28 -> python i don't care this is my cloud
18153.68 -> shell it doesn't matter to me so we're
18155.44 -> going to go ahead and download that and
18156.718 -> hopefully it is fast and it was super
18158.4 -> fast which was really nice and so what
18160.798 -> we'll do is go check out the p cluster
18162.958 -> version
18166 -> okay and that looks fine to me i'm going
18167.92 -> to go down below here to run our first
18170.08 -> job
18171.36 -> the returns the it gives outputs i don't
18174.798 -> think we need to configure it because we
18176.24 -> already have our cli so what i'm going
18177.84 -> to do is go ahead and create ourselves a
18179.6 -> new cluster
18180.958 -> um beginning cluster creation
18183.2 -> configuration file config not found so i
18185.52 -> guess we do have to configure this
18190.24 -> configure
18192.56 -> and it's asking what region do we want
18194.48 -> to be in um if i have usc 1 i would
18197.12 -> choose it for some reasons all the way
18198.718 -> for number 13 that is not a lucky number
18201.04 -> but i'm going to choose it anyway anyway
18203.36 -> no key pair found in us east 1 region
18205.68 -> please create one of the following
18207.92 -> so create an ec2 key pairs
18211.6 -> no options found for ec2 key pairs
18213.44 -> that's fine so what i'll do is go over
18215.6 -> here
18217.68 -> and we'll go over to ec2
18223.12 -> and we will go over to key pairs key
18225.6 -> pairs key pairs key pairs we'll create
18227.04 -> ourselves a new one here so say
18230.08 -> hpc key pair
18232.56 -> or just my hpc
18235.76 -> so we know what it is for
18237.44 -> we have putty or pem we're going to do
18239.6 -> pem because we're on linux we'll create
18242.24 -> that
18243.2 -> and notice that it downloaded the pen
18245.12 -> down down here and we're going to need
18247.6 -> that for later
18248.958 -> um and so what i'll do
18251.52 -> is i'll type in p cluster here again
18253.44 -> configure we'll choose 13
18255.52 -> we'll choose number one here
18258.4 -> allowed values for the scheduler i have
18260.878 -> no idea
18262.638 -> what these are
18264.16 -> uh let's choose the number one allowed
18266.798 -> values for the operating system amazon
18268.878 -> linux 2. i know what that is minimum
18271.12 -> cluster size
18272.878 -> one
18273.84 -> maximum cluster size
18276.08 -> two
18277.2 -> head notice instance oh t2 micro you can
18280 -> do that yeah let's do it i didn't know
18282 -> we could do that enter compute type uh
18284.718 -> t2 micro sure
18286.878 -> so i thought that we'd have to use a c5n
18288.958 -> but i guess apparently not automate vpn
18291.52 -> vpc creation yes of course
18293.92 -> network configuration so allowed values
18295.84 -> for the network configuration
18297.6 -> a head node in a public subnet and can
18300.16 -> and compute fleet in a private subnet
18302.638 -> a head node and compute that will do in
18304.638 -> the both just to make our lives easier i
18306.24 -> don't care
18307.44 -> first one sounds more secure of course
18309.84 -> and so
18310.878 -> oh it's creating cloud information sack
18312.32 -> wow this is easy i thought this was
18314.24 -> going to be super painful okay so we'll
18316.08 -> go over here we'll go take a look at
18318 -> what cloudformation's doing
18320.08 -> all right
18321.92 -> now i don't care if we actually run a
18323.52 -> task on here but it was just interesting
18324.958 -> to go through the process to see how
18326.48 -> hard it was and we will go look at what
18329.68 -> resources are being created so it's
18331.68 -> creating an internet gateway so it's
18333.44 -> literally creating a isolate vpc for it
18335.68 -> which is totally fine i guess
18338 -> it's creating a subnet it's creating a
18339.76 -> route table refresh here
18343.04 -> um i'm not sure how much it wants to
18344.958 -> create here
18346.638 -> it just looks like vpc that's all it's
18348.24 -> creating i thought maybe the ec2
18349.6 -> instances would show up here but maybe
18351.04 -> it's going to launch that at
18353.2 -> on a need be basis
18357.76 -> okay so that's all created oh now it's
18359.84 -> doing a vpc gateway
18363.12 -> i think vpc gateways cost money let's go
18365.52 -> take a look here people say pricing
18371.6 -> yeah there's a
18373.36 -> transfer fee so just be careful about
18375.52 -> that
18377.04 -> you know again you just can just watch
18378.4 -> along here you don't have to do it
18381.84 -> default route depends on public so now
18384.32 -> it's creating ec2 route
18388.718 -> i don't know what an aws ec2 route is
18392 -> i've never seen that before sometimes
18393.92 -> what we can do is go into ec2 and then
18395.92 -> take a look on the left hand side you
18397.36 -> see anything in here we don't know what
18398.878 -> it is we just type in ec2 route cloud
18400.958 -> formation sometimes cloudformation is
18402.878 -> great for figuring out what a component
18404.638 -> is not all components are represented in
18406.48 -> the um
18408.48 -> um
18409.44 -> management console so specify route in
18411.04 -> the row table oh it's just a route okay
18415.76 -> and we'll go back here we'll refresh
18419.12 -> so that is done
18420.48 -> is the stack done
18422.4 -> created complete good we'll go back to
18424.16 -> our cloud shell
18425.52 -> it says you can edit your configuration
18427.2 -> file or simply do etc so now let's see
18429.6 -> if we can create the cluster
18431.6 -> i assume this would create ec2 instances
18435.04 -> so the job scheduler you are using is
18436.638 -> sge this is deprecated in future use
18439.12 -> parallel cluster well should have told
18441.04 -> me okay
18442.638 -> there is a new version of three zero one
18445.2 -> parallel available i don't understand
18447.04 -> because i just installed it right
18449.12 -> we'll go back to cloudformation we're
18450.638 -> just gonna probably create nested stacks
18452.638 -> which
18453.44 -> that's what i thought it would do nessa
18454.878 -> stacks means that it's reliant so
18456.16 -> there's one main one and then there's uh
18458.24 -> children stack
18459.76 -> so go here see what resources it's
18461.52 -> creating
18462.638 -> a whole bunch of stuff wow
18465.84 -> so many things that sqsq sns
18469.6 -> a network interface
18471.6 -> a dynamodb table
18473.52 -> yeah you probably don't want to run this
18475.2 -> you just want to watch me do it
18477.28 -> and then we go into here it's creating
18479.84 -> an ec2 volume so that's going to be ebs
18483.44 -> and then here we have
18487.12 -> a log group i don't know why they
18488.638 -> separated those out it seemed very
18490.638 -> necessary
18493.52 -> we are waiting on the elastic ip that
18496.56 -> always takes forever creating elastic ip
18499.28 -> root instance profile that is the item
18501.12 -> role for it
18503.68 -> that didn't take too long
18505.52 -> these these take a long time i never
18507.36 -> know why
18508.958 -> you create a role it's really easy but
18510.24 -> attaching an iron policy you're always
18512 -> waiting for those
18514.958 -> um
18516.16 -> so
18517.6 -> i'm gonna just stop it here i'll be back
18519.2 -> in a second because i don't want to have
18520.638 -> to make you watch me
18522.56 -> stare at the screen here okay
18524.798 -> all right so after a really really long
18526.4 -> wait um
18527.76 -> and it always takes some time there it
18529.2 -> finally created i'm not sure what it's
18531.84 -> made i mean we generally saw over here
18534.24 -> in the outputs
18535.44 -> but usually the cost that i'm worried
18536.798 -> about is whatever it's launching under
18538.48 -> ec2 it might not even have launched any
18541.28 -> servers here we're going to take a look
18542.718 -> here and see if there's anything
18544.4 -> so
18545.68 -> we have a master and a compute and
18547.84 -> they're t2 micro so
18549.52 -> seems pretty safe here
18552.32 -> this compute is not running yet so i'm
18554.32 -> assuming that this is
18556.16 -> like the machine that does the computing
18558.56 -> and maybe if you had multiple machines
18560.56 -> here like that would be the cluster like
18562.24 -> would manage multiple computes
18564.48 -> i'm not particularly sure but let's just
18566.32 -> keep going through the tutorial and see
18567.6 -> what we can do the next step is we need
18569.6 -> to get this pen key
18571.68 -> in our cloud shell here so this i don't
18573.84 -> know where this is but what i'm going to
18575.12 -> do
18576.32 -> is i'm going to move it to my desktop
18578 -> i'm doing this off screen by the way so
18580.16 -> i'm moving it to my desktop and then i'm
18581.68 -> just going to go and upload the file
18583.76 -> okay
18585.28 -> and there it is so we'll say open
18587.84 -> and we'll say upload
18590.32 -> and it's going to upload it here onto
18592.718 -> this machine and i believe this is on
18594.638 -> like uh i think this uses an efs
18596.878 -> instance
18597.84 -> like if you're wondering where the
18598.878 -> storage for cloud shell is if we go over
18601.28 -> here i think it's efs
18603.76 -> is it
18605.52 -> uh i don't know where it is okay maybe
18607.36 -> it's just uh maybe it's somewhere else
18609.44 -> okay i can't remember where it is but
18611.28 -> anyway um so now
18614.4 -> it's created the cluster can i hit enter
18617.04 -> here
18619.04 -> okay
18621.2 -> can i create a tab
18623.92 -> like if i quit this is it going to kill
18625.92 -> it
18626.878 -> it exited it which is i think it's fine
18628.48 -> i don't think it stopped running
18630.56 -> and so now if i do an ls there's my key
18633.36 -> and so we can go back to our
18636.16 -> instructions we just have too many tabs
18638.08 -> open here
18639.52 -> drag this all the way to the left here
18641.36 -> and so we can try to use our key here to
18643.92 -> log in
18645.44 -> so what i'm going to do is
18649.12 -> go here and we'll say my hpc pem and see
18652.48 -> if that works we'll say yes
18656.24 -> and permission denied it is required
18658 -> your private key is not accessible
18659.52 -> that's because we have to mod it
18662.48 -> um
18664.638 -> i never remember the command anymore
18666.718 -> because i rarely ssh into machines but
18669.84 -> if we go to connect
18671.84 -> and we go to ssh client it will tell us
18674.32 -> that we need to run
18676.958 -> chamod 400 okay so that's what we need
18678.798 -> to do is we need to do a chamat400
18681.12 -> just wanted to grab that code there
18684.878 -> okay and now if we hit up we should ssh
18687.6 -> into the machine there we are
18690.798 -> we are in the instance
18692.958 -> we'll type it exit and so now we want to
18695.52 -> run our job on this machine
18698.958 -> and if we go back over to here
18702.878 -> i guess we can go create our first job
18705.52 -> so i'm just doing this in vi
18709.84 -> and i'm gonna paste that in yep
18712.638 -> and i don't want the first line oh okay
18715.04 -> that's perfect oh great
18718 -> right
18718.84 -> quit oh there's no file name hold on
18721.36 -> here
18722.718 -> so i need to name this file something so
18724.798 -> i'm going to say job.sh
18728.16 -> and we're going to paste that again here
18730.24 -> we'll say paste
18732.56 -> and i don't know if that's cut off yeah
18734.4 -> it is okay great
18735.92 -> is that one okay
18740.4 -> i don't trust that the first line is
18741.68 -> there
18743.2 -> so what i'm gonna do
18746.56 -> is go back to our tutorial here
18749.2 -> it's shebang forward slash bin forward
18752.16 -> slash bash
18753.92 -> uh
18756 -> this then that
18757.84 -> forward slash bin forward slash bash
18760 -> just double check it looks good to me
18762.878 -> we're going to quit that i'm just going
18764.48 -> to make sure that it is what we said it
18766.32 -> is so job.sh
18768.32 -> looks correct to me good and so we'll
18770.56 -> try to run our job here so i'm going to
18772 -> say q
18774.878 -> um job.sh
18778.32 -> ls
18780.08 -> and i guess it really depends on what we
18781.84 -> decided to use when we set up that thing
18783.92 -> i can't remember what we choose as our
18785.36 -> queue
18786.48 -> we do qstat
18789.28 -> oh you okay okay okay so i think the
18791.6 -> thing is like you see how we have sg i
18793.52 -> think that that's what we use to queue
18795.68 -> up jobs and so we have to have that
18796.878 -> installed probably so install
18801.44 -> configure sun grid engine
18806.48 -> sg install
18808.32 -> linux
18813.84 -> oh boy that looks like a lot of work
18817.12 -> so i don't think we need to do anything
18819.36 -> further here but as far as i understand
18821.28 -> the idea is that you're choosing
18823.84 -> some kind of way to manage these and so
18825.84 -> i'm not sure what q q sub is let's just
18828.08 -> go look at what that is what is q sub
18830.798 -> oh that is the sun grid engine
18832.878 -> okay so
18834.48 -> how do we install that
18840.878 -> um
18841.58 -> [Music]
18842.798 -> i'm just gonna see if we can install it
18844 -> so i'm gonna do
18845.28 -> i think this is using yum
18847.6 -> so if i do clear here
18849.76 -> clear
18851.28 -> yum install q sub let's see if i can do
18853.6 -> it
18856.638 -> sudo yum install qsum no package
18859.2 -> available
18860.878 -> amazon linux 2
18863.12 -> q sub because that's probably what we're
18865.04 -> running in cloud shell
18872.24 -> q sub doesn't tell us how to install it
18877.68 -> that's great
18880 -> so that's probably what it is and so in
18882.08 -> order to use this we would have to
18883.76 -> install that
18885.2 -> sun whatever whatever
18886.878 -> and then we go through we do q sub it
18888.878 -> would cue it up um you could do q stat
18891.36 -> cat hello destroy it that's pretty much
18893.36 -> all we really need to know to understand
18895.12 -> this
18895.92 -> it would have been nice to queue up a
18896.958 -> job and see it work but you know we're
18898.798 -> getting kind of into a hairy territory
18900.638 -> here and i think that we fundamentally
18902.48 -> understand how this does work so what
18904.4 -> i'm going to do is i'm going to go here
18905.92 -> i'm going to remove the job.sh here and
18908.958 -> i want to destroy this cluster
18912.24 -> so i'm going to do p cluster commands
18916.56 -> to figure out what all the commands are
18918.958 -> and there's probably a delete command so
18921.52 -> we'll go back up here
18925.76 -> be cluster
18928.638 -> where is our credit so we'll say delete
18934.24 -> okay and so what that's going to do is
18935.84 -> just tear down all the stuff now
18938.798 -> so if we go over to cloudformation
18947.68 -> okay and
18949.52 -> it looks like it's destroying so
18952.08 -> yeah i'll see you here uh back in a bit
18954.08 -> when it's all destroyed okay
18955.6 -> all right so after a short little wait
18956.878 -> there it has destroyed it has been so
18958.798 -> long that i uh my connection vanished
18960.56 -> but just make sure if you did follow
18962 -> along for whatever reason uh you know
18964 -> make sure that the stuff is deleted and
18966.24 -> it looks like it did not destroy uh this
18968.4 -> so i'm going to go ahead and delete that
18969.6 -> that's just vpc stuff so i'm not too
18972 -> worried about it i know that's going to
18973.44 -> roll back no problem and so i'm going to
18974.878 -> consider this done so i'm going to make
18976.56 -> my way back to the management console
18978.638 -> close this stuff up and we are good to
18981.2 -> go for our next thing
18987.36 -> hey this is andrew brown from exam pro
18989.28 -> and we're taking a look at edge and
18990.718 -> hybrid computing services so what is
18993.2 -> edge computing when you push your
18995.36 -> computing workloads outside of your
18997.12 -> network to run close to the destination
18998.878 -> location
19000.4 -> so an example would be pushing computing
19002 -> to run on phones iot devices external
19004.32 -> servers not within your cloud network
19007.2 -> what is hybrid computing when you're
19008.958 -> able to run workloads on both your
19010.718 -> on-premise data center and the above
19013.44 -> vpc okay
19015.12 -> so we have a few services here starting
19017.04 -> with abus outposts this is a physical
19018.718 -> rack of servers that you can put into
19020.718 -> your data center invoice outputs allows
19022.878 -> you to use aws api and services uh such
19026.32 -> as ec2 right in your data center then we
19029.2 -> have abs wavelength this allows you to
19030.878 -> build and launch your applications in a
19032.718 -> telecom data center by doing this your
19034.798 -> applications will have ultra low latency
19037.04 -> since they will be pushed over the 5g
19038.798 -> network and be closest as possible to
19040.718 -> the end user
19042.56 -> so they've partnered with things like
19044.24 -> verizon vodafone business and a few
19047.12 -> others but those are the two noticeable
19048.878 -> ones okay we have vmware cloud on aws so
19051.92 -> this allows you to manage on-premise
19053.44 -> virtual machines using vmware
19055.84 -> within ec2 instances the data center
19058.4 -> must be using vmware for virtualization
19061.44 -> for this to work okay
19063.12 -> then we have abs local zones which are
19064.878 -> edged data centers located outside of
19067.2 -> the database region so you can use it as
19069.52 -> closer to the edge destination when you
19071.68 -> need faster computing storage databases
19073.84 -> in populated areas that are outside of
19075.6 -> aws region you could do this there's
19077.44 -> some other edge offerings on aws that
19079.6 -> aren't listed here like sagemaker has
19081.44 -> was called like neo stage maker unless
19084.16 -> you do edge computing with
19086.958 -> ml but i mean this is good enough okay
19089.42 -> [Music]
19093.36 -> all right so i wanted just to show an
19095.12 -> example of edge computing because we
19097.36 -> didn't cover it in our generic compute
19099.44 -> and so there's a variety of services
19100.958 -> that allow you to do edge computing like
19102.718 -> wavelength and so
19104.798 -> i've never actually launched wavelength
19106.4 -> before and i think that you have to
19109.2 -> request it so
19111.12 -> if i go over to support here again i've
19113.04 -> never done this before but i'm sure we
19114.56 -> can figure it out pretty easily i feel
19116.48 -> that if we create a case
19120.718 -> um maybe it's like service limit
19124.4 -> we type in wavelength here well nope not
19126.4 -> there
19128.16 -> so how do we get wavelength wavelength
19130.638 -> request
19138 -> so that's what i'm looking for here
19143.2 -> okay
19144.24 -> how do i use wavelength aws
19148.48 -> whoops
19154.56 -> and sometimes what i'll do is go to the
19156.08 -> docs here
19157.28 -> opt into wavelength zones before you
19159.6 -> specify wavelength zone for resource or
19161.68 -> service you must opt into it to opt in
19164.08 -> go to the aws console
19166.4 -> okay so we'll go to ec2
19171.36 -> and
19172.638 -> then it's going to say use the region
19174.638 -> selector in the navigation bar to select
19176.24 -> the region which supports your
19177.76 -> wavelength
19180.878 -> so i know that there's stuff in
19184.48 -> uh us west because
19187.2 -> of las vegas right or not las vegas but
19189.36 -> los angeles right
19190.958 -> so if we go over here there's definitely
19192.4 -> that over there on the navigation pane
19194.48 -> of the ec2 dashboard under account
19196.32 -> attribute select zones
19200.4 -> okay do we see zones here
19204.878 -> zones
19207.84 -> oh ec2 dashboard
19211.44 -> zones let's go check here again
19213.52 -> on the navigation pane choose ec2
19215.6 -> dashboard we are there right
19220.32 -> and under account attributes settings
19222.958 -> account attributes
19226.16 -> oh over here okay
19227.92 -> oh it's here zones
19230.48 -> and so there we have two zones and we
19233.44 -> see
19234.32 -> switch regions to make
19236.08 -> zones a different region
19239.36 -> okay so
19240.878 -> under zone groups turn on wavelengths
19244.798 -> zone groups
19247.04 -> okay nothing there so i'm just going to
19248.718 -> switch over to another one here
19251.36 -> oh maybe oregon
19254.558 -> maybe cs west 2. oh look at all the
19256.798 -> stuff we have here i've never seen these
19259.2 -> before okay so
19261.04 -> here is the wavelength one so that is
19263.84 -> the los angeles one
19266.878 -> we can go ahead and enable this before
19268.32 -> december the zone group i'm not sure
19270.16 -> what zone groups cost so
19272.798 -> wavelength zone pricing
19275.68 -> again you might just want to watch me do
19277.28 -> this because it might cost money
19280 -> and so you might not want to
19282.32 -> have to spend for that
19284.878 -> pricing
19289.52 -> provides mobile networks wavelengths are
19291.68 -> available across whatever learn about
19294.4 -> the data transfers enterprise about ec2
19296.638 -> instances
19298.16 -> okay so what's the price
19300.878 -> we're going to here
19304.718 -> alright so what i'm going to suggest to
19306.558 -> you is don't do this but i'm going to do
19308.24 -> it and we're just going to see what the
19309.76 -> experience is like okay
19311.52 -> so i'm going to update my zone so now i
19313.76 -> have this one so we'll say enable
19315.92 -> i'm going to assume that it has to do
19317.12 -> with like data transfer costs
19320.08 -> okay
19321.28 -> and uh we're going to go over to ec2
19326.558 -> and we're going to go over to instances
19327.92 -> here
19329.92 -> we're going to launch an instance and
19331.6 -> we're going to see if we have that
19333.44 -> available now i don't know if we're
19334.558 -> restricted to particular to particular
19336.638 -> uh instances i assume we can launch a
19338.798 -> linux machine
19340.08 -> it'd be really weird if we couldn't you
19341.44 -> know we'll go over to configuration and
19343.6 -> what we want to do is choose
19347.52 -> the zone so how do we do it so once it's
19349.68 -> turned on
19351.52 -> confirmation confirm it configure your
19353.12 -> network so create a vpc create a carrier
19355.6 -> gateway so you can connect your
19357.04 -> resources into the vpc to the
19358.638 -> telecommunication network
19360.718 -> holy smokes this is complicated
19363.52 -> but it's just kind of interesting to see
19365.12 -> like the process right
19367.52 -> you know it's not for our use case but
19369.2 -> uh
19370 -> carrier gateway right
19372.48 -> and as i do this i always check up all
19373.92 -> the costs here so i say
19375.44 -> carrier gateway
19377.68 -> pricing aws because maybe that's where
19379.92 -> the price is
19383.2 -> okay if you don't get a pricing page
19385.04 -> then usually that's hard to say
19386.24 -> logically isolated virtual networks
19390.08 -> again it's not telling me what
19393.44 -> um to use carrier you need to opt into
19395.76 -> at least one wavelength zone but i did
19398.4 -> right
19400.24 -> and sometimes what happens is that it
19401.68 -> just takes time for the opt-in to to go
19406.718 -> so go here manage the zone settings
19409.12 -> that was a lot easier way so we have one
19411.04 -> it's we're opted in right here
19413.36 -> okay
19415.52 -> and
19418.32 -> okay we'll go here again if that one
19420.24 -> didn't work um
19423.92 -> we can try
19425.36 -> so i guess these are all the regions
19426.798 -> denver things like that
19430.878 -> can i
19431.76 -> opt into this one opt-in
19437.76 -> it's not super exciting like all we're
19439.28 -> going to do is launch an ec2 instance
19440.878 -> but you know we'll go through the
19442.16 -> process here a bit
19444.4 -> and i don't know why i can't create one
19446.24 -> so we'll go back over to the
19447.36 -> instructions here
19449.44 -> credit so you can connect so create a
19451.04 -> route table using the vpc to the route
19452.798 -> table so i think that's as far as we're
19454.24 -> going to get here because i'm not seeing
19455.92 -> any options here but the idea was that
19458.32 -> we would have to create a carrier
19459.6 -> gateway we'd update our route tables and
19461.76 -> all we would be doing is launching an
19463.2 -> ec2 instance so you know it's no
19465.76 -> different than launching it you just
19467.44 -> choose a different subnet so i think
19469.44 -> you'd have to create a subnet for that
19470.718 -> zone and launch it in there and that
19472.4 -> would be edge computing another example
19474.48 -> of edge computing would be something
19476.08 -> like via cloudfront
19477.92 -> which we have these
19480.32 -> edge functions or
19482.24 -> not edge functions have functions here
19484.638 -> and so these are functions that are
19486 -> deployed to cloudfront so
19488.638 -> my cloudfront function
19493.92 -> and these would be deployed to um
19496.558 -> edge locations right and all you can use
19498.878 -> here is javascript so here's an example
19500.798 -> of one
19501.92 -> and
19503.04 -> um i'm fine with this
19505.6 -> development live this function is not
19507.36 -> published we'll go to test
19510.08 -> test the function it's good
19514 -> publish publish that function and so
19516.558 -> the advantage of this is that you know
19518.4 -> if you have functions that are in it
19520.878 -> with lambda there's a chance of cold
19522.558 -> start
19523.52 -> um whereas if they're deployed on the
19526 -> edge here there's still probably a cold
19527.6 -> start but it's going to be a lot faster
19529.2 -> because it's a lot closer to
19531.2 -> the edge location so
19533.2 -> um you know
19534.558 -> it's just the different uh different
19535.92 -> cases but yeah there was one where we're
19537.28 -> launching ec2 workload into wavelengths
19540.16 -> which we couldn't complete which is
19541.28 -> totally fine and then we have these
19543.04 -> functions on the edge there's other edge
19545.44 -> computing services like within sagemaker
19547.68 -> you can deploy i think it's called like
19549.2 -> neo sagemaker and then for iot devices
19551.92 -> those are obviously on the edge so you
19553.52 -> can deploy those as well
19555.2 -> but generally that gives you an idea of
19556.638 -> edge computing okay
19560.85 -> [Music]
19562.24 -> hey it's andrew brown from exam pro and
19563.92 -> we're looking at cost and capacity
19565.68 -> management computing services so before
19567.84 -> we talk about them let's define what is
19569.52 -> cost management so this is how do we
19571.44 -> save money and we have capacity
19573.52 -> management how do we meet the demand of
19575.36 -> traffic and usages through adding or
19577.92 -> upgrading servers so let's get to it the
19579.92 -> first are the different types of ect
19582.558 -> pricing models so you got spot instances
19584.878 -> reserved instances saving plans these
19587.52 -> are ways to save on computing by paying
19589.68 -> up in full or partially or by committing
19592.16 -> to a yearly contract or multi-year
19594.08 -> contract
19595.52 -> or by being flexible about the
19597.2 -> availability interruption to computing
19598.958 -> services we have it was batch so this
19601.12 -> plan schedules and executes your batch
19603.04 -> compute workloads across the full range
19605.12 -> of aws computing services which can
19607.28 -> utilize spot instances to save money we
19610.08 -> have abyss compute optimizer so suggest
19612.48 -> how to reduce costs and improve
19614.32 -> performance by using machine learning to
19616.638 -> analyze
19618.558 -> your previous usage history we have ec2
19621.6 -> auto scan groups so asgs these
19623.92 -> automatically add or remove ec2 servers
19625.92 -> to meet the current demand all of
19628.08 -> traffic they will save you money and
19630.48 -> meet capacity since you only run the
19632.558 -> amount of servers you need then we have
19634.878 -> elb so elastic load bouncer so this
19637.2 -> distributes traffic to multiple
19638.638 -> instances we can reroute traffic from
19640.958 -> unhealthy instances to healthy instances
19643.36 -> and can route traffic to ec2 instances
19645.44 -> running in different availability zones
19648.24 -> and then we have elastic beanstalk here
19650 -> which is easy for deploying web
19651.76 -> applications without developers having
19653.44 -> to worry about setting up and
19655.04 -> understanding the io underlying aweso
19657.12 -> services similar to heroku it's a
19659.28 -> platform as a service so not all these
19661.44 -> are about cost some of them are about
19663.2 -> capacity management like elb
19665.6 -> but yeah there you go
19667 -> [Music]
19671.36 -> hey this is andrew brown from exam pro
19673.12 -> and we are looking at the types of
19674.4 -> storage services and no matter what
19676.48 -> cloud service provider using they're
19677.76 -> usually broken down into these three
19679.2 -> where we have blocks file
19681.04 -> and um
19682.638 -> uh object okay so let's take a look at
19684.798 -> the first so this is going to be for
19686.24 -> block storage so for aws this is called
19688.638 -> elastic block store data is split into
19691.04 -> evenly split blocks directly accessed by
19693.12 -> the operating system and supports only a
19695.36 -> single right volume so imagine you have
19697.44 -> an application
19699.04 -> over here and that application is using
19701.2 -> a virtual machine that has a specific
19703.44 -> operating system and then it has a drive
19705.76 -> mounted to it uh it could be using fc or
19709.04 -> scuzzy here
19710.48 -> but the idea here is when you need a
19712.16 -> virtual drive attached to your vm is
19714 -> when you're going to be using block okay
19716.08 -> the next one here is for um file or it's
19719.44 -> just basically a file system so this is
19721.36 -> about elastic file storage so the file
19723.76 -> is stored with data and metadata
19726.32 -> multiple connections via a network share
19728.958 -> supports multiple reads writes locks the
19731.68 -> file so over here we could have an
19734.4 -> application but it doesn't necessarily
19735.6 -> have to be an application and so it's
19737.68 -> using nasa exports as the means to
19740.16 -> communicate and so the protocols here
19742.08 -> can be nfs or smb which are very common
19745.76 -> uh file system protocols and so the idea
19748.48 -> here is when you need a file share where
19750.08 -> multiple users or vms need to access the
19752.4 -> same drive so this is pretty common
19754.558 -> where you might have multiple virtual
19755.92 -> machines and you just want to act as
19757.36 -> like one
19758.558 -> drive one example that could be like
19760.638 -> let's say you're running a minecraft
19761.68 -> server you're only allowed to have one
19763.12 -> world on a particular single drive but
19765.6 -> you want to be able to have multiple
19766.878 -> virtual machines to maximize that
19768.958 -> compute that'd be a case for that um so
19771.28 -> there you go then the last one here is
19773.12 -> like object storage and so for aws this
19775.76 -> is called amazon simple storage service
19777.84 -> or
19778.638 -> also known as s3 so object is stored
19780.958 -> with data metadata any unique id scales
19783.44 -> with limited uh
19785.12 -> with limited no file limit or storage
19788.24 -> limit
19789.12 -> so there's really very there's very
19791.68 -> little limit to this it just basically
19793.12 -> scales up supports multiple reasons
19795.36 -> right so there are no locks and so the
19797.76 -> protocol here we're going to be using
19799.36 -> https and api so when you just want to
19802.24 -> upload files and not have to worry about
19804.24 -> the underlying infrastructure not
19805.84 -> intended for high
19807.44 -> iops so input and outputs per seconds
19810.16 -> okay so depending on how fast you have
19811.52 -> to do your read and writes are going to
19813.12 -> determine uh you know whether you're
19814.878 -> going uh this direction or the other way
19817.76 -> um or you know how many
19819.68 -> need to actually connect at the same
19821.2 -> time and whether it has to be connected
19822.798 -> as a mount drive to the virtual machine
19824.638 -> okay
19829.44 -> hey it's andrew brown from exam pro and
19831.2 -> we're going to do a short introduction
19833.04 -> into s3 because on the certified cloud
19835.04 -> partitioner they ask you a little bit
19836.718 -> more than they used to and so we need to
19838.798 -> be a bit familiar with s3 because it is
19841.28 -> um at least i think that abel's
19843.52 -> considers its flagship uh storage uh
19846.16 -> service and it really is one of the
19848.16 -> earliest services is the second one ever
19850.08 -> launched okay so what is object storage
19852.878 -> or object-based storage so data storage
19854.878 -> architecture that manages data as
19856.4 -> objects as opposed to other storage
19858.08 -> architectures so file systems where
19860.958 -> these are others right so which manages
19862.958 -> data as files and a hierarchy and block
19865.28 -> storage which manages data as blocks
19866.878 -> within sectors and tracks that get
19868.798 -> stored on an actual uh drive
19871.04 -> and so uh the idea here is we have s3
19873.6 -> which provides basically unlimited
19875.12 -> storage you don't need to think about
19876.638 -> the underlying infrastructure the s3
19878.4 -> console provides interface for you to
19879.84 -> upload and access your data okay so we
19882.24 -> have the concept of an s3 object so
19884.16 -> objects contain your data they are like
19887.04 -> files but objects may consist of a key
19889.92 -> this is the name of the object a value
19891.68 -> the data itself made up of a sequence of
19893.28 -> bytes the version id when versioning
19895.52 -> enabled the version of the object
19897.36 -> metadata additional information attached
19899.44 -> to the object and then you have your s3
19901.2 -> buckets the buckets hold objects buckets
19903.2 -> can also have folders which in turn hold
19905.36 -> objects s3 is a universal namespace so
19907.6 -> bucket names must be unique it's like
19909.84 -> having a domain name okay and one other
19912.558 -> interesting thing is an individual
19914.08 -> object can be between zero bytes and up
19916.798 -> to five terabytes so you have unlimited
19918.798 -> storage but you can't have uh files of
19921.44 -> uh incredible size uh i mean five
19923.92 -> terabytes is a lot but nothing beyond
19925.52 -> that for a single file but just
19927.28 -> understand that you can actually have a
19929.36 -> zero byte file uh and for like associate
19932.08 -> certifications that can be
19933.84 -> a an actual question so that's why it's
19936.16 -> there
19941.04 -> all right let's take a look at s3
19942.558 -> storage glasses um and so for the
19944.798 -> certified cloud partitioner we need to
19946.24 -> know generally what these are for
19947.76 -> associated levels we need more detail
19949.28 -> than we have here but let's get through
19950.718 -> it so adabus offers a range of s3
19952.798 -> storage classes the trade retrieval time
19955.2 -> accessibility durability for cheaper
19957.6 -> storage and so the farther down we go
19959.76 -> here the more cost effective
19961.84 -> it should get
19962.958 -> pending uh you know certain conditions
19965.28 -> okay so when you put something to s3
19967.2 -> it's going to go into the standard uh
19969.52 -> tier the default tier here
19971.52 -> and this is uh incredibly fast it has
19973.36 -> 99.99
19974.878 -> availability 11 9's durability
19977.92 -> and it's replicated across three azs and
19980.4 -> so
19981.2 -> uh you know we have this cheaper meter
19982.958 -> here here on the left-hand
19984.878 -> side that would apply this is very
19986.32 -> expensive and it's not actually
19987.68 -> expensive but it is expensive at scale
19989.92 -> when you can uh better optimize it with
19991.76 -> these other tiers so just understand
19993.2 -> that then you have the s3 intelligent
19995.76 -> tiering so this uses ml to analyze
19997.84 -> objects and usage and determine the
19999.28 -> appropriate storage class it is moved to
20001.52 -> the most cost effective access tier
20003.12 -> without any performance impact or added
20005.44 -> overhead then you have s3 standard ia
20008.4 -> which stands for infrequent access this
20010.638 -> is just as fast as s3 standard but it's
20012.958 -> cheaper if you access the files less
20014.558 -> than once a month there's going to be an
20016.32 -> additional retrieval fee applied so if
20018.798 -> you do try to retrieve data as
20020.718 -> frequently as s3 standard it's going to
20022.24 -> actually end up costing you more so you
20024.24 -> don't want to do that okay then you have
20026.32 -> s3 one zone ia so as it says it's
20029.52 -> running in a single zone so it's as fast
20031.44 -> as s3 standard but it's going to have
20033.6 -> lowered availability but you're going to
20035.04 -> save money okay there is one caveat
20037.28 -> though your data could get destroyed
20038.638 -> because it's remaining in a single uh a
20040.958 -> z so if that
20042.4 -> a z or data centers um suffer a
20044.878 -> catastrophe you're not going to have a
20046.958 -> duplicate of your data to retrieve it
20048.798 -> okay and then you have s3 glacier so for
20051.92 -> long-term cloud storage retrieval of
20054 -> data can take minutes to hours but it's
20056.4 -> very very very cheap and then you have
20058.48 -> esri glacier deep archive which is the
20060.878 -> lowest cost storage class but the data
20062.798 -> retrieval is 12 hours and so you know um
20066.798 -> all of these here to here these are all
20068.798 -> going to be in the same abyss s3 console
20071.44 -> or amazon s3 console s2 glacier is
20073.92 -> basically like its own service but it's
20075.52 -> part of s3 so kind of lives in this
20077.76 -> weird state there's one here that we
20079.28 -> didn't have a list here which is s3
20081.04 -> outputs because it has its own storage
20082.958 -> class it doesn't exactly fit well into
20086.32 -> this kind of leaner cheaper
20088.558 -> thing here okay
20090.13 -> [Music]
20094.16 -> hey it's andrew brown from exam pro and
20095.92 -> we're taking a look at the aws snow
20097.52 -> family so this is storage and compute
20099.84 -> devices used to physically move data in
20101.92 -> or out of the cloud when moving data
20103.36 -> over the internet or provide private
20105.28 -> connection that is too slow difficult or
20107.52 -> costly so we have snow cone snow ball
20110.718 -> edge and snowmobile and so there
20113.6 -> originally was just snowball and then
20115.6 -> they came out with snowball edge
20117.76 -> and edge introduced edge computing
20119.6 -> that's why there's edge in the name
20121.6 -> but pretty much all of these devices
20123.12 -> have edge computing uh and they do
20125.84 -> individually come with some variants so
20127.28 -> with the snowball snow cone it comes in
20128.958 -> two sizes where it has eight terabytes
20130.798 -> of usable storage and then there's one
20132.878 -> with 14 terabytes of usable storage for
20135.6 -> snowball edge it technically has like
20137.28 -> four versions but i'm going to break it
20138.878 -> down to two for you we have storage
20140.718 -> optimize where we have 80 terabytes of
20142.718 -> use
20144.718 -> of usable storage there and then compute
20147.52 -> optimize
20149 -> 30.9.5 terabytes and even though it's
20151.6 -> not here you get a lot of vcpus and
20153.92 -> increased memory which could be very
20155.6 -> important if you need to do edge
20156.48 -> computing before you send that over to
20158.558 -> aws and then last here we have
20160.798 -> snowmobile which can store up to 100
20163.68 -> petabytes of storage um in the
20167.12 -> associates i cover these in a lot more
20169.28 -> detail because there's so much more
20170.718 -> about these like the security of them
20172.558 -> how they're tamper proof something like
20174.4 -> how they have networking built in the
20175.92 -> the connection to them but you know for
20177.76 -> this exam that's just too much
20179.12 -> information um you just need to know
20181.12 -> that there are three uh three ones in
20183.04 -> the family and generally what the sizes
20184.798 -> are and that they're going to be all
20186.24 -> placed into amazon s3 uh what's
20188.32 -> interesting is that you know snowmobile
20190.08 -> only does a hundred petabytes but adabus
20192.638 -> markets it as you can move exabytes of
20195.44 -> of um content because you can order more
20197.6 -> than one of these devices so uh they'll
20199.84 -> market it saying like snowball edge is
20201.28 -> when you want to move uh petabytes of
20203.12 -> data and snowball mobile is when you
20204.718 -> want to move exabytes but you can see
20206.718 -> that a single thing isn't in the
20208.558 -> exabytes just in the petabyte okay
20211.04 -> [Music]
20215.52 -> hey this is andrew brown from exam pro
20217.2 -> and we are taking a look at all the
20218.638 -> innova storage services in brief here so
20220.638 -> let's get to it so the first is simple
20222.32 -> storage service s3 this is a serverless
20224.48 -> object storage service you can upload
20226.4 -> very large files and an unlimited amount
20228.16 -> of files you pay for what you store you
20230.08 -> don't worry about the underlying file
20231.28 -> system or upgrading the disk size you
20233.12 -> have s3 glacier this is a cold storage
20235.2 -> service it's designed as a low-cost
20237.2 -> storage solution for archiving and
20238.718 -> long-term backup it uses previous
20240.638 -> generation hdd drives to get that low
20243.36 -> cost
20244.24 -> it's highly secure and durable we have
20246.4 -> elastic block store ebs this is a
20248.24 -> persistent block storage service it is a
20250.24 -> virtual hard drive in the cloud and you
20252 -> attach to ec2 instances you can choose
20254.08 -> different kinds of hard drives so ssd
20256.08 -> iops ssd throughput hdd and
20260 -> a cold hhd okay we have elastic file
20263.04 -> storage so efs it is a cloud native nfs
20266.32 -> file system service so file storage uh
20269.04 -> you can mount to multiple ec2 instances
20270.958 -> at the same time when you need to share
20272.958 -> files between multiple servers we have
20275.04 -> storage gateway this is a hybrid cloud
20276.798 -> storage service that extends your
20278.16 -> on-premise storage to the cloud we've
20279.84 -> got three offerings here file gateway so
20281.6 -> extend your local storage to amazon s3
20284.08 -> volume gateway cache is your local drive
20286.24 -> to s3 so you have a continuous backup of
20288.718 -> the local files in the cloud tape
20290.48 -> gateway so stores files onto virtual
20292.718 -> tapes for backing up your files on very
20295.12 -> cost-effective long-term storage we got
20297.76 -> warmer page here because there's a lot
20298.958 -> of services here we have eight of us
20301.12 -> snow family so these are storage devices
20303.52 -> used to physically migrate large amounts
20305.44 -> of data to the cloud and so we have
20307.44 -> snowball and snowball edge these are
20309.6 -> briefcase size data storage devices
20311.6 -> between 50 to 80 terabytes i don't
20313.6 -> believe snowball is available anymore
20315.84 -> it's just snowball edge but it's good to
20317.84 -> have all of them in here so we can see
20319.6 -> what's going on we have snowmobile this
20321.6 -> is a cargo container filled with racks
20323.2 -> of storage a compute that is transported
20325.12 -> via a semi-trailer tractor truck to
20327.68 -> transfer up to 100 petabytes of data per
20330 -> trailer i don't think we're going to be
20331.44 -> ordering that anytime soon because
20332.718 -> that's pretty darn expensive but that's
20334.08 -> cool we have snow cone this is a very
20336.4 -> small version of snowball that can
20337.68 -> transfer eight terabytes of data we have
20340.08 -> aws backup a fully managed backup
20341.76 -> service that makes it easy to centralize
20344 -> and automate the backup of data across
20345.6 -> multiple services so ec2 ebs rds
20348.48 -> dynamodb efs storage gateway you create
20351.68 -> the backup plans we have cloud endure
20354.4 -> disaster recovery so continuously
20356 -> replicates your machine in a low cost
20357.92 -> staging area in your target able's
20359.92 -> account and preferred region enabling
20361.6 -> fast and reliable recovery in case of
20363.68 -> i.t data center failures we have amazon
20366.24 -> fsx this is a feature rich and highly
20368.32 -> performant file system that can be used
20370.32 -> for windows so that would be using smb
20372.638 -> or linux which uses luster
20375.04 -> and so there we have the amazon
20376.878 -> fsx for windows file server so use smb
20379.68 -> protocol and allow you to mount fsx to
20382.16 -> windows servers and then the luster one
20384 -> which uses a linux luster file system
20387.04 -> and allows you to mount ffsx linux
20389.6 -> servers are there any storage services
20391.6 -> missing here not really i mean you could
20393.44 -> count elastic container repositories one
20396.08 -> but that's kind of something else or you
20398.32 -> could also count
20399.6 -> maybe um
20401.76 -> code commit but you know i kind of put
20403.28 -> those in a separate category where we
20405.2 -> those are in our developer tools or our
20407.6 -> containers okay
20408.95 -> [Music]
20413.12 -> all right so what i want to do is show
20414.48 -> you around s3 so we'll make our way up
20416.878 -> here and type in s3
20419.84 -> and
20420.638 -> we'll let it load here and what we're
20422.48 -> going to do is create a new bucket if
20423.76 -> you do not see the screen just click on
20425.52 -> the side here go to buckets and we'll
20427.2 -> create ourselves a new bucket so bucket
20429.12 -> names are unique so let's say my buckets
20433.2 -> and we'll just pound in a bunch of
20434.4 -> numbers i'm sure you're getting used to
20436.08 -> making buckets in this
20438.32 -> in this course so far
20441.28 -> so if we scroll on down notice that it
20442.798 -> says block public access settings for
20444.4 -> this bucket and this is turned on
20446.558 -> uh like the blocking is turned on by
20448.16 -> default because s3 buckets are the
20450.4 -> number one thing
20452.16 -> that are a point of entry for malicious
20454.24 -> actors where people leave their buckets
20455.92 -> open so if we want to
20458.24 -> grant access to this bucket for people
20460.48 -> to see this publicly we'd have to turn
20461.92 -> this off okay but for now we're going to
20463.76 -> leave that on you can version things in
20465.84 -> buckets which is pretty cool you can
20467.68 -> turn on encryption which you should turn
20469.36 -> on by default and use the amazon s3 key
20471.92 -> on the certified cloud partitioner it's
20473.44 -> going to ask you about client-side
20475.52 -> encryption and server-side encryption so
20477.36 -> you definitely want to know what these
20478.48 -> are i'm going to turn it off for the
20480.16 -> time being so we can kind of explore uh
20482.32 -> here by ourself here then there's object
20484.718 -> lock so we can lock files so that um
20487.92 -> you know there you know people aren't
20489.36 -> writing to them multiple times so go
20491.36 -> ahead and create a bucket
20493.52 -> and it's very quick so here's the new
20495.12 -> bucket we made
20496.558 -> and you'll notice we have nothing here
20498.16 -> which is totally fine if i go to
20499.76 -> properties
20501.44 -> um
20502.798 -> you know we can see that we can turn on
20504.798 -> bucket versioning turn on encryption but
20506.878 -> what i'm going to do is i'm going to go
20508.24 -> grab some files i remember i saved
20511.2 -> some files recently here i'm just going
20512.48 -> to make a new folder called star trek i
20514.08 -> just have some graphics you can pull
20516 -> anything off the internet you want to do
20517.76 -> this yourself
20519.6 -> but i'm just going to prepare a folder
20521.36 -> here it'll take me a moment
20524.84 -> okay
20526.48 -> just a moment
20529.92 -> okay great so now i have my folder
20531.44 -> prepared and so what i want to do is
20533.68 -> upload my first file so i can go here
20535.12 -> and upload
20536.638 -> and actually i can upload multiple files
20538.4 -> you can add a folder which is nice and
20539.84 -> so in here if i want to upload these
20542.638 -> files here whoops i'll just select
20544.08 -> multiples i'll hit open it'll queue them
20546.32 -> up which is really nice we can see the
20548.08 -> destination details here if we want to
20549.92 -> turn it versioning on we could there
20552.48 -> we could apply permissions for outside
20554.32 -> access but we have uh things turned on
20556.718 -> but what's really important is the
20557.92 -> properties where we have these different
20560.16 -> tiers and so based on the tier that you
20562.558 -> use the the lower you go at least it
20565.6 -> should be the cheaper it's going to get
20568.638 -> but it's going to have some trade-offs
20569.92 -> let me cover that through the course
20571.28 -> then there's that server side encryption
20573.36 -> um and i'm going to hit upload we'll
20575.12 -> just individually turn it on so
20577.04 -> you're going to see this progress go
20578.16 -> across the top these have all been
20579.52 -> uploaded i'm going to click click on my
20581.44 -> destination bucket
20583.04 -> and so we can do is we can
20585.84 -> open these if they're images they'll
20587.28 -> show us
20588.718 -> right here in the browser
20590.798 -> we can download them so if we need to
20592.558 -> get them again
20594.32 -> all right we can create a folder here
20596.24 -> and just say star trek
20598.4 -> or enterprise d
20602 -> enter prize d here
20605.44 -> okay but it's not really easy it's not
20607.12 -> like i can drag this into there um i
20609.52 -> might be able there's no move option so
20611.28 -> you'd actually have to copy it into the
20613.28 -> destination and then delete the old one
20615.52 -> it's not like using a file system you
20617.6 -> know there's a lot more work involved
20620.08 -> but you know it's a great storage
20621.84 -> solution
20623.2 -> um so let's look at encryption so i have
20625.44 -> this selected here if i click into it
20628.24 -> i can go to permissions i can go to
20630.4 -> versions see that i'm looking for
20633.44 -> encryption here we go so if i turn it on
20636.08 -> i can enable encryption and i can choose
20638.558 -> whether i want to use an amazon s3 key
20640.878 -> so ss e
20642.718 -> s3 so an encryption key that amazon s3
20645.52 -> creates manages and uses for you then
20647.2 -> you have itabus
20649.2 -> ssc kms
20650.958 -> and i believe this uses aes up here
20652.958 -> which is totally fine then you have kms
20655.52 -> down here and it's interesting because
20657.04 -> they're like database will manage the
20658.32 -> key for you and then this one abyss will
20659.92 -> manage the key for you it's just
20661.04 -> slightly different this one of course is
20662.798 -> a lot simpler it's not many reasons not
20665.12 -> to turn on encryption but i'm going to
20666.878 -> go turn this one so that it is encrypted
20668.718 -> here
20670.48 -> and just because it's encrypted doesn't
20671.92 -> mean we can't access the file i can
20673.68 -> still download it i can still view it
20675.2 -> because aws is going to decrypt it right
20677.6 -> so if i go i click on this one and i say
20679.6 -> open
20680.4 -> okay even though it's encrypted i can
20682.16 -> still view it right it just means that
20683.76 -> it's encrypted on the storage right so
20686.32 -> if somebody were to steal that hard
20687.92 -> drive or whatever hard drive it's
20689.12 -> sitting on on a bus if they can't even
20690.958 -> figure it out it's encrypted they're not
20692.718 -> going to be able to open up the file
20694.08 -> right so that is the logic there but
20695.92 -> through here
20697.36 -> i can get it
20698.878 -> something that's really interesting with
20700.4 -> um
20702.32 -> s3 is the ability to
20704.4 -> um
20705.52 -> have life cycle events so i'm just kind
20707.6 -> of looking where that is it's usually in
20708.958 -> the bucket so if i go to management up
20710.718 -> here i can set up a lifecycle rule and
20713.04 -> what i can do is say like
20714.718 -> move this to deep storage
20718.32 -> okay
20719.44 -> and then i can say what it is that i
20722.08 -> want to filter so maybe it's like
20723.84 -> data.jpg
20727.04 -> or i can say apply to all objects in the
20728.718 -> bucket i acknowledge that and we say
20730.16 -> move current versions of objects between
20731.68 -> storage classes and i check box that on
20733.44 -> and i can say move them to glacier after
20736.24 -> 30 days
20737.68 -> i think if i go lower it'll complain
20740.638 -> probably when i save there and so the
20742.32 -> idea is that we can move things into
20744.32 -> storage so maybe you have files coming
20745.76 -> in down below it's showing you here
20747.04 -> right so
20748 -> a file is uploaded and then after 30
20750.16 -> days then move them into glacier so we
20751.76 -> save money okay that's a big advantage
20753.84 -> of s3 there's a lot of things going on
20756.16 -> in s3 here
20757.92 -> like you can turn on um
20760.718 -> uh wherever it is you can turn on
20764 -> web hosting so you can turn this into
20765.44 -> like a website down below here there's a
20768.08 -> whole a whole bunch of things that you
20769.84 -> can do okay so we're not going to get
20771.84 -> into that because that's just too much
20773.12 -> work
20773.92 -> but
20774.638 -> you know we learned the basics of s3 so
20776.32 -> what i want to do to delete this i have
20778 -> to empty it first watch it'll be like
20779.52 -> you cannot delete it you need to empty
20781.04 -> the bucket first so go ahead and empty
20783.28 -> it
20784.32 -> and i'll save my bucket empty
20789.2 -> or sorry i guess i have to type in
20790.878 -> permanently delete
20794.16 -> perm
20794.57 -> [Music]
20798.4 -> delete
20799.52 -> no
20800.878 -> they used to oh yeah i can copy it okay
20802.718 -> great
20803.6 -> and so once the bucket is emptied i can
20805.68 -> go back to the bucket
20809.52 -> and
20810.48 -> i'll go back one layer and then i'll go
20812.958 -> ahead and delete my bucket
20816.08 -> and you can only have so many buckets i
20817.52 -> think it's like a hundred you get like
20819.28 -> 100 buckets
20822 -> how many buckets can you have
20824.958 -> in aws
20827.12 -> 100 buckets yeah i was right
20830 -> and i think if you wanted to know how
20831.44 -> many you pro there's probably like a
20832.798 -> service limits page service limits
20835.52 -> service quotas
20838.638 -> so you go here you say aw services s3
20844.48 -> how many buckets 100 right there
20847.2 -> okay so you know that gives you kind of
20849.36 -> an idea what's going on there but there
20851.04 -> you go that's s3
20852.17 -> [Music]
20855.92 -> all right so let's go take a look at
20857.76 -> elastic block store which is uh virtual
20860.16 -> hard drives for ec2 so what i'm going to
20862.08 -> do is make my way over to the ec2
20863.68 -> console because that is where it's at
20865.68 -> and on the left hand side if we scroll
20867.2 -> on down you'll see elastic block volumes
20869.6 -> or elastic block store volumes and so we
20871.52 -> can go here and the idea is we can go
20873.6 -> ahead and create ourselves a volume and
20875.04 -> what you'll notice is that we have a few
20876.32 -> different options here we have general
20878.08 -> purpose provisioned iops cold hdd
20881.12 -> throughput optimized magnetic
20883.84 -> magnetic beam basically like physical
20886.798 -> tape that you can use to back up like
20888.638 -> the old school stuff and so you have all
20890.798 -> these options here and you can choose
20892.638 -> the size so when you change these
20893.92 -> options you're going to notice that some
20895.12 -> things are going to change like the
20896.24 -> through throughput or iops so notice
20898.32 -> that
20899.12 -> general purpose is fixed at between 300
20901.36 -> to 3000 and notice that it goes from one
20904.16 -> gigabyte to
20905.44 -> how many ever that is that's a lot there
20907.84 -> and so it's not too complicated but in
20909.68 -> practicality i don't really create
20911.04 -> volumes this way what i do
20913.04 -> is i'll just go launch an ec2 instance
20914.878 -> so i'll say launch ec2 instance and
20917.12 -> we'll choose amazon linux 2
20919.28 -> and again you know if we haven't done
20920.958 -> the ec2 follow along we'll cover all
20922.958 -> this stuff in more detail don't worry
20924.4 -> about it
20925.76 -> we go to configure instance then we go
20927.6 -> to add storage and this is what you're
20929.28 -> going to
20930.32 -> be doing when adding ebs volumes um to
20933.44 -> your ec2 instances and you'll notice we
20935.6 -> always have a root volume that's
20936.958 -> attached to the ec2 instance that we
20938.798 -> cannot remove we can change the size up
20941.28 -> here i believe the oh it shows us right
20943.12 -> here that we have up to 30 gigabytes so
20945.04 -> sometimes you might want to max that out
20947.04 -> to take advantage of the free tier you
20949.36 -> notice we can also change this there
20951.04 -> might be some limitations in terms of
20952.718 -> the root volume so notice that we have a
20955.36 -> few more options here we can't have a
20957.2 -> cold hdd or
20959.12 -> hdd as our
20960.958 -> root volume
20962.32 -> uh notice we have a delete on
20963.84 -> termination so ebs volume persists
20965.84 -> independently from the running life so
20967.84 -> you can choose to automatically delete
20970 -> ebs volume when the associated instance
20971.6 -> is terminated so if you take this off if
20973.52 -> the ec2 instance is deleted the volume
20975.36 -> will still remain which could be
20976.718 -> something that's important to you
20978.48 -> uh for encryption here um you might want
20980.798 -> to turn it on and so generally aws
20983.04 -> always has a kms managed key which is
20985.2 -> free so you check box that on it will be
20987.04 -> encrypted
20988.798 -> you can turn it on later
20990.638 -> but you can never turn encryption off
20991.92 -> but you should always uh turn encryption
20994 -> on and so just be aware to turn that on
20996.08 -> you can also add file systems down below
20997.92 -> here but maybe we'll talk about that
20999.44 -> later because i think that gets into um
21003.28 -> efs okay so that is a different type of
21005.44 -> file storage there but that's pretty
21006.878 -> much
21007.6 -> all there is to it uh you just go ahead
21010 -> and create your volume there and then it
21012.08 -> would show up under ebs we could take
21014.48 -> snapshots of them to back them up that
21016.48 -> goes to s3 but that's all we really need
21018.718 -> to know here okay
21020.59 -> [Music]
21024.558 -> all right let's take a look at elastic
21026 -> file
21026.958 -> system or efs
21028.878 -> storage manage file storage
21031.2 -> what is efs stand for efs system elastic
21034.638 -> file system okay sorry and so what we
21036.958 -> can do is go ahead and create a file
21038.4 -> system here so i'm going to say my efs
21041.2 -> and the great thing is that it basically
21042.718 -> is serverless so it's only going to be
21044.24 -> what you consume right so what you store
21046.08 -> and what you consume
21048.32 -> and i think that's what's going to be
21049.28 -> based on we have to choose a vpc i want
21051.28 -> to launch it in my default vpc
21053.44 -> and we have the choice of regional or
21056.16 -> one zone
21058 -> i guess this is going to be based on
21060 -> what gets backed up to s3 possibly so
21062.24 -> one zone probably is more cost effective
21063.84 -> but i'm going to choose regional and
21065.36 -> that's a new option i never noticed
21066.558 -> before i just opened it up to see a few
21068.638 -> more things here we have general max io
21071.12 -> bursting provision things like that
21072.718 -> we'll hit next
21074.958 -> we'll choose our azs
21077.52 -> and uh then you might have to set up a
21079.52 -> policy so i'm going to hit next here
21082.48 -> you'll go ahead and hit create so you
21085.04 -> know this is really interesting but the
21086.48 -> trick to it is really mounting it to
21089.2 -> a dc2 instance
21091.04 -> and that's kind of the pain okay
21092.958 -> so if we go into this
21094.638 -> um you have to mount it
21096.958 -> and
21098 -> there are commands for it so like efs
21100.878 -> mounting linux commands
21104 -> okay
21105.28 -> i've done this in my solutions architect
21107.04 -> associate uh but you know again i'm not
21109.2 -> doing on a regular basis so i don't
21110.718 -> remember
21111.84 -> and so if we go here i'm just trying to
21114.4 -> see if we can see some code that tells
21115.92 -> us how to mount it
21117.36 -> so mounting on an ec2
21120.4 -> ec2 linux instance with the ef-s mount
21123.04 -> helper
21124.08 -> um so i don't know if they had that
21126.08 -> before but that sounds interesting so
21127.84 -> pseudo mount hyphen t the file system
21130.08 -> the efs mounting point
21132.48 -> yeah this looks a lot easier than what
21135.12 -> we had before okay so before i had to
21137.6 -> enter a bunch of weird commands but now
21139.6 -> it looks like they've boiled it down to
21140.878 -> a single command but once you have your
21142.32 -> efs instance
21143.92 -> um
21145.92 -> i'm going to assume that there is an
21147.6 -> entry point here
21149.52 -> just clicking around here seeing what we
21150.958 -> can see
21152.08 -> i would imagine we have to create an
21153.44 -> access point
21154.958 -> so my access point
21158.48 -> sure
21159.68 -> i don't know if it's going to let me
21160.638 -> just do that
21161.92 -> it did and so i would imagine that you'd
21164.32 -> probably use an access point let's go
21165.92 -> back here if that's mount point
21168.16 -> i think that's the same thing i think
21169.36 -> the mount point and the access point you
21170.878 -> create access points and that's what you
21172.718 -> use uh we can go here we can attach it
21175.04 -> so oh yeah here's the command so
21178.4 -> um mount via dns or mount via ip address
21182.84 -> so it doesn't look too hard
21186.24 -> we can try to give it a go i haven't
21187.6 -> done it in a while it looks like they've
21189.28 -> made it easier so
21191.04 -> maybe we'll try it out okay
21192.958 -> so go to ec2 here
21195.44 -> and
21197.2 -> i'm going to launch an instance
21199.2 -> i'm going to choose amazon linux2
21202.558 -> okay we're going to go and
21204.718 -> choose that and then
21207.12 -> we want to choose a file system
21210.4 -> and so
21213.76 -> it's going to mount to here okay
21216.798 -> and storage is fine all this is fine and
21220 -> i'm going to go ahead and launch this
21223.92 -> and
21225.36 -> i need a new key pair so create a new
21227.84 -> key pair
21229.2 -> this will be for efs example
21231.68 -> okay
21233.76 -> we're going to download that key pair
21235.04 -> there we're going to launch this
21236.638 -> instance
21241.84 -> okay and then we're going to go view
21243.68 -> this and as that is launching what i'm
21245.28 -> going to do is open up my cloud shell
21249.04 -> and i'm going to want to upload this pen
21251.68 -> so again like before i'm going to drag
21253.92 -> it to my desktop off screen
21256.32 -> and then what i'm going to do is upload
21258.958 -> this file so i have it
21262.48 -> efs example
21264.32 -> okay we're going to upload it
21268 -> i just want to see if we can access that
21269.44 -> efs volume
21271.2 -> and so
21272.24 -> if i do ls
21274.32 -> that's our old one which i can delete by
21276.24 -> the way i'm never going to use that
21277.52 -> anytime soon yes
21280 -> ls and i'm just delete the hello text
21282.4 -> there so it's a bit cleaner for what
21284.4 -> we're doing and so we need to mod that
21286.718 -> 400
21289.28 -> uh efs example
21292.4 -> and we saw that's how like if you want
21294.24 -> to try to connect to a server remotely
21296 -> that's what you do right so i believe
21298.4 -> that the drive is mounted
21301.28 -> if i go to storage does it show up here
21304.32 -> it doesn't show up under here
21307.2 -> but
21309.36 -> what we're waiting for are these two
21310.798 -> status checks to pass and then we can
21312.558 -> ssh into this machine
21316.16 -> and i'm just going to go back here and
21317.68 -> take a look here so using the efs mount
21320.24 -> helper
21321.2 -> so sudo mount hyphen t efs tls this
21325.28 -> volume to efs and so i imagine it's
21327.36 -> going to mount it to efs here using the
21329.04 -> nfs client
21330.4 -> so i guess it just depends on what we're
21331.76 -> going to have available to us
21334 -> even if the sas checks haven't passed
21335.52 -> i'm going to try to get into this anyway
21339.04 -> so
21339.84 -> what we can do is click on this
21342.4 -> grab the public ip address we'll type in
21344.798 -> ssh
21346.638 -> ec2 hyphen user at sign paste this in
21350.08 -> hyphen i efs example pem i usually don't
21353.36 -> log in via ssh
21355.6 -> um but you know just for this example i
21357.76 -> will and so i want to see if this drive
21360.878 -> exists
21362.958 -> it usually be under mount right
21365.68 -> there it is
21366.878 -> okay so it already mounted for us
21369.36 -> so i can do touch
21371.44 -> hello world
21373.28 -> dot text
21376 -> say sudo here
21378.24 -> i can say sudo vi i'm going to open up
21379.92 -> the file and say
21381.52 -> hello from another
21383.92 -> computer okay
21386.4 -> and so i've saved that file and what i
21388.16 -> want to do now
21390.24 -> oops
21392.4 -> oh okay sorry i'm in the cloud shell
21394.4 -> here but what i want to do now is i want
21396 -> to kill this machine
21398.08 -> okay and what i'm going to do is spin up
21399.6 -> another ec2 instance
21401.68 -> i'm going to see if when i mount that if
21403.52 -> that file is there if it actually worked
21406.16 -> but wow that is so much easier than
21407.92 -> before i can't tell you how hard it was
21409.76 -> to attach an efs volume the last time i
21412 -> did it um so we'll go ahead we'll add
21414.08 -> that and the storage is fine we're gonna
21416.24 -> go to review here
21417.6 -> we're gonna say launch and i'm just
21419.12 -> gonna stick with the same key pair there
21423.04 -> we're going to give that moment to
21425.2 -> launch
21426.24 -> and we're going to go to view instances
21429.12 -> and so now this one is launching as
21431.12 -> that's launching let's just go peek
21432.48 -> around and see what we can see so you
21434.24 -> know i imagine if we didn't add that
21435.84 -> file system during the the boot um and
21438.4 -> we were we're adding it after the fact
21440.4 -> we probably could just ran that line and
21442.08 -> added it really easily
21443.84 -> i'm not going to bother testing that
21445.2 -> because i just don't want to go through
21447.44 -> that trouble to do that
21449.36 -> i still can't remember what these access
21450.638 -> points are for
21452.08 -> um
21453.12 -> but uh that's okay it's kind of out of
21455.04 -> the scope for the certified cloud
21456.08 -> partitioner
21457.68 -> and so i'm just curious
21459.52 -> so we have some nice monitoring here
21462.4 -> right so that's kind of nice
21465.92 -> um i guess they're trying to suggest
21467.52 -> here like aws backup data sync transfer
21472.718 -> so that would just be backing up
21474.32 -> simplify
21475.36 -> automates accelerates moving data okay
21477.12 -> that's pretty straightforward
21478.558 -> transfer family fully managed sftp okay
21481.76 -> so nothing exciting there
21485.52 -> and we're going to refresh that there
21487.28 -> and this is initializing so let's go see
21489.44 -> if we can connect to this one so i'm
21490.958 -> going to go ahead and grab that public
21492.4 -> ip address i'm going to hit up
21494.48 -> okay i'm going to swap out that ip
21496.4 -> address and we're going to see if we can
21497.36 -> connect to that
21498.638 -> machine yet so we'll say yes
21501.12 -> and we got into it so that's great and
21502.558 -> so what i'm going to do is go again into
21504.48 -> the mount directory efs fs1 ls and there
21507.6 -> it is i'm going to do cat hello world
21509.76 -> and so it works
21511.36 -> and so that's the cool thing about dfs
21513.28 -> is that you have a file system that you
21514.958 -> can share among other
21518.16 -> ec2 instances i'm sure users could
21520 -> connect to it using the nfs protocol i'm
21522.4 -> not the best at like networking or
21524.16 -> storage networking so i'm not going to
21525.84 -> show that here to you today but that
21527.6 -> gives you a general idea how efs works
21530.16 -> again you only pay for what you store it
21531.76 -> is serverless so we'll go here and type
21534.638 -> delete because i'm done with this i'll
21536.08 -> probably destroy the instance first
21539.04 -> it doesn't get mixed up
21542.32 -> and just so we clean up a little bit
21544.32 -> better here i'm going to delete these
21545.44 -> keys
21546.84 -> here delete
21552.878 -> okay
21553.84 -> and we'll go ahead and delete this one
21555.12 -> as well
21558.558 -> delete
21559.76 -> so i'm done with that
21562.08 -> uh we'll make sure that that is tearing
21564.4 -> down that is good and we'll make our way
21566.798 -> back over here and it says enter
21569.2 -> probably the id's name in so we'll enter
21571.28 -> that in and hit confirm
21573.84 -> and we'll see is it deleting i'm not
21575.84 -> confident with it i'm going to do it one
21577.2 -> more time confirm that by entering the
21578.798 -> the file system's id so we'll put it in
21580.558 -> again
21586.4 -> is it destroying i cannot tell there we
21588.4 -> go so it's destroying we are in good
21590.798 -> shape it is gone our data is gone
21593.52 -> um but yeah that is efs
21595.57 -> [Music]
21599.68 -> all right let's take a look at um the
21601.6 -> snow family in aws so if we type in snow
21603.92 -> up here and we click into into the snow
21606.08 -> family this is where we can probably
21608 -> order ourselves a device
21610.638 -> i might not be able to order them at
21612.4 -> least when i originally looked at this
21614.08 -> like way back in the day it wasn't
21616 -> available in canada so i'm kind of
21617.36 -> curious to see what there is but the
21618.798 -> idea is that you're going to go here in
21620.48 -> order and you have some options so you
21622.24 -> can import into s3 or export from s3 and
21625.28 -> then down below we have local compute
21626.798 -> storage so perform local compute storage
21628.638 -> workloads without transferring data you
21630.798 -> can order multiple devices and clusters
21632.798 -> for increased durability and storage
21634.32 -> capacity so it sounds like you're not
21636.32 -> you're not um
21637.76 -> transferring data you're just using it
21639.76 -> locally on to um it's like basically
21642.558 -> buying renting temporary computers which
21644.24 -> is kind of interesting i never saw that
21646.48 -> option before but we're going to choose
21648.32 -> import into aws s3 and we're just going
21650.638 -> to read through this stuff and it's not
21652.08 -> my expectation that we're going to be
21653.52 -> able to submit a job here and you
21655.2 -> probably don't want to because it's
21656.558 -> going to cost money but i just want to
21658.08 -> show you the process so we can see what
21660 -> there is here so snow job assistance if
21662.4 -> you're new to snow family run a pilot of
21664.638 -> one to two devices so batch file smaller
21666.718 -> than one megabyte benchmark and optimize
21669.36 -> deploy
21670.4 -> staging workstations
21672.4 -> discover remediate environmental uh
21674.4 -> issues early files and folders name must
21677.04 -> conform to amazon s3 prepare your ami
21679.6 -> once the pilot is completed confirm the
21681.28 -> number of snow family devices that you
21683.52 -> can copy devices to simultaneously
21685.6 -> follow the best practices use the
21687.6 -> following resources to manage your snow
21689.36 -> devices so we have aws open hub
21691.92 -> and then there's the edge client cli
21695.44 -> so open hub is a graphical user
21696.958 -> interface you can use to manage snow
21698.718 -> devices so that's kind of cool and then
21700.638 -> we have the cli which i imagine is
21702.878 -> something that's very useful to use
21704.958 -> so just close those off here and then we
21706.638 -> have other things so i'm going to say i
21707.92 -> acknowledge i know what i'm doing which
21709.6 -> i don't really but that's okay and then
21711.68 -> here we are going to enter in our
21713.44 -> address so we say andrew brown
21716.638 -> and i'm not gonna i'm not gonna enter
21717.92 -> this in for real just whatever so it'll
21719.76 -> be toronto
21721.2 -> exam pro
21722.798 -> um canada
21724.32 -> oh see so there's there's the thing you
21726.24 -> can only ship it to the us and so that's
21728.638 -> as far as i can get okay
21731.36 -> um and that's the thing is like if you
21733.36 -> really want to know aws inside and out
21735.28 -> you got to be in the us but let's
21737.52 -> pretend that we do have an address in
21739.28 -> the states what's a very famous address
21741.44 -> so what is the address of the white
21744.798 -> house
21746 -> okay
21748 -> there it is
21749.92 -> so i'm just going to copy that in
21753.12 -> because again we're not going to submit
21754.558 -> this for real i just want to
21757.28 -> see what's farther down the line here
21758.958 -> okay
21761.12 -> uh
21762.08 -> what's nw
21764.16 -> is that the state it's in washington
21765.6 -> right
21768.16 -> is is this part of it nw northwest is
21770.24 -> that a thing i'm from canada so i
21773.04 -> couldn't tell you um so we'll go down
21775.2 -> here and we have washington do we have a
21777.68 -> second address line it doesn't look like
21779.76 -> it um
21782 -> we have a zip code i believe this is the
21783.84 -> zip code
21786 -> and
21787.04 -> do we need a phone number looks like we
21788.48 -> do four one six
21790.718 -> uh one one
21792.24 -> one one one one one okay
21794.24 -> we have one day or two day shipping
21796.32 -> why not just have one right and so then
21798.4 -> we can choose our type of device so we
21800.718 -> have snow cone snow cone ssd snow cone
21804.32 -> optimized i'm surprised i never took a
21805.92 -> screenshot of this earlier um compute
21808.558 -> optimized things like that so you can
21809.84 -> choose which one you want it looks like
21811.6 -> we're going to see some different
21812.638 -> options but we'll go with snow cone
21814.798 -> my snow cone
21818.48 -> and
21819.28 -> snow cones do not ship with a power
21820.878 -> supply or ethernet cable snow cone
21822.638 -> devices are powered by 45 watt cb
21825.52 -> c
21826.4 -> usb c power supply i'll provide my own
21829.6 -> power supply and cable do not ship with
21831.84 -> a power supply or ethernet cable that's
21833.44 -> fine
21834.48 -> uh snow cone wireless no can connect
21836.32 -> your wireless connection connect the
21838.08 -> buckets you want there's a bucket we
21839.6 -> created earlier
21841.44 -> computing
21842.798 -> use compute using ec2 instances use a
21845.36 -> device as a mobile data center by
21847.6 -> loading ec2 ami so here's an ami that i
21850.24 -> might want to use
21852.16 -> uh aws iot green grass validated ami not
21854.798 -> interested remote device management you
21856.08 -> can use
21857.04 -> opshub or etc to monitor reboot your
21860 -> device that's fine
21861.92 -> and so then we need to choose our
21864.32 -> security key
21866.798 -> i don't know if i'll have to set the
21867.84 -> service role we'll see what happens here
21870.16 -> and
21871.04 -> we'll let it
21872.32 -> update that's fine
21874 -> and so then i guess we just hit create
21875.6 -> job and so i don't really want to order
21877.68 -> one um so i'm not going to hit that
21880 -> button and also it's going to go to the
21881.84 -> white house and they're going to be like
21882.958 -> andrew brown why did you do that so
21884.958 -> that's not something i feel like doing
21886.48 -> today but at least that gives you an
21888.08 -> idea of that process there and i imagine
21890.558 -> that uh if you go the other way it's
21892.24 -> gonna be pretty similar yeah it's just
21894.24 -> like
21895.12 -> same stuff i think
21897.36 -> so it saved that address that it's not a
21899.68 -> real address and the the options are a
21902 -> little bit uh
21903.28 -> limited here and it's like nfs space s3
21906.4 -> based so it's slightly different but
21908.08 -> it's basically the same process just
21909.6 -> curious we'll take a look at the last
21910.958 -> one there
21913.36 -> since there are three options just
21915.52 -> curious
21918.4 -> okay similar thing okay so
21920.878 -> yeah that's pretty much all i want to
21922.32 -> know about um the snow family and that's
21924.558 -> about it okay
21929.76 -> hey this is andrew brown from exam pro
21931.52 -> and we are taking a look at what is a
21933.36 -> database so a database is a data store
21936.4 -> that stores semi-structured and
21938.16 -> structured data and just to emphasize a
21940.4 -> bit more a database stores more complex
21943.36 -> data stores because it requires using
21945.52 -> formal design and modeling techniques so
21948.08 -> databases can generally be categorized
21949.84 -> as either being relational so structured
21952 -> data that strongly represents tabular
21954.16 -> data so we're talking about tables rows
21956.878 -> and columns so there's a concept of row
21959.28 -> oriented or columner oriented and then
21961.36 -> we have non-relational databases
21964.08 -> so these are semi-structured that may or
21966.24 -> may not distinctly resemble tabular data
21969.12 -> so here is a very simple example the
21971.52 -> idea is that you might use some kind of
21973.44 -> language like sql put in your database
21975.28 -> and you'll get back out tables for
21976.718 -> relational databases let's just talk
21978.638 -> about some of the functionality that
21979.76 -> these databases have so they can be
21982.4 -> using a special specialized language to
21985.04 -> query so retrieve data so in this case
21986.798 -> sql specialized modeling strategies to
21989.36 -> optimize retrieval for different use
21991.28 -> cases
21992.48 -> more fine-tuned control over the
21993.92 -> transformation of the data into useful
21996.32 -> data structures or reports and normally
21998.638 -> a database infers someone is usually
22000.958 -> using a relational row-oriented data
22003.44 -> store so
22005.12 -> you know just understand that when
22006.32 -> people say database that's usually what
22007.52 -> they're talking about like postgres
22008.558 -> mysql relational row store is usually
22011.44 -> the default but obviously there's a lot
22013.44 -> more broader terms there okay
22015.39 -> [Music]
22019.84 -> hey this is andrew brown from exam pro
22021.6 -> and we are taking a look at what is a
22023.52 -> data warehouse so it's a relational data
22025.92 -> store designed for analytical workloads
22028.4 -> which is generally column oriented data
22030.798 -> store okay so companies will have
22032.878 -> terabytes and millions of rows of data
22035.04 -> and they'll need a fast way to be able
22036.958 -> to produce analytics reports so data
22039.6 -> warehouses generally perform aggregation
22041.84 -> so aggregation is the idea of grouping
22043.6 -> data together so find a total or an
22045.6 -> average
22046.48 -> and data warehouses are optimized around
22048.638 -> columns since they need to quickly
22050.24 -> aggregate column data and so here's kind
22052.718 -> of a diagram of
22055.12 -> a data warehouse and so the idea is that
22057.2 -> it could be ingesting data
22059.36 -> from a regular database here i'm just
22061.6 -> getting out my pen tool so it could be a
22062.718 -> regular database or it'd be coming from
22064.558 -> a different data source that isn't
22065.92 -> compatible in terms of the schema and
22067.52 -> you use like etl or elt
22070.16 -> or etl to get that data into
22073.12 -> that data warehouse so data warehouses
22075.28 -> are generally designed to be hot so hot
22078.24 -> means that they can return queries very
22079.92 -> fast even though they have vast amounts
22081.76 -> of data data warehouses are infrequently
22084.16 -> accessed meaning they aren't intended
22085.52 -> for real-time reporting but maybe once
22087.68 -> or twice a day or once a week to
22089.76 -> generate business and user reports of
22092.08 -> course it's going to vary based on the
22094.798 -> the service that is offering the data
22096.16 -> warehouse a data warehouse needs to
22098 -> consume data from a relational database
22099.6 -> on a regular basis and again it can
22101.44 -> consume it from other places but you'll
22102.878 -> have to transform it to get it in there
22104.798 -> okay
22109.76 -> hey this is andrew brown from exam pro
22111.44 -> and we're taking a look at a key value
22112.958 -> store so a key value store or database
22114.878 -> is a type of non-relational database or
22116.718 -> nosql that uses a simple key value
22119.36 -> method to store data and so key value
22121.6 -> stores are dumb and fast but they
22123.84 -> generally lack features like
22124.958 -> relationships indexes aggregation of
22127.28 -> course there are going to be providers
22128.878 -> out there have managed solutions that
22130.16 -> might polyfill some of those uh issues
22132.798 -> there but i want to show you the
22134.16 -> underlying way that key value stores
22135.68 -> work to kind to kind of distinguish them
22138.16 -> between document stores so a key value
22140.798 -> stores literally a unique key alongside
22143.36 -> a value and the reason i'm representing
22145.6 -> that is zeros and ones is because i want
22147.28 -> you to understand that that's what it is
22150.16 -> it's basically just some kind of of data
22153.36 -> there and how the key value store
22156.24 -> interprets it is going to determine what
22158.16 -> it is so when you look at a document
22159.52 -> database that is just a key value store
22162.558 -> that
22163.84 -> interprets the value as being documents
22166.32 -> right and so key value stores can and do
22169.6 -> commonly store
22171.12 -> um
22172.16 -> multiple uh like an associative array
22174.4 -> that's pretty common so even for
22176.08 -> dynamodb that's how it does it and so
22178.16 -> that's why when you look at a key value
22179.84 -> store it looks like it uh a a table but
22183.6 -> it's not actually a table it's
22185.12 -> schema-less because underneath it's
22187.28 -> really just
22188.32 -> um you know that associative array and
22190.08 -> so that's why you can have columns or
22192.558 -> sorry rows that have uh
22195.28 -> different amounts
22196.718 -> of columns okay so due to the design
22199.84 -> they are able to scale very well beyond
22202.08 -> a relational database and they can kind
22203.6 -> of work like a relational database
22205.36 -> without all the bells and whistles so
22206.718 -> hopefully you know that makes sense okay
22208.9 -> [Music]
22213.84 -> all right let's take a look at document
22215.6 -> stores so a document store is a nosql
22217.68 -> database that stores documents as its
22219.92 -> primary data structure and a document
22222.24 -> could be an xml
22224 -> type of structure but it also could be
22226.638 -> something like json or json-like
22229.04 -> document stores are sub-classes of key
22231.28 -> value stores
22232.798 -> and the components of a document store
22234.718 -> are very uh comparable to relational
22237.76 -> databases so just kind of an example
22239.84 -> here where in a relational database
22242.24 -> they'd be called tables now you have
22243.92 -> collections they were called rows now
22245.92 -> they're called documents you had columns
22247.36 -> they had fields they may have indexes
22250.4 -> and then joins might be called embedding
22251.84 -> and linking so you can translate that
22253.52 -> knowledge over uh you know they they're
22256.08 -> not as
22257.36 -> they don't have the same kind of feature
22258.718 -> set as a relational database but you
22260.48 -> have better scalability and honestly
22262.798 -> document stores are just key value
22264.4 -> stores with some additional features
22265.6 -> built on top of it okay
22267.67 -> [Music]
22272.16 -> hey it's andrew brown from exam pro and
22273.68 -> we're going to take a look at the girl
22275.44 -> database services that are available on
22277.04 -> aws so we have dynamodb which is a
22279.2 -> serverless noaa skill key value and
22280.878 -> document database it is designed to
22282.718 -> scale to billions of records with
22284.16 -> guaranteed consistent data returned in
22287.12 -> at least a second you do not have to
22289.36 -> worry about managing shards and dynamodb
22292.638 -> is adabus's flagship database service
22295.28 -> meaning whatever we think of a database
22297.12 -> service that just scales is cost
22298.718 -> effective and very fast we should think
22300.558 -> of dynamodb and in 2019 amazon the
22303.84 -> online shopping retail uh shut down
22305.92 -> their last oracle database and completed
22307.84 -> their migration to dynamodb so they had
22310.36 -> 7500 oracle databases with 75 petabytes
22314.08 -> of data and with dynamodb they reduced
22316.4 -> that cost by 60 and reduce the latency
22318.718 -> by 40 percent so that's kind of to be
22320.958 -> like a testimonial between relational
22323.12 -> and a no school database so when we want
22325.68 -> a massively scalable database that is
22328.24 -> what we want dynamodb for and i really
22330.24 -> just want to put that there because if
22332.718 -> you remember that you're going to always
22334.08 -> be able to pass
22335.44 -> or get those questions right on the exam
22336.958 -> okay then we have documentdb so this is
22339.36 -> a no scroll document database that is
22341.92 -> mongodb compatible so mongodb is very
22344.878 -> popular nosco among developers there
22347.44 -> were open source licensing issues around
22349.52 -> using open source mongodb so aws got
22351.44 -> around it by just building their own
22352.798 -> mongodb database basically so when do
22355.12 -> you want a mongodb like database you're
22357.6 -> going to be using documentdb we have
22360.16 -> amazon key spaces this is a fully
22362.16 -> managed apache cassandra database so
22364.48 -> cassandra is an open source nosql key
22366.4 -> value database similar to dynamodb that
22368.798 -> is columnar store database but has some
22371.04 -> additional functionality so when you
22372.48 -> want to use apache cassandra you're
22374.08 -> using amazon key spaces
22376.68 -> [Music]
22380.958 -> hey this is andrew brown from exam pro
22382.718 -> and we are taking a look at relational
22384.08 -> database services starting with
22385.52 -> relational database service rds and this
22387.6 -> is a relational database service that
22389.52 -> supports multiple sql engines
22392.08 -> so relational is synonymous with sql and
22394.32 -> online transactional processing oltp
22397.36 -> and relational databases are the most
22399.28 -> commonly used type of database among
22402 -> tech companies and startups just because
22403.36 -> they're so easy to use i use them i love
22406 -> them
22406.958 -> rds supports the following sql engines
22409.68 -> we first have mysql so this is the most
22412.32 -> popular open source sql database and it
22414.798 -> was purchased and is now owned by oracle
22417.68 -> uh and there's an interesting story
22419.04 -> there because when oracle purchased it
22421.44 -> they weren't supposed to have it um
22422.958 -> mario db was or sorry my squad was sold
22425.04 -> to oracle sun systems and then within
22427.44 -> the year
22428.558 -> um uh oracle purchased it from them and
22432.08 -> the original creators never wanted it to
22433.84 -> go to oracle just because of their uh
22436.48 -> the way they do licensing and things
22438 -> like that and so
22440.16 -> the original creators came back and they
22441.6 -> decided to fork mysql and then maintain
22444.558 -> it as mariodb just so that you know
22447.84 -> oracle never kind of pushed away the
22449.68 -> most popular database so that everyone
22452.08 -> had to go to a paid solution then you
22454.16 -> have postgres so psql as it's commonly
22456.558 -> known is the most popular open source
22458.558 -> sql database among developers this is
22460.24 -> the one i like to use because it has so
22462.48 -> many rich features over mysql but but it
22465.12 -> does come with added complexity then
22467.36 -> oracle has its own sql proprietary
22469.44 -> database which is well used by
22471.12 -> enterprise companies but you have to buy
22472.878 -> a license to use it
22474.798 -> then you have microsoft sql so
22476.718 -> microsoft's proprietary sql database
22479.12 -> and with this one you have to buy a
22480.878 -> license to use it then you have aurora
22483.28 -> so this is a fully managed database uh
22486.16 -> and there's a lot more to going on here
22488.32 -> with aurora so we'll talk about it
22490 -> almost acts as a separate service but it
22491.84 -> is powered by rds so aurora is a fully
22495.04 -> managed database of either mysql so five
22497.12 -> times faster or postgres
22499.04 -> sql three times faster database so when
22501.84 -> you want a highly available durable and
22504.798 -> scalable and secure relational database
22507.28 -> for postcode to mysql you want to use
22509.2 -> aurora
22510.32 -> then you have aurora serverless so this
22512.32 -> is a serverless on-demand version of
22514 -> aurora so when you want the most of the
22516 -> benefits of aurora but you can trade
22518.558 -> off to have cold starts or you don't
22520.24 -> have lots of traffic or demand this is a
22522.638 -> way you can use aurora in a serverless
22524.4 -> way then you have rds on vmware so this
22527.36 -> allows you to deploy rds supported
22528.958 -> engines to on-premise data centers
22531.84 -> the data center must be using vmware for
22534.16 -> server virtualization so when you want
22536.16 -> databases managed by rds on your own
22538.4 -> database center
22539.76 -> uh and yeah i realize that this is a
22541.68 -> small spelling mistake should say just
22543.28 -> on here but yeah there you go
22545.32 -> [Music]
22549.52 -> hey this is andrew brown from exam pro
22551.28 -> and we're looking at the other database
22552.878 -> services that abuse has because there's
22554.558 -> just a few loose ones here so let's talk
22556.08 -> about redshift so it is a petabyte size
22558.878 -> data warehouse and data warehouses are
22561.44 -> for online analytical processing olap
22564.638 -> and data warehouses can be expensive
22566.32 -> because they are keeping data hot
22567.92 -> meaning that they can run a very complex
22570 -> query and a large amount of data and get
22572.16 -> that data back very fast so when you
22574.48 -> need to quickly generate analytics or
22576.08 -> reports from a large amount of data
22577.92 -> you're going to be using redshift then
22580.16 -> you have elastic cache so this is a
22581.92 -> managed database of an in-memory and
22583.84 -> caching open source databases such as
22586.16 -> redis or memcache so when you need to
22588.08 -> improve the performance of an
22589.2 -> application by adding a caching layer in
22590.878 -> front of your web servers or database
22592.638 -> you're going to be using elastic cache
22594.718 -> then you have neptune this is a managed
22597.2 -> graph database the data is represented
22599.52 -> as interconnected nodes i believe that
22601.76 -> it uses gremlin as the way to interface
22603.84 -> with it which is no surprise because
22605.44 -> that's what it looks like most clusters
22607.6 -> providers are using so when you need to
22609.84 -> understand the connections between data
22611.52 -> so mapping fraud rings or social media
22613.52 -> relationships
22614.798 -> very relational database heavy
22616.48 -> information you're gonna want to use
22618.08 -> neptune we have amazon time streams it's
22620.4 -> a fully managed time series database so
22622.4 -> think of devices that send lots of data
22624.48 -> that are time sensitive such as iot
22626.48 -> devices so when you need to measure how
22628.558 -> things change over time we have amazon
22631.44 -> quantum ledger database this is a fully
22633.52 -> managed
22634.4 -> ledger database that provides
22635.68 -> transparent immutable cryptographically
22638.558 -> variable transaction logs so when you
22640.718 -> need to record a history of financial
22642.718 -> activities that can be trusted
22644.798 -> and the last one here is database
22646.32 -> migration service dms it's not a
22648.24 -> database per say but it's a migration
22651.2 -> service so you can migrate from
22653.2 -> on-premise database to aws from two
22655.84 -> databases in different or same database
22658 -> accounts using different sql engines and
22659.76 -> from an esque wall to a nosql database
22661.84 -> and i'm pretty sure we cover this in a
22663.36 -> bit
22664.08 -> greater detail in this course okay
22669.31 -> [Music]
22670.958 -> all right let's go take a look at
22672.4 -> dynamodb
22674 -> which is awesome's nosql database so
22675.92 -> we'll go over to dynamodb
22680.638 -> and what we'll do is create ourselves a
22683.04 -> new table
22684.24 -> and we'll just say my dynamodb
22687.52 -> table
22688.48 -> and you always have to choose a
22689.6 -> partition key you don't necessarily have
22691.28 -> to have a sort key but it could be
22692.638 -> something like
22694.558 -> um
22696.32 -> like it you want to be really unique so
22698.24 -> it could be like email and this one
22699.76 -> could be created at right
22703.84 -> and so we have string binary notice that
22705.68 -> the the types are very sim simple then
22708.4 -> for settings we have default settings or
22709.76 -> customized settings so the default is
22711.6 -> use provision capacity mode rewrite five
22713.92 -> rules etc custom
22716 -> no secondary indexes use kms so i'm
22718.798 -> gonna just expand that to see what i'm
22720.478 -> looking at
22721.68 -> we have two options here on demand so
22724.24 -> simplify billing by paying the actual
22726.32 -> reads and rights that you use or
22727.68 -> provisioned
22728.878 -> which is this is where you get a
22730.16 -> guarantee of performance so if you want
22731.84 -> to be able to do
22733.04 -> you know whatever it is a thousand i
22735.36 -> don't know what it goes up to but like a
22736.718 -> thousand read writes per second
22738.4 -> then that's what you're paying for okay
22739.92 -> you're paying for being able having a
22741.84 -> guarantee
22743.12 -> of that
22744.24 -> um of that capacity okay i'm not going
22746.798 -> to create any secondary indexes but
22748.478 -> that's just like another way to
22750.32 -> look at data notice down below that we
22752.24 -> have a cost of two dollars and
22753.44 -> ninety-one cents
22754.878 -> uh then we have encryption at rest so
22756.638 -> you can do owned by amazon dynamodb
22758.878 -> that's pretty much the same as like a
22761.28 -> bus has or s3 has
22764.08 -> ssc
22765.12 -> s3 there you could use uh
22768.16 -> actually i guess most of these are
22769.04 -> probably kms i would imagine
22771.44 -> we'll go ahead and create the table here
22774.718 -> and that's going to create the table
22776 -> this is usually really really fast
22779.28 -> we'll go here
22780.798 -> and
22781.52 -> what we can do is insert some data so as
22784.16 -> it's just starting up here we can go
22785.6 -> over to
22787.68 -> our tables they recently changed this ui
22789.92 -> so that's why i look a bit confused
22793.52 -> view items up here okay and then from
22796.08 -> here we can create an item so i can add
22798.478 -> something say so andrew at exam pro dot
22801.36 -> co
22802.32 -> and
22804.92 -> 2021 uh
22808.478 -> well we'll just do the future so let's
22809.92 -> say 20 25
22812.16 -> 0.505 i don't want to have to think too
22813.92 -> hard here but we can add additional
22815.52 -> information so i can say like
22817.84 -> uh
22818.1 -> [Music]
22819.6 -> today true
22822.478 -> we could say
22823.6 -> um
22825.92 -> make it like a list
22829.68 -> you know
22830.878 -> food
22831.84 -> and then i could go here and then add a
22833.44 -> string
22835.68 -> it is not working oh there we go there
22838.32 -> we are so we could say like
22840.08 -> um banana
22842.24 -> and then we could say pizza right we can
22844.638 -> go ahead and create that item
22847.92 -> so now that item is in our database uh
22850.24 -> we can do a scan that will return all
22851.6 -> items we can query we can actually have
22853.84 -> some limitations of what we're choosing
22855.76 -> there's the party cue editor so we can
22858 -> use sql to select it
22860.558 -> um i have not used this before
22865.04 -> party q
22867.12 -> aws or partyq
22870 -> dynamodb
22872.958 -> examples
22876 -> i'm hoping i can just find like an
22877.44 -> example of some of the language getting
22878.958 -> started here i don't need to i don't
22881.04 -> need an explanation just show me an
22882.878 -> example
22884.16 -> query here and i will i'll get to it
22885.92 -> here
22888.32 -> okay so here's some examples right so
22890.08 -> maybe we can give this a go um so we
22893.6 -> have our table here so my
22895.68 -> dynamo
22898.718 -> db table
22901.04 -> and i just want the email back
22904.24 -> we don't need a where
22908.718 -> we'll run this
22910.08 -> see if it works
22914 -> there we go
22915.68 -> i'm not sure if we could select
22916.638 -> additional data there so i know that we
22918.32 -> had some other things like food
22923.6 -> there it is okay so that's really nice
22926.08 -> um
22927.04 -> addition to it
22928.958 -> dynamodb can stream things into a
22930.958 -> dynamodb stream to go to kinesis and do
22932.718 -> a lot of fun things so there's all sorts
22934.718 -> of things you can do with dynamodb but
22937.2 -> i'm pretty much done with this so i'm
22938.478 -> going to go ahead and delete this table
22942.478 -> and notice that it also creates some
22943.84 -> cloudwatch alarms so we want to delete
22945.12 -> this as well create a backup no we do
22946.798 -> not care go ahead and delete that
22950.16 -> and that is dynamodb
22952.53 -> [Music]
22957.44 -> okay so now i want to show you uh rds or
22960 -> relational database service so go to the
22961.6 -> top here type in rds
22963.84 -> and we'll make our way over there
22966.478 -> and so rds is great because it allows us
22968.478 -> to launch relational databases
22971.52 -> sometimes the ui is slow i'm not sure
22973.68 -> why it's taking so long to load today
22975.36 -> but every day is a bit different and so
22977.6 -> what we're going to do is go ahead and
22979.12 -> create a new database
22980.958 -> you're going to notice that we're going
22981.92 -> to have the option between creating a
22983.76 -> standard or easy i stick with standard
22985.92 -> just because i don't like how easy hides
22988.558 -> a lot of stuff from us even here like it
22991.12 -> says two cents per hour but it's not
22993.28 -> giving us the full cost so i really
22995.28 -> don't trust it because if you go down
22996.718 -> here and you chose their dev test here
22999.2 -> look it's like a hundred dollars it's
23000.878 -> not showing the the
23002.718 -> cost preview right now maybe because we
23004.08 -> didn't choose the database type sorry i
23006.24 -> wanted to choose postgres but before we
23008.24 -> do that let's look at the engine types
23009.6 -> we have amazon aurora so we have between
23011.76 -> mysql and postgres mysql maritab
23014.24 -> postgres oracle
23015.84 -> microsoft sql notice for microsoft sql
23018.878 -> it comes with a license you don't have
23020.32 -> to do anything with that
23022.32 -> it might change based on the addition
23024 -> here
23026.24 -> nope comes with a license for all of
23027.6 -> them which is great
23028.958 -> if you want to bring your own license
23030.24 -> that's where you need a dedicated host
23032 -> right running
23033.28 -> microsoft sql for oracle uh you have to
23036.478 -> bring your own license that's going to
23038.16 -> be based on um importing with the abs
23040.878 -> license manager but we go over to
23042.798 -> postgres which is what i like to use
23045.04 -> we're going to set it to dev test to try
23046.4 -> to get the cheapest cost scroll down
23047.84 -> look 118 dollars we can get it cheaper
23050.16 -> we get super cheap so here the password
23052.08 -> is going to be testing one two three
23054.798 -> capital on the t so an explanation mark
23057.28 -> on the end okay because it has a bunch
23059.2 -> of requirements of what it wants
23061.28 -> here i want a t2 micro
23063.6 -> so i'm just going to scroll down here
23067.68 -> what is going on here standard oh look m
23070.32 -> classes
23071.52 -> i don't want an m class i want a
23072.878 -> burstable class that's the cheap ones
23075.52 -> and so we go here can we still do a t2
23077.84 -> micro or is it now t3
23080.718 -> so i don't see t2
23084 -> so i imagine a t3 micro must be the new
23086.24 -> it was free tier so we go it was three
23087.84 -> tier here
23089.76 -> right
23091.2 -> and if i go to
23092.1 -> [Music]
23093.44 -> databases
23097.84 -> um rds
23099.68 -> on the t2 micro 750 hours but i can't
23102.4 -> select it
23104.638 -> so
23106.558 -> i'm going to assume
23108.08 -> that the t3 micro must be the new
23110.4 -> tier if it's not there right
23112.4 -> let's just say include previous
23113.6 -> generations
23116 -> and then maybe i can see it then
23121.76 -> okay so i don't see it there
23125.92 -> i really don't like how they've changed
23127.36 -> this on me
23130.08 -> okay so the oldest i can choose is a t3
23132.32 -> micro which is fine i just i just know
23134.638 -> t2 being the free tier that's all
23136.718 -> uh this is fine we don't want auto
23138.798 -> scaling turned on for our example here
23140.638 -> we do not want
23142.16 -> a multi-az so do not create a standby
23144.718 -> that's going to really jump up our cost
23146.878 -> we don't need public access
23148.878 -> it will create a vpc that's fine
23150.718 -> password authentication is fine we have
23152.638 -> to go in here which i don't know why
23153.84 -> they just don't keep that expanded
23154.958 -> because you always have to come in here
23156.638 -> name your database so my database
23159.68 -> we choose our postgres version here i'm
23161.28 -> going to turn backups off because if we
23163.28 -> don't
23164.798 -> if we don't it's going to take forever
23166.32 -> to launch this thing
23167.92 -> encryption is turned on you can turn it
23169.68 -> off
23170.638 -> but generally it's not recommended
23173.04 -> we can have performance insights turned
23174.558 -> on i'm going to turn the retention
23176.478 -> i will leave it to seven days because we
23178.08 -> can't turn that off we don't need
23180.08 -> enhanced monitoring so i'm just going to
23181.2 -> turn that off
23183.28 -> and uh that's fine we're not going to
23185.92 -> enable delete protection here and
23188.638 -> so we are good we can now go ahead and
23191.12 -> create our database
23197.2 -> and what we'll do here is wait for that
23199.84 -> database to be created so the thing is
23201.52 -> is like
23202.798 -> if we're doing the solutions architect
23204.4 -> or the
23205.92 -> developer associate stuff i'd actually
23207.36 -> show you how to connect to the database
23209.36 -> um it's not that hard to do like you
23211.44 -> just have to connect uh grab all the
23213.28 -> database information so it's going to
23215.52 -> have an endpoint a port stuff like that
23217.36 -> and you'd use something like table plus
23219.6 -> or something to connect to the database
23221.52 -> but that's out of scope of the certified
23223.12 -> cloud partitioner i'm just going through
23224.638 -> the motions to show you that you can
23226.958 -> create an rds database very easily but
23229.36 -> not how to connect to it and actually
23231.36 -> utilize it okay
23233.04 -> and so that would spin up and we would
23235.12 -> have a server and after that we can just
23237.04 -> go ahead and delete the server here so
23238.558 -> just say delete me
23240.638 -> okay
23243.28 -> and that's all there really is to it
23246.08 -> there is the special type of database
23248.4 -> like aurora doesn't have its own like
23250.32 -> console page it's part of rds so if you
23252.478 -> want to spin up aurora you just choose
23254 -> the compatibility you want you can
23255.68 -> choose between provisioned or serverless
23258.718 -> the serverless is supposed to be really
23259.84 -> good for
23261.92 -> scaling to zero cost so that's something
23263.76 -> there so you'd fill that all out but the
23265.52 -> initial cost is a lot more expensive you
23267.28 -> can't choose a t2 micro here um unless
23270.32 -> it lets you now
23272.4 -> it is for
23274.4 -> provisioned it's uh
23277.84 -> oh t2 t3 medium is the smallest you can
23280.878 -> go okay so if you reach the point we're
23283.12 -> using a medium-sized database then you
23285.6 -> might consider moving over to aurora
23287.28 -> just because it's going to be highly
23288.558 -> scalable et cetera like that
23290.558 -> um so that's a consideration there
23292.32 -> there's also something called babelfish
23293.84 -> um that it was announced last year when
23296.638 -> i when i shot this
23298.798 -> or when i'm shooting this as of now and
23300.4 -> the idea was to make it compatible with
23302.16 -> mysql sql server to migrate over to
23304.4 -> aurora post sql which is kind of
23306.558 -> interesting um but that's about it so if
23309.52 -> our database is destroying i think it is
23311.28 -> just going to go back over here to rds
23316.478 -> it's taken a long time to load today
23323.2 -> and i think it's already deleted maybe
23325.36 -> we go to databases here it's deleting so
23328.24 -> i'm confident it's going to delete so
23329.6 -> there we go
23330.6 -> [Music]
23334.878 -> all right let's take a look at redshift
23336.638 -> so redshift is a data warehouse and it's
23339.04 -> generally really expensive so it's not
23340.478 -> something that you're going to want to
23342 -> launch
23342.798 -> uh day to day here but let's see how far
23344.878 -> we can get with it um just by running
23346.718 -> through it so what we'll do is go ahead
23348.798 -> and create a cluster and again you can
23350.08 -> just watch me do this you don't have to
23351.44 -> create you don't have to create one
23352.4 -> yourself
23353.36 -> so free trial configure for learning
23355.12 -> that sounds good to me
23356.718 -> it's free for a limited time if your
23358 -> organization has never created a cluster
23359.92 -> well i rarely ever create these so when
23361.6 -> the trial ends delete your cluster to
23363.12 -> avoid the charges of on-demand okay that
23365.6 -> sounds fair
23367.28 -> so here we're going to have two v3 cu's
23370.08 -> it's going to launch a dc a
23371.958 -> dc too large
23375.44 -> so let's look that up for pricing
23382.16 -> me prices please please please
23387.2 -> um
23390.16 -> i think it's loading right here okay
23392.958 -> so i don't know how much it is but i
23394.798 -> know it is not cheap
23396.638 -> and down below we have sample data is
23398.558 -> loaded into your redshift cluster that
23400.478 -> sounds good to me ticket is the sample
23402.24 -> data okay
23404.798 -> ticket sample data
23407.92 -> redshift i just imagine they probably
23409.52 -> have like a tutorial for it here
23412.478 -> they do right here
23415.28 -> and so because i want to know what we
23416.798 -> need to do to query it right if we can
23418.638 -> even query it via the interface here so
23420.878 -> the admin user is adabus user
23423.2 -> and the password is going to be capital
23424.798 -> t testing one two three four five six
23426.798 -> exclamation
23428.16 -> and we'll hit create cluster
23431.52 -> oh cool we can query the data right in
23432.878 -> here so that's what i wasn't sure about
23434.878 -> whether we would be able to just query
23436.638 -> it in line because before
23438.478 -> you'd have to use java with jdbc or an
23441.84 -> odbc driver
23444 -> and download the jar and it's not as fun
23446.32 -> as it sounds of course but looks like we
23448.718 -> can query data once the data is loaded
23452.718 -> so that looks really good i guess we can
23454.638 -> pull data in from
23456.638 -> the marketplace so that's looks pretty
23458.558 -> nice too
23460.558 -> and i guess we could probably integrate
23461.84 -> it into other things like quicksite
23463.2 -> because you probably want to adjust your
23464.4 -> data over there
23466.958 -> again i usually don't spend a lot of
23468.24 -> time in redshift but it looks like it's
23470.4 -> a lot easier to use i'm very impressed
23472.32 -> with this so i don't know how long it
23474.08 -> takes to
23475.12 -> launch a redshift cluster i mean it is
23477.36 -> 160 gigabytes of
23480.32 -> storage there it's
23482.24 -> even at the smallest it's pretty large
23483.68 -> so what i'm going to do is to stop the
23484.878 -> video and i'll be back when this is done
23487.12 -> okay
23488.718 -> okay so after a short little wait here
23490.558 -> um it was a lot faster than i was
23492.4 -> expecting but uh it's available and so
23494.638 -> looks like here it says to query the
23495.84 -> sample data use redshift version 2. so
23498.24 -> i'm going to click that
23499.52 -> and i'm sure there's tons of buttons to
23500.878 -> get here and it'd be great if it just
23502.478 -> populated the query for me
23504.958 -> it doesn't but this looks really nice
23507.2 -> really nice ui i wonder if it has like
23509.04 -> some existing queries
23511.44 -> no
23512.638 -> that's okay so what i'm going to do here
23515.12 -> is i'm going to go ahead and pull out
23517.6 -> this query and see if we can get this to
23519.6 -> work here
23521.2 -> never found out what those prices were
23522.638 -> though
23524.558 -> okay
23525.76 -> and what we'll do is hit run i like how
23528.32 -> there's like a limit of 100 but here it
23529.84 -> has that so we'll go ahead and hit run
23532 -> and see what data we get so relation
23534 -> sales does not exist
23537.6 -> okay so
23539.84 -> what's going on here
23543.76 -> um we'll go up here so most of the
23546 -> examples in the redshift documentation
23547.6 -> uses a sample database called ticket the
23550.16 -> sample the small database consists of
23552 -> seven tables you can load the ticket
23554 -> data set by following the this here
23558.718 -> okay so to load the sample data from
23561.2 -> amazon s3
23566.718 -> okay so
23569.36 -> i would have thought it already had the
23570.718 -> data in there i could have swore it
23572.958 -> would have
23575.36 -> dev
23577.2 -> public
23581.92 -> tables
23584.4 -> zero tables
23586.24 -> okay so
23587.76 -> i don't think there's any data in here
23589.36 -> and so we're going to have to load it
23590.718 -> ourselves
23592.558 -> i really thought it would have added it
23593.92 -> for us
23595.04 -> let's go ahead and create these tables
23596.32 -> and see if this is as easy as we think
23599.28 -> so run that create that table
23603.44 -> cool okay
23605.28 -> we got it down here
23607.68 -> we'll run that we'll just run each at a
23609.36 -> time
23611.36 -> i think there's seven of them so
23623.12 -> date already exists okay that's fine
23625.84 -> event already exists saying all these
23627.52 -> tables exist
23630.08 -> maybe i just wasn't patient
23636.958 -> hmm okay
23640.16 -> um
23642.478 -> interesting all right so maybe we'll go
23644.638 -> back and uh run that query maybe we just
23646.718 -> had to wait a little while for that data
23648.16 -> to load
23650.4 -> run
23653.12 -> okay so you know what i think it was
23655.28 -> doing this for us if if it did not
23658.16 -> create it for us we would have to go
23659.68 -> through all these steps which is fine
23661.6 -> because we're learning a little bit
23662.638 -> about
23665.04 -> redshift but
23667.12 -> looks like we just had to wait there so
23668.32 -> it looks like you would run those you
23669.84 -> download that you use the copy command
23672.08 -> to bring it over there
23674.16 -> it looks like you can do all of this via
23675.76 -> the uh this interface here and we've
23677.84 -> done a query so that's kind of cool
23680.638 -> um i imagine you probably could like
23682.478 -> save it or export it what if we chart it
23683.92 -> what happens
23685.52 -> okay you can chart it
23687.68 -> it's kind of fun
23690.638 -> can we export it out to just we can save
23692.718 -> it i thought maybe it could export out
23694.08 -> to quicksite but i i suppose you'd
23695.84 -> rebuild it in quickside a
23697.76 -> but yeah i guess that's it right there
23699.52 -> so that's pretty darn simple so what i'm
23701.92 -> going to do is make my way back over to
23703.52 -> redshift because we are done for this
23705.36 -> example
23709.76 -> and we will go over to clusters here
23712.478 -> and i'm going to go ahead and
23715.2 -> delete my cluster
23720.798 -> delete
23723.04 -> create file snapshot nope
23725.68 -> delete
23727.36 -> delete the cluster
23728.798 -> there we go
23730 -> so i'm pretty sure that will succeed no
23731.92 -> problem there and we are done with
23733.68 -> redshift and redshift is super expensive
23735.6 -> so just make sure that thing deletes
23737.6 -> okay
23738.5 -> [Music]
23742.798 -> hey this is andrew brown from exam pro
23744.638 -> and we are taking a look here at cloud
23746.16 -> native networking services um and so i
23749.04 -> have this architectural diagram i
23750.4 -> created which has a lot of networking
23751.92 -> components uh when people create
23754 -> networking diagrams for aws they don't
23755.76 -> always include all these things here
23757.36 -> even though they're there so we're just
23758.958 -> being a little bit verbose so you can
23760.638 -> see okay the first thing is our vpc our
23762.958 -> virtual private cloud this is a
23764.478 -> logically isolated section of the
23765.84 -> database cloud where you can launch
23767.36 -> database resources that's where your
23769.68 -> resources are going to reside not all
23772 -> services uh require you to select a vpc
23774.958 -> uh because they're managed by aws but i
23777.04 -> wouldn't be surprised if under the hood
23778.478 -> they are in their own vpc okay
23780.798 -> then if you want
23782.16 -> the internet to reach your services
23783.52 -> you're gonna need an internet gateway um
23785.84 -> then you need to figure out a way to
23787.6 -> route things to your various subnets and
23790.878 -> that's where route tables come in
23793.68 -> then we need to
23795.36 -> define a region that it's going to be
23796.958 -> which is a geographical location on your
23798.878 -> network then you have your availability
23801.36 -> zones which are basically your data
23802.878 -> centers where your resources are going
23804.478 -> to reside then you have subnets which is
23806.798 -> a logical partition of an ip network
23808.798 -> into multiple smaller network segments
23812.24 -> and these pretty much map to your
23814.4 -> availability zones if you're making one
23816.08 -> per a z
23817.44 -> and then we have knuckles these act as a
23819.2 -> firewall at the subnet level then we
23821.2 -> have security groups that act as a
23822.638 -> firewall at the instance level so
23824.478 -> hopefully that gives you a good overview
23826.08 -> okay
23830 -> [Music]
23831.2 -> all right so now let's take a look at
23832.4 -> enterprise or hybrid networking so we
23834.638 -> have our on-premise uh environments or
23836.878 -> your private cloud and then we have our
23838.4 -> aws account or our public cloud so
23840.32 -> there's a couple services here that we
23841.6 -> can bridge them together the first is
23844.08 -> aws virtual private network vpn it's a
23846.718 -> secure connection between on-premise
23848.718 -> remote offices and mobile employees then
23851.36 -> you have direct connect this is a
23852.638 -> dedicated gigabit connection from
23854.878 -> on-premise data center to aws so it's a
23856.718 -> very fast connection a lot of times a
23858.32 -> direct we say it's a
23860.08 -> private connection but that doesn't
23861.44 -> necessarily mean secure it's not
23862.798 -> encrypting uh the data in transit so
23865.36 -> very commonly these services are used
23867.2 -> together not just singular okay
23870.558 -> and then uh we have private links and so
23872.798 -> this is where you already uh are using
23875.28 -> aws but you want to keep it all within
23876.958 -> databus never going out to the internet
23878.638 -> okay so these are generally called vpc
23881.2 -> interface endpoints and then the
23882.878 -> marketing pages call them private links
23884.478 -> which is a bit confusing but you know it
23886.478 -> just keeps traffic within the database
23888 -> network so it does not transverse out to
23889.68 -> the internet okay
23890.97 -> [Music]
23895.52 -> hey this is andrew brown from exam pro
23897.52 -> and we are taking a look at vpcs and
23899.36 -> subnets so a vpc is a logically isolated
23902 -> section of the database network where
23903.52 -> you launch your aws resources and you
23905.84 -> choose a range of ips using a cider
23907.76 -> range so cider range is an ip address
23910.16 -> followed by this netmaster subnet sub
23913.28 -> mask that's going to determine how many
23914.798 -> ip addresses there are
23916.798 -> and there's a bunch of math behind that
23918.958 -> which we're not going to get into
23921.04 -> but anyway so here is an architectural
23923.04 -> diagram just showing a vpc with a couple
23925.12 -> subnets so subnets is a logical
23927.6 -> partition of an ip network into multiple
23929.92 -> uh smaller network segments and so
23932.558 -> you're essentially breaking up your ip
23934.16 -> ranges for vpcs into smaller networks so
23936.638 -> just thinking about cutting up a pi okay
23938.878 -> so subnets need to have a smaller cider
23941.04 -> range to
23943.04 -> the vpcs represent for their portion so
23946.638 -> uh four slash 24 is actually smaller
23949.2 -> which is interesting the the higher the
23951.04 -> number gets the smaller it gets and so
23952.878 -> this would allocate 256 ip addresses and
23955.84 -> so that's well smaller than 16 okay
23958.878 -> we have the concept of a public subnet
23961.04 -> so this is one that can reach the
23962.24 -> internet and a private subnet the one
23964.32 -> that cannot reach the internet and um
23966.718 -> these are not strictly enforced by aws
23969.68 -> so the idea is that when you have a
23971.36 -> subnet you can just say don't by default
23974.24 -> assign publicly assignable ip addresses
23977.2 -> but it's totally possible to launch an
23978.878 -> ec2 instance into your private subnet
23982.16 -> and then turn on um
23984.798 -> the ip address so you've got to do other
23986.24 -> things to ensure that they stay private
23988.08 -> or public okay
23989.33 -> [Music]
23993.68 -> hey it's andrew brown from exam pro and
23995.36 -> we are comparing security groups versus
23997.36 -> knackles so i have this nice
23999.04 -> architectural diagram that has both
24000.878 -> knuckles and security groups in them and
24002.478 -> we'll just kind of talk about these two
24004.478 -> so knackles stand for network access
24006.4 -> control lists and they act as a virtual
24008.08 -> firewall at the subnet level and so here
24010.798 -> you can create and allow uh and deny
24013.36 -> rules and this is really useful if you
24015.28 -> want to block a specific ip address
24017.36 -> known for abuse
24019.04 -> and i'm going to just kind of
24020.558 -> compare that against security groups
24022.16 -> because that's going to be a very
24023.12 -> important difference okay so security
24025.44 -> groups act as a firewall at the instance
24027.44 -> level and they implicitly deny all
24029.6 -> traffic so you create only allow rules
24032.478 -> so
24033.36 -> you can allow an ec2 instance to access
24035.2 -> port on uh
24037.04 -> port 22 for ssh but you cannot block a
24039.76 -> single ip address and the reason i say
24041.6 -> that is because in order for you to
24043.6 -> block a single ip address and secure
24045.36 -> group you would literally have to block
24046.958 -> or you'd literally have to allow
24048.878 -> everything but that ip address and
24050.4 -> that's just not feasible okay and so if
24052.24 -> you can remember that one particular
24054 -> example you'll always be able to
24055.76 -> remember the difference between these
24056.958 -> two one other thing that
24059.12 -> aws likes to do is is ask which ones are
24061.28 -> stateless which ones are stateful but at
24063.52 -> the cloud particular level they're not
24065.28 -> going to be asking you that okay
24070.878 -> all right let's learn a bit about
24072.718 -> networking with aws so what i want you
24074.4 -> to do is go to the top and type in vpc
24077.2 -> which stands for virtual private cloud
24078.878 -> and what we'll do is set up our own vbc
24080.878 -> it's not so important that you remember
24082.24 -> all the little bit of details but you
24083.84 -> get through this so that you can
24085.36 -> remember the major components so what
24087.2 -> i'll do is create a new vpc i'm going to
24088.878 -> call this my vpc
24091.2 -> uh tutorial and here i'm going to say
24095.12 -> forward slash 10.0.0.06
24096.558 -> the reason you're wondering why i'm
24098 -> doing that if we go to x y
24100.478 -> x y z here
24103.2 -> this tells you the size of it so i go
24104.798 -> here i put 16 so you can see we have a
24106.958 -> lot of room if we do 24
24109.6 -> it takes up it it's smaller see so this
24112.08 -> is basically the size of it right the
24113.76 -> empty blocks over here so we're gonna
24115.44 -> have a lot of room so we do ten zero
24117.68 -> zero zero sixteen we don't need ipv6
24120.798 -> we're gonna go ahead and create that
24122.878 -> and once we have that we can go ahead
24124.08 -> and create a subnet which we will need
24126.4 -> so we're going to choose our vpc we'll
24128.718 -> go down here and say my subnet tutorial
24132.958 -> and we'll choose the first say z you can
24134.558 -> leave it blank it'll choose it random
24136.16 -> and then we need to choose a block that
24137.6 -> is smaller than the current one so 16
24140.16 -> would be definitely um
24143.36 -> well 16 is the size that we have now so
24145.2 -> we can match that size but
24147.718 -> 10.0.0.0 forward slash 24 would be
24150.08 -> absolutely smaller okay so go ahead and
24152.718 -> create that subnet
24155.52 -> and so that is all set up now
24158.638 -> um
24160.32 -> let's see if our route table is hooked
24161.92 -> up so our route table says where it
24164 -> links to
24165.04 -> and it says to local so it's not going
24166.878 -> anywhere and that's because we need to
24168.798 -> attach a
24170.718 -> internet gateway that allows us to reach
24172.638 -> the internet so if we go over here and
24174.718 -> create a new internet gateway we'll say
24176.4 -> my igw
24179.04 -> and we'll go ahead and create that
24181.6 -> and what we'll do is
24183.52 -> associate that with our vpc we created
24186.558 -> here
24187.6 -> okay
24188.878 -> and so now that we have the internet
24190.478 -> gateway attached we want that subnet to
24192.878 -> make its way out to the internet so if
24195.12 -> we go to the route table we can edit the
24198.24 -> route table association here
24200.24 -> i like how it keeps on showing me this
24201.76 -> as if i don't know what i'm doing but i
24203.76 -> do
24204.718 -> and so
24207.76 -> this would change that particular
24209.12 -> association but i want to add to that
24211.12 -> route table
24212.718 -> so i thought when i clicked that it
24214.4 -> would allow me to add more but
24215.76 -> apparently i got to go to route tables
24217.04 -> over here
24218.718 -> and i'm looking for the one that is ours
24220.638 -> we can see that it's over here
24222.4 -> you could even name it if we wanted to
24223.84 -> like my route table
24227.2 -> notice that we apply
24229.44 -> names it's actually just applying a tag
24231.36 -> see over here it's always what that is
24234.878 -> so go over to routes and we want to edit
24237.04 -> the routes and we want to add a route
24239.44 -> and we want this to go to zero zero zero
24241.28 -> and we're gonna choose the internet
24242.32 -> gateway
24243.52 -> okay
24246 -> we're gonna say save changes
24248.4 -> and what that's going to allow us to do
24249.84 -> is to reach the internet
24253.92 -> um and so what i want to do is go back
24256.08 -> to subnet i was just curious about this
24257.6 -> i've never used this before
24260.478 -> um so it looks like we could just choose
24262.478 -> some options here i'm not too concerned
24264.718 -> about that but i assume like that's used
24266.558 -> for debugging azure's had those kind of
24268.718 -> services for a long time and so it was
24270.798 -> been starting to add those so you can
24272.16 -> easily debug your network which is nice
24275.04 -> so
24275.76 -> we have a subnet the subnet
24278.558 -> can reach the internet because there's a
24280.08 -> there's a
24283.04 -> internet gateway and it's hooked up via
24284.638 -> the route table one thing that matters
24286.718 -> is will it assign a public ip address
24290.24 -> so that is something that we might want
24292 -> to look into
24293.68 -> it's not the default subnet which is
24295.04 -> totally fine
24296.32 -> so it says auto assign
24298.16 -> is no so that might be something that
24299.68 -> you might want to change
24301.28 -> so here we would go to edit the rope
24303.28 -> table association no it's not there they
24306.32 -> changed it on me
24307.6 -> it used to be part of the setup
24309.12 -> instructions you should just checkbox it
24310.558 -> now and they moved it modify the
24312.478 -> autoassign so we'll say enable so that
24314.798 -> means it's always going to give it a
24315.84 -> public ip address on launch
24319.52 -> and while we're here i'm just going to
24320.638 -> double check if i have any elastic ips i
24322.24 -> did not release okay just double
24323.6 -> checking here
24324.718 -> and so
24326.798 -> this is all set up and we should be able
24328.878 -> to launch a
24330.558 -> ec2 now within our our new vpc so i'll
24333.12 -> go over here to ec2
24336 -> okay
24338.638 -> and i'm going to launch a new instance
24341.2 -> let's say amazon links 2
24344.4 -> we're going to choose this tier here
24347.44 -> and now what we should be able to do is
24349.6 -> select that
24351.36 -> and that is our subnet there okay
24355.12 -> go ahead and launch that i don't care if
24357.52 -> we use a key whatsoever so i'm gonna go
24359.04 -> ahead and launch that there
24362.878 -> okay we'll go back
24367.28 -> and so there you go it is launching so
24369.04 -> we created our vpc and we launched uh in
24371.28 -> it no problem whatsoever
24374 -> so hopefully that is pretty darn clear
24376.718 -> um so yeah
24378.24 -> what i'm going to do is i'm going to let
24379.76 -> that launch because i want to show you
24381.44 -> security groups
24382.958 -> so within aws you can set security
24385.12 -> groups and knackles
24386.878 -> and that's going to allow or deny access
24389.2 -> based on stuff and when we launched this
24390.958 -> ecto instance it has a default security
24392.878 -> group that was assigned we could have
24394.478 -> created a new one but what i might want
24396.4 -> to do is create myself a new security
24398.24 -> group here
24399.92 -> okay and you can end up with a lot
24402.08 -> really fast like here's a bunch
24404.638 -> and i can't even tell what's what so
24406.718 -> like this bunch for load balancers and
24408.32 -> things like that
24409.76 -> and so i might just go ahead and delete
24411.28 -> a bunch of these because i cannot tell
24412.878 -> what is going on here
24415.44 -> and
24417.36 -> we'll delete these security groups
24420.08 -> and sometimes they won't let you delete
24421.44 -> them because they're associated with
24422.4 -> something like a network interface or
24423.92 -> something
24429.2 -> all right but
24431.12 -> we need to find out which one we're
24432.4 -> using right now
24433.84 -> so the one that we are using is the
24435.92 -> launch wizard4 so we'll go into here
24439.6 -> and i don't know if you can rename them
24441.36 -> after they've been created i don't think
24442.958 -> so which is kind of frustrating because
24444.4 -> if you want to rename it it's like i
24445.92 -> don't want that to be the name
24448 -> so what's interesting is you can go here
24449.92 -> and you can edit the routes
24452.958 -> the rules sorry the inbound rules and
24454.638 -> the outbound rules and so here it's open
24456.558 -> on port 22 so that allows us to ssh in
24459.44 -> we could drop this down and choose
24461.12 -> different things so if we want people to
24462.478 -> access a website we go port 80 and we
24465.2 -> save from anywhere ipv46 so now anyone
24467.84 -> can access it
24470.32 -> you might want to do something like
24472.478 -> give it access to postgres that runs on
24475.04 -> port 5432 things like that
24477.6 -> um could be something else
24479.44 -> like maybe you need to connect a
24480.798 -> redshift that's on that port you can go
24482.4 -> ahead and save those rules we're just
24484.32 -> going to say uh from anywhere it can
24486.16 -> even say my ip so maybe only i'm allowed
24489.04 -> to connect to it right
24490.558 -> so you added inbound rules you don't
24492.638 -> really ever have to touch outbound rules
24494.24 -> it's set for all traffic so it's stuff
24496.24 -> that's leaving
24497.92 -> uh the
24499.6 -> that there one interesting thing to note
24501.92 -> about security groups is that
24506 -> you don't have a deny
24507.68 -> option right so let's say you only
24509.36 -> wanted a particular ip address you only
24511.44 -> wanted let's say what's my ip my ip
24514.4 -> address
24516.4 -> so that is my ip address and let's say
24519.92 -> i wanted to block it
24522 -> right so i go here and i say okay i want
24524.4 -> to block
24526.478 -> on all tcp i want to block this number
24529.12 -> right
24530.478 -> but i can't do that all i can say is i
24532.24 -> allow this number so in order to do it i
24534.16 -> would have to enter everything but this
24535.84 -> number in here and you can enter ranges
24537.6 -> in
24538.478 -> with like these forward slashes and
24540.08 -> stuff like that but you would imagine
24541.36 -> that'd be really hard because you have
24542.32 -> to starting to like
24543.68 -> you'd have to start and go through every
24544.958 -> single ip address in the world to get it
24546.878 -> out of here and that's almost impossible
24548.4 -> and that's the key thing i want to
24549.6 -> remember about security groups
24552.878 -> so that's security groups and there's
24554.24 -> also knackles
24557.68 -> knackles they're associated with subnets
24559.84 -> so they probably show up under vpc i
24562.24 -> rarely touch knackles rarely ever have
24564.4 -> to
24565.6 -> um
24566.798 -> i mean they're great tools but you know
24568.32 -> for me i just don't ever need them
24570.4 -> so knackles are associated with subnets
24574.558 -> so we can go here and try to see my
24576.558 -> subnet tutorial so we created our subnet
24578.638 -> we got a knackle for free and we can set
24580.958 -> inbound and outbound rules and so here
24584.4 -> here is where we could say okay i want
24586.4 -> to add a new rule
24588.4 -> and i want to and i want to make the
24590.478 -> rule number 150
24592.878 -> you always do these in the hundreds okay
24594.4 -> or the power of tens so that you can
24595.84 -> move them around easily
24597.44 -> and i can say all
24598.84 -> traffic that comes from
24601.28 -> this ip address
24603.28 -> i'm gonna put the forward slash zero
24604.638 -> that just means a single ip address
24607.04 -> and i say deny right and so now
24610.638 -> uh this at my address i can't access
24613.12 -> that ec2 instance okay if i try to go
24615.36 -> there's nothing running on the server
24616.478 -> but if i was to try to use it i wouldn't
24618 -> be able to do it
24619.2 -> and and this applies to anything for
24620.878 -> that subnet it's not for a particular
24622.638 -> instance it's for anything in that
24624 -> subnet so hopefully that is is pretty
24626.08 -> clear there
24627.6 -> but that's pretty much all you really
24628.958 -> need to know i mean there's lots of
24630.24 -> other stuff like network firewalls all
24632.4 -> these other things it gets pretty
24633.44 -> complicated
24635.28 -> it's well beyond what we need to learn
24637.28 -> here but what we'll do is tear down that
24639.44 -> ec2 instance
24642.4 -> okay
24643.6 -> we'll terminate that
24646.16 -> and once that instance is destroyed we
24647.6 -> can get rid of our security group and a
24649.04 -> bunch of other stuff
24652.798 -> and there's always a bunch of these darn
24654.558 -> things
24657.6 -> so we'll say delete
24662.878 -> one security group associated
24667.36 -> so we go here this is the one we are
24668.798 -> using but i wanna get rid of all these
24670.08 -> other ones
24676.24 -> okay if i go here it could be because
24677.92 -> like of inbound rules
24680.4 -> so see this one because you can
24681.92 -> reference
24683.12 -> another security group within a security
24684.718 -> group so i'm just going to go save that
24685.84 -> there
24686.718 -> see any my ip there oops
24691.04 -> it's set to
24692.478 -> nfs so that might have been set up for
24694.558 -> our access point
24699.68 -> i could just delete it that would
24700.798 -> probably be easier
24703.04 -> okay
24704 -> so that's one that's kind of of a pain
24707.52 -> so i'm just looking for rules that might
24709.68 -> be referencing other security groups
24714.798 -> to get rid of them
24717.52 -> okay let's try this again
24726.24 -> we'll go ahead and delete
24727.92 -> i'm leaving the um
24731.52 -> i'm leaving the uh the defaults alone
24733.52 -> because those come with your vpcs and
24735.2 -> you don't want to get rid of those
24740 -> it won't let me delete
24741.68 -> this one so i'm going to go edit that
24743.36 -> rule
24744.958 -> delete it save it
24747.28 -> you might not have this kind of cleanup
24748.638 -> to do it's just might be me here you
24751.28 -> know
24753.12 -> um outbound inbound
24756.32 -> let's try this again here
24764.478 -> delete
24768.24 -> and i'll open this one up
24773.92 -> must be this one that is referencing the
24775.44 -> other one
24781.6 -> i'm just going to delete the rule
24787.44 -> and this is something that's just kind
24788.718 -> of frustrating with aws but it's just
24790.32 -> how it is where
24791.84 -> sometimes it's hard to get rid of
24793.6 -> resources because you have to click
24794.798 -> through stuff so it's not always a clean
24796.478 -> you might have like lingering resources
24798.478 -> and this isn't going to cost us anything
24800.08 -> but it's just the fact that um
24803.76 -> that it just makes things
24805.52 -> harder to see what you're doing you know
24811.04 -> this last one really doesn't want to go
24812.558 -> away
24816.718 -> so i'm just trying to delete all the
24818.16 -> rules out of here get rid of it
24820.958 -> can i delete this one now
24824.878 -> one group associated it will not show me
24826.718 -> what it's talking about okay here it is
24829.44 -> um
24833.04 -> ah okay this is referencing it
24836.08 -> it was the one there was an old one i
24837.84 -> don't know what this is
24847.2 -> we'll go down here
24850.32 -> and we'll go here and delete that and
24852.878 -> while i've been cleaning all these up
24854.4 -> now we can go over to our instance make
24856.558 -> sure that it's terminated it is good
24858.798 -> because if our instance is not
24859.92 -> terminated we cannot destroy the vpc uh
24862.4 -> prior the vpc could not be destroyed
24863.92 -> unless you detach the internet gateway i
24865.68 -> wonder if it's going to still complain
24867.04 -> about that
24869.44 -> we'll say yes it actually looks like it
24871.44 -> includes it in the cleanup
24874.32 -> type delete here
24880.558 -> there we go so we're all good we're all
24882.638 -> cleaned up there you are
24884.33 -> [Music]
24888.32 -> hey this is andrew brown from exam pro
24890.16 -> and in this video i just want to show
24891.52 -> you cloud front so let's make our way
24893.12 -> over to cloudfront
24894.478 -> and cloudfront is a content delivery
24896.4 -> network and it's used to cache your data
24898.718 -> all over the place as you can see i have
24900.32 -> some older ones here if you have a
24902.638 -> splash screen what you can do is just
24904.08 -> look for the left-hand side there might
24905.2 -> be a hamburger menu open that up and
24907.52 -> then click on distributions and what
24909.04 -> we're going to do is create a new
24910.16 -> distribution if you don't want to create
24912.16 -> one because these do take forever to
24913.76 -> create
24914.638 -> you can just kind of watch along i don't
24916.16 -> even feel like i'm going to hit the um
24918.16 -> the create distribution button because i
24919.6 -> just hate waiting for so long but the
24921.28 -> idea is that you have to choose an
24922.638 -> origin and so the origin could be
24924.08 -> something like an s3 bucket a load
24925.92 -> bouncer media store this is where um the
24929.28 -> the content distribution network is
24930.638 -> going to source
24932.08 -> its content right so if i say
24934.638 -> this bucket here
24936.558 -> and i just it will probably default to
24938.24 -> the root path the idea is that it's
24939.68 -> going to be able to pull content from
24941.28 -> there and then cache it everywhere
24943.6 -> and then down below you can say
24945.6 -> okay set the type of protocol redirect
24948.24 -> to here you can set up caching rules or
24951.6 -> like how often do you want it to cache
24953.92 -> like cache a lot don't cache a lot but
24956.4 -> the great thing is like you have these
24957.84 -> edge or these um lambda edge functions
24960.24 -> so you can
24962.08 -> read and modify the requests and
24964 -> response to the cdn which is very
24966 -> powerful but what i'm going to do is i'm
24967.92 -> just going to go look at what we already
24969.04 -> have because again i said they take
24970.798 -> forever to spin up and we're not going
24972.958 -> to see too much if we do so once it's
24975.36 -> spun up this is what it looks like so
24978.16 -> you'll have an origin it says where it's
24979.76 -> pointing to you can create multiple
24981.2 -> origins group them uh you can modify
24984 -> your behavior so that was basically what
24985.52 -> we're looking at before as you can see
24986.958 -> we have our behavior there nothing super
24989.04 -> exciting
24990 -> we can set up error pages you can
24992 -> restrict based on geographical locations
24994.16 -> so if you're for whatever reason if you
24995.92 -> if you're not allowed to serve content
24998.08 -> in uk you could say exclude this
25000.32 -> geographical region right so you have an
25002.16 -> allow list
25003.44 -> or a block list saying like okay we
25005.28 -> can't do uk because like let's say you
25007.04 -> just don't want to do um
25009.44 -> england you don't want to do um uh gdpr
25012.718 -> for whatever reason you could block out
25014.558 -> i don't know i'm having a hard time here
25015.84 -> britain
25017.04 -> england it's england right united
25019.44 -> kingdom there we go so you just say okay
25022.16 -> forget united kingdom i don't have to do
25023.68 -> gdpr now uh for invalidations the idea
25026.558 -> is that you know it is a cache so things
25028.878 -> can get stale or just persist and so
25031.2 -> here you can just type in say i want to
25032.878 -> get rid of
25034.68 -> image.jpg and then you create that
25036.558 -> invalidation and then it will go delete
25038.718 -> it out of the cache and so the next time
25040.558 -> someone requests they'll get the fresh
25042.16 -> content this usually doesn't take that
25043.6 -> long but that's pretty much cloudfront
25045.36 -> in a nutshell okay
25047.23 -> [Music]
25051.36 -> hey this is andrew brown from exam pro
25053.12 -> and we are taking a look at ec2 also
25055.04 -> known as elastic compute cloud and so
25056.958 -> this is a highly configurable virtual
25059.12 -> server or it's also known as a virtual
25061.52 -> machine and that's what we're going to
25062.878 -> generally refer to it uh ec2 is
25065.28 -> resizable compute capacity it takes
25067.76 -> minutes to launch new instances and
25069.68 -> anything and everything on database uses
25071.2 -> ec2 instances underneath that's why we
25073.52 -> generally call it the backbone to all
25075.04 -> the eight of the services and uh you're
25077.28 -> gonna just have to choose a few options
25078.878 -> here so the first thing you'll need to
25080.16 -> do is choose your os via your amazon
25083.04 -> machine image so that's where you get
25084.718 -> red hat ubuntu windows amazon linux zeus
25088.24 -> it might also come with pre-installed
25089.84 -> libraries and things like that then you
25091.52 -> can choose your instance type that's
25092.718 -> going to determine things like your
25094 -> vcpus your memory so here you can see
25097.12 -> how many there are and you'll have like
25099.04 -> a monthly cost
25100.638 -> and that's the name of the instance type
25102.32 -> then you have to add storage so very
25104.4 -> commonly you're attaching elastic block
25106.638 -> storage or elastic files
25109.04 -> system or service
25110.878 -> and so you know if you do choose your
25112.878 -> ebs
25114 -> you are going to have to determine what
25115.84 -> type it is so whether it's a solid state
25117.92 -> drive a hard disk drive a virtual
25120 -> magnetic tape or even attaching multiple
25122.638 -> volumes not just a single one and the
25124.558 -> last thing is configuring your instance
25126.08 -> so this is configuring the security
25127.84 -> groups the key pairs user data im rolls
25129.92 -> placement groups all sorts of things so
25132.16 -> we will experience in that because we
25133.76 -> will show you how to launch an ec2
25135.92 -> instance and it'll make a lot of sense
25137.28 -> if it does not make sense right now okay
25139.73 -> [Music]
25144 -> all right let's take a look here at ec2
25145.68 -> instance families so what are instance
25147.44 -> families well instant families are
25148.958 -> different combinations of cpu memory
25151.6 -> storage and networking capacity and
25154.08 -> instance families allow you to choose
25155.84 -> the appropriate combination of capacity
25158.16 -> to meet your application's unique
25159.6 -> requirements different instance families
25161.68 -> are different because of the varying
25163.12 -> hardware used to give them their unique
25165.2 -> properties and we do talk about this
25167.76 -> thing about uh
25169.36 -> capacity reservation where aws can
25171.04 -> actually run out of a particular type of
25172.638 -> instance family because they just don't
25174.24 -> have enough hardware in that data center
25175.92 -> so you have to reserve it but let's go
25177.36 -> through the different types of instance
25178.798 -> families the first is general purpose
25181.2 -> and these are the names of the different
25183.12 -> families uh very popular ones is the t2
25186.558 -> the t2 and one that's really interesting
25189.04 -> is the mac which actually allows you to
25191.2 -> run
25192.16 -> a
25192.878 -> mac server
25194.08 -> so these are great balance of compute
25195.92 -> memory and network resources so you're
25197.6 -> going to be using these most of the time
25199.52 -> the use cases here would be web servers
25201.28 -> code repositories things like that then
25203.52 -> you have compute optimize so um they all
25206.16 -> start with c uh no surprise there
25208.24 -> they're ideal for compute bound
25209.76 -> applications that benefit from high
25211.28 -> performance processor thread cases here
25213.44 -> are scientific modeling dedicated gaming
25215.12 -> servers ad server engines things like
25216.878 -> that then you have memory optimized um
25220 -> and so there's a variety here these are
25221.76 -> fast performance for workloads that
25223.6 -> process large data sets and memory
25226.4 -> they're great for in-memory caches and
25228 -> memory databases real-time big data
25229.84 -> analytics then you have accelerated
25231.84 -> optimize so this is your p2 p3 p4 things
25234.878 -> like that these are hardware
25236.798 -> accelerators or coprocessors these are
25239.28 -> great for machine learning computational
25240.878 -> finance seismic analysis speech
25243.2 -> recognition if you're doing um uh ml on
25246.558 -> aws you'll start coming across these
25248.798 -> types aws technically has a separate
25250.798 -> page on sagemaker ml machines but
25252.798 -> they're all pulling from these instance
25254.24 -> families okay then we have storage
25256.16 -> optimized so i3 i3en things like that
25259.6 -> these are highly high sequential read
25261.68 -> and write access to very large data sets
25263.52 -> on local storage the use cases here
25265.44 -> would be nosql in memory or
25266.878 -> transactional databases data warehousing
25269.44 -> for the certified cloud partitioner you
25271.2 -> just need to generally know these five
25272.478 -> categories not the names of the instance
25275.36 -> families if you're doing
25277.36 -> associates or above you definitely want
25279.12 -> to know these things in a bit more
25280.32 -> detail and i want to say that commonly
25282.4 -> instant families are called instance
25283.76 -> types but an instance type is a
25285.28 -> combination of size and family but even
25288.24 -> aws documentation doesn't make this
25290.32 -> family distinction clear but i know this
25292.718 -> because you know in azure they make that
25294.32 -> very clear and and gcp and so i'm
25296.798 -> bringing that language over here to just
25298 -> kind of normalize it for you okay
25300.33 -> [Music]
25304.718 -> let's take a look at what ec2 instance
25306.798 -> types are so an instance type is a
25308.478 -> particular instant size and instance
25310.718 -> family and a common pattern for instance
25312.718 -> sizes you'll see is things like nano
25314.958 -> micro small
25316.718 -> medium large x large 2x large 4x large
25321.12 -> 8x large and you know generally they're
25323.84 -> you to the power of twos but sometimes
25325.52 -> it'll be like 12 14 16 where it's even
25328.478 -> uh and so when you go to launch your ec2
25330.558 -> instance you're going to have to choose
25332.478 -> that instance type and so here you can
25334.32 -> see
25335.52 -> you know here's our ttmicro and then we
25338.16 -> have um the small the bdm the large
25341.04 -> the x large
25342.718 -> okay but there are exceptions to this
25344.16 -> pattern for sizes so you know there is
25346.958 -> one particular one called uh dot metal
25349.28 -> and so that's going to indicate that
25350.4 -> this is a bare metal machine and then
25352.16 -> sometimes you get these oddball ones
25353.6 -> like
25354.32 -> 9x large so you know the rule of power
25357.04 -> of two or even numbers is not always the
25358.798 -> case uh but generally it'll be pretty
25361.12 -> even for you know the start here okay uh
25364.24 -> just talking about instant sizes so the
25366 -> easy two instance sizes generally double
25368.08 -> in price and attributes so uh just
25370.478 -> bringing up these numbers a little bit
25371.76 -> closer starting at the small here you're
25373.28 -> gonna notice one
25375.04 -> two
25375.84 -> it doesn't maybe double there but four
25377.6 -> and here we see twelve twenty four uh
25380.08 -> almost doubles there almost doubles
25382.24 -> there but i want to show you that the
25384.08 -> price is generally almost double so 16
25386.32 -> 33 67
25388.24 -> 135 and so a lot of times like you
25391.12 -> always have the option to say okay do i
25393.04 -> want to go to the next instance size up
25394.958 -> or have
25395.92 -> an additional distance of the same size
25398 -> and sometimes it's a better approach to
25399.44 -> get an additional instance because then
25401.52 -> you can distribute it across another az
25404.16 -> but then you also meet additional
25405.68 -> capacity so there you go
25410.43 -> [Music]
25412.08 -> so we talked about dedicated instances
25414.4 -> and hosts a little bit but let's just
25415.84 -> make that distinction very clear so
25417.44 -> dedicated hosts are single tenant ec2
25419.6 -> instances designed to let you bring your
25421.44 -> own license so byol based on machine
25424.16 -> characteristics and so we'll compare the
25426.638 -> dedicated instance to the dedicated host
25428.4 -> across isolation billing
25430.718 -> physical characteristics visibility
25432.32 -> affinity between a host and instance
25434.32 -> targeted instance placement automatic
25436.878 -> instance placement and add capacity
25439.12 -> using allocation request so for
25441.36 -> isolation for dedicated instance you're
25443.12 -> going to get instance isolation so you
25445.6 -> can have the same customer on the same
25447.36 -> physical machine but there is
25448.638 -> virtualization there for them and
25450.638 -> there's a guarantee of that
25452.32 -> for a dedicated host you have physical
25454.478 -> server isolation so you get the whole
25455.92 -> server
25457.12 -> for billing uh on a dedicated instance
25459.52 -> it's per instance billing and it's gonna
25461.28 -> have an additional fee of two dollars
25462.798 -> per region and for dedicated hosts it's
25465.04 -> per host billing so it's a lot more
25466.718 -> expensive but you get the whole machine
25468.798 -> uh for visibility of physical
25470.32 -> characteristics you're not going to get
25471.84 -> any of that information for a dedicated
25473.28 -> instance for dedicated hosts you are
25475.36 -> such as sockets core host host id and
25478.16 -> this is really important when you have a
25480.16 -> bring your own license and they're
25481.52 -> saying this license is for x amount of
25484.4 -> cores or x amount of sockets
25486.958 -> then we have affinity so there's no
25488.638 -> affinity for dedicated instance for
25490.4 -> dedicated hosts you'll have consistency
25492.32 -> with deploys to the same instance the
25494.08 -> same physical server there's no control
25496.798 -> of target instance placement for
25498.32 -> dedicated instance you do have control
25500.24 -> on a dedicated host
25502.16 -> for automatic instance placements you
25504 -> have it for both
25505.44 -> and to add capacity using allocation
25507.6 -> requests it's a no for dedicated
25509.6 -> instance and it's a yes for dedicated
25511.12 -> host
25512.32 -> so i want to come back to the main point
25514.4 -> that's what's highlighted here is that
25515.76 -> on a dedicated host you have visibility
25517.68 -> of sockets core host id
25520 -> and this is really really important when
25522 -> you're bringing your own license byol
25524.798 -> such as
25526 -> you know
25526.878 -> microsoft sql servers where you have to
25529.92 -> specify the mana cores and things like
25531.52 -> that okay
25532.51 -> [Music]
25536.718 -> so we've been talking about uh tendency
25538.798 -> and i just wanted to make it very clear
25540.798 -> uh the difference between the different
25542.558 -> levels of tendency on aws so we have
25545.12 -> three okay so we got dedicated hosts so
25547.76 -> your server lives here and you have
25549.84 -> control of the physical attribute so
25551.68 -> basically the whole server okay
25554.558 -> then we have dedicated instances so your
25556.4 -> server is on the same uh physical
25559.12 -> machine as other customers but the
25561.68 -> actual slot that you have the dedicated
25563.76 -> instance will always be the same and
25566.16 -> then we have the default so your
25568.16 -> instance will live somewhere on the
25570.4 -> server uh and when you reboot it's going
25572.798 -> to be somewhere else so there's no
25574.16 -> guarantee that it's going to be in the
25575.2 -> same place every single time okay
25580.39 -> [Music]
25581.68 -> hey this is andrew brown from exam pro
25583.44 -> and in this follow along we're going to
25584.4 -> be looking at ec2 and also um services
25587.6 -> that are adjacent to it so like auto
25589.2 -> scaling groups load bouncers elastic ips
25591.92 -> things like that so we fully understand
25593.68 -> ec2
25594.958 -> you don't have to know tons for the exam
25597.2 -> but you should be able to go through the
25598.4 -> motions of this with me so you can
25600.24 -> cement that knowledge
25601.76 -> for some of those deeper concepts like
25603.68 -> working with key pairs and things like
25604.958 -> that
25606 -> so let's make our way over to the ec2
25608.16 -> console and learn what we can learn
25610.32 -> um and generally when you go over the
25612.718 -> ec2 console it'll bring it to the
25614.24 -> dashboard for whatever reason to bring
25616.32 -> me there and then the idea here is that
25618.4 -> on the left hand side we can make our
25619.76 -> way over to instances
25621.84 -> okay and this is where we can launch our
25624.558 -> first instance
25626.24 -> so we go here and launch our instance
25627.68 -> the first thing we're going to be
25628.4 -> presented with is to choose our mi or
25631.6 -> amazon machine image and so that is a
25634.24 -> template that contains the software
25635.6 -> configuration so the operating system
25637.76 -> applications and other binaries that
25639.92 -> would be installed on that os by default
25642.32 -> all right and so we have a variety that
25644.16 -> we can choose from in the quick starts
25646.16 -> and generally the ones that you're going
25647.28 -> to see first are the ones that it'll
25648.878 -> support so there are
25651.52 -> amis or operating systems that aws will
25653.92 -> support when you contact them and then
25655.68 -> there's ones that are outside that where
25657.68 -> they'll still help you with but they
25658.958 -> might not have the knowledge on so just
25660.638 -> understand that if you pick from these
25662.08 -> core ones you're going to be in good
25663.44 -> shape the most popular is the amazon
25665.76 -> linux 2 because it's part of the free
25667.44 -> tier and it is very minimal and well
25670.638 -> hardened by aws so it's a very good
25672.24 -> choice there but you can see you can
25673.52 -> install a bunch of things
25674.958 -> so like if you want to launch a mac os
25677.44 -> server you can absolutely do that a red
25679.52 -> hat
25680.958 -> susie ubuntu a windows server you name
25684.24 -> it they have it if you wanted something
25686.16 -> more
25687.36 -> farther out there you can go to the
25689.04 -> marketplace and
25690.638 -> subscribe to one that is managed by
25692.878 -> company basically everything exists
25694.4 -> under the sun here or you can get a
25696.32 -> community ami so these are ones that are
25698.16 -> contributed by the community for free
25700.24 -> but we're going to go back to quickstart
25701.76 -> here and what i want you to notice is
25703.52 -> that there is this ami id that's how we
25705.76 -> can uniquely identify what we're using
25708.16 -> if we were to change region even with
25710.08 -> the same amazon x2 instance this thing
25712.478 -> will change so just understand that it
25713.92 -> is regional based and it comes in a
25715.92 -> 64-bit variant and a arm variant and so
25718.958 -> we're going to be using the x86 here
25721.84 -> you can notice here you can change it on
25723.44 -> the right hand side we're going to stick
25724.638 -> with x86 i'm going to go ahead and hit
25727.04 -> next
25728 -> so now we're going to choose our
25729.52 -> instance type and so this is going to
25731.04 -> decide um
25732.878 -> greatly how much we're going to be
25734.24 -> spending because the larger it is the
25736.32 -> more we're going to spend so see this t2
25738 -> micro if we wandered into the pricing
25739.44 -> for that we go to ec2
25741.68 -> pricing aws
25744.638 -> and once we get to ec2 pricing we want
25748.478 -> to go to on demand
25751.12 -> and from here this will load
25753.76 -> and so down below we can kind of go find
25756 -> our price it should show us
25758.958 -> it should show us the list ah here it is
25760.478 -> okay so i can say a t2 micro
25763.68 -> and we can see the on demand is this
25765.84 -> so it seems really cheap what you got to
25767.52 -> do is do the math so if you do time 730
25769.76 -> that's how many hours there are in a
25771.36 -> month
25772.32 -> if we launch a ttmicro and let's say we
25774.638 -> didn't have the free tier we you do if
25776.718 -> you first made your account you're going
25778.08 -> to have 700 750 hours for free for the
25781.44 -> free tier but if you didn't it would
25783.28 -> only cost you eight dollars and and 46
25786 -> cents usd okay
25788.16 -> so just be aware of that if you ever
25789.76 -> need to figure something out go there
25790.958 -> copy it do the math 730 it's pretty easy
25793.52 -> so here we have a t2 micro in the t2
25796 -> family it's going to have one v v cpu
25798.718 -> notice it has a v for virtual so there
25801.12 -> could be more than a single cpu on the
25804.558 -> underlying hardware but we're only going
25806.24 -> to have access to one virtual cpu we
25809.12 -> have one gigabyte of memory
25811.52 -> it's for low to moderate network
25813.12 -> performance so that's a factor that can
25814.478 -> change if you need like
25816.638 -> gigabit stuff like really fast
25818 -> connections for on-prem hybrid
25819.92 -> connections and you have specialized
25821.52 -> servers for that but for this this is
25823.44 -> fine the ct micro is great uh if you
25825.76 -> want you can also search this way to see
25827.76 -> all the instance families and things
25829.12 -> like that you can filter for current
25830.878 -> generations all generations so this is
25833.04 -> fine okay
25834.4 -> so from there we're going to go to
25835.76 -> configure our instance type you can say
25837.84 -> let's launch multiples of these
25839.52 -> instances let's turn on spot to save
25842.32 -> money and try to bid for a particular
25844 -> price
25845.2 -> we can change our vpc it's going to
25846.878 -> default to the default vpc um if you
25849.84 -> have no subnets just going to pick one
25851.6 -> at random here which is fine
25854.478 -> whether to auto assign a public ip
25856.08 -> address if you do not have an ip address
25858 -> you cannot reach the internet so
25860 -> generally you want this to be enabled
25861.52 -> this is dependent on the subnet whether
25863.76 -> it will default to enabled but it
25865.28 -> doesn't matter if you have an ec2
25866.878 -> instance in a private or public subnet
25869.36 -> you can always override this and give it
25870.878 -> a public ip address you have placement
25873.36 -> groups which allows you to place servers
25874.958 -> together closely not something for the
25876.32 -> certified cloud partitioner there's
25878.32 -> capacity reservations so if you're
25879.68 -> worried about
25880.798 -> database running out of this you can
25882.878 -> reserve capacity so that's kind of
25884.32 -> interesting domain join directory this
25886.558 -> isn't something that i've done much with
25888.08 -> but i imagine that has something to do
25889.44 -> with um direct active directory or
25891.68 -> something like that to join information
25894.478 -> then you need to uh
25896.4 -> have an im role and we absolutely do
25898.08 -> need an item rule here so what i want
25899.36 -> you to do is create a new role it's
25901.44 -> going to close off these other tabs here
25903.6 -> and we will go
25905.2 -> wait a moment create a new role here and
25907.52 -> we want to do this for ec2 so we say ec2
25910.798 -> is what we're creating the rule for
25912.4 -> we'll hit next and
25914.638 -> i don't know if i have a policy but i'm
25916.32 -> gonna go ahead and um oh well i don't
25918.4 -> need to make a new policy but i just
25919.76 -> want ssm and the reason i want ssm is so
25922.718 -> that
25923.6 -> i can um
25926.32 -> use sessions manager to log in so we
25927.92 -> don't have to use key pairs we will use
25929.28 -> key pairs but if we didn't want to use
25931.2 -> it that's what we could do and this used
25932.798 -> to be the old roll it'll tell you hey go
25934.958 -> use this new one here so i just want to
25937.04 -> make sure i know which one it is
25939.04 -> and so we'll just checkbox that on we'll
25940.638 -> hit next we can add tags right here it'd
25943.28 -> be well actually we don't need to add
25945.04 -> any tags here so that's fine we'll sit
25946.4 -> next and then i'll just say my
25949.2 -> ssm ec2 role
25951.6 -> okay
25952.558 -> and we'll create that role
25954.958 -> and now that we have created that role
25956.718 -> we can go back to our first tab here and
25959.04 -> give this a refresh and then drop down
25960.798 -> and it should show up here
25963.28 -> if we go down here a little bit we could
25964.958 -> turn on extra monitoring there is
25966.878 -> monitoring built in but if you wanted to
25969.52 -> monitor it to a lower uh like it more
25972.638 -> frequently you could do that as well we
25974.558 -> want share tenancy right this is where
25976.4 -> you change the dedicated instance or
25978.16 -> dedicated host obviously these costs
25979.84 -> more but we're gonna stick with shared
25981.52 -> elastic conference so this is for um
25984.638 -> uh attaching a a fractional gpu great
25987.76 -> for ml not something that we want
25990.08 -> there's credit specification i don't
25991.52 -> remember seeing this before selecting
25992.958 -> unlimited for credit specification
25994.4 -> allows for uh to burst beyond the
25996.08 -> baseline so it's for bursting
25998.24 -> here you can attach an uh efs so if you
26001.36 -> need a file system that you want to
26002.718 -> mount or attach um
26004.558 -> then there's the enclave option so nitro
26006.4 -> enclave enables you to create isolated
26008.16 -> compute environments to further protect
26009.84 -> your and securely process highly
26011.68 -> sensitive data so it might be something
26013.2 -> you might want to checkbox on um based
26015.68 -> on your use case
26017.04 -> and then down below are we have the
26018.798 -> ability to enter our user data and this
26020.4 -> is something we want to do because we
26022.32 -> want to install
26024.478 -> apache so that we have something to work
26026.24 -> with here so what i'm going to do is
26027.28 -> make a shebang so that is a pound and an
26030.24 -> exclamation mark i know that's really
26032.08 -> small so i'll try to bump up my font
26033.52 -> here so you can see what i'm doing
26035.2 -> and we're going to do a forward slash
26036.718 -> bin and a forward slash bash on the next
26038.878 -> line here we're going to do yum install
26040.638 -> hyphen y httpd
26043.04 -> that's going to install apache and why
26045.76 -> it's not called apache i don't know why
26047.44 -> but they call it httpd
26050.08 -> there's no apache in the name there and
26052 -> so we'll say systemctl start httpd
26055.68 -> system ctl enable httpd so we're saying
26059.28 -> startup apache and then make sure that
26061.2 -> it stays running if we restart our
26063.12 -> machine
26064.478 -> very simple so from there we will go to
26067.84 -> our storage we'll say add or storage and
26070 -> this is at 8 gigabytes by default we
26071.92 -> could
26072.878 -> turn that up to 30 if we like so you can
26075.12 -> go all the way up to 30 if you like and
26077.12 -> you might want to do that but i'm going
26078.558 -> to leave it at 8. we could change our
26080.24 -> volume type i'm fine with gp2 because
26082.638 -> that's very cost effective and if we
26084.718 -> want to turn encryption and you should
26085.92 -> always turn on encryption there's no
26087.12 -> reason not to
26088.638 -> and so we'll turn that on it's not like
26089.76 -> it's going to cost you more it's going
26091.44 -> to be the same cost it's just your
26092.958 -> choice there if we want to add a tag yes
26095.04 -> we're going to add a name and we're
26096 -> going to say my ec2 instance
26099.92 -> okay
26101.44 -> and so that's going to give us a name
26103.12 -> which is something we would really like
26104.798 -> to have then we have a security group
26106.24 -> i'm going to just create a new query
26107.44 -> book called my
26109.08 -> ec2sg here
26111.52 -> and you'll say my ec2
26113.76 -> sg something you cannot do is rename a
26116.08 -> security group once you've made it so
26117.36 -> make sure you don't make a spelling
26118.4 -> mistake up here
26120.08 -> and we want to be uh
26121.92 -> accessing that http http
26125.36 -> or it's going to launch a website so in
26127.6 -> order to do that we need to make sure we
26128.958 -> have http as the type with the port 80
26131.44 -> open and we want it from anywhere so
26133.92 -> we'll say anywhere and that will be
26135.52 -> 0.0.0.0.0
26138.478 -> and that's for the ipv4 this is for the
26140.4 -> ipv6 okay so
26142.798 -> we'll just say internet
26145.2 -> and this is for ssh right
26147.36 -> and for this i would probably suggest to
26149.92 -> say my ip but since we might be using a
26152.32 -> cloud shell to do that we're going to
26153.84 -> leave it as anywhere so that we don't
26155.36 -> have any issues connecting so from here
26157.28 -> we'll review and launch
26159.52 -> and you can review
26161.12 -> what it is that's going on here it's
26163.36 -> going to say here hey you have an open
26165.52 -> port that's okay we we want the internet
26167.92 -> to see our website because that's the
26169.44 -> whole point there and we'll go ahead and
26171.44 -> launch it it's going to ask for a key
26172.878 -> pair we can go down and say proceed
26174.558 -> without key pair but what i'm going to
26175.92 -> do is i'm going to create a new key pair
26177.36 -> because i want to show you how those
26178.558 -> work and i'm sure we've already done in
26180.32 -> this course once but we'll do it again
26182.718 -> and so i'm going to just name this as my
26184.878 -> ec2 instance here and then we're going
26187.04 -> to go download that key pair it's going
26188.478 -> to download a pem file
26191.6 -> there and so now we can go ahead and
26193.36 -> launch that instance
26196.16 -> and while that is launching so i'm going
26197.76 -> to just close this other tab here we're
26199.44 -> going to click on the view instances and
26201.6 -> so here is that instance that's why we
26203.52 -> put the tag so we can have a name there
26205.2 -> we're going to wait for that to start
26206.4 -> but as that's going i'm going to make a
26207.68 -> new tab by just right clicking here on
26209.76 -> the logo
26210.878 -> click anywhere pretty much to do that
26212.558 -> and once we do that we'll click on cloud
26214.878 -> shell
26218.08 -> and as that is going what i want to do
26220.24 -> is take this pim down below i'm going to
26222.638 -> move it to my desktop to make it easier
26224.558 -> for me to upload i'm doing this off
26226.16 -> screen
26227.2 -> okay
26230.798 -> and
26231.68 -> uh once this environment's running i'm
26233.44 -> going to go ahead and upload that okay
26236.478 -> so we'll just give it a moment to do
26238.08 -> that we're also waiting for the server
26240.718 -> to spin up as you'll notice there is a
26243.68 -> public ip address here it says it's
26245.52 -> running so if we want we can copy it
26247.68 -> we're looking for those two checks to
26249.44 -> pass so the server could be available
26252.08 -> but generally you want to wait for those
26253.52 -> two system checks because one says hey
26255.52 -> the hardware is fine the network's fine
26257.2 -> things like that okay but if i take that
26259.04 -> ip address paste it on and up here we
26261.44 -> have the web page so that is working uh
26264 -> no problem there so that's great
26266.718 -> and we'll go over to cloud shell and
26268.08 -> that is still starting uh it's not the
26270.398 -> fastest but that's just how it is
26272.638 -> and um you know we'll get going here in
26275.92 -> a second as soon as
26278.798 -> this decides to load
26281.68 -> there we go so it's loaded i can type
26283.76 -> clear here just to clear that screen out
26285.84 -> and so what i want to do is upload that
26287.76 -> pem file so i'm going to go and upload
26289.52 -> that file we're going to go ahead and
26290.798 -> select it i'm going to go to my desktop
26292.638 -> here whoops my desktop and we are going
26294.798 -> to choose my ec2 instance pem
26297.2 -> all right and from there we'll hit
26298.958 -> upload that's going to upload that pem
26300.958 -> file
26303.44 -> once that is uploaded we're going to do
26304.798 -> ls
26307.12 -> okay and so this is from a previous
26308.958 -> tutorial so i'm going to go ahead and
26310.08 -> just delete that other one there we'll
26311.36 -> say remove efs example pem
26315.04 -> yes
26316.718 -> okay we'll type clear
26319.12 -> and then what we can do here is type in
26320.878 -> chamod and
26322.798 -> i believe it's 400
26324.798 -> and what do we call this my ec2 instance
26327.28 -> pem if you hit tab it will auto complete
26328.958 -> which is nice and if you do ls hyphen la
26331.6 -> we can take a look at that file and see
26334.718 -> it should look like this should have
26336.558 -> only one r here so the idea is you're
26338.558 -> locking it down so it's not writable or
26340.478 -> executable it's just readable because
26342.478 -> that's what you have to have it if you
26343.76 -> want to ssh and so if we want ssh what
26346.558 -> we'll do is hit the connect button here
26349.6 -> and we have four options they just give
26351.28 -> you too many options it's gonna be a
26352.798 -> fifth one for sure soon but right now
26354.958 -> we're talking about ssh so for ssh um we
26357.84 -> had the chamod or file which we did and
26359.92 -> then we need to use this dns to connect
26362 -> to it and so this is the full line here
26363.6 -> if you click on this copy that over and
26365.92 -> paste it in
26367.84 -> that should be everything and notice
26368.878 -> we're doing ec2 user
26370.958 -> followed by this you could put the ip
26372.798 -> address in here it said if you preferred
26375.2 -> so if you were over here
26379.04 -> you could go and take that ip address
26380.558 -> which is
26381.44 -> i think shorter nicer but um you know if
26383.84 -> you just click that one button it works
26385.52 -> that's fine you always have to accept
26387.92 -> the fingerprint then you'll be inside
26390.16 -> the instance you can type who am i to
26391.76 -> see which user you are you're the ec2
26393.92 -> user that's the user that aws creates
26396.32 -> for their amazon linux instances
26398.798 -> it's going to vary per
26401.12 -> ami so not all amis have an ec2 user it
26404.24 -> might be something else but that's
26405.76 -> generally the ones that adas uses for
26407.12 -> their supported ones and so if we do um
26409.84 -> an ls
26411.04 -> again we're in the server right now we
26412.24 -> can tell because it says right here or
26414.08 -> if we do a pwd we can kind of just kind
26416.32 -> of look around so i think it's going to
26417.6 -> be at var ww that's where ht httpd or
26421.84 -> apache always puts their files here
26424.638 -> so i go in here whoops
26426.798 -> i'm just looking for
26428.32 -> the index file
26430.32 -> so i thought the index file was in
26434.638 -> cd bar www
26438.24 -> hmm
26439.76 -> html
26441.92 -> well where the heck is it so i'm going
26443.04 -> to just touch a file here and see if it
26444.558 -> overrides it
26447.36 -> oh i don't care i'll just type sudo
26450.558 -> and what we can do is just try to
26451.84 -> restart this system ctl um
26455.6 -> there's a very similar command that's
26457.2 -> like uh service and so i always forget
26459.12 -> the order of it so
26460.798 -> i think it'd be i'm just checking
26463.04 -> probably
26464.558 -> restart
26465.84 -> httpd
26468.798 -> and so fail to restart the policy was
26471.44 -> not provided as the name service
26473.76 -> service
26480.16 -> uh maybe sudo
26483.52 -> there we go and so if we go back here
26485.44 -> i'm gonna see if it changed
26487.28 -> because it will take whatever is in the
26488.878 -> index.html file so if there's no file
26490.718 -> there it's going to show that there and
26492.878 -> so what i can do
26494.24 -> is i can edit this file i'm going to
26495.52 -> type vi index html and
26498.398 -> um i'm going to hit i for insert mode
26501.6 -> oh it says it's read only so what we
26503.28 -> have to do
26504.478 -> cue colon cue quit
26507.84 -> oops clear
26509.6 -> ls and so what we need to do is do sudo
26512.398 -> vi
26513.6 -> index html
26515.12 -> and so vim every single key is a hot key
26518.08 -> okay um
26519.36 -> i'm not teaching vim here but i'm going
26520.638 -> to teach you the basics but the idea is
26521.92 -> that when you're here notice that the
26523.84 -> cursor is blinking when i hit i it
26526.798 -> enters insert mode now i can type
26528.798 -> normally so i'd say hello
26531.44 -> uh hello cloud okay and i'm gonna hit
26534.24 -> escape to go back to um
26537.04 -> navigation mode whatever you wanna call
26538.478 -> it i'm gonna hit colon so it brings up
26540.878 -> the command i'm gonna type in uh write
26543.92 -> and quit okay and hit enter
26546.398 -> and so i'll type clear and so oops clear
26550 -> and so we'll hit up till we get that
26552.16 -> command
26553.6 -> sudo systemctl restart httpd we'll hit
26556.24 -> that hit enter
26559.44 -> okay and it should restart
26562.16 -> pretty fast
26563.68 -> there it is this is hello cloud i
26565.52 -> probably didn't even have to restart it
26566.878 -> to do that but anyway so now that
26568.958 -> instance uh you can see how we're
26570.478 -> updating that so what i want to do is
26572.398 -> just do a sanity check and make sure
26574.478 -> that if we restart this instance that
26576.638 -> we're going to be able to
26578.878 -> have apache running that's something you
26580.16 -> should always do if you have an app and
26581.52 -> you or anything you install it restart
26583.84 -> your server make sure that everything
26585.12 -> works so what i'm going to do
26586.84 -> is uh just hit exit here so we go back
26590 -> to the top level cloud shell type clear
26592.638 -> i'm going to go back over to my ec2
26594.478 -> instance
26595.84 -> i'm gonna have to click around to find
26597.04 -> it here and what i want to do is reboot
26599.12 -> it
26600 -> okay and if i reboot the machine the ip
26602.398 -> address is going to stay the same okay
26605.28 -> so if we reboot it the ip address is
26606.878 -> going to stay the same and the reboot's
26608.558 -> going to happen really fast if we want
26610.638 -> to observe that reboot we could go over
26613.04 -> to
26614 -> um here on the right hand side go to the
26615.92 -> system log and it would show us that it
26618.24 -> it had rebooted
26620.638 -> i think so yeah it does cloud in it
26622 -> there i think it rebooted
26624.398 -> not sure
26625.68 -> but anyway if it's rebooted then we can
26627.68 -> go ahead and connect and make sure
26628.958 -> everything's fine so let's just go here
26630.638 -> and hit enter
26632.08 -> and let's see if the what the webpage is
26634.08 -> here
26638 -> notice that it's hanging right so it's
26639.76 -> probably because it's still restarting
26642.718 -> even though it doesn't look like it is
26643.92 -> and that's something that you have to
26645.04 -> understand about the cloud is that
26647.68 -> you have to think about what you're
26648.878 -> doing and have confidence that it is
26650.558 -> happening and also just double check it
26652.718 -> but uh that's something that can be kind
26654.398 -> of frustrating because these are
26656.16 -> globally available services uh they're
26658.638 -> massively scalable and so one of the
26660.16 -> trade-offs is that you don't always have
26661.84 -> the most
26662.798 -> uh responsive uh uis aws has one of the
26665.52 -> most responsive uis out of all the major
26667.6 -> providers but even still like sometimes
26669.28 -> i have to second-guess myself but the
26671.12 -> page right now is not working now it is
26673.84 -> so it's fine so it just took time for
26675.44 -> that to reboot
26676.718 -> and so um what i want to do is connect a
26678.798 -> different way so we're going to go here
26680.638 -> and we're going to hit um we're going to
26682.24 -> checkbox that on we're going to hit
26683.36 -> connect and instead of using ssh client
26685.52 -> we're just going to go to sessions
26686.32 -> manager and hit connect
26688.478 -> and this is the preferred way of
26689.84 -> connecting because you don't have to
26692 -> have this this ssh key and that's a lot
26695.36 -> more secure because if someone has that
26697.12 -> key and you you know you hand it to
26698.718 -> someone they could hand it to somebody
26700 -> else and then you have a big problem on
26701.44 -> your hands so here this looks very
26703.68 -> similar but if you type who am i it
26705.28 -> actually logs in as the ssm user which
26707.12 -> is kind of annoying so i type in sudo su
26710.08 -> i have to do this hyphen here and then
26711.52 -> i'm going to say the user i want to be
26712.878 -> which is ec2 user
26714.478 -> and then if i type umi we are the
26716.16 -> correct user you can't do anything in
26717.68 -> that ssm hyphen user or
26719.84 -> ssm user so you got to switch that over
26722.08 -> and i can bump this up to make it a bit
26723.6 -> larger so this is obviously not as nice
26725.6 -> as working over here or even in your own
26727.52 -> terminal but
26729.12 -> it's a lot more secure and it's tracked
26731.2 -> and all these other things so we really
26732.958 -> should be using it okay
26735.76 -> and um i really don't like having to
26737.84 -> bump this up with my html i'm just go
26740 -> back to zero there there's probably a
26741.44 -> way to configure that but anyway
26743.44 -> let's just go
26745.04 -> and take a look at our file
26747.44 -> i'm gonna type buy again and we're gonna
26748.638 -> do var
26749.84 -> www.html
26751.6 -> index html
26753.28 -> i could put pseudo in front of there
26755.68 -> and again remember you have to hit i to
26757.76 -> go into insert mode
26760.798 -> and what i'm going to do is just
26763.04 -> capitalize that hello cloud give that
26764.958 -> exclamation mark colon wq to quit right
26767.92 -> quit i'm going to go back here refresh
26769.84 -> okay so we don't have to restart our
26771.12 -> server which is nice
26772.798 -> all right
26773.84 -> so um
26775.6 -> that's that that's pretty clear so i'll
26777.28 -> hit terminate here
26779.44 -> and i don't think we need cloud shell
26780.798 -> for anything so i'm just gonna close
26782 -> that
26783.04 -> and so that's pretty much it when it
26785.12 -> when it comes to working with an ec2
26787.84 -> instance and so the next thing i want to
26789.04 -> show you is elastic ip okay
26791.33 -> [Music]
26795.44 -> okay so now i want to show you elastic
26797.44 -> ip
26798.878 -> commonly abbreviated to eip and so all
26801.2 -> that is it's just a
26803.04 -> a static ip and ip that does not change
26805.04 -> because this ec2 instance here notice
26807.36 -> that it's 54 163 4 104
26810.638 -> and what would happen if we were to stop
26812.638 -> this instance not reboot it but stop it
26814.398 -> because for whatever reason we had to or
26817.28 -> or um for whatever reason
26819.76 -> and if we were to stop this instance and
26822 -> we were to restart it
26825.36 -> okay
26827.12 -> and we have to wait for it to stop but
26829.12 -> that ip address is going to change okay
26833.52 -> so 54 163 4104 hopefully we can observe
26836.638 -> that
26837.92 -> i'm just going to write that down so we
26839.52 -> do not forget
26841.44 -> so i can prove to you that it does
26843.44 -> change
26847.04 -> and now that it it's still stopping here
26850 -> so as that's stopping we're just going
26851.36 -> to go ahead and get our elastic ip and i
26854.08 -> will prove that as we go here so i'm
26855.92 -> going to go over to here
26857.76 -> and so what i want to do is reserve or
26859.44 -> allocate an elastic ip address and so
26861.52 -> i'm going to say us east 1
26863.84 -> and it's going to say from the amazon
26865.76 -> pool of ipv4 addresses so eight of us
26867.84 -> has a bunch of ip addresses they're
26869.84 -> holding on to and so you can just
26871.84 -> allocate one
26873.68 -> and once you've allocated that's your ip
26875.44 -> address so coming back to here
26878.638 -> okay this has stopped
26880.398 -> notice there is no public ip address
26882.32 -> we're going to start it again
26887.36 -> okay and then we'll just checkbox it on
26888.878 -> and we just have to wait a little while
26890.718 -> to see what the ip address is going to
26893.2 -> be i'm going to tell you it's going to
26894.478 -> be something else
26897.52 -> so if i go back here this is 54 235 12
26901.68 -> 110 and our original one was 54 163 for
26904.878 -> 104. so the reason why it's important to
26907.68 -> have the same address is that if uh you
26910.16 -> have a load balancer well not a load
26911.92 -> bouncer but if you have a domain
26913.6 -> pointing to your i your server and you
26916.958 -> reboot then the route you have a
26919.36 -> dangling um
26920.958 -> a path or route where revenue 3 which is
26923.76 -> going to be pointing to nothing and so
26925.04 -> it was does have things to mitigate that
26927.12 -> like aliases and things like that but in
26929.68 -> general you know there's cases where you
26931.12 -> just have to have a static ip address
26933.52 -> and so we had allocated one over here
26935.92 -> and if we want to assign it we're going
26938 -> to associate that elastic ip address
26940.32 -> we're going to drop it down choose the
26941.84 -> cc2 instance
26943.52 -> um i suppose the private ips as well and
26946.24 -> then we're going to go ahead and hit
26947.92 -> allocate or associate
26950.24 -> and once it's associated it should now
26952.32 -> have 34 199 121
26955.28 -> 116. so we go over here
26959.68 -> and we're going to take a look here and
26961.36 -> that's its ip address we can pull it up
26964.84 -> okay and that's that so yeah that's
26967.2 -> elastic ip
26968.48 -> [Music]
26972.958 -> okay so now that we
26974.638 -> have our elastic ip we have our ec2
26976.32 -> instance running let's say um you know
26978.478 -> we lose the server we terminate it so we
26980.32 -> would lose all of our configuration so
26981.92 -> if we wanted to bake this ami to save it
26984 -> for later what we'd have to do is go and
26986 -> create an image so to do that we go to
26987.92 -> the top here and we go to images and
26989.6 -> templates and we can create an image or
26991.12 -> we can create a a template which is a
26993.12 -> lot better but for the time being we're
26994.558 -> going to go ahead and create an image
26996.08 -> and when you create an image you're
26996.878 -> basically creating an ami and so here
26999.2 -> i'm just going to say my ec2
27002.558 -> and i'm going to 000 to just kind of
27004.24 -> like number it so that's a very common
27006 -> numbering just do three zeros and then
27007.52 -> increment by one and so here i'm going
27009.84 -> to say my apache server
27012.478 -> and so it's going to save some settings
27014.16 -> like the fact that there is a volume you
27017.04 -> could save some tags there and so i
27018.878 -> might go ahead and add a tag and it'll
27020.398 -> say name and we'll just say my ec2
27022.958 -> server or
27024.478 -> so that it remembers that
27027.04 -> okay
27028 -> and then what we'll do is go ahead and
27029.36 -> create our image
27031.12 -> and so this can take a little bit of
27032.798 -> time if we go over to
27034.878 -> uh images here
27037.28 -> it's going to be spinning for a while
27038.878 -> and we'll just wait until it's done okay
27041.28 -> all right so after waiting a little
27042.478 -> while here our ami is ready so we're
27044.558 -> just waiting for it to go available if
27046 -> you do not see it just make sure you hit
27047.52 -> the refresh
27049.04 -> because sometimes aws will just spin
27050.798 -> forever
27051.84 -> and so that's just something you'll have
27053.12 -> to do
27054.16 -> so you know hopefully that makes sense
27055.76 -> what we'll do is go make our way back
27057.92 -> over to instances here and we can launch
27060.478 -> one this way well actually we can do it
27062.478 -> over from
27064.638 -> the ami page so what i'm going to do is
27066.32 -> just terminate this instance we're all
27068.16 -> done with it
27069.44 -> okay and we'll hit terminate it's
27071.52 -> totally fine and it had a message about
27073.52 -> elastic ips about releasing them so when
27075.6 -> it does that the elastic ip is still
27077.6 -> over here so it did not release it so
27080.398 -> what we're going to do is go ahead and
27082.32 -> disassociate the elastic ip
27085.2 -> okay
27086 -> and then we're also going to release the
27088.24 -> ip address because if we don't we're
27090.32 -> going to have this ip addresses sticking
27091.68 -> around that we're not using it this is
27093.04 -> going to charge us a dollar a month over
27094.32 -> month so just be aware of those because
27096 -> that's just kind of like a hidden cost
27097.28 -> there but what we're going to do is go
27099.2 -> over to ami
27101.28 -> and we're going to select it here we're
27102.478 -> going to go to actions we're going to go
27103.68 -> ahead and launch
27105.68 -> and what it's going to do is make us
27107.04 -> fill all this other stuff again so if
27109.04 -> you had made a launch template we
27111.12 -> wouldn't have to fill out all the stuff
27112.398 -> it'd be part of it but that's what i'm
27113.92 -> trying to show you with this ami stuff
27115.52 -> so
27116.638 -> instead of filling out all this what i'm
27118.638 -> going to do is now go create a launch
27120.398 -> template just to kind of show you that
27122.478 -> that would be a much easier way to work
27126.16 -> so we go over to ec2 instances and then
27128.718 -> on the left-hand side we're looking for
27130.798 -> a launch template launch launch
27132.958 -> configurations is the old thing
27135.04 -> um launch templates here we go
27137.76 -> so what we'll do is create ourselves a
27139.6 -> launch template we'll just say my apache
27142.16 -> server
27143.84 -> and
27144.718 -> then down below we need to choose our
27146.638 -> ami so we're going to go here and we
27149.04 -> need to type it in so what did we call
27150.478 -> it my ec2
27155.12 -> i really don't like this search here
27156.798 -> it's very slow and frustrating but once
27158.398 -> we find it whoops
27160 -> that's why i don't like it because a lot
27161.6 -> of times you'll be loading and you'll
27163.04 -> end up clicking the wrong thing
27165.6 -> okay so
27168.398 -> uh i don't like this okay we'll type in
27171.12 -> my
27173.84 -> give it a second
27177.12 -> there it is and just wait because it
27178.798 -> will keep loading and then once it's
27180.478 -> loaded hit enter
27183.44 -> and so it has that instance selected and
27185.2 -> then from there
27186.32 -> uh don't include in the launch template
27188.718 -> so here we could be explicit i would say
27191.04 -> i want this to be
27192.16 -> t2 micro but we could exclude it if we
27194.398 -> wanted to we could specify the key pair
27196.718 -> here um not that we really want to use
27198.718 -> key pairs we'll say my ec2 instance then
27201.28 -> down down here for the networking we can
27203.04 -> specify that security group we created
27205.04 -> so we created one here called myec2sg
27208.718 -> um storage is fine it's going to be
27211.28 -> encrypted network interface is fine
27213.68 -> advanced details what i want to do is
27215.6 -> set the i am instance profile that's
27217.12 -> really important because we don't want
27218.558 -> to have to figure out that role every
27220.24 -> single time
27221.6 -> so put that there
27223.52 -> and that should be
27225.52 -> everything and we could put user data in
27227.28 -> there but it's already baked into our
27228.638 -> ami so we don't have to worry about
27230 -> anything so what i'm going to do here is
27231.92 -> go ahead and create this launch template
27234.638 -> and then we're going to view this launch
27235.92 -> template and so now what we can do is
27238.08 -> then use it to
27240 -> launch an instance
27241.84 -> okay
27242.878 -> and so we're going to look here and it's
27244.478 -> very similar to dc tube except it's
27246.638 -> vertical so we're going to have one
27248.16 -> instance it's going to use that ami that
27249.92 -> instance type so you can see how you can
27251.68 -> override them which is nice we're going
27253.52 -> to check the advanced details and make
27254.878 -> sure that iom profile is set and we'll
27257.2 -> go ahead and launch this from a template
27260.16 -> so
27260.958 -> from there we can go ahead and click the
27262.638 -> instance value there
27264.478 -> and just be aware that when you do click
27266.24 -> through links like that you'll end up
27267.36 -> with a search so i was just check box
27268.718 -> that off so i can see what i'm doing
27270.558 -> and so we're just waiting for this
27272 -> instance to show up and the only thing i
27273.28 -> noticed is it didn't set our darn tags
27275.84 -> so i wanted the name in there and i
27277.84 -> think it's because we set it in the ami
27279.52 -> but it didn't carry over to the launch
27281.04 -> template so i'd have to go back to the
27282.878 -> launch template and update it probably
27284.638 -> so if i go into here into the launch
27286.32 -> template
27289.28 -> we can probably modify create a new
27291.28 -> version
27293.68 -> and then add tags there
27295.84 -> so we say name
27299.12 -> my apache server
27302.958 -> i realize i'm changing between them and
27304.878 -> so that should allow us to have a
27306.718 -> version two so we'll create that
27309.04 -> and but anyway that will be for the next
27311.28 -> time we launch it okay
27313.52 -> and so this instance is running i'm
27315.28 -> gonna go grab the ip address
27317.76 -> the server may or may not be ready we'll
27319.52 -> take a look here
27321.04 -> and so it's just spinning if it's
27322.958 -> spinning it's either the server is not
27324.558 -> ready or um our port's not open so it
27327.52 -> was just
27328.398 -> getting ready to work there so it is
27329.84 -> working now
27331.04 -> so that is our launch template so now
27333.84 -> you know we don't have to worry about
27334.958 -> losing our stuff and if we need to make
27336.478 -> new versions we can just
27338.24 -> bake new amis
27339.92 -> and increment them
27341.76 -> and attach them as new versions of the
27343.36 -> launch template okay
27345.12 -> [Music]
27349.52 -> all right so what i want to show you in
27351.12 -> this follow along is to set up an auto
27353.2 -> scaling group for our ec2 instance and
27355.6 -> the idea behind this is that
27357.6 -> we'll be able to always ensure that a
27359.68 -> single server is running or increase the
27362.398 -> capacity if the demand requires it so in
27365.04 -> order to create an auto scaling group we
27366.798 -> can go all the way down below to here
27370.478 -> and so you know i really don't like the
27372.478 -> autoscaling group form but it's okay
27374.16 -> we'll work our way through it so the
27375.2 -> first thing is we'll have to create our
27377.2 -> or name our auto screen group so let's
27378.558 -> just say my asg and then we'll have to
27381.28 -> select a launch template which is great
27382.798 -> because we already have one and then
27384 -> we'll have to select the version i'm
27385.36 -> going to select version two so that it
27386.878 -> applies that tag name
27388.638 -> and we'll go to next
27390.478 -> and so here
27392 -> it's going to need to select a vpc and
27394.398 -> then we need some subnets so we're going
27396.798 -> to choose three just because to have
27399.04 -> high availability you have to be running
27401.04 -> at least three different availability
27402.638 -> zones so that's why we have three
27403.6 -> different subnets and then down below we
27405.68 -> have the instance type requirements so
27407.76 -> uh t2 micro
27409.76 -> launch template looks good to me so
27411.76 -> we'll go ahead and hit next
27415.2 -> and then from here we can choose to do a
27417.04 -> load balancer and so i want to do the
27419.04 -> load balancer separate so we won't do it
27421.44 -> as of yet but very often if you're going
27423.12 -> to have an auto selling group you're
27424.08 -> going to usually have a load balancer
27425.84 -> but we'll talk about that when we get to
27427.92 -> that point there so we'll just go to the
27430.398 -> bottom here and hit next and so this is
27432.32 -> what's important so
27433.84 -> how many do you want to be always
27435.36 -> running and so we always want to have
27437.2 -> one and maybe the maximum capacity is
27439.12 -> two and you want the desired cast
27440.718 -> capacity to be around a particular
27443.04 -> number so if you had three and you said
27444.478 -> the desired is two
27445.92 -> there are things that could try to work
27447.28 -> to always make sure there's two but we
27448.718 -> just want to have one for this example
27450.878 -> we can set up scaling policy so i do
27453.04 -> target tracking scaling policy and so
27455.36 -> here we could do it based on a bunch of
27456.958 -> different things so if the cpu
27458.08 -> utilization went over 50 percent it
27460 -> would launch another server so that
27462 -> might be something we might want to set
27463.28 -> so we're not going to try to trigger the
27465.76 -> scaling policy but we might as well just
27467.52 -> apply because it's not too hard and you
27469.36 -> can also do a scaling scale in
27471.36 -> protection policy so if you want to make
27473.28 -> sure it does not
27476 -> reduce the amount of servers that's
27477.12 -> something you could do
27478.558 -> we could add a notification to say hey
27480.558 -> there's a scaling policy happening here
27482.398 -> which is fine we don't have to worry
27483.76 -> about that and there's tags so add text
27486.32 -> to help you search filter etc
27488.798 -> so i'm going to put a tag here i'm going
27490 -> to say name
27491.52 -> i'm just wondering if this is going to
27492.478 -> attach to the ec2 instance or this is
27494.16 -> for the auto scanning group you can
27495.44 -> optionally choose to add tags to
27497.28 -> instances by specifying tags in your
27499.44 -> launch template so we already did that
27500.958 -> so i don't need to put a tag here
27503.44 -> and so we can review
27505.12 -> our
27506.558 -> auto scaling group and go ahead and
27508 -> create that auto scaling group
27510.878 -> okay and so that auto scaling group
27513.6 -> expects there to be a single instance so
27515.28 -> what's going to do is it's going to
27516.558 -> start a launching an instance and so
27518.798 -> what i'm going to do is just get rid of
27520.24 -> this old server because we don't need it
27522.16 -> anymore this old one here
27524.84 -> okay and you can already see
27528.24 -> okay that the load balancer
27530.478 -> is launching this new one here and
27532 -> remember we updated our version two to
27533.92 -> have that name so that's how we know
27535.12 -> that it is so if we go back over to our
27537.36 -> auto scaling group
27541.36 -> okay it's now saying there's an instance
27543.76 -> we don't have a status as of yet
27547.92 -> and so there are ways of doing uh status
27550.16 -> checks to for it to determine whether or
27552.16 -> not the server is working
27554.798 -> because if the server is unhealthy what
27556.718 -> it would do is it would actually kill it
27558.398 -> and then start up a new one right so if
27560 -> i go down below it's right now doing the
27561.68 -> ec2 health check and the ec2 health
27563.2 -> check just means that is the server
27565.2 -> working right is it running it doesn't
27567.52 -> necessarily mean like hey can i load
27569.12 -> this web app um but you know it's very
27571.68 -> simple so we'll give it a moment here
27574.32 -> to start up and just make sure that it's
27575.84 -> working
27581.2 -> okay and i think it's ready so if i take
27582.878 -> that public ip address here and paste it
27584.638 -> in there it is okay
27587.44 -> so if we were to
27589.04 -> tell it to increase the capacity to
27590.798 -> three then what it would do is it would
27592.16 -> launch three and then it should probably
27594.478 -> launch it all evenly to those other
27597.52 -> it should evenly launch it to all those
27599.92 -> other uh availability zones and then
27601.6 -> we'll have something that is highly
27602.798 -> available okay
27604.398 -> so that's pretty much it for this and
27605.92 -> then we'll move on to auto scaling
27607.28 -> groups
27611 -> [Music]
27612.24 -> all right so we have our ec2 instance
27614.718 -> now managed by an auto screen group and
27616.718 -> the great thing is that if we terminate
27618.558 -> this instance this auto discounting
27620.398 -> group will launch another uh instance to
27622.798 -> meet our particular capacity um the only
27625.44 -> thing though is that if we were to have
27627.28 -> multiple ec2 instances running like
27629.04 -> three of them
27630.08 -> um how would you distribute traffic to
27633.2 -> the mall right so you know you have an
27635.04 -> ip address coming in from the internet
27637.36 -> but let's say you want to evenly
27639.12 -> distribute it and that's where a load
27640.558 -> bouncer comes into play
27642.478 -> and even if you have a single server you
27644.16 -> should always have a load balancer
27645.36 -> because it just makes it a lot easier
27646.638 -> for you to scale when you need to
27649.44 -> and you it acts as an intermediate layer
27651.2 -> where you can attach a web application
27652.798 -> firewall you can attach an ssl
27655.04 -> certificate for free
27656.878 -> so there's a lot of reasons to have
27658.958 -> a load balancer so what we'll do is go
27661.28 -> down below on the left-hand side and
27662.718 -> we're going to make our way over to load
27663.92 -> bouncers and we're going to create
27665.28 -> ourselves a new load balancer so i'm
27667.6 -> going to hit create load balancer here
27670.32 -> and you're going to see we have a lot of
27671.52 -> options application load bouncer network
27673.28 -> load balancer gateway load balancer and
27675.12 -> then the classic load bouncer and so we
27677.84 -> are
27678.958 -> running an application so i'm going to
27680.638 -> create an application load balancer and
27682.478 -> here i'm going to say my alb
27685.2 -> for an application load balancer this is
27686.798 -> going to be internet facing it's going
27688.16 -> to be ipv4
27690.16 -> we're going to let it launch in the
27691.68 -> default
27692.958 -> subnet and we're going to choose the
27694.16 -> same
27695.36 -> the same
27697.84 -> azs
27699.04 -> right so that we get the same subnets as
27701.28 -> our
27702.16 -> that are in our auto scanning group and
27703.76 -> that's really important okay
27705.68 -> and then here um you know we need to
27708.718 -> have a security group and i just feel
27711.04 -> like selecting the same one here because
27712.478 -> that should work
27713.84 -> no problem there
27715.44 -> and we want to make sure that we can
27717.52 -> listen on port 80 and then it's going to
27719.36 -> forward it to a a target group it looks
27722.718 -> like i might have a target group there
27724.558 -> from before so just to reduce that
27727.12 -> confusion you won't have this problem
27728.798 -> i'm just going to double check if that's
27730 -> true
27731.28 -> so do i have a target group from there
27732.638 -> before before yes i do
27735.04 -> that came from
27737.68 -> i'm not sure it might have been created
27738.958 -> by um
27740.638 -> elastic bean stock and wasn't deleted
27742.878 -> okay so i'll go back over to here just
27745.12 -> so there's less confusion
27746.798 -> and
27749.28 -> we were selecting our target group so
27751.12 -> we're going to create a new target group
27753.12 -> so we'll go over here
27754.558 -> and here you can choose whether it's
27756.08 -> instance ip lambda application load
27758.638 -> balancer so you could point it
27760.398 -> specifically to an ip address and so if
27762.398 -> it was a static ip address that would
27763.68 -> make sense
27764.718 -> uh apparently you can port uh
27767.2 -> point it directly to instances i don't
27768.958 -> remember seeing that option before
27771.36 -> i guess that makes sense yeah no sorry
27772.958 -> that makes sense because i would go to
27774.32 -> uh vpcs okay or sorry uh asgs
27777.52 -> autoscaling groups it's just that
27779.68 -> you're pointing them to auto screen
27780.798 -> groups you're not pointing them to
27781.76 -> instances so that's why that's confusing
27783.36 -> so i'm going to say
27784.478 -> my
27785.52 -> target group it'll be for port 80 here
27788.558 -> protocol http 1 is fine we want to be in
27792.08 -> the same
27793.28 -> vpc so that's fine as well
27795.76 -> and down below we have our health check
27797.68 -> and so the forward slash means that it's
27798.958 -> going to hit the index.html page and so
27801.12 -> if it gets back
27802.558 -> um something healthy and that that
27804.558 -> something healthy is going to be um
27807.36 -> port 80 then it's going to be considered
27809.68 -> good
27810.558 -> and then we can say the threshold of
27812.398 -> check so i'm just going to reduce this
27813.44 -> so it's not so crazy so we'll say three
27815.84 -> uh two and then ten
27818.478 -> okay
27820 -> and then it expects back a 200 which i
27822.478 -> think that's what we'll get back so
27824.08 -> we'll go ahead and hit next and so now
27826.32 -> we have our target group and it should
27829.68 -> register instances so it's saying hey we
27831.52 -> detected this and this fits the
27833.12 -> requirements for this so this is now
27835.6 -> uh this is now in this target group okay
27838.16 -> so we can go back over here
27840.398 -> and we can now drop down and choose oops
27843.12 -> hit the refresh button
27845.68 -> and choose our target group
27848.398 -> so i'm not
27850.32 -> seeing it here so i'm gonna go back over
27851.84 -> here oh we didn't create it okay
27855.68 -> and now we can go back hit refresh and
27858.08 -> there it is
27860.878 -> and yeah that looks all good so we'll go
27863.2 -> ahead and hit create load bouncer
27865.92 -> we can view the load balancers and these
27867.68 -> crate really fast
27869.12 -> if we scroll on up
27870.718 -> what we can do is now access our server
27873.2 -> through this dns name okay so we copy
27875.28 -> that
27876.398 -> paste that on in there
27878.798 -> does it work
27884.718 -> not as of yet so if it's not working
27886.718 -> there because we did say look at these
27888.878 -> instances another way is to directly
27890.798 -> associate your auto scaling group with
27892.798 -> the load balancer
27894.24 -> so if i go into here and we hit uh
27897.36 -> edit
27899.92 -> there is a way
27901.44 -> aha a little bouncer so
27904.398 -> we want to associate this way and we
27906.08 -> want to say this target group here
27909.76 -> and also while we're here we might as
27911.12 -> well set it to elb so it's going to use
27912.638 -> the elb check so that makes it so the
27914.478 -> auto scaling group
27915.76 -> if it wants to restart server it's going
27917.6 -> to use the elbs check which is a lot
27919.28 -> more sophisticated
27920.958 -> and then what we'll do is go hit update
27923.84 -> okay
27926.798 -> and now if we go back over to our load
27929.36 -> balancer i'm just going to close some of
27930.32 -> these tabs so it's a little less
27931.6 -> confusing
27934.24 -> a little bouncer here
27938.32 -> i think we should be able to see through
27940.08 -> here whether it is seeing it
27943.68 -> let's go down below listeners monitoring
27946.638 -> integrated services no it's going to be
27948.718 -> through the target group
27952.638 -> okay
27956.558 -> i mean it already had it there so maybe
27958.558 -> it's just that it hasn't finished the
27959.92 -> check so over here it has a health
27961.84 -> status check oh now it's healthy okay so
27964.24 -> if it's healthy in the target group and
27965.84 -> the load bouncer is pointing to it then
27967.76 -> it should technically work so we're
27969.36 -> going to go ahead and
27972.638 -> copy the dns again here make a new tab
27975.92 -> paste it in
27979.68 -> and there it is okay so
27982.08 -> that's how you're gonna access
27983.92 -> all your all your instances that are
27985.68 -> within your auto scanning groups you're
27986.798 -> gonna always go through the dns and so
27988.958 -> if you had a row 53
27991.04 -> domain like your domain managed by aws
27993.36 -> you just point to the load balancer and
27995.52 -> that's how you hook it up so that's
27997.12 -> pretty much it so yeah there you go
28003.68 -> all right so there you go we learned
28004.798 -> everything we wanted to know about ec2
28006.558 -> so the the last thing to do is to tear
28008.718 -> everything down so we have a load
28010.16 -> balancer we have an auto scanning group
28011.92 -> um and those are the two things we'll
28013.36 -> have to
28014.32 -> pull on down so the first thing would be
28016.398 -> to take down the auto scaling group and
28018.398 -> when you delete another scaling group
28019.68 -> it's going to delete all the ec2
28021.2 -> instances so we'll do it that way if you
28023.68 -> tried to delete the ec2 it would just
28026 -> keep on spinning up so you have to
28027.28 -> delete that first and so as that's
28029.28 -> deleting then we'll be able to delete
28030.798 -> our load balancer i'm going to try
28032.32 -> anyway to see if i can delete it at the
28033.76 -> same time
28036.558 -> and so i'll go up here i'm going to go
28038.24 -> ahead and delete that load balancer
28040.798 -> actually it did work no problem
28043.44 -> i'm gonna make sure i don't have any
28044.558 -> elastic ips
28046.798 -> i'm gonna also make sure i don't have
28048.32 -> any key pairs
28050.16 -> you can keep your key pairs around but
28051.68 -> like i just want to kind of clean this
28053.28 -> up so
28056.398 -> okay
28067.44 -> okay and that instance should be
28068.718 -> terminating
28071.52 -> go back to the auto scan group here
28077.36 -> if we click into it we can check
28079.92 -> its activity here
28083.68 -> so it's just saying successful so it is
28086.16 -> waiting on elb connection draining which
28088.718 -> is kind of annoying because we deleted
28090.878 -> elb so there's nothing to drain
28093.84 -> um draining is just to make sure that uh
28097.04 -> you know there's no interruptions when
28098.32 -> terminating services so just trying to
28100.08 -> be smart about it
28111.52 -> and all i want to see is that it's just
28112.958 -> saying terminating over here and then i
28114.638 -> think we're done
28116.638 -> okay so we'll just have to wait a little
28118.16 -> while here okay
28120.16 -> and i'll see you back in a moment okay
28122.638 -> all right so after waiting a very long
28124.32 -> time it did destroy so if i go down over
28127.36 -> to my load balancer here we're gonna see
28130.08 -> that it does not exist so there was that
28131.76 -> connection draining thing which was kind
28133.28 -> of annoying it's probably because i
28134.718 -> deleted the load balancer first and then
28136.558 -> the um
28138.08 -> the uh
28139.36 -> the autoscaling group second and
28141.04 -> probably connection draining was turned
28142.32 -> on but it's not a big deal we just
28143.84 -> waited and it did eventually delete so
28146.08 -> we're pretty much all done here so there
28147.68 -> you go
28148.28 -> [Music]
28152.558 -> hey this is andrew brown from exam pro
28154.398 -> and we are taking a look at ec2 pricing
28156.16 -> models and there are five different ways
28157.6 -> to pay with ec2 remember each two are
28159.6 -> virtual machines so we have on-demand
28161.44 -> spot uh reserved dedicated and adamus
28164.558 -> savings plans so what we'll do is look
28166.958 -> at these in summary here and then we'll
28168.638 -> dive deep onto each of these different
28170.638 -> pricing models so for on demand you are
28172.798 -> paying the uh a low cost and also you
28174.958 -> have a lot of flexibility with this plan
28177.04 -> uh you are paying per hour so this is a
28178.958 -> pay-as-you-go model uh or you could be
28181.36 -> paying down to the second which we'll
28183.28 -> talk about uh the caveats there when we
28185.44 -> get to the on-demand section this is
28186.958 -> suitable for workloads that are going to
28188.638 -> be short-term spiky unpredictable
28190.798 -> workloads uh that cannot be interrupted
28193.12 -> and it's great for first-time
28194.24 -> applications and the on-demand pricing
28196.958 -> model is great when you need the least
28198.32 -> amount of commitment for spot pricing
28200.32 -> you can see we can save up to 90 percent
28202.24 -> which is the greatest savings of out of
28203.68 -> all these models here uh the idea here
28205.68 -> is you're requesting spare computing
28207.12 -> capacity that database is not using and
28209.12 -> that's where you're gonna get that
28210 -> savings you have flexible start and end
28211.84 -> times
28212.798 -> but your workloads have to be able to
28214.398 -> handle interruptions because these
28216.24 -> servers can be stopped at any time to be
28218.08 -> giving to more priority customers and
28220.478 -> this is great for non-critical
28221.84 -> background jobs very common for like
28223.76 -> scientific computing
28225.44 -> where jobs can be started and stopped at
28227.04 -> any given time this has the greatest
28228.878 -> amount of savings then you have reserve
28230.958 -> or reserved instances this allows you to
28233.04 -> save up to 75 percent this is great for
28235.44 -> steady state or predictable usage you're
28237.6 -> committing with aws for ec2 usage over a
28241.28 -> period of one or three year terms you
28243.36 -> can resell on
28245.52 -> unused reserve instances so you're not
28247.6 -> totally stuck with this if you buy them
28249.44 -> this is great for the best long term
28251.84 -> savings then you have dedicated so these
28254.24 -> are just dedicated servers and
28255.76 -> technically not a pricing model but more
28257.92 -> so that the fact that it can be utilized
28259.68 -> with pricing models um but the idea here
28262.24 -> is it can be used with on demand
28263.84 -> reserved or even spot this is great when
28266.16 -> you need to have a guarantee of isolate
28268.558 -> hardware for enterprise requirements and
28270.638 -> this is going to be the most expensive
28272.958 -> so yeah there you go and we'll dive deep
28274.878 -> here okay
28276.11 -> [Music]
28281.2 -> so the on-demand pricing model is a
28283.2 -> pay-as-you-go model where you consume
28285.44 -> compute and then you pay later so when
28288.16 -> you launch an ec2 instance by default
28290.558 -> you are using that on-demand pricing and
28293.44 -> on-demand has no upfront payment and no
28296.16 -> long-term commitment you are charged by
28298.558 -> the second up to a minimum of 60 seconds
28301.2 -> so technically a minute or the hour so
28303.52 -> let's just talk about the difference
28305.2 -> between those uh per second billing and
28307.68 -> those per hour billing so per second are
28310.558 -> for linux windows windows with sql
28313.12 -> enterprise windows with sql standard
28315.44 -> windows with sql web instances that do
28317.6 -> not have a separate hourly charge and
28320.32 -> then everything else is going to be um
28322.958 -> per hour and so
28324.398 -> you know when i'm launching ec2 instance
28326.08 -> i can't even tell when something's per
28327.44 -> second or per hour you just have to know
28329.36 -> that it has a separate hourly charge but
28331.2 -> generally you know if you're just
28332.558 -> launching things it's going to probably
28333.84 -> be the per second billing when you look
28336.08 -> up the hourly or the the pricing it's
28339.04 -> always shown in the hourly rate so even
28340.718 -> if it is using uh per second billing
28343.84 -> when you look up that pricing it's
28345.68 -> always going to show it to you like that
28347.12 -> but on your bill you'll see it down to
28348.878 -> the second okay up to the first 60
28351.2 -> seconds and on demand is great for
28353.6 -> workloads that are short-term spiky or
28355.52 -> unpredictable uh but when you have a new
28358.16 -> app development this is where you want
28359.68 -> to experiment and then when you're ready
28361.76 -> to uh start saving because you know
28363.92 -> exactly what that workload's going to be
28365.36 -> over the span of a year or three that's
28367.28 -> where we're going to get into reserved
28368.478 -> instances which we'll cover next
28371 -> [Music]
28375.12 -> hey this is andrew brown from exam pro
28377.04 -> and we are taking a look at reserved
28378.558 -> instances also known as ri and this is a
28381.6 -> bit of a complex topic but uh you know
28384.16 -> if we do get through it it's going to
28385.36 -> serve you well through
28387.44 -> multiple aw certifications so let's give
28389.6 -> it a bit of attention here so ri is
28392 -> designed for applications that have a
28393.52 -> steady state predictable usage or
28395.6 -> required reserve capacity so the idea is
28398.24 -> that you're saying to aws i'm going to
28399.76 -> make a guaranteed commitment
28401.6 -> saying this is what i'm going to use and
28403.12 -> i'm going to get savings because abuse
28405.04 -> knows that you're going to be spending
28406.478 -> that money okay so the idea here is that
28409.44 -> the reduced pricing is based on this
28411.04 -> kind of formula where we have term class
28413.2 -> offering the r a tributes and payment
28415.44 -> options technically the ra tributes
28417.68 -> don't exactly factor into it other the
28419.68 -> fact that they on our attribute could be
28421.2 -> like the instance type size
28423.04 -> but i'm going to put that in the formula
28424.24 -> there just because it is an important
28425.92 -> component so let's take a look at each
28427.92 -> of these components of the formula to
28430.08 -> understand how we're going to save so
28431.36 -> the first is the term so the term uh the
28434.24 -> idea here is the longer the term the
28435.68 -> greater the savings so you're committing
28437.12 -> to a one year or three year contract
28440.16 -> with aws
28441.52 -> um and one thing you need to know is
28443.28 -> that these do not renew so
28446.24 -> at the end of the year the idea is that
28448.08 -> you have to purchase again
28449.84 -> and when they do expire your instances
28451.68 -> are just going to flip back over to on
28453.28 -> demand with no interruptions to service
28455.84 -> then you have class offerings and so the
28457.6 -> idea here is the less flexible the
28459.36 -> offering the greater the savings so the
28461.36 -> first is standard and this is up to a 75
28464.32 -> reduction in the price compared to on
28466.558 -> demand and the idea here is you can
28468.638 -> modify some ra attributes which we'll
28470.798 -> we'll talk about when we get to the um
28473.76 -> ra tribute section there then you have
28475.6 -> convertible so you save up to 54 reduced
28478 -> pricing compared to on demand and you
28479.76 -> can exchange uh ris based on the ri
28482.958 -> tributes if the value is greater or
28484.798 -> equal in value and there used to be a
28487.28 -> third class called schedule but this no
28488.878 -> longer exists so if you do come across
28490.878 -> it just know that abuse is not planning
28492.878 -> on offering this again for whatever
28494.878 -> reason i'm not sure why
28496.398 -> then there are the payment options so
28497.84 -> the greater upfront the greater the
28499.28 -> savings so here we have all upfront so
28502.16 -> full payment is made at the start of the
28503.68 -> term partial front so a portion of the
28506.398 -> cost must be paid up front and the
28508.24 -> remaining hours in the terms are billed
28510.08 -> at a discounted rate and then there's no
28512.08 -> upfront so you are billed at a
28513.84 -> discounted hourly rate for every hour
28515.92 -> within the term regardless of whether
28517.68 -> the reservation is being used and this
28519.76 -> is really great this last option here
28521.36 -> because basically you're saying to aws
28523.2 -> you're saying like i'm just going to pay
28524.958 -> my bill as usual but i'm going to just
28526.24 -> tell you what it's going to be and i'm
28527.52 -> going to save money so if you know that
28530 -> you're going to be using a t2 medium for
28532.558 -> the next year uh you can do that and
28534.878 -> you're just going to save money okay so
28536.878 -> ris can be shared between multiple
28538.638 -> accounts within an organization and
28540.718 -> unused rise can be sold in the reserved
28542.878 -> instance marketplace but we'll talk
28544.24 -> about the limitations around that when
28546.08 -> we get a bit deeper in here just to kind
28547.84 -> of show you what it would look like at
28548.798 -> the end of this console and they updated
28550.24 -> it i love this new ui here the idea here
28553.04 -> is you're going to filter based on your
28554.398 -> requirements and that's going to show
28555.68 -> you ris that are available and then
28557.92 -> you'll just choose the desired quantity
28559.68 -> you can see the pricing stuff there
28560.878 -> you're going to add it to cart you're
28562.08 -> going to check out and that's how you're
28563.36 -> going to purchase it okay
28565.39 -> [Music]
28569.92 -> so another factor to that formula were
28571.76 -> ri attributes and sometimes the
28573.28 -> documentation calls them r attributes
28574.958 -> sometimes they call them instance
28576.16 -> attributes but these are limited based
28578.24 -> on class offering and can be
28580.398 -> uh can affect the final price of the r
28583.04 -> instance and there are four rh
28585.2 -> attributes so the first is the instance
28587.04 -> type so this could be like an m4 large
28589.76 -> and this is composed of an instance
28591.28 -> family so the m4 and the instant size so
28594.32 -> large okay then you have the region so
28596.718 -> this is where the reserved instance is
28598.32 -> purchased then you have the tendency
28600.398 -> whether your instance runs on shared so
28602.558 -> the default which would be multi-tenant
28605.04 -> or a single tenant which would be
28606.32 -> dedicated hardware and then you have the
28608.398 -> platform whether you're using windows or
28610.478 -> linux even if you're using on-demand of
28612.398 -> course this would just affect your
28613.6 -> pricing but there are some limitations
28615.36 -> around here which we'll get into as we
28617.04 -> dive a bit deeper here with our eye okay
28619.79 -> [Music]
28624.08 -> all right let's compare regional and
28626.16 -> zonal ri so when you purchase an ri you
28628.478 -> have to determine the scope
28630.398 -> for it okay so this is not gonna affect
28632.478 -> your price but it's gonna affect the
28634.08 -> flexibility of the instance uh so this
28636.24 -> is something you have to decide so we're
28638.08 -> gonna talk about regional ri which is
28639.52 -> when you purchase it for a regional and
28641.12 -> zonal ri when you purchase it for an
28643.04 -> availability zone so when you purchase
28645.52 -> it for a regional ri
28647.6 -> it does not reserve capacity meaning
28649.2 -> that there's no guarantee that those
28650.798 -> servers will be available so if anybody
28652.638 -> runs out of those servers uh you're just
28654.478 -> not going to have them but when it's
28656.24 -> zonal uh you are reserving capacity so
28658.798 -> there's a guarantee that those will be
28660.558 -> there when you need them
28662.398 -> in terms of az flexibility
28665.52 -> you can use the regional ri for any az
28668.24 -> within that region but for the zonal ri
28670.798 -> you can only use it for that particular
28672.878 -> region we're talking about instance
28674.718 -> flexibility
28676.32 -> you can apply the discount to uh any
28679.44 -> instance in the family regardless of the
28681.12 -> size uh but then when we're looking at a
28683.52 -> z there is no instance flexibility okay
28685.52 -> so you're just going to use it for
28686.558 -> exactly what you defined you can queue
28689.12 -> purchases for regional ri you cannot
28691.68 -> queue purchases for zonal ri so there
28693.92 -> you go
28695.19 -> [Music]
28699.36 -> let's talk about some ra limits here so
28701.12 -> there's a limit to the number of
28702.398 -> reserved instances that you can purchase
28704.16 -> per month and so the idea here is that
28706.718 -> you can purchase 20 regional reserve
28708.638 -> instances per region and then 20 zonal
28712 -> reserve instances per az so if you have
28714.478 -> a region that has three az's you can
28717.04 -> have uh 60
28719.28 -> zonal reserved instances in that region
28721.44 -> okay there are some other limitations
28723.52 -> here so for regional limits you cannot
28725.92 -> exceed the running on demand instance
28728 -> limit by purchasing regional reserve
28729.92 -> instances the default for on-demand
28731.92 -> limit is 20 so before purchasing your ri
28735.28 -> ensure on-demand limit is equal to or
28737.76 -> greater than your ri you intend to
28739.44 -> purchase you might even want to open up
28741.04 -> a service limit increase just to make
28743.6 -> sure you don't hit that wall for zonal
28746.08 -> limits you can exceed your running on
28748.16 -> demand instance limit by purchasing
28750 -> zonal reserve instances if you're
28751.84 -> already uh have 20 on-demand instances
28754.638 -> and you purchase 20 zone reserved
28756.24 -> instances you can launch a further 20
28758.398 -> on-demand instances that match the
28760 -> specification of your zonal reserved
28761.84 -> instances so there you go
28763.86 -> [Music]
28768.24 -> let's talk about capacity reservation so
28770.558 -> ec2 instances are backed by different
28772.558 -> kinds of hardware and so there is a
28774.478 -> finite amount of servers available
28776.16 -> within an availability zone per instance
28778.16 -> type of family remember an availability
28779.76 -> zone is just a data center or a
28781.36 -> collection of data centers and they only
28783.2 -> have so many servers in there so if they
28785.52 -> run out because the demand is too great
28787.52 -> you just cannot spin anything up and so
28789.12 -> that's what's happening you go to launch
28790.558 -> specific ec2 instant type but abs is
28792.478 -> like sorry we don't have any right now
28794.718 -> and so the solution to that is capacity
28796.798 -> reservation so it is a service of ec2
28799.44 -> that allows you to request
28801.36 -> a reserve of vcc instance type for a
28803.6 -> specific region and a z so here you
28806.24 -> would see that you just select the
28807.44 -> instance type platform a z tendency the
28810.16 -> quantity and then here you might
28812.398 -> manually do it specify time
28814.398 -> or you might say okay i can't get
28816.398 -> exactly what i want but can give me
28817.92 -> something generally around that kind of
28819.84 -> stuff or that type that i want so the
28822.16 -> reserve capacity is charged at the
28823.68 -> selected instance type on demand rate
28825.76 -> whether an instance is running in it or
28827.6 -> not and you can also use regional
28829.92 -> reserve instances with your capacity
28831.68 -> reservations to benefit from billing
28834.32 -> discounts so there you go
28836.29 -> [Music]
28840.558 -> so there are some key differences
28842.08 -> between standard and convertible ri so
28844.558 -> let's take a look at it here so the
28846.08 -> first is that with standard ri you can
28848 -> modify your attributes so you can change
28850.398 -> the az within the same region you can
28852.798 -> change the scope from a zonal ri to
28855.2 -> original ri or vice versa you can change
28857.76 -> the instant size
28859.6 -> as long as it's a linux and it has the
28861.28 -> default tendency you can change the
28863.2 -> network from ec2 classic to vpc and vice
28865.84 -> versa but where you're looking
28867.2 -> convertible you you don't modify ri
28869.92 -> tributes you perform in exchange okay
28872.24 -> and so standard rise cannot do exchanges
28874.958 -> where convertible ri you can uh exchange
28878.398 -> during the term for another convertible
28880 -> ri with new ra attributes and this
28881.76 -> includes the instance family instant
28883.92 -> type platform scope and tenancy um in
28888.24 -> terms of the marketplace you ca they can
28890.638 -> be bought in standard ri uh in the
28892.638 -> marketplace or you can sell your ri if
28894.798 -> you uh don't need them anymore but for
28897.2 -> convertible ri they cannot be sold or
28899.76 -> bought in the marketplace you're just
28900.878 -> dealing with aws directly okay
28903.29 -> [Music]
28907.76 -> hey this is andrew brown from exam pro
28909.68 -> and we are taking a look at the reserved
28911.52 -> instance marketplace we had mentioned a
28913.44 -> prior so let's give it a little more
28914.638 -> attention here so it allows you to sell
28916.32 -> your unused standard ri to recoup your
28918.718 -> spend for alright you do not intend or
28921.28 -> cannot use so reserved instances can be
28924 -> sold after they have been active for at
28925.44 -> least 30 days and once database has
28927.44 -> received the upfront payment you must
28929.36 -> have a u.s bank account to sell ri on
28931.6 -> the ra marketplace there must be at
28933.84 -> least one month remaining in the term
28935.2 -> for the ri you are listing you will
28937.6 -> retain the pricing and capacity benefit
28939.92 -> of your reservation until sold and the
28941.68 -> transaction is complete your company
28943.84 -> name and address upon request will be
28945.68 -> shared with the buyer for tax purposes
28948.32 -> a seller can set only the upfront price
28950.478 -> of an ri the usage price and other
28952.638 -> configurations such as instance type
28954.718 -> availability zone platform will remain
28956.398 -> the same as when the ri was initially
28958.32 -> purchased the term length will be
28960.16 -> rounded down to the nearest month for
28961.76 -> example a reservation with 9 months and
28963.6 -> 15 days remaining will appear as 9
28965.68 -> months on the rm market you can sell up
28968.638 -> to 20 000 usd in reserved instances per
28971.44 -> year if you need to sell more ri
28973.76 -> reserved instances in the govcloud uh
28976.08 -> region cannot be sold on the ra
28978 -> marketplace so there you go
28982.86 -> [Music]
28984.32 -> hey it's andrew brown from exam pro and
28985.92 -> we are taking a look at spot instances
28987.92 -> so a bus has unused compute capacity
28990.32 -> that they want to maximize the utility
28992.638 -> of their idle servers all right so the
28995.2 -> idea is just like when a hotel offers
28997.44 -> booking discounts to fill vacant suites
28999.52 -> or planes offer discounts to fill a
29001.84 -> vacant seats all right so spot instances
29004.478 -> provide a discount of 90 compared to
29006.718 -> on-demand pricing spot instances can be
29009.36 -> terminated if the computing capacity is
29011.28 -> needed by other on-demand customers but
29013.68 -> from what i hear rarely rarely does spot
29016 -> instances ever get terminated
29018.32 -> it's designed for applications that have
29019.92 -> flexible start and end times or
29021.76 -> applications that are only feasible at
29023.44 -> very low compute costs so you see some
29025.36 -> options here like load balancing
29026.558 -> workloads flexible workloads big data
29028.24 -> workloads things like that um there is
29031.04 -> another service called ada's batch which
29033.12 -> is for doing batch processing and this
29034.878 -> is very common what you use spot with
29037.36 -> and so you know if you find the spot
29039.04 -> interface too complicated you're doing
29040.32 -> batch processing you want to use this
29041.92 -> service instead um there are some
29044.08 -> termination conditions so instances can
29046.32 -> be terminated by aws at any time if your
29048.798 -> instance is terminated by a bus you
29050.32 -> don't get charged for a partial hour of
29052.638 -> usage if you terminate an instance you
29054.718 -> will be still charged for an hour that
29057.44 -> it ran so there you go
29059.81 -> [Music]
29064 -> hey this is andrew brown from exam pro
29065.84 -> and we are taking a look here at
29067.2 -> dedicated instances so dedicated
29069.68 -> instances is designed to help meet
29071.6 -> regulatory requirements innovas also has
29073.84 -> this concept called dedicated hosts and
29075.76 -> this is more for when you have strict
29077.2 -> server-bound licensing that won't
29078.638 -> support multi-tenancy or cloud
29080.32 -> deployments and we'll definitely
29081.44 -> distinguish that in this course but just
29083.12 -> not in this slide in particular um and
29085.84 -> so to understand uh dedicated instances
29088.398 -> or hosts we need to understand the
29089.6 -> difference between multi-tenancy and
29090.958 -> single tendency so multi-tenancy you can
29093.04 -> think of it like everyone living in the
29094.558 -> same apartment and single tendency you
29096.798 -> can think of it everyone having their
29098.16 -> own house so the idea here is that you
29100.32 -> have a server i'm just going to get my
29102.558 -> cursor or my pen out here to say server
29105.04 -> and you have multiple customers running
29106.878 -> workloads on the same hardware and the
29109.12 -> idea is that they are separated via
29111.2 -> virtual isolization so they're using the
29112.958 -> same server but it's just software that
29114.798 -> might be separating them okay
29117.12 -> and then we have the idea of single
29118.718 -> tenancy so we have a single customer
29121.04 -> that has dedicated hardware so the
29123.44 -> physical location is what separates
29125.44 -> customers
29126.638 -> um and the idea here is that dedicate
29128.638 -> can be offered via on-demand reserved
29131.76 -> and spot so that's what we're talking
29133.2 -> about dedicated here in the pricing
29134.638 -> model just so you know that you know
29136.08 -> even though these are a lot more
29137.28 -> expensive than on-demand uh you can
29139.36 -> still save by using reserve and also
29141.52 -> spot which i was very surprised about
29143.76 -> um
29144.558 -> and when you want to choose dedicated
29146.718 -> you're just going to launch your ec2 and
29148.478 -> you'll have a drop down where you have
29149.92 -> that shared so that's the default
29151.84 -> dedicated so you have dedicated instance
29153.52 -> and dedicated hosts and again we'll talk
29154.878 -> about dedicated hosts later when we need
29157.12 -> to here um and so again the reason why
29160.24 -> um you know enterprises or large
29162.32 -> organizations may want to use dedicated
29164.32 -> instances is because they have a
29166.638 -> security concern or obligation about
29169.36 -> against sharing the same hardware with
29171.52 -> other aws customers okay
29176.81 -> [Music]
29178.32 -> hey this is andrew brown from exam pro
29180.08 -> and we are taking a look at ava savings
29181.68 -> plans and this is similar to reserved
29183.84 -> instances but simplifies the purchasing
29185.92 -> process so it's going to look a lot like
29187.44 -> all right at the start here but i'll
29189.28 -> tell you how it's a bit different okay
29190.958 -> so there are three types of saving plans
29192.558 -> you have compute savings plan ec2
29194.478 -> instance saving plans and sage maker
29196.798 -> saving plans uh and so you just go ahead
29199.04 -> and choose that you can choose two
29200.878 -> different terms so one year three year
29202.798 -> so it'd be simple as that and then you
29204.558 -> choose the following payment options so
29206.398 -> you have all upfront partial payment and
29208.398 -> no upfront and then you're going to
29209.92 -> choose that hour of the commitment
29211.36 -> you're not having to think about
29212.718 -> standard versus convertible uh regional
29215.6 -> versus zonal ri attributes it's a lot
29219.04 -> simpler uh let's just talk about the
29221.44 -> three different saving plans or types in
29223.36 -> a bit more detail so you have compute so
29225.6 -> compute savings plans provides the most
29227.36 -> flexibility and helps to reduce your
29229.12 -> cost by 66 percent these plans
29231.52 -> automatically apply to ec2 instances
29233.44 -> usage aws fargate abuse lambda service
29236.08 -> uses regardless of the instance family
29238 -> size az region os or tenancy then you
29241.12 -> have ec2 instances so this provides the
29243.28 -> lowest prices offering saving up to 72
29245.68 -> percent in exchange for commitment to
29247.76 -> usage of instance uh individual instance
29250.16 -> families in a region so automatically
29252 -> reduce uh your costs on the selected
29254.32 -> instance family in the region regardless
29256.16 -> of az size os tenancy gives you the
29258.878 -> flexibility to change your usage between
29261.04 -> instances with a within a family in that
29263.12 -> region and the last is sagemaker so
29265.36 -> helps you reduce stage maker costs by up
29267.68 -> to 64 percent automatically apply to
29270 -> stage maker usage regardless of instance
29272.398 -> family size component aws region if you
29275.2 -> don't know what sagemaker is that's
29276.878 -> aws's ml service and it uses ec2
29279.76 -> instances or specifically ml ec2
29282.24 -> instances so everything's basically
29283.68 -> using ec2 here but there you go
29289.55 -> [Music]
29290.718 -> all right let's take a look at the xero
29292.16 -> truss model and the zero trust model is
29294.16 -> a security uh model which operates on
29296.398 -> the principle of trust no one and verify
29298.798 -> everything so what i mean by that is
29300.16 -> malicious actors being able to bypass
29302.398 -> conventional access controls
29304.24 -> demonstrates traditional security
29305.76 -> measures are no longer sufficient and
29308 -> that's where the zero trust model comes
29309.68 -> into play so with the zero trust model
29312.08 -> identity becomes the primary security
29314.558 -> perimeter
29316.08 -> and so you might be asking what do we
29317.44 -> mean by primary security perimeter the
29319.12 -> primary or new security perimeter
29320.878 -> defines the first line of defense and
29323.04 -> its security controls that protect a
29325.52 -> company's cloud resources and assets
29328.08 -> um if this still doesn't make sense we
29329.76 -> do cover a part of the defense in depth
29332.24 -> where you see the layers of defense from
29335.28 -> data all the way to physical and so you
29337.52 -> can kind of see you know what we're
29338.958 -> talking about in that model there
29341.28 -> but the old way that we used to do
29342.958 -> things is network-centric so we had
29344.478 -> traditional security focused on
29345.92 -> firewalls and vpn since there were few
29347.76 -> employees or workstations outside the
29349.84 -> office or they were in a specific remote
29352.32 -> office so we treated the network uh the
29354.558 -> network as kind of like the the boundary
29356.638 -> so if you're in in office there's
29358.32 -> nothing to worry about but we don't
29360 -> think like that anymore because
29361.2 -> everything is identity centric so
29364 -> this is where we have bring your own
29365.28 -> device remote workstations which are
29367.12 -> becoming more common uh we can't always
29369.12 -> trust that the employee is in a secure
29370.718 -> location we have uh identity-based
29372.798 -> security controls like mfa or providing
29375.04 -> provisional access based on the level of
29376.718 -> risk from where when and what a user
29379.2 -> wants to access and identity centric
29381.6 -> does not replace uh but it augments
29383.76 -> network-centric security so it's just an
29385.44 -> additional layer of consideration for uh
29388.398 -> security when we're thinking about our
29390.398 -> database cloud workloads okay
29392.4 -> [Music]
29396.398 -> all right so we just loosely defined
29398 -> what the zerotrust model is so let's
29399.68 -> talk about how we would do zero trust in
29401.28 -> aws and so zero trust has to do a lot
29404.16 -> with identity security controls uh so
29406.478 -> let's talk about what is at our disposal
29408.24 -> on aws so on database we have identity
29411.28 -> and access management i am this is where
29412.878 -> we create our users or groups or
29414.32 -> policies so time policy is a set of
29416.718 -> permissions that allow you to say okay
29418.878 -> this user is allowed to use
29420.878 -> these services with these particular
29422.558 -> actions
29423.68 -> then you have the concept of permission
29425.2 -> boundaries and so these are saying okay
29428.558 -> these aren't the permissions the user
29429.68 -> has currently but these are the
29430.958 -> boundaries to which we want them to have
29432.638 -> so they should never have access to
29434.718 -> um uh ml services and if someone's to
29438.16 -> apply them uh uh
29440.398 -> permissions it'll always be within these
29442.32 -> boundaries then you have service control
29444.398 -> policies and these are organization-wide
29446.32 -> policies so if you have a policy where
29447.84 -> you don't want anyone to run anything in
29449.36 -> the canada region you can apply that
29451.52 -> policy at the organizational level and
29453.44 -> it will be enforced
29454.958 -> then within an ion policy there are the
29456.878 -> concept of conditions and so these are
29459.04 -> all the kind of like uh little knobs you
29461.2 -> can tweak to say how do i control based
29464.32 -> on a bunch of different factors so
29466.16 -> there's source ip so restrict where the
29468 -> ip address is coming from a requested
29470.32 -> region so a restrict based on the region
29472.638 -> as we were just mentioned as an example
29474.638 -> uh multi-factor auth presence so
29476.878 -> restrict if mfa is turned off uh current
29480 -> time so restrict access based on time of
29482 -> day maybe your employees should never be
29484.24 -> really using things at night and so that
29486.398 -> could be an indicator that someone is
29487.84 -> doing something malicious so you know
29489.68 -> only give them access during a certain
29491.2 -> time of day and so that's where we're
29493.2 -> going to figure out you know based on
29495.04 -> all these type of control security
29496.558 -> controls uh to our aws resources we can
29499.04 -> kind of enforce the zero trust model aws
29502.24 -> itos does not have a ready-to-use
29504 -> identity controls that are intelligent
29506.08 -> which is why abuse is considered not to
29507.68 -> have a zero trust offering for customers
29509.76 -> and third-party services need to be used
29511.92 -> so what i'm saying is that technically
29514.32 -> you know this check box is this thing
29516.24 -> saying okay we can kind of do zero trust
29518.878 -> on aws but there's a lot of manual work
29521.92 -> and
29522.958 -> you know if i was to say okay
29526.08 -> i don't want anyone using this at
29528.16 -> nighttime that doesn't really detect you
29530.24 -> know what i'm saying it's not going to
29531.92 -> say oh i think this time is suspicious
29534.16 -> or malicious so then restrict access
29536.24 -> only to these core services and anything
29538.08 -> outside of the services can't be used it
29540 -> just can't exactly do that without a lot
29542.16 -> of work yourself and that's what i'm
29543.76 -> talking about here where we have a
29545.2 -> collection of services that can be set
29547.04 -> up in an intelligent intelligent ish
29549.68 -> detection way for identity concerns but
29551.52 -> requires expert knowledge so the way you
29553.6 -> might do that aws is that everything all
29555.92 -> the api calls go through awes cloudtrail
29558.398 -> and so what you could do is feed those
29560.32 -> into amazon guard duty and guard duty is
29562.718 -> an intrusion
29563.31 -> [Music]
29564.718 -> intrusion detection and protection
29566.32 -> system so it could detect suspicious
29568.24 -> from malicious activity on those
29569.52 -> cloudtrail logs and you could follow
29571.84 -> that up with remediation or you could
29573.68 -> pass that on to amazon detective that
29575.6 -> could analyze investigate and quickly
29577.2 -> identify security issues
29579.2 -> that it could ingest from guard duty but
29581.68 -> i'm telling you that this stuff here is
29584 -> not as easy
29585.76 -> for the consumer
29587.36 -> and so you of course you can do zero
29589.28 -> trust model but it's going to take a lot
29590.478 -> of work here and there are some
29591.68 -> limitations which we'll talk about next
29593.2 -> here
29598.16 -> so now let's see how we would do zero
29599.84 -> trust on a bus with third parties so it
29601.68 -> was just does technically implement a
29603.76 -> zero trust model but does not allow for
29605.44 -> intelligent identity security controls
29607.84 -> which
29608.638 -> you know you can do it but it's a lot of
29610.638 -> work so let's kind of compare it against
29612.878 -> kind of a third party where we would get
29614.878 -> the controls that we would not
29616 -> necessarily get with aws so for example
29618.16 -> azure active directory has a real-time
29620 -> and calculated risk detection based on
29621.84 -> data points than aws and this is based
29624.718 -> on device and application time of day
29627.04 -> location whether mfa is turned on what
29629.68 -> is being accessed and the security
29631.68 -> controls verification or logic
29633.28 -> restriction is much more robust so you
29636.32 -> know just as one particular example like
29638.638 -> device and application is not something
29640.558 -> that aws factors in uh with the
29643.52 -> existing controls or at least not in a
29645.12 -> way that is consumer friendly and you
29647.52 -> know i can't say on a bus okay when you
29650.16 -> think that this is the type of threat
29652.08 -> only allow them access to these things
29653.92 -> or if you think they're in a risky area
29655.68 -> or risky uh location only give them
29658.16 -> access to you know these things or where
29660.478 -> there's not sensitive data you can't
29661.92 -> exactly do that in a database very
29663.2 -> easily and so this is where third-party
29664.878 -> solutions are going to come into play so
29666.478 -> you have azure active directory google
29668.478 -> beyond corp jump cloud and all these
29670.878 -> have more intelligent security controls
29672.32 -> for real-time detection um and so the
29674.718 -> way you would use these is these would
29676 -> be your primary directories uh for
29678.16 -> google beyond corp is just a zero trust
29680.958 -> framework so i guess you'd use
29683.6 -> google's uh cloud directory but the idea
29686.08 -> anyway here is that you use single
29687.84 -> sign-on to connect those directories to
29690.24 -> your aws account and that's how you'd
29692.638 -> access access those uh aws resources and
29695.04 -> you get this more robust functionality
29696.958 -> okay
29698 -> [Music]
29701.76 -> hey it's andrew brown from exam pro and
29703.52 -> we're looking at identity now we need to
29705.52 -> know a bunch of concepts before we talk
29707.28 -> about identity on aws so let's jump into
29709.52 -> it the first is a directory service so
29711.84 -> what is directory service well it's a
29713.68 -> service that maps the names of network
29715.68 -> resources to network addresses and the
29718 -> directory services shared infrastructure
29720.478 -> or information
29721.68 -> infrastructure for locating managing
29723.44 -> administrating and organizing resources
29725.28 -> such as volumes folders files printers
29728.16 -> users groups devices telephone numbers
29731.12 -> and other objects a directory service is
29733.44 -> a critical component of a network
29735.2 -> operating system and a directory server
29737.76 -> or a name server is a server which
29740.478 -> provides a directory service so each
29742.958 -> resource on the network is considered an
29744.798 -> object by the directory server
29746.798 -> information about a particular resource
29748.398 -> is stored as a collection of attributes
29750.558 -> associated with that resource or object
29753.28 -> well-known directory services would be a
29756 -> domain name service
29758 -> so the directory service for the
29759.68 -> internet microsoft active directory and
29763.04 -> they have a
29764.24 -> cloud hosted one called azure active
29766.24 -> directory we have apache directory
29768.558 -> service oracle internet directory so oid
29773.2 -> uh open ldap uh cloud and identity and
29776.878 -> jump cloud okay
29782.398 -> hey this is andrew brown from exam pro
29784.08 -> and we're taking a look at active
29785.28 -> directory now you might say well we're
29786.958 -> doing a bus why are we looking at this
29788.638 -> well no matter what cloud provider
29790.638 -> you're using you should know what active
29792.08 -> directory is
29793.44 -> especially when it comes to identity
29794.638 -> because you can use it with aws
29796.558 -> so let's talk about it so microsoft
29799.04 -> introduced active directory domain
29800.478 -> services in windows 2000 to give
29802.558 -> organizations the ability to manage
29804.08 -> multiple on-premise infrastructure
29805.6 -> components and systems using a single
29807.6 -> identity per user and since then it's uh
29810.24 -> involved evolved obviously it's running
29813.12 -> beyond windows 2000 as of today and they
29816.478 -> even have a managed one called azure ad
29818.798 -> which is on microsoft azure but just to
29821.04 -> kind of give you an architectural
29822.398 -> diagram here the idea is that you would
29824.16 -> have your domain servers here
29826.318 -> and they might have child domains and
29827.76 -> the idea is that you have these running
29829.68 -> on multiple machines so that you have
29831.36 -> redundant ability to log in from various
29833.84 -> places when you have a bunch of domains
29835.44 -> it's called a forest and then within a
29837.52 -> domain you actually have organizational
29839.28 -> units and with them within
29840.478 -> organizational units you have all your
29841.92 -> objects like your users your printers
29843.28 -> your computers your servers
29845.04 -> all things like that okay
29849.79 -> [Music]
29851.28 -> hey it's andrew brown from exam pro and
29852.878 -> we're talking about identity providers
29854.478 -> or ipds so
29883.84 -> so
29893.44 -> hey this is andrew brown from exam pro
29895.2 -> and we are talking about identity
29896.958 -> providers also known as idps
29900.08 -> so an identity provider is a system
29902.24 -> entity that creates maintains and
29903.6 -> manages identity information for
29905.2 -> principles and also provides
29906.718 -> authentication services to applications
29909.04 -> with a federation or distributor network
29911.2 -> a trusted provider of your user identity
29913.12 -> that lets you use authent lets you
29915.12 -> authenticate to access other service
29917.2 -> identity providers so this could be like
29918.798 -> facebook amazon google twitter github
29921.36 -> linkedin
29922.478 -> uh federated identity is a method of
29924.398 -> linking a user's identity across
29926.318 -> multiple separate identity management
29927.92 -> systems and so some things that we can
29930.318 -> use for that is like open id so this is
29932.718 -> an open standard and decentralized
29934.318 -> authentication protocol allows you to be
29936.24 -> able to log in to different social media
29938.478 -> platforms using google or facebook
29940.16 -> account open ideas about providing who
29942.398 -> you are then we have oauth 2.0 this is
29945.36 -> an industry standard protocol for
29946.84 -> authorization oauth doesn't share
29948.958 -> password data but instead uses
29951.12 -> authorization tokens to prove an
29953.28 -> identity between consumers and service
29955.36 -> providers oauth is about granting access
29957.52 -> to functionality and then we have saml
29960.398 -> so security assertion markup language
29963.2 -> which is an open standard for exchanging
29965.2 -> authentication and authorization between
29966.958 -> an identity provider and a service
29969.04 -> provider and this is important to use
29970.958 -> for saml which we use for single sign-on
29973.84 -> via the web browser okay
29976.36 -> [Music]
29981.36 -> hey this is andrew brown from exam pro
29983.2 -> we're looking at the concept of single
29984.638 -> sign-on so sso is an authentication
29986.878 -> scheme that allows the user to log in
29988.558 -> with a single id and password to
29990.08 -> different systems and software sso
29992.16 -> allows it departments to administer a
29993.84 -> single identity that can access many
29995.44 -> machines and cloud services so the idea
29997.52 -> is you have azure active directory this
29999.12 -> is just an example of a very popular one
30001.2 -> you'd use saml to do sso you can connect
30003.52 -> to all things slackly the best google
30005.12 -> workspaces salesforce or your computer
30008 -> uh the idea here is uh once you
30010.798 -> log in
30012.478 -> you don't have to log in multiple times
30014 -> so you log into your primary directory
30015.68 -> and then after that you're not going to
30016.958 -> be presented with a login screen some
30018.558 -> services might show an intermediate
30020.08 -> screen but the idea is you're not
30021.92 -> entering your credentials in multiple
30023.6 -> times so it's seamless
30025.08 -> [Music]
30028.958 -> all right let's talk about ldap so
30031.2 -> lightweight directory access protocol is
30033.28 -> an open vendor neutral industry standard
30035.2 -> application protocol for accessing and
30036.878 -> maintaining distributed directory
30038.718 -> information services over ip network so
30042 -> a common use of ldap is to provide a
30045.44 -> central place to store usernames and
30047.36 -> passwords ldap enables for same sign-on
30050.638 -> so same sign-on allows users to
30052.958 -> use a single id and password but they
30054.558 -> have to enter it every single time they
30056 -> want to log in so maybe you have your
30058.16 -> on-premise active directory and then
30060.318 -> it's going to store it in that ldap
30062.16 -> directory and so the idea is that you
30065.2 -> know all these services like google
30067.04 -> kubernetes
30068.398 -> um jenkins is going to deal with that
30071.36 -> ldap server so why would you use ldap
30074.478 -> over sso which is more convenient or
30076.478 -> seamless so most sso systems are using
30079.36 -> ldap under the hood but ldap was not
30082.08 -> designed natively to work with web
30083.52 -> applications so some systems only
30085.12 -> support integration with ldp and not sso
30088.16 -> so you got to take what you can get okay
30090.21 -> [Music]
30094.16 -> let's take a look here at multi-factor
30095.92 -> authentication also known as mfa and
30098.16 -> this is a security control where after
30099.92 -> you fill in your user's name and email
30102.24 -> password you have to use a second device
30104.718 -> such as a phone to confirm that it's you
30106.958 -> that is logging in so mfa protects
30108.798 -> against people who have stolen your
30110.478 -> password mfa is an option in most cloud
30113.2 -> providers and even social media websites
30115.12 -> such as facebook so the idea is i have
30117.44 -> my username or email and password i'm
30120 -> going to try to log in this is the first
30122.318 -> factor and the second factor or
30124.318 -> multi-factor is i'm going to use a
30126.08 -> secondary device so maybe my phone we're
30128 -> going to enter in different codes or
30129.92 -> maybe it's password list so i just have
30131.52 -> to press a button to confirm that it's
30132.718 -> me and then i'll get access so in the
30135.04 -> context of aws
30136.558 -> it's strongly recommended that you turn
30138.24 -> on mfa for all your accounts especially
30140.878 -> the aws root account
30142.798 -> we'll see that when we do the follow
30144.16 -> alongs
30145.07 -> [Music]
30149.28 -> let's take a look at security keys so a
30151.52 -> security key is a second device used as
30153.44 -> a second step in authentication process
30155.28 -> to gain access to a device workstation
30157.12 -> or application a security key can
30159.28 -> resemble a memory stick and when your
30161.28 -> finger makes contact with a button of
30162.878 -> exposed metal on the device it will
30164.558 -> generate and autofill a security token a
30166.878 -> popular brand of security keys is the
30168.798 -> ubi key and this is the one i use and is
30170.798 -> looks exactly like the one that's right
30172.16 -> beside my desk it works out of the box
30174.16 -> with gmail facebook and hundreds more
30176.08 -> supports fido 2 web auth n uh u2f it's
30181.2 -> waterproof and crest resistance it has
30183.84 -> variations like usb a usb
30186.478 -> nfc dual connectors on a single key can
30189.2 -> do a variety of things so when you turn
30191.2 -> on mfa on your aws account you'll have
30193.52 -> virtual mfa device so that's when you're
30195.36 -> using something like a phone or using
30197.52 -> software on your phone to do that then
30199.52 -> there's the u2f security key so this is
30202.08 -> what we're talking about right now and
30203.28 -> there's even other kinds of hardware mfa
30205.6 -> devices
30207.2 -> which we're not really going to talk
30208.24 -> about but you know just security keys
30211.2 -> tie into mfa and this is a lot better
30213.92 -> way than using a phone because you know
30216.08 -> you can have it on your desk and press
30217.28 -> it um and you know you have to worry
30218.878 -> about your phone being not charged okay
30221.4 -> [Music]
30225.44 -> hey this is andrew brown from exam pro
30227.2 -> and we are taking a look at aws identity
30229.12 -> and access management also known as iem
30231.68 -> and you can use this service to create
30233.52 -> and manage database users groups uh use
30235.84 -> permissions to allow and deny their
30237.84 -> access to adab's resources so there's
30240.318 -> quite a few components here let's get to
30241.84 -> it so the first is i am policies so
30244.08 -> these are json documents which grant
30245.84 -> permissions for specific users groups or
30248.24 -> a role to access services and policies
30250.958 -> are attached to im identities then you
30252.878 -> have impermissions or permission and
30255.44 -> this is an api action that can or cannot
30257.84 -> be performed and they're represented in
30260.24 -> the i am policy document then there's
30262.558 -> the i am identity so we have i am users
30265.36 -> these are end users who log into the
30267.04 -> console or interact with aws resources
30268.798 -> pragmatically or via clicking ui
30270.798 -> interfaces you have im groups so these
30273.76 -> these group up your users so they all
30276.08 -> share the same permission levels so that
30278.08 -> maybe its admins developers or auditors
30280.318 -> then you have i am roles so these roles
30282.16 -> grant endless resources permissions to
30284.558 -> specific database api actions and
30286.718 -> associate policies to a role and then
30288.558 -> assign it to an aws resource so just
30290.558 -> understand that
30291.76 -> roles are when you're attaching these to
30294.558 -> resources so like if you have an ec2
30296.16 -> instance and you say it has to access s3
30298.318 -> you're going to be attaching a role not
30300.878 -> a policy directly okay
30303.41 -> [Music]
30307.52 -> hey this is andrew brown from exam pro
30309.28 -> and we are looking at iron policies a
30311.36 -> little bit closer here and they are
30313.2 -> written in json and contain the
30314.718 -> permissions which determine the api
30316.398 -> actions that are allowed or denied um
30318.718 -> and rarely do i write these out by hand
30321.44 -> because they have a little wizard that
30323.84 -> you can use to write out the code for
30325.92 -> you but if you want to you absolutely
30327.92 -> can write it out by hand but we should
30329.36 -> know the contents of it and how these
30331.2 -> json files work so the first thing is
30332.798 -> the version
30334.16 -> which is the policy language version and
30336 -> it's been 2012 for a very long time i
30338.398 -> don't see that changing anytime soon if
30340.24 -> they happen to change uh what or what
30343.28 -> the structure of the json is then you
30345.2 -> have the statements and these are for
30347.36 -> policy elements
30348.798 -> and you're allowed to have multiples of
30350.24 -> them so the idea is that this is the
30352.638 -> policies or permissions we should say
30355.04 -> that you uh plan on applying then you
30358.08 -> have the sid this is a way of labeling
30359.76 -> your statements um this is useful for
30362.24 -> like visualization or for referencing it
30364.638 -> for later on but a lot of times you
30366.08 -> don't have to have a sid then there's
30368.318 -> the effect it's either allow or deny
30370.478 -> then you have the action so here we're
30372.478 -> saying give access to s3 for all actions
30376.24 -> under it there's another action down
30378.318 -> below where it's saying give access and
30381.04 -> get my pen tool out here just to create
30382.798 -> a service link role so it's a cross
30384.398 -> account rule there
30386 -> then there's the principal so this is
30387.52 -> the account user role or federated user
30389.84 -> to which you would like to allow access
30392 -> or deny so we're specifically saying
30394.478 -> this user named barkley um in our aws
30397.84 -> account there
30398.958 -> uh then there are the resources so the
30400.638 -> resources to which the action applies um
30403.6 -> so in this one up here we are specifying
30405.6 -> a specific aws bucket here we're seeing
30407.44 -> all possible resources in enables
30409.44 -> account and then the condition so
30411.6 -> there's all sorts of different kinds of
30413.04 -> conditions so this is a string like one
30414.638 -> it's saying look at the service name and
30416.558 -> if it starts with this or that then
30418.318 -> they'll have access to that so this
30419.6 -> person even though it says all resources
30421.12 -> they're really only going to have access
30422.718 -> to rds okay
30424.33 -> [Music]
30428.638 -> so in this follow along we're going to
30429.84 -> take a closer look at im policy so go to
30432.478 -> the top and type in iam
30434.558 -> and what we'll do is make our way over
30436.718 -> here
30437.68 -> all the way over to policies and what i
30439.76 -> want to do is create a new policy that
30441.84 -> only has access to
30443.92 -> limited resources so
30446.878 -> let's say we want to create an amazon
30448.558 -> ec2 instance and that ec2 instance has
30451.12 -> access to a very particular s3 bucket
30454.08 -> so what i want you to do is make your
30455.76 -> way over to s3 and we're going to create
30457.52 -> ourselves a new bucket
30461.12 -> and i'm going to go ahead and create a
30462.558 -> bucket here
30463.68 -> we're going to call this um
30466.718 -> policy tutorial
30469.68 -> and i'm going to just put a bunch of
30470.798 -> numbers here
30472.398 -> you'll have to randomize it for your use
30473.84 -> case
30475.52 -> and so now that we have our bucket what
30477.28 -> we're going to do is go ahead and create
30478.638 -> a policy
30481.92 -> and the policy is going to choose a
30484.398 -> service we're going to say s3 and what i
30486.398 -> want to do is only be able to list out
30488.24 -> actions i'm going to expand this so i
30490.16 -> don't want everything so we're just
30491.44 -> going to say list buckets
30493.6 -> okay
30494.638 -> and then what we'll do is
30496.958 -> uh expand this here and i want to say
30498.638 -> for a particular bucket
30500.478 -> so we'll go back over here click into
30502.558 -> our bucket
30504.718 -> and
30505.68 -> we're going to go ahead and set those
30507.36 -> permissions
30509.44 -> by finding that iron
30512.08 -> we're going to paste that
30514.318 -> we're going to paste that iron up there
30515.6 -> sometimes it's a bit tricky it vanishes
30517.2 -> on you
30518.718 -> and we could set other conditions if we
30520.798 -> wanted to but this is pretty simple as
30522.798 -> it is
30524.478 -> and so that's our rule here right so
30526.24 -> we're saying
30527.2 -> this policy allows us to list this
30528.798 -> bucket for that okay
30531.28 -> so what we'll do is go ahead and hit
30532.638 -> next
30533.68 -> we'll hit review and we'll just say my
30537.28 -> bucket policy
30540.08 -> and we'll create that policy
30544.878 -> okay so
30546.718 -> there's a few other things i think that
30548.16 -> i'd like to do with this policy i'm
30549.52 -> going to pull it back up here so
30551.44 -> if we want to find it uh you used to be
30553.76 -> able to filter these based on the ones
30555.2 -> that you created
30556.958 -> but um
30560 -> yeah they should like the little icon so
30561.44 -> these are ones that i've created up here
30564.16 -> and so there's my bucket policy
30567.92 -> and i feel like i want to update this
30569.68 -> policy to have a
30572.08 -> bit of extra information here so i'm
30573.84 -> going to go edit this policy
30576.638 -> no you know what i think this is fine so
30578.558 -> what i want to do is now create a role
30583.76 -> and we're going to create a new role and
30584.958 -> i'm going to call this um
30587.36 -> well before i do i need to choose what
30588.718 -> it's for so it's going to be for ec2 so
30590.478 -> we're going to go ahead and hit next
30592.24 -> we're going to choose our policy so my
30593.92 -> bucket policy there it is
30596.318 -> and i want to add another one here
30597.68 -> because i want to be able to use
30598.958 -> sessions manager because i really don't
30600.318 -> want to use an ssh key to
30602.398 -> check that this works
30604.08 -> and
30604.84 -> so um for this
30607.44 -> i i need
30609.28 -> to use ssm so i'm going to type in ssm
30611.6 -> here
30613.6 -> and i'm going to just make sure this is
30614.638 -> the new one so this policy will soon be
30616.398 -> deprecated use amazon ssn managed core
30619.2 -> instance should always open these up and
30620.718 -> read them and see what they do
30622.718 -> and so that's the one that's going to
30623.84 -> allow us to access simpson's manager so
30626.24 -> we can use sessions manager okay
30628.958 -> and so we're going to say my ec2 roll4s3
30634.718 -> and we go ahead and create ourselves a
30636.478 -> roll
30639.76 -> and so now that we have our role i'm
30641.28 -> going to go over to ec2
30644.558 -> and i'm going to go ahead and launch
30645.84 -> myself a new instance
30648.958 -> we're going to choose amazon linux 2
30651.28 -> we're going to stick with t2 micro i'm
30653.28 -> going to go over to configuration here
30655.68 -> everything is fine here
30657.68 -> i'm fine with all that storage is fine
30660.24 -> we'll go to security group and i don't
30662.24 -> want any ports open because i'm not
30664.638 -> going to be using ssh
30667.44 -> we're going to launch this instance i
30668.958 -> don't even want a key pair
30671.52 -> okay
30674.398 -> and then we're going to go over here and
30676 -> so what we're waiting for is this
30677.68 -> instance to launch as that is going what
30679.76 -> i want to do is go over to my s3 bucket
30682.718 -> and i want to place something in this
30684 -> bucket so i do have some files here
30687.28 -> so what i'm going to do
30689.6 -> is create a new folder here
30691.6 -> whoops
30693.04 -> i'm going to go back and i'm just going
30694.798 -> to create a folder first create a folder
30697.12 -> enter prize d
30703.12 -> and i'm going to click into this and
30704.718 -> then i'm going to upload all my images
30706.638 -> here
30707.52 -> so you'll have to find your own images
30709.04 -> off the internet this is just the ones i
30710.958 -> have
30712.318 -> and we'll go ahead and upload those
30715.36 -> give that a moment
30721.04 -> okay and so we don't have access to read
30723.6 -> those files we'll adjust our policy as
30726.08 -> we go so that we can do that okay
30729.92 -> so this instance should be running um it
30732 -> has doesn't have the two status checks
30733.52 -> passed we should be able to uh connect
30735.68 -> to it so click on connect here and so we
30737.6 -> have options like ec2 instance connect
30739.28 -> sessions manager ssh client i want you
30741.2 -> to go to sessions manager
30742.958 -> it says we weren't able to connect your
30744.478 -> instance common reasons ssm agent was
30746.558 -> installed we absolutely have that
30747.84 -> installed
30748.718 -> the required item profile oh right so we
30751.04 -> were supposed to attach
30753.12 -> i forgot to do we were supposed to
30754.16 -> attach an iron profile right
30756.318 -> so an iron profile is the role
30758.798 -> uh
30760.718 -> it holds the role uh that's going to
30762.638 -> give the permissions to that instance
30764.798 -> and since we didn't add it we got to go
30766.558 -> retroactively at it after the fact
30770.718 -> and so i'm going to modify the i am roll
30773.36 -> and we're going to choose my ec2 roll
30776.398 -> for s3 and we're going to save that
30779.28 -> and actually when that happens you have
30780.638 -> to reboot the machine
30782.638 -> you only have to do that if you have no
30784.558 -> roll attached like prior no profile
30786.798 -> attached and they're attaching it for
30787.92 -> the first time
30789.12 -> but after that you never have to reboot
30790.798 -> the machine this is the only case where
30791.92 -> you'd have to do that
30794.24 -> that's why when i launch an ec2 instance
30795.92 -> i always at least have the ssm role
30797.52 -> attached the managed one that gets
30799.52 -> sessions manager so that i don't ever
30800.958 -> have to do a reboot in case i have to
30802.638 -> update the policy
30805.44 -> and so we will give that a moment there
30809.84 -> it says initializing so i'm going to try
30811.76 -> again to connect to it okay
30817.28 -> and we still don't have that option
30818.798 -> there um so i'm going to go back to my
30820.798 -> instances
30822 -> i'm going to check to see if the role
30823.6 -> the role or policy is attached
30826.638 -> or profile i should say
30831.68 -> so i'm just looking for it here
30836.16 -> there it is
30838.16 -> and so if i click into this
30840.24 -> into the role
30841.76 -> we can see that we have the amazon ssn
30844.558 -> managed instance core there so that's
30846.398 -> set up
30847.44 -> and the my
30848.798 -> bucket policy
30850.558 -> so this has everything
30852.478 -> that it should be able to do it no
30854.08 -> problem
30858.318 -> okay so i'm going to try that again
30861.68 -> okay so now the connection shows up aws
30863.76 -> is finicky like that you just have to
30865.2 -> have confidence in knowing what you're
30867.12 -> doing is correct okay
30868.878 -> we'll go ahead and hit connect
30872 -> i didn't have to use ssh keys or
30873.6 -> anything and this is a lot more secure
30875.68 -> way to connect your instances when it
30877.6 -> logs us in it's going to set us as the
30879.36 -> ssm user but we want to be
30881.36 -> the
30883.44 -> ec2 user
30884.84 -> okay
30886.398 -> that's uh aws always makes their uh am
30889.28 -> like their linux versions as the ec2
30891.36 -> user and that's what you're supposed to
30892.638 -> use
30893.68 -> but it's just
30894.798 -> you just that's how you have to get to
30895.92 -> that you have to type that sudo su
30897.92 -> hyphen ec2 user okay just once
30901.2 -> and if you type who am i that's who you
30902.798 -> are if you type exit you'll go back to
30904.558 -> that user so if i type exit and i type
30906.798 -> who am i and now this person so i'm
30908.318 -> going to go back hit up go back in there
30910.398 -> type clear
30911.68 -> so now i want to see if i have access to
30914.08 -> s3 so i have to do abs s3 ls
30916.878 -> let's see if i can list buckets
30919.12 -> it says axis denied
30921.76 -> so
30923.6 -> i mean that kind of makes sense because
30925.12 -> if you have list buckets and we're just
30926.638 -> saying only that bucket that might not
30928.318 -> make a whole lot of sense
30930.878 -> so i'm going to go back to my policy i
30932.878 -> might just written a crummy policy but
30935.28 -> we'll say i am here if we have that one
30937.44 -> open we should just go here
30939.68 -> and click
30941.12 -> on this policy here
30945.12 -> i'm going to edit that policy
30947.92 -> so what i'm going to do is i'm just
30949.2 -> going to change it i'm going to say all
30950.878 -> resources review the policy save changes
30953.68 -> and we'll see how fast that propagates
30957.36 -> okay
30966.24 -> because i'm pretty sure i don't have to
30967.84 -> do anything here it should just now give
30969.84 -> me full access to s3
30972.798 -> i'm just going to keep on hitting up
30973.92 -> here
30975.84 -> so i'm going to do is i'm just going to
30976.958 -> take like a three four minute break
30978.16 -> gonna get a drink i'm gonna come back
30979.52 -> here and see if this propagates i'm
30981.28 -> pretty sure i don't have to do anything
30983.12 -> for that to propagate
30984.718 -> and i think that i've attached
30986.558 -> everything correctly here okay
30990.718 -> okay so i haven't had much luck here
30992.24 -> it's still having the same issue so if
30994.16 -> that is happening what i'm going to do
30997.2 -> is i'm just going to reboot it because
30998.558 -> maybe i didn't give it a good
31000.478 -> opportunity to reboot there again i
31002.558 -> don't think we should have to reboot it
31003.92 -> every time we're changing um
31006.478 -> things there but we will give it another
31008.08 -> go here
31009.76 -> and see if that fixes that problem there
31012.398 -> so those sessions matter is going to
31013.76 -> time out here which is totally fine
31017.2 -> it's going to kill that session there
31020.16 -> and so what we'll have to do is close
31022.16 -> this out because there's not much we can
31023.36 -> do with that
31025.28 -> and we're going to go ahead and go back
31026.718 -> to connect and so we're waiting for this
31028.878 -> button to appear because it is rebooting
31030.798 -> so
31032.08 -> if we want to monitor that stuff usually
31034.08 -> there is an option
31035.84 -> here to monitor where it will show us
31038.878 -> the system logs of what it's doing
31041.12 -> so here it's just like restarting the
31042.638 -> machine
31052.638 -> i'm not sure if we expect to see
31054 -> something after this
31056.558 -> so i can click that there
31062 -> and uh yeah it's so easy to get turned
31064.24 -> around so i can connect to it again now
31070.478 -> we'll type in sudo su hyphen ec2 user
31073.92 -> aws s3 ls
31077.36 -> and we still have
31080.08 -> access deny for list buckets so if
31082.718 -> that's the case it could be that um
31085.84 -> sometimes you need other permissions
31087.36 -> when doing list policy like list buckets
31090.558 -> so if that's the case we're going to do
31092.16 -> a sanity check i'm just going to say all
31093.84 -> permissions here okay
31095.36 -> and this way there's no way that i've
31096.878 -> set this incorrectly
31098.558 -> um it just has to work now so type this
31100.718 -> in
31103.36 -> there we go okay so there has to be
31105.12 -> something more to it so just because you
31106.718 -> say list
31107.84 -> buckets you know like means there must
31110 -> be more to it right so if i go here to
31111.92 -> this
31113.44 -> right and i say whoops
31116 -> and i say uh list buckets here we'll say
31118.16 -> copy
31120.958 -> paste okay
31129.28 -> here it's saying maybe i need get object
31131.36 -> as well so
31133.28 -> i just know from using it about a long
31136 -> time that that's the case that it could
31137.76 -> be more than one thing so you know that
31139.84 -> was in the back of my mind that that
31140.878 -> could be happening and i guess that is
31142.638 -> but notice i didn't have to restart my
31144.478 -> uh my server boot my server to get those
31146.718 -> to work
31147.68 -> um
31148.718 -> but anyway let's go lock that down and
31150.318 -> see if we can just kind of make this uh
31152.398 -> more focused so let's say
31155.28 -> all resources i'm going to specify
31158.958 -> the condition
31161.28 -> so i might want to just say for
31162.318 -> particular buckets
31165.04 -> so we'll say specific
31167.04 -> when you checkbox everything then you
31168.398 -> have to do this so for storage accounts
31170.16 -> these are fine any
31172.638 -> for objects
31176.398 -> that could be something
31178 -> we'll say
31179.2 -> multi-region access bucket
31181.76 -> any bucket but what i'm going to say is
31183.36 -> i want to only allow them to access
31184.958 -> things in a particular bucket
31187.12 -> and so if i go to arn here
31190.318 -> um what is our bucket name
31198.718 -> our bucket name is policytutorial3414
31203.28 -> whatever
31204.398 -> right
31205.76 -> and so we can actually give it a wild
31208 -> card or we can say enterprise
31212 -> d
31214.24 -> and we learned this in the course that
31215.92 -> you can provide orange with randomized
31219.36 -> things there i don't know if i spelt it
31220.718 -> wrong over here so i should really
31221.92 -> double check
31223.12 -> i should probably just copy it
31230.798 -> oops
31232.478 -> i still want to type it wrong and so
31234.84 -> this
31236.718 -> okay
31238.718 -> means that we should only be able to get
31240.24 -> stuff from there i'm going to review the
31241.52 -> policy let's see if it takes save the
31243.52 -> changes
31246 -> and if i just view the json here
31250.08 -> notice it says anything from here right
31253.04 -> so allow s3 anything as long as it's
31256.478 -> within here and then it also broke it up
31258.24 -> into sub 1's 4 here okay
31261.04 -> so anyway what i want to see is what
31263.12 -> happens
31264.878 -> if i upload something into the loose
31266.558 -> area here so i'm going to say upload
31269.2 -> and i'm going to say add a file
31273.68 -> and we're just going to grab data here
31275.68 -> and upload
31276.84 -> it go back to our bucket
31279.84 -> there's our file we have that stuff in
31281.36 -> there and so if i go back over to my ec2
31283.28 -> instance which i'm still connected to
31286 -> uh who am i
31287.68 -> okay great
31288.878 -> clear
31289.92 -> so i'm going to say aws s3 ls see if
31292.24 -> that works still it does good and so
31295.12 -> what i want to do is see if i can copy a
31296.718 -> file locally so i'm going to do a bus s3
31300.398 -> copy
31302.08 -> i think it was s3 8 no it's just s3
31304.878 -> copy polis uh s3 forward slash forward
31308.638 -> slash
31309.6 -> policy
31311.92 -> tutorial
31313.76 -> three four
31316.318 -> one four one whoops three four
31319.36 -> tutorial
31320.718 -> hyphen
31323.04 -> three four one four one four slash
31327.52 -> enterprise d
31330.478 -> data dot jpg i think it's a jpg let's go
31333.76 -> double check
31335.04 -> yeah it is okay
31336.558 -> and then i just want to say data.jpg
31340.878 -> and it downloaded it right
31342.718 -> so i'm going to remove that one and so
31344.24 -> now what i'm going to do is i'm just
31345.6 -> going to see if my policy is working or
31347.76 -> maybe my permissions aren't exactly what
31349.28 -> i think they are
31350.398 -> and i was able to download it so
31353.68 -> it's these policies can get kind of
31355.28 -> tricky because like this one says allow
31357.68 -> all actions for these but then these say
31359.76 -> all actions and so
31363.76 -> that makes it hard because i want get
31365.68 -> object
31371.12 -> so another thing we can do
31373.68 -> and if that one doesn't work really well
31374.958 -> i'm just going to write one by hand
31377.12 -> it's not that scary to write these by
31378.478 -> hand you just get used to it so i'm
31380.08 -> going to say effect
31383.76 -> um
31384.718 -> is it disallow
31386.24 -> or maybe it's deny
31390.318 -> deny
31392.16 -> action
31398 -> s3
31399.2 -> get object
31400.958 -> i believe that's what it is
31404.318 -> resource
31406.16 -> and then i'm going to specify exactly
31407.6 -> the resource i don't want it to allow so
31409.2 -> we're going to say arn
31411.68 -> aws s3 3 colons
31415.6 -> policy tutorial
31421.12 -> 34141
31424.718 -> and just say data.jpg
31428.08 -> now if this is not valid it's going to
31429.44 -> complain and say hey you didn't write
31430.798 -> this right
31432.558 -> and it and it's fine okay so
31435.84 -> we'll save those changes
31438.958 -> and so that should deny access to that
31441.28 -> right
31442.958 -> hopefully i got the policy right
31447.92 -> okay so that one doesn't work which is
31449.36 -> fine
31451.84 -> and that one's fine so that worked we
31453.52 -> were able to deny that but you can see
31455.36 -> there's a little bit of an art to
31456.638 -> creating these policies
31458.398 -> as you make more of them it becomes a
31460 -> lot easier so hopefully it's not too
31462.24 -> scary but that's all there really is
31464.718 -> to it that i want to show you today so
31466.558 -> what we're going to do is clear out this
31468.08 -> bucket we're done with this bucket here
31469.52 -> so we'll say delete whoops we got to
31471.44 -> empty it first
31475.12 -> and we'll just say permanently delete
31476.638 -> here
31478.558 -> okay
31480 -> and we will exit that out we're gonna go
31482.318 -> ahead and delete that bucket
31486.478 -> grab its name here
31490.08 -> and uh we'll go back over here
31493.84 -> i think i forgot to delete this bucket
31495.12 -> from earlier i'm just going to delete
31496.398 -> that because i don't need that bucket so
31498.08 -> that's okay with you
31499.92 -> just going to go ahead and delete that
31503.44 -> and we have that ec2 instance running so
31505.44 -> we want to stop that
31509.84 -> so we go ahead and we're going to
31511.6 -> terminate that yes please
31515.12 -> and then we'll go to im and do some
31516.558 -> cleanup
31520.398 -> i have some custom rolls i've been
31521.76 -> creating um you know from prior things a
31524.398 -> lot of those
31525.52 -> usually there's a way to uh we've
31527.6 -> redesigned it okay where's the redesign
31530 -> this is the redesign that can't be it
31532.16 -> because it'll be like roles that ada
31533.84 -> best makes i think these are all roles
31535.2 -> that i've made
31538.478 -> um
31539.36 -> i don't want to delete service roles
31543.6 -> but i want to get rid of some of these
31544.718 -> because i just have too many you know
31546.878 -> it's getting out of hand for me
31549.04 -> and i'm going to just see if it will let
31550.878 -> me
31553.68 -> delete
31557.52 -> all of these let's delete those
31567.2 -> there we go just clean up a bit i still
31569.28 -> have a lot here but there's like service
31571.04 -> roles that aws creates once and you
31572.878 -> really don't want to delete those
31574.878 -> because
31576.478 -> you don't
31578 -> um and then i have a bunch of these like
31579.76 -> i'm never going to use these so i might
31581.2 -> as well detach them delete detach
31587.28 -> you really don't want to keep like rolls
31589.12 -> that you're never going to use around
31592.398 -> things like that like gauze we're going
31594.16 -> to be using that again
31596.798 -> delete
31604.478 -> there's that bucket we just created
31611.68 -> anyway you get the idea so yeah that's
31613.76 -> uh that's i am okay
31615.84 -> [Music]
31620 -> principle of least privilege pulp is the
31622.398 -> computer security concept of providing a
31624.318 -> user role or application the least
31626.08 -> amount of permissions to perform an
31627.6 -> operation
31628.718 -> or an action and the way we can look at
31630.718 -> it is that we have just enough access so
31632.958 -> jea permitting only the exact actions
31635.92 -> for the identity performer task and then
31637.6 -> we have just in time j-i-t permitting
31640.398 -> the smallest length of duration an
31642.318 -> identity can use permission so usually
31644.558 -> when we're talking about pulp it's
31645.92 -> usually a focus on here uh but now
31648.718 -> these days uh there's a larger focus on
31650.718 -> jit as well and so jit is the difference
31653.2 -> between having long lived
31655.6 -> permissions or access keys versus
31657.28 -> short-lived ones
31658.718 -> and the most progressive thing in polp
31661.36 -> is now risk-based adaptive policies so
31663.52 -> each attempt to access a resource
31665.52 -> generates a risk score of how likely the
31667.2 -> request is to be from a compromised
31668.798 -> source so the risk score could be based
31670.878 -> on many factors such as device user
31672.558 -> location ip address what services being
31674.798 -> accessed and when did they use mfa did
31676.958 -> they use biometrics things like that and
31679.76 -> right now at as of this time it was does
31682.318 -> not have a risk-based adaptive policies
31684.398 -> built into iam you can roll your own
31687.84 -> what's interesting is cognito has
31690.24 -> risk-based adaptive policies they call
31691.76 -> it like adaptive authentication but
31693.76 -> that's for user pools and not identity
31695.76 -> pools
31696.798 -> user pools is for getting access to an
31698.638 -> app
31699.44 -> uh that you built through an ipd where
31702.638 -> identity pools incognito
31704.878 -> is about getting access to itabus
31706.478 -> resources so
31707.76 -> uh you know maybe i'm sure about will
31709.44 -> get it eventually but they just don't
31710.638 -> have it right now and you have to rely
31711.92 -> on third-party
31713.36 -> identity solutions uh to get risk-based
31716.24 -> adaptive policies now talking about just
31718.478 -> enough access in just in time just in
31720.24 -> time is like you think how would you do
31721.84 -> that with aws you just add and remove
31723.52 -> permissions manually but one thing you
31725.2 -> could do is use something like console
31726.478 -> me so this is an open source netflix
31728.318 -> project to self-serve short-lived i am
31730.798 -> policies so an end user can access
31733.04 -> database resources while enforcing jea
31735.2 -> and jit and so there's a repo there as
31737.6 -> well
31738.398 -> but the idea is they have like this
31739.68 -> self-serve wizard so you say i want
31741.36 -> these things and then the machine
31742.798 -> decides okay you can have them or you
31745.2 -> you don't need them and it just frees
31747.28 -> you up asking people and worrying about
31749.44 -> the length and stuff like that okay
31755.52 -> hey this is andrew brown from exam pro
31757.28 -> and we are taking a look at the edibus
31758.958 -> root user uh and this gets confusing
31761.92 -> because there's energies account root
31763.6 -> user and regular users let's distinguish
31765.6 -> what those three things are so here we
31767.76 -> have an apes account and the account
31769.28 -> which holds all the aws resources
31771.12 -> including the different types of users
31773.04 -> then you have the root user this is a
31774.878 -> special account with full access that
31776.478 -> cannot be deleted and then you have just
31778.798 -> a user and this is a user for common
31781.12 -> tasks that is assigned permissions so
31784.16 -> just understand that sometimes people
31785.52 -> say it was account they're actually
31786.558 -> referring to the user and sometimes that
31788.478 -> when they're saying this account they're
31789.52 -> actually referring to the invoice
31790.478 -> account that holds the users i know it's
31792.558 -> confusing it just it's based on what
31794.478 -> people decide the context is when
31796.08 -> they're speaking so the in-apps account
31798.24 -> user is a special user who's created at
31800.398 -> the time of the invoice account creation
31802.958 -> and they can do uh they have a lot of
31804.878 -> conditions around them so the reuser
31806.638 -> account uses an email and password to
31808.398 -> log in as opposed to the regular user
31811.04 -> who's going to provide their account id
31812.958 -> alias username and password the root
31815.28 -> user account cannot be deleted the root
31817.52 -> user account has full permissions to the
31819.28 -> account and its permissions and cannot
31820.718 -> be limited and when we say cannot be
31822.718 -> limited we're saying that if you take an
31824.478 -> im policy to explicitly deny the user
31826.558 -> access the resources it's not something
31828.08 -> you can do however you can do it in the
31830.558 -> case of innovative organizations with
31832.398 -> service control policies because a
31834.398 -> service control policy applies to a
31836.718 -> bunch of accounts so it just it's one
31838.558 -> level above and so that is a way of
31840.318 -> limiting root users but generally you
31842 -> can't limit them within their own
31843.28 -> account
31844.24 -> there can only be one root user uh per
31846.718 -> aws account the real user is instead for
31849.44 -> very
31850.318 -> specific and specialized tasks that are
31852.318 -> infrequently or rarely performed and
31854 -> there's a big list and we'll get into
31855.44 -> that here in a moment and the abyss root
31857.6 -> account should uh not be used for daily
31859.92 -> or common tasks it's strongly
31861.84 -> recommended to never use the root users
31864.08 -> access keys because you can generate
31865.52 -> those and use them it's strongly
31867.28 -> recommended to turn on mfa for the root
31869.44 -> user and any of us will bug you to no
31871.44 -> ends to tell you to turn it on
31873.68 -> so let's talk about the
31875.44 -> tasks that you should be performing with
31877.04 -> the root user and only the user can
31879.04 -> perform so changing your account
31881.2 -> settings this includes account name
31882.878 -> email address root user password root
31885.04 -> user access keys other account settings
31887.28 -> such as contact information payment
31888.878 -> currency preference regions do not
31891.04 -> require the root user credentials so not
31893.28 -> everything
31894.558 -> restore im user permissions so if there
31897.44 -> is an i i am admin so just a user that
31900.24 -> has admin access who actually revokes
31902.08 -> their own permissions you can sign into
31903.6 -> the root user to edit policies and
31905.12 -> restore those permissions
31907.2 -> so you can also activate im access to
31909.44 -> the billing and cost management console
31912 -> you can view certain tax invoices you
31914.558 -> can close your aws account you can
31916.398 -> change or cancel your aws support plan
31918.718 -> register as a seller in the reserved
31920.318 -> instance marketplace enable mfa
31922.398 -> delete on s3 buckets
31924.638 -> edit or delete an amazon s3 bucket
31927.2 -> policy that includes an invalid vpc id
31930.398 -> or vpc endpoint id
31932.638 -> sign up for govcloud and something
31934.478 -> that's not in here which this i took
31936 -> this from the documentation but uh you
31937.84 -> can use the aws account user to create
31940.318 -> the organization you can't create that
31942.318 -> with any other user so um you know the
31944.558 -> ones i highlighted in red are very
31946.08 -> likely to show up your exam and that's
31947.84 -> uh why i highlighted them there for you
31949.76 -> but there you go
31951.06 -> [Music]
31955.36 -> hey this is andrew brown from exam pro
31957.2 -> and we are taking a look at adabus
31958.718 -> single sign-on also known as aws sso and
31962 -> so this is where you create or connect
31963.6 -> your workforce identities in aws once
31965.92 -> and manage access essentially across
31967.92 -> your items organization so the idea here
31970.24 -> is you're going to choose your identity
31971.36 -> source whether it's
31972.638 -> sso itself active directory saml 2.0 idp
31976.798 -> you're going to manage user permissions
31978.638 -> centrally to items accounts applications
31981.12 -> saml applications and it uses it can you
31984.638 -> get single click access to all these
31986.16 -> things so you know just to kind of zoom
31987.92 -> in on this graphic here
31989.92 -> you know you have your on premise active
31992.558 -> directory it's establishing a ad trust
31996.08 -> connection over to uh it will single
31998.24 -> sign-on you're going to be able to apply
32000 -> permissions to access resources within
32002.638 -> your abilities account so via aws
32004.318 -> organizations in your organizational
32005.92 -> units down to your resources you can
32008.798 -> also use aws sso to access custom saml
32012 -> based applications so you know if i
32014.16 -> build a web app and i like the example
32017.04 -> platform and i wanted to use saml based
32020.16 -> uh
32020.958 -> connections for single sign on there i
32022.398 -> could do that as well
32024.08 -> and even connect out sso access to your
32026.08 -> business cloud application so office 365
32029.12 -> dropbox slack things like that so there
32031.36 -> you go
32035.92 -> well let's take a look here at
32036.958 -> application integration so this is the
32039.6 -> process of letting two independent
32041.2 -> applications to communicate and work
32042.958 -> with each other commonly facilitated by
32045.52 -> an intermediate system
32047.68 -> so cloud workloads uh strongly encourage
32049.76 -> systems and services to be loosely
32051.2 -> coupled and so itabus has many services
32053.84 -> for the specific purpose of application
32055.84 -> integration and these are based around
32058.08 -> common systems or design patterns that
32060.638 -> utilize application integration and this
32063.04 -> would be things like queuing streaming
32065.76 -> pub sub api gateways state machines
32068.878 -> event buses and i'm sure there are more
32071.12 -> but that's what i could uh think about
32073.28 -> that are the most common ones okay
32075.57 -> [Music]
32079.52 -> so to understand queuing we need to know
32081.6 -> what is a messaging system so this is
32084.318 -> used to provide asynchronous
32085.6 -> communication and decouple processes via
32087.84 -> messages and events from a sender
32089.84 -> receiver or a producer and a consumer so
32092.558 -> a queuing system
32094.24 -> is a messaging system that generally
32095.76 -> will delete messages once they are
32097.36 -> consumed it's for simple communication
32099.76 -> it's not real time you have to pull the
32101.44 -> data it's not reactive and a good
32104.24 -> analogy would be imagining people that
32106.08 -> are queuing in a line to go do something
32109.36 -> so for aws it's called simple queuing
32111.92 -> service sqs it's a fully managed queuing
32114.478 -> service that enables you to decouple and
32116.718 -> scale microservices distributed systems
32118.958 -> and serverless applications so a very
32121.2 -> common use case in a web application
32123.04 -> would be to queue up transactional
32124.878 -> emails uh to be sent like sign up reset
32127.44 -> password and the reason why we have
32129.52 -> queuing to decouple those kind of
32131.36 -> actions is that if you had a
32132.798 -> long-running task
32134.958 -> and you had too many of them it could
32136.558 -> hang your applications so by decoupling
32138.638 -> them
32139.44 -> and letting a separate compute
32141.36 -> service take care of that
32143.2 -> that would be something that would be
32144.398 -> very useful okay
32149.76 -> let's take a look here at streaming and
32151.76 -> so this is a different kind of messaging
32153.92 -> system
32155.2 -> but the idea here is you have multiple
32156.958 -> consumers that can react to events and
32159.36 -> so in streaming we call messages events
32162.24 -> and then in a queuing system we just
32163.52 -> call them messages but events live in
32165.68 -> the stream for long periods of time so
32167.76 -> complex operations can be applied and
32169.92 -> generally streaming is used for real
32171.84 -> time stuff whereas cueing is not
32173.84 -> necessarily uh real time
32176 -> and so adabus's solution here is amazon
32178.24 -> kinesis you could also use kafka but
32180.318 -> we'll focus on kinesis here so amazon
32182.478 -> kinesis is the aws fully managed
32184.08 -> solution for collecting processing and
32185.68 -> analyzing streaming data in the cloud
32188.398 -> so the idea is that you have these
32189.76 -> producers so that are producing events
32192.16 -> could be ec2 instances mobile devices
32195.12 -> it could be a computer or traditional
32196.718 -> server
32198 -> they're going to go into the data stream
32200.16 -> there's a bunch of shards that scale and
32201.68 -> there's consumers on the other side so
32203.2 -> maybe redshift wants that data dynamodb
32205.84 -> s3 or emr okay but the thing you have to
32208.398 -> remember is that streaming is for
32209.92 -> real-time data and as you can imagine
32212.878 -> because it's real-time and it's doing a
32214.478 -> lot more work than
32216.16 -> a
32216.878 -> queueing system it's going to cost more
32218.718 -> okay
32219.66 -> [Music]
32223.68 -> so we have another type of messaging
32225.6 -> system known as pub sub so this stands
32228.718 -> for publish subscribe pattern commonly
32231.36 -> implemented in messaging systems and a
32233.28 -> pub sub system the sender of messages
32235.12 -> the publishers do not send their message
32237.12 -> directly to receivers they instead send
32239.68 -> their messages to an event bus the event
32241.92 -> bus categorizes their messages into
32243.76 -> groups then receivers of messages
32245.68 -> subscribers subscribe to these groups
32247.76 -> whenever new messages appear within
32249.84 -> their subscriptions the messages are
32252.478 -> immediately delivered to them so the
32254.318 -> idea is you have publishers event bus
32255.84 -> subscribers and event buses appear more
32258.398 -> than once so it actually appears in
32259.84 -> streaming appears in this pub sub model
32262.24 -> and then it can appear
32263.76 -> in other variations so you're going to
32265.28 -> hear it more than once the word event
32266.718 -> bus
32267.6 -> so the idea here is the publisher has no
32269.28 -> knowledge of who the subscribers are the
32271.04 -> subscribers do not pull for messages
32272.878 -> messages aren't said automatically
32274.318 -> immediately pushed to the subscribers
32276.16 -> and messages and events are
32277.44 -> interchangeable terms in pub
32279.76 -> sub all right
32281.44 -> and so you know
32282.958 -> the idea here with publisher subscribers
32284.638 -> just imagine getting like a um a
32286.958 -> magazine subscription right if you think
32288.638 -> of that you kind of think of the
32289.68 -> mechanisms that are going here in terms
32291.76 -> of practicality it's very common to use
32293.76 -> these as a real-time chat system or a
32296.318 -> web hook system so you know hopefully
32298.878 -> that gives you an idea there in terms of
32300.398 -> aws's solution we're using simple
32302.398 -> notification service sns this is a
32304.638 -> highly available durable secure fully
32306.878 -> managed pub sub messaging service
32310.08 -> that enables you to decouple
32311.44 -> microservices distributed systems and
32313.2 -> serverless applications
32314.958 -> so here
32316.558 -> we have a variety of publishers like the
32318.16 -> sdk the cli cloud watch aid with
32320.08 -> services
32321.36 -> you'll have your sns topic you can
32323.76 -> filter things fan them out and then you
32325.36 -> have your subscribers to lambda sqs
32327.44 -> emails https looks very similar to
32330.398 -> streaming but again you know um you know
32333.04 -> there's not a lot of communication going
32334.398 -> back between it it's just publishers and
32336.318 -> subscribers
32337.52 -> and it's limited to you know
32340.08 -> these things here so it's a very managed
32342.478 -> service right
32344.08 -> whereas uh kinesis you can do a lot more
32346.24 -> with it okay
32348.11 -> [Music]
32352.638 -> so what is api gateway well it is a
32355.2 -> program that sits between a single entry
32357.6 -> point and and multiple back-ends api
32359.84 -> gateway allows for throttling logging
32361.52 -> routing logic or formatting of the
32363.52 -> request and response when we say request
32365.52 -> a response we're talking about
32367.6 -> https
32369.12 -> requests and responses
32370.798 -> and so the service for aws is called
32372.878 -> amazon api gateway so api gateway is
32374.958 -> just a type of pattern
32376.958 -> and this is the few cases where aws has
32379.68 -> named the thing after what it is and so
32382.878 -> we have amazon api gateway which is a
32385.04 -> solution for creating secure apis in
32387.12 -> your cloud environment at any scale
32389.12 -> create apis that act as a front door for
32391.28 -> applications to access data business
32392.958 -> logic or functionality from back end
32395.6 -> services so the idea is that you have
32397.52 -> data coming in from
32398.958 -> mobile apps web apps iot devices and you
32401.68 -> actually define the api calls and then
32404.398 -> you say where do you want them to go so
32406 -> maybe tasks are going to go to your
32407.44 -> lambdas
32408.638 -> and then other routes are going to go to
32410.08 -> rds kinesis ec2
32413.04 -> or your web application
32415.12 -> and so these are really great for having
32417.2 -> um this uh being able to define your api
32420.16 -> routes and change them on the fly and
32422.718 -> then and always write them to the same
32424.398 -> place okay
32425.96 -> [Music]
32430.08 -> so what is a state machine it is an
32432.24 -> abstract model which decides how one
32434.24 -> state moves to another based on a series
32436.08 -> of conditions think of a state machine
32438.24 -> like a flow chart and for aws the
32440.798 -> solution here is itabus step function so
32443.04 -> coordinate multiple aw services into a
32444.878 -> serverless workflow a graphical console
32447.2 -> to visualize the components of your
32448.798 -> application as a series of steps
32450.718 -> automatically trigger and track each
32452.558 -> step and retries when there are errors
32455.28 -> so your application executes in order as
32457.84 -> expected every time
32459.44 -> logs the state of each step so when
32461.36 -> things go wrong you can diagnose and
32463.44 -> debug problems quickly and so here's
32466.398 -> example of using a bunch of
32470.24 -> steps together on the uh the abyss step
32473.52 -> functions service and so you know this
32475.84 -> is generally applied for service
32477.04 -> workflows but it is something that is
32478.798 -> very useful if in application
32480.558 -> integration okay
32484.9 -> [Music]
32486.398 -> so what is an event bus an event bus
32488.398 -> receives events from a source and routes
32490.08 -> events to a target based on rules i'll
32492.318 -> get my pen tool out here so we have an
32494.398 -> event it enters the event bus we have a
32496.16 -> rules tell it to go to the target it's
32498.08 -> that simple and we have been seeing
32500.878 -> event buses in other things like uh
32503.44 -> streaming
32504.638 -> and uh pub sub but aws has this kind of
32507.76 -> event bus offering that is kind of high
32510.478 -> level it's called eventbridge and it's a
32512.478 -> service event bus service that is used
32514 -> for application integration by streaming
32515.68 -> real-time data to your applications the
32518 -> service was formerly known as
32519.92 -> amazon cloudwatch events they gave it a
32521.92 -> renaming to give it a better
32524.798 -> opportunity for users to know that it's
32527.04 -> there to use and they also extended its
32529.52 -> capabilities
32531.04 -> and so the thing is is that a lot of aw
32533.04 -> services are always emitting events and
32534.878 -> they're already going into this bus and
32536.16 -> so if you utilize this service it's a
32538.16 -> lot easier than having to roll your own
32540.08 -> thing uh with other services
32542.798 -> so amazon event bridge will just define
32544.478 -> an event bus so there is an event bus
32546.24 -> holds event data defines the rules on an
32547.92 -> event bus to react to events you always
32550.318 -> get a default event for every single abs
32552.16 -> account you can create custom event
32553.84 -> buses scoped to multiple accounts or
32555.28 -> other abas accounts you have a sas event
32557.76 -> bus scope to third party sas providers
32560.08 -> you have producers these are aidable
32561.44 -> services that emit events you have
32563.28 -> events these are data emitted by
32564.878 -> services they're json objects that
32566.958 -> travel the stream within the event bus
32568.878 -> you have partnered sources these are
32570.24 -> third-party apps that can emit events to
32572.718 -> event buses you have rules these
32574.558 -> determine what events to capture and
32576.24 -> pass to targets and then targets which
32578.08 -> are aidable services that consume events
32580.398 -> so yeah it's all just this great
32582.318 -> built-in um uh uh stuff that's going on
32585.52 -> here and so you know there there might
32587.52 -> be a case where you can use eventbridge
32589.28 -> and save your time uh a lot of time and
32591.52 -> effort uh doing application integration
32593.68 -> okay
32594.43 -> [Music]
32598.478 -> hey this is andrew brown from exam pro
32600.24 -> and we are taking a look at application
32602.318 -> integration services at a glance here so
32604.318 -> let's get through them so the first is
32606.08 -> simple notification service sns this is
32608.718 -> a pub sub messaging system sends
32610.958 -> notifications via various formats such
32613.12 -> as plain text email https web hooks sms
32616.798 -> text messages sqs and lambda pushes
32619.52 -> messages which are then sent to
32621.52 -> subscribers you have sqs this is a
32624 -> queuing messaging system or service that
32627.52 -> sends events to a queue other
32629.2 -> applications pull the queue for messages
32630.878 -> commonly used for background jobs we
32632.478 -> have step functions this is a state
32634.24 -> machine service
32635.6 -> it is it coordinates multiple aimed
32637.28 -> services into a serverless workflow
32639.52 -> easily share data among lambdas have a
32641.92 -> group of lambdas wait for each other
32643.92 -> create logical steps also works with
32645.76 -> fargate tasks we have a vent bridge
32647.76 -> formerly known as cloudwatch events it
32649.76 -> is a service event bus that makes it
32651.36 -> easy to connect applications together
32653.28 -> from your own application third-party
32654.958 -> services and aws services then there's
32657.04 -> kinesis a real-time streaming data
32658.958 -> service creates producers which send
32660.558 -> data to a stream multiple consumers can
32662.798 -> consume data within a stream used for
32665.12 -> real-time analytics click streams
32666.878 -> ingesting data from a fleet of iot
32668.558 -> devices you have amazon mq this is a
32671.68 -> managed message broker service that uses
32673.76 -> apache
32674.878 -> active mq so if you want to use apache
32677.2 -> activemq there it is manage kafka
32679.92 -> service and this gets me every time
32682.08 -> because it says msk and that is the
32684.958 -> proper initialization but you think it'd
32686.558 -> be mks
32688.398 -> it is a fully managed apache kafka
32690.478 -> service kafka is an open source platform
32693.04 -> for building real-time streaming data
32694.478 -> pipelines and applications similar to
32696 -> kinesis but more robust very popular by
32698.478 -> the way we have api gateway a fully
32700.958 -> managed service for developers to create
32702.638 -> publish maintain monitor and secure apis
32704.878 -> you can create api endpoints and route
32706.398 -> them to ada services we have appsync
32708.798 -> this is a fully managed graphql service
32711.2 -> graphql is an open source agnostic query
32713.36 -> adapter that allows you to query data
32715.28 -> from many different data sources so
32717.84 -> there you go
32722.13 -> [Music]
32723.84 -> hey this is andrew brown from exam pro
32725.68 -> and we are comparing virtual machines to
32727.44 -> containers so i know we covered this
32729.76 -> prior but i just want to do it one more
32731.52 -> time just to make sure that we
32732.558 -> fundamentally understand the difference
32734.16 -> before we jump into containers so the
32736.398 -> idea is that if you were to request an
32737.92 -> ec2 instance it has a host operating
32740.318 -> system that we don't really know much
32742.478 -> about but we don't really need to know
32744.798 -> and then the idea is you have a
32746 -> hypervisor which allows you to deploy
32748.16 -> virtual machines
32750 -> and so when you launch an ec2 instance
32751.76 -> you're actually launching a vm on top of
32754 -> a hypervisor on a server uh with on uh
32756.318 -> within the aws
32757.76 -> data centers servers there and you're
32759.76 -> going to choose an operating system so
32761.04 -> like ubuntu and it might come with some
32763.04 -> pre-installed packages or you can
32764.318 -> install your own libraries packages and
32766.16 -> binaries and then you decide what kind
32768 -> of workloads you want to run on there so
32769.278 -> it could be django
32770.64 -> mongodb so your database and some kind
32773.36 -> of queueing system like rabbitmq the
32776.32 -> difficulties with virtual machines so
32777.84 -> you're always going to end up with some
32779.2 -> unused space because you're going to
32780.96 -> want to have some headroom uh to make
32783.122 -> sure that uh you know if you know django
32785.438 -> needs more memory or or mongodb needs
32788.078 -> more storage that you have that room
32790.078 -> that you can grow into
32792 -> but the idea is that you're always
32793.122 -> paying for that even when you're not
32795.122 -> utilizing it and so you know that can be
32798.16 -> uh not as cost effective as you'd like
32800.16 -> it to be so when we're looking at
32802.878 -> doing this again and we are
32805.278 -> using containers um instead of the
32807.598 -> hypervisor we have container
32809.04 -> virtualization a very common one would
32810.8 -> be called docker daemon for docker of
32812.558 -> course and so now you're launching
32814.32 -> containers and so maybe you have alpine
32816.878 -> and this is for your web app and then
32818.16 -> you install exactly the libraries
32819.758 -> packages and binaries you need for that
32821.758 -> and then for
32822.878 -> mongodb you want to have a different os
32825.122 -> different packages and same thing with
32827.52 -> rabbitmq maybe you want to run it on
32829.2 -> freebsd and the idea is that uh you know
32831.84 -> you're not going to have this waste
32833.438 -> because it it's kind of changed the
32835.758 -> sense that these containers are flexible
32837.918 -> so they can expand or decrease based on
32840.238 -> the the use case of what they need
32842.878 -> uh and you know if you use particular
32844.64 -> services like it was fargate
32846.8 -> you know you're paying like for running
32848.48 -> the containers not necessarily uh for uh
32851.438 -> over provisioning okay so vms do not
32853.84 -> make best use of space apps are not
32855.758 -> isolated which could cause uh config
32858 -> conflict security problems or resource
32860.16 -> hogging
32861.278 -> containers allow you to run multiple
32862.878 -> apps which are virtually isolated from
32864.238 -> each other launch new containers
32865.758 -> configure os dependencies per container
32868.16 -> okay
32869.03 -> [Music]
32873.278 -> hey this is andrew brown from exam pro
32875.122 -> and we are taking a look at the concept
32876.8 -> of microservices and to understand
32878.8 -> microservices we first need to
32880.238 -> understand monoliths or monolithic
32882.48 -> architecture and the idea here is that
32884.48 -> we have one app which is responsible for
32886.238 -> everything and the functionality is
32888.078 -> tightly coupled so i'm going to get my
32890 -> pen tool out here and just to highlight
32891.84 -> notice that there is a server and
32893.598 -> everything is running on a single server
32895.68 -> whether it's load balancing caching the
32897.758 -> database
32899.2 -> maybe the marketing website the
32900.8 -> front-end javascript framework the
32902.64 -> backend with its api uh the orm
32906.878 -> connected to background tasks things
32908.558 -> like that and that's the idea of a
32909.84 -> monolith and that's what
32911.438 -> a lot of people are used to doing but
32913.04 -> the idea with microservice architecture
32915.122 -> is that you have multiple apps which are
32916.558 -> responsible for one one thing and the
32918.878 -> functionality is isolate and stateless
32921.278 -> and so just by
32922.8 -> leveraging um various cloud services or
32925.598 -> bolting it onto your service
32927.598 -> you know you are technically using
32929.438 -> microservice architecture so maybe your
32931.84 -> web app is all hosted uh in containers
32934.878 -> so you have your apis your your orm your
32937.278 -> reports maybe you've abstracted out some
32939.758 -> particular functions into lambda
32941.52 -> functions you have your um marketing
32944.558 -> website hosted on s3 you have your
32946.48 -> front-end javascript hosted on that
32947.918 -> three
32948.8 -> you're now using elastic load balancer
32951.68 -> elasticash rds
32954.48 -> sqs and that's the idea between
32956.878 -> monoliths and microservices okay
32959.48 -> [Music]
32963.278 -> well let's take a look here at
32964.398 -> kubernetes which is an open source
32966.398 -> container orchestration system for
32968.32 -> automating deployment scaling and
32970.16 -> management of containers it was
32971.68 -> originally created by google and now
32973.278 -> maintained by the cloud native computing
32975.36 -> foundation so the cncf
32977.84 -> kubernetes is commonly called k-8 the
32980.48 -> eight represents the remaining letters
32982.16 -> for kubernetes which is odd because
32984.32 -> everyone calls it kubernetes with the s
32986.64 -> on there but that's just what it is the
32988.238 -> advantage of kubernetes over docker is
32990.238 -> the ability to run containers
32991.68 -> distributed across multiple vms a unique
32994.48 -> component of kubernetes are pods a pod
32996.64 -> is a group of one or more containers
32998.32 -> with with shared storage network
33000.078 -> resources and other shared settings
33003.04 -> so here is kind of an example where you
33004.718 -> have your kubernetes master it has a
33006.64 -> scheduler controller etcd you might be
33008.878 -> using
33009.84 -> it uses an api server to run nodes
33012.16 -> within the nodes we have pods and within
33014.398 -> the pods we have containers
33016.558 -> kubernetes is ideally for micro service
33018.48 -> architectures where company has tens to
33021.758 -> hundreds of services they need to manage
33023.84 -> i need to really emphasize that tens to
33026.238 -> hundreds of services all right so you
33029.278 -> know kubernetes is great but just
33030.558 -> understand that it is really designed uh
33032.48 -> to be used for
33033.84 -> massive amounts of microservices if you
33036 -> don't have that need you might want to
33038.16 -> look at something just easier to use
33040 -> okay
33043.8 -> [Music]
33045.52 -> all right let's take a look here at
33046.8 -> docker which is a set of platform as a
33048.878 -> service products that use os level
33050.96 -> virtualization to deliver software in
33052.96 -> packages called containers so docker was
33055.918 -> the earliest popularized open source
33058.238 -> container platform meaning there's lots
33059.918 -> of tutorials there's a lot of services
33062 -> that uh integrate with docker or make it
33064.16 -> really easy to use and so when people
33066.078 -> think of containers they generally think
33067.758 -> of docker there's of course a lot more
33069.52 -> options out there than docker to run
33071.598 -> containers but this is what people think
33073.122 -> of and so we said it's a suite of tools
33075.278 -> so the idea is you have this docker cli
33077.68 -> so these are cli commands to download
33079.36 -> upload build run and debug containers a
33081.758 -> docker file a configuration file on how
33084 -> to provision a container docker compose
33086.718 -> which is a tool and configuration file
33088.398 -> when working with multiple containers
33091.04 -> docker swarm an orchestration tool for
33093.278 -> managing deployed multi-container
33094.64 -> architectures docker hub a public online
33097.438 -> repository for containers published by
33099.278 -> the community for download and one
33100.878 -> really interesting thing that came out
33102.718 -> of docker was the open container
33104.16 -> initiative oci which is an open
33106.718 -> governance structure for creating open
33108.48 -> industry standards around container
33110.078 -> formats and runtimes so docker
33112.238 -> establishes oci and it is now maintained
33115.04 -> by the linux foundation and so the idea
33118 -> is that you can write a docker file or
33120.718 -> or do things very similarly and use
33122.8 -> different types of um
33124.718 -> technologies that can use containers as
33127.122 -> long as they're oci compatible you can
33128.878 -> use them so docker has been losing favor
33131.122 -> with developers due to their handling of
33132.8 -> introducing a paid open source model and
33135.2 -> alternatives like podman are growing and
33137.122 -> that's why we're going to talk about
33138.078 -> podman next okay
33142.699 -> [Music]
33144 -> so let's take a quick look here at
33145.36 -> podman which is a container engine that
33147.36 -> is oci compliant and is a drop-in
33149.36 -> replacement for docker i just want to
33151.2 -> get you exposure here because i want you
33152.8 -> to know about this um and that you can
33155.68 -> use it as opposed to using docker there
33158.16 -> are a few differences or advantages that
33159.84 -> podman has so podman is daemon-less
33161.758 -> where docker uses a container d daemon
33164.078 -> podman allows you to create pods like
33165.598 -> kubernetes where docker does not have
33167.598 -> pods uh podman only replaces one part of
33170.238 -> docker podman is is to be used alongside
33172.878 -> builda and uh scopio so you know docker
33176.16 -> is an all-in-one kind of tool
33178.398 -> everything is done via a single cli and
33180.48 -> everything is there but you know they
33182.078 -> just wanted to make it more module and
33183.52 -> so
33184.48 -> these other tools anytime you say podman
33186.16 -> it usually means we're talking about
33187.122 -> podman builda and scopio so builda is a
33190.32 -> tool used to build the oci images and
33192.878 -> scopio is a tool for moving container
33194.64 -> images between different types of
33196.078 -> container storages palm is not going to
33197.918 -> show up in your exam but you should
33199.36 -> practically know it
33201.278 -> just for your own benefit okay
33202.879 -> [Music]
33207.52 -> let's take a look here at the container
33209.04 -> services offered on aws
33211.438 -> so we have primary services that
33212.8 -> actually run containers provisioning and
33214.32 -> deployment on you know tooling around
33216.48 -> provisioning deployment and supporting
33218.078 -> services so the first here is elastic
33220.64 -> container service ecs
33222.878 -> and the advantage of this service is
33224.48 -> that it has no cold starts but it is a
33226.878 -> self-managed dc2 so that means that
33229.122 -> you're going to be always paying for the
33230.718 -> resource as it is running all right then
33233.278 -> he has aws fargate so this is more
33235.04 -> robust than using abus lambda it can
33237.918 -> scale to zero costs
33240.48 -> and it's being managed by adabus managed
33242.718 -> ec2 however it does have cold starts so
33245.438 -> you know if you need containers
33246.718 -> launching really fast you might be
33248.16 -> wanting to use ecs then you have elastic
33250.8 -> kubernetes service eks this is uh open
33253.84 -> source it runs kubernetes um and this is
33256.8 -> really useful if you want to avoid
33258.558 -> vendor lock-in um which is not really a
33261.68 -> problem but
33263.04 -> batteries just you want to run
33264.16 -> kubernetes then you have abs lambda so
33266.558 -> you only think about the code it's
33268.558 -> designed for short running tasks if you
33270.878 -> need something that runs longer you'd
33272.558 -> want to use that is serverless you'd use
33274.558 -> abus fargate which is serverless
33276.16 -> containers you can deploy custom
33278.398 -> containers so prior aws lambda just had
33281.278 -> pre-built runtimes which were containers
33283.278 -> but now you can create any kind of
33284.48 -> container and use that on it was lambda
33288.32 -> for provisioning deployment you can use
33290.238 -> elastic bean socks so
33292.48 -> it can uh deploy elastic container
33294.878 -> service for you um which is very useful
33297.68 -> there now there's app runner which kind
33300 -> of overlaps on what elastic beanstalk
33301.758 -> does but it specializes it specializes
33304.558 -> for containers um and i believe that it
33307.122 -> can actually i don't know what it uses
33308.718 -> underneath because it is a managed
33309.918 -> service so elastic bean stock is um open
33313.04 -> you can see what is running underneath
33314.48 -> an app runner i don't believe you can
33315.758 -> see what is running underneath is just
33317.36 -> taken care of by aws
33319.52 -> then there's abyss copilot cli so this
33322.32 -> allows you to build release operate
33323.84 -> production ready containerized
33325.122 -> applications on app runner ecs enables
33327.68 -> fargate for supporting services you have
33329.84 -> elastic container registry this is repo
33331.758 -> for your containers not necessarily just
33333.52 -> docker containers but containers in
33335.04 -> general probably oci compliant
33336.48 -> containers x-rays so analyze and debug
33338.96 -> between micro services so you know it's
33342 -> distributed tracing then you have step
33343.918 -> functions so stitch together lambdas and
33345.598 -> ecs tasks to create um
33349.438 -> a state machine and the only thing i
33351.68 -> don't have on here would be you know
33353.52 -> being able to launch an ec2 instance
33354.96 -> from the marketplace that has
33356.878 -> um a
33358.48 -> a container runtime installed like
33360.64 -> docker i just don't feel that that's
33362.718 -> very relevant for the exam but it is
33364.48 -> another option for containers not
33366 -> something that people do very often but
33367.84 -> there you go
33368.79 -> [Music]
33372.878 -> hey this is andrew brown from exam pro
33374.64 -> and we're taking a look here at
33375.84 -> organizations and accounts so aws
33377.84 -> organizations allow the creation of new
33379.84 -> aws accounts and allows you to centrally
33382.16 -> manage billing control access compliance
33384.16 -> security and share resources across your
33386.718 -> aws accounts so here's kind of a bit of
33388.8 -> a structure of
33391.36 -> the architecture of aws organizations
33393.68 -> and we'll just kind of walk through the
33394.718 -> components so the first thing you have
33396.64 -> is a root account user this is a single
33399.2 -> sign-in identity that has complete
33400.8 -> access to all eight of the services and
33402.398 -> resources in an account and each account
33404.718 -> has a root account user so generally you
33407.598 -> will have a master or root account and
33409.68 -> even within that you'll have a root
33411.598 -> account user and for every additional
33413.758 -> account that you have you'll notice over
33415.2 -> here we have a root account user
33418.878 -> then there's a concept of organizational
33420.48 -> units uh these are commonly abbreviated
33422.64 -> to ous so they are a group of aws
33425.04 -> accounts within an organization which
33426.64 -> can contain other organizational units
33429.04 -> creating a hierarchy so
33431.278 -> here is one where we have called
33432.8 -> starfleet and here's one called
33434.398 -> federation planets and underneath we
33436 -> have multiple
33437.52 -> accounts it was accounts within that
33439.278 -> organizational unit
33441.04 -> and even though it does not show it here
33442.64 -> you can create an organizational unit
33444.238 -> within an organizational unit
33446.32 -> then we have service control policies
33448.078 -> scps and these give uh central control
33450.878 -> over the allowed permissions for all aws
33452.878 -> accounts in your organization helping to
33455.278 -> ensure your accounts stay within your
33457.122 -> organizational guidelines what they're
33459.122 -> trying to say here is that um there's
33461.278 -> this concept of aws
33463.122 -> i am policies and all you're doing is
33465.52 -> you're creating a policy that's going to
33467.278 -> be uh organizational unit-wide or
33470.36 -> organizational-wide or for select
33472.32 -> accounts so it's just a way of applying
33474.32 -> iron policies across multiple accounts
33476.96 -> it was organizations must be turned on
33478.8 -> and once it's turned on it cannot be
33480.398 -> turned off it's generally recommended
33482 -> that you do turn it on because basically
33485.438 -> if you're gonna run any kind of serious
33486.558 -> workload you're gonna be using awesome
33488.398 -> organizations to isolate your abus
33490.8 -> accounts based on workloads you can
33492.398 -> create as many aws accounts as you like
33494.64 -> one account will be the master or root
33496.8 -> account
33498 -> and i say root account here because this
33499.68 -> is the new language here and some of the
33501.278 -> documentation still calls it master
33502.878 -> account so understand this is the root
33504.878 -> account not to be confused with the root
33508.078 -> account user so
33510.16 -> another clarification i want to make is
33511.68 -> an ito's account is not the same as a
33514 -> user account which is another thing that
33516.558 -> is confusing so when you sign up for aws
33519.52 -> you get an aws account and then it
33521.84 -> creates you a user account which happens
33523.598 -> to be a root user account so hopefully
33525.758 -> that is clear
33526.96 -> [Music]
33531.2 -> so aws control tower helps enterprises
33533.68 -> quickly set up a secure aws multi
33535.84 -> account it provides you with a baseline
33537.438 -> environment to get started with a
33538.8 -> multi-count architecture so it does this
33541.278 -> a few a few different ways the first
33543.36 -> thing is it provides you a landing zone
33545.36 -> this is a baseline environment following
33547.04 -> well architected and best practices to
33549.52 -> start launching production-ready
33551.122 -> workloads so imagine you wanted to go
33553.36 -> have um you know the perfect environment
33555.756 -> that you know is secure
33557.84 -> is correctly configured and has good
33560.4 -> logging in place that's what a landing
33561.756 -> zone is and so itabus's landing zone for
33564.8 -> control tower is going to have sso
33566.32 -> enabled by default so it's very easy to
33567.84 -> move between ips accounts it will have
33570 -> centralized logging for aws cloud trail
33571.916 -> so that you know they're going to be
33573.596 -> tamper evident or tamper proof away from
33575.84 -> your workloads where they can't be
33577.2 -> affected it'll have cross account
33578.88 -> security auditing
33580.4 -> um so yeah landing zones are really
33582 -> great to have then there's the account
33583.52 -> factory they used to call this um
33586.56 -> a vending machine but they changed it to
33589.12 -> account factory the idea is it automates
33591.04 -> provisioning of new accounts in your
33592.4 -> organization it standardizes the
33594.4 -> provisioning of new accounts with
33595.68 -> pre-approved
33596.88 -> account configuration you can configure
33598.96 -> account factory with pre-approved
33600.08 -> network configuration and region
33601.596 -> selections
33602.88 -> enable self-service for your builders to
33605.04 -> configure and provision to accounts
33606.48 -> using able service catalog able service
33608.48 -> catalog is just pre-approved uh
33610.48 -> workloads uh via cloud formation
33612.4 -> templates so you created to say okay
33613.84 -> you're allowed to launch this server or
33615.596 -> these resources
33617.68 -> and the third and most important thing
33619.04 -> that ava's control tower comes with is
33620.64 -> guard rails so these are pre-packaged
33622.4 -> governance rules for security operations
33624.48 -> compliance the customers can select and
33626.64 -> apply enterprise-wide or to specific
33628.8 -> groups of accounts
33630.96 -> so abus control tower is the replacement
33633.12 -> of the retired aws landing zone so if
33636.08 -> you remember abel's landing zones which
33638 -> was never a self-serve easy thing to
33640.16 -> sign up for it required a lot of money
33642.08 -> and
33643.276 -> stuff that go in there they just don't
33644.72 -> really have it anymore and it was
33646.24 -> control tower is the new offering um
33648.64 -> there okay
33649.86 -> [Music]
33654 -> hey this is andrew brown from exam pro
33655.84 -> and we are taking a look at abs config
33657.596 -> and to understand it was config we need
33659.756 -> to know what compliance as code is and
33662 -> to understand compliance as code we need
33663.596 -> to understand what change management is
33666 -> so change management in the context of
33667.68 -> cloud infrastructure is when we have a
33670 -> formal process to monitor changes
33672.48 -> enforce changes and remediate changes
33675.436 -> and compliance is code also known as cac
33678.72 -> is when we utilize programming to
33680.48 -> automate the monitoring enforcing and
33682.56 -> remediating changes to stay compliant
33684.72 -> with the compliance program or expected
33687.12 -> configuration so what is adabus config
33690.32 -> well it's a compliance code framework
33692.24 -> that allows us to manage change in your
33694.8 -> aws accounts on a per
33696.88 -> region basis meaning that you have to
33698.96 -> turn this on for every region that you
33700.88 -> need it for and so here is a very simple
33703.52 -> example where let's say we create a
33705.756 -> config rule and we have an ec2 instance
33708.16 -> and we expect it to be in a particular
33709.756 -> state
33710.64 -> and then in the other case we have a rds
33714 -> instance and it's in a state that we do
33715.756 -> not like so the idea is that we try to
33717.68 -> remediate it to put it in the state that
33719.36 -> we want it to be and those configurables
33721.276 -> are just powered by lambdas as you can
33723.276 -> see based on the lambda icon there
33725.756 -> so when should you use database config
33728 -> well this is when i want this resource
33729.84 -> to stay configured a specific way for
33731.916 -> compliance i want to keep track of
33734 -> configuration changes to resources i
33736.4 -> want a list of all resources within a
33738.48 -> region and i want to use
33741.436 -> analyze potential security weaknesses
33743.52 -> and you need detailed historical
33745.276 -> information so there you go
33747.39 -> [Music]
33751.596 -> hey this is andrew brown from exam pro
33753.36 -> and in this follow along we're going to
33754.4 -> take a look at aws config so itaps
33756.24 -> config is a tool that allows you to
33758.16 -> ensure that your services are configured
33760.08 -> as expected so i've already activated it
33762.48 -> in my north virginia region so what i'm
33764.56 -> going to do is just go over to ohio here
33767.2 -> because it is per region activated and
33769.84 -> i'll go over to config and then what
33771.68 -> we'll have to do is set it up
33773.916 -> so there is this one click setup and it
33775.916 -> did skip me to the review step because
33777.52 -> it's kind of piggybacking on the
33779.2 -> configuration of my original one here
33781.12 -> but the idea is that you'll just say uh
33783.68 -> record all resources in this region or
33785.916 -> things like that you'll have to create a
33787.916 -> service role link if you have not done
33790.16 -> so so this will look a little bit
33791.276 -> different but here it's using the
33792.64 -> existing one you'll have to choose a
33794.88 -> bucket so or create a bucket uh it's not
33797.84 -> super complicated so you get through
33799.36 -> there you hit confirm and basically
33801.436 -> you're going to end up with this so the
33803.276 -> inventory
33804.48 -> lets you see all the the resources that
33807.436 -> are not all of them but most resources
33809.436 -> that are in your aws account in this
33811.04 -> particular region it this will not
33812.96 -> populate right away so you will have to
33815.36 -> wait a little bit of time for that to
33817.756 -> appear one really nice thing are
33819.52 -> conformance packs i really love these
33821.2 -> things
33822.16 -> when nativists first brought these out
33823.52 -> there was only like a couple but now
33824.8 -> they have
33825.68 -> tons and tons and tons of performance
33827.68 -> packs so you can go deploy a conformance
33829.436 -> pack and you can open up the templates
33832 -> i just want to show you look at how many
33833.596 -> they have
33835.12 -> so there's some you might recognize like
33836.96 -> nist
33838.64 -> cis things like that well architected uh
33840.96 -> stuff and all these are
33843.04 -> um and i'm not sure if it's easy to open
33845.04 -> these up but all these are if we open
33846.72 -> them up they're on github is these are
33848.56 -> just cloud formation templates to set up
33850.48 -> configuration rules so there's a variety
33853.12 -> of suggested rules uh like around i am
33856.16 -> best practices and things like that that
33857.756 -> we can load in um but the idea is that
33860.16 -> you're just going to create rules so you
33861.52 -> go here and you add a rule and they have
33863.04 -> a bunch of managed rules here
33865.276 -> that we can look at but i think it might
33867.436 -> be fun to actually run a
33870.16 -> conformance pack i'll just show you what
33871.36 -> it looks like to add a rule first so
33873.436 -> let's say we wanted to do something for
33874.8 -> s3
33876.72 -> and it was making sure that we are
33878.88 -> blocking public access so we go next
33880.88 -> here generally you'll have a trigger
33882.56 -> type you can choose whether it's
33884 -> configured when it happens or it's
33886.08 -> periodic this is disabled in this case
33888.08 -> here and you just scroll on down
33890.72 -> and then once you've added the
33892.8 -> rule
33894.08 -> what you can do
33896.72 -> is
33897.916 -> also manage remediation so if this
33900.96 -> rule said hey this thing is
33902.4 -> non-compliant we want you to take a
33904.64 -> particular action you have all these aws
33907.04 -> actions that you can perform and you can
33909.04 -> notify the right people to correct it or
33910.8 -> have it auto correct if you choose to do
33913.596 -> so
33914.96 -> for rules you can also make your own
33916.56 -> custom ones so that's just you providing
33918.64 -> your own lambda functions you're
33920.08 -> providing that lambda iron and so
33922.24 -> basically you can have it do anything
33923.756 -> that you want whatever you want to put
33925.12 -> in a lambda you can make aws config
33927.36 -> check for
33928.4 -> okay so it's not super complicated here
33931.04 -> but
33932 -> this one here is just going to go ahead
33933.52 -> and check and so if we go and reevaluate
33937.12 -> we might just take some time to show up
33938.56 -> so they're gonna say that it's compliant
33940.4 -> or non-compliant okay and i it should be
33942.88 -> compliant but while we're waiting for
33944.48 -> that to happen let's just see how hard
33945.916 -> it is to deploy a conformance pack
33947.52 -> because i feel like that's something
33948.4 -> that's really important oh you just drop
33950 -> them down and choose them that's great
33951.2 -> so we might want to go to iam here
33954.08 -> oops identity and access management
33957.52 -> and hit next
33958.8 -> and say
33959.84 -> my
33960.79 -> [Music]
33962.72 -> im best practices
33964.96 -> and you might not want to do this
33966.08 -> because it does have spend and i want to
33967.916 -> say spend it's not going to happen
33969.2 -> instantly but the idea is that if you
33970.64 -> turn this on and forget to remove it
33972.96 -> you will see some kind of charges over
33975.12 -> time because it does check based on the
33976.48 -> rules it's not super expensive but it is
33978.72 -> something to consider about
33980.8 -> but anyway so it looks like we created
33982.16 -> that conformance pack so if i refresh
33984.24 -> it looks like it's in progress i wonder
33985.84 -> if that's going to set up a cloud
33986.96 -> formation template i'm kind of curious
33988.64 -> about that
33990.08 -> so make our way over to cloudformation
33994.32 -> and it is so that's really nice because
33996.72 -> once that is done what we can do is just
33999.12 -> tear it down by deleting the stack so
34000.72 -> i'm going to go back over to our
34002.24 -> conformance pack here
34005.2 -> let's take a look here
34007.04 -> and so it still says it's in progress
34008.88 -> but it is completed and we can click
34010.4 -> into it
34012.08 -> and we can see all the things that it's
34015.04 -> doing so it says item groups have user
34016.88 -> check performance pack
34018.8 -> and so it looks like there's a bunch of
34020.56 -> cool rules uh here so
34023.36 -> what we'll do
34024.96 -> is we'll just wait a little while and
34026.4 -> we'll come back here and then just see
34028.08 -> if um this updates and see how compliant
34030.88 -> we are from a uh
34032.88 -> a basic account okay
34034.64 -> all right so after waiting a little
34035.68 -> while there it looks like some of them
34037.12 -> are being set so i just gave it a hard
34038.88 -> refresh here uh and here you can see
34041.04 -> that it's saying is root account um oops
34043.36 -> we'll give it a moment here to refresh
34045.12 -> but uh is the root account mfa applied
34047.436 -> yes have we done a password policy no
34050 -> and actually i never did a password
34051.596 -> policy which is something i forgot to do
34053.12 -> but here they're just talking about the
34054.64 -> minimums and maximums of things that you
34056.72 -> can do
34058.4 -> okay so that's a conformance pack
34060.96 -> but if we go to rules actually i guess
34062.24 -> it's all the rules here
34064.4 -> i can't really tell the difference
34065.436 -> between the conformance pack rules and
34066.88 -> our plane rules it's kind of it's kind
34068 -> of all mixed
34069.436 -> together here i think
34073.12 -> yeah so it's a bit hard to see what's
34074.8 -> going on there
34076 -> if we go to the performance pack and
34077.756 -> clicking again it might show the rules
34079.52 -> yeah there we go so here's the rules
34080.88 -> there we're seeing a little bit more
34082.32 -> information so use a hardware mfa so you
34085.276 -> know how they're talking about using a
34086.56 -> security key like what i showed you that
34088.8 -> i had earlier in the course things like
34090.32 -> that
34091.2 -> um i am password policy things like that
34094.08 -> so you know
34095.36 -> not too complicated but um i think i'm
34097.36 -> all done here so what i'm going to do
34099.84 -> is i'm going to go over to
34100.72 -> cloudformation and tear that on down but
34102.48 -> you get the idea
34104.56 -> well i might want to show you uh drift
34106.8 -> so
34107.52 -> there used to be a way
34109.36 -> it's cause i keep changing things on me
34110.8 -> here but there's a way to see
34113.12 -> uh history over time
34115.52 -> and so that was something
34118.56 -> that they used to show
34120.64 -> and i'm just trying to like find where
34122.16 -> they put it because it is like somewhere
34124.72 -> else
34126.16 -> resources maybe
34130.08 -> ah resource timeline okay so they moved
34132.16 -> it over into the resource inventory
34134.64 -> and so if we were to take a look at
34136.08 -> something anything maybe this here
34138.4 -> resource timeline
34140.64 -> and there might not be much here but the
34141.84 -> idea is it will show you over time how
34143.596 -> things have changed so the idea is that
34145.04 -> not only can you say what about config
34147.276 -> is something compliant but when was it
34149.276 -> complying and that is something that is
34150.56 -> really important to know okay so very
34152.72 -> simple example maybe not the best but
34154.4 -> the idea is that we can see when it was
34156.24 -> and was not compliant based on changes
34159.04 -> to our stuff but anyway that looks all
34162 -> good to me here so i'm going to make my
34163.68 -> way over to cloudformation actually i
34165.12 -> already already have it open over here
34167.04 -> we can go ahead and delete that stack
34169.436 -> um
34170.8 -> termination protection is enabled you
34172.64 -> must first disable it so we'll edit it
34175.12 -> disable it
34176.48 -> whatever
34178 -> okay we'll hit delete there and as
34179.596 -> that's deleting i'm going to go look for
34181.68 -> and config my original
34185.2 -> rule there
34186.4 -> again i'm not really worried about it i
34187.756 -> don't think it's going to really cost me
34188.96 -> anything but i'm also just kind of clear
34190.96 -> the house here just so you're
34192.8 -> you're okay as well
34194.56 -> and so if we go over to our rules
34197.12 -> um the one that i spun up that was
34199.276 -> custom
34200.32 -> i think was this one here because these
34201.68 -> are all grayed out right so i can go
34203.2 -> ahead there delete that rule
34205.04 -> type in delete
34207.916 -> and we are good so there you go
34210.88 -> that is
34212.88 -> it all right
34217.24 -> [Music]
34218.4 -> aws quick starts are pre-built templates
34220.48 -> by ada best and ebay's partners to help
34222.4 -> deploy a wide range of stacks it reduces
34225.04 -> hundreds of manual procedures into just
34227.436 -> a few steps
34228.64 -> the quick start is composed of three
34230.64 -> parts it has a reference architecture
34232.48 -> for the deployment a database cloud
34234.56 -> formation templates that automate and
34236.64 -> configure the deployment a deployment
34238.64 -> guide explain the architecture
34240.08 -> implementation and detail so here's an
34241.84 -> example of one that you might want to
34243.36 -> launch like the adabus q a bot and then
34245.68 -> you will get an architectural diagram a
34247.756 -> lot of information about it and from
34249.276 -> there you can just go press the button
34251.276 -> and launch this infrastructure most
34253.916 -> quick start reference deployments enable
34255.596 -> you to spend up a fully functional
34257.04 -> architecture in less than an hour and
34259.2 -> there is a lot as we will see here when
34261.436 -> we take a look for ourselves
34263.68 -> [Music]
34267.916 -> all right so here is uh it was quick
34270.32 -> starts where we have a bunch of cloud
34272.08 -> formation templates uh built by aws or
34274.64 -> amazon or a best partner networks apn
34277.436 -> partners
34278.48 -> and there's a variety of different
34280.16 -> things here so i'm just going to try to
34281.436 -> find something like q and a bot
34284.32 -> q and a bot just type in bot here
34287.2 -> and i don't know why it was here the
34288.72 -> other day now it's not showing up which
34290.32 -> is
34291.04 -> totally fine but um you know i just want
34293.2 -> anything to deploy just to kind of show
34294.96 -> you what we can do with it
34296.72 -> so you scroll on down we have uh this
34299.04 -> graphic here that's representing what
34300.72 -> will get deployed so we have cloudfront
34302.64 -> s3 dynamodb
34304.48 -> systems manager lex paulie all these
34306.88 -> kind of fun stuff
34309.12 -> and there's some information about how
34310.56 -> it is architected and the idea is you
34312.8 -> can go ahead and launch in the console
34314.48 -> or view the implementation guide let's
34316.4 -> go take a look here
34317.84 -> um and there's a bunch of stuff so we
34320.16 -> have solutions and things like that
34321.756 -> conversational things like that
34324.4 -> but what i'm going to do is go ahead and
34325.916 -> see how far i can get to launching with
34328.08 -> this it doesn't really matter if we do
34329.916 -> launch it but it's just the fact that um
34331.596 -> i wanted to show you what you can do
34333.436 -> with it so if we go to the designer it's
34335.12 -> always fun to look at it in there
34337.36 -> because then we can kind of visualize
34338.8 -> all the resources that are available
34341.436 -> and i thought that that would populate
34343.276 -> over there but maybe
34344.88 -> we did the wrong things i'm just going
34346.32 -> to go back and click
34349.12 -> i'm just going to click out of this
34352.48 -> oops cancel let's close that
34354.72 -> leave yes
34356.08 -> and we will launch that again
34360.08 -> and so
34361.596 -> this oh view in the designer hit the
34363.2 -> wrong button okay
34367.36 -> so now this should show us the template
34370.8 -> it might just be loading
34374.4 -> there we go so this is what it's going
34376 -> to launch and you can see there's a lot
34377.36 -> going on here i'm just going to shrink
34379.04 -> that there uh and i don't know if you
34381.04 -> can make any sense of it but clearly
34383.2 -> it's doing a lot
34384.8 -> and so if we were happy with this and we
34386.64 -> wanted to launch it i know i keep
34388 -> backing out of this but we're going to
34389.276 -> go back into it one more time
34392.24 -> we can go here and we go next
34394.96 -> and then we would just fill in what we
34396.32 -> want so you name it put the language in
34398.4 -> and this is stuff that they set up so
34399.756 -> maybe you want a mail voice
34401.596 -> set the admin and stuff like that and
34404 -> it's that simple really
34406 -> um and every stack is going to be
34407.84 -> different so they're all going to have
34408.88 -> different configuration options but
34410.4 -> hopefully that gives you kind of an idea
34412.48 -> of what you can do with quick starts
34414.16 -> okay
34415.83 -> [Music]
34420.16 -> let's take a look at the concept of
34422 -> tagging within aws so a tag is a key and
34425.04 -> value pair that you can assign to any of
34427.276 -> this resource so as you are creating a
34429.756 -> resource is going to prompt you to say
34431.36 -> hey what tags do you want to add you're
34433.276 -> going to give a key you're going to give
34434.64 -> a value and so some examples could be
34436.96 -> something like based on department the
34439.12 -> status the team the environment uh the
34442.48 -> project as we have the example here the
34444.72 -> location
34446.08 -> and so tags allow you to organize your
34447.52 -> resources in the following way for
34448.96 -> resource management so specific
34450.56 -> workloads so you can say you know
34452.72 -> developer environments cost management
34454.4 -> and optimization so cost tracking
34456.48 -> budgets and alerts operations management
34458.72 -> so business commitments sla operations
34461.04 -> mission critical services security so
34463.36 -> classification of data security impact
34465.756 -> governance and regulatory compliance
34467.84 -> automation workload automation and so
34470.96 -> it's important to understand that
34472.08 -> tagging can be used in junction with i
34474.8 -> am policy so that you can restrict
34476.8 -> access or things like that based on
34478.64 -> those tags okay
34483.05 -> [Music]
34484.4 -> all right i just want to show you one
34485.68 -> interesting thing about tags um and it's
34488.64 -> just the fact that it's used as the name
34491.276 -> for some services so when you go to ec2
34494.24 -> and you launch an instance uh the way
34496.24 -> you set the name is by giving it a tag
34498.24 -> called name and i just want to prove
34499.52 -> that to you
34501.276 -> just like one of those little exceptions
34502.8 -> here so we choose an instance here
34505.916 -> we go to configure storage and then what
34508.16 -> we do is we add a tag and we say name
34511.436 -> and my server name okay and then we go
34514.48 -> ahead and review and launch
34516.48 -> we're going to launch this i don't need
34518 -> a key pair so we'll just say proceed
34519.756 -> without key pair
34521.36 -> i acknowledge
34523.68 -> okay
34526.24 -> and we will go view the instances and
34528.48 -> you'll see that is the name so um that's
34530.8 -> just like one of those exceptions or
34533.36 -> things that you can do with tags if
34534.96 -> there's other things with tags i have no
34536.56 -> idea that's just like a a basic one that
34539.756 -> everybody should know and that's why i'm
34541.68 -> shown to you with the tags but there you
34543.52 -> go
34544.39 -> [Music]
34548.4 -> so we just looked at tags now let's see
34550.16 -> what we can do with resource groups
34551.596 -> which are a collection of resources that
34553.436 -> share one or more tags or another way to
34555.756 -> look at it it's a way for you to take
34558.24 -> multiple tags and organize them
34561.12 -> into resource groups so it helps you
34563.436 -> organize and consolidate information
34565.04 -> based on your project and the resources
34566.88 -> that you use resource groups can display
34569.276 -> details about a group of resources based
34571.276 -> on metrics alarms configuration settings
34574.64 -> and at any time you can modify the
34576.32 -> settings of your resource groups to
34578.08 -> change what resources appear resource
34580.8 -> groups appear in the global console
34582.88 -> header
34583.916 -> which is over here and under the systems
34586.08 -> manager so technically it's part of aws
34588.88 -> simple systems manager or systems
34590.56 -> manager interface but it's also part of
34592.96 -> the global interface so sometimes that's
34594.72 -> a bit confusing but that's where you can
34596.88 -> find it okay
34597.86 -> [Music]
34602 -> all right so what i want to do is
34603.276 -> explore resource groups and also
34606.56 -> tagging so what i want you to do is type
34608.4 -> in resource groups at the top here and
34611.2 -> it used to be accessible
34613.756 -> not sure where they put it but it used
34614.96 -> to be accessible here at the top but
34616.24 -> they might have moved it over to systems
34617.916 -> manager so i'm going to go to ssm here
34620.64 -> not sure why i can't seem to find it
34622.08 -> today
34623.2 -> and on the left hand side we're going to
34625.276 -> look for
34627.52 -> resource groups
34665.84 -> you
34735.596 -> all right so what i want to do is take a
34737.12 -> look at resource groups and i'm really
34739.36 -> surprised because it used to be
34740.88 -> somewhere in the global now but
34743.2 -> i think they might have changed it um
34746 -> and what's also frustrating is if i go
34747.916 -> over to systems manager it was over here
34750.72 -> as well and so on the left-hand side i'm
34753.2 -> looking for resource groups it's not
34755.596 -> showing up so
34757.12 -> i don't really the best you keep moving
34758.56 -> things around on me and i'm i can only
34760.4 -> update things so quickly in my courses
34762.8 -> but if you type in resource groups and
34764.4 -> tag editor it's actually over here
34767.2 -> um i guess it's its own standalone
34768.88 -> service now why they keep changing
34770.32 -> things i don't know
34772 -> but uh
34773.04 -> the idea is we want to create a resource
34774.72 -> group so you can create unlimited single
34776.88 -> region groups in your abel's account use
34779.436 -> the group to view related insights
34781.36 -> things like that so i'm going to go
34782.48 -> ahead and create a resource group you
34784.08 -> can see it can be tag based or cloud
34785.596 -> formation based but i don't have any
34787.756 -> tags i don't really have anything tags
34789.436 -> so what i'm going to do
34790.88 -> is make my way over to s3 we're just
34792.56 -> going to create some resources or a
34794.32 -> couple resources here with some tags so
34796.4 -> that we can do some filtration so i can
34798 -> go ahead and create a bucket i'm going
34799.52 -> to say my
34800.96 -> bucket uh this like that whoops
34805.36 -> and then down below i'm going to go down
34806.72 -> to tags and we're going to say project
34809.436 -> and we're going to say um
34812 -> rg for resource group
34815.916 -> okay and then i can go back over here
34817.84 -> and then i'm going to just say
34819.436 -> i can say exactly what type i want i'm
34821.2 -> going to support all resource types
34823.84 -> and i'm going to say project
34828 -> rg see how it auto-completes
34830.72 -> and we'll go down below
34832.24 -> we'll just say
34834.88 -> my rg
34836.96 -> a test rg
34839.276 -> we'll create that
34842.8 -> and so now we have a resource group and
34844.4 -> we can see them all in one place
34846.48 -> resource groups are probably useful for
34848.88 -> using in
34850.16 -> policy so you can say say like resource
34852.56 -> group
34853.596 -> i am policies
34856 -> that's probably what they're used for
34860.16 -> okay so before i use i am managed to
34861.756 -> actually realize groups you should
34862.8 -> understand i am features things like
34864.56 -> that
34866.88 -> and so administrators can use json
34869.68 -> policies to specify who has access to
34871.68 -> what
34872.56 -> and so a policy action a resource group
34874.56 -> is used following the prefix resource
34876.4 -> groups
34877.756 -> so
34878.72 -> my thought process there is that if you
34881.2 -> want to say okay you have access to a
34883.68 -> resource you can just specify a resource
34885.916 -> group and it will include all the
34887.756 -> resources within there and so that might
34890.08 -> be
34890.8 -> a better way to apply permissions at a
34893.12 -> per project basis
34895.04 -> um and that could save you a lot of time
34896.8 -> writing out i am policies so
34899.36 -> that's basically all there really is to
34901.04 -> it also you kind of get an overview of
34902.96 -> of the resources that are there
34906.72 -> so that can be kind of useful as well
34908.8 -> there's the tag editor here i can't
34910.8 -> remember what you use this for you can
34912.88 -> set up tag policies
34915.276 -> tag policies help you standardize tags
34917.12 -> on resource groups and your accounts use
34919.2 -> to define tech policies and absorb to
34921.276 -> attach them to the entire organization
34923.36 -> um we're not in the org account so i'm
34925.436 -> not going to show you this and it's not
34926.8 -> that important
34928 -> but just understand that resource groups
34929.436 -> can be created and they are used within
34931.36 -> i am policies in order to um
34934.48 -> grant or deny access to stuff
34936.72 -> you go ahead and delete that resource
34938.24 -> group and really aws stop moving that on
34940.64 -> me if you move one more time i'm just
34942 -> never going to talk about resource
34943.12 -> groups again okay
34948.72 -> hey this is andrew brown from exam pro
34950.48 -> and we're taking a look at business
34951.68 -> centric services and you might say well
34954 -> why because an exam guide it explicitly
34956.56 -> says that these are not covered but the
34958.72 -> thing is is that when you're taking the
34960.32 -> exam some of the choices might be some
34963.36 -> of these services as distractors and if
34965.436 -> you know what they are it's going to
34967.276 -> help make sure that you um
34969.84 -> guess correctly and the thing is that
34971.84 -> some of these services are useful you
34973.36 -> should know about them so that's another
34975.2 -> reason why i'm talking about them here
34977.436 -> so the first one is amazon connect this
34979.04 -> is a virtual call center you can create
34980.96 -> workflows to write callers you can
34982.64 -> record phone calls manage a queue of
34984.56 -> callers based on the same proven system
34986.56 -> used by amazon customer service teams we
34989.04 -> have workspaces this is a virtual remote
34990.88 -> desktop service secure managed service
34993.04 -> for provisioning either windows or linux
34994.48 -> desktops in just a few minutes which
34996.48 -> quickly scales up to thousands of
34998 -> desktops we have workdocs which is a
35000.08 -> shared collaboration service a
35002.08 -> centralized storage to share content and
35003.68 -> files it is similar to microsoft
35005.12 -> sharepoint think of it as a shared
35006.72 -> folder where the company has ownership
35009.04 -> we have chime which is a video
35010.4 -> conference service it is similar to zoom
35012.16 -> or skype you can screen share have
35014.24 -> multiple people on the on the same call
35016.4 -> it is secure by default and can show you
35018.48 -> a calendar of upcoming calls we have
35020.8 -> work mail this is a managed business uh
35022.8 -> email contacts calendar service with
35024.96 -> support of existing desktop and mobile
35026.96 -> email client applications that can
35029.04 -> handle things like imap similar to gmail
35031.2 -> or exchange we have pinpoint this is a
35033.436 -> marketing campaign management service
35035.52 -> pinpoint is for sending targeted emails
35038 -> via sms push notifications voice
35040.48 -> messages so you can perform um a to b
35043.276 -> testing or create journey so complex
35045.36 -> email response workflows we have ses
35048.4 -> this is a transactional email service
35050.64 -> you can integrate ses into your
35052.24 -> application to send emails you can
35054.16 -> create common templates track open rates
35056.32 -> keep track of your reputation we have
35058.16 -> quicksite this is a business
35059.276 -> intelligence service connect multiple
35061.596 -> data sources and quickly visualize data
35063.52 -> in the form of graphs with little to no
35065.68 -> knowledge definitely you want to
35066.96 -> remember quicksite ses pinpoint
35069.756 -> because those definitely will show up in
35071.04 -> the exam the rest probably not but they
35072.72 -> could show up as distractors okay
35075.21 -> [Music]
35079.52 -> hey this is andrew brown from exam pro
35081.276 -> and we are taking a look at provisioning
35082.64 -> services so let's first define what is
35084.8 -> provisioning so provisioning is the
35086.24 -> allocation or creation of resources and
35088 -> services to a customer and its
35090 -> provisioning services are responsible
35091.596 -> for setting up and managing those awes
35093.436 -> services we have a lot of services that
35095.436 -> do provisioning most of them are just
35097.36 -> using cloud formation underneath which
35098.8 -> we'll mention here but let's get to it
35100.4 -> the first is elastic bean stock this is
35102.24 -> a platform as a service to easily deploy
35104.16 -> web apps eb will provision various
35106.32 -> adwords services like ec2 s3 sns cloud
35109.12 -> watch ec2 auto scaling groups load
35111.2 -> balancers
35112.48 -> and you can think of it as the heroku
35114.32 -> equivalent to aws then you have opsworks
35117.276 -> this is a configuration management
35118.56 -> service that also provides managed
35120.08 -> instances of open source configuration
35122.08 -> managed software such as chef and public
35123.84 -> puppet so you'll say i want to have a
35126.72 -> load balancer or i want to have servers
35128.96 -> and it will provision those for you
35130.72 -> indirectly then you have cloudformation
35132.88 -> itself this is an infrastructure
35134.48 -> modeling and provisioning service it
35136.16 -> automates the provisioning of aws
35137.436 -> services by writing cloud formation
35138.88 -> templates in either json or yaml and
35140.88 -> this is known as iac or infrastructures
35143.04 -> of code you have quick starts these are
35145.04 -> pre-made packages that can be launched
35147.36 -> and configure your abus compute network
35149.2 -> storage and other services required to
35150.88 -> deploy a workload on the bus we do cover
35153.36 -> this in this course but quick starts is
35155.04 -> basically just confirmation templates
35157.12 -> that are authored by the community or
35159.52 -> by um
35161.12 -> amazon partner network okay
35162.96 -> then we have abs marketplace this is a
35164.56 -> digital catalog for thousands of
35165.84 -> software listings of independent
35167.04 -> software vendors that you can use to
35168.48 -> find buy and test and deploy software so
35170.64 -> the idea is that you know you can go
35172.48 -> there and provision whatever kind of
35173.84 -> resource you want we have abs amplify
35176.16 -> this is a mobile web app framework that
35178.32 -> will provision multiple able services as
35180.08 -> your backend it's specifically for
35182 -> serverless services i don't know i
35183.68 -> didn't write that in there
35185.12 -> but you know like dynamodb um
35188 -> things like uh whatever the graphql
35190.32 -> service is called api gateway things
35192.64 -> like that
35193.84 -> then we have aws app runner this is a
35195.436 -> fully managed service that makes it easy
35196.96 -> for developers to quickly deploy
35198.4 -> containerized web apps and apis at scale
35201.2 -> with no prior information experience
35202.72 -> required it's basically a platform as a
35204.72 -> service but for containers
35207.12 -> we have abas copilot this is a command
35209.04 -> line interface that enables customers to
35210.72 -> quickly launch and manage containerized
35212.48 -> applications any bus it basically is a a
35216.16 -> cli tool that sets up a bunch of scripts
35218.16 -> to set up pipelines for you makes things
35220.08 -> super easy we have aws codestart this
35222.32 -> provides a unified user interface
35223.916 -> enabling you to manage your software
35225.436 -> development activities in one place
35227.12 -> usually launch common types of stacks
35228.72 -> like lamp then we have cdk and so this
35231.84 -> is infrastructure as a code tool allows
35233.52 -> you to use your favorite programming
35234.88 -> language generates that confirmation
35236.32 -> templates as a means of ic so there you
35239.276 -> go
35239.9 -> [Music]
35243.756 -> hey this is andrew brown from exam pro
35245.596 -> and we're taking a look at aws elastic
35247.276 -> beanstalk before we do let's just define
35249.436 -> what passes so platform as a service
35251.596 -> allows customers to develop run and
35253.2 -> manage applications without the
35255.12 -> complexity of building and maintaining
35256.56 -> the infrastructure typically associated
35258.56 -> with developing and launching an app and
35261.04 -> so elastic bean stock is a pass for
35263.436 -> deploying web apps with little to no
35265.756 -> knowledge of the underlying
35266.72 -> infrastructure so you can focus on
35268.32 -> writing application code instead of
35270.16 -> setting up an automated deployment
35271.916 -> pipeline or devops tasks the idea here
35274.88 -> is you choose a platform upload your
35276.48 -> code and it runs with little knowledge
35278.56 -> of the infrastructure and aws will say
35280.8 -> that it's generally not recommended for
35282.16 -> production apps but just understand that
35283.756 -> they are saying this for enterprises and
35285.596 -> large companies
35286.88 -> if you're a small to medium company you
35288.64 -> can run elastic beanstalk for quite a
35290.16 -> long time it'll work out great elastic
35292.32 -> being stock is powered by cloudformation
35293.84 -> templates and it sets up for you elastic
35296.48 -> load balancer asgs
35298.56 -> rds ec2 instances pre-configured for
35301.2 -> particular platforms uh monitoring
35303.916 -> integration with cloudwatch sns
35306.4 -> deployment strategies like in-place
35308.16 -> blue-green deployment has security built
35310.8 -> in so it could rotate out your passwords
35312.64 -> for your databases and it can run
35314.72 -> dockerized environments and so when we
35316.32 -> talk about platforms you can see we have
35318.08 -> docker multi-container docker
35321.04 -> go.net java node.js ruby php python
35324.32 -> tomcat go a bunch of stuff and just to
35327.36 -> kind of give you that architectural
35328.48 -> diagram to show you that it can launch
35330.56 -> of multiple things okay
35332.4 -> [Music]
35336.72 -> hey it's andrew brown from exam pro and
35338.4 -> in this follow along we're going to
35339.596 -> learn all about elastic bean stock maybe
35342 -> not everything but we're going to
35343.84 -> definitely know how to at least
35346 -> use the service so elastic beanstalk is
35348.4 -> a platform as a service and what it does
35350.16 -> is it allows you to uh deploy web
35352.96 -> applications very easily so here i've
35355.276 -> made my way over to elastic beanstalk
35356.88 -> open environment and app and then we set
35359.2 -> up our application
35360.64 -> we have two tiers a web server
35362 -> environment a worker environment worker
35363.916 -> environment's great for long running
35365.2 -> workloads
35366.64 -> performing background jobs and things
35368.48 -> like that and then you have your web
35370 -> server which is your web server and you
35372.08 -> can have both and it's generally
35373.36 -> recommended to do so um but anyway what
35376.16 -> we'll do is create a new application so
35377.84 -> let's say my app here and there's some
35381.2 -> tags we can do and then it will name
35383.12 -> based on the environment then we need to
35385.12 -> choose an environment name so let's say
35386.96 -> my environment and just put a bunch of
35388.48 -> numbers in there hit the check
35390 -> availability scroll on down and we have
35391.916 -> two options manage platform custom
35394.08 -> platform and i'm not sure why custom is
35396.64 -> blanked out but it would allow you to
35399.52 -> um it would allow you to i think use
35401.68 -> your own containers so i'm a big fan of
35403.756 -> ruby so i'm gonna drop down to ruby
35406.16 -> and here we have a bunch of different
35407.436 -> versions and so 2.7 is pretty pretty new
35410.72 -> which is pretty good
35412 -> and then there's the platform version
35413.276 -> which is fine and the great thing is it
35414.64 -> comes with a sample application now you
35416.88 -> could hit create environment but you'd
35418.48 -> be missing out on a lot if you don't hit
35420 -> this configure more options i don't know
35421.84 -> why they put it there it's a not very
35423.596 -> good ui but
35425.52 -> if you click here you actually get to
35426.8 -> see everything possible and so up here
35429.04 -> we have some presets where we can have a
35430.8 -> single instance so
35432.4 -> this is where it's literally running a
35434.08 -> single ec2 instance so it's very cost
35435.68 -> effective you can have it with spot spot
35437.84 -> pricing so you save money
35439.916 -> there's high availability so you know if
35442.08 -> you want it set up with a load balancer
35443.916 -> an auto scaling group it will scale very
35445.916 -> well or you can do custom configuration
35448.08 -> we scroll on down here
35450.56 -> you can enable amazon x-ray you can
35452.8 -> rotate out logs you can do log streaming
35456.32 -> um there's a lot of stuff here
35458.88 -> and basically it's just like it sets up
35461.04 -> most for you but you can pretty much
35462.64 -> configure what you want as well if we
35464.64 -> have the load bouncer set if i go here
35466.96 -> go to high availability now we'll be
35468.8 -> able to change our load balancer options
35470.96 -> you have different ways of deploying so
35472.8 -> you can go here and then change it from
35474.56 -> all at once rolling immutable traffic
35476.48 -> splitting depends on what your use case
35478.4 -> is
35480.48 -> we can set up a key pair to be able to
35482.8 -> log into the machine
35485.36 -> there's a whole variety of things you
35487.36 -> can connect your database as well so it
35489.04 -> can create the database alongside with
35491.04 -> it and then it can actually rotate out
35493.276 -> the key so you don't have to worry about
35494.88 -> it which is really nice what i'm going
35496.4 -> to do is go to the top here and just
35497.84 -> choose a single instance because i want
35499.2 -> this to be very cost effective we're
35500.88 -> going to go ahead and hit create
35502.32 -> environment
35504.16 -> and so we're just going to wait for that
35506.8 -> to start up and i'll see you back when
35508.48 -> it's done okay
35511.276 -> okay so it's been uh quite a while here
35513.84 -> and it says a few minutes so if it does
35515.84 -> do this what you can do is just give it
35517.436 -> a hard refresh i have a feeling that
35518.72 -> it's already done is it done
35521.68 -> yeah it's already done so and here it
35523.276 -> says on september 2020 elasticity so i
35525.436 -> can use etc default default i don't care
35528.56 -> but anyway so this application i guess
35530.56 -> it's an appending state
35532.88 -> i'm not sure why let's go take a look
35534.8 -> here causes instance has not sent any
35537.52 -> data since launch
35539.276 -> none of the instances are sending data
35540.88 -> so that's kind of interesting because
35542.96 -> um
35544.24 -> i shouldn't have any problems you know
35545.596 -> what i mean
35546.64 -> so what i'm going to do is just reboot
35548 -> this machine and see if that fixes the
35549.68 -> issue there but usually it's not that
35551.436 -> difficult because it's the sample
35552.72 -> application it's not up to me
35554.88 -> um as to how to fix this
35557.68 -> you know what i mean so
35559.916 -> i'm not sure but um what we'll do is
35563.12 -> we will let the machine reboot and see
35565.2 -> if that makes any difference okay
35567.04 -> all right so after rebooting that
35568.16 -> machine now it looks like the server is
35569.52 -> healthy so it's not all that bad right
35572.16 -> if you do run in issues that is
35573.36 -> something that you can do
35575.12 -> and so
35576.64 -> uh let's go see if this is actually
35578.56 -> working so the top here we have a link
35580.32 -> and so i can just right click here it
35582.24 -> says congratulations your first aws
35584.16 -> elastic beanstalk ruby application is
35586.48 -> now running so it's all in good shape
35589.68 -> there's a lot of stuff that's going on
35591.12 -> here in elastic beanstalk that we can do
35593.36 -> we can go back to our configuration and
35595.276 -> change any of our options here so
35597.596 -> there's a lot of stuff as you can see
35599.916 -> we get logging so click the request log
35602.48 -> so if we click on this and say last 100
35604.8 -> lines
35606.64 -> we should be able to get logging data we
35609.04 -> have to actually download it i wish it
35610.48 -> was kind of in line but here you can
35612.08 -> kind of see what's going on so we have
35614 -> sdo access logs error logs puma logs
35616.96 -> elastic bean stock engine so you could
35619.04 -> use that to debug very common to take
35621.436 -> that over to
35622.88 -> support if you do have issues
35624.96 -> for health it monitors the health of the
35626.96 -> instances which is great then we have
35629.12 -> some
35630.32 -> monitoring data here so it gives you
35633.12 -> like a built dashboard so that's kind of
35635.276 -> nice you can set up alarms um you have
35637.756 -> not defined any alarms you can add them
35639.2 -> via the monitoring dashboard so i guess
35641.36 -> you'd have to
35643.68 -> you'd have to somehow add them i don't
35645.596 -> think i've ever added alarms for um
35648.32 -> elastic beanstalk but it's nice to know
35649.916 -> that they have them
35651.276 -> you can set up schedules for managed
35653.12 -> events then this is event data so it's
35655.68 -> just kind of telling you it's kind of
35656.8 -> like logs it just tells you of things
35658.88 -> that have changed
35660.4 -> so there's stuff like that what i'm
35662.24 -> looking for is to see how i can download
35664.64 -> the existing application
35667.596 -> because there's a version uploaded here
35669.52 -> oh the source is over here okay
35672.24 -> so
35674.16 -> i think it's probably over here the one
35675.68 -> that's running
35677.276 -> so that's it
35680.64 -> if it was easy to find what i probably
35682.16 -> would do is just modify it and oh yeah
35684.16 -> it's over here so if we go here and
35686.16 -> download the zip
35690.24 -> i wonder if it'd be even worth um
35692.24 -> playing with us so let's i'm just going
35693.84 -> to see if we can go over to cloud9
35696.72 -> and give this a go quickly
35699.436 -> so if we go over and launch a cloud9
35701.436 -> environment maybe we can tweak it and
35703.36 -> upload a revised version so we'll say
35706 -> create new we'll say eb
35708.96 -> um
35711.436 -> environment for elastic beanstalk
35713.84 -> we'll set it all the defaults that's all
35715.36 -> fine it's all within the free tier we'll
35716.96 -> create that environment
35718.48 -> what i'm going to do is just take this
35720.72 -> ruby zip file and move it to my desktop
35723.596 -> and as that is loading we'll give it a
35725.04 -> moment here i'm just going to go back
35727.36 -> and i was just curious does it let you
35728.96 -> download it directly from here no
35731.84 -> the only thing is that you know if you
35733.12 -> download that application
35735.52 -> elastic beanstalk usually has a
35736.88 -> configuration file with it and so i
35738.48 -> don't know if they would have given that
35740.8 -> to us
35741.84 -> but if it did that would be really great
35744.4 -> but we just have to wait for that to
35746.24 -> launch there as well
35748.32 -> i guess you can save configurations and
35750 -> roll back on those as well
35754.56 -> um but we will just wait a moment here
35758.56 -> while it's going i might just peek
35760 -> inside of this file to see what it is
35762.24 -> this zip contains
35764.8 -> just going to go my desktop here open up
35766.8 -> that zip
35768.64 -> so it looks pretty simple it doesn't
35770.56 -> even look like a rails app it looks like
35771.916 -> maybe it's a sinatra app i thought
35773.756 -> before that they would it would have
35774.96 -> deployed a ruby on rails application but
35776.8 -> maybe they keep it really simple
35778.88 -> um
35781.04 -> i don't see
35782.4 -> usually it's like yaml files they use
35784.56 -> for configuration i don't see that there
35788.24 -> so
35789.436 -> it might be that the default settings
35791.12 -> will work fine there's a config.ru and
35793.756 -> stuff like that but once cloud9 is up
35795.916 -> here we will upload this and see what we
35798.4 -> can do with it okay so there we go
35800.56 -> cloud9 is ready to go and so if we right
35802.64 -> click here whoops right click here we
35804.88 -> should be up be able to upload a file if
35806.88 -> not we can go up here to the top
35809.36 -> or it's here or there
35812.8 -> where is the upload i've i've uploaded
35814.96 -> things in here so i absolutely know we
35816.24 -> can i just gotta find it
35821.68 -> is that the upload
35826.8 -> upload files cloud9
35836.88 -> oh boy that's not helpful
35838.88 -> that's not helpful at all
35840.72 -> so let me just click around a little bit
35842.48 -> here i mean worst case i can always just
35844.08 -> bring it in via a curl oh upload local
35846.32 -> files there it is
35847.596 -> i was just not um being patient okay so
35850.24 -> we'll drag that on in there
35852.32 -> and we will
35854.56 -> did it upload yep it's right there okay
35856.56 -> great and so we need to unzip it so what
35858.48 -> i'll do is just drag this on up here
35860.24 -> i'll do an ls and we'll say unzip
35863.68 -> ruby.zip
35865.276 -> and so that unzipped the contents there
35867.756 -> i think the readme was part of cloud9 so
35871.12 -> i'm going to go ahead and delete that
35872.16 -> out
35873.36 -> not that it's going to hurt anything
35875.276 -> and so now what we can do we'll delete
35876.88 -> the original
35879.04 -> original zip there
35881.596 -> um and let's see if we can make a change
35884.24 -> here so i'm just going to open up see
35885.756 -> what it is so it's yeah it's running
35887.2 -> sinatra so that's pretty clear there
35889.68 -> we have a profile to see how it runs we
35891.84 -> have a worker sample so that just tells
35894.32 -> how the requests go
35895.756 -> you don't need to know any of this i'm
35896.88 -> just kind of clicking through it because
35897.916 -> i know ruby very well we have a cron
35900.08 -> yaml file so that could be something
35902.08 -> that gets loaded in here so i think
35904.24 -> basically a sinatra app probably just
35906.16 -> works
35907.12 -> off the bat here but if we want to make
35908.64 -> a change we probably just mix up a
35909.916 -> change over to here
35911.52 -> so i'll go down here and this is your
35915.12 -> second
35916.16 -> aws elastic bean stock application so
35918.56 -> the next thing we need to do is actually
35919.916 -> zip the contents here
35921.52 -> i don't know if it would let us zip it
35923.436 -> within here but also look like zip the
35926 -> contents of a directory
35930 -> linux
35931.12 -> just goes to show
35933.436 -> google is everything
35935.756 -> so the easiest way to zip a folder
35940.4 -> um
35947.276 -> zip
35948.72 -> everything in the current directory
35953.04 -> linux
35958.56 -> okay that's easy so
35960.48 -> we'll go back over here
35962.32 -> and we will type in zip
35965.596 -> and it wants hyphen r for recursive
35967.916 -> which makes sense
35969.756 -> and then the name of the zip so
35974.64 -> ruby2.zip
35977.436 -> and we'll do period
35982.08 -> zip warning found is
35984 -> who is
35985.52 -> zip
35988.32 -> oh
35989.84 -> uh
35990.96 -> yum install zip
35993.04 -> maybe we have to install uh zip but
35994.72 -> maybe it's not installed
35997.2 -> pseudo yum install zip
36000.08 -> since amazon likes to uses yum
36003.52 -> and so package already installed so i'm
36005.68 -> gonna type zip again so zip is there now
36007.52 -> great oops don't need install twice
36013.916 -> zip warning ruby two zip not found or
36016.48 -> empty
36025.2 -> okay so install zip and use zip hyphen r
36029.12 -> you can use the flag to best
36031.756 -> compensate
36034.72 -> so if that's not working what i'm going
36036.16 -> to do is just go up a directory
36042.8 -> why is it saying not found or empty
36054.4 -> hmm
36061.12 -> maybe i need to use
36067.276 -> okay so i think the problem was i was
36069.04 -> using the wrong flag so i put f instead
36071.36 -> of r i don't know why i did that so i
36073.436 -> probably should have done this
36075.04 -> okay and so that should have copied all
36076.96 -> the contents of that file so what i'm
36078.24 -> going to do is go ahead whoops make sure
36080.32 -> i have that selected and download that
36081.916 -> file
36083.04 -> and once i have downloaded that file i'm
36085.04 -> going to just open the contents to make
36086.8 -> sure it is what i expect it to be
36089.756 -> so we're going to open that up and oops
36092.32 -> get out of here winrar and it looks like
36094.72 -> everything i want so
36096.32 -> what i'm going to do is go back over to
36098.96 -> here i'm going to make sure i have my
36100.72 -> ruby 2 on my desktop
36103.12 -> and we're going to see if we can upload
36104.4 -> another version here so upload deploy
36106.8 -> choose the file we're gonna go all the
36108.88 -> way to my desktop here and we're gonna
36110.4 -> choose ruby two
36112.08 -> and
36113.276 -> um like ruby two will be the version
36115.68 -> name or we'll just say two
36117.68 -> and we'll deploy and we'll see if that
36119.276 -> works
36120.32 -> okay but there are like uh elastic being
36122.72 -> stock configuration files like gamble
36124.32 -> files that can sit in the root directory
36126 -> and so generally you're used to seeing
36127.52 -> them there but you know i imagine that
36129.596 -> databus probably engineered these
36131.04 -> examples so that it uses all the default
36132.88 -> settings but once this is deployed i'll
36135.52 -> see you back here in a moment okay
36137.36 -> after a short little wait it looks like
36138.8 -> it has deployed so what i'm going to do
36140.32 -> is just close my other tabs here and
36142.24 -> open this up and see if it's worked it
36144.48 -> says your second awesome beanstalk ruby
36147.596 -> application so
36149.12 -> we were successful uh deploying that out
36151.596 -> which is really great so what we can do
36153.276 -> now is just close that tab there
36155.36 -> and since we have that cloud no
36156.88 -> environment it will shut down on its own
36159.04 -> but you know just for your benefit i
36161.596 -> think that we should shut it off for
36162.8 -> right now so go ahead and delete that
36165.276 -> i'm going to go back over to elastic
36166.72 -> bean stock here and i just want to
36169.12 -> destroy all of it so we'll see if we can
36171.436 -> just do that from here terminate the
36173.276 -> application
36175.52 -> enter the name
36177.2 -> so i think we probably have to enter
36178.64 -> that in there
36181.04 -> and so i think that
36182.8 -> oh a problem occurred right
36185.2 -> exceeded
36187.68 -> what
36189.12 -> let's say aws for you so it's not a big
36191.12 -> deal i would just go and check it again
36194.24 -> and maybe what we'll do is just delete
36195.916 -> the application first
36201.596 -> okay so that one is possibly deleting
36208.88 -> let's go in here is anything changing
36213.84 -> can't even tell
36215.436 -> we'll go ahead oh can't take that one
36217.2 -> out
36230.32 -> delete application again
36233.2 -> if it takes a couple times it's not a
36234.56 -> big deal
36237.36 -> it's aws for yes so
36239.756 -> there's a lot of moving parts so it
36241.2 -> looks like it is terminating the
36242.4 -> instance and so we just have to wait for
36244.72 -> that to complete
36246.08 -> uh once that is done we might have to
36247.596 -> just tear down the environment so i'll
36248.88 -> see you back here when it has finished
36250.96 -> tearing this down okay all right so
36252.48 -> after a short little wait here i think
36253.84 -> it's been destroyed we'll just double
36255.2 -> check by going to the applications going
36256.88 -> to the environments yeah and it's all
36258.64 -> gone probably because i initially
36260.16 -> deleted that environment and then took
36261.52 -> the application with it so i probably
36262.96 -> didn't have to delete the app separately
36265.12 -> um but uh yeah so there you go just make
36267.84 -> sure your cloud9 environment's gone and
36269.36 -> you are a-okay there'll probably be some
36271.68 -> like lingering s3 buckets so if you do
36273.436 -> want to get rid of those you can it's
36274.72 -> not going to hurt anything having those
36276.32 -> around
36277.596 -> but they do tend to stack up after a
36279.596 -> while which is kind of annoying so if
36281.36 -> you don't like them you can just empty
36282.88 -> them out
36284.56 -> as i am doing here whoops
36287.2 -> i'll just permanently delete
36291.2 -> copy that text there
36293.916 -> then go back
36297.756 -> to here and then just go
36299.68 -> take out that bucket
36301.36 -> let's delete that there
36306.96 -> oh if you get this this is kind of
36308.72 -> annoying but uh elastic beanstalk likes
36310.88 -> to put in an imp permission or policy in
36313.276 -> here so if you go down here there's a
36314.56 -> bucket policy you just have to delete it
36316.32 -> out it prevents it from being deleted
36320.24 -> and we'll go back over here
36322.88 -> and then we will delete it
36326.16 -> okay
36327.52 -> and yeah there we go that's it
36332.57 -> [Music]
36334.24 -> so let's take a look at several services
36336.24 -> on aws and this is not including all of
36338.72 -> them because we're looking at the most
36340.64 -> purely serverless services uh if we try
36343.52 -> to include all the server services it
36345.36 -> would just be too long of a list
36347.436 -> but let's take a look here so
36349.36 -> before we do let's just redefine what is
36351.12 -> serverless so when the underlying
36352.56 -> servers infrastructure operating system
36354.16 -> is taken care by the csp serverless is
36356.64 -> generally by default highly available
36358.32 -> scalable cost effective you pay for what
36360.32 -> you use the first one is dynamodb which
36362.72 -> is a serverless nosql key value and
36364.96 -> document database it's designed to scale
36366.96 -> to billions of records with guaranteed
36368.88 -> consistent data returned in at least a
36370.88 -> second you do not have to worry about
36372.8 -> managing charge you have simple storage
36375.2 -> service s3 which is a serverless object
36377.276 -> storage service you can upload very
36379.276 -> large and unlimited amounts of files you
36381.756 -> can pay for what you store you don't
36383.52 -> worry about the underlying file system
36384.96 -> we're upgrading the disk size we have
36387.04 -> ecs fargate which is a servless
36388.88 -> orchestration container service is the
36391.04 -> same as ecs except you pay on demand per
36394.24 -> running container with ecs you have to
36396.56 -> keep a ec2 server running even if you
36399.36 -> have no containers running where aws
36401.04 -> manages the underlying server so you
36402.96 -> don't have to scale or upgrade the ec2
36405.436 -> server
36406.64 -> we have aws lambda which is a serverless
36408.48 -> function service you can run code
36410.72 -> without provisioning or managing servers
36412.64 -> you upload a small piece of code choose
36415.436 -> how much memory you want how long you
36417.276 -> want the function is allowed to run
36418.72 -> before timing out your charge based on
36420.8 -> the runtime of the service function
36422.32 -> rounded to the nearest 100 milliseconds
36424.96 -> we have step functions this is the state
36426.88 -> machine service
36428.56 -> it coordinates multiple services into
36431.276 -> serverless workflows easily share data
36433.68 -> among lambdas
36435.276 -> have a group of lambdas wait for each
36437.36 -> other create logical steps also work
36439.52 -> with fargate tasks we have aurora
36441.36 -> serverless this is a serverless
36442.72 -> on-demand version of aurora so when you
36444.96 -> want most of the benefits of aurora but
36447.52 -> trade you have to trade off those cold
36449.36 -> starts or you don't have lots of traffic
36451.12 -> or demand so things several services
36453.68 -> that we could have put in here as well
36454.96 -> is like api gateway appsync it was
36458.08 -> amplify um and those are like the the
36461.36 -> first two were application integrations
36463.52 -> you could say sqs sns those are all
36466.24 -> serverless services but you know again
36468.24 -> we'd be here all day if i i listed them
36470.32 -> all right
36474.16 -> [Music]
36475.596 -> all right let's take a look at what is
36477.596 -> serverless and we did look at it from a
36479.916 -> server perspective earlier in the course
36481.84 -> but let's just try to abstractly define
36483.756 -> it and talk about the architecture so
36485.52 -> serverless architecture generally
36487.436 -> describes fully managed cloud services
36489.84 -> and the classification of a cloud
36491.756 -> service being serverless is not a
36493.84 -> boolean answer it's it's not a yes or no
36496.64 -> but an answer on a scale where a cloud
36498.72 -> service has a degree of serverless and i
36500.56 -> do have to point out that this
36502.56 -> definition might not be accepted by um
36505.84 -> everybody because serverless is one of
36507.916 -> those uh terms
36509.596 -> where
36510.72 -> we've had a bunch of different cloud
36512.16 -> service providers define it differently
36514.24 -> and then we have thought leaders that
36515.68 -> have
36516.48 -> a particular concept of what it is so
36518.96 -> you know i just do my best to try to
36520.48 -> make this practical here for you but a
36522.64 -> servless service could have all or most
36525.68 -> of the following characteristics and so
36527.596 -> it could be highly elastic and scalable
36529.84 -> highly available highly durable secure
36532.32 -> by default it abstracts away the
36534.4 -> underlying infrastructure and are built
36536.32 -> based on the execution of your business
36538.56 -> tasks a lot of times that that cost is
36541.68 -> not
36542.56 -> uh it's not always represented as
36544.8 -> something that is like i'm paying x for
36547.436 -> compute it could be abstracted out into
36550.08 -> some kind of um credit that doesn't
36552.96 -> necessarily map to something physical
36555.04 -> then we have serverless can scale to
36556.64 -> zero meaning when it's not in use the
36559.12 -> serverless resources cost nothing uh and
36562.16 -> these two last topics basically pull
36564.56 -> into pay for value so you don't pay for
36566.8 -> idle servers you're paying for the value
36570.08 -> that your service provides
36572.8 -> and my friend daniel who runs the
36574.88 -> serverless toronto group he likes to
36576.72 -> describe serverless as being similar to
36578.72 -> like energy efficient rating so an
36581.2 -> analogy of service could be similar to
36582.8 -> energy rating labels which allows
36584.48 -> consumers to compare the energy
36586 -> efficiency of a product so some services
36588.48 -> are more serverless than others and
36590.88 -> again you know some people might not
36592.56 -> agree with that where there's a
36594.24 -> definitive yes or no answer but i think
36596.56 -> that's the best way to look at it okay
36598.64 -> [Music]
36602.96 -> hey it's andrew brown from exam pro and
36604.72 -> we're taking a look at windows on
36606.24 -> database so abs has multiple cloud
36608.08 -> services and tools to make it easy for
36609.916 -> you to run window workloads on aws so
36612.24 -> let's get to it so the first is windows
36614.48 -> servers on dc2 so you can select from a
36616.48 -> number of windows server versions
36617.916 -> including the latest version
36619.84 -> like windows server 2019
36622.24 -> for
36623.04 -> databases we have sql server on rds you
36625.36 -> can select from a number of sql server
36627.276 -> database versions then we have aws
36629.436 -> directory service which lets you run
36631.436 -> microsoft active directory ad as a
36633.84 -> managed service we have aws license
36636.08 -> manager which makes it easier to manage
36637.916 -> your software licenses from software
36640 -> vendors such as microsoft we have amazon
36642.64 -> fsx for windows file server which is a
36644.8 -> fully managed scalable storage built for
36647.52 -> windows we have the aws sdk which allows
36650.48 -> you to write code in your favorite
36651.756 -> language to interact with a database api
36653.276 -> but it specifically has support for net
36656.08 -> a language favorite for windows
36657.84 -> developers we have amazon workspaces so
36660.72 -> this allows you to run a virtual desktop
36662.56 -> you can launch a windows 10 desktop to
36664.56 -> provide secure and durable workstations
36667.12 -> that is accessible from wherever you
36669.12 -> have an internet connection about lambda
36671.36 -> supports powershell as a programming
36672.88 -> language to write your serverless
36674.4 -> functions and we have abs migration
36677.04 -> acceleration program map for
36679.276 -> windows is a migration methodology for
36681.916 -> moving large enterprises items has
36684.4 -> amazon partners that specialize in
36686.16 -> providing professional services for map
36688.16 -> this is not just
36689.916 -> everything for windows on aws like if
36692.08 -> you want to move your sql server over to
36695.68 -> rds postgres i believe they've like
36698.88 -> created an adapter to do that
36701.12 -> but yeah hopefully that gives you an
36702.32 -> idea what you can do with windows on aws
36704.32 -> okay
36704.97 -> [Music]
36709.276 -> hey this is andrew brown from exam pro
36710.88 -> and i want to show you how you can
36711.916 -> launch a windows server on aws so what
36715.2 -> you're going to do is go to the top here
36716.88 -> and we are going to type in ec2 and from
36719.756 -> here uh what we'll do is we'll go ahead
36722.48 -> and launch ourselves a new ec2 instance
36726.24 -> and we are going to have
36728.16 -> a selection of instances that we can
36730.4 -> launch and so we're looking for the
36732.24 -> microsoft
36733.436 -> windows
36734.64 -> server and this is interesting there's
36736.32 -> actually a free tier
36738.64 -> eligible that is crazy because if you go
36740.96 -> over to azure they don't have a free
36742.8 -> tier windows server like any bus does
36745.84 -> so that's pretty crazy um and it runs on
36748.24 -> a t2 micro no that can't be right
36751.52 -> there's no way
36753.04 -> it can run a tt micro that seems like
36754.72 -> that's too small
36756 -> let's try it okay i just don't believe
36758.24 -> it because when you use azure you have
36759.916 -> to choose a particular size of instance
36761.596 -> by default
36762.8 -> and it's a lot more expensive and there
36764.32 -> is no free tier
36765.68 -> so we'll go here
36767.36 -> there are free tiers just not really for
36768.96 -> windows in particular so we'll go here
36771.436 -> this looks good security groups this
36773.52 -> opens up rdp so we can get into that
36775.436 -> machine we're gonna go next here
36777.436 -> and launch this machine
36780.96 -> says if you plan to use ami the benefits
36783.2 -> the microsoft license mobility check out
36785.276 -> this form
36786.56 -> that's not something we're worried about
36787.756 -> today
36788.8 -> and
36790.24 -> i mean i guess we can create a key pair
36792.56 -> i'm not sure what it we would use a key
36794.24 -> pair for here
36796 -> um for windows amis the private key file
36798.16 -> is required to obtain the password used
36799.756 -> to log into the instance okay so i guess
36801.436 -> we're going to need it so
36803.68 -> windows key
36807.68 -> great we'll launch that instance
36810.48 -> and uh i'll see you back here when it
36812.56 -> launches but i just don't believe that
36814.16 -> it would launch that fast you know
36816.4 -> all right so after a short little wait
36818.24 -> here the server is ready and so let's
36820.72 -> see if we can actually go ahead and
36822.24 -> connect to this so i'm going to hit
36823.276 -> connect here
36824.4 -> and we'll go over to rdb client so you
36826.48 -> connect to your windows instance using
36828.4 -> your remote desktop client of your
36829.596 -> choice and downloading and running the
36831.04 -> rdb shortcut below so i'm going to go
36833.596 -> ahead and download this and you're going
36835.596 -> to have to be
36837.2 -> on a
36839.36 -> windows machine to be able to do this or
36840.72 -> have an rdb client installed i think
36842.48 -> there's one for mac that you can get
36843.596 -> from the apple store
36845.52 -> but all i'm going to do is just double
36847.596 -> click the file so you probably can't see
36851.36 -> it here i'm just going to expand this
36854.32 -> trying to
36855.276 -> oh my computer is being silly but anyway
36857.276 -> there we go we moved it over there i'm
36858.64 -> just going to drag over here and just
36860.56 -> double click this image so you can see
36862.08 -> that i'm doing it i'm saying connect
36865.2 -> okay
36866.96 -> and that's going to ask for a password
36868.88 -> so i'm going to hope that i can just
36870.4 -> click that and get the password so to
36872.48 -> decrypt the password you will need your
36874.56 -> key pair instance you'll have to upload
36876.48 -> that
36877.276 -> and i don't know if i remember having to
36878.56 -> do that before but it's a great security
36881.04 -> measure so i'm fine with it i'm going to
36882.96 -> drag my key to my desktop so i can see
36884.64 -> what's going on there as well
36888 -> and we're going to go grab that and
36889.436 -> decrypt the password
36891.436 -> and so now
36893.52 -> um
36895.276 -> where's our password oh it's right here
36896.8 -> okay so we're going to grab that
36898.32 -> password there
36900.88 -> we will paste that in
36903.04 -> said okay
36905.276 -> say yes
36906.88 -> and see if we can connect to this
36908.08 -> instance if this is running on a t2
36910 -> micro i'm going to lose it because that
36912 -> is just cheap
36918.56 -> it just just doesn't seem possible to me
36920.48 -> because again on azure you have to
36922.24 -> launch an instance with a lot of stuff
36924.08 -> and
36924.96 -> it just uh seems uh crazy what's also
36927.276 -> interesting is that itabus uh on windows
36929.756 -> like launches so fast it's unbelievable
36932.24 -> how fast these servers
36933.84 -> spin up and it's just very unusual but
36936.48 -> yeah so we are in here
36938.72 -> um
36941.36 -> it's not asking me to activate or
36942.96 -> anything so i guess there's already a
36944.56 -> windows license here
36948.08 -> and
36948.96 -> i'm not sure if there's any kind of like
36950.88 -> games installed like do we have
36952.96 -> minesweeper can i play minesweeper on
36954.72 -> here
36957.68 -> it's a data center server so i'm
36959.12 -> assuming not
36960.8 -> but yeah so this is a windows server and
36962.64 -> it's pretty impressive that this works
36964.32 -> i'm not sure if this is going to have an
36965.436 -> outbound connection here um just because
36967.436 -> we probably would have to configure it
36969.2 -> let's just say okay i just i really
36971.276 -> don't think it's going to go out to the
36972.8 -> internet by default
36978.48 -> yeah so you'd probably have to
36981.2 -> do some stuff you know
36986.16 -> oh no there we go so yeah we got to the
36987.84 -> internet so it's totally possible but uh
36990 -> yeah that's about it that's all i really
36992.08 -> wanted to show you so what i'm going to
36993.596 -> do is just go back to ec2 and we're
36995.68 -> going to shut down the server here just
36998.4 -> expand that there
37002.08 -> and we will go here and we will
37005.276 -> terminate that instance
37008.56 -> good we'll give that a refresh that's
37010 -> shutting down and we are done
37012.4 -> [Music]
37016.56 -> hey this is andrew brown from exam pro
37018.48 -> and we are taking a look at abyss
37020.16 -> license manager and before we do let's
37022.4 -> talk about what byol
37024.96 -> or bring your own license means so this
37026.64 -> is the process of reusing an existing
37028.56 -> software license to run vendor software
37030.8 -> on a cloud vendor's computing service
37032.72 -> byol allows companies to save money
37035.04 -> since they may have purchased the
37036.56 -> license in bulk or a time that provided
37038.72 -> a greater discount than if purchased
37040.4 -> again and so an example of this could be
37042.56 -> the license mobility provided by
37044.24 -> microsoft's volume licensing to
37045.916 -> customers with eligible server
37048 -> applications covered by the microsoft
37049.84 -> software assurance program uh and i
37052.08 -> don't know what i was trying to do there
37052.96 -> i guess maybe it was just sa and i
37054.16 -> missed the parentheses there on the end
37055.84 -> no big big deal
37057.596 -> but aws license manager is a service
37059.52 -> that makes it easier for you to manage
37061.916 -> your software licenses from software
37063.436 -> vendors centrally across aws in your
37065.52 -> on-premise environments able's license
37067.68 -> manager software that is licensed based
37070.08 -> on virtual cores
37072.16 -> physical cores sockets or a number of
37073.916 -> machines this includes a variety of
37075.596 -> software products for microsoft ibm sap
37078.48 -> oracle and other vendors so that's the
37080.32 -> idea you say what is my license type
37082.16 -> it's it's bound to this amount of cpus
37085.436 -> items license manager works with ec2
37087.52 -> with dedicated instances dedicated hosts
37089.68 -> and even spot instances and for rds
37092.4 -> there's only for oracle databases so you
37094.16 -> can import that license for your oracle
37096 -> server
37097.436 -> just understand that
37099.596 -> if you're doing microsoft windows
37101.276 -> servers or microsoft sql server license
37103.596 -> you're generally going to need a
37104.8 -> dedicated host because of the assurance
37107.04 -> program
37108.32 -> and this can really show up on your exam
37110 -> so even though ava's license manager
37111.84 -> works on dedicated instances and spot
37113.596 -> instances
37114.64 -> just trying to gravitate towards
37116.88 -> dedicated hosts on the server or on the
37119.2 -> exam okay
37120.42 -> [Music]
37124.64 -> all right let's take a look at the
37126 -> logging services that we have available
37128 -> in aws so the first one here is
37129.916 -> cloudtrail and this logs all api calls
37132.64 -> whether it's sdk or the cli so if it's
37135.12 -> making a call to the api it's going to
37136.48 -> get tracked between aws services and
37138.4 -> this is really useful to say who can we
37140.64 -> blame who was the person that did this
37142.8 -> so who created this bucket who spent up
37144.8 -> that expensive ec2 instance who launched
37146.88 -> the sagemaker notebook
37148.8 -> and the idea here is you can detect
37150.16 -> developer misconfigurations detect
37152 -> malicious actors or automate responses
37154.56 -> through the system then you have
37156.08 -> cloudwatch which is a collection of
37157.436 -> multiple services i commonly say this is
37159.436 -> like an umbrella service because it has
37160.96 -> so many things underneath it so we have
37162.96 -> cloudwatch logs which is a centralized
37164.72 -> place to store your cloud services log
37166.4 -> data and application logs metrics which
37168.8 -> represents a time ordered set of data
37170.72 -> points a variable to monitor
37173.52 -> event bridge or previously known as
37175.436 -> cloudwatch events triggers an event
37177.36 -> based on a condition so every hour take
37179.04 -> a snapshot of the server alarms triggers
37181.756 -> notifications based on metrics
37183.596 -> dashboards creates visualizations based
37185.276 -> on metrics and that's not all of the
37187.276 -> things that are under cloud watch but
37188.64 -> those are the core five ones you should
37190.4 -> always know um absolutely there then we
37193.436 -> have aws x-ray this is for distributed
37195.276 -> tracing systems so you can use it to
37196.88 -> pinpoint issues within your services so
37199.756 -> you see how data moves from one app to
37201.436 -> another how long it took to move and if
37203.68 -> it failed uh to move forward okay
37206.45 -> [Music]
37210.4 -> let's take a closer look here at ibis
37211.916 -> cloud trail because it's a very
37212.96 -> important service so it's a service that
37215.276 -> enables governance compliance
37216.8 -> operational auditing and risk auditing
37218.56 -> of your adwords account and the idea is
37220.24 -> that every time you make an api call
37221.916 -> it's going to show up as some kind of
37223.12 -> structured data that you can interact
37225.436 -> with or read through so this cloud trail
37227.52 -> is used to monitor api calls and actions
37229.68 -> made on the database account easily
37231.52 -> identify which users and accounts made
37233.36 -> the call to aws so you might have the
37235.52 -> where so the source ip address the when
37237.436 -> the event time the who the user agent
37240.72 -> and the what the region resource in
37242.8 -> action so i'm just gonna get my pen tool
37244.32 -> out here for a moment and just notice
37246.08 -> you have the event time so when it
37247.596 -> happened the source the name the region
37250.4 -> the source ip address the user agent uh
37252.88 -> who was doing it so here was laforge of
37255.04 -> the response element so you know it's
37256.64 -> very clear what is going on here
37258.88 -> um and then you know cloudtrail is
37260.72 -> already logging by default and we'll
37262.16 -> collect logs for the for the last 90
37264.08 -> days via event history if you need more
37266.24 -> than 90 days you need to create a trail
37268.16 -> which is very common you'll go into aws
37270.08 -> and make one right away trails are
37271.916 -> outputted to s3 and do not have gui like
37274.16 -> event history to analyze the trail you
37276.24 -> have to use amazon athena and i'm sure
37278.4 -> there are other ways to analyze it
37279.756 -> within aws but here's just what the
37282.08 -> event history looks like so right off
37283.68 -> the bat you can already see that there
37285.52 -> are information there i'm not sure if
37287.12 -> they've updated the ui there they might
37288.64 -> have uh
37289.68 -> as even when i'm recording this i kind
37291.36 -> of feel like if we go into the follow
37293.12 -> along which we will um i bet they might
37295.12 -> have updated that the idea here is that
37296.8 -> you know you can browse the last 90 days
37299.68 -> but anything outside of that you're
37301.04 -> gonna have to do a little bit of work
37301.916 -> yourself okay
37302.86 -> [Music]
37307.12 -> so we're not going to cover all the
37308.24 -> cloudwatch services there's just too
37309.596 -> many but let's look at the most
37310.8 -> important ones and one of the those
37312.4 -> important ones is cloudwatch alarms so
37314.64 -> cloudwatch alarms monitors a cloudwatch
37316.48 -> metric based on a defined threshold uh
37318.8 -> so here you can see there's kind of a
37320.16 -> condition being set there so if the
37321.596 -> networking is greater than 300 for one
37323.36 -> data point within five minutes it's
37325.276 -> going to breach an alarm so
37327.436 -> that's when it goes outside it's defined
37329.12 -> threshold and so the state's going to
37330.8 -> either be something like okay so the
37332.4 -> metric or expression is within the
37333.916 -> defined threshold so do nothing alarm
37336.16 -> the metric or expression is outside of
37337.84 -> the defined threshold so do something or
37339.84 -> insufficient data the alarm has just
37342 -> started the metric is not available not
37344 -> enough data is available and so when the
37346.32 -> state has changed you can define actions
37348.08 -> that it should take and so that could be
37350 -> doing a notification auto scaling group
37352.32 -> or an ec2 action um so cloudwatch alarms
37355.2 -> are really useful for a variety of
37356.56 -> reasons the one that we will come across
37358.24 -> right away will be setting up a billing
37359.84 -> alarm
37361.23 -> [Music]
37365.276 -> so let's take a look here at the
37366.24 -> autonomy of an alarm and so i have this
37368.16 -> nice graphic here to kind of explain
37370 -> that there and so the first thing is we
37371.52 -> have our threshold condition
37373.36 -> and so here you can just set a value and
37375.04 -> say okay the value is a thousand or a
37377.596 -> hundred whatever you want it to be and
37379.68 -> this is going to be
37380.88 -> for a particular metric the actual data
37382.88 -> we are measuring so maybe in this case
37384.8 -> we're measuring network in so the volume
37386.4 -> of incoming network traffic measured in
37388 -> bytes so when using five-minute
37389.68 -> monitoring divide by 300 we get bytes
37391.596 -> per second if you're trying to figure
37392.8 -> out that calculation there you have data
37394.8 -> points so these represent the metrics
37396.8 -> measurement at a given point then you
37398.72 -> have the period how often it checks to
37400.32 -> evaluate the alarm so we could say every
37402.24 -> five minutes
37403.52 -> uh you have the evaluation period so the
37405.2 -> number of previous periods and the data
37407.436 -> points to alarm so you can say one data
37409.596 -> point is breached in evaluation period
37411.756 -> going back four periods so this is what
37414.4 -> triggers the alarm
37415.756 -> uh the thing i just want you to know is
37417.2 -> that you can set a value right and that
37419.12 -> it's based on a particular metric and
37420.56 -> there is a bit of logic here in terms of
37423.436 -> the alarm so it's not as simple as just
37425.276 -> it's breached but there's this period
37427.12 -> thing happening okay
37428.55 -> [Music]
37432.56 -> well let's take a look at cloudwatch
37434.08 -> logs so to understand that we have logs
37436.4 -> streams and log groups so a log stream
37438.8 -> is a stream that represents a sequence
37441.12 -> of events from an application or
37442.88 -> instance being monitored so imagine you
37444.56 -> have an ec2 instance running a web
37446.64 -> application and you want those logs to
37448.48 -> be streamed to cloudwatch logs that's
37450.24 -> we're talking about here so you can
37451.916 -> create log streams manually but
37453.596 -> generally this is automatically done by
37454.96 -> the service you are using
37456.64 -> unless you were collecting application
37458.08 -> logs on an ec2 instance as i just
37459.596 -> described here is a log group of a
37461.756 -> lambda function you can see the log
37463.596 -> streams are named after the running
37465.2 -> instance lambda's free frequency run on
37467.276 -> new instances so the stream contains
37469.436 -> timestamps so what i'm trying to say
37471.276 -> here is that there's a variety of
37472.64 -> different services lambda rds what have
37475.84 -> you and they already send their logs to
37477.68 -> cloudwatch logs and and they're going to
37479.436 -> vary okay so here's a log group of an
37481.916 -> application log running on ec2 you can
37483.68 -> see here the log streams are named after
37485.36 -> the running instance id here is the log
37487.68 -> group for aws glue you can see the log
37489.52 -> streams are named after the glue jobs
37492.64 -> and so you know we have the streams but
37494.32 -> let's talk about the actual data that's
37495.596 -> made up of it the log events so this
37497.52 -> represents a single event in a log file
37499.436 -> log events can be seen within the log
37501.916 -> stream and so here's an example of you
37504.48 -> would open this up in cloudwatch logs
37506.56 -> and you can actually see what what was
37508.16 -> being reported back by your server you
37509.916 -> can filter these events to filter out
37511.916 -> logs based on simple or pattern matching
37514.32 -> syntax so here i'm just typing in saying
37516.24 -> give me all those debug stuff and you
37518.72 -> know this is a very robust but awes does
37520.48 -> have a better way of analyzing your logs
37522.4 -> which is log insights which we'll look
37523.84 -> at here in a moment
37525.09 -> [Music]
37529.04 -> so we're just looking at cloudwatch log
37531.12 -> events and how those are collected but
37532.56 -> there's an easier way to analyze them
37534.08 -> and that's with login sites so you can
37536.4 -> interactively search and analyze your
37537.756 -> cloudwatch log data and it has the
37539.36 -> following advantages more robust
37540.88 -> filtering than using the simple filter
37542.48 -> in the in a log stream less burdensome
37544.96 -> than having to export logs to s3 and
37546.88 -> analyze them via athena cloudwatch login
37549.12 -> site supports all types of logs so
37550.96 -> cloudwatch log insights is commonly used
37553.2 -> via the console to do ad-hoc queries
37555.04 -> against log groups
37556.96 -> so that's just kind of an example of
37558.88 -> someone writing a query
37560.8 -> and cloudwatch log insights uses a query
37562.72 -> syntax so a single request can query up
37565.52 -> to 20 logs create timeout after 50
37568.4 -> minutes if not completed
37570.32 -> and queries results are available for
37572.48 -> seven days so abras provides sample
37574.72 -> queries that you can get started for
37576.4 -> common tasks and and ease the learning
37578.88 -> into the query syntax a good example is
37580.72 -> filtering vpc flow logs so you go there
37582.88 -> you click it and you start getting some
37584.48 -> data you can create and save your own
37586.16 -> queries
37587.04 -> to make future repetitive tasks easier
37589.12 -> on the certified cloud partitioner
37590.32 -> they're not going to ask you all these
37591.36 -> details about this stuff but i just
37593.36 -> conceptually want you to understand that
37595.276 -> in log insights you can use it to
37597.68 -> robustly filter your logs based on this
37599.916 -> query syntax language you get this kind
37601.52 -> of visual and it's really really useful
37607.52 -> let's take a look here at cloudwatch
37608.72 -> matrix which represents a time ordered
37610.56 -> set of data points it's a variable that
37612.24 -> is monitored over time so cloudwatch
37614 -> comes with many predefined metrics that
37615.596 -> are generally namespaced by aw services
37618.16 -> uh so the idea is that like if we were
37620 -> to look at the ec2 it has these
37622.32 -> particular matrixes so that we have cpu
37624.24 -> utilization discrete ops disk write ops
37627.52 -> disk read bytes disk write bytes network
37630.24 -> in network out network packet in network
37633.596 -> packets out and the idea is that you can
37635.36 -> just like click there into ec2 and then
37637.916 -> kind of get that data there and so cloud
37640.32 -> metrics are leveraged by other things
37642 -> like cloudwatch events cloudwatch alarms
37644.4 -> cloudwatch dashboards so just understand
37646.32 -> that okay
37650.49 -> [Music]
37651.756 -> all right so what i want to do in this
37652.96 -> follow along is show you a bit about
37654.96 -> cloudtrail so we're going to go to the
37656.4 -> top here and type in cloudtrail the
37658.72 -> great thing about cloudtrail is it's
37660 -> already turned on by default so it's
37662 -> already kind of collecting some
37663.36 -> information and so it's here it says now
37665.916 -> use i am access analyzer on cloud trail
37668.4 -> trails that sounds pretty cool to me
37670.4 -> but we shouldn't have to create a trail
37672 -> right off the bat because we'll have
37673.2 -> some event history and the event history
37675.04 -> allows us to see
37676.4 -> things that are happening within our
37677.68 -> account in the last 90 days
37680.08 -> but the thing is if you want something
37681.36 -> beyond 90 days you're going to have to
37682.8 -> create a trail
37684.24 -> but if we just take a look here we can
37685.756 -> kind of see
37686.72 -> as we've been doing a lot of things all
37688.16 -> the kind of actions that's been
37689.276 -> happening so here we have an instance
37690.64 -> that i terminated so if i go in here and
37693.276 -> and look at it i can kind of see
37695.84 -> more information about it so we can see
37698.32 -> when it terminated who had done that
37700.96 -> what access key they had used the event
37702.88 -> source the request id
37705.756 -> the source ip what whether it was read
37708.24 -> only what was the event type that was
37710.16 -> called the resource there and this is
37712.4 -> the actual raw record so this is
37714.24 -> generally how i would look at it or this
37715.68 -> is how you had to look at it back in the
37717.12 -> day but the idea is that you would have
37719.756 -> that
37720.48 -> user identity described the event time
37722.24 -> the source the event name the region the
37723.84 -> source ip the the agent
37726.32 -> all the information there okay
37728.64 -> and so this is a great way to kind of
37730.24 -> find stuff so you can go through here
37732.48 -> and try to debug things this way so you
37734.16 -> can go to the event name
37735.916 -> and so if you if you go here you can
37737.596 -> kind of get
37738.96 -> uh see a bit of stuff here so
37741.04 -> if i was just trying to say like maybe
37742.32 -> create
37743.596 -> i'm just trying to find something that i
37744.8 -> know that i've been doing like create
37746.16 -> access keys i can see the access keys
37748.48 -> that have been created within this
37750.56 -> sandbox account here for the user and
37752.8 -> things like that so it's a great way to
37754.72 -> kind of find things but generally you're
37756.4 -> going to always want to turn on
37758.48 -> uh or create your own trail so if you go
37760.72 -> here and hit create trail say my new
37762.72 -> trail
37763.916 -> and um you're gonna need an s3 bucket
37766.16 -> for that you'll probably want encryption
37767.436 -> turned on
37769.2 -> which sounds good to me you'll
37770.72 -> absolutely want log file validation and
37773.2 -> generally you don't want to store your
37774.64 -> your cloudtrail logs within the existing
37777.12 -> account you want to have a isolated
37779.12 -> hardened account that's that is
37782.72 -> infrequently accessed or only by your
37785.12 -> your cloud security engineers
37787.276 -> away from here because you don't want
37788.64 -> people tampering with it deleting it or
37790 -> changing stuff
37791.36 -> but let's take an existing one here
37794.32 -> i don't want a customer manager don't i
37797.04 -> have one that is managed by aws here
37799.916 -> new custom
37803.36 -> um let's choose that one i don't know
37805.276 -> which one that is we'll just hit next
37806.88 -> usually adamus gives you a managed key
37808.48 -> there so i was kind of surprised
37810.32 -> you can also include additional data so
37812.32 -> if you do data events this would collect
37813.916 -> information from s3 but the thing is you
37816.96 -> might not want to track everything
37818.08 -> because if you track to everything it
37819.52 -> can get very expensive very quickly
37822 -> but if you don't you just leave on
37823.276 -> management events it'll save you more
37824.72 -> money there's inside events uh this is
37826.8 -> new i haven't seen this yet so i didn't
37828.4 -> identify unusual activity errors users
37830.8 -> of behavior that sounds really good but
37833.04 -> these could come also at additional
37834.56 -> charges but i'm going to hit next anyway
37836.08 -> for fun i'm going to create that trail
37839.04 -> okay
37841.436 -> and uh the key policy does not grant
37843.756 -> sufficient access to etc etc so i'm
37846.24 -> gonna go turn that off even though i
37847.756 -> should really have it turned on but i
37849.12 -> just want to be able to show you this
37852.32 -> okay so we have this new trail
37854.96 -> and so this trail is being dumped to s3
37857.52 -> so we might not be able to see anything
37859.596 -> in here as of yet but i'm just going to
37861.596 -> pop over here and just see
37863.52 -> right
37865.68 -> i probably have one in my other account
37867.04 -> but it's not
37869.36 -> it's not that important we basically saw
37870.88 -> what the data would look like so we go
37872.24 -> into here
37873.36 -> there's a digest i don't remember there
37874.8 -> being a digest so that's nice
37877.04 -> so there's no data yet but when there is
37878.96 -> it will pop into there
37881.276 -> um i'm not sure if we're gonna be able
37882.48 -> to do anything with insights here at
37883.68 -> least not in this account
37886.08 -> insights are events that are showing
37887.36 -> usual api activity and things like that
37889.36 -> so that's kind of cool i don't know what
37891.436 -> cloudwatch insights looks like
37895.84 -> uh inside events are shown in the table
37898.24 -> for 90 days okay so i'm just curious if
37901.36 -> we can see kind of a screenshot of what
37902.96 -> that looks like
37904.72 -> whoops
37906.24 -> well at least on the article here
37909.04 -> so i guess you could kind of get like
37910.08 -> some kind of graphs or something saying
37911.916 -> like hey
37913.04 -> this looks unusual and they might select
37914.72 -> it so
37915.68 -> not pretty clear in terms of what that
37917.436 -> looks like but i mean sounds like a cool
37919.12 -> feature and i'm sure when i i'm working
37921.436 -> on my security certification course i
37923.84 -> will definitely include them there but
37925.436 -> that's pretty much all there is to it
37927.2 -> i'm going to go ahead and delete
37929.84 -> that trail because i i just don't really
37931.68 -> need it in this account
37933.36 -> but generally you always want to go in
37935.36 -> and create a trail
37936.96 -> and what you can do is if you're in your
37938.4 -> root account i'm not this is actually a
37940.32 -> an account that's part of an
37941.36 -> organization but if you're at that
37943.12 -> organization level you can create a
37944.4 -> trail that ex that spans all the regions
37947.276 -> that spans all the interest accounts
37948.8 -> with an organization and that's what you
37950.4 -> should be doing okay
37951.916 -> but that's about it
37956.51 -> [Music]
37957.756 -> hey this is andrew brown from exam pro
37959.596 -> we're looking at ml and ai services on
37962 -> aws but let's first just define what is
37964.4 -> aiml and deep learning so ai also known
37968.32 -> as artificial intelligence is when
37969.916 -> machines that perform jobs that mimic
37971.756 -> human behavior
37973.12 -> ml or machine learning are machines that
37975.04 -> get better at a task without explicit
37976.8 -> programming
37978.16 -> and deep learning or dl are machines
37980.64 -> that are have an artificial neural
37982.56 -> network inspired by the human brain to
37984.24 -> solve complex problems and a lot of
37986.16 -> times you'll see this kind of onion
37987.84 -> where they're showing you that
37990 -> you know ai
37991.36 -> can be using ml or deep learning and
37993.596 -> then deep learning is definitely using
37995.12 -> machine learning but it's using neural
37996.96 -> networks and so for aws their flagship
37999.596 -> product here is amazon sagemaker it is a
38001.756 -> fully managed service to build train
38003.68 -> deploy machine learning models at scale
38006.08 -> um and there's a bunch of different kind
38007.756 -> of open source frameworks you can use
38009.04 -> with it like apache mx net audios which
38012.08 -> is an open source deep learning
38013.36 -> framework that is the one that it has
38014.96 -> decided to say hey we are going to back
38016.96 -> this one and so you'll see a lot of
38018.64 -> example code for that one we have
38020.56 -> tensorflow that you can use pie torch
38023.756 -> hugging face other things as well okay
38027.12 -> and so there's a lot of services
38029.596 -> underneath some that might be of
38031.12 -> interest to mention right away is like
38032.96 -> amazon sagemaker ground truth which is a
38035.12 -> data labeling service where you have
38037.2 -> humans that label a data set that will
38039.04 -> be used to train machine learning models
38040.8 -> or maybe something like amazon uh
38043.436 -> augmented ai so human intervention
38045.276 -> review services when sagemaker uses
38047.436 -> machine learning to make a prediction
38048.88 -> that is not confident that it has the
38051.2 -> right answer queue up to predict for a
38053.2 -> human review and these are all about
38054.96 -> just labeling data um you know when
38057.756 -> you're using supervised um
38060.4 -> supervised learning but there are a lot
38062.56 -> of services under sagemaker itself and
38064.56 -> just ai services in general so we'll
38066.32 -> look at that next okay
38070.8 -> [Music]
38072.16 -> all right let's take a look at all the
38073.596 -> ml and ai services and there's a lot on
38075.84 -> aws so the first is amazon code guru
38078.48 -> this is a machine learning code analysis
38080 -> service and code guru performs code
38081.916 -> reviews and will suggest to improve the
38084 -> code quality of your code it can show
38086.24 -> visual code profiles to show the
38087.596 -> internals of your code to pinpoint
38089.276 -> performance next we have amazon lux this
38092 -> is a conversation interface service with
38094.32 -> lux you can build voice and text chat
38096.32 -> bots
38097.276 -> we have amazon personalized this is a
38099.04 -> real-time recommendation service it's
38101.12 -> the same technology used to make product
38102.8 -> recommendations to customers shopping on
38104.48 -> the amazon platform
38106.32 -> then we have amazon poly this is a
38108.48 -> text-to-speech service upload your text
38110.8 -> and an audio file spoken by synthetic
38112.72 -> synthesize voice
38114.32 -> and that will be generated you have
38116.48 -> amazon recognition this is an image and
38119.436 -> video recognition service
38121.436 -> uh analyze image and videos to detect
38123.84 -> and label objects peoples and
38125.36 -> celebrities
38126.56 -> then we have amazon transcribe this is a
38128.8 -> speech to text service so you upload
38130.56 -> your audio and it'll be converted into
38132.72 -> text we have amazon text extract this is
38135.756 -> an ocr tool so it extracts text from
38138.56 -> scanned documents when you have paper
38141.2 -> forms and you want to digitally extract
38143.04 -> that data
38144.32 -> you have amazon translate this is a
38146.24 -> neural machine learning translation
38148.64 -> service so use deep learning module
38151.04 -> models to deliver more accurate and
38153.04 -> natural sounding translations
38155.36 -> we have amazon comprehend this is an nlp
38158.08 -> so natural language processing service
38160.8 -> find relationships between text to
38162.48 -> produce insights looks at data such as
38164.96 -> customer email support tickets social
38166.8 -> media and makes predictions
38169.436 -> then we have amazon forecasts this is a
38171.756 -> time series forecasting service and it's
38174.64 -> you know uh i mean technically i guess
38176.4 -> it's a bit of a database but the idea
38177.84 -> here is that it can forecast business
38179.52 -> outcomes such as product demand resource
38181.84 -> needs or financial uh performance and
38184 -> it's powered by ml or ai if you want to
38186 -> call it
38186.88 -> we have aws deep learning amis so these
38189.436 -> are amazon ec2 instances they're
38191.12 -> pre-installed with popular deep learning
38192.8 -> frameworks and interfaces such as
38194.24 -> tensorflow pytorch apache mxnet chainer
38198.72 -> gluon uh horovod and kires
38203.276 -> we have adabus deep learning containers
38205.04 -> so docker images instances pre-installed
38207.36 -> with popular deep learning frameworks
38209.68 -> interfaces such as tensorflow
38211.756 -> pytorch apache mxnet
38214.48 -> we have aws deep composer this is
38216.16 -> machine learning enabled musical
38217.756 -> keyboard i don't know many people using
38219.596 -> this but it sounds like fun it was steep
38221.52 -> lens is a video camera that uses deep
38223.276 -> learning it's more of like a learning
38224.64 -> tool so again we don't see many people
38226.16 -> using this airbus deep racer is a toy
38228.48 -> race car that can be powered with
38229.756 -> machine learning to perform autonomous
38231.12 -> driving again this is another learning
38232.88 -> tool for learning ml they like to do
38235.12 -> these at re invent to have like these
38236.48 -> racing competitions
38238.32 -> amazon elastic interface so this allows
38240.24 -> you to attach low-cost gpu perform
38242.64 -> powered acceleration to ec2 instances to
38245.04 -> reduce the cost of running deep learning
38246.56 -> interfaces by 75 percent we have amazon
38250 -> fraud detector so this is a fully
38251.436 -> managed fraud detection as a service uh
38254.32 -> it identifies potentially fraudulent
38256.56 -> online activities such as online payment
38258.24 -> fraud and the creation of fake accounts
38260.32 -> amazon kendra so this is an enterprise
38262.24 -> machine learning search engine service
38264.64 -> it uses natural language to suggest
38266.64 -> answers to questions instead of just
38268.16 -> simple keyword matching so there you go
38270.84 -> [Music]
38275.04 -> hey it's andrew brown from exam pro and
38276.8 -> we're going to do a quick review here of
38278.48 -> the big data and analytic services that
38280.72 -> are on aws but before we do let's just
38282.96 -> define what big data is so it's a term
38285.596 -> used to describe massive volumes of
38287.68 -> structured or unstructured data that is
38290 -> so large it is difficult to move and
38292.24 -> process using traditional database and
38294.96 -> software techniques so the first tier we
38297.36 -> have is amazon athena this is a
38299.436 -> serverless interactive
38300.96 -> query service it can take a bunch of csv
38304.08 -> or json files in an s3 bucket and load
38306.72 -> them into a temporary sql table and so
38309.2 -> you can run sql queries so it's one you
38311.52 -> want to query
38312.88 -> csv or json files if you've ever heard
38315.52 -> of apache presto it's basically that
38318.16 -> okay
38319.2 -> then we have amazon cloud search so this
38321.12 -> is a fully managed full text search
38322.96 -> service so when you want to add search
38325.276 -> to your website
38326.64 -> we have amazon elastic search service
38329.436 -> commonly abbreviated to es
38331.756 -> and this is a manage elastic
38332.8 -> elasticsearch cluster and elasticsearch
38335.2 -> is an open source full-text search
38337.04 -> engine it is more robust than cloud
38338.8 -> search but requires more server and
38340.48 -> operational maintenance
38342.16 -> then we have amazon elastic mapreduce
38344.48 -> commonly known as emr
38346.72 -> and this is for data processing and
38348.32 -> analysis it can be used for creating
38350.08 -> reports just like redshift but is more
38352.32 -> suited when you need to transform
38353.596 -> unstructured data into structured data
38355.36 -> on the fly and it leverages open source
38358.08 -> um technology so like spark
38360.72 -> um hive pig things like that
38364.32 -> then we have kinesis data stream so this
38366.08 -> is a real time streaming data service it
38368.48 -> creates producers which sends data to a
38370.8 -> stream it has multiple consumers that
38372.96 -> can consume data within a stream and use
38375.84 -> it for real-time analytics click streams
38377.84 -> ingestion data from a fleet of iot
38380.08 -> devices
38381.68 -> then we have kinesis fire hose this is a
38384.16 -> serverless and a simple version of a
38386.16 -> data stream
38387.52 -> and you pay on demand based on how much
38389.756 -> data is consumed through the stream and
38391.436 -> you don't worry about the underlying
38392.88 -> servers
38394.4 -> then you have amazon kinesis data
38396.08 -> analytics
38397.2 -> this allows you to run queries against
38399.04 -> data that is flowing through your
38400.24 -> real-time stream so you can create
38401.68 -> reports and analysis on emerging data
38404.4 -> and last on the kinesis side here we
38406.72 -> have amazon kinesis video streams this
38408.8 -> allows you to analyze or apply
38410.56 -> processing on real-time streaming videos
38412.96 -> on the second page here we have managed
38415.436 -> kafka service msk
38418.08 -> and it might be mks
38420.24 -> now that i'm looking at it here so
38422.32 -> just be aware that that might be
38423.68 -> incorrect but a fully managed apache
38426 -> kafka service kafka is an open source
38428.24 -> platform for building real-time
38429.596 -> streaming data pipelines and
38431.36 -> applications it is similar to kinesis
38433.2 -> but with more robust functionality
38435.36 -> then we have redshift which is um
38438.16 -> it was this flagship
38440.16 -> big data tool it's a petabyte size data
38443.04 -> warehouse the data warehouses are for
38445.436 -> online
38446.56 -> uh online analytical processing olap so
38449.52 -> data warehouses can be expensive because
38451.36 -> they are keeping data hot meaning that
38452.88 -> we can run a very complex query and a
38454.96 -> large amount of data and get that data
38456.48 -> back very fast but this is great when
38458.16 -> you need to quickly generate analytics
38459.756 -> or reports from a large amount of data
38461.596 -> we have amazon quick site this is a
38463.36 -> business intelligence tool or business
38465.52 -> intelligence dashboard bi for short you
38467.84 -> can use it to create business dashboards
38469.36 -> to power business decisions it requires
38471.36 -> little to no programming and connect and
38473.52 -> adjust to many different types of
38474.8 -> databases have you ever heard of tableau
38476.96 -> or power bi this is just the aws
38478.72 -> equivalent
38480.16 -> we have aw data pipelines this automates
38482.8 -> the movement of data you can reliably
38484.88 -> move data between compute storage and
38486.48 -> services
38487.756 -> we have abs glue this is an etl service
38490.72 -> so it allows you to move data from one
38492.48 -> location another where you need to
38493.84 -> perform transformations before the final
38495.596 -> destination it's similar similar to dms
38498 -> but it's more robust
38499.68 -> we have abus lake formation this is a
38502.16 -> centralized curated and secured
38504.08 -> repository that stores all your data so
38506.08 -> it's a data lake it is a storage
38507.84 -> repository that holds a vast amount of
38509.276 -> raw data in its native format until it
38511.436 -> is needed and then last on here we have
38513.436 -> aws data exchange this is a catalog of
38515.36 -> third-party data sets you can download
38517.276 -> for free
38518.56 -> or subscribe or purchase data sets so
38520.88 -> they might have like the kovid 19 foot
38522.96 -> traffic data the imdb tv movie data
38525.52 -> historical weather data and sometimes
38527.436 -> this is really great if you're just
38528.32 -> trying to learn how to work with these
38529.756 -> tools okay
38530.87 -> [Music]
38535.04 -> hey this is andrew brown from exam pro
38536.8 -> and we are taking a look here at amazon
38538.48 -> quick site which is a business
38539.756 -> intelligence dashboard or bi dashboard
38541.68 -> that allows you to ingest data from
38543.116 -> various database storage or database
38544.96 -> services to quickly visualize business
38546.64 -> data with minimal programming or data
38548.88 -> formula knowledge so here's an example
38551.52 -> of a quick site dashboard
38554.48 -> and so the way quicksite is able to make
38556.88 -> these dashboards super fast is via spice
38559.04 -> the super fast parallel in memory
38560.72 -> calculation engine
38562.72 -> and the thing is you don't have to use
38564.56 -> spice but generally it is good to use it
38567.84 -> and there are some caveats when getting
38569.2 -> your data into quicksite sometimes it
38571.276 -> can't ingest it directly from a
38573.116 -> particular data store so you might have
38575.2 -> to dump it to s3 first but it's not too
38577.596 -> bad because you can use it with glue to
38579.04 -> transform that data over um there are
38581.52 -> additional features sometimes marketed
38583.04 -> services but we have quick site ml
38585.2 -> insights this detects anomalies perform
38587.36 -> accurate forecasting it can generate
38589.596 -> natural language narratives so basically
38591.36 -> like
38592.08 -> you know describe it as if you're going
38593.36 -> to read it out as a business report you
38595.52 -> know then there's amazon quick site
38597.52 -> queue this allows you to ask questions
38599.276 -> using natural language on all your data
38600.88 -> and receive answers in seconds so there
38603.2 -> you go
38603.91 -> [Music]
38607.916 -> hey this is andrew brown from exam pro
38609.68 -> and let's go take a look at amazon quick
38611.84 -> sites which is a or quick site which is
38614.96 -> a business intelligence tool so when you
38616.88 -> go here you have to sign up because it's
38619.756 -> kind of part of aws but on its own
38622.48 -> separate thing and then you have to
38624 -> choose what you want so we have
38625.04 -> enterprise and standard
38626.96 -> um i do not want to pay that much so i'm
38630.16 -> going to go to standard over here i'm
38632.16 -> not really sure what the difference is
38633.436 -> it's not really telling me what
38636.08 -> between standard and enterprise
38639.116 -> but i'm going to assume standard is more
38641.04 -> cost effective but here we it says
38643.68 -> user use i am federator identities which
38646.8 -> is fine use i am federal identities only
38650.32 -> um we can stick with the top one there
38653.116 -> that seems fine to me
38654.96 -> we need to enter a name so we'll just
38656.48 -> say
38657.36 -> my quick site
38659.276 -> account
38661.916 -> and we probably have to fill something
38663.436 -> in there so let's say andrew example co
38665.52 -> and these are the services that are
38666.72 -> going to integrate with athena s3 rds
38669.52 -> things like that i guess we could select
38670.88 -> some of those buckets i'm not too
38672.24 -> worried about doing that right now the
38673.596 -> provided account name is not available
38675.596 -> that is a terrible ui but that's
38677.916 -> aws for you so i'm just going to dump
38679.52 -> some numbers there
38681.116 -> i'm going to put my email in here again
38684.64 -> um we probably want some s3 buckets
38687.68 -> i'm going to
38690.88 -> make a new bucket
38692.96 -> because i think that's how we're going
38693.916 -> to do this we're going to have to make a
38695.2 -> bucket here and say
38696.88 -> quick cite
38698.96 -> data
38700.96 -> okay
38702.32 -> and we're gonna create ourselves a
38703.36 -> bucket here
38704.96 -> i'm gonna go back and hopefully that
38706.64 -> shows up
38709.52 -> uh
38710.4 -> it does not so what i'll have to do is
38712 -> just back out
38715.116 -> and i'm just gonna give it a hard
38716.4 -> refresh here and we'll hit quick sign up
38718.24 -> for quick site again
38720.08 -> and we'll choose standard
38722.24 -> and we'll say my quick site account a
38725.36 -> bunch of numbers there
38727.04 -> android example.co i don't really care
38729.276 -> about ingesting data from everywhere
38730.48 -> else i just want it from s3
38733.04 -> there's my data
38735.596 -> sure we'll give it right permissions
38736.96 -> even though i don't plan to do anything
38738.08 -> with athena here today
38745.36 -> and we'll give it a moment to load
38750.72 -> so what i'm thinking is
38756.4 -> so what i'm thinking is just making like
38757.84 -> an excel spreadsheet here
38759.916 -> and just filling in some data so
38762.4 -> oh it says our account is set up here so
38764 -> we'll go to quick site
38765.756 -> because i bet i can import like a csv or
38767.596 -> something
38769.756 -> um i'm more of a tableau or power bi
38771.916 -> kind of person um but uh you know for
38774.48 -> the purpose of the cloud practitioner i
38775.916 -> am going to show you this amazon quick
38777.756 -> set lets you easily visualize data and
38779.916 -> etc that sounds great next next next i
38782.24 -> know what i'm doing
38783.68 -> oh do we have some examples great so i
38785.276 -> don't even have to make a spreadsheet
38786.48 -> okay so what we'll do is just click on
38788.24 -> that
38791.756 -> and we have stuff it looks like they've
38793.916 -> really improved this since the last time
38795.276 -> i've seen it which is quite nice
38799.52 -> but i could try and make my own
38804.72 -> i'm just trying to think how do we do
38806.32 -> this again
38809.116 -> yeah we have the spice there so it's a
38810.4 -> lot easier from starting from scratch
38811.916 -> i'm just gonna say close
38813.68 -> and
38814.12 -> [Music]
38815.596 -> these are analysis we want data sets in
38817.84 -> here
38818.88 -> oh we already have some data sets these
38820.96 -> are coming from s3 i think that's the
38822.72 -> old s3 logo i'm not sure why they're
38824.24 -> using that one
38825.436 -> we can go here and create a new data set
38826.96 -> oh we can upload directly so i don't
38828.32 -> even have to use s3 that's great so what
38830.16 -> i'm going to do is just have some values
38832.24 -> in here so i'm going to just say um
38838.24 -> type
38839.276 -> value
38840.56 -> so we'll say banana
38842.64 -> 125 123 we'll say apple
38846.48 -> 11
38848.08 -> orange
38850.08 -> nobody likes oranges
38852.64 -> i shouldn't say i'm sure it's like lots
38853.84 -> of people like oranges
38856 -> oh we gotta put pears on there
38859.116 -> i actually really like paris people
38860.32 -> think i like bananas which is not true i
38862.56 -> actually like pears
38864.32 -> that's what i like so i'm going to go
38866.08 -> ahead and save this save as
38870.16 -> and i'm just going to save this to my
38872.08 -> desktop here so just give me a moment
38873.756 -> just doing this off screen
38878 -> and i'm going to save this uh data set
38881.2 -> quick site
38883.116 -> csv it can even take an xls so i don't
38885.916 -> have to save it as a uh
38887.916 -> i'll just save it as an xls
38890.48 -> okay and so we're going to just upload
38891.916 -> that so there is that data set
38895.68 -> it's going to scan that file it's going
38897.52 -> to see that sheet
38899.36 -> you can even preview it
38902.24 -> there's the information we're going to
38903.68 -> add that data
38906.48 -> i get added as a data data set
38911.436 -> well how do i
38913.2 -> where do i it's like it says add the
38915.436 -> data i just want to add it as a data set
38917.52 -> so they set up here maybe save and
38918.96 -> visualize
38920.4 -> up here and is it autographing it
38924.8 -> maybe if i drag in is it working is it
38927.116 -> thinking okay it's 100
38929.916 -> so i'm going to just drag that onto
38931.2 -> there
38934 -> and
38934.8 -> it says pear orange banana
38939.2 -> just kind of trying to make sense of
38940.56 -> this here is it taking in count the
38942.64 -> value maybe put the value down there
38945.04 -> wow that's so much easier i haven't used
38947.276 -> this for like a year and um i'm gonna
38949.276 -> tell you this has gotten a lot easier to
38951.04 -> use so i'm quite impressed with this but
38953.2 -> yeah i mean this is pretty much what
38954.8 -> quicksite is if you want to visualize
38956.56 -> things in different types you can drag
38957.916 -> them out you can probably like click on
38960.32 -> the wheel here and change it
38962.72 -> again i'm not sure
38965.04 -> exactly how all the
38967.436 -> uh the dials and knobs work here but i
38969.916 -> mean another thing we could do is just
38971.36 -> drag out like another object and do the
38972.8 -> same thing so maybe i'd want a pie chart
38975.916 -> um so
38978.72 -> add a visual
38981.436 -> yeah it's not as nice as power bi but
38983.436 -> like it's still great that it's here you
38984.96 -> know type
38986.4 -> value
38988.4 -> so we got a nice pie chart there
38991.36 -> uh let's try something weird
38993.596 -> let's give this one a go
38996.4 -> doesn't color it which is not very nice
38998.16 -> um there's probably some kind of way to
38999.52 -> color it but
39001.36 -> focus on banana only
39003.52 -> i don't know i don't know the point of
39004.8 -> there but anyway that's quick site so
39007.116 -> um i really don't want to pay for this
39008.56 -> so what i'm going to do
39010.56 -> is go up here
39012.72 -> um there's you have to deactivate i'm
39014.24 -> just trying to remember how
39016.8 -> because they change the interface again
39018.48 -> they change everything on you
39021.52 -> so there we go i'm on a trial for four
39023.84 -> days here maybe
39025.596 -> quantity four just the four 29 day trial
39028.72 -> so if i want to get out of this trial
39030.64 -> what do i do
39032.48 -> i don't
39033.596 -> want to use it anymore
39035.436 -> um so
39038 -> how to delete
39039.756 -> aws quicksite
39043.2 -> canceling your subscription
39045.04 -> so before you can unsubscribe uh you're
39047.436 -> assigned in the im account
39049.52 -> your quick site administrator you're the
39051.36 -> root i am administrator sure
39053.84 -> you deleted any secondary namespaces to
39056.4 -> find the existing namespace etc so
39059.116 -> choose your username in the application
39060.64 -> bar to quick site account settings
39062.88 -> unsubscribe
39064.32 -> so i was almost there i thought i was in
39066.8 -> the right place
39070 -> uh this one no
39073.116 -> i was just there
39076.4 -> manage quick site
39078.96 -> your subscriptions
39082.08 -> edit
39084.32 -> there's no unsubscribe option
39086.8 -> so i'm not sure
39089.436 -> can i cancel
39095.276 -> unsubscribe
39100.08 -> button does not
39101.596 -> appear in quick site
39116.32 -> okay just because we're on trial and so
39118.08 -> maybe after the end of the trial it will
39119.756 -> uh it will vanish there
39123.436 -> they are not making this easy for me
39125.68 -> account settings ah delete accounts this
39127.52 -> is what we probably want to do
39128.48 -> permanently delete the account yes
39131.2 -> i mean that has to get rid of the
39132.72 -> description because it gets rid of
39133.916 -> everything
39135.36 -> there we go
39137.756 -> we'll say confirm
39140.32 -> delete account
39143.116 -> unless you're using them in the services
39145.2 -> blah blah blah
39147.596 -> successful okay great so now i should go
39149.756 -> back
39150.8 -> to adress.amazon.com and just to confirm
39153.116 -> that it's gone
39154.88 -> i'm going to
39156.88 -> go to quicksite again and just see if
39159.276 -> it's trying to ask me to
39161.36 -> sign up again so it is so i've gotten
39162.8 -> rid of my account so we're all in good
39164.08 -> shape and uh yeah that is that is quick
39166.16 -> site
39166.94 -> [Music]
39171.436 -> hey this is andrew brown from exam pro
39173.276 -> and we are taking a look at the aws well
39175.52 -> architecture framework so this is a
39177.04 -> white paper created by aws to help
39179.04 -> customers build using best practices
39181.276 -> defined by aws you can find this at
39184.116 -> adabus.amazon.com forward slash
39185.68 -> architecture forward slash well
39187.436 -> architected this idea is not unique to
39189.436 -> aws the other providers have it but i
39191.276 -> believe aimbots was the first one to
39193.276 -> define this and they have a really good
39195.596 -> uh a good approach to this and this is
39198.56 -> pretty much essential knowledge that you
39200.32 -> have to have four certifications when
39202.64 -> we're looking at the cloud practitioner
39204.08 -> the system architect associate and
39205.36 -> professional
39206.48 -> because
39207.36 -> there's a lot of principles here best
39209.04 -> practices that adabus uses themselves to
39211.36 -> architect their infrastructure okay so
39213.68 -> the framework is divided into five
39215.276 -> sections called pillars which address
39217.52 -> different aspects or lenses that can be
39219.52 -> applied to a cloud workload so imagine
39222.48 -> you have your cloud workload you're
39223.84 -> going to want to adopt that as well
39225.2 -> architect framework some things that you
39227.04 -> know people don't consider outside the
39228.8 -> five pillars is that you need to know
39230.4 -> general definitions uh general design
39232.72 -> principles and the review process
39235.116 -> and then from there you have your five
39236.72 -> pillars so you have operational
39237.916 -> excellence security reliability
39240.08 -> performance efficiency and cost
39242 -> optimization and all these have major
39244 -> sections in this white paper but outside
39247.36 -> of just the main white paper each of
39249.276 -> these have their own white papers that
39251.116 -> go even into farther detail so if you
39253.116 -> really want to
39254.32 -> really focus on security and get a lot
39256.32 -> more information they have that as well
39258.24 -> okay
39259.21 -> [Music]
39263.68 -> let's take a look at the general
39265.04 -> definitions for the well architecture
39266.72 -> framework starting with the pillars so
39268.48 -> the operational excellent pillar is
39270.56 -> there to run and monitor systems the
39272.72 -> security pillar is to protect data and
39274.72 -> systems to mitigate risk the reliability
39277.52 -> pillar is to mitigate and recover from
39280.32 -> disruptions the performance efficiency
39282.4 -> pillar is about using computing
39284.32 -> resources efficiently or effectively and
39287.2 -> the cost optimization pillar is about
39289.116 -> getting the lowest price and this is
39290.88 -> where you're going to find all the
39292 -> business value and i put an asterisk
39293.916 -> there because
39295.36 -> you know you might obsess saying we need
39297.116 -> to meet the requirements for all these
39298.64 -> pillars and that's not the case you can
39300.24 -> trade off pillars based on the business
39302.56 -> context so you know don't take it as
39305.52 -> literally implement every single thing
39307.52 -> but just consider that uh you know you
39309.36 -> might have to adapt it based on your
39311.04 -> workloads then we have some general
39312.88 -> definitions that we will come across so
39314.4 -> there's components so code configuration
39316.32 -> it was resources against a requirement a
39318.56 -> workload so a set of components that
39320.48 -> work together to deliver business value
39322.8 -> milestones so key changes of your
39324.8 -> architecture through the product
39326.08 -> lifecycle
39327.2 -> then there's architecture itself so how
39328.88 -> components work together in a workload
39331.116 -> and then we have technology portfolio so
39333.36 -> a collection of workloads required for
39335.68 -> the business to operate okay
39337.93 -> [Music]
39342.8 -> so the well architected framework is
39344.48 -> designed around a different kind of team
39346.64 -> structure so when you're looking at
39348.48 -> enterprises they generally have a
39350.08 -> centralized team with specific roles
39352.8 -> where adabas structures their teams as
39354.88 -> being distributed with flexible roles
39357.436 -> and so this new kind of methodology of
39359.276 -> distributed teams uh has some major
39361.84 -> advantages but it does come with some
39363.2 -> risks and so aws has baked in some uh
39365.84 -> practices or uh things that they do to
39368 -> mitigate these issues okay so let's
39369.84 -> compare on-premise enterprise uh to what
39372.56 -> abuse is proposing for your team
39374.4 -> structure so on-premise what we'd see is
39376.8 -> a centralized team consisting of
39378.48 -> technical architects solution architects
39381.2 -> data architects network architects
39383.596 -> security architects and you kind of see
39385.2 -> that they all have a specialized
39386.8 -> vertical and they are usually managed by
39389.2 -> either
39390.08 -> togaf or
39392.16 -> zac
39392.96 -> uh man framework so those are just ways
39394.8 -> of structuring your teams those are very
39396.24 -> popular and so what a bus is proposing
39398.16 -> here is that you have a distributed team
39400.16 -> and the way you're going to make that
39402.48 -> team work because obviously just
39403.68 -> thinking about a distributed team
39404.72 -> they're going to be a lot more agile but
39406.32 -> to make sure that they effectively work
39408.32 -> you have practices like team experts who
39410.08 -> raise the bar
39411.36 -> making sure that you know in any areas
39413.52 -> we can always say how can we do this
39414.88 -> better
39415.68 -> then there are mechanisms in place for
39417.68 -> automated checks for standards so that's
39419.2 -> the great thing about cloud can all be
39420.32 -> automated to say hey does it meet our
39422.4 -> regulatory compliance or what have you
39424.72 -> and then there's the concept of the
39426.08 -> amazon leadership principles which we
39428.56 -> will cover on in the next slide in
39430 -> detail and so um you know itabus is not
39432.96 -> obviously using uh these other
39434.72 -> frameworks because it has its own which
39436.24 -> is this one here but the mechanism to
39439.116 -> which they stay organized and up to date
39441.2 -> is they are supported by a virtual
39442.88 -> community of subject matter experts
39445.04 -> principal engineers so that what they'll
39446.8 -> do is they'll engineer things like
39447.916 -> lunchtime talks and then recycle that
39449.68 -> into their onboarding material or into
39451.68 -> this framework itself okay
39454.18 -> [Music]
39459.2 -> so we're taking a look here at amazon's
39460.96 -> leadership principles and these are a
39462.56 -> set of principles used during the
39463.916 -> company's decision making problem
39465.84 -> solving simple brainstorming and hiring
39468.4 -> all right um and so i can't say that i
39470.56 -> like all of these but uh definitely some
39472.48 -> of them really stand out as being great
39474 -> especially the first one which is
39475.2 -> customer obsession so instead of
39477.36 -> worrying about what your competitors are
39478.56 -> doing think about what the customer
39479.84 -> wants work your way back and you know
39482.24 -> really focus on the customers needs then
39484.48 -> there's ownership so if you're going to
39485.596 -> go do something you know try to be your
39487.36 -> own mini boss uh and take responsibility
39490.32 -> for whatever it is you're building event
39492.08 -> and simplify so you know always look for
39494.4 -> the simplest solution don't try to
39495.84 -> engineer something super complicated if
39497.68 -> it's not necessary
39499.2 -> are right a lot so you know try to
39501.756 -> be right uh learn and be curious so
39504.16 -> that's pretty self-explanatory hire and
39506.72 -> develop the best insist on the high
39508.72 -> standards aws always refers to this as
39510.56 -> raising the bar think big bias for
39512.96 -> action frugality and abuse is really
39515.436 -> frugal if you didn't know that but not
39517.436 -> just for like themselves but also for
39519.2 -> their customers they want customers to
39521.36 -> spend the least amount of money possible
39523.116 -> when using their infrastructure earn
39525.116 -> trust
39526.16 -> dive deep have a backbone disagree and
39528.32 -> commit deliver results strive to be the
39530.64 -> earth's best employer success and scale
39533.276 -> bring broad responsibility and if you
39535.436 -> want to read these in detail because
39536.64 -> they have a big block of text for each
39538.08 -> of these
39538.96 -> you can go to amazon.jobs
39541.52 -> for en forward slash principles and read
39543.52 -> all about it okay
39544.89 -> [Music]
39549.916 -> all right let's talk about some general
39551.36 -> design principles that you should be
39553.2 -> considering when you are designing your
39555.276 -> infrastructure no matter what pillar
39556.88 -> that you are looking to adopt the first
39558.88 -> is stop guessing your capacity needs so
39560.64 -> the great thing with cloud computing is
39562 -> you use as little or much based on
39563.84 -> demand whereas on premise you would have
39566.08 -> to purchase a machine and you'd have to
39568.24 -> make sure you have additional capacity
39570.16 -> so that you could grow into it right and
39572.16 -> so here with uh cloud you do not have to
39574.16 -> worry about that
39575.436 -> test systems at production scale so be
39577.276 -> able to clone your production
39578.48 -> environment to testing tear down testing
39580.8 -> while not in use to save money so a lot
39582.96 -> of people will have a staging server
39584.32 -> that they run all the time but the great
39586.24 -> thing here is that with cloud you know
39588 -> it's you can just spin it up and have it
39590 -> right away and then tear it down and
39591.116 -> save money
39592.48 -> there's automating to make architectural
39594.48 -> experimentation easier this is talking
39596.4 -> about using infrastructure as a code so
39598.32 -> for aws it should be using cloud
39599.68 -> formation creating change sets which
39601.52 -> kind of um uh say exactly what is going
39604.08 -> to change stack updates drift detection
39606.08 -> to see if your stuff is
39608.08 -> being changed over time by developers
39609.84 -> through manual configuration things like
39611.52 -> that then we have allow for evolutionary
39613.756 -> architectures so this is about adapting
39616 -> ci cd um doing nightly releases or if
39619.596 -> you're using serverless if you adopted
39621.52 -> lambdas they deprecate over time forcing
39623.84 -> you to use the latest version
39626.08 -> and so that is evolutionary
39628 -> architectures then we have drive
39629.916 -> architectures using data so um when
39632.64 -> you're using cloud there's a lot of
39634 -> tooling in there to automatically start
39635.596 -> collecting data so cloudwatch will be
39637.68 -> collecting some things by default and
39639.596 -> cloudtrail will as well so you know that
39642.48 -> is another thing and then improving
39644.72 -> things through game day so this is about
39646.32 -> simulating traffic on production or
39647.84 -> purposely killing ec2 instances or or
39650.16 -> messing with your services to see how
39651.756 -> well they recover all right
39654.35 -> [Music]
39659.2 -> before we jump into each of the pillars
39661.2 -> let's go open them up and take a look at
39663.276 -> what structure we should expect to see
39665.84 -> so we have design principles definition
39667.84 -> best practices and resources all the
39669.596 -> pillars follow this to a t so let's just
39672.48 -> talk about what these are so the design
39673.916 -> principles are a list of design
39675.68 -> principles that needs to be considered
39677.84 -> during implementation and that's where
39679.436 -> we're going to focus a lot of our energy
39681.36 -> then you have definition so this is an
39683.36 -> overview of the best practice categories
39685.52 -> then you have the best practices
39686.88 -> themselves these are detailed
39688.4 -> information about each practice with
39690.8 -> various aws services and then you have
39692.72 -> resources these are additional
39694 -> documentation white papers
39696 -> and videos to implement this pillar and
39698.64 -> i just want to tell you that if you're
39699.916 -> doing the certified cloud practitioner
39701.68 -> we're really just going to cover the
39702.72 -> design principles but for the solutions
39704.96 -> architect associate or anything uh
39707.04 -> that's associated or above that's we're
39708.64 -> gonna actually dive deep into the
39710.64 -> implementation of the best practices
39712.4 -> because there is a lot of stuff there so
39714.88 -> yeah there we go
39719.33 -> [Music]
39720.64 -> let's take a look here at the design
39721.756 -> principles for operational excellence so
39724 -> the first here is perform operations as
39726.16 -> code supply the same engineering
39727.756 -> discipline you would to application code
39730 -> to your infrastructure so by training
39732.24 -> your operations as code you can limit
39734.64 -> human error and enable consistent
39736.56 -> responses to events generally we're
39738.08 -> talking about infrastructure
39739.116 -> infrastructure as a code here so this
39740.48 -> would probably be like things like cloud
39741.596 -> formation there's other things you could
39742.96 -> do like policy as a code and a bunch of
39744.72 -> other ones then we have make frequent
39746.8 -> small reversible changes so design your
39748.96 -> workloads to allow components to be
39751.276 -> updated regularly uh this could be
39753.68 -> talking about doing rollbacks
39754.8 -> incremental changes blue green
39756.16 -> deployments having a ci cd pipeline
39758.56 -> refined operations procedures frequently
39760.88 -> so look for continuous opportunities to
39762.56 -> improve your operations
39764.4 -> here you use game days to simulate
39766 -> traffic or event failure on your
39767.36 -> production workloads anticipate failure
39769.756 -> so perform post modems on system
39771.52 -> failures to better improve write test
39773.756 -> code kill production servers
39776.32 -> there's a small spelling mistake it
39777.756 -> should have an r here so servers to test
39780.56 -> recovery learn from all operational
39782.64 -> failures so share lessons learned in a
39784.96 -> knowledge base for operational events
39786.88 -> and failures across your entire
39788.16 -> organization but you know if you can
39789.68 -> just remember these headings here
39791.52 -> and be able to categorize what would be
39793.436 -> under operational excellence you'll be
39794.8 -> okay all right
39795.9 -> [Music]
39800.08 -> all right let's take a look at the
39801.2 -> design principles for the security
39802.96 -> pillar so the first here is implement a
39805.276 -> strong identity foundation so implement
39807.756 -> the principle of least privilege or polp
39810.8 -> that's a very popular concept meaning
39813.116 -> giving people only the permissions that
39814.64 -> they need use centralized identity so
39816.96 -> that would be using database iam avoid
39819.52 -> long link credentials then we have
39821.68 -> enable traceability so monitor alerts
39823.916 -> and audit actions and changes to your
39825.52 -> environment in real time integrate log
39827.756 -> and metric collection and automate
39829.84 -> investigations and remediation then we
39832.24 -> have apply security at all layers so
39835.2 -> take defense in depth approach with
39837.68 -> multiple security controls for
39839.116 -> everything from as networks vbcs load
39841.52 -> balancing instances os application code
39844.16 -> we might have a slide in this course on
39846.48 -> defense and uh depth where basically you
39848.56 -> see like a ring of things and you can
39850.8 -> kind of see how like there's layers that
39852.48 -> go from outward to inward and that's
39854 -> what they're talking about when they're
39854.8 -> listing out all these things here
39857.52 -> automate security best practices
39859.596 -> protect your data in transit at rest
39862.48 -> keep people away from your data
39864.72 -> the reason i don't have descriptions
39865.84 -> there is because those are pretty
39866.64 -> self-evident prepare for security events
39868.72 -> so incident management systems and
39870.8 -> investigation policies and processes
39872.48 -> tools to detect investigate and recovery
39874.88 -> from incidences and uh there are a lot
39877.2 -> of security tools out there and they all
39878.48 -> have funny initialisms i didn't put any
39880.24 -> of them in here but i'm sure there are
39881.596 -> some there
39882.64 -> but yeah there you go for security
39887.5 -> [Music]
39888.88 -> all right let's take a look at design
39890.08 -> principles for reliability and the first
39892.24 -> here is automatically recover from
39893.596 -> failure so monitor kpis and trigger
39896.24 -> automations when the threshold is breach
39898.64 -> test recovery procedures so test how
39900.48 -> your workload fails and you validate
39902.64 -> your recovery procedures you can use
39904.64 -> automation to simulate different
39906.08 -> failures or to recreate scenarios that
39907.68 -> led to failures before
39909.276 -> scale horizontally to increase aggregate
39911.116 -> system availability so replace one large
39913.2 -> resource with multiple small resources
39914.8 -> to reduce the impact of a single failure
39916.96 -> on the over overall workload distribute
39920.24 -> requests across multiple smaller
39922.08 -> resources to ensure that they don't
39923.36 -> share a common point of failure so we're
39925.04 -> talking about multi-az
39926.8 -> high availability okay stop guessing
39928.88 -> capacity we've seen this multiple times
39930.72 -> so in on-premise it takes a lot of
39932.32 -> guesswork to determine the elasticity of
39933.84 -> your workloads uh
39935.36 -> workload demands with cloud you don't
39936.8 -> need to guess how much you need because
39938.24 -> you can request the right size of
39939.84 -> resources on demand that's going to give
39941.916 -> you better reliability okay manage
39943.84 -> change and automation so making changes
39945.756 -> via infrastructure as a code will allow
39947.276 -> for a formal process to track and review
39949.2 -> infrastructure they're going to see iac
39950.88 -> show up a lot in this framework okay
39952.87 -> [Music]
39957.2 -> let's take a look at design principles
39958.88 -> for performance efficiency so the first
39960.88 -> here is democratize advanced technology
39963.436 -> so focus on product development rather
39965.2 -> than procurement provisioning and
39966.72 -> management of services because if you're
39968.4 -> on prem you'd have to order those
39969.84 -> machines set them up and so take
39971.68 -> advantage of advanced technologies
39973.04 -> specialize and optimize for your use
39974.56 -> case with on-demand cloud services
39976.08 -> because again if you're using on-prem uh
39978 -> you you know
39979.2 -> you might not have the option to have
39980.64 -> sage maker right it's just going to be a
39982.8 -> vm and you're going to do all the work
39984.16 -> yourselves whereas aws has all these
39986 -> specialized things so you can move
39987.276 -> quickly
39988.4 -> go global in minutes so deploying your
39990 -> workload in multiple abs regions around
39992.32 -> the world allows you to provide lower
39993.84 -> latency and a better experience for your
39995.36 -> customers at a minimal cost we have used
39997.68 -> serverless architecture so serverless
39999.2 -> architecture removes the need for you to
40000.96 -> run and maintain physical servers for
40002.48 -> traditional computing activities removes
40004.72 -> the operational burden of managing
40005.916 -> physical servers and can lower
40007.2 -> transactional costs because managed
40008.4 -> services operate at cloud scale and aws
40010.56 -> can be a lot better at
40012.16 -> running them
40013.68 -> efficiently then you will uh experiment
40016 -> more often so with virtual and
40017.52 -> automatable uh resources you can quickly
40019.916 -> carry out comparative testing using
40021.596 -> different types of instances storage or
40023.2 -> configurations to make the best choice
40025.2 -> we call this right sizing choosing the
40026.96 -> right size consider mechanical sympathy
40030 -> so understand how cloud services are
40031.756 -> consumed and always use technology
40033.756 -> approach that aligns best with your
40035.596 -> workload goals for example consider data
40037.756 -> access patterns when you select database
40039.756 -> or storage approaches
40041.47 -> [Music]
40046.08 -> let's take a look here at design
40047.276 -> principles for cost optimization so the
40049.916 -> first one here is implement cloud
40051.276 -> financial management so dedicate time
40053.436 -> and resources to build capacity via
40055.596 -> cloud financial management and cost
40057.116 -> optimization tooling statements is
40058.88 -> saying hey take advantage of all our
40060.24 -> tooling that makes it easy for you to
40061.68 -> know exactly what you're spending adopt
40063.84 -> a consumption model so pay only for
40066.08 -> computing resources that you require
40068.4 -> an increase or decrease using uh
40070.24 -> depending on the business requirements
40071.756 -> we're talking about on-demand pricing
40073.596 -> measure overall efficiency so measure
40075.436 -> the business output of the workload and
40077.436 -> the cost associated associated with
40079.2 -> delivering use this measure to know the
40081.52 -> gains you make from increasing output
40083.596 -> and reducing costs so stop spending
40085.84 -> money on undifferentiated that's a hard
40088.4 -> word to say
40089.8 -> undifferentiated heavy lifting so aws
40092.72 -> does the heavy lifting of the data
40094.16 -> center operations like racking stacking
40095.916 -> and power servers it also removes the
40097.84 -> operational burden of managing operating
40099.68 -> systems
40100.88 -> and applications with managed services
40102.72 -> this allows you to focus on your
40103.916 -> customers and business projects rather
40105.916 -> than your it infrastructure
40108 -> and the last one here is analyze and
40110.32 -> attribute expenditure so the cloud makes
40112.56 -> it easier to accurately identify the
40114.48 -> usage and cost of systems which then
40116.64 -> allow transparent attribution of it
40119.276 -> costs to individualize workload owners
40121.756 -> this helps measure return on investment
40123.916 -> and gives workload owners an opportunity
40125.52 -> to optimize the resources and reduce
40127.52 -> costs so there you go
40128.78 -> [Music]
40133.2 -> hey this is andrew brown from exam pro
40134.88 -> and we are taking a look at the aws well
40136.88 -> architected tool so this is an auditing
40138.96 -> tool to be used to assess your cloud
40140.64 -> workloads for alignment with the aws
40142.96 -> well architected framework and so what
40145.276 -> it is it's essentially a checklist
40147.436 -> but it also has nearby references so you
40149.84 -> know as you're reading through it it
40151.36 -> will show you information uh and
40153.68 -> resources so that it can help you with
40155.756 -> this checklist here and the idea is when
40157.916 -> you're done you can generate out a
40159.436 -> report and then you can provide that
40161.36 -> report to your executives and key
40162.88 -> stakeholders to prove uh you know how
40165.2 -> well architected your workload is on aws
40167.68 -> okay
40168.61 -> [Music]
40172.72 -> hey this is andrew brown from exam pro
40174.48 -> and in this video i want to show you two
40175.756 -> things the well architected framework
40177.52 -> and the well architected tool so first
40179.84 -> let's go look for the well architected
40181.52 -> framework
40182.4 -> so we're going to look up white papers
40184.64 -> aws
40186.08 -> and so if we go here to about amazon.com
40188.8 -> white papers we have a bunch of pages
40190.48 -> here and so i'm going to just check box
40192.16 -> on white paper so that we can kind of
40194.24 -> reduce the amount there and i'm going to
40196.24 -> check box well architected framework if
40198.4 -> we scroll all the way top here one of
40200.16 -> these you think it'd be right at the top
40202.32 -> but one of these is the well architected
40204.64 -> framework and here it is and so if we
40206.88 -> open it up i used to just directly open
40209.116 -> up as a pdf i'm sure you can still
40210.64 -> download it as is but generally you're
40212.96 -> going to open up as this html page and
40215.36 -> you can basically read through it see
40216.88 -> all the stuff see the multiple pillars
40219.84 -> we can click into here see the design
40221.84 -> principles read the definitions and then
40225.04 -> start reading about uh the best
40227.04 -> practices and they have these things at
40228.88 -> the bottom of each one
40230.4 -> uh very boring very very boring but um
40232.88 -> you know when you get to the solutions
40234.16 -> architect and things like that you're
40235.52 -> going to need to know this stuff inside
40236.96 -> and out it's going to really help you
40238.72 -> out this cloud practitioner we only need
40240.32 -> to know surface level information
40242.88 -> uh but that's a little arctic framework
40244.48 -> let's take a look at the well
40246.56 -> architected tool so we're going to type
40248.4 -> in well here we'll get the well
40250.24 -> architected tool and if we go here you
40252.88 -> can see that i've created a couple
40254.56 -> before probably demos
40256.56 -> for
40257.68 -> our videos and so i'm going to go define
40259.84 -> a new workload i'm going to say my
40261.916 -> my workload here
40263.68 -> my workload
40267.52 -> whoops my workload it is messing up
40270.24 -> because i probably have grammarly
40271.68 -> installed so it does not like grammarly
40273.84 -> so i'm just going to turn it off for now
40277.116 -> so my workload
40280.72 -> and it's still not typing correctly so i
40282.8 -> have to kill a kill of grammarly here
40285.116 -> which is kind of frustrating so that's a
40286.88 -> bug that that's not grammarly's fault
40288.56 -> that's adabus's fault for not playing
40290.4 -> well
40291.436 -> with grammarly and that's something i
40293.68 -> will definitely report to them because
40295.52 -> it's very annoying
40297.276 -> so i'm going to go ahead and refresh
40298.72 -> this page
40301.756 -> my workload my workload
40305.68 -> um
40306.48 -> and this is andrew brown
40309.84 -> production or pre-production doesn't
40311.52 -> matter pick your regions us east
40314.8 -> or usc's 2 sure
40317.756 -> i'm selecting it
40320.56 -> there we go uh optional optional
40323.68 -> optional optional you go to next
40325.596 -> and then you can choose your lens
40326.88 -> serverless lens ftr lens so that's the
40329.36 -> foundational technical review sas lens
40331.84 -> we can go with architected framework and
40334 -> then once that is there we can start
40336.72 -> reviewing
40338.8 -> okay and then we get this big checklist
40340.72 -> and so we can go through this and read
40342.24 -> each one so we say
40343.68 -> ops one how do you determine what your
40345.756 -> priorities are and all these things like
40347.436 -> ops and stuff like that these are all
40348.8 -> the summaries in each of the well
40350.16 -> architected framework sections
40352.08 -> so you pretty much don't need to really
40353.52 -> read the dock and just go through this
40354.88 -> so everyone needs to understand their
40356.48 -> part in enabling business success
40359.116 -> have shared goals in order to set
40360.72 -> priorities of resources this will
40362.32 -> maximize the benefit of your efforts
40364.48 -> so select from the following evaluate
40366.64 -> the customer's external needs
40369.276 -> external customer needs evaluate
40370.88 -> internal customer needs if you click
40372.32 -> info it's going to highlight each one
40373.916 -> here so of all key stakeholders
40376 -> including business development
40377.2 -> operations teams this will ensure etc
40379.68 -> and so you just go through this and uh
40382.16 -> you know once you have that
40384 -> and you save and exit
40386.64 -> okay
40387.756 -> you'll have
40388.96 -> the questions that are answered it'll
40390.4 -> say what's high risk what's not things
40392.24 -> like that
40393.276 -> very simplistic it's really just a way
40395.436 -> of making a very organized report or
40397.436 -> checklist and proving that you went
40399.276 -> through it uh to the executive level or
40402 -> to the management level there so
40403.68 -> hopefully that makes sense to you it's
40405.52 -> not too complicated but there you go
40407.48 -> [Music]
40412 -> hey it's andrew brown from exam pro and
40413.68 -> we are looking at the aws architecture
40415.68 -> center so the architecture center is a
40417.84 -> web portal that contains best practices
40420.08 -> and reference architectures for a
40421.756 -> variety of different workloads and you
40423.756 -> can find this at
40424.84 -> adabus.amazon.com for slash architecture
40427.2 -> so if you're looking for best practices
40428.88 -> in terms of security they have a huge
40430.88 -> section on that and they have it for
40432.4 -> pretty much every kind of category on
40434.24 -> aws or if you're looking for practical
40437.2 -> examples you can view the large library
40440.08 -> of reference architectures so here's one
40442.24 -> to make an aws q and a bot and it will
40445.116 -> have an architectural diagram but you
40446.56 -> can also
40448.08 -> deploy via cloud formation or possibly
40450.08 -> cdk
40451.596 -> and this way you can get a working
40453.2 -> example and then tweak it for your use
40454.96 -> case so this is a really great tool um
40457.84 -> when you are done the awesome
40459.276 -> architecture framework and you're saying
40460.32 -> okay how do we apply it can we get more
40462.16 -> concrete examples and i wouldn't be
40463.596 -> surprised if a lot of the resources
40465.52 -> within the well-architected framework
40467.04 -> white paper are just pointing to the
40468.64 -> center okay
40469.84 -> [Music]
40474.32 -> hey this is andrew brown from exam pro
40476.08 -> and we are taking a look at the concept
40477.52 -> of total cost of ownership also known as
40479.36 -> tco so what is tco well it is a
40482.16 -> financial estimate intended to help
40484.08 -> buyers and owners determine the direct
40486.08 -> and indirect costs of a product or
40487.68 -> service so here is an example of you
40490.56 -> know tco for maybe like a data center so
40492.88 -> we have hardware monitoring installation
40494.88 -> i.t personnel training software
40497.52 -> uh security licensing and taxes but
40500.4 -> that's not just the limit of it it's
40501.756 -> just kind of the examples we show here
40503.916 -> the idea of creating tco is useful when
40506.08 -> your company's looking to migrate from
40507.68 -> on-prem to cloud and we will have a
40510.24 -> better kind of visual here to kind of
40512.24 -> understand how you would contrast
40514 -> against on-premise to cloud but let's
40515.436 -> just talk about how it actually works in
40517.36 -> practicality which i think gets kind of
40519.2 -> overlooked when cloud service providers
40521.52 -> are selling you on tco so the idea is
40524.24 -> that gardner um you know they
40526.72 -> uh they were they wrote this article
40528.88 -> based on this research where an
40530.32 -> organization had moved uh 2500 virtual
40533.52 -> machines over to amazon dc2 and so what
40536.96 -> you're seeing here is that there is a an
40539.596 -> additional cost that we're not
40540.48 -> considering which is the migration cost
40542 -> see this bar up here um so the idea is
40544.96 -> that the company was paying around 400
40546.88 -> 000 and so they started to move over and
40550.08 -> as you see their costs initially went up
40552.24 -> for a short period of time here uh but
40555.116 -> then once that migration cost was over
40557.116 -> uh you can notice that they had a 55
40559.116 -> reduction so it's uh totally possible to
40561.68 -> save money uh and clearly there is great
40563.916 -> savings uh now is it exactly what aws
40566.96 -> promises probably not and that's that
40568.88 -> could be the reason why they update
40570.32 -> their tco calculator but let's now just
40572.72 -> do that contrast against the two so we
40575.04 -> have on-premise on the left and aws on
40577.2 -> the right or any cloud service provider
40579.116 -> and what i want to do is help you think
40580.72 -> about what costs do people generally
40582.48 -> think about because if we have like
40584.48 -> iceberg the idea here is that these are
40586.24 -> the costs that we always think about
40587.436 -> above the iceberg and then there's these
40589.52 -> hidden costs that we just don't consider
40591.116 -> when factoring in our move and that's
40592.64 -> the idea of tcos to consider all the
40594.88 -> costs not just the superficial ones and
40597.2 -> so people say these look like teeth and
40598.56 -> that's why i add penguins and a whale
40600.88 -> here um and so when we're talking about
40603.2 -> on-premise what we generally think are
40604.64 -> software license fees and subscription
40606.72 -> fees but when you compare those against
40608.64 -> each other they might look the same um
40610.96 -> aws might just look slightly cheaper or
40612.56 -> even more and so the idea is you need to
40614.88 -> then factor in everything so on on
40616.8 -> premise there's implementation
40617.916 -> configuration training physical security
40620.08 -> hardware id personnel maintenance and on
40622.56 -> the aws side you know you are you don't
40624.88 -> have to do as much of that stuff so you
40626.48 -> just have implementation configuration
40628 -> and training and so aws with their tco
40630.64 -> calculator their old one used to make a
40632.64 -> promise of 75 percent in savings um
40635.756 -> again you know
40637.276 -> this is going to really vary based on
40639.04 -> what your migration strategy looks like
40641.276 -> um but you know it's totally possible
40642.88 -> you could save 75 percent or you could
40645.2 -> save 50 percent over a third year
40647.756 -> three-year period and there's a initial
40649.84 -> spike so that's just something you have
40651.756 -> to consider but the nice thing though is
40653.52 -> that once you've moved over all the
40654.8 -> stuff over here on the left-hand side
40656.08 -> will be eight of us's responsibility
40657.916 -> okay
40658.7 -> [Music]
40663.2 -> all right so let's take a look at
40664.48 -> capital versus operational expenditure
40666.88 -> so there's capex and opex so on the
40669.276 -> catholic side the idea here is you're
40671.04 -> spending money upfront on physical
40672.72 -> infrastructure deducting that expenses
40674.4 -> from your tax bill over time
40676.64 -> a lot of companies that are running
40677.916 -> their own data centers uh or have a lot
40680.48 -> of on-premise stuff understand what
40682.32 -> capex is because
40684.16 -> it's something that a lot of times they
40685.436 -> get tax breaks is on and that's why we
40687.04 -> see a lot of people that have a hard
40688.4 -> time moving away from the cloud because
40690.64 -> you know they keep on thinking about
40691.756 -> that money they save from the government
40693.68 -> but capex costs would be things like
40695.2 -> server costs storage network costs
40697.68 -> backups and archives disaster recovery
40700.08 -> costs data center costs technical
40702.32 -> personnel so the idea is with capital
40705.436 -> expenses you have to guess up front what
40707.756 -> you plan to spend okay with operational
40710.32 -> expenditure the idea here is the cost
40712 -> associated with an on-premise data
40713.276 -> center that has shifted the cost to the
40715.276 -> service provider the customer only has
40717.2 -> to be concerned with non-physical costs
40719.36 -> so leasing software and customizing
40721.04 -> features
40722.08 -> training employees and cloud services
40724 -> paying for cloud support
40726.08 -> billing based on cloud metrics so
40728 -> compute usage storage usage and so the
40730.88 -> idea here is with operational expenses
40733.116 -> you can try a product or service without
40735.36 -> investing in equipment so basically apex
40738.24 -> is what we think about when we think of
40739.436 -> on-premise and then opex is what we
40741.68 -> think about
40743.04 -> you know we're thinking about cloud or
40744.24 -> aws okay
40745.93 -> [Music]
40750.88 -> all right let's ask a very important
40752.24 -> question about cloud migration so does
40754.24 -> cloud make it personnel redundant so a
40756.8 -> company is considering migrating their
40758.32 -> workloads from on-premise to the cloud
40759.916 -> to take advantage of the savings there
40761.916 -> is a concern among the staff that there
40764 -> will be mass layoffs does cloud make it
40767.2 -> personnel redundant and that's a very
40769.916 -> important question to to have an answer
40771.756 -> to and this all talks about shifting
40773.36 -> your i.t team into different
40775.436 -> responsibilities so a company needs i.t
40778 -> personnel during the migration phase as
40779.756 -> we saw with that gardner research report
40781.68 -> that there was a period
40783.276 -> at least like a year where they needed
40785.116 -> that for you know depending on the size
40786.88 -> your company so you're still going to
40788.24 -> need those people around a company can
40790.48 -> transition some roles to new cloud roles
40792.08 -> so a very traditional example would be
40794.24 -> you have your traditional networking
40795.84 -> roles or people have like their ccna and
40798.4 -> now they're moving over to cloud
40799.756 -> networking they have a reduced workload
40802.08 -> but there's other things that they could
40804.08 -> be doing in the cloud
40806.08 -> a company may decide to take a hybrid
40807.68 -> approach so they'll always need to have
40809.276 -> a traditional it team and a cloud it
40812.16 -> team
40812.96 -> um and the last one and this one you'd
40815.36 -> actually see on the exam which is a
40817.276 -> company can change employees activities
40819.116 -> from managing infrastructure to rev
40820.96 -> revenue generating activities okay so
40823.436 -> the idea is that you know if you're a
40824.72 -> company why would you get rid of all
40826.4 -> your staff and you just put them all
40827.68 -> into rev regeneration i suppose you know
40830 -> you could uh you know uh lay them off
40832.56 -> and some companies might do that um or
40834.96 -> you know you could just retrain them
40836.24 -> because
40837.116 -> if that it personal team has uh
40839.116 -> technical expertise i'm sure they can
40840.56 -> translate that to the cloud
40842.53 -> [Music]
40846.56 -> let's talk about the database pricing
40847.916 -> calculator and this is a free cost
40849.756 -> estimate tool that can be used within
40851.436 -> your web browser without the need of a
40853.04 -> database account to estimate the cost of
40854.88 -> a various items services and this is um
40858.08 -> available at calculator.aws
40860.64 -> and the reason we're bringing this up is
40861.916 -> because there used to be a tco
40864 -> calculator but now this is the
40865.52 -> calculator that you use
40867.276 -> so the abs pricing calculator contains
40869.2 -> 100 plus services that you can configure
40870.88 -> for cost estimate and so you can just
40873.04 -> click through a bunch of knobs and
40875.68 -> boxes to
40877.04 -> uh you know
40878.56 -> exactly figure out a very accurate cost
40882.24 -> so the idea here is that to calculate
40884.08 -> your tco an organization needs to
40886 -> compare that existing cost against their
40888.4 -> abuse costs and so the ibis prices
40890.48 -> calculator can be used to determine uh
40892.4 -> you know the aws costs and obviously the
40894.24 -> organization knows its cost so we can
40895.916 -> compare it against that
40898 -> and the way you can get data out of this
40899.916 -> is you can export it as a final estimate
40902.24 -> to a csv okay
40904.06 -> [Music]
40908.16 -> hey this is andrew brown from exam pro
40909.916 -> and we are taking a look at the aws
40911.36 -> pricing calculator so to get there it's
40913.04 -> calculated.aws what you're going to do
40915.116 -> is hit create estimate and then here you
40917.04 -> have a bunch of services so you just
40918.64 -> choose what you want so you type in ec2
40920.8 -> we're going to configure that
40922.8 -> and from there we can do a quick
40924.08 -> estimate or an advanced estimate so
40925.596 -> choose this option for fast and easy
40927.52 -> route to ballpark an estimate choose
40929.68 -> this option for detailed estimate for
40931.2 -> accounts workloads and stuff so notice
40932.88 -> down below very simplistic we hit
40935.596 -> advanced
40937.116 -> and we get all
40938.48 -> sorts of stuff okay so you know it's
40940.72 -> really up to you i'm very comfortable
40942.32 -> with the advanced options so i might be
40944.48 -> running a linux machine what is my usage
40947.276 -> it's going to
40948.64 -> have uh daily spikes of traffic because
40951.68 -> of the use cases you could say it's not
40953.84 -> busy on saturday and sunday that it has
40955.916 -> a baseline of one a peak of two eight
40957.916 -> things like that then you can choose
40959.84 -> what you're using um
40962.08 -> t4 g i don't even know what that is uh
40964.32 -> but let's just say like t
40966.8 -> uh
40967.52 -> t to uh micro which is not that big two
40970.8 -> three micro
40972.08 -> and you could say we're doing on demand
40973.916 -> because a lot of people would be doing
40975.2 -> that and
40976.64 -> you see like seven dollars a month it's
40978.48 -> not a lot of money then you're looking
40980.32 -> at your storage data in data out
40984.16 -> okay so we can add that
40986 -> another thing that we might see is
40987.916 -> something like rds
40990.56 -> so we go to rds and we add postgres and
40994.16 -> not all of them have the simple and
40995.596 -> complex sometimes they're simple so
40997.36 -> production database
41000.32 -> we'll have one here and we're just going
41002.56 -> to be
41003.68 -> say a db t2 micro
41006.24 -> t3 micro there we go
41008.8 -> a hundred that's fine we're not going to
41010.88 -> have multi-az we'll have single lazy on
41013.116 -> demand show the calculation 13 a month
41016.08 -> add that to our estimate
41017.84 -> so you're kind of getting the idea there
41019.68 -> right
41021.84 -> and so you know we have our summary
41023.916 -> that's our monthly 391 dollars
41027.116 -> um oh sorry over 12 months so our
41028.88 -> monthly cost is 32
41031.2 -> okay you can go back there clone the
41032.56 -> service edit it stuff like that you can
41034.96 -> export the estimate i think it goes out
41037.04 -> as a csv you can also hit share
41041.36 -> and then hit agree
41042.8 -> and so then you have a public link
41044.88 -> and if i have that link we can just see
41047.36 -> what happens if i paste it okay and it
41050.32 -> just brings them to the same estimate so
41052.16 -> there you go
41053.65 -> [Music]
41057.756 -> hey this is andrew brown from exam pro
41059.596 -> and we are taking a look at migration
41061.36 -> evaluators so it was formerly known as
41063.596 -> tcl logic and then abus acquired the
41066.16 -> company and it is an estimate tool used
41068.32 -> to determine an organization existing
41070.24 -> on-premise costs so it can compare it
41072.32 -> against its aws costs for planned cloud
41074.88 -> migration uh so the idea is that you can
41077.436 -> get a very very detailed information and
41080.48 -> the way it collects information is via
41082.48 -> an agentless collector to collect data
41085.04 -> from your on-premise infrastructure to
41086.4 -> extract from your own on-premise costs i
41088.72 -> don't know if you can see there but you
41089.756 -> can see that it works with a lot of
41091.116 -> different kinds of on-premise technology
41093.596 -> like vmware microsoft
41096.48 -> tsql all sorts of things okay
41099.75 -> [Music]
41104.56 -> one migration tool that we can use with
41106.48 -> aws is the vm import export and this
41109.276 -> allows us to import virtual machines
41111.2 -> into ec2 so itamus has import
41113.68 -> instructions for vmware citrix
41116.64 -> microsoft hyper-v
41118.32 -> windows vhd from azure and also linux
41121.116 -> vhd from azure and so the way this works
41123.756 -> is that you prepare your virtual image
41125.36 -> for upload and adabus has a bunch of
41127.36 -> instructions for that once it is ready
41129.52 -> you're going to upload that to an s3
41131.116 -> bucket and once it's uploaded to an s3
41133.84 -> bucket then what you can do is use the
41136.4 -> aw cli to import your image
41138.88 -> um and so that is the cli command down
41141.116 -> below
41142.16 -> and once it is produced it will generate
41144.96 -> out an amazon machine image and so from
41146.88 -> an ami you can then go launch your ec2
41149.36 -> okay
41150.58 -> [Music]
41154.96 -> hey this is andrew brown from exam pro
41156.88 -> and we are taking a look at the database
41158.4 -> migration service which allows you to
41159.916 -> quickly and securely migrate one
41161.436 -> database to another dms can be used to
41163.52 -> migrate your on-premise database to aws
41165.36 -> and that's why we're talking about it
41167.116 -> and so here's a general diagram where
41168.56 -> you have your source database which
41170.16 -> connects to a source endpoint goes
41171.84 -> through a replication instance so that's
41173.436 -> an ec2 instance that's going to
41175.68 -> replicate the data to the target
41177.52 -> endpoint onto the target database
41180 -> and so we have a bunch of possible
41181.68 -> sources so we have oracle database
41183.756 -> microsoft sql mysql mario db postgresql
41188.24 -> mongodb sap at asc
41191.68 -> imdb
41192.88 -> db2 azure sql database amazon rds
41197.276 -> amazon s3 and i'm assuming these are
41199.04 -> database dumps
41200.64 -> amazon aurora amazon document db and so
41204.24 -> for possible targets it's very similar
41206 -> we got oracle database microsoft sql
41208.56 -> mysql mario db post sql redis sap se
41214.48 -> amazon redshift amazon rds amazon
41217.116 -> dynamodb amazon s3 amazon aurora amazon
41220.72 -> open search service amazon elastic cache
41223.276 -> for redis amazon document db amazon
41226.24 -> neptune apache kafka i'm just showing
41228.96 -> you the list to give you an idea of how
41230.72 -> flexible this service is uh but you can
41233.04 -> tell that these are very different
41234.72 -> databases so how can it uh move them
41237.276 -> over right and so in not all cases can
41239.916 -> it easily do it like it's very easy to
41241.276 -> go from mysql to postgres um but you
41243.84 -> know for ones that are like relational
41246 -> to
41246.72 -> uh nosql uh this is where the innova
41249.436 -> schema conversion tool comes into play
41251.04 -> it's used in many cases to automatically
41252.8 -> convert a source database schema to a
41254.8 -> target database schema or semi-automate
41257.596 -> it so that you can kind of like you know
41260.32 -> figure out how to map the new schema
41262.56 -> each migration path requires a bit of
41264.08 -> research since not all combinations of
41265.52 -> sources and targets are possible and it
41268.24 -> really comes down to even versions of
41270.08 -> these things so but i just want you to
41271.756 -> know about that it's an option as a
41273.2 -> database migration service and i've
41275.116 -> migrated a very large database before
41277.04 -> and it's super fast so and it's not that
41279.84 -> hard to use so something you definitely
41281.68 -> want to remember when you're
41283.7 -> [Music]
41286.84 -> migrating hey this is andrew brown from
41289.04 -> exam pro and we are taking a look at the
41291.04 -> cloud adoption framework so this is a
41292.88 -> white paper to help you plan your
41294.16 -> migration from on premise to aws at the
41296.72 -> highest level the aws caf organizes
41299.36 -> guidance into six focus areas we've got
41301.68 -> business people governance platform
41303.84 -> security and operations and this white
41306.24 -> paper is pretty high level uh so you
41309.116 -> know it doesn't get into granular
41310.72 -> details on how that migration should
41312.4 -> work but gives you kind of a holistic
41314.56 -> approach and i believe that probably
41316.64 -> through the aws
41318.08 -> amazon partner network there's people
41319.596 -> that specialize in using this particular
41321.756 -> framework to help organizations move
41323.596 -> over and i believe that anybody has
41325.436 -> professional services through the apn
41327.36 -> but let's just kind of break down what
41328.64 -> these six categories are we're not going
41330.16 -> to go too deep into this but let's do it
41332.8 -> so the first is the business perspective
41334.88 -> so these are business managers finance
41336.72 -> managers budget owners strategy
41338.48 -> stakeholders so it's how to update the
41341.116 -> staff skills and organizational
41342.56 -> processes to optimize this value as they
41344.8 -> move ops to the cloud you have people
41346.96 -> perspective so human resources staffing
41348.96 -> people managers so how to update the
41351.116 -> staff skills and organizational
41352.48 -> processes to optimize and maintain the
41354.24 -> workforce and ensure competencies are in
41356.8 -> place at the appropriate time you have
41358.8 -> governance perspectives so cios program
41361.436 -> managers project managers enterprise
41363.276 -> architects business analysts so how to
41365.84 -> update the staff skills and
41366.96 -> organizational processes that are
41368.4 -> necessary to ensure business governance
41370.4 -> in the cloud and manage and measure
41372.64 -> cloud investments to evaluate the
41374.16 -> business outcomes we have platform
41376 -> perspectives so ctos it managers
41377.916 -> solution architects so how to update the
41380.4 -> staff skills and organizational
41382.08 -> processes that are necessary to deliver
41383.756 -> and optimize cloud solutions and
41385.04 -> services security perspectives so ciso
41388.08 -> i.t security managers i.t security
41390.08 -> analysts so how to update the staff
41392 -> skills and organizational processes that
41393.756 -> are necessary to ensure that the
41395.276 -> architecture deployed in in the cloud
41398 -> aligns to the organization's security
41399.52 -> control requirements resilience and
41401.436 -> compliance requirements we have
41403.116 -> operational or operations perspective so
41405.436 -> i t operations managers i t support
41407.84 -> managers so how to update the staff
41409.916 -> skills and organizational processes that
41411.756 -> are necessary to ensure system health
41413.916 -> and reliability during the move of
41415.84 -> operations to the cloud and then to
41417.68 -> operate operate using agile ongoing
41419.84 -> cloud computing best practices so this
41422.16 -> just
41422.96 -> taps the surface of what the caf is
41425.756 -> and i think for each of these they
41427.116 -> actually have a more detailed breakdown
41428.8 -> so you know business is going to break
41430.48 -> down to even more uh finite things there
41433.2 -> okay
41434.42 -> [Music]
41438.8 -> so aidabus has free services that are
41441.2 -> free forever unlike the free tier that
41443.276 -> are up to a point of usage or time
41445.756 -> um and so there are a lot here this is
41447.916 -> not even the full list there's
41448.96 -> definitely more and we have iem amazon
41451.36 -> vpc auto scaling cloud formation elastic
41453.68 -> bean stock ops works amplify appsync
41456.08 -> code star organizations consolidate
41458.4 -> billing it was cost explorer
41460.4 -> sagemaker systems manager there's a lot
41463.2 -> of them okay
41464.48 -> but the thing is is that these services
41466.64 -> are free but some of these
41468.8 -> can spin up other resources so the
41470.88 -> services are free themselves uh however
41473.116 -> ones that provision services may cost
41475.04 -> you money so cloudformation which is an
41476.72 -> infrastructure as a code tool could
41478.48 -> launch virtual machines those virtual
41479.916 -> machines will cost money right opsworks
41482.24 -> can launch servers that can cost money
41483.916 -> amplify can launch
41485.436 -> um lambdas that can cost money so that's
41488 -> something you just have to consider um
41490.24 -> but yeah there you go
41492.34 -> [Music]
41497.116 -> hey this is andrew brown from exam pro
41498.96 -> and we are taking a look at the aws
41500.56 -> support plans so we got basic developer
41503.68 -> business and enterprise and you
41505.276 -> absolutely absolutely need to know this
41507.36 -> stuff inside and out for exams they will
41509.36 -> ask you questions on this okay
41511.276 -> so basic is for email support only uh
41514.72 -> such as billing and account so if you
41516.88 -> think it got over billed and that's
41518.24 -> something you should do if you've uh
41520.88 -> misconfigured something and you end up
41522.32 -> with a big bill just go
41524.48 -> open up a support ticket under basic for
41526.8 -> billing and they're likely to refund you
41528.8 -> but if you do have questions about
41530.16 -> billing accounts that's we're going to
41531.2 -> be using for everything else that is for
41532.88 -> tech support um and so for developer
41535.276 -> business enterprise you're going to get
41536.64 -> email support which they'll
41539.04 -> roughly reply within 24 hours i believe
41541.52 -> this is business hours so if you message
41544 -> them on friday um or sorry saturday you
41547.756 -> might be waiting till monday for it okay
41551.2 -> in terms of third party support the only
41553.756 -> one that doesn't have third-party
41555.116 -> support is developer so if you are using
41558 -> something like ruby on rails or azure or
41560.32 -> something that has interoperability
41562.08 -> between
41563.04 -> aws and something else business
41564.4 -> enterprise will absolutely help you out
41566.24 -> with it same with enterprise but the
41568 -> developer one not so much uh if you like
41571.04 -> to use the phone or you like to chat
41573.756 -> with people um that's available the
41575.68 -> business enterprise tier this is the way
41577.68 -> i end up talking to people if you are um
41580.88 -> you know like if you're in north america
41582.64 -> and you're calling between nine to five
41583.916 -> on a monday friday you're likely to get
41585.276 -> somebody that is in within north america
41588.48 -> if not it'll be one of uh
41591.04 -> one of the supports from some other area
41593.436 -> so just be aware of that that can also
41594.96 -> affect the time they pick up uh
41596.72 -> sometimes it's five minutes sometimes
41598.16 -> it's 30 minutes to to an hour uh you
41600.8 -> know it just depends on what service
41602.88 -> you're asking for and you know what time
41605.2 -> of day okay
41607.2 -> in terms of
41609.04 -> responsiveness uh for general guidance
41611.84 -> everything is 24 hours or less for
41613.84 -> developer business enterprise if your
41615.68 -> system is impaired it's within 12 hours
41618 -> or less with production system impaired
41620.16 -> it's four hours or less with production
41622.16 -> system down it's one hour or less and if
41624.72 -> you're for enterprise um it's going to
41626.8 -> be business critical system down less
41628.72 -> than 15 minutes so just notice who has
41631.116 -> what for these things um i've definitely
41634.24 -> waited like
41635.436 -> three days on general guidance before so
41637.916 -> just take these with a grain of salt
41639.116 -> that they're not you know they don't
41640.72 -> really stick to these that or maybe i'm
41642.64 -> just not paying enough for them to care
41644.08 -> okay um in terms of uh getting actual
41647.436 -> people assigned to you this only happens
41648.96 -> at the enterprise level where they have
41650.48 -> their concierge team so they uh help
41652.72 -> your
41653.916 -> organization uh learn how to use adabask
41656.24 -> ask them any questions personally and
41658.08 -> then you have a tam a technical account
41659.84 -> manager that is somebody that knows um
41662.32 -> awsi inside and out and they'll help you
41664.24 -> architect things and make correct
41665.84 -> choices or they'll check your bill and
41667.52 -> help you try to reduce that bill things
41669.52 -> like that okay
41670.8 -> in terms of trusted advisory checks at
41672.48 -> the basic developer you get seven
41674.16 -> advisor checks once you're paying for
41675.84 -> business you get all the checks the cost
41678.32 -> here for business is zero um for
41680.72 -> developer it's starting at 29 a month
41683.436 -> for businesses starting at 100 a month
41685.756 -> and then for enterprise it's 15 000 a
41688.24 -> month so i said starting yet because
41690.56 -> it's dependent on your usage okay
41693.276 -> so let's just look at developer business
41694.88 -> enterprise here because basic's not
41696.48 -> going to be applicable here so for
41698.72 -> developers 29 usd a month or three
41701.84 -> percent of the monthly database usage
41703.52 -> which whichever is greater on the exam
41705.68 -> they're only going to ask you like is it
41706.96 -> 29 100 like generally do you know the
41709.756 -> tier of expensiveness but they're not
41711.52 -> going to ask you the percentage of usage
41713.36 -> okay there's not going to be formulas
41714.64 -> here
41715.52 -> when you get into business it's a little
41716.96 -> bit different where they have it in
41718.56 -> different brackets so it's going to be
41720.32 -> 10 for the first uh 10 000 and the next
41723.68 -> is going to be the next 7 000 stuff like
41725.52 -> that similar for enterprise as well so
41727.916 -> let's just do some math so we know that
41730.08 -> we understand how this works so
41732.24 -> if you if you had a monthly spend of
41734.24 -> 500. at the developer tier that's three
41736.8 -> percent of five hundred is fifteen
41738.48 -> dollars so they go okay what is greater
41740.48 -> twenty nine dollars or fifteen dollars
41741.84 -> so you're paying twenty nine dollars if
41743.84 -> your spend is a thousand dollars that
41745.596 -> comes up to thirty dollars uh so you're
41747.756 -> gonna end up paying thirty dollars
41749.36 -> because that's greater than 29 okay for
41752 -> business if your monthly spend is a
41753.596 -> thousand that's ten percent of a
41754.8 -> thousand that's a hundred dollars if
41756.48 -> your spend is five thousand then you're
41758.32 -> going to be paying 500 if your monthly
41760.4 -> spend is 12 000 then the first 10
41763.116 -> percent of a 10 000 is a thousand and
41766.64 -> then the next is seven percent of two
41768.08 -> thousand so your total bill is 140 usd
41771.436 -> we're not going to do a calculation for
41772.72 -> enterprise because the same for business
41774.32 -> but hopefully that gives you an idea
41775.68 -> there okay
41779.92 -> [Music]
41781.116 -> hey it's andy brown from exam pro and we
41782.96 -> are taking a look at a technical account
41784.8 -> manager also known as a tam and these
41786.8 -> provide both proactive guidance and
41788.64 -> reactive support to help you succeed
41790.56 -> with your aws journey so what does atam
41794.16 -> do and this is straight from a database
41796.16 -> job posting
41798 -> what they would do is build solutions
41799.596 -> provide technical guidance and advocate
41801.36 -> for the customer
41802.88 -> ensure aws environments remain
41804.56 -> operationally healthy while reducing
41806.88 -> costs and complexity
41808.8 -> develop trusting relationships with
41810.32 -> customers understanding their business
41811.68 -> needs and technical challenges
41813.84 -> using your technical uh acumen and
41816.24 -> customer obsession you'll drive
41818.08 -> technical discussions regarding
41819.52 -> incidents trade-offs risk management
41821.916 -> consult with a range of partners from
41823.52 -> developers through the c-suite
41824.96 -> executives collaborative with adwords
41827.52 -> solutions architect business developers
41829.68 -> professional service consultants and
41831.84 -> sales account managers proactively find
41834.32 -> opportunities for customers to gain
41835.916 -> additional value from aws
41837.84 -> provide detailed reviews of service
41839.68 -> disruptions metrics detailed pre-launch
41841.52 -> planning
41842.88 -> being a part of a wider enterprise
41845.04 -> support team providing post-scale con uh
41848.72 -> consolidative expertise
41850.64 -> solve a variety of problems across
41852.48 -> different customers as they migrate
41854 -> their workloads to the cloud
41855.84 -> uplift customer capabilities by running
41857.916 -> workshops brown bag sessions brown bag
41860 -> sessions being a sessions that occur at
41862.16 -> lunch time something you can learn in 30
41864.08 -> minutes an hour and so one thing that's
41866.4 -> really important to understand is that
41867.756 -> tams follow the amazon leadership
41869.68 -> principles especially about customer uh
41872.16 -> being customer obsessed and we do cover
41874.08 -> the amazon leadership principle
41876 -> somewhere in this course and tams are
41878.24 -> only available at the enterprise support
41879.916 -> tier so hopefully that gives you an idea
41881.36 -> what a tam does
41882.75 -> [Music]
41886.8 -> hey this is andrew brown from exam pro
41888.56 -> in this follow along i'm going to show
41890 -> you um database support and in order to
41892.56 -> use ada support or to change your level
41895.04 -> of support you're going to need to be
41896.8 -> logged into the root account i should
41898.32 -> say you can use support with im users
41901.52 -> but if you want to change the support
41902.64 -> plan you're going to have to be the root
41904.08 -> user so the top right corner i'm going
41905.68 -> to support
41906.8 -> and notice here on the left hand side
41908.64 -> right now i have a basic plan
41911.116 -> and so before we look at changing our
41913.2 -> plan i'm just going to go create a case
41915.596 -> and we're going to just take a look
41918.56 -> at some of the options that are open to
41919.84 -> us so we have account billing support
41921.84 -> service limit increase technical support
41923.596 -> notice this is grayed out so we cannot
41926.4 -> select anything here
41928 -> i can go to here and increase our
41930.08 -> service limit
41931.52 -> and this is something that you might
41932.8 -> have to do pretty soon earlier in your
41934.56 -> account you might say hey i need more of
41936.48 -> something like ec2 or a very common
41939.116 -> thing is ses
41940.56 -> so for ses you might say hey
41942.8 -> i need to have this amount of emails for
41945.756 -> etc okay
41947.436 -> so um if we go over to account and
41949.596 -> billing support uh we can go here and
41951.756 -> ask anything we want so if it's about
41953.436 -> the free tier i could say
41955.36 -> ask the general question getting started
41957.596 -> and saying
41958.64 -> uh what is free on aws
41962.96 -> um
41964 -> i want to know
41966.32 -> what is free on aws
41968.72 -> and you can attach three attachments
41971.116 -> there you can choose via web
41973.276 -> and phone which is really nice um but
41975.52 -> today i'm just going to do web here and
41977.04 -> submit that just to kind of show you
41978.56 -> that as an example and so what that is
41980.8 -> going to do is open a case and then we
41982.48 -> will see probably respond
41984.4 -> in 24 hours to 48 hours just depends on
41988.32 -> whether it's the weekend or not because
41989.756 -> it's based on business hours of course
41992.48 -> so now that we have an understanding of
41994.72 -> basic let's go take a look at what the
41997.04 -> other tiers look like so we have basic
41998.72 -> developer business and enterprise
42000.32 -> enterprise being extremely expensive
42002.4 -> developer being affordable and then
42004.32 -> business being um you know affordable
42006.4 -> for businesses so i would say developer
42008.48 -> is okay it gives you um
42011.68 -> it gives you better support but it's all
42013.916 -> via email and so you know if you really
42016.48 -> want good support you're gonna have to
42017.916 -> pay the business one and that's the one
42019.596 -> that i use quite a bit so if i change my
42021.756 -> plan i'm gonna go over to business and
42023.436 -> this is gonna cost me 93 bucks just to
42025.436 -> do to show you here today
42027.36 -> so i'm going to go ahead and click that
42028.88 -> and so it's now processing it
42031.68 -> and so what's going to happen is
42033.84 -> i'm going to have to wait for this basic
42035.52 -> to switch to business because if i go to
42036.96 -> the case here it hasn't happened as of
42039.2 -> yet
42040 -> so notice i cannot select this so i'm
42042.48 -> going to see you back here it may be
42043.84 -> like four or five minutes or however
42045.68 -> long it takes and we'll take a look then
42047.276 -> okay great so after a few minutes it
42049.116 -> says my plan is now business and what i
42051.04 -> can do is go ahead and create a new case
42053.04 -> and so i can go over to technical
42054.32 -> support and ask a question so if i was
42056.48 -> having issues with anything it doesn't
42058 -> matter what i could go over to ec2
42060.56 -> linux and then i could choose my
42062.16 -> category so i could say i'm having an
42064.24 -> issue with um
42066.4 -> systems manager
42068.56 -> and
42069.36 -> a lot of times they like you to provide
42070.56 -> the instance id it's going to change
42072.24 -> based on what service you choose here
42074.56 -> but you'll get different information
42075.68 -> i'll just say
42076.72 -> i need help
42079.04 -> with
42079.61 -> [Music]
42081.36 -> logging into my ec2 instance managed by
42085.436 -> ssm
42086.56 -> so i could say i created an ec2 instance
42090.4 -> and i am attempting to access
42094.4 -> the instance via
42096.96 -> sessions manager
42099.276 -> but it is not working
42102.08 -> i think i have a role issue and then i'm
42104.8 -> just going to go down here and say
42106.72 -> this is not a real question
42110.32 -> i
42111.436 -> am filming a demo video for a tutorial
42115.916 -> video
42119.52 -> on how to use support okay and so once
42122.64 -> we do that we have the option of web
42124.32 -> chat and phone so if you use phone
42126.48 -> you're going to enter your phone number
42127.68 -> in and they're going to call you back
42130.16 -> usually you'll be on hold for
42132.72 -> anywhere for five minutes to an hour it
42134.96 -> just depends usually it's within 15
42136.64 -> minutes so it's very good of course it
42138.32 -> depends on the time of day and your
42139.756 -> location things like that and the
42141.2 -> service because there's different
42143.2 -> support engineers for different types of
42145.04 -> services and the the balance of those
42147.52 -> are different but generally chat is
42149.596 -> pretty good so i can go here and i'm
42151.116 -> just going to hit submit and it's going
42152.64 -> to open a chat box and so you just wait
42155.52 -> okay
42156.96 -> and sometimes it's super fast and
42159.04 -> sometimes it takes uh minutes okay so
42162.72 -> we are going to just sit here for a bit
42165.116 -> and um you know i'll just pop back here
42168.08 -> when there is somebody to talk to okay
42171.276 -> okay so after waiting a little while
42172.8 -> looks like uh we've been connected here
42174.64 -> so it took a bit of time so we're just
42176.8 -> going to say hello hi umair
42179.436 -> this is andrew brown
42182.64 -> i am recording a video to teach people
42186.72 -> how to use aws
42189.116 -> and i wanted to show them
42191.756 -> how it was support works
42197.2 -> so i'm just showing them
42200.08 -> how the chat system works
42204.08 -> say hello
42211.116 -> and hopefully they'll appreciate or they
42213.2 -> won't it just doesn't really matter
42224.64 -> we'll give them a moment
42238.56 -> there we go
42242.4 -> that's it
42245.276 -> thanks for your help
42248.08 -> okay so that's pretty much it um so
42250.72 -> you know there's nothing really uh
42252.88 -> special about that but the idea is when
42254.24 -> you are typing with them it will appear
42256.56 -> in the correspondence there so i'm just
42258.08 -> going to end the chat
42259.84 -> okay
42261.116 -> and then i'm just going to mark that
42262.16 -> case as result sometimes they will ask
42264.16 -> you to resolve it
42266.16 -> if i go to cases i probably have some
42267.68 -> previous ones here um and i have a lot
42270.24 -> but i don't know why they don't all show
42271.436 -> up here so you can see this one is
42273.436 -> pending this one is resolved i go back
42275.52 -> to this one you can kind of see that the
42277.756 -> history of a conversation is kept and
42279.84 -> you can go back and forth
42281.68 -> with the people there
42283.2 -> um yeah that's pretty much it you can
42285.2 -> also do screen sharing so they might
42287.276 -> send you a request to go on zoom or
42289.756 -> download this piece of software that
42291.116 -> shares your screen and so that is
42293.116 -> another option as well so they can get
42294.88 -> pretty hands-on to help you
42297.276 -> with your problems there but that's
42298.64 -> pretty much all i wanted to show you
42299.916 -> with support i'm going to downgrade this
42301.84 -> and i'm not sure if they're going to
42302.8 -> give you back my money sometimes they'll
42304.16 -> prorate it for you but i'm going here
42306 -> and go back to basic
42307.596 -> um so we will also refine your credit
42309.68 -> card directly in the month's remaining
42311.436 -> fees on your old plan which you
42313.52 -> previously paid you're obligated to pay
42315.436 -> a minimum of 30 days of support each
42317.436 -> time you register so i'm not going to
42319.04 -> get any money back which is totally fine
42320.88 -> because i just wanted to show you how
42322.08 -> that works but business support is
42323.436 -> definitely worth it
42325.04 -> and uh you know that's it
42327.42 -> [Music]
42332.24 -> so the aws marketplace is a curated
42334.24 -> digital catalog with thousands of
42336.24 -> software listings from independent
42337.756 -> software vendors uh easily find buy test
42340.8 -> and deploy software that already runs on
42342.56 -> abs the product can be free to use or
42344.96 -> can have an associated charge the charge
42347.116 -> becomes part of your abs bill and once
42349.04 -> you pay database market pays the
42351.04 -> provider the sales channel for isv and
42353.52 -> consulting partners allow you to sell
42355.04 -> your solutions to other awes customers
42357.436 -> products can be offered such as amis it
42360.24 -> is confirmation templates software the
42362.08 -> service offerings web acls ableist laugh
42364.96 -> and rules so it sounds great um if you
42367.52 -> want to sell here i think you need like
42369.04 -> a u.s bank account to do it um and you
42372.4 -> know sometimes database marketplace is
42373.84 -> just part of aws so like when you're
42376 -> using the ec2 marketplace you are
42377.596 -> technically using the aws marketplace
42380 -> but they also have like a dedicated page
42382 -> for it so it's integrated with some
42383.36 -> services and it's also standalone okay
42386.39 -> [Music]
42390.48 -> hey this is andrew brown from exam pro
42392.32 -> in this follow along we're going to take
42393.36 -> a look at the adabus marketplace so what
42395.52 -> i want you to do is go to the top and
42396.8 -> type in marketplace and that will bring
42399.04 -> us over to here the marketplace can be
42401.2 -> found in a variety of different places
42402.64 -> on the platform here you can see that uh
42404.56 -> previously it was using something called
42406.56 -> guacamole bastion host to launch a
42408.8 -> server
42409.756 -> but the idea is that um you can discover
42411.916 -> products and subscriptions that you
42413.36 -> might want to utilize so if i go over
42415.68 -> here there's a variety of different
42418.16 -> things
42419.68 -> and so it could be like i want to have
42422.48 -> something like a firewall that might be
42425.116 -> something that we might be interested in
42426.64 -> so we can search there and there's like
42428.24 -> bring your own license firewall so maybe
42429.916 -> you have a license with this and you
42431.68 -> want to run it on an ec2 instance
42434.08 -> something like that
42435.52 -> again it's not like super complicated uh
42437.84 -> what's going on here but a lot of times
42439.52 -> you know when you're using services
42440.72 -> you're accessing the marketplace anyway
42443.116 -> so like when i'm launching an ec2
42445.04 -> instance
42446.96 -> noticeable on the left-hand side is
42448.32 -> 8-bit marketplace and so i don't have to
42449.84 -> go to the marketplace there i can just
42451.04 -> kind of like check out the thing i want
42453.916 -> and that's pretty much all there really
42455.116 -> is to it okay so you know hopefully that
42457.116 -> makes sense
42458.03 -> [Music]
42461.756 -> well let's take a look here at
42462.8 -> consolidated billing so this is a
42464.56 -> feature of abuse organizations that
42466.24 -> allows you to pay for multiple accounts
42468.08 -> via one bill
42469.68 -> so the idea here is we have a master
42471.916 -> account and we have member accounts and
42473.916 -> i'm pretty sure that we probably call
42475.2 -> this root account now i don't think
42477.116 -> account might be a dated term but it's
42478.4 -> still showing up in the documentation
42480.08 -> the idea is that if you have member
42481.436 -> accounts within your organization
42483.2 -> they're all going to be consolidated
42484.48 -> under the single account if you have an
42486.24 -> account outside of your organization
42488.88 -> you know this is not going to give you
42490.96 -> this is going to be basically a separate
42492.4 -> bill
42493.436 -> as if it's like a standalone
42494.64 -> organization or what have you okay
42498 -> so
42498.8 -> for billing aws treats all accounts in
42500.72 -> an organization as if they were one
42502.48 -> account you can designate one
42505.52 -> master or root account that pays the
42507.436 -> charges for all the other member
42508.8 -> accounts consolidate billing is offered
42510.72 -> at no additional cost you can use cost
42513.68 -> explorer to visualize usage for
42515.596 -> consolidated billing which we can see i
42517.756 -> have the icon here
42519.276 -> you can combine the usage across all
42521.116 -> accounts in the organization to
42523.52 -> to share the volume pricing discount
42525.116 -> which we did cover in this course
42526.16 -> separately if you want an account to be
42528.72 -> able to leave the organization you do
42530.72 -> have to attach it to a new payment
42532.4 -> method so if let's say you had an
42534.56 -> account and you want to give it to your
42535.916 -> friend or whatever they have to hook up
42537.2 -> their cred their credit card but you can
42538.64 -> totally have
42540 -> an account leave an organization but you
42541.916 -> have to deal with that billing aspect
42543.756 -> okay
42547.46 -> [Music]
42549.52 -> all right so there's a really cool way
42551.04 -> to save an aws and that's through volume
42552.96 -> discounts and it's available for many
42554.48 -> services the more you use the more you
42556.24 -> save is the idea behind it um and so
42558.72 -> consolidating billing lets you take
42560.08 -> advantage of volume discounts this is a
42562.24 -> particular feature of database
42563.436 -> organization so if you do not have the
42565.04 -> orgs turned on you're not going to be
42566.72 -> able to take advantage of that okay
42568.72 -> so one example would be something like
42570.24 -> data transfer where it is billed for the
42573.116 -> first 10 terabytes at 17 cents or sorry
42576.72 -> point 17 cents and then the next 40
42580.24 -> terabytes it will be at point 13 cents
42582.88 -> okay so if we had two accounts um such
42585.84 -> as odo and dax and they're not with an
42588.08 -> ableist organization we can calculate
42590 -> those and see what they are
42591.04 -> unconsolidated and just so you know one
42593.2 -> terabyte equals 1.024 gigabytes and
42595.52 -> that's what we're going to see in these
42596.48 -> calculations so for odo uh you know if
42598.96 -> he has four terabytes and that is uh
42601.52 -> we calculate the gigabytes there we
42603.276 -> times it by
42604.56 -> uh the um set value there we're going to
42607.04 -> get 696 dollars okay
42609.916 -> for dax we're going to end up with uh
42612.48 -> about 13.92 there and so if we were to
42615.436 -> add those up the bill would come out to
42618.08 -> 2088
42620.48 -> okay so the idea is that there's an
42622.24 -> organization and they like your company
42624.72 -> and they created two accounts but
42626.24 -> they're just not within an organization
42628 -> by having them in the organization
42629.52 -> you're gonna save um about almost eighty
42632.72 -> dollars there so
42634.64 -> um that is a reason why you'd want to
42636.64 -> use volume discounts okay
42638.36 -> [Music]
42642.24 -> hey this is andrew brown from example
42644 -> and we're taking a look at abyss trusted
42645.68 -> advisor so trusted advisor is a
42647.436 -> recommendation tool which automatically
42649.596 -> and actively monitors your aws accounts
42651.596 -> to provide actual recommendations across
42654.32 -> a series of categories so this is what
42656.8 -> it looks like i personally prefer the
42658.56 -> older dashboard but this is what they
42660.08 -> have now and you can see along the side
42662.08 -> we have a bunch of categories and then
42663.916 -> we have some checks here saying uh you
42666.16 -> know what are we meeting what are we not
42667.916 -> and you can go in and read each one and
42670.64 -> they'll tell you so much information
42672.08 -> they'll even show you like what things
42674.56 -> are not meeting that requirements in
42676.16 -> some case you can easily remediate by
42677.84 -> pressing a button not in all cases but
42680.16 -> the thing with the ambush trust advisor
42681.52 -> is think of its trusted advisor like an
42683.68 -> automated checklist of best practices on
42685.68 -> aws
42686.96 -> and they kind of map to
42688.88 -> the pillars of the well-architected
42690.16 -> framework not exactly but pretty close
42692.24 -> but there are five categories of aws
42693.916 -> trusted advisor
42695.52 -> so we have cost up to imagine station
42697.756 -> how much money can we save
42699.84 -> performance so how can we improve
42701.916 -> performance security how can we improve
42703.68 -> security fault tolerance how we can we
42706 -> prevent a disaster or data loss and
42709.2 -> service limits so are we going to hit
42711.596 -> the maximum limit for a service
42714.32 -> and so the next thing we need to discuss
42716.48 -> is
42717.36 -> um there is a variation of the amount of
42719.84 -> checks that are available to you based
42721.116 -> on your support plan so you know if
42723.36 -> you're using basic or developer you have
42725.04 -> seven trusted advisor checks and if you
42727.36 -> have business enterprise you have all
42728.96 -> the trusted advisor checks so
42731.52 -> if we're talking about just the ones
42732.8 -> that are available to you the ones that
42733.916 -> come for free is mfa on root account
42736.24 -> security groups specified ports of
42737.756 -> unrestricted amazon s3 bucket
42739.596 -> permissions amazon ebs public snapshots
42742.64 -> amazon rds public snapshots imu so
42746 -> this is just about alerting you about
42747.436 -> discouraging the use of the root account
42749.68 -> service limits so all service limits
42751.916 -> checks are free um it's weird because
42754.08 -> they call it the like seven security
42756.24 -> checks but if you counted all the
42757.916 -> service limits it'd obviously be too
42759.52 -> large of a number but notice that one
42761.52 -> through six are all security checks so
42764 -> you're not getting anything from the
42765.04 -> other tiers just the security tier and
42767.84 -> what i want to do is just go over
42770.24 -> a bunch of available checks out there
42772.72 -> it's probably not the full list because
42774.16 -> i couldn't even be bothered to update it
42775.596 -> if they've added more but it'll give you
42777.36 -> a general idea of what you could expect
42778.88 -> under each category so for cost
42780.48 -> optimization
42782.08 -> it could be things like looking at idle
42783.84 -> load bouncers so you know if you have
42786.4 -> load balancers you're not using you're
42787.68 -> paying for them so get rid of them
42789.436 -> unassociated elastic ip addresses so for
42792.16 -> every ip that's not associated you're
42793.68 -> paying for as well maybe under
42795.52 -> performance you have high utilization of
42797.916 -> amazon ec2 instances so maybe you can
42800.4 -> save money by switching to smaller
42802.32 -> instances under security we saw mfa on
42804.96 -> root account very popular one making
42807.116 -> sure you turn on key rotation could be
42809.116 -> something as well there
42811.116 -> under fault tolerance
42813.116 -> it could be making sure that you're
42814.4 -> using backups on your amazon rdes
42816.16 -> database maybe that's turned off uh for
42818.88 -> service limits there's just a ton of
42820.56 -> them and so uh one that that you know
42823.2 -> might be pertinent to use vpcs or ec2
42825.756 -> limits so there you go
42830.45 -> [Music]
42831.756 -> hey this is andrew brown from exam pro
42833.436 -> and we're going to take a look at
42834.64 -> trusted advisors so what i want you to
42836.48 -> do is go to the top and type in trusted
42838.08 -> advisor
42839.916 -> and once you're there you're going to
42841.276 -> notice on the left hand side we have
42842.48 -> cost optimization performance security
42844.4 -> fault tolerance and service limits right
42846.4 -> now there are no recommended actions
42848.16 -> because there's not much going on this
42849.36 -> account and when you uh have the uh free
42852.8 -> level of support the basic support
42854.24 -> you're not going to have all these
42855.2 -> checks but if we go in here we can still
42857.36 -> see kind of what they do
42859.68 -> so we have like performance security
42862.08 -> things like that so these are the ones
42863.68 -> that we actually can see and they
42865.596 -> generally work all the same way if you
42867.52 -> expand here it's going to say amazon ebs
42870.08 -> public snapshot so check the permission
42871.68 -> settings for the ebs volume snapshots
42874.24 -> and alert you if the any snapshots are
42876.56 -> marked as public
42877.916 -> and so if you scroll on down if there
42880 -> were ones that were an issue it would
42881.756 -> tell you right here
42883.84 -> okay
42884.8 -> then down below here we see like check
42886.72 -> buckets in amazon s3 that have open
42889.04 -> access permissions or allow access to
42891.52 -> authenticated database users
42893.68 -> so yellow the acl allows
42896.64 -> list access for everyone
42898.88 -> a bucket policy allows for any kind of
42900.64 -> open access bucket police statements
42902.16 -> have public grant access so maybe what
42904.56 -> we can do is to see if we can get this
42906.16 -> to trigger
42907.916 -> and so what i'm going to do here is go
42910.08 -> over to s3 and what we're going to do is
42912.48 -> make a
42913.436 -> bucket that has a full axis okay
42916.08 -> so i'm going to create a new bucket and
42917.36 -> we'll say my exposed bucket
42921.52 -> we'll scroll on down here and we'll just
42923.116 -> check box that off and create the bucket
42926 -> let's say i acknowledge that is totally
42927.756 -> fine
42930.08 -> okay so now i have a bucket that is 100
42932.96 -> exposed if we go back to trusted advisor
42934.72 -> give this a refresh
42936.64 -> i'm not sure how fast it will show up
42938.32 -> here but if i expand
42940.96 -> so it says the bucket acl allows upload
42944.48 -> delete for everyone the trusted advisor
42946.56 -> does not have permissions to check the
42947.916 -> policy
42949.36 -> uh bucket policy statements that grant
42951.116 -> public access
42953.436 -> so what we could try to do is make a
42956.72 -> policy
42962.32 -> and try to grant all access here so
42965.2 -> i'm not writing these every single day
42966.4 -> but i'm sure we could try to figure this
42968 -> out
42970.4 -> um
42973.916 -> we'll say s3 bucket policy public access
42978.64 -> public read
42986.96 -> and so that one might be a good example
42988.88 -> so i'm going to go ahead and copy this
42990.08 -> one granting read only permission to
42991.596 -> anonymous users
42993.756 -> i don't recommend you doing this i'm
42995.276 -> just doing this to show you to see if we
42996.8 -> can get the trusted advisor to check
42998.56 -> because i don't want you to
42999.916 -> do this and forget about it and then
43001.36 -> have a serious issue but the principle
43003.276 -> is set to anybody so anyone can read it
43006.08 -> here it's saying get object etc then
43008.32 -> it's saying what particular resource so
43010.32 -> this one is going to be for
43012.56 -> the bucket in question here which is my
43014.8 -> exposed
43016.48 -> bucket
43018.72 -> we're going to scroll on down save the
43020.24 -> changes
43022 -> okay so this bucket is publicly
43023.68 -> accessible we're going to go back over
43025.596 -> here refresh and see what we can see
43031.52 -> okay so checks buckets in s3 etc so it
43035.276 -> should appear under here
43038.56 -> and it could be that it's just going to
43039.68 -> take some time so what i'm going to do
43041.52 -> is i'm just going to hang tight for a
43043.116 -> little bit oh there we go okay
43045.756 -> so it's showing up and i guess it just
43047.68 -> took some time to populate and so here
43049.596 -> we can see we have a yellow symbol it's
43051.68 -> a warning saying hey there's a problem
43053.756 -> here if we go back to the dashboard i
43055.596 -> wonder if that shows up so this one's
43056.88 -> for investigation and recommendation
43059.68 -> so you know hopefully that kind of makes
43061.436 -> sense to you i think in some cases you
43063.36 -> can do remediation from
43065.596 -> from here or at least you can go and
43067.116 -> check box and say okay um
43069.756 -> excuse me ignore
43071.756 -> gonna swore there's remediation for some
43073.52 -> of these
43075.916 -> but in any case you know that's
43077.596 -> generally what trusted advisor does
43080.48 -> i think that you probably can have it so
43082.16 -> it gives you alerts
43084.08 -> so yeah you could set recipients for
43085.756 -> particular things like if there's a
43086.96 -> security issue that i could email a
43089.116 -> particular person on your team and they
43090.64 -> could deal with it but that's pretty
43092.08 -> much it so what i'm going to do is go
43093.436 -> ahead and delete this bucket i'm all
43094.8 -> done with it
43097.116 -> we'll go delete
43099.916 -> and say my delete my exposed bucket here
43102.48 -> to delete it
43104 -> and that is it okay
43108.68 -> [Music]
43112.64 -> let's cover the concepts of service
43114.56 -> level agreements also known as slas so
43116.96 -> an sla is a formal commitment about the
43118.88 -> expected level of service between a
43120.4 -> customer provider when a service level
43122.56 -> is not met and if customer meets its
43124.32 -> obligation under the sla customer will
43126.16 -> be eligible to receive compensation so
43128.48 -> financial or service credits and so when
43130.96 -> we talk about slas then we talk about
43132.56 -> sli so at sli service level indicator is
43135.68 -> a metric or measurement that indicates
43137.52 -> what measure performance a customer is
43139.116 -> receiving at a given time
43141.04 -> a sli metric could be uptime performance
43143.436 -> availability throughput latency error
43145.2 -> rate durability correctness
43147.116 -> and if we're talking about sli's then
43148.48 -> we're talking about slos service level
43150.4 -> objectives so the objective that that
43152.32 -> the provider has agreed to meet as wells
43154.56 -> are represented as a specific target
43156.24 -> percentage over a period of time
43158.64 -> and so an example of a target percentage
43161.52 -> would be something that says
43163.04 -> availability sla of 99.99
43166.24 -> in a period of three months all right
43168.8 -> and let's just talk about target
43170 -> percentages in the way they can be
43171.596 -> represented very common ones we will see
43173.68 -> is 99.95 percent 99.99
43178.56 -> uh then we have 99 followed by nine
43182.16 -> nines and so commonly we just say we
43184.64 -> call this nine nines okay and then
43186.56 -> there's one
43187.68 -> nine elevens so if somebody says we have
43189.84 -> an sla guaranteeing of of 911s it's
43192.64 -> going to be the 99 followed by 0.911s
43195.916 -> all right
43196.83 -> [Music]
43201.276 -> let's take a look at abus service level
43203.116 -> agreements and so there are a lot of
43204.96 -> them and i just wanted to show you a few
43207.596 -> services to give you an idea how they
43209.596 -> work
43210.64 -> on the exam they're not going to ask you
43212 -> like oh what's dynamodb's sla for global
43214.88 -> tables
43216.16 -> but generally we should just go through
43217.36 -> this because it's good practice so let's
43218.96 -> take a look at dynamodb sla so abyss
43221.116 -> will use commercially reasonable efforts
43222.88 -> to make dynamodb available with a
43224.96 -> monthly uptime percentage of each aws
43227.116 -> region during any monthly billing cycle
43230.08 -> so for a at least
43231.96 -> 99.999 percent if global tables sla
43234.64 -> supplies or 99.99 if the standard sla
43239.116 -> applies in the event dynamodb does not
43241.2 -> meet the service commitment you'll be
43242.88 -> eligible to receive service credits
43244.64 -> described below so we have monthly
43246.88 -> uptime percentage and the service credit
43248.4 -> percentage we get global tables standard
43250.96 -> tables so let's take a look here
43253.276 -> so if less than 99.999 but equal to or
43257.116 -> greater than
43258.2 -> 99.0 percent is met so if if the service
43262 -> ends up being this you'll get 10
43264.08 -> back of what you spent as service
43265.916 -> credits
43266.88 -> if it drops between
43268.56 -> 99.0 and 95.0 you get 25 percent back if
43272.56 -> it's less than 95
43274.4 -> percent
43275.52 -> um then it's a hundred percent back
43278.32 -> okay and you get the general idea here
43279.84 -> sla is going to be slightly different
43281.36 -> with their drops now let's take a look
43283.36 -> at um a compute so compute is going to
43285.916 -> apply across a bunch of compute services
43289.116 -> probably because they're all using ec2
43290.64 -> underneath so that's probably the reason
43292.4 -> for it so we have ec2 ebs ecs eks and
43297.436 -> abus makes two sla commitments for the
43300.08 -> included services so we have a region
43302.16 -> level sla that governs included services
43305.116 -> deployed across multiple azs or regions
43307.52 -> and an instance level sla that governs
43309.276 -> amazon ec2 instances individually
43312.08 -> and again we have our monthly up time
43313.916 -> percentage our service credit percentage
43316 -> region and instance level so you can
43318.4 -> just see the same thing it's like it's
43320 -> going to change based on uh what it can
43322.8 -> meet then we'll take a look at one more
43324.8 -> like rds so relational database uh
43327.68 -> service so abs will use commercially
43330.48 -> reasonable efforts to make multi-az
43332.16 -> instances available with monthly uptime
43333.84 -> percentage of 99.95 during any monthly
43336.8 -> billing cycle
43338 -> and again you know if if they don't meet
43339.68 -> those requirements you're gonna get
43340.64 -> service credits back which basically
43342 -> equal usc dollars on the platform and so
43345.04 -> for this it looks like that so just
43346.8 -> notice that you know with comp like
43348.32 -> compute it was for a a bunch of services
43350.96 -> for dynamodb it was based on uh
43353.276 -> particular features like global standard
43354.96 -> tables sla it's very straightforward uh
43358.16 -> we didn't do s3 because i just did not
43360 -> want to show you that one it's just too
43361.52 -> complicated but my point is is that it's
43363.276 -> going to vary so you have to look up per
43365.2 -> service okay
43366.33 -> [Music]
43370.64 -> hey this is andrew brown from exam pro
43372.48 -> and we're taking a look at amazon's
43374.4 -> service level agreements and so the way
43376.48 -> you find slas is you're pretty much just
43379.04 -> typing sla for whatever it is so if
43380.72 -> you're looking for compute you type in
43382.24 -> sla or you look for a particular service
43384.4 -> so maybe you say sage maker
43387.52 -> aws i don't think there's like a generic
43389.36 -> sla page at least i don't know where it
43391.596 -> is i always just type in sla to find
43393.276 -> what it is and through that you can just
43394.88 -> kind of read through and try to find out
43397.276 -> uh the things that that matter to you
43399.276 -> for your business okay
43401.48 -> [Music]
43405.436 -> let's take a look here at the service
43407.276 -> health dashboard and so the service
43409.116 -> health dashboard shows general status of
43411.2 -> aws services it's really simple the idea
43414.16 -> is that you can check based on
43416.64 -> the geographic area so you'd say north
43418.48 -> america europe etc and what you'll see
43421.36 -> is an icon that says whether the service
43423.04 -> is in in good standing and the details
43425.68 -> whether the service is operating
43426.8 -> normally etc notice they also have an
43428.8 -> rss feed the reason i'm talking about
43430.56 -> service health dashboards is because i
43432 -> want to talk about personal health
43433.36 -> dashboards and because they're both
43435.116 -> called health dashboards it's confusing
43437.116 -> so i wanted to tell you about this one
43438.64 -> first so now we'll jump into the aws
43440.96 -> personal health dashboard
43446.16 -> so we saw the service health dashboard
43448.72 -> now let's take a look at the adabus
43450.24 -> personal health dashboard so this is
43452.48 -> what it looks like and it provides
43454.32 -> alerts and guidance for it events that
43456.08 -> might affect your environment all airbus
43458.32 -> customers can access the personal health
43460 -> dashboard the personal health dashboard
43461.916 -> shows recent events to help you manage
43463.84 -> active events and show proactive
43465.756 -> notifications so that you can plan for
43467.596 -> scheduled activities you you can use
43470.32 -> these alerts to get notified about
43471.84 -> changes that can affect your invoice
43473.116 -> resources and then follow the guidance
43474.96 -> to diagnose and resolve the issue so
43478.24 -> this is very similar to the service
43480.24 -> health dashboard but it's personalized
43481.756 -> for you
43482.72 -> um and it's you know i i don't see it
43485.84 -> crop up very often but if you had to
43488 -> create alerts or be reactive to uh
43490.8 -> things that are happening within your
43492 -> bus this is where you do it okay
43493.82 -> [Music]
43498.32 -> so there's a team called aws trust and
43500.88 -> safety that specifically deals with
43502.4 -> abuses occurring on the abyss platform
43504.72 -> and so i'm going to just list of all the
43506.32 -> cases where you'd want to be contacting
43508.16 -> them as opposed to support so the first
43510.32 -> is spam so you're receiving unwanted
43512.24 -> emails from an abus owned ip address or
43514.16 -> abus resources are used to spam websites
43516.32 -> or forms port scanning your logs show
43518.8 -> that one or more aws owned ip addresses
43520.8 -> are sending packets to multiple ports on
43522.72 -> your server
43524.16 -> you also believe this is an attempt to
43526.16 -> discover unsecured ports uh dos attacks
43528.96 -> so your logs show that one or more
43530.4 -> italy's owned ip addresses are used to
43532.08 -> flood ports on your resources with
43533.756 -> packets you also believe this is an
43535.52 -> attempt to overwhelm or crash your
43536.96 -> server or the software running on your
43538.72 -> server intrusion attempts so your logs
43541.116 -> show that one or more adidas owned ip
43542.72 -> addresses are used to attempt to log
43544.32 -> into your resources
43546 -> hosting prohibited content so you have
43547.916 -> evidence that abyss resources are used
43549.52 -> to host or distribute prohibited content
43551.36 -> such as illegal content or copyrighted
43553.2 -> content without the consent of the
43554.8 -> copyright holder distributing malware so
43557.436 -> you have evidence that abus resources
43559.04 -> are used to distribute software that was
43560.56 -> knowingly created to compromise
43562.88 -> or cause harm to computers machines that
43564.96 -> it's installed on and so in any of these
43567.596 -> cases you're not going to it with
43569.2 -> support you're going to open up an abuse
43571.52 -> ticket and so you got to contact abuse
43573.596 -> at
43574.84 -> amazonatabus.com or fill out the
43578.24 -> amazon abuse form so and this is whether
43581.756 -> it's coming from
43583.276 -> an outside ableist account or even your
43585.2 -> internally if you think that somehow
43587.116 -> someone has a compromise your account
43588.4 -> and it's being used any of these ways
43590.48 -> this is what you're going to do okay
43592.4 -> [Music]
43596.72 -> hey this is andrew brown from exam pro
43598.56 -> and we're looking at awsw so uh we were
43601.04 -> saying that database has the itabus
43602.56 -> trust and safety team and what you'll
43605.116 -> want to do is if you find that there's
43607.276 -> an issue you're going to report it to
43608.96 -> this email at abuse at amazon.com or
43611.36 -> you're going to use this form which is
43613.276 -> the report amazon it was abuse so you'll
43615.52 -> go down here you'll sign in you'll put
43617.276 -> your email in your first name last name
43618.72 -> org phone number um the source ip the
43621.916 -> the details uh
43623.756 -> in here you can even select the type of
43625.916 -> abuse so you say if it's this kind or
43627.916 -> that kind things like that it's very
43629.756 -> straightforward and that's pretty much
43631.68 -> it okay
43632.67 -> [Music]
43636.72 -> hey this is andrew brown from exam pro
43638.56 -> and we are taking a look at the aws free
43640.24 -> tier and this allows you to use database
43642.4 -> at no cost um and when we say free tier
43644.88 -> there there there's the idea of the
43647.04 -> first 12 months of sign up there's going
43648.64 -> to be special offerings or it's free
43651.04 -> usage up to a certain monthly limit
43652.8 -> forever
43654.32 -> and then there's just services that are
43655.756 -> inherently free which we have a total
43657.596 -> separate slide on but let's talk about
43659.04 -> just the free tier stuff and this is
43661.276 -> absolutely not the full list but it's a
43664.08 -> good idea like it gives you a good
43666.24 -> overview of stuff that is free so for
43668.88 -> ec2 which you use for a web server you
43670.8 -> get a t2 micro for 750 hours per month
43673.36 -> for one year
43674.88 -> and so
43675.916 -> there's about 730 hours um in a month
43679.436 -> and so that means you could have a
43680.96 -> server running
43683.04 -> the entire month for free
43685.916 -> and an additional server for a bit as
43688.16 -> well
43689.52 -> so for rds which is a relational
43691.2 -> database service for either mysql or
43693.596 -> postgres we can do a t2db micro for 750
43696.64 -> hours for free so there we get our free
43699.276 -> database and you would be surprised how
43701.36 -> far you can get with a uh a t2 db micro
43704.88 -> um you know even for a medium sized
43706.88 -> startup you can run it on a t2 db micro
43709.68 -> with no problems then you have your
43711.52 -> elastic load balancer you get 75 hours
43713.36 -> per month for one year um so that is a
43716.08 -> really good thing uh load bouncers
43717.916 -> usually cost 50 a month so that's great
43720.16 -> actually all these pretty much cost 15 a
43721.916 -> month so that's about um 15 30 45
43726.16 -> month over month for a year that's uh
43728 -> free then you have amazon cloudfront
43730 -> this is where you'd have your home page
43731.84 -> caching your videos things like that so
43733.596 -> you get 50 gigabytes data transfer out
43735.68 -> for the total year then there's amazon
43737.436 -> connect you get your toll-free number
43738.88 -> there 90 minutes of a call time per
43740.56 -> month for one month or for one year
43742.64 -> sorry amazon elastic cash so you could
43745.2 -> launch a redis or um elastic cash server
43747.84 -> you get 70 hours on a cash d3 micro for
43750.72 -> a year um elastic search service so it's
43753.756 -> full text search so again 70 50 hours
43756.4 -> per month for one year pinpoint campaign
43758.64 -> marketing email so you can send out 5
43760.32 -> 000 targeted users per month for one
43762.32 -> year scs so simple email uh service so
43766.24 -> this is for um transactional emails um
43769.04 -> so that you send out from your web app
43770.32 -> so 62 000 emails per month forever
43772.88 -> airbus code pipeline so one pipeline
43775.04 -> free it was code build so this is for
43778 -> building out
43779.276 -> projects or things like that so 100
43781.68 -> build minutes per month forever it was
43783.84 -> lambda service compute 1 million free
43786.08 -> requests per month 3.2 million million
43789.2 -> seconds of compute time per month for
43790.88 -> free
43792 -> and you know i like to highlight these
43793.36 -> ones because for traditional
43794.8 -> architecture you're always going to have
43796.48 -> a web server a database a load balancer
43799.36 -> um and you might even have cloudfront in
43801.2 -> there as well but uh yeah again there's
43803.436 -> a huge list and this does not even tap
43805.68 -> the service of what's free on aws
43807.91 -> [Music]
43812 -> hey this is andrew brown from exam pro
43813.756 -> and we are taking a look at abyss
43815.2 -> promotional credits and these are the
43816.64 -> equivalent to usd dollars on the abyss
43818.64 -> platform abs credits can be earned
43820.56 -> several ways this could be joining the
43822.4 -> database activate startup program
43823.916 -> winning a hackathon participating
43825.596 -> surveys
43826.56 -> and any other reason that database wants
43828.08 -> to give credits out
43829.52 -> once you
43830.72 -> have
43831.756 -> a promotional code you click the redeem
43833.52 -> credit button in the billing console you
43835.2 -> enter it in and then your credits will
43837.04 -> be shown there you can monitor them via
43838.96 -> it was budgets or via cost explorer and
43841.916 -> probably even billing alarms it was
43843.84 -> credits generally have an expired day
43845.2 -> attached to them could be a few months
43847.276 -> to a year immense credits can be used
43848.88 -> for most services but there are
43850.08 -> exceptions where it is credits cannot be
43851.596 -> used like purchasing a domain via roe 53
43854.16 -> because uh that domain costs money
43856.24 -> outside of aws's cost like for their
43858.72 -> infrastructure and virtual stuff and so
43860.96 -> for things like that uh you know they're
43863.04 -> not gonna be you're not gonna be able to
43864.16 -> use credits for that okay
43865.53 -> [Music]
43870.48 -> the adams partner network also known as
43872.48 -> apn is a global partner program for aws
43875.116 -> so joining the apn will open your
43877.116 -> organization up to business
43878.24 -> opportunities and allow exclusive
43880.24 -> training and marketing events so when
43882.32 -> joining the apn you can either be a
43884.32 -> consulting partner so you help companies
43885.916 -> utilize database or a technology partner
43888.64 -> you build technology on top of abs as a
43890.64 -> service offering and a partner belongs
43892.88 -> to a specific tier so it's either going
43894.64 -> to be select advanced or premiere when
43896.96 -> you sign up it's free to sign up but
43898.72 -> you're not going to be able to do much
43899.756 -> until you start uh committing to an
43902 -> annual fee so that's it's like a certain
43904.72 -> amount of money to uh be able to be part
43907.04 -> of that tier and it starts in the
43908.56 -> thousands okay so i think the first tier
43910.24 -> is like something like a thousand or two
43911.596 -> thousand dollars and it gets uh more
43913.68 -> expensive as you go up as a tier and you
43916.16 -> also have to have particular knowledge
43917.596 -> requirements so this could be holding uh
43920.08 -> particular edible certifications at this
43922.64 -> at the foundational level at the
43924.24 -> associate level things like that um or
43927.2 -> it could be uh aws apn exclusive
43929.52 -> certification so training that um it's
43931.84 -> not in certifications but there's
43933.2 -> certifications that are only available
43935.04 -> to partners saying like how do you it
43937.116 -> could be like something like how do you
43938.72 -> uh talk to customers or communication
43941.36 -> things like that
43942.8 -> you can get back promotional database
43944.4 -> credits so you know if you say oh man i
43947.116 -> spent uh two thousand dollars on just
43950.16 -> being able to
43951.36 -> get into the apn at least the idea is
43953.916 -> that you can generally get back that uh
43956.24 -> that spend on aws so it's like you
43958.24 -> committing
43959.276 -> if you give like two thousand dollars
43960.56 -> like you're going to commit to keep
43961.916 -> using aws i'm not showing the annual fee
43964.88 -> commitments here and the promotional
43966.48 -> credits that you get back just because
43968.08 -> they've changed it a couple times on me
43969.52 -> and i just don't want this slide to go
43971.04 -> stale in case they happen to change it
43972.8 -> again so you'll have to look that up to
43974.48 -> find out what they actually are right
43975.916 -> now uh you can have unique speak
43978.08 -> speaking opportunities in the official
43979.68 -> awesome marketing channels like the
43981.04 -> blogs or webinars being part of the apn
43983.436 -> is a requirement to be a sponsor with a
43985.436 -> vendor booth enables events so when you
43987.116 -> s when you go to re invent or any aws
43989.84 -> event all the vendors are part of the
43992 -> apn all right so they've paid their fee
43993.916 -> and now they paid an additional fee to
43995.36 -> get their booth
43996.8 -> but um yeah the bus partner network is
43999.36 -> very good for
44001.04 -> helping you find new business and
44002.64 -> connecting with other people that are
44003.916 -> building workloads in aws but hopefully
44005.84 -> that gives you an idea of how that works
44007.2 -> okay
44007.72 -> [Music]
44011.84 -> hey this is andrew brown from exam pro
44013.596 -> and we are taking a look at ibis budgets
44015.52 -> so abs budgets gives you the ability to
44017.2 -> set up alerts if you exceed or
44018.88 -> approaching your defined budget create
44021.68 -> cost usage or reservation budgets it can
44024.24 -> be tracked at the monthly quarterly or
44026.64 -> yearly levels with customizable start
44029.116 -> and end dates alert support ec2 rds
44032.08 -> redshift elasticast reservations
44034.8 -> uh and so the idea here is you can
44036.24 -> choose your budget amount so it could be
44038.16 -> like a hundred dollars it'll even show
44039.596 -> you what was the last amount if you're
44042.32 -> resetting the budget
44043.84 -> it's something new you can choose based
44046 -> on a different kind of unit so if you
44047.52 -> wanted to be based on
44049.52 -> running hours on ec2 you could totally
44051.756 -> do that is budgets can be used to
44053.756 -> forecast costs but is limited compared
44055.52 -> to cost explorer or doing your own
44057.116 -> analysis whether it was costs and uses
44059.116 -> reports along with business intelligence
44060.88 -> tools budgets uh based on a fixed cost
44063.84 -> or or you can plan your cost up front
44066.64 -> based on your chosen level can be easily
44068.96 -> managed from the aws budgets dashboard
44071.436 -> via the aws budgets api get notified by
44074.16 -> providing email or chat bot and
44076 -> threshold uh how close to the current or
44078.48 -> forecasted budget um so you'd see a list
44080.96 -> of budgets here uh current versus
44082.8 -> forecasted the amount used things like
44084.64 -> that you can see your budget history you
44087.04 -> can download a csv uh it'll show you the
44089.276 -> cost history right in line there which i
44091.04 -> can't show you it's hard to see there
44092.88 -> you get the first two budgets are free
44094.8 -> so there's no reason not to set a budget
44096.4 -> when you first get into aws and each
44098.32 -> budget costs about 0.02 cents a day so
44101.2 -> it's like 60 cents
44102.72 -> um
44103.68 -> usd per month for a budget so they're
44105.276 -> very cheap to use and you've got a limit
44106.8 -> of 20 000 budgets they're going to be in
44108.56 -> good shape okay
44109.8 -> [Music]
44113.84 -> well let's take a look here at airbus
44115.2 -> budget reports which is used alongside
44117.276 -> abs budgets to create and send daily
44119.116 -> weekly or monthly reports to monitor the
44121.116 -> performance of your abus budgets that
44122.72 -> will be emailed to specific emails so
44124.96 -> it's not too complicated here you say
44126.48 -> create the report budget choose your
44128 -> frequency
44129.52 -> the emails you want um an administrative
44131.68 -> report serves as a more convenient way
44133.596 -> of staying on top of reports since
44135.276 -> they're delivered to your email instead
44136.56 -> of logging into the management console
44138.56 -> so it's just for those people that just
44139.84 -> can't be bothered to log in okay
44145.436 -> well let's take a look here at abyss
44146.8 -> costs and uses reports so generate a
44148.72 -> detailed spreadsheet enabling you to
44150.4 -> better analyze and understand your abs
44152.08 -> cost so this is kind of what it looks
44153.36 -> like and when you turn this feature on
44155.52 -> it will place it into an s3 bucket you
44157.68 -> could use something like athena to turn
44159.2 -> the report into a queryable database
44160.72 -> since it's very easy to consume s3 csvs
44163.36 -> into athena you could use quicksite to
44166.08 -> visualize your billing data as graphs so
44168.24 -> quicksite is a business intelligence
44170.16 -> tool similar to tableau or power bi you
44174.16 -> could also ingest this into redshift
44177.36 -> but the idea here is when you turn it on
44179.116 -> you can choose how granular you want the
44181.2 -> data to be hourly daily or monthly if
44183.2 -> you turn on daily you'll be able to even
44184.88 -> say spikes of uh of of
44187.596 -> of costs for ec2 instances which is kind
44189.916 -> of nice the report will contain cost
44192.08 -> allocation tags um which i think we have
44194.88 -> a separate slide on that type of tags
44197.756 -> and the data is stored in either as
44199.436 -> either a csv it will be zipped or it
44201.84 -> will be a par-cat format it just depends
44203.596 -> on how you want it
44205.756 -> for that okay
44207.19 -> [Music]
44211.116 -> let's talk about cost allocation tags so
44213.52 -> these are optional metadata that can be
44215.436 -> attached to aws resources so when you
44218.24 -> generate a cost and uses report you can
44220.24 -> use that data to better analyze your
44222.16 -> data so what you'd have to do is make
44224.56 -> your way over to cost allocation tags
44226.72 -> and need to activate the tags you want
44228.4 -> to show up there are two types of tags
44230.4 -> so we have user defined so whatever
44232.56 -> you've previously tagged will show up
44234.16 -> probably there
44235.596 -> you turn it on so if you made one with
44236.88 -> project you turn on project and there's
44238.72 -> a lot of aws generated ones
44241.04 -> that you can turn on so there's a huge
44242.4 -> list there
44243.756 -> but uh yeah that's particular with
44246.4 -> cost
44247.436 -> usage and reports if it says like cost
44249.436 -> allocation reports it's just that's what
44251.116 -> costs and usage reports used to be
44252.72 -> called
44253.756 -> and some of the documentation is a bit
44254.96 -> old there but yeah there you go
44256.6 -> [Music]
44261.2 -> so you can create your own alarms in
44263.276 -> cloudwatch alarms to monitor spend and
44265.2 -> they're commonly called building alarms
44267.68 -> and so it's just a regular alarm but
44269.116 -> it's just focused on spend but in order
44271.116 -> to do this you have to turn on building
44272.72 -> alerts first in order to be able to use
44275.436 -> it
44276.16 -> and then you'll go to cloudwatch alarms
44278.24 -> and you can choose billing as your
44279.52 -> metric and then you just set your alarm
44281.68 -> however you'd want build alarms are much
44283.756 -> more flexible than aba's budgets and are
44285.68 -> ideal for more complex use cases for
44287.68 -> monitoring spend and usage
44289.596 -> in terms of alerting
44291.36 -> so you just have to decide what you want
44293.2 -> to do uh before it was budgets this was
44295.436 -> the only way to do it and so this is the
44297.2 -> way i'm used to doing it and i still do
44299.04 -> it this way today but you know both
44301.116 -> options are valid and just have to
44302.32 -> decide what is your use case okay
44304.3 -> [Music]
44308.16 -> let's take a look at about cost explorer
44310.08 -> which lets you visualize understand and
44311.756 -> manage your aws costs and usage over
44313.68 -> time so here's a big graphic of aws cost
44317.276 -> explorer and you can specify time and
44319.276 -> range and aggregation it has a lot of
44321.36 -> robust filtering
44323.2 -> what's really nice is that they have a
44324.64 -> bunch of default reports for you so i'm
44327.276 -> just gonna get my pen tool just to show
44328.56 -> you where that button is it's over uh
44330.64 -> here
44331.52 -> uh if you can see my marker there but
44333.116 -> but you know you can look at things like
44335.116 -> monthly cost by service monthly cost by
44337.2 -> linked account daily cost savings
44339.116 -> marketplace r utilization so there's a
44341.68 -> bunch there you could also notice that
44343.116 -> you can create your own report so if you
44345.36 -> do find something that you like you can
44346.88 -> save it for later um you can you could
44349.436 -> have access to forecasting here so you
44350.96 -> get an idea of the future costs and
44352.96 -> whether it's been it's gone up or down
44355.04 -> just to kind of zoom in on some of those
44356.56 -> filtration options you can choose
44358.8 -> um either monthly or daily level of
44361.84 -> of how you want the data to be grouped
44363.756 -> together
44364.72 -> and you have a lot of filter control so
44366.96 -> if i want to just have ec2 instances for
44369.596 -> a particular region then i can get that
44371.276 -> filtered information over here and you
44373.116 -> can see you have a breakdown of the
44374.48 -> different types so it's very detailed
44376.88 -> and cost explorer shows up in us east
44379.04 -> one i'm pretty sure if you click on
44380.24 -> class explorer we'll just switch you
44381.36 -> over to that region but just understand
44383.2 -> that's where it lives okay
44384.85 -> [Music]
44388.96 -> hey this is andrew brown from exam pro
44390.88 -> and in this video i want to show you aws
44392.96 -> cost explorer so what we'll do is go to
44395.52 -> the top here and actually on the right
44396.88 -> hand side we're going to click on the
44398 -> right and go to my billing dashboard and
44400.8 -> from there on the left hand side we're
44402.56 -> going to look for cost explorer and then
44404.8 -> click launch cost explorer and this is
44406.64 -> where we're going to get to the aws cost
44408.4 -> management dashboard where this is where
44410 -> we find savings plans reservations
44411.68 -> things like that on the left hand side
44413.596 -> click on cost explorer and you can get
44415.36 -> this nice chart and so the idea is you
44416.8 -> can change it from monthly to daily if
44418.64 -> you if you uh prefer
44421.596 -> okay you can change the scope here maybe
44423.916 -> we don't need six months we can just go
44425.436 -> back
44428.8 -> three months here so there's less data
44434.56 -> it is a bit delayed when i'm clicking
44436.16 -> here so it also could be just because
44437.756 -> i'm doing the daily instead of monthly
44440 -> so you just have to be a little bit
44441.596 -> patient when uh using this interface
44444.88 -> you can change it to stack line graph
44446.72 -> you can kind of see the details there
44448.32 -> it's not always clear like what others
44450.56 -> is or things like that and so
44452.96 -> uh you can drill down and there's like
44455.04 -> ways of applying filters and things like
44457.2 -> that
44459.2 -> i always forget how to do this because
44461.756 -> it's bringing everything in so you have
44463.116 -> to hit clear all first i think
44466.4 -> and
44470.4 -> oh you have to click into it so like if
44471.916 -> you wanted to click into it and pick a
44473.36 -> particular service we could go here and
44474.88 -> type in ec2
44477.36 -> and say
44478.48 -> ec2 instances
44480.56 -> and then apply that filter so now we can
44482.72 -> just see exactly that cost or if we want
44484.72 -> to
44485.916 -> choose like maybe just rds
44489.68 -> okay
44491.04 -> so
44492.24 -> you know that could be useful for you to
44493.84 -> see but yeah sometimes it's not always
44496.16 -> clear and so what i recommend is just go
44498.24 -> back to your billing dashboard
44500.24 -> and from there just go to bills
44502.64 -> okay bills is really really useful
44504.72 -> because here it shows you exactly every
44507.276 -> single little service that you're being
44508.56 -> billed for you can expand it and see
44510.08 -> exactly where if there you have other
44512.08 -> accounts you can go into this side here
44513.756 -> as well and find spend that way
44516.32 -> but cost explorer is very useful just
44518.88 -> it's useful in a different way okay so
44520.72 -> there you go
44525.916 -> hey this is andrew brown from exam pro
44527.68 -> and we are taking a look at the database
44529.2 -> pricing api so with adabs you can
44531.436 -> programmatically access pricing
44533.36 -> information to get the latest pricing
44535.04 -> offerings for services this makes sense
44537.276 -> because database can change them at any
44538.72 -> time and so
44540.24 -> you know you might want to know exactly
44541.596 -> what the current price is there are two
44543.596 -> versions of this api so we have the
44545.436 -> query api known as the pricing service
44547.596 -> api and you access this via json and
44550.4 -> then there's the batch api also known as
44552.72 -> the price
44554 -> list api via html what's odd is that the
44557.276 -> batch api returns json but you're
44559.68 -> accessing it via html so
44562 -> you can literally paste those links in
44563.36 -> your browser for the query api you're
44565.276 -> actually sending an an application json
44567.756 -> request
44569.04 -> so you'd have to use something like
44570 -> postman or something uh you can also
44572.08 -> subscribe to sns uh notifications to get
44574.72 -> alerts when pricing for the services
44576.64 -> change database prices change
44578.08 -> periodically such as when aws cuts
44580.24 -> prices when new instance types are
44581.916 -> launched or when new services are
44583.276 -> introduced so there you go
44584.93 -> [Music]
44589.2 -> hey this is andrew brown from exam pro
44590.88 -> and what i want to do here is show you
44592.8 -> savings plans and savings plan is going
44594.88 -> to be found under the it was cost
44596.48 -> explorer so just type in cost explorer
44598.24 -> at the top here or if you want you can
44599.68 -> type in savings plan as well and once we
44602 -> are here on the left hand side we are
44603.916 -> going to have a savings plans option so
44605.916 -> we're going to go to the overview
44608.08 -> and here it just describes
44610 -> what our savings plans if you want to
44611.436 -> read through it but down below if you
44612.96 -> have already some spend happening it's
44615.04 -> going to make some suggestions and in
44616.56 -> this particular account it's saying that
44618.32 -> i could save some money on compute
44620.4 -> before we take a look here i'm just
44621.84 -> going to go to the form here and see
44623.436 -> what we can see so up here we can say
44626.08 -> commitment two three years by the way
44628.08 -> you have compute savings which applies
44629.596 -> to ec2 fargate or lambda then you have
44632.4 -> the ec2 specific one where
44634.64 -> uh we can select a very particular type
44636.16 -> of instance family and then there's the
44638.08 -> sagemaker savings plans um but if we go
44640.88 -> here and we just enter in like two
44643.68 -> dollars
44645.116 -> all up front
44646.96 -> i don't really understand it from here
44648.32 -> because it doesn't make it clear what
44649.596 -> the savings are
44651.2 -> um but uh what it does make it very easy
44653.916 -> is probably if we go over here and then
44655.68 -> click down on the compute
44657.436 -> so kind of feel like here would auto
44659.04 -> fill it in for you and so here i filled
44660.88 -> it in or sorry it's filled in for me and
44663.68 -> so here it's saying with a one-year plan
44666 -> all up front for based on the past 30
44668.8 -> days
44669.916 -> that it's going to see that i'm going to
44671.756 -> see a monthly savings of 25 and 36 cents
44675.36 -> and then i can add it to the cart that
44676.88 -> way and i kind of feel like that is the
44678.8 -> easiest way to
44680.56 -> um figure that out where with um
44684.32 -> with how it was going that form i just
44686.56 -> couldn't figure it out myself what the
44687.68 -> savings were
44689.04 -> there are some utilization reports and
44690.88 -> coverage reports honestly i've never
44692.72 -> really looked at these before
44694.4 -> um but uh i'm just curious like what
44696.96 -> we're looking at monthly daily
44699.916 -> the last
44701.756 -> let's go a few months here i've been
44702.96 -> running stuff in this account for a
44704.08 -> while so there should be something
44706.96 -> apply
44709.52 -> so
44711.04 -> nothing nothing of interest but um i
44713.756 -> mean i guess you have a lot of use and
44714.96 -> coverage report
44716.24 -> utilization report could be interesting
44718.48 -> but i imagine it's maybe you have to be
44720.24 -> using you have to have a savings plan
44722.08 -> before you can see this so that's
44723.36 -> probably the reason why
44725.04 -> um but yeah hopefully that gives you a
44726.4 -> clear idea that you know you can just go
44728.32 -> down to those recommendations and
44730.32 -> and see exactly what you can save and
44732.08 -> you just add it to your cart and then
44733.916 -> once you want to pay for it you just
44735.52 -> choose to submit that order and you're
44737.2 -> all good to go
44738.48 -> all right so that's savings plans
44741.47 -> [Music]
44746.16 -> let's take a look here at defense in
44747.436 -> depth to understand the layers of
44749.04 -> security aws has to consider uh for
44751.756 -> their data centers for their uh virtual
44753.916 -> workloads and things that you also have
44755.596 -> to consider when you are
44757.276 -> uh thinking about security for your
44759.276 -> cloud resources
44760.8 -> so in the most interior we have data so
44764 -> this is access to business and customer
44765.84 -> data and encryption to protect your data
44768.32 -> then we have applications so
44770.08 -> applications are secure and free of
44771.756 -> security vulnerabilities then you have
44773.756 -> compute so access to virtual machines
44776.16 -> ports on premise and cloud you have the
44778.48 -> network layers so this limits
44780.08 -> communication between resources using
44782.16 -> segmentation and access controls you
44784.16 -> have the perimeter itself so distributed
44786.56 -> denial of service protection to filter
44788.64 -> large-scale attacks before they can
44790.24 -> cause denial of service of users you
44792.56 -> could say that's part of the network
44793.68 -> layer and that's when i say there are
44794.88 -> variants on this but we're just
44796.64 -> separating it out
44798.08 -> explicitly there we have identity and
44800.08 -> access so controlling access to
44801.84 -> infrastructure and change control and
44803.596 -> then there's the physical layer so
44806.16 -> limiting access to data centers to only
44808.56 -> authorize personnel you'll notice i
44810.48 -> highlighted identity and access in
44813.116 -> yellow it's because that is considered
44814.96 -> the new primary um
44817.2 -> perimeter from the customer's
44818.8 -> perspective of course ida best has
44820.8 -> concern about the physical perimeter and
44822.32 -> things like that but as a customer
44825.116 -> that's what you're going to be thinking
44826.08 -> about especially with the zero trust
44827.596 -> model and when you see these depths the
44830.32 -> idea is that in order to get here you
44832.56 -> have to pass through all the stuff so if
44834.72 -> this um
44835.916 -> if this outward one is protected pretty
44837.596 -> well then you generally don't have to
44839.436 -> worry about the interiors but of course
44840.8 -> you should um but yeah there you go
44847.52 -> let's take a look here at
44848.596 -> confidentiality integrity and
44850.72 -> availability also known as the cia triad
44854.88 -> is a model describing the foundation to
44856.8 -> security principles and their trade-off
44858.56 -> relationships so here is our triad so we
44861.916 -> have confidentiality so confidentiality
44864.24 -> is a component of privacy that
44865.68 -> implements to protect our data from
44867.2 -> unauthorized viewers and practice this
44869.2 -> can be using cryptographic keys to
44872.08 -> encrypt our data and using keys to
44874.16 -> encrypt our keys so envelope encryption
44876.16 -> then we have integrity so maintaining
44877.84 -> and ensuring the accuracy and
44879.04 -> completeness of data over its entire
44880.64 -> lifecycle and practice utilizing
44882.72 -> acid-compliant databases for valid
44884.4 -> transactions utilizing tamper evident or
44887.36 -> tamper proof hardware security modules
44889.04 -> hsms availability so information needs
44891.68 -> to be available when needed in practice
44893.84 -> so high availability mitigating ddos
44896.64 -> decryption access so the cia triad was
44899.84 -> first mentioned in this publication in
44901.96 -> 1977 there have been efforts to expand
44904.56 -> and modernize or suggest alternatives
44906.24 -> the cia triad so one was in 1998 for the
44909.436 -> six atomic elements of information uh or
44912.24 -> in 2004 we have the engineering
44914.32 -> principles for uh for information
44916 -> technology security so it has 33
44917.52 -> security principles but this is still a
44920.08 -> very popular um
44922.32 -> model for security uh and it's just to
44924.56 -> kind of tell you like you know you don't
44926.4 -> always get everything you don't get all
44928.08 -> three of them sometimes you have to
44929.2 -> trade off in your scenario um you know
44931.756 -> and hopefully some of the terminology
44933.2 -> here will resonate as we go through more
44935.2 -> security content
44936.45 -> [Music]
44940.48 -> what i want to do here is just to find
44941.916 -> the term vulnerability so a
44943.436 -> vulnerability is a whole or weakness in
44945.04 -> an application which can be designed a
44947.2 -> design flaw or implementation bug that
44948.8 -> allows an attacker to cause harm to
44950.88 -> stakeholders or applications and uh
44954.4 -> there's a lot of great definitions of
44956.16 -> vulnerabilities but owasp has a ton of
44958.4 -> them and we talked about oats when we
44960.32 -> talk about abuse waff but it's an
44962.32 -> organization that creates security
44963.84 -> projects that help you know what you
44965.916 -> should protect uh or gives you a working
44968.16 -> example so that you can understand how
44969.916 -> to get better at security and so they
44971.916 -> have a lot of ones here but maybe you
44974.88 -> might notice some here like using a
44976.4 -> broken or risky cryptographic algorithm
44979.04 -> maybe there's a memory leak least
44980.88 -> privileged violation so that's um uh
44984.24 -> least privilege is something that is a
44985.916 -> thing that you're always worried about
44986.96 -> in security improper data validation
44988.88 -> buffer overflows so you know just to
44991.2 -> kind of set the tone of what a
44993.04 -> vulnerability is and things you should
44994.72 -> be thinking about okay
44999.23 -> [Music]
45001.116 -> let's understand what encryption is but
45002.72 -> before we do we need to understand what
45004.4 -> is cryptography so this is the practice
45006.48 -> and study of techniques for secure
45007.916 -> communication in the presence of third
45009.52 -> parties called adversaries and
45011.36 -> encryption is the process of encoding or
45013.116 -> scrambling information using a key and a
45015.84 -> cipher to store sensitive data in an
45018.08 -> unintelligible format as a means of
45020.08 -> protection
45021.36 -> an encryption takes in plain text and
45023.276 -> produces produces a cipher text so
45026.16 -> here's an example of a very old
45028.48 -> encryption machine this is the enigma
45030.72 -> machine used during world war ii
45033.276 -> and it has a different key for each day
45034.96 -> that it was used to set the position of
45036.4 -> the rotors and it relied on simple
45038.88 -> cipher substitution
45040.8 -> and so you might be asking what is a
45042.08 -> cipher and that's what we're going to
45043.116 -> look at next
45044.35 -> [Music]
45048.88 -> so what is a cipher it is an algorithm
45051.2 -> that performs encryption or decryption
45053.2 -> so cipher is synonymous with code
45056 -> and the idea is that you use the code to
45058.4 -> either unlock or or lock up the
45060.88 -> information that you have so what is a
45062.96 -> ciphertext a ciphertext is the result of
45065.596 -> encryption performed on plain text via
45068.64 -> an algorithm so you lock that up you
45070.88 -> scramble it it doesn't make sense and
45072.56 -> you need that code to unlock it to get
45074.8 -> the information so a good practical
45077.276 -> example back in the day was a code book
45079.2 -> and this was the type of document used
45080.72 -> for gathering and storing cryptographic
45083.116 -> codes or ciphers so the idea is if we
45085.756 -> zoomed up on here notice where we have
45088.16 -> cannot so
45090.16 -> and it would be zero zero and then there
45092.88 -> would be give them authority so the idea
45095.2 -> is
45096.56 -> zero zero
45098 -> or if you had the word cannot it would
45099.68 -> translate to zero zero and then you use
45101.68 -> zero zero to match that up to say what
45103.596 -> does that actually mean and so that is
45105.2 -> kind of a very practical example of
45107.2 -> ciphers in action
45112.56 -> so we just took a look at encryption but
45114.56 -> what are cryptographic keys so a a
45118.24 -> cryptographic key an easy way to think
45119.916 -> of it is a variable used in conjunction
45122.72 -> with an encryption algorithm in order to
45124.72 -> encrypt or decrypt data
45127.68 -> and there are different kinds of um ones
45130.56 -> we have so we have symmetric encryption
45133.276 -> so this is where we have the same key
45135.2 -> that is used for encoding and decoding
45137.916 -> and a very popular one and the one
45139.436 -> you'll see on aws is called advanced
45141.52 -> encryption standard aes so just take a
45144.72 -> look at that graphic very closely so we
45146.8 -> have one key
45148.4 -> and it is used to encrypt so it produces
45150.96 -> the cipher and then or cipher text we
45154 -> should say and then it will decrypt and
45156.72 -> we will get our plain text so one single
45158.64 -> key
45159.68 -> then we have asymmetric encryption so
45162.4 -> two keys are used one in code and one to
45165.68 -> decode and a very popular one here is
45167.916 -> rsa
45169.276 -> if you're wondering what those those
45170.96 -> words are it's three people's names put
45172.88 -> together who helped
45174.4 -> invent this type of algorithm and so
45177.596 -> here we have
45178.8 -> one key for encrypt and one key for
45181.36 -> decrypt and there are two different keys
45183.68 -> all right
45184.68 -> [Music]
45188.96 -> all right let's look at the concept of
45190.32 -> hashing and salting so for hashing we
45192.48 -> have a hashing function and this accepts
45194.48 -> arbitrary size values and maps it to a
45196.32 -> fixed size data structure hashing can
45198.48 -> reduce the size of a store value and
45200.72 -> hashing is a one-way process and is
45202.88 -> deterministic so a deterministic
45204.8 -> function always returns the same output
45207.276 -> output for the same input so if we have
45209.596 -> something like john smith and we pass it
45211.52 -> to the hash function it's going to
45212.88 -> create something that is not human
45214.4 -> readable but it'll say something like
45215.84 -> zero two f a e x x y whatever um and it
45219.52 -> will always produce the same thing if
45221.2 -> the same key or you know value is being
45223.756 -> inputted there so the reason we use
45226 -> hashing functions or hash in general is
45227.84 -> to hash passwords so hash functions are
45230.24 -> used to store passwords in a database so
45232.16 -> that the password does not reside in a
45233.916 -> plain text format so you've heard about
45236.08 -> all these data breaches where they've
45237.36 -> stored the password in plain text this
45239.436 -> is the thing that helps us avoid that
45241.276 -> issue
45242.56 -> and the thing again is because it's one
45244.4 -> way you can't take that hash and unhash
45246.88 -> it
45248 -> well there are some conditions to it but
45249.916 -> so to authenticate a user when a user
45251.916 -> inputs their password it is then hashed
45253.916 -> so the one that was inputted at the time
45255.68 -> of you know login and then that hash is
45257.916 -> compared to the stored hash in the
45259.68 -> database and if they match the user is
45262.24 -> successfully logged in so in that case
45264.08 -> we never ever had to know what the
45266.24 -> original password looked like uh popular
45268.4 -> hashing functions are md5 sha-256 or
45271.2 -> bcrypt
45272.48 -> if an attacker knows the function you
45274.24 -> are using
45275.596 -> and
45276.56 -> and stole your database they could
45277.916 -> enumerate a dictionary of passwords to
45279.68 -> determine the password so they'll never
45281.436 -> see it but they could just keep on going
45283.36 -> through that so that's why we salt our
45285.52 -> passwords so a salt is a random string
45287.596 -> not known to the attacker that the hash
45289.596 -> function accepts to mitigate the
45291.276 -> deterministic nature of a hashing
45293.2 -> function so there you go
45295.1 -> [Music]
45299.84 -> let's take a look here at digital
45301.04 -> signatures and signing so what is a
45303.116 -> digital signature is a mathematical
45305.116 -> scheme for verifying the authenticity of
45306.96 -> digital messages or documents and a
45308.96 -> digital signature gives us tamper
45310.56 -> evidence so did someone mess or modify
45312.64 -> the data is this data from someone we
45315.276 -> did not expect it to be is it from the
45317.04 -> actual sender and so we kind of have
45318.88 -> this diagram where we have a person who
45320.64 -> sends or is going to send a message so
45322.48 -> they sign it and then uh bob verifies
45325.68 -> that it was for the person who it's from
45327.756 -> so there are three algorithms to a
45329.36 -> digital signature the key generation so
45331.756 -> generates a public and private key
45334.88 -> then there is signing the process of
45336.8 -> generating a digital signature with a
45339.04 -> private key and the inputted value so
45341.436 -> signing which is what is happening up
45343.04 -> here signing verification verifies the
45345.436 -> authenticity of the message with a
45346.88 -> public key so remember the private key
45348.88 -> is used for signing and the public key
45350.72 -> is used for verifying
45353.2 -> ssh uses a public and private key to
45355.596 -> authorize remote access into a remote
45357.68 -> machine such as a virtual machine it is
45359.916 -> common to use rsa and we saw that rsa is
45363.36 -> a type of algorithm earlier
45366 -> and so ssh hyphen keygen is a well-known
45368.48 -> command to generate a public and private
45370.48 -> key on linux i know this one off the top
45372.72 -> of my head i always know to do this
45375.436 -> and so what is code signing so when you
45377.68 -> use a digital signature to ensure
45379.596 -> computer code has not been tampered
45382.08 -> and so that's just a like subset of
45383.756 -> digital signaturing so you can use this
45386.24 -> as a means to get into a virtual machine
45388.4 -> or you can use signing as a means to
45390 -> make sure that the code being committed
45391.52 -> to your repository is who you expect it
45394.08 -> to be from so there you go
45395.67 -> [Music]
45400.08 -> let's talk about in transit versus at
45402.24 -> rest encryption so encryption transit
45404.64 -> this is data that is secure when moving
45406.64 -> between locations and the algorithms
45408.56 -> here are tls and ssl then you have
45411.2 -> encryption at rest so this is data that
45413.04 -> is secure when residing on storage or
45415.36 -> within a database so we're looking at
45417.2 -> aes or rsa which we both covered
45420.64 -> previously these algorithms so ones that
45423.68 -> we did not cover was tls and ssl so
45426.24 -> we'll cover them now so tls transport
45428.32 -> layer security is an encryption protocol
45430.4 -> for data integrity between two or more
45432.16 -> communic communicating computer
45434.48 -> applications so 1.0 and 1.1 are no
45437.916 -> longer used but tls 1.2 and 1.3 is the
45442.56 -> current best practice then we have ssl
45445.04 -> secure socket layers so an encrypted
45447.2 -> protocol for date integrity between two
45448.956 -> or more communicating uh computer
45450.88 -> applications so
45452.32 -> 1.0 2.0 and 3.0 are deprecated um and
45456.956 -> honestly i always get these two mixed up
45458.72 -> and i always figure uh
45461.2 -> get confused which is being used but um
45463.436 -> you know they're always changing on us
45465.04 -> but just understand generally what these
45466.88 -> concepts are and that you're familiar
45468.08 -> with the terms okay
45469.42 -> [Music]
45473.68 -> hey this is andrew brown from exam pro
45475.52 -> and we are taking a look at common
45476.88 -> compliance programs so these are a set
45478.72 -> of internal policies and procedures for
45480.72 -> a company to comply with laws rules and
45482.72 -> regulations or to uphold business
45485.04 -> reputation so here we have a bunch of
45487.276 -> different compliance programs and so
45489.52 -> some popular ones are like hipaa or
45492.956 -> pci dss the question is should you know
45495.596 -> these yes you should generally know the
45497.116 -> most popular ones because you're going
45498.88 -> to see them throughout your cloud career
45501.276 -> and so just getting familiar now is a
45503.36 -> good time so let's jump into it okay so
45506.16 -> the first one i want to introduce you to
45507.84 -> is for ia iso and they have a bunch of
45510.16 -> different ones so iso is the
45511.84 -> international organization of
45513.04 -> standardization and their other one
45515.36 -> called iec which is the international
45517.916 -> electro technical commission one deals
45520.08 -> with uh you know like uh virtual things
45522.32 -> the other one deals with hardware things
45523.916 -> but they have a lot of overlapping
45526.32 -> compliance programs okay
45528.08 -> and so the most popular absolutely most
45530.32 -> popular one that i know of is the 270100
45533.36 -> i know a lot of organizations that are
45535.116 -> going for their 2701 so this is for
45537.52 -> control implementation guidance you have
45539.52 -> the 27017
45541.68 -> this is enhanced focus on cloud security
45543.916 -> the 27018 this is protection of personal
45546.72 -> data in the cloud then you have the
45549.4 -> 27701 this is privacy information
45552.08 -> management system so pims framework this
45554.64 -> outlines controls and processes to
45556.08 -> manage data privacy and protect pii so
45559.2 -> that's personally identifiable
45560.48 -> information then you have system and
45562.32 -> organization control sock and this is a
45564.56 -> very popular thing that organizations go
45566.48 -> for especially the sock too so sock one
45568.88 -> is 18 standards and report on the
45570.64 -> effectiveness of internal controls at
45572.64 -> the service organization relevant to the
45574.8 -> client's internal control over financial
45576.64 -> reporting we have stock 2 evaluates
45578.72 -> internal controls policies and
45580 -> procedures that directly relate to the
45581.84 -> security of the system at a service
45583.84 -> organization and stock 3 a report based
45586.48 -> on the trust
45587.68 -> service services criteria that can be
45589.596 -> freely distributed
45591.52 -> then we have pci dss a set of security
45594.56 -> standards designed to ensure that all
45596.64 -> companies that accept process store and
45598.88 -> transmit credit card information
45600.8 -> maintains in a secure
45603.116 -> environment we have a federal
45605.116 -> information procedure standards or fips
45606.956 -> so 140 hyphen 2. this is u.s and
45609.68 -> canadian government standard that
45611.276 -> specifies the security requirements for
45613.04 -> cryptographic modules that protect
45615.276 -> sensitive information then we have a ph
45618.956 -> ipa this is more relevant to me because
45620.8 -> i'm actually in ontario and canada but
45622.88 -> it's also very
45624 -> well known
45625.52 -> one out there outside of hipaa so this
45627.68 -> regulates patient protected health
45629.596 -> information then you actually have hipaa
45631.756 -> this is the u.s federal law that
45634.16 -> regulates patient procedure health
45635.68 -> information then we have a cloud
45638.24 -> security alliance so csa star
45640.88 -> certification independent third-party
45642.956 -> assessment of a cloud provider's
45645.596 -> security posture if you never heard of
45646.956 -> csa they have a very uh well-known
45649.2 -> fundamental uh security certification
45651.68 -> called the cssk or ccsk i always get
45654.48 -> that mixed up then we have
45656.48 -> fedramp which we covered earlier in this
45658 -> course or in the future depending on
45659.596 -> where we put it but fedramp stands for
45662.08 -> federal risk and authorization
45663.596 -> management program it's a us government
45665.276 -> standardization approach to security
45666.956 -> authorizations for cloud service
45668.64 -> offerings if you want to work with the
45670.24 -> u.s
45671.2 -> government or places that sell the us
45673.116 -> government you need fed ramp that
45675.04 -> similar to criminal justice information
45677.04 -> services any u.s state or local agency
45679.596 -> that wants to access the fbi's cgis
45682.08 -> database is required to adhere to the
45684.24 -> cgis security policy
45686.956 -> then we have gdpr
45689.04 -> the general data protection regulation
45691.116 -> everyone knows what this is in europe
45692.88 -> maybe not so much in north america or
45694.64 -> other places a european privacy law
45696.956 -> imposes new rules on companies
45698.72 -> governments agencies nonprofits and
45700.4 -> other organizations that offer goods and
45702.64 -> services to people in the european union
45705.36 -> or that collect analyze data try tied to
45708.56 -> eu's residents there's a lot of
45710.16 -> compliance programs out there one that's
45711.756 -> also very popular is fips but we'll get
45713.276 -> to that when we talk about kms
45715.436 -> but yeah there you go
45717.25 -> [Music]
45721.84 -> so i just wanted to quickly show you
45723.436 -> here the aws compliance programs page
45725.52 -> where they list out all the types of
45727.2 -> compliance programs that aws is uh
45729.436 -> working with and that it has different
45731.36 -> types of certification and attestments
45733.36 -> which we can use it was artifact or
45735.596 -> amazon artifact whichever
45737.436 -> prefix they decide to use for the name
45738.956 -> there to
45740.956 -> ensure that it was has in order to meet
45743.36 -> those regulatory compliance so you can
45745.04 -> see them all there and if you want to
45747.436 -> know a little bit more about any of
45748.56 -> these you just go ahead and click them
45750.16 -> and you can read and they have
45751.36 -> additional information so you have a
45753.116 -> better idea okay
45757.01 -> [Music]
45761.2 -> let's talk about pen testing so pen
45763.36 -> testing is an authorized simulated cyber
45765.36 -> attack on a computer system performed to
45767.04 -> evaluate the security of the system and
45769.04 -> on aws you are allowed to perform
45771.596 -> uh pen testing but there are some
45773.756 -> restrictions so permitted services or
45775.84 -> ec2 instances nat gateways elbs rds so
45779.68 -> that's relational database service
45781.84 -> cloudfront aurora api gateways lambda
45784.88 -> lambda edge functions light cell
45786.956 -> resources elastic bean stock
45788.4 -> environments things you cannot do or you
45790.64 -> should not be doing
45792.24 -> is dns zone walking via rough d3 hosted
45794.72 -> zones
45795.596 -> then there's ddos simulation testing so
45797.68 -> you should not be doing ddot or dos
45799.916 -> ddoses
45801.436 -> or simulated dos or simulated ddos is
45804.24 -> okay and that doesn't mean that you
45806.16 -> can't necessarily do them uh again
45808.24 -> there's a lot of exceptions to the pen
45809.596 -> testing they have a whole page on this
45811.116 -> but generally you're not allowed to do
45812.956 -> ddosing
45814.32 -> port flooding protocol flooding request
45816.88 -> flooding can't do any of those things
45818.64 -> for other simulated events you need to
45820.16 -> submit a request to a bus a reply could
45822.4 -> take up to seven days you know again
45824.88 -> there's a lot of
45826.4 -> little intricacies here so you'd have to
45828.24 -> really read up on it if you're
45829.436 -> interested in doing this okay
45831.02 -> [Music]
45835.36 -> hey this is andrew brown from exam pro
45837.116 -> and we are taking a look at pen testing
45838.956 -> on the aws platform so they have this
45840.8 -> page here that tells you what you're
45842.24 -> allowed to do what you're not allowed to
45843.756 -> do
45844.48 -> um and there's some additional things
45845.756 -> you can read into like the stress test
45847.436 -> policy the ddos simulate simulation
45849.68 -> testing policy which i didn't cover in
45851.84 -> detail
45852.88 -> in the course content but for whatever
45854.56 -> reason you're interested in it i just
45856.4 -> want you to be aware of that kind of
45857.916 -> stuff if you want to simulate events
45860.08 -> there is a simulate events form that you
45861.916 -> have to fill out so yeah open it up and
45864.56 -> you can kind of read about it and it
45865.84 -> gives it eight of us a heads up of what
45868 -> you're going to be doing stress test
45869.36 -> fishing malware analysis other so that
45872.08 -> way that if you are doing it you're not
45873.68 -> going to get in trouble they're aware of
45875.276 -> what you are doing okay so that's pretty
45877.36 -> much it
45881.2 -> [Music]
45882.4 -> hey this is andrew brown from exam pro
45884.16 -> and we are taking a look at ibis
45885.436 -> artifact which is a self-serve portal
45887.52 -> for on-demand access to itabus
45889.2 -> compliance reports so here's an example
45891.52 -> of a bunch of different compliance
45893.2 -> reports that aws could be meeting and
45895.436 -> the idea is that when you go to this
45897.2 -> portal within the database management
45898.56 -> console you'll have a huge list of
45900.956 -> reports that you can go and access so
45902.72 -> here i'm searching for canada to get the
45905.276 -> government of canada partner package and
45907.68 -> then i go ahead and i download that
45909.436 -> report as a pdf and then within the pdf
45912 -> we can click a link to get the
45913.52 -> downloadable excel and that's pretty
45915.36 -> much what it is it's just if you want to
45917.2 -> see that databus is being compliant for
45919.04 -> different programs
45923.33 -> [Music]
45924.48 -> hey this is andrew brown from exam pro
45926.24 -> and we're going to take a look at
45927.36 -> adobe's artifacts so at the top here
45929.276 -> we're going to type in artifact
45931.756 -> and not to be confused with code
45933.36 -> artifact which i guess is a new service
45935.276 -> there's just always releasing new
45936.64 -> services eh
45937.84 -> and so here we have a video and some
45941.04 -> things but it's not too hard all we got
45942.88 -> to do is go to view reports
45945.68 -> and from here we have all the types of
45947.916 -> compliance programs or regulatory
45949.916 -> compliance programs that aws is meeting
45953.756 -> and we can do is search for something so
45955.756 -> we type in canada
45957.36 -> and that's the government of canada
45958.64 -> partner package and i can go ahead and
45960.56 -> download that report so when you
45962.48 -> download it you really want to open this
45964.32 -> up in
45966.32 -> um you're going to really want to open
45967.916 -> this up in
45970.56 -> adobe acrobat because if you don't open
45972.48 -> it up in adobe acrobat you're not going
45974.08 -> to be able to access the downloadables
45976.48 -> within it i know that's kind of odd to
45978.956 -> say but that's just what it is you do
45980.48 -> have to install adobe acrobat reader and
45983.756 -> once you have it open
45986.16 -> and i'm just moving it over here this is
45988.16 -> what you're going to see and
45990.16 -> it's going to say like hey um oops
45993.36 -> no i don't want to do that so please
45994.64 -> scroll to the next page to view the
45996.16 -> artifact download and so i think that
46000 -> if we go here
46001.84 -> you know they say scroll to the next
46003.04 -> page but i'm pretty sure we can just go
46004.8 -> here on the left hand side and this is
46006.72 -> what we're looking for that excel
46008 -> spreadsheet so we're going to save that
46010 -> attachment
46011.84 -> or actually we just can open it up
46014.956 -> open this file
46017.276 -> okay and we'll give it a moment i have
46018.72 -> excel installed
46020.8 -> and there we go
46023.596 -> there it is okay so i know it's a little
46026.08 -> bit odd way to get to those um
46028.72 -> certificates or reports but that's just
46031.04 -> how it works um but yeah i mean that's
46033.68 -> the idea is like if you need to prove
46035.52 -> that database is meeting whatever those
46036.956 -> standards are you can just type them in
46038.64 -> whatever it is i mean like maybe there's
46040 -> like fedramp right whatever it is and
46042 -> download those certificate attestments
46044.08 -> whatever um and just double check that
46046.72 -> aws is meeting those standards okay
46049.14 -> [Music]
46053.436 -> hey this is andrew brown from exam pro
46055.276 -> and we are taking a look at abs
46056.72 -> inspector but before we can answer what
46058.956 -> it does let's talk about hardening so
46060.56 -> hardening is the act of eliminating as
46062.16 -> many security risks as possible
46064.08 -> hardening is common for virtual machines
46065.84 -> where you run a collection of certain
46067.2 -> security checks known as a security
46069.84 -> benchmark so aws inspector runs a
46072.24 -> security benchmark against specific ec2
46074.4 -> instances and you can run a variety of
46076.64 -> security benchmarks and you can perform
46078.56 -> network and host assessments and so
46080.72 -> here's an example of those two check
46082.88 -> boxes there which you'd say which
46084.24 -> assessments you want to do so the idea
46086.08 -> is you have to install the adobe station
46087.52 -> on your ec2 instance you run an
46089.36 -> assessment for your assessment target
46091.2 -> you review your findings and remediate
46092.72 -> security issues and one very popular
46094.8 -> benchmark you can run is the cis which
46097.276 -> has
46098.276 -> 699 checks so if you don't know what cis
46101.2 -> it stands for the center of internet
46102.64 -> security uh and so they are this
46104.56 -> organization that has a bunch of um
46108 -> uh security controls or check marks uh
46110.32 -> that are published that they suggest
46111.756 -> that you should check on your machine
46113.26 -> [Music]
46117.276 -> hey this is andrew brown from exam pro
46119.04 -> and we're looking at ddos so ddos is a
46122.24 -> type of malicious attack to disrupt
46124.08 -> normal traffic by flooding a website
46125.68 -> with a large amount of fake traffic so
46127.916 -> the idea is we have an attacker and the
46129.596 -> victim the victim is us and it could be
46132.32 -> our virtual machines our cloud services
46135.04 -> the idea is that it's some kind of
46136.88 -> resource which
46138.956 -> can take in uh incoming requests over
46141.596 -> the internet so the idea is the attacker
46143.276 -> is utilizing the internet and so they
46145.04 -> may control a bunch of virtual machines
46147.52 -> or servers they're loaded up with
46149.36 -> malicious software and the idea is that
46151.596 -> the attacker is going to tell them all
46153.596 -> to send a flood of traffic over the
46156.72 -> internet
46157.68 -> at your computing resource and this is
46161.276 -> where your website is going to either
46163.436 -> start to stall or it's going to become
46165.596 -> unavailable for your users and so the
46168.08 -> idea here is that you know if you want
46169.916 -> to protect against cdos you need some
46171.596 -> kind of ddos protection traditionally
46173.84 -> those used to be like third-party
46175.2 -> services that you uh would have to pay
46177.04 -> for and the and it would sit in front of
46179.756 -> your load bouncer or your n server but
46183.52 -> now the great thing with cloud service
46184.956 -> providers is that generally their
46186.48 -> networks have built-in ddos protection
46188.956 -> so the idea is just by having your
46190.956 -> compute or your resources on aws you're
46193.116 -> going to get
46194.32 -> built-in protection for free via aws
46196.64 -> shield and we'll talk about that next
46199.04 -> [Music]
46203.276 -> hey this is andrew brown from exam pro
46205.2 -> and we are taking a look at it with
46206.72 -> shield which is a managed ddos
46208.72 -> protection service that safeguards
46210.64 -> applications running on aws so when you
46214.16 -> route your traffic through refu3 or
46216.24 -> cloudfront you are using it with shield
46218.48 -> standard so here's a diagram to kind of
46220.64 -> show you that it's not just those
46222.08 -> services but these are the most common
46223.916 -> ones where you'll have a point of entry
46225.52 -> into aws
46226.8 -> so here we could also be including
46228.32 -> elastic ip it was global accelerator but
46231.436 -> the idea is that when you go through
46233.596 -> these services into the airbus network
46235.756 -> it has shield built in and so you're
46237.436 -> going to get that protection before
46238.956 -> those
46239.84 -> uh before that traffic reaches your
46242.24 -> cloud services and in this case we're
46243.916 -> showing uh ec2 instances so it was
46246.64 -> shield protects against layers three
46248.56 -> four and seven attacks
46250.32 -> uh layer three four
46252.24 -> and seven is based off the osi model
46254.56 -> which is a um a fundamental networking
46257.04 -> concept so
46258.956 -> seven is for the application layer four
46262.24 -> is the transport layer three is the
46264.32 -> network layer
46265.84 -> um there are two different types of
46267.68 -> plans ready with shield we have shield
46269.36 -> standard which is free
46271.04 -> and then shield advance which starts at
46273.2 -> 3000 usd per year plus some additional
46276.956 -> costs based on usage of the size of the
46279.276 -> attack or what services you're using how
46281.04 -> much traffic is moving in and out
46283.276 -> so protection against the most common
46285.04 -> ddos attacks is what shield standard
46286.8 -> does
46287.84 -> you have access to tools and best
46289.756 -> practices to build ddos brazilian
46291.52 -> architecture it's automatically
46293.436 -> available on all above services
46295.84 -> for additional protection against larger
46297.436 -> and more sophisticated attacks that's
46298.8 -> where she'll advance comes into play
46300.8 -> it's available for specific database
46303.276 -> services so refugee 3 cloud front elb
46307.276 -> able global accelerator elastic ip
46311.116 -> and some notable features here is
46312.56 -> visibility reporting on layer three four
46314.72 -> and seven you're only going to get seven
46316.8 -> if you are using it will swap with it uh
46319.52 -> you have access to team and support so
46321.276 -> these are ddos experts but you're only
46322.88 -> gonna get it if you're paying for
46324.08 -> business or enterprise support as you're
46326.4 -> paying for this as well uh you also get
46329.2 -> ddos cost protection just to ensure that
46331.36 -> you know your bills don't go crazy
46333.436 -> and it comes with an sla so you have a
46335.36 -> guarantee that it's going to work
46337.276 -> both plans integrate with aws web
46339.436 -> application firewall so waff to give you
46342.72 -> that layer 7 application protection so
46344.956 -> understand that if you're not using waff
46346.88 -> you're not going to be having that layer
46348.32 -> 7 production okay
46349.76 -> [Music]
46353.916 -> hey this is andrew brown from exam pro
46355.756 -> and we are looking at amazon guard duty
46358 -> so before we look at that we need to
46359.68 -> understand what is an ids ips
46362.88 -> so an intrusion detection system and
46365.04 -> intrusion protection system is used as a
46368.16 -> device or software application that
46369.916 -> monitors a network or systems for
46372.16 -> malicious activity or policy violations
46375.436 -> so guard duty is a threat detection
46377.68 -> service which is ids ips that
46380.48 -> continuously monitors for malicious and
46382.8 -> suspicious activity and unauthorized
46384.8 -> behavior it uses machine learning to
46387.04 -> analyze the following database logs your
46389.2 -> cloud trail logs your vpc flow logs your
46392.4 -> dns logs and what it will do is report
46395.436 -> back to you and say hey um there's this
46398.72 -> issue here and this is actually one
46400 -> that's very easy to replicate it's just
46401.596 -> saying somebody is using the root
46403.68 -> credentials and it's suggesting that you
46406 -> should not be doing that right because
46407.436 -> you're never supposed to be invoking api
46409.68 -> calls with the root credentials or you
46411.68 -> should be limiting that
46413.116 -> you might also notice that if you want
46414.8 -> to investigate you can kind of follow up
46416.64 -> that with uh amazon detective or aws
46419.276 -> detective which
46420.64 -> ever
46421.52 -> prefix they decided to put on that
46422.88 -> service it will alert you of findings
46425.2 -> which you can automate an incident
46427.2 -> response via cloudwatch events which
46429.68 -> this uh it's been renamed to eventbridge
46432 -> as you know or third party services so
46433.84 -> you can
46434.8 -> follow up a remediation action
46437.756 -> and here is a graphic of amazon guard
46440.4 -> duty just a bit up closer so you can see
46442.4 -> all the findings and you can just see
46444.48 -> you have a lot of detailed information
46446.08 -> there okay
46447.64 -> [Music]
46451.756 -> hey this is andrew brown from exam pro
46453.596 -> and we're going to take a look at guard
46454.88 -> duty so guard duty is
46456.8 -> an intrusion protection and detection
46459.116 -> service and so what i've done is i've
46462 -> done some bad practices purposely so
46463.916 -> that i can show you some information in
46466.24 -> there so i'm gonna go over to guard duty
46468.64 -> okay and you do have to turn guard duty
46470.32 -> on and so once scar duty is on you're
46472.64 -> going to start getting reports coming in
46474.956 -> so notice here that we have some
46476.48 -> anomalous behavior eight days ago and so
46479.2 -> uh that's bako he's my co-founder he's
46481.916 -> also named andrew as well and so we can
46483.756 -> kind of see some details here about
46485.436 -> who's accessing what and what they were
46487.116 -> doing he's not doing anything malicious
46489.04 -> but we can have an idea where they're
46490.88 -> from even shows uh generally where he is
46492.956 -> which he is near thunder bay and his his
46495.04 -> provider would be tbaytel
46497.2 -> um and you can see that he is making uh
46499.916 -> api calls the scribe account attributes
46502.16 -> and things like that then the other
46503.84 -> issue is the root account so there's mfa
46506.56 -> i turned it off so that we can or maybe
46508.56 -> it's just usage here i actually do have
46509.916 -> it turned on i suppose but here we see
46511.756 -> root credential usage and so it's saying
46513.68 -> hey you used it 77 times because
46516.4 -> sometimes i go in and and use the ruby
46519.116 -> account for tutorials but saying you're
46521.276 -> using this way too much you've got to
46523.2 -> stop doing that okay so that's something
46525.36 -> that is uh pretty interesting with guard
46527.2 -> duty and it's really cost effective and
46529.916 -> easy to turn on so you can turn it on
46532 -> looks like they have a new thing for s3
46534.56 -> have not looked at that as of yet but
46536.16 -> that's kind of cool kind of feels like
46537.756 -> that would overlap with amazon macy but
46540.32 -> whatever and here we get a breakdown of
46542.4 -> cost so we see cloudtrail vpc full logs
46544.8 -> dns logs and this is where it would be
46546.8 -> ingesting data if you want to use that
46548.48 -> s3 protection you'd have to probably be
46550.48 -> turning or creating a custom cloud watch
46552.56 -> trail that has data events to consume
46554.8 -> that information um
46557.2 -> you know so you know hopefully that
46558.56 -> gives you kind of an idea of things you
46560.24 -> can do and you can also centralize guard
46562.56 -> duty into one account so you can have
46564.4 -> one thing that takes care of everything
46566 -> and move all the data across all your
46567.756 -> accounts into a single place
46569.436 -> so that's kind of interesting and you
46571.276 -> can set up follow follow-ups um it's
46574.16 -> possible that
46575.916 -> i don't see this
46577.84 -> this here but generally it would show
46579.68 -> you
46582.16 -> uh it would show you a way of like
46583.916 -> triggering into cloud watch probably
46585.436 -> could do it pragmatically this is
46586.72 -> something interesting like the list
46588.16 -> management you can add trusted ips or
46590.08 -> threat list so if there's people that
46591.756 -> you know are fine you can just white
46593.116 -> list them or if there's people that you
46594.64 -> know that are bad make sure that they
46596.56 -> are never allowed to get through so
46598.32 -> that's pretty much it with guard duty
46599.68 -> okay
46600.37 -> [Music]
46604.48 -> let's take a look here at amazon macy so
46606.4 -> macy is a fully managed service that
46608.48 -> continuously monitors s3 data access
46610.8 -> activity for anomalies and generates
46612.48 -> detailed alerts when it detects risks of
46615.04 -> unauthorized access or inadvertent data
46617.436 -> leaks so macy works by using machine
46619.68 -> learning to analyze your cloudtrail logs
46622.32 -> and macy has a variety of alerts so we
46624.32 -> have anomalized access config compliance
46627.756 -> credential loss data compliance file
46630.24 -> hosting identity enumeration information
46632.72 -> loss
46634.08 -> location anomaly open permissions
46636.08 -> privilege escalation ransomware service
46639.276 -> disruption suspicious access and mac
46642.32 -> will identify your most at-risk users
46644.956 -> which could lead to compromise so here's
46647.596 -> just one little kind of tidbit from the
46650.88 -> app itself where
46652.32 -> you have the total users and they
46653.756 -> categorize them into different uh risks
46655.84 -> i can't remember which flag means what
46657.596 -> in here
46658.56 -> uh amazon macy is an okay service
46661.436 -> it's very important if you're storing
46662.88 -> things in s3
46664.8 -> but i don't i don't use it very often to
46666.956 -> be honest
46667.91 -> [Music]
46672.24 -> hey this is andrew brown from exam pro
46674.08 -> and we are taking a look at aws virtual
46676.08 -> private network also known as vpn so aws
46679.276 -> vpn lets you establish a secure
46682.08 -> and private tunnel from your network or
46684.24 -> device to the aws global network it's
46686.64 -> very important to emphasize the word
46688.4 -> secure here
46689.916 -> because when you're using direct connect
46691.84 -> that will establish a private connection
46694 -> but it's not using any kind of protocol
46695.916 -> to secure that data in transit whereas
46698.88 -> database vpn will be using a secure
46701.84 -> protocol there are two options here we
46703.916 -> have abyss site to site vpn so securely
46706.48 -> connect on-premise network or branch
46708.4 -> office site to vpc
46710.08 -> and it was client vpn so securely
46712.24 -> connect users to aws or on-premises
46714.4 -> networks
46716.48 -> one thing that we need to understand
46718.32 -> alongside vpns is ipsec
46721.436 -> this stands for internet protocol
46722.88 -> security and is a secure network
46725.04 -> protocol suite that authenticates and
46726.8 -> encrypts the packets of data to provide
46728.88 -> secure encrypted communication
46730.956 -> between two computers over an internet
46733.116 -> protocol network and it is used in vpns
46736.4 -> and it was definitely uses it okay
46739.08 -> [Music]
46743.2 -> hey this is andrew brown from exam pro
46745.116 -> and we are taking a look at aba's web
46747.276 -> application firewall also known as waff
46750.16 -> which protects you
46751.68 -> protects your web application from
46753.276 -> common web exploits so the idea here is
46756.16 -> you write your own rules to allow or
46758.32 -> deny traffic based on the contents of an
46760.48 -> http requests you use a rule set from a
46763.436 -> trusted image security partner in the
46765.36 -> abyss waff rule marketplace
46767.68 -> waft can be attached to either
46769.2 -> cloudfront or an application load
46771.436 -> balancer so here is that diagram the
46773.84 -> idea is you see cloudfront with the waf
46776.4 -> or alb with the laugh
46779.36 -> and what it does is it can protect uh
46781.276 -> web applications from attacks covered
46783.36 -> and the owasp10
46785.276 -> uh top 10 most dangerous attacks if you
46787.596 -> don't know owas they're the open web
46789.84 -> application security project and they
46792 -> basically have all these security
46793.916 -> projects which are things to say hey
46796.956 -> these are things that you should
46798.08 -> commonly protect against or they might
46800.4 -> have like example applications that
46802.88 -> serve as a means to learn security so we
46805.596 -> look at the top 10 it's injection broken
46808.16 -> authentication sensitive data exposure
46810.72 -> xml external entities so xxe broken
46814.56 -> access control security
46816.84 -> misconfigurations cross-site scripting
46818.72 -> so xss
46820.56 -> insecure deserialization using
46822.72 -> components with known vulnerabilities
46825.276 -> and insufficient logging and monitoring
46827.436 -> so there you go
46833.116 -> hey this is andrew brown from exam pro
46834.88 -> and we're going to take a quick look at
46836.24 -> adabus web application firewall also
46838.88 -> known as waff and so in this account i
46841.916 -> happen to have a waf running
46843.84 -> so we don't have to create one we
46845.52 -> already have something we can take a
46846.72 -> look here so i'm going to go to waff and
46848.4 -> shield and then on the left hand side
46850.956 -> you'll notice it's a global service but
46852.4 -> on the left hand side we're going to be
46854.16 -> looking for our web acls and so the idea
46857.276 -> is that when you want to waff you create
46858.88 -> a web acl and then when then within that
46861.596 -> web acl you have uh the overview and
46864.88 -> then you have you can kind of show you
46866.64 -> kind of the traffic that's going on here
46868.56 -> we can have our rules and so there's a
46871.436 -> lot of different kind of managed rule
46873.04 -> groups that you can use so these are
46874.48 -> ones that are provided by aws so
46877.436 -> and a lot of these some of these can be
46878.88 -> paid some of these are free so you see
46880.32 -> there's these free rule groups where
46881.916 -> you're like hey
46883.2 -> i don't want any anonymous ips you
46885.84 -> checkbox that on you know or i want to
46888.48 -> protect against sql injection now the
46890.72 -> interesting thing is that abyss has this
46892.24 -> capacity unit so
46894 -> you can't add all of these you can add a
46896.8 -> certain amount of capacity before you
46898.56 -> have to
46901.276 -> uh pay for more or something like that
46902.8 -> it's just kind of a way to
46904.8 -> um
46905.916 -> uh kind of cap the amount of stuff that
46907.84 -> you can put in in terms of rules um but
46910.72 -> there's a lot of other um rule groups
46912.956 -> from third party services like security
46915.116 -> companies that know what they're doing
46916.8 -> so if you like fortinet's os top 10 you
46919.68 -> can subscribe to that in the marketplace
46921.84 -> and be able to use it
46923.756 -> but uh yeah so that's how you apply
46926.56 -> rules
46927.84 -> there's something called bot control
46929.116 -> i've never used this before get
46930.4 -> real-time visibility into bot activity
46932.16 -> on your resource and controllers what
46933.916 -> bots allow and block from your resources
46936.48 -> that sounds really cool i cannot stand
46938.956 -> bots so i might turn that on myself or
46941.756 -> take a look at the cost there and see
46943.2 -> what we can find out but that's pretty
46944.956 -> much it with waff
46946.88 -> one thing i would say is that you can
46948.88 -> block out specific ip addresses or white
46951.68 -> list specific ip addresses
46953.68 -> and you might do that through rules i'm
46955.276 -> just going to see yeah like maybe the
46956.956 -> bypass here
46958.956 -> and so these ip addresses are some of
46961.52 -> our um
46962.72 -> cloud support engineers where they're
46964.72 -> using our mid panel and um
46967.84 -> waff is being too aggressive in terms of
46970.32 -> protection and so sometimes you have to
46972.64 -> say hey allow this ip address and let my
46975.04 -> um
46976.08 -> you know let my cloud
46978.16 -> support engineer be able to use the mid
46979.52 -> panel because they're not malicious okay
46981.2 -> so that's one little exception there but
46982.88 -> that's pretty much it okay
46997.85 -> [Music]
47002.16 -> hey this is andrew brown from exam pro
47003.916 -> and we are taking a look at hardware
47005.52 -> security modules also known as hsm and
47007.916 -> it's a piece of hardware designed to
47009.36 -> store encryption keys and it holds keys
47012.08 -> in memory and never writes on the disk
47013.916 -> so the idea is that if the hsm was shut
47016.32 -> down that key would be gone and that
47018.64 -> would be a guarantee of protection
47020.4 -> because nobody could you know take the
47022.16 -> drive and steal it so here is an example
47024.88 -> of an hsm these are extremely expensive
47027.68 -> so you definitely don't want to have to
47029.276 -> buy them yourselves uh they generally
47031.52 -> follow fips so fips is the federal
47033.916 -> information processing standard so it's
47036.16 -> a u.s and canadian government standard
47038.08 -> that specifies the security requirements
47039.756 -> for cryptographic modules that protect
47041.436 -> sensitive information fips is something
47043.52 -> you want to definitely remember
47046.08 -> and there are two
47048.16 -> different
47049.436 -> protocols here there's actually a bunch
47050.956 -> of different fips versions but we have
47053.116 -> fips
47054.2 -> 142 level 2 and then fips 143 level 3 so
47059.276 -> let's talk about the difference here so
47060.956 -> hsms that are multi-tenant are going to
47063.52 -> be using fips 142 hyphen 2 level 2
47066.8 -> compliant
47068.16 -> where you have multiple customers
47069.916 -> virtually isolated on the hsm
47072.8 -> and then there are hsms that are single
47074.88 -> tenant and so they're going to be
47076.4 -> utilizing fips 140 hyphen 2 level 3
47079.276 -> compliant so a single customer on a
47081.436 -> dedicated hsm
47083.52 -> and so the reason why we have these two
47085.756 -> levels is that when you have multiple
47087.84 -> tenants you can say oh right this thing
47090.48 -> is uh has temper evidence so we can see
47093.04 -> that somebody was trying to break into
47094.72 -> it but there's no guarantee of tamp it
47098.16 -> being tamper proof where level three is
47100.956 -> tamper proof there's also fips 140
47104.08 -> hyphen 3 which is the new
47106.16 -> uh the newer
47107.756 -> standard but not all cloud resources can
47111.276 -> meet that standard just because of how
47113.04 -> they offer the service
47114.8 -> so
47115.52 -> again fips 142 is really good but just
47117.84 -> understand that there are other ones out
47119.36 -> there and it's very easy to get fips 142
47122.48 -> level 3 mixed up with pips 140 iphone 3
47125.68 -> something that i always had
47127.36 -> a hard time remembering the
47128.956 -> distinguishing between those two so for
47131.436 -> multi-tenant this is where we're using
47133.2 -> adabus key management service and for
47135.436 -> single tenant we're using aws cloud hsm
47138.4 -> and the only time you're really using
47139.52 -> cloud hsm is if you're a large
47141.276 -> enterprise and you need that regulatory
47143.2 -> compliance of getting fips 140 heaven to
47145.916 -> level three okay
47147.44 -> [Music]
47151.68 -> hey this is andrew brown from exam pro
47153.596 -> and we are taking a look at key
47155.2 -> management service also known as kms and
47157.52 -> it is a managed service that makes it
47159.116 -> easy for you to create and control the
47161.2 -> encryption keys you use to encrypt your
47162.88 -> data so kms is a multi-tenant hsm so
47166.4 -> it's a hardware security module
47168.48 -> and many aws services are integrated to
47170.8 -> use kms to encrypt your data with a
47172.64 -> simple checkbox and kms uses envelope
47175.916 -> encryption so here's that example of a
47178 -> simple checkbox in this case it's for
47180.24 -> rds and what you'll do is choose a
47182.56 -> master key a lot of times aws will have
47184.64 -> a default
47185.84 -> key for you that's managed by them that
47187.436 -> is free to use which is really great
47190.16 -> so for kms it's using envelope
47192 -> encryption so when you encrypt your data
47194.32 -> your data is protected but you have to
47196.08 -> protect your encryption key when you
47198 -> encrypt your data key with a master key
47200 -> as an additional layer security so
47201.52 -> that's how it works so just to make this
47203.52 -> really clear i have my data i use this
47206.88 -> key to encrypt this data and now i need
47208.72 -> to protect this key so i use another key
47211.916 -> to encrypt
47213.276 -> this key which
47215.116 -> forms an envelope and then i store this
47218.64 -> master key in kms and this one's
47220.64 -> considered the data key all right
47223.43 -> [Music]
47227.756 -> hey this is andrew brown from exam pro
47229.52 -> and we're going to take a look at key
47231.436 -> management service also known as kms so
47233.68 -> type in kms on the top here
47235.756 -> and we'll pop over here and kms is a way
47238 -> for you to create your own keys or you
47240.32 -> can use abyss manage keys so up here and
47243.276 -> not all these appear right away but as
47244.956 -> you use services um you will itamas will
47247.2 -> generate out manage keys for you and
47248.956 -> these are free
47250.72 -> you can create your own keys um and
47253.276 -> these cost a dollar each so if i go
47254.8 -> ahead here and create a key i can choose
47256.08 -> whether it's symmetric or asymmetric
47257.596 -> which we definitely learned in the
47258.8 -> course which is nice for asymmetric you
47260.4 -> can make it encrypt and decrypt sign and
47262.64 -> verify and they're just kind of
47263.68 -> narrowing down the type of key you would
47265.84 -> use
47266.88 -> for this you know if i went to symmetric
47269.276 -> i go here
47270.956 -> i'm just kind of seeing if i can enter
47272.88 -> the actual material into the key here
47276.8 -> so i'm just going to keep clicking
47277.84 -> through here my custom key
47280.64 -> generally you don't really need to do
47281.916 -> this but you know if it's interesting
47283.68 -> you can set up administrators to say
47285.116 -> who's allowed to administer the key and
47287.36 -> then you have someone that
47290 -> is allowed to use the key and you
47291.84 -> usually want to keep those two accounts
47293.116 -> separate you don't want the same person
47294.56 -> administrating and using the key
47296.56 -> okay keep those two separate and so we
47298.956 -> would have a key policy so you can
47300.64 -> change this to say the rules that is
47302.64 -> allowed to use
47304.8 -> and then we can go here and hit finish
47307.116 -> and so there we now have our own custom
47310.16 -> key
47311.2 -> and
47312.24 -> one thing we can do
47314.72 -> is it's possible to rotate out these
47316.56 -> keys when you need to be
47318.48 -> um but anyway
47320.4 -> when we use kms it's built into
47322 -> basically everything and we've seen it
47323.756 -> multiple times throughout this course
47325.68 -> when we've gone over to ec2 we'll just
47327.756 -> go take a peek at a few different places
47329.68 -> here
47330.956 -> so when we've gone to go launch an ec2
47333.04 -> instance and we go over to storage so we
47335.84 -> say select
47337.84 -> and review
47339.36 -> or next
47340.72 -> and we go over to storage notice that
47343.116 -> here this is using encryption right so i
47345.52 -> can choose that or even my custom key if
47348 -> you're in dynamodb or anywhere else it's
47349.84 -> always something like a checkbox and you
47351.436 -> choose your key so that's pretty much
47352.8 -> all there really is to kms it's very
47354.48 -> easy to use and there you go
47355.99 -> [Music]
47360.48 -> hey this is andrew brown from exam pro
47362.32 -> and we are going to take a look here at
47363.756 -> cloud hsm it is a single tenant
47366.88 -> hsm as a service that automates hardware
47369.756 -> provisioning software patching high
47371.68 -> availability and backups so here's the
47373.916 -> idea is that you have your aws cloud hsm
47376.88 -> you have your developers interacting
47378.48 -> with it your application interacting
47380.56 -> with it you have an hsm client installed
47382.8 -> in your ec2 instance so that it can
47385.436 -> access uh the cloud hsm keys
47388.56 -> so aws cloud hsm enables you to generate
47391.116 -> and use your encryption keys on fips 140
47393.52 -> hyphen 2 level 3 validated hardware it's
47396.32 -> built on open hsm industry standards to
47398.64 -> integrate with things like pk
47401.436 -> cs 11 java cryptography extension so jce
47406.88 -> microsoft crypto and g libraries you can
47410.64 -> transfer your keys to other commercial
47412.4 -> commercials hsm solutions to make it
47414.88 -> easy for you to migrate keys on or off
47416.8 -> aws configure aws kms to use aws cloud
47420.32 -> hsm
47421.68 -> cluster as a custom
47423.68 -> key store rather than the default kms
47426.08 -> keystore uh so cloud hsm is
47429.596 -> way more expensive than kms kms is like
47432.56 -> free or a dollar per key where cloud hsm
47435.36 -> is a fixed cost
47436.8 -> per month because you are getting a
47438.32 -> dedicated piece of hardware
47440.48 -> um and there's not a lot of stuff around
47443.116 -> it so other than the aws kms integration
47445.68 -> a lot of times it can be really hard to
47447.116 -> use this as well so the only time you're
47449.68 -> really going to be using cloud hsm is if
47451.436 -> you're an enterprise and you need to
47452.8 -> meet
47453.596 -> fips 140 hyphen 2 level 3 compliancy
47456.4 -> okay
47457.07 -> [Music]
47461.596 -> hey this is andrew brown from exam pro
47463.52 -> and we are taking a look at know your
47465.436 -> initialism so a lot of aws services and
47468.48 -> concepts and cloud technologies use
47471.2 -> initialisms to just kind of shorten uh
47474.08 -> common things that we need to use on a
47476 -> frequent basis and it's going to really
47478 -> help if you learn these because then
47480.16 -> what you can do is substitute them when
47482 -> you are
47483.116 -> seeing a service name or something
47485.116 -> particular and that's going to get you
47487.04 -> through content a lot faster and in the
47490.64 -> wild you're going to see these all over
47492.08 -> the place because people aren't going to
47493.276 -> say the full name they're going to say
47494.72 -> the initialism so let's go through them
47496.88 -> so for iam it's identity and access
47499.68 -> management for s3 that's simple storage
47502.32 -> for swfs it's uh swf that's simple
47506.08 -> workflow service sns is simple
47508.72 -> notification service sqs is simple queue
47511.436 -> service scs a simple email service ssm
47514.88 -> is simple systems manager but uh you
47517.68 -> know when we see the name it's usually
47519.276 -> just systems manager but we still use
47521.436 -> the uh initialism ssm then there's rds
47524.88 -> relational database service vpc virtual
47527.2 -> private cloud vpn virtual private
47529.436 -> network cfn cloud formation waf web
47533.276 -> application firewall and that is a very
47535.68 -> common initialism uh not just databus
47537.84 -> but outside of it as well mq for amazon
47541.04 -> active mq asg for auto scaling groups
47544.24 -> tam for technical account manager elb
47547.276 -> for elastic load balancer alb for the
47549.84 -> application load balancer nlb for the
47552.4 -> network load balancer gwlb for the
47554.956 -> gateway load balancer clb for the
47557.04 -> classic load balancer ec2 for elastic
47559.436 -> cloud or cloud compute ecs for elastic
47562.32 -> container service ecr for elastic
47564.56 -> container repository ebs for elastic
47566.956 -> block storage emr for elastic mapreduce
47570.32 -> efs for elastic file store ebs or eb for
47574 -> elastic beanstalk es for elasticsearch
47577.2 -> eks for elastic kubernetes service
47580.52 -> msk for managed kafka service and if you
47583.36 -> think i got the s and k backwards i did
47585.52 -> not for whatever reason it's msk
47588.4 -> uh then uh there's resource manager
47590.72 -> which is known as ram acm for amazon
47592.956 -> certificate manager popl for principle
47595.68 -> of lease privilege which is a concept
47597.276 -> not a service iot internet of things
47599.756 -> this is not a service but is a tech
47602.24 -> concept or cloud concept ri for reserved
47604.8 -> instances and i'm sure there are more
47606.8 -> but these are the ones that i know off
47608.48 -> the top my head uh and they're in my
47611.2 -> usual use case uh for what i'm doing day
47613.68 -> to day but a lot of times you'll
47614.956 -> probably just end up needing to remember
47616.64 -> asg elb
47618.8 -> um ec2 s3 things like that okay
47622.47 -> [Music]
47627.2 -> all right let's compare aws config and
47629.436 -> app config which both have configured
47631.436 -> the name but there are two completely
47633.436 -> different services so aws config and app
47636 -> config so abs config is a governance
47638.08 -> tool for compliance as code you can
47640.32 -> create rules that will check to see if
47642 -> resources are configured the way you
47643.84 -> expect them to be if a resource drifts
47645.756 -> from the expected configuration you are
47647.276 -> notified or aws config can auto
47649.52 -> remediate correct the configuration back
47651.68 -> to the expected state for app config it
47654.08 -> is used to automate the process of
47655.68 -> deploying application configuration
47657.52 -> variable changes to your web application
47659.916 -> you can write a validator to ensure uh
47662.8 -> the changed variable will not break your
47664.72 -> web app you can monitor deployments on
47666.88 -> automate integrations to catch errors or
47668.8 -> rollbacks so config is for compliance
47670.88 -> governance app config is for uh config
47673.68 -> application configure configuration
47675.52 -> variables so there you go
47676.95 -> [Music]
47681.116 -> well let us take a look at sns versus
47683.116 -> sqs and these things have something in
47686.16 -> common and it's they both connect apps
47688.48 -> via messages
47690.4 -> uh so they're for application
47692 -> integration so let's take a look at sns
47694.48 -> so simple notification service and then
47696.56 -> simple queue service okay so sns is
47699.84 -> intended to pass along messages via a
47702.24 -> pub sub model whereas sqs queues up
47704.956 -> messages and has a guaranteed delivery
47707.36 -> so the idea with sns you send
47708.64 -> notifications to subscribers of topics
47711.116 -> via multiple protocols so it could be
47713.436 -> http email sqs sms and sns is generally
47718.08 -> used for sending plain text emails which
47720.16 -> is triggered via other services the best
47723.276 -> example here is building alarms i know
47724.72 -> we mentioned this but i like to repeat
47725.84 -> it so that you absolutely know
47727.68 -> it can retry sending in the case of
47730.56 -> failures of https so it does have a
47732.88 -> retry attempt but that doesn't mean
47734.4 -> there's a guarantee of delivery it's
47736.48 -> really good for web hooks simple
47737.916 -> internal emails triggering lambda
47739.52 -> functions if you had to compare these to
47741.276 -> third-party services it's similar to
47742.8 -> pusher or
47744.24 -> pub nub so sqs is uh the idea here is
47747.36 -> that messages are placed into a queue
47749.116 -> applications pull the queue using the
47750.8 -> itabus sdk you can
47753.276 -> retain a message for up to 14 days you
47755.596 -> can send them in sequential order a
47757.916 -> sequential order or in parallel you can
47760.88 -> ensure only one message is sent you can
47763.2 -> ensure messages are delivered at least
47764.956 -> once it's really good for delayed tasks
47767.2 -> queuing up emails um comparable uh stuff
47770.24 -> would be something like rabbit mq or
47772.56 -> uh ruby on rails sidekick okay
47775.05 -> [Music]
47779.04 -> hey this is danny brown from exam pro
47780.72 -> and we're doing variation study with sns
47783.116 -> versus ses versus pinpoint versus work
47785.68 -> mail and so sns and scs get confused
47788.8 -> quite often but all of these services uh
47791.68 -> have something common they all send
47793.916 -> emails but
47795.276 -> the utility of email is completely
47796.8 -> different for each one so the first one
47799.04 -> is simple notification service is for
47801.756 -> practical and internal emails so you
47804 -> send notifications to subscribers of
47805.756 -> topics via multiple protocols so it's
47807.756 -> not just for email it can handle http it
47811.04 -> can send to sqs it can send sns or sms
47814.48 -> messages so um messages to your phone
47818.32 -> but it does send emails and so sns is
47821.116 -> generally used for sending plain text
47822.88 -> emails which is triggered via other aws
47825.36 -> services the best example of this is a
47827.916 -> building alarm so most exam questions
47830.72 -> are going to be talking about sns
47832.4 -> because lots of services can trigger
47835.276 -> sns for notifications and so that's the
47837.84 -> idea it's like oh um you know
47840.48 -> did somebody spin up a server send off
47842.24 -> an email via sns uh did we spend too
47845.596 -> much money here you know all sorts of
47847.52 -> things can go through sns to send out
47849.2 -> emails and you need to know what are
47851.52 -> topics and subscriptions regarding sns
47855.04 -> then you have ses so simple email
47857.596 -> service and this is for transactional
47860.24 -> emails and
47861.84 -> when i say transaction emails i'm
47863.276 -> talking about emails that should be
47864.32 -> triggered based on in-app action so sign
47866.88 -> up reset password invoices
47869.68 -> so a cloud-based email service that is
47872.08 -> similar to this would be like send grid
47874.24 -> scs sends html emails
47877.116 -> sns cannot so that is the distinction is
47879.276 -> that scs can do html and plain text but
47882.16 -> sns just does plain text and you would
47884.64 -> not use sns for transactional emails sas
47887.84 -> can receive inbound emails
47890.32 -> scs can create email templates custom
47894.24 -> domain name emails so when you use sns
47897.04 -> it's whatever amazon gives you it's
47899.116 -> going to be some weird address but ses
47901.2 -> is whatever custom domain you want you
47903.04 -> can also monitor email reputation for
47904.956 -> scs
47906.24 -> then you have amazon pinpoint and so
47908.72 -> this is for promotional emails so these
47911.84 -> uh when we say promotional we're talking
47913.2 -> about emails for marketing so you can
47914.72 -> create email campaigns you can segment
47916.64 -> your contacts you can create customer
47918.4 -> journeys via emails um it can do a to b
47921.276 -> email testing and so scs and pinpoint
47924.956 -> get mixed up because a lot of people
47926.32 -> think well can i just use my transaction
47928.32 -> emails for promotion emails absolutely
47930.32 -> you can it's not recommended because um
47933.916 -> you know pinpoint has a lot more
47935.36 -> functionality around promotional emails
47937.52 -> they're built differently
47939.36 -> and so you know just understand that
47941.04 -> those two have overlapping
47942.72 -> responsibilities but generally you
47944.48 -> should use them for what they're for
47945.84 -> then you have amazon workmail and this
47947.596 -> is just an email web client so it's
47949.36 -> similar to gmail or outlook you can
47951.276 -> create company emails read write and
47952.956 -> send emails from a web client within the
47954.48 -> database management console so there you
47956.4 -> go
47957 -> [Music]
47960.88 -> let us compare amazon inspector versus
47963.36 -> adabus trusted advisor so both of these
47965.756 -> are security tools and they both perform
47968.8 -> audits but what they do is slightly
47970.8 -> different so amazon inspector audits a
47973.2 -> single ec2 instance that you've selected
47975.756 -> or i suppose you could select multiple
47977.36 -> ec2s it generates a report from a long
47979.52 -> list of security checks um and so
47982 -> trusted advisor has checks but uh the
47984.956 -> the key difference here is that it
47986.32 -> doesn't generate out a pdf report though
47988.48 -> i'm sure you could export csv data if
47990.32 -> you wanted to and then turn that into a
47991.596 -> report
47992.56 -> it gives you a holistic view of
47994.16 -> recommendations across multiple services
47996.24 -> and best practices so for example if you
47998.48 -> have an open port on the security groups
48000.32 -> that can tell you about about that you
48001.916 -> should enable mfa on your root account
48003.84 -> when using trusted advisor things like
48005.916 -> that
48007.36 -> one thing though is that trust advisor
48009.116 -> isn't just for security does checks
48010.88 -> across um
48012.48 -> five different things
48014.08 -> but they both use security and they both
48015.756 -> technically do checks okay
48020.75 -> [Music]
48022.48 -> so there are a few services that have
48024.8 -> connected the name you'd think they'd be
48026.48 -> related in some way but they absolutely
48028.16 -> are not and they don't even have similar
48029.84 -> functionality but let's take a look here
48031.436 -> so we know the difference the first is
48033.36 -> direct connect it is a dedicated fiber
48035.436 -> optics connection from your data center
48037.276 -> to aws it's intended for large
48038.956 -> enterprises with their own data center
48041.2 -> and they need an insanely fast and
48043.2 -> private connection directly
48045.36 -> to aws and you'll notice they give
48046.956 -> private and emphasis because if you need
48048.72 -> a secure connection you need to apply a
48051.596 -> database virtual private network
48053.276 -> connection on top of direct connect then
48055.596 -> you have amazon connect this is a call
48057.36 -> center as a service get a toll-free
48059.36 -> number accept inbound and outbound calls
48061.276 -> set up automated phone systems uh so if
48063.916 -> you ever heard of an interactive voice
48065.116 -> system at ibs this is basically what
48067.276 -> amazon connect is you have media connect
48069.68 -> this is the new version of elastic
48071.116 -> transcoder it converts videos to
48073.52 -> different video types so if you have
48075.36 -> let's say a thousand videos you need to
48076.88 -> transcode them into different video
48078.16 -> formats maybe you need to apply
48079.84 -> watermarks insert introduction videos in
48082.24 -> front of each one this is what you use
48084 -> media connect for okay
48085.65 -> [Music]
48089.916 -> just in case you see elastic transcoder
48092.4 -> as an option i just want you to know
48094 -> what it is compared to media connect so
48095.916 -> both these services are used for
48097.84 -> transcoding and technically elastic
48099.916 -> transcoder is the old way and it was
48102.32 -> elemental media convert or just media
48104.72 -> convert is the new way so elastic
48106.8 -> transcoder was the original transcoding
48108.88 -> service it may still have chromatic apis
48111.36 -> or workflows not available in media
48113.116 -> convert so this could be reasons why we
48115.276 -> see legacy customers still using it or
48117.276 -> you know it's just too much effort for
48118.56 -> them to
48119.52 -> upgrade to the new one it transcodes
48121.36 -> videos to streaming formats
48123.596 -> media convert is more robust transcoding
48125.756 -> service that can perform various
48127.04 -> operations during transcoding so it also
48129.756 -> translates videos to streaming different
48131.276 -> streaming formats but it overlays images
48133.596 -> it inserts video clips extracts captions
48136.32 -> data it has a robust ui so generally
48139.116 -> it's recommended to use the uh media
48141.116 -> convert in terms of costs they're
48142.48 -> basically the same so there's no reason
48144 -> not to use media convert okay
48149.13 -> [Music]
48150.4 -> so it was artifact versus amazon
48152.48 -> inspector get commonly mixed up all the
48154.32 -> time but both
48156.08 -> artifact inspector compiler pdf reports
48158.4 -> so that's where the confusion comes from
48160.08 -> but let's talk about what is different
48161.916 -> about the reports so abus artifact
48163.916 -> enables inspector so for artifact you're
48166.08 -> answering why should an enterprise trust
48168 -> aws it generates a security report
48170.56 -> that's based on global compliance
48172.16 -> frameworks such as sock or pci or a
48175.04 -> variety of others where amazon inspector
48177.52 -> is all about how do we know the cc2
48179.36 -> instance is secure can you prove it so
48181.596 -> it runs a script that analyzes your ec2
48183.596 -> instance then generates a pdf report
48185.68 -> telling you which security checks had
48187.116 -> passed
48188 -> so the idea here is it's an auto tool
48189.596 -> for security of ec2 instances so there
48191.916 -> you go
48192.91 -> [Music]
48197.36 -> so let's compare elb versus alb versus
48200.48 -> nlb versus jwlb versus clb uh because
48204.72 -> you know when i was first learning aws i
48206.56 -> was getting confused because there was
48207.756 -> elastic load balancer but there was
48209.116 -> these other ones so
48210.8 -> what gives right so what's happening
48212.4 -> here is that there is a main service
48214 -> called elastic load balancer elb and it
48216.8 -> has four different types
48218.956 -> of possible load balancers so we'll go
48221.52 -> through all the types so the first is
48223.436 -> application load bouncer commonly uh
48226 -> initializes alb and so this operates on
48228.88 -> layer seven for https so this makes
48231.04 -> sense because that is the application
48233.116 -> layer and it has some special powers in
48235.52 -> terms of routing rules so the idea here
48238.16 -> is you can create rules to change
48239.52 -> routing based on information found
48241.596 -> within the https request so let's say
48243.84 -> you wanted some
48245.436 -> routes to go that have a particular
48247.52 -> subdomain to this server and a different
48250.32 -> subdomain to another one you could do
48251.68 -> that
48252.8 -> and because it is an application load
48254.88 -> bouncer you can attach a web application
48258.32 -> firewall for protection you can't attach
48260.48 -> this on the nlb or other ones because
48262.24 -> they're not application based so that is
48264.16 -> just a little caveat there
48266.4 -> then you have network load bouncer uh
48268.48 -> commonly abbreviated to nlb this
48270.72 -> operates on layer three and four so
48272.24 -> we're talking tcp udp this is great for
48275.52 -> when you have extreme performance that
48277.52 -> requires tcp and tls traffic it's
48280.48 -> capable of handling millions of requests
48282.24 -> per seconds
48284.08 -> while maintaining ultra low latency it's
48286 -> optimized for sudden and volatile
48287.596 -> traffic patterns while using a single
48290.24 -> static ip address per availability zone
48293.52 -> if you're making video games this is
48294.8 -> what they like to use is the network
48296.56 -> load balancer but it has other utilities
48298.48 -> outside of that then you have gateway
48301.04 -> load bouncer gwlb this is where you need
48303.68 -> to deploy a fleet of third-party virtual
48305.436 -> appliances that support uh i don't know
48308.08 -> how to say that in abbreviation but i'll
48309.68 -> just say it's
48311.48 -> g-e-n-e-v-e
48313.04 -> um and there's not much we need to know
48314.8 -> outside of that okay then there is the
48317.116 -> classic load bouncer uh commonly
48319.36 -> initializes clb this operates on layer
48321.916 -> three four and seven it's intended for
48323.84 -> applications that were built within the
48325.2 -> ec2 classic network it doesn't support
48327.756 -> target groups so albs at nlbs
48331.04 -> use target groups which is just an
48332.4 -> easier way of grouping together
48334.48 -> a bunch of
48335.68 -> targeted resources like compute
48337.756 -> that we're going to load balance to and
48339.436 -> with classic load balancer you just
48340.88 -> directly assign ec2 instances
48343.2 -> and it's going to be retired on august
48344.72 -> 15th of 2022 so yeah it looks like it
48347.52 -> can do a lot of stuff but it also
48349.596 -> doesn't have any of the superpowers of
48351.2 -> these specialized ones and so
48353.436 -> there's no reason to keep it around and
48355.04 -> generally you should not be using it
48357.68 -> and so yeah that's about it
Source: https://www.youtube.com/watch?v=SOTamWNgDKc